Merge upstream post 0.27.0 #25
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Test the installer on aarch64-linux runners * Remove buildkite reference in step names * Fix build job YAML file path * Use apt install -y * Run only on ARM system * Use apt install -y on ARM machine
* Test the installer on aarch64-darwin runner * Merge in changes from main * Adjust ordering of blocks * Update .github/workflows/ci.yml * Update .github/workflows/ci.yml --------- Co-authored-by: Cole Helbling <[email protected]>
…stems#977) * Set always-allow-substitutes to true in nix.conf * Add setting to JSON fixtures * Change Booleans to strings in JSON fixtures
Bumps [nix](https://github.com/nix-rust/nix) from 0.28.0 to 0.29.0. - [Changelog](https://github.com/nix-rust/nix/blob/master/CHANGELOG.md) - [Commits](nix-rust/nix@v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: nix dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.200 to 1.0.203. - [Release notes](https://github.com/serde-rs/serde/releases) - [Commits](serde-rs/serde@v1.0.200...v1.0.203) --- updated-dependencies: - dependency-name: serde dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.116 to 1.0.117. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.116...v1.0.117) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Luc Perkins <[email protected]>
Bumps [semver](https://github.com/dtolnay/semver) from 1.0.22 to 1.0.23. - [Release notes](https://github.com/dtolnay/semver/releases) - [Commits](dtolnay/semver@1.0.22...1.0.23) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Luc Perkins <[email protected]>
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 1.0.59 to 1.0.61. - [Release notes](https://github.com/dtolnay/thiserror/releases) - [Commits](dtolnay/thiserror@1.0.59...1.0.61) --- updated-dependencies: - dependency-name: thiserror dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Luc Perkins <[email protected]>
* flake.lock: Update
Flake lock file updates:
• Updated input 'fenix':
'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1852%2Brev-73124e1356bde9411b163d636b39fe4804b7ca45/018f333a-c195-795f-9e07-b43b47d5391f/source.tar.gz?narHash=sha256-kF1bX%2BYFMedf1g0PAJYwGUkzh22JmULtj8Rm4IXAQKs%3D' (2024-05-01)
→ 'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1885%2Brev-9a025daf6799e3af80b677f0af57ef76432c3fcf/018fd2dd-a26f-7826-b82f-785503111a87/source.tar.gz?narHash=sha256-ih8NPk3Jn5EAILOGQZ%2BKS5NLmu6QmwohJX%2B36MaTAQE%3D' (2024-06-01)
• Updated input 'fenix/rust-analyzer-src':
'github:rust-lang/rust-analyzer/49e502b277a8126a9ad10c802d1aaa3ef1a280ef?narHash=sha256-g31zfxwUFzkPgX0Q8sZLcrqGmOxwjEZ/iqJjNx4fEGo%3D' (2024-04-30)
→ 'github:rust-lang/rust-analyzer/d6d735e6f20ef78b16a79886fe28bd69cf059504?narHash=sha256-qBruki5NHrSqIw5ulxtwFmVsb6W/aOKOMjsCJjfalA4%3D' (2024-05-31)
• Updated input 'naersk':
'github:nix-community/naersk/c5037590290c6c7dae2e42e7da1e247e54ed2d49?narHash=sha256-CO8MmVDmqZX2FovL75pu5BvwhW%2BVugc7Q6ze7Hj8heI%3D' (2024-04-19)
→ 'github:nix-community/naersk/fa19d8c135e776dc97f4dcca08656a0eeb28d5c0?narHash=sha256-oIs5EF%2B6VpHJRvvpVWuqCYJMMVW/6h59aYUv9lABLtY%3D' (2024-05-30)
• Updated input 'nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.619660%2Brev-63c3a29ca82437c87573e4c6919b09a24ea61b0f/018f3b26-5e03-7aa3-b783-09324dde70c2/source.tar.gz?narHash=sha256-4cPymbty65RvF1DWQfc%2BBc8B233A1BWxJnNULJKQ1EY%3D' (2024-05-02)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.633517%2Brev-57610d2f8f0937f39dbd72251e9614b1561942d8/018fdf2b-c7ce-7ce0-8423-05bd35425cad/source.tar.gz?narHash=sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0%3D' (2024-05-31)
* Update Rust dependencies
This way, you can build upstream Nix or a branch/fork by doing nix build --override-input github:my-org/nix/my-branch without needing the https://github.com/DeterminateSystems/nix wrapper.
* Shellcheck nix-installer.sh * Disable variable quoting requirement * Add disable statements to script
Flake lock file updates:
• Updated input 'nix':
'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.21.2/018ef218-45b2-731b-8c3b-a9fc57c55fd1/source.tar.gz?narHash=sha256-HNt%2BocnqVlwGzYx%2B3DQRlfv06iSv2I7Ch5kuRH7W7m4%3D' (2024-04-18)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.23.1/01905aba-7c85-727f-ab95-e78f10889dd3/source.tar.gz?narHash=sha256-FiQVX3mwExssB1JwqdW48cPBXJ2V%2BiXYKOtsqTkPlVw%3D' (2024-06-27)
• Updated input 'nix/nix':
'https://api.flakehub.com/f/pinned/NixOS/nix/2.21.2/018eaedc-df49-7da8-8007-06186938ee08/source.tar.gz?narHash=sha256-ObaVDDPtnOeIE0t7m4OVk5G%2BOS6d9qYh%2BktK67Fe/zE%3D' (2024-04-03)
→ 'https://api.flakehub.com/f/pinned/NixOS/nix/2.23.1/01905a9c-511f-7df0-910f-096ac5276124/source.tar.gz?narHash=sha256-US%2BUsPhFeYoJH0ncjERRtVD1U20JtVtjsG%2BxhZqr/nY%3D' (2024-06-26)
• Added input 'nix/nix/flake-parts':
'github:hercules-ci/flake-parts/2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8?narHash=sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw%3D' (2024-06-01)
• Added input 'nix/nix/flake-parts/nixpkgs-lib':
follows 'nix/nix/nixpkgs'
• Added input 'nix/nix/pre-commit-hooks':
'github:cachix/pre-commit-hooks.nix/0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07?narHash=sha256-F1h%2BXIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4%3D' (2024-06-24)
• Added input 'nix/nix/pre-commit-hooks/flake-compat':
follows 'nix/nix'
• Added input 'nix/nix/pre-commit-hooks/gitignore':
follows 'nix/nix'
• Added input 'nix/nix/pre-commit-hooks/nixpkgs':
follows 'nix/nix/nixpkgs'
• Added input 'nix/nix/pre-commit-hooks/nixpkgs-stable':
follows 'nix/nix/nixpkgs'
It was removed in 2.22.0 (and its functionality folded into the flakes feature).
As of the previous commit, we just read it from the Cargo.toml directly.
* flake.lock: Update
Flake lock file updates:
• Updated input 'naersk':
'github:nix-community/naersk/fa19d8c135e776dc97f4dcca08656a0eeb28d5c0?narHash=sha256-oIs5EF%2B6VpHJRvvpVWuqCYJMMVW/6h59aYUv9lABLtY%3D' (2024-05-30)
→ 'github:nix-community/naersk/941ce6dc38762a7cfb90b5add223d584feed299b?narHash=sha256-uFsCwWYI2pUpt0awahSBorDUrUfBhaAiyz%2BBPTS2MHk%3D' (2024-06-18)
• Updated input 'nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.633517%2Brev-57610d2f8f0937f39dbd72251e9614b1561942d8/018fdf2b-c7ce-7ce0-8423-05bd35425cad/source.tar.gz?narHash=sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0%3D' (2024-05-31)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.643242%2Brev-2893f56de08021cffd9b6b6dfc70fd9ccd51eb60/0190530b-f61b-7788-9601-b336b1caf671/source.tar.gz?narHash=sha256-ECni%2BIkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko%3D' (2024-06-24)
* cargo update --aggressive
* fixup: whatever, codespell, have it your way
Bumps [serde_with](https://github.com/jonasbb/serde_with) from 3.8.1 to 3.8.2. - [Release notes](https://github.com/jonasbb/serde_with/releases) - [Commits](jonasbb/serde_with@v3.8.1...v3.8.2) --- updated-dependencies: - dependency-name: serde_with dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [plist](https://github.com/ebarnard/rust-plist) from 1.6.1 to 1.7.0. - [Release notes](https://github.com/ebarnard/rust-plist/releases) - [Commits](ebarnard/rust-plist@v1.6.1...v1.7.0) --- updated-dependencies: - dependency-name: plist dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.118 to 1.0.120. - [Release notes](https://github.com/serde-rs/json/releases) - [Commits](serde-rs/json@v1.0.118...v1.0.120) --- updated-dependencies: - dependency-name: serde_json dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [clap](https://github.com/clap-rs/clap) from 4.5.7 to 4.5.8. - [Release notes](https://github.com/clap-rs/clap/releases) - [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md) - [Commits](clap-rs/clap@clap_complete-v4.5.7...v4.5.8) --- updated-dependencies: - dependency-name: clap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The instructions in the prior link didn't work for me. The new one (official post from MS) does.
* Update the docs to not refer to linux-multi * Use bootstrap / bootout instead of load / unload * Use constants for the launchd domain and service target * Fixup clippy nits * Fixup the bootstrap / bootout syntax
* settings: remove variable for default build user count It's the same in every branch, so let's inline it at the one place it matters. * Show successful command output in trace logging * Preliminary support for macOS 15 beta * Undo using sysadminctl This may have implications for unattended setups that we'll want to explore at a later date.
* macos: split wait_for_nix_store_dir into own function * macos: give more retry tokens to wait_for_nix_store_dir Now it will try for 15 seconds (150 * 100ms) before failing.
Flake lock file updates:
• Updated input 'nix':
'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.5/0191b8c2-4026-72e8-90b6-e563d642256c/source.tar.gz?narHash=sha256-riLswssknfVx9FOj54JOCYJznSiNuuQoa/H2UvJQrJc%3D' (2024-09-03)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.6/0191dbcd-6673-792c-880f-f128cf5783a3/source.tar.gz?narHash=sha256-nYLR/BrRbz%2BCZI3yD3K0DtZDwpDrdC3Lri8eAP9S6JQ%3D' (2024-09-10)
• Updated input 'nix/nix':
'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.5/0191b85d-f080-7376-9389-09ec6fee7649/source.tar.gz?narHash=sha256-mYvdPwl4gcc17UAomkbbOJEgxBQpowmJDrRMWtlYzFY%3D' (2024-09-03)
→ 'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.6/0191dbc1-50d0-7215-9d82-af9b1e8bb34f/source.tar.gz?narHash=sha256-kgq3B%2Bolx62bzGD5C6ighdAoDweLq%2BAebxVHcDnKH4w%3D' (2024-09-10)
• Updated input 'nix/nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.634339%2Brev-797f7dc49e0bc7fab4b57c021cdf68f595e47841/01917ea1-8ce4-7d71-a601-f943a160def2/source.tar.gz?narHash=sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE%3D' (2024-08-22)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.634968%2Brev-f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9/0191d88e-5a81-7c67-9eca-2a2f952b405b/source.tar.gz?narHash=sha256-L64N1rpLlXdc94H%2BF6scnrbuEu%2ButC03cDDVvvJGOME%3D' (2024-09-08)
• Updated input 'nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.674318%2Brev-12228ff1752d7b7624a54e9c1af4b222b3c1073b/0191adaa-df39-7d38-92e0-798658d0033f/source.tar.gz?narHash=sha256-Ym04C5%2BqovuQDYL/rKWSR%2BWESseQBbNAe5DsXNx5trY%3D' (2024-08-31)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.677397%2Brev-574d1eac1c200690e27b8eb4e24887f8df7ac27c/0191cc79-d58a-7cda-8f9a-de8d866cadec/source.tar.gz?narHash=sha256-v3rIhsJBOMLR8e/RNWxr828tB%2BWywYIoajrZKFM%2B0Gg%3D' (2024-09-06)
…substituters` and `extra-trusted-public-keys` (DeterminateSystems#1145) * PlaceNixConfiguration: split Nix config setup to own function for testability * PlaceNixConfiguration: test that it's possible to specify `extra-trusted-public-keys` and `extra-trusted-substituters` This will fail until a follow-up commit that fixes it. * PlaceNixConfiguration: fix `--extra-conf` handling of `extra-trusted-substituters` and `extra-trusted-public-keys`
…directories (DeterminateSystems#1151) * use determinate-nixd to check if dnixd is available * ? * check the socket is active * nixd.determinate-nixd.socket: Let systemd create the socket's parent directories
* CreateDirectory: use /sbin/mount on macOS Some users report `mount` not being found in PATH when using Terminal.app (even though I can't reproduce this). * CreateDirectory: get rid of some more cfg target_os
…start` a few times (DeterminateSystems#1146) * Retry `launchctl bootstrap` a few times if it fails Sometimes it fails, sometimes it succeeds. So retry every 500ms for (as of this commit) a total of 5 seconds to see if it will succeed later. * Retry `launchctl bootout` a few times if it fails, use const launchd domain in more places * fixup: missing `process_group(0)` calls * Have retry_{bootstrap,bootout} check that it hasn't been done yet * Retry `launchctl kickstart` a few times if it fails
…1+ UID range (DeterminateSystems#1143) * repair: use target_lexicon::OperatingSystem over target_os cfg * repair: make repair actions a collection * Make some things pub for ease of reuse * fixup: make write_receipt() take a reference instead of ownership * fixup: make write_receipt() atomic and member of InstallPlan * CreateUser: enable skipping the completion check This is useful for when you don't care if it's been completed or not and want to rerun the commands. Especially useful on macOS, where `dscl . -create` is idempotent. * repair: add `sequoia` subcommand that can migrate build users to the new 351+ UID range * fixup: should not be able to specify uid base * fixup: nicer wording for human consumption * fixup: don't worry about incompatible receipts * fixup: prompt before some repair commands * fixup: set user_base outside of branch * fixup: store a timestamped, pre-repair copy of the receipt * fixup: note whether or not the receipt will be updated * fixup: note that uninstallation will work even if the receipt could not be updated
* flake.lock: Update determinate
Flake lock file updates:
• Updated input 'determinate':
'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.89%2Brev-54bcee31752428b7a69200be76e7c357723ae2de/0191a4ff-ffd4-7774-abcf-bf93c97c71c8/source.tar.gz?narHash=sha256-hU7e8tuhxi3jQxJXsqaG%2BzhhNodV3oVzp9FxzOnuEbY%3D' (2024-08-30)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.91%2Brev-ee1c24b52b7d1904308128ff8ed6a60f9bbd80c2/0191dca0-4394-7530-93a0-98db890817c6/source.tar.gz?narHash=sha256-bMU7IppWV7ir71xGbcyi20ifsD4sFwqHNMuYQtKfD%2Bo%3D' (2024-09-10)
* Explicitly pass 'daemon' to determinate-nixd
* fmt
* fixup: also specify daemon in systemd unit
---------
Co-authored-by: Cole Helbling <[email protected]>
* flake.lock: Update
Flake lock file updates:
• Updated input 'nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.677397%2Brev-574d1eac1c200690e27b8eb4e24887f8df7ac27c/0191cc79-d58a-7cda-8f9a-de8d866cadec/source.tar.gz?narHash=sha256-v3rIhsJBOMLR8e/RNWxr828tB%2BWywYIoajrZKFM%2B0Gg%3D' (2024-09-06)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.679633%2Brev-1355a0cbfeac61d785b7183c0caaec1f97361b43/0191e056-29ca-7edd-866b-619251fc5425/source.tar.gz?narHash=sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE%3D' (2024-09-10)
* cargo update --aggressive
* flake.lock: Update determinate
Flake lock file updates:
• Updated input 'determinate':
'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.93%2Brev-9f210e6a8d0d0465dd70d14d0d80bcfefea0cddc/0191e780-480e-74fd-b6d5-a737ac399aff/source.tar.gz?narHash=sha256-FSKbT3I6ldMowJ4cazPzOa3fIez8a85zpDPWE8WCnN8%3D' (2024-09-12)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.95%2Brev-3cdac9d388760cc6e8ea005808b028f68016e9b4/0191e80e-2871-7a06-a134-fa007cc372b5/source.tar.gz?narHash=sha256-QAf9dov9rcP7Rzogc6rv3nkBs/j9QfSCXjD28PzAuD8%3D' (2024-09-12)
• Updated input 'determinate/determinate-nixd-aarch64-darwin':
'https://install.determinate.systems/determinate-nixd/rev/22f4c6a94ca253849571df4f16cc1aef3f489816/macOS?narHash=sha256-1SsjyQHWUzKV44hZhNOAZVZqlh2mm2ngWIU9nr951XQ%3D'
→ 'https://install.determinate.systems/determinate-nixd/rev/f2736d599673dbd3ee6100c4042ad1b06d04dfed/macOS?narHash=sha256-sCNJGrBWfapUw0Dq0Qqzv9e2piL6Wj7RfF7f7jVs7ww%3D'
• Updated input 'determinate/determinate-nixd-aarch64-linux':
'https://install.determinate.systems/determinate-nixd/rev/22f4c6a94ca253849571df4f16cc1aef3f489816/aarch64-linux?narHash=sha256-wmKwEgmsbcPWWCpGBksYjdsrx3YKrf6uIBl4ZUXmkJI%3D'
→ 'https://install.determinate.systems/determinate-nixd/rev/f2736d599673dbd3ee6100c4042ad1b06d04dfed/aarch64-linux?narHash=sha256-Bw1JmMvDbMHzCLrexRpesJOA4xK8wDWQmumo9jTpk8s%3D'
• Updated input 'determinate/determinate-nixd-x86_64-linux':
'https://install.determinate.systems/determinate-nixd/rev/22f4c6a94ca253849571df4f16cc1aef3f489816/x86_64-linux?narHash=sha256-xaB/sQk2eJRZriHVd/TRiLncqmhoEItapTqvFuJqxIw%3D'
→ 'https://install.determinate.systems/determinate-nixd/rev/f2736d599673dbd3ee6100c4042ad1b06d04dfed/x86_64-linux?narHash=sha256-bT85O%2Bf9Uxl9%2Bzkjbe7nSRuLog6EAv2r8X5vfP9gENw%3D'
* Release v0.26.0
* flake.lock: Update determinate
Flake lock file updates:
• Updated input 'determinate':
'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.95%2Brev-3cdac9d388760cc6e8ea005808b028f68016e9b4/0191e80e-2871-7a06-a134-fa007cc372b5/source.tar.gz?narHash=sha256-QAf9dov9rcP7Rzogc6rv3nkBs/j9QfSCXjD28PzAuD8%3D' (2024-09-12)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.104%2Brev-7b5e23c0ed16462ddb7d6c4ad131583d8b7719b6/01920628-feba-7ff4-a76c-818c0aacb8c1/source.tar.gz?narHash=sha256-8HHb%2BbcGr9KbVpQaHlQlQaSoqIB4sHoTW4HTVuUYUY0%3D' (2024-09-18)
• Updated input 'determinate/determinate-nixd-aarch64-darwin':
'https://install.determinate.systems/determinate-nixd/rev/f2736d599673dbd3ee6100c4042ad1b06d04dfed/macOS?narHash=sha256-sCNJGrBWfapUw0Dq0Qqzv9e2piL6Wj7RfF7f7jVs7ww%3D'
→ 'https://install.determinate.systems/determinate-nixd/rev/2c18a8f38492d35be64d4e497b720938f17cc9f5/macOS?narHash=sha256-tmW%2BSqn9cautArLTych0mnKXD1abtaAuJGCUCrtUmeo%3D'
• Updated input 'determinate/determinate-nixd-aarch64-linux':
'https://install.determinate.systems/determinate-nixd/rev/f2736d599673dbd3ee6100c4042ad1b06d04dfed/aarch64-linux?narHash=sha256-Bw1JmMvDbMHzCLrexRpesJOA4xK8wDWQmumo9jTpk8s%3D'
→ 'https://install.determinate.systems/determinate-nixd/rev/2c18a8f38492d35be64d4e497b720938f17cc9f5/aarch64-linux?narHash=sha256-z5dg%2BqwLOjA4pjiCLReESa9qNYOtMxlaPXQQWNhEymA%3D'
• Updated input 'determinate/determinate-nixd-x86_64-linux':
'https://install.determinate.systems/determinate-nixd/rev/f2736d599673dbd3ee6100c4042ad1b06d04dfed/x86_64-linux?narHash=sha256-bT85O%2Bf9Uxl9%2Bzkjbe7nSRuLog6EAv2r8X5vfP9gENw%3D'
→ 'https://install.determinate.systems/determinate-nixd/rev/2c18a8f38492d35be64d4e497b720938f17cc9f5/x86_64-linux?narHash=sha256-8sENexNuv7gsVAeQx1xuJd8IQtociheylIeEjFRYbQI%3D'
* ci: ignore broken bash test on aarch64-darwin in GHA
---------
Co-authored-by: Cole Helbling <[email protected]>
* v0.26.1 * Update the fixtures
Flake lock file updates:
• Updated input 'nix':
'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.6/0191dbcd-6673-792c-880f-f128cf5783a3/source.tar.gz?narHash=sha256-nYLR/BrRbz%2BCZI3yD3K0DtZDwpDrdC3Lri8eAP9S6JQ%3D' (2024-09-10)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.7/01920e55-5ccc-7fe8-8252-aadf7ac362ff/source.tar.gz?narHash=sha256-paAmRuIWXbwyqKtOFaPlczSlQgJtZD/Ut1iDiADhczs%3D' (2024-09-19)
• Updated input 'nix/nix':
'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.6/0191dbc1-50d0-7215-9d82-af9b1e8bb34f/source.tar.gz?narHash=sha256-kgq3B%2Bolx62bzGD5C6ighdAoDweLq%2BAebxVHcDnKH4w%3D' (2024-09-10)
→ 'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.7/01920c94-c298-70c1-aff6-98f921fb4c68/source.tar.gz?narHash=sha256-NAyc5MR/T70umcSeMv7y3AVt00ZkmDXGm7LfYKTONfE%3D' (2024-09-19)
* Trivial flakehub: true -> determinate: true * Assert dnixd's presence or absence * ... * Fixup: flakehub: true implies determinate: true, so make the test suites pass determinate in the matrix instead of extra args * drop the github-token setting * Drop the trusted-user extra-conf * Sort the installer config * Correct the name to match the existing merge rules
* flake.lock: Update
Flake lock file updates:
• Updated input 'determinate':
'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.104%2Brev-7b5e23c0ed16462ddb7d6c4ad131583d8b7719b6/01920628-feba-7ff4-a76c-818c0aacb8c1/source.tar.gz?narHash=sha256-8HHb%2BbcGr9KbVpQaHlQlQaSoqIB4sHoTW4HTVuUYUY0%3D' (2024-09-18)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.106%2Brev-6f50e68a2e47dea677872eba1d08f1ecef0c9871/01920fd4-ba33-72e7-9a8e-45374f81ee29/source.tar.gz?narHash=sha256-CTeJFoIHu/A28nqtU06aVVZ6ExBOKPKgUptVDveIoFU%3D' (2024-09-20)
• Updated input 'nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.679633%2Brev-1355a0cbfeac61d785b7183c0caaec1f97361b43/0191e056-29ca-7edd-866b-619251fc5425/source.tar.gz?narHash=sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE%3D' (2024-09-10)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.681973%2Brev-99dc8785f6a0adac95f5e2ab05cc2e1bf666d172/0191fe06-77c6-7f96-9835-e6a8ac5c4059/source.tar.gz?narHash=sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c%3D' (2024-09-16)
* cargo update --aggressive
* Update sysctl to 0.6.0
* 0.26.2
* prep for 0.26.3
* Cargo update
* nix 2.24.7 -> 2.24.8
* flake.lock: Update
Flake lock file updates:
• Updated input 'nix':
'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.7/01920e55-5ccc-7fe8-8252-aadf7ac362ff/source.tar.gz?narHash=sha256-paAmRuIWXbwyqKtOFaPlczSlQgJtZD/Ut1iDiADhczs%3D' (2024-09-19)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.8/01922bfb-a02e-73c0-b5f7-d860aa6dad31/source.tar.gz?narHash=sha256-Wir%2BYSuRl2Bw8i2tQqeHSzLm9MIjg%2Bju1HBN4qOzZmM%3D' (2024-09-26)
• Updated input 'nix/nix':
'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.7/01920c94-c298-70c1-aff6-98f921fb4c68/source.tar.gz?narHash=sha256-NAyc5MR/T70umcSeMv7y3AVt00ZkmDXGm7LfYKTONfE%3D' (2024-09-19)
→ 'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.8/01922bf0-4d5b-7753-b262-2497ef4593e8/source.tar.gz?narHash=sha256-YPJA0stZucs13Y2DQr3JIL6JfakP//LDbYXNhic/rKk%3D' (2024-09-25)
• Updated input 'nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.681973%2Brev-99dc8785f6a0adac95f5e2ab05cc2e1bf666d172/0191fe06-77c6-7f96-9835-e6a8ac5c4059/source.tar.gz?narHash=sha256-gI9kkaH0ZjakJOKrdjaI/VbaMEo9qBbSUl93DnU7f4c%3D' (2024-09-16)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.684053%2Brev-9357f4f23713673f310988025d9dc261c20e70c6/01921e7b-1992-7873-809e-ce4f88216698/source.tar.gz?narHash=sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c%3D' (2024-09-21)
* flake.lock: Update
Flake lock file updates:
• Updated input 'determinate':
'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.106%2Brev-6f50e68a2e47dea677872eba1d08f1ecef0c9871/01920fd4-ba33-72e7-9a8e-45374f81ee29/source.tar.gz?narHash=sha256-CTeJFoIHu/A28nqtU06aVVZ6ExBOKPKgUptVDveIoFU%3D' (2024-09-20)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.108%2Brev-9e29debf915921a714a622d573aa0b052e4b9a7d/01922c07-4d38-7d89-9dd7-07c27c170c65/source.tar.gz?narHash=sha256-HTTDeNjHUsdkHotm7CDzl8rKseoLQEeezYP6oJU7aas%3D' (2024-09-26)
Flake lock file updates:
• Updated input 'nix':
'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.8/01922bfb-a02e-73c0-b5f7-d860aa6dad31/source.tar.gz?narHash=sha256-Wir%2BYSuRl2Bw8i2tQqeHSzLm9MIjg%2Bju1HBN4qOzZmM%3D' (2024-09-26)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/nix/2.24.9/0192358e-86eb-7a95-8161-99d09d9a6a06/source.tar.gz?narHash=sha256-1mUkLxoyG/rgceHeJTXcKcySvw5dSzIvAtqd1vaoa1g%3D' (2024-09-27)
• Updated input 'nix/nix':
'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.8/01922bf0-4d5b-7753-b262-2497ef4593e8/source.tar.gz?narHash=sha256-YPJA0stZucs13Y2DQr3JIL6JfakP//LDbYXNhic/rKk%3D' (2024-09-25)
→ 'https://api.flakehub.com/f/pinned/NixOS/nix/2.24.9/01923584-fceb-7a8c-bef7-f6d1eb9a0916/source.tar.gz?narHash=sha256-OwJByTdCz1t91ysBqynK%2BifszkoIGEXUn6HE2t82%2Bc8%3D' (2024-09-27)
• Updated input 'nix/nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.634968%2Brev-f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9/0191d88e-5a81-7c67-9eca-2a2f952b405b/source.tar.gz?narHash=sha256-L64N1rpLlXdc94H%2BF6scnrbuEu%2ButC03cDDVvvJGOME%3D' (2024-09-08)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2405.635457%2Brev-759537f06e6999e141588ff1c9be7f3a5c060106/01922cec-c9c8-788e-8861-26f19bd8d7aa/source.tar.gz?narHash=sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao%3D' (2024-09-25)
* v0.26.3 -> 0.26.4
* Update cargo deps
* flake.lock: Update
Flake lock file updates:
• Updated input 'determinate':
'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.108%2Brev-9e29debf915921a714a622d573aa0b052e4b9a7d/01922c07-4d38-7d89-9dd7-07c27c170c65/source.tar.gz?narHash=sha256-HTTDeNjHUsdkHotm7CDzl8rKseoLQEeezYP6oJU7aas%3D' (2024-09-26)
→ 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.110%2Brev-cb916a7dd1b85d547edd6ba2f782a578ca4ef480/01923596-e372-7668-a456-5b32177e0dda/source.tar.gz?narHash=sha256-M9Z7OMrQHAmZQnuMYxdyqzV%2B7ApIXVbA2GXl62l1GTo%3D' (2024-09-27)
• Updated input 'nixpkgs':
'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.684053%2Brev-9357f4f23713673f310988025d9dc261c20e70c6/01921e7b-1992-7873-809e-ce4f88216698/source.tar.gz?narHash=sha256-bvGoiQBvponpZh8ClUcmJ6QnsNKw0EMrCQJARK3bI1c%3D' (2024-09-21)
→ 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.685764%2Brev-1925c603f17fc89f4c8f6bf6f631a802ad85d784/01923479-4bef-7480-a7b0-72f6d33a5318/source.tar.gz?narHash=sha256-J%2BPeFKSDV%2BpHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI%3D' (2024-09-26)
…l full-disk-access approval (DeterminateSystems#1210) * Add support for macOS without requiring FDA on EC2 This PR adds a flag to the installer for macOS that allows installing and using Nix on EC2 without a manual process of enabling full disk access. On EC2, macOS requires the user to grant Full Disk Access to the Nix daemon or determinate-nixd for it to function. However, the actual permission issue is access to removable volumes. Users can provide a macOS policy (via MDM or manually) that allows access to removable volumes, but this also requires a manual setup process. The key insight of this pull request is that by using the internal hard disk, we escape the "removable volume" limitation. This PR's new flag sets the default root disk target to use the internal disk, instead of the disk that macOS is running from. Note that this is feature-locked to determinate-nixd, because determinate-nixd accounts for a quirk of AWS's macOS deployment. AWS's macOS infrastructure assumes all internal disks are unmounted, and will occasionally unmount the Nix Store. Also: * Switch to using init away from a stop-after in daemon * flake.lock: Update Flake lock file updates: • Updated input 'determinate': 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.110%2Brev-cb916a7dd1b85d547edd6ba2f782a578ca4ef480/01923596-e372-7668-a456-5b32177e0dda/source.tar.gz?narHash=sha256-M9Z7OMrQHAmZQnuMYxdyqzV%2B7ApIXVbA2GXl62l1GTo%3D' (2024-09-27) → 'https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/0.1.136%2Brev-ec5f982bd53acbece1c3a72a0dbf074ab5d79e10/019244a6-0aa7-72b5-9d85-a7bb7885aad3/source.tar.gz?narHash=sha256-sSGQJP7isahkRAzlOiLJjvoz/MijCsoFa6FgQIqbcFE%3D' (2024-09-30) • Updated input 'determinate/determinate-nixd-aarch64-darwin': 'https://install.determinate.systems/determinate-nixd/rev/2c18a8f38492d35be64d4e497b720938f17cc9f5/macOS?narHash=sha256-tmW%2BSqn9cautArLTych0mnKXD1abtaAuJGCUCrtUmeo%3D' → 'https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/macOS?narHash=sha256-OhG8joS/uN3Kdw4h9w8F/6ZIVTFZ8J9Fb4NGn/KK5/s%3D' • Updated input 'determinate/determinate-nixd-aarch64-linux': 'https://install.determinate.systems/determinate-nixd/rev/2c18a8f38492d35be64d4e497b720938f17cc9f5/aarch64-linux?narHash=sha256-z5dg%2BqwLOjA4pjiCLReESa9qNYOtMxlaPXQQWNhEymA%3D' → 'https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/aarch64-linux?narHash=sha256-AGcHQSIdb%2BKEJlhJzMB4YyFxbjdLZEDDf6bv6Zi3wqM%3D' • Updated input 'determinate/determinate-nixd-x86_64-linux': 'https://install.determinate.systems/determinate-nixd/rev/2c18a8f38492d35be64d4e497b720938f17cc9f5/x86_64-linux?narHash=sha256-8sENexNuv7gsVAeQx1xuJd8IQtociheylIeEjFRYbQI%3D' → 'https://install.determinate.systems/determinate-nixd/rev/51ecec5a3148baef87c2015536aa12dd18e4c4ad/x86_64-linux?narHash=sha256-kU4dqHoYe3sFf4LDAUj4fyl9uGV8IHtE22%2BDdMeRN0s%3D' • Updated input 'nixpkgs': 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.685764%2Brev-1925c603f17fc89f4c8f6bf6f631a802ad85d784/01923479-4bef-7480-a7b0-72f6d33a5318/source.tar.gz?narHash=sha256-J%2BPeFKSDV%2BpHL7ukkfpVzCOO7mBSrrpJ3svwBFABbhI%3D' (2024-09-26) → 'https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.687049%2Brev-06cf0e1da4208d3766d898b7fdab6513366d45b9/019243b7-0a9f-79f7-b57a-4e0cfd13a578/source.tar.gz?narHash=sha256-S5kVU7U82LfpEukbn/ihcyNt2%2BEvG7Z5unsKW9H/yFA%3D' (2024-09-29)
* Cargo update
* flake.lock: Update
Flake lock file updates:
• Updated input 'fenix':
'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1986%2Brev-28b42d01f549c38bd165296fbcb4fe66d98fc24f/0191aca7-e3ea-728d-bfd8-c4744f4a108d/source.tar.gz?narHash=sha256-BtLY9lWu/pe6/ImFwuRRRqMwLacY5AZOKA2hUHUQ64k%3D' (2024-09-01)
→ 'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.2029%2Brev-a9d2e5fa8d77af05240230c9569bbbddd28ccfaf/01924729-44b5-7df4-a70d-d5e64656e243/source.tar.gz?narHash=sha256-tvN9v5gTxLI5zOKsNvYl1aUxIitHm8Nj3vKdXNfJo50%3D' (2024-10-01)
• Updated input 'fenix/rust-analyzer-src':
'github:rust-lang/rust-analyzer/914a1caab54e48a028b2407d0fe6fade89532f67?narHash=sha256-TBujPMMIv8RG6BKlsBEpCln1ePmWz79xTcJOQpU2L18%3D' (2024-08-31)
→ 'github:rust-lang/rust-analyzer/28830ff2f1158ee92f4852ef3ec35af0935d1562?narHash=sha256-xxgUHwwJ%2B1xQQoUWvLDo807IZ0MDldkfr9N1G4fvNJU%3D' (2024-09-30)
* Revamp initial paragraphs * More small fixes * Make curl commands multi-line * Add Determinate instructions * Fix broken links * Make features section more prominent * Separate community involvement section * Fewer links in first paragraph * Update millions * Fix DDS link
mkenigs
reviewed
Nov 22, 2024
| pub use create_nix_tree::CreateNixTree; | ||
| pub use create_users_and_groups::CreateUsersAndGroups; | ||
| pub use delete_users::DeleteUsersInGroup; | ||
| pub use place_nix_configuration::PlaceNixConfiguration; | ||
| pub use provision_determinate_nixd::ProvisionDeterminateNixd; |
There was a problem hiding this comment.
Suggested change
| pub use provision_determinate_nixd::ProvisionDeterminateNixd; | |
| #[cfg(not(feature = "nix-community"))] | |
| pub use provision_determinate_nixd::ProvisionDeterminateNixd; |
There was a problem hiding this comment.
I don't think we tried to exclude these before, but doing so will cause comp errors in additional files that we have to go clean up. I think we still want to just lean on disabling the CLI option that leads here for these as well?
There was a problem hiding this comment.
Fine by me! Easy to change later if we change our mind
| pub(crate) mod create_nix_tree; | ||
| pub(crate) mod create_users_and_groups; | ||
| pub(crate) mod delete_users; | ||
| pub(crate) mod place_nix_configuration; | ||
| pub(crate) mod provision_determinate_nixd; |
There was a problem hiding this comment.
Suggested change
| pub(crate) mod provision_determinate_nixd; | |
| #[cfg(not(feature = "nix-community"))] | |
| pub(crate) mod provision_determinate_nixd; |
src/action/macos/mod.rs
Outdated
| @@ -4,8 +4,9 @@ | |||
| pub(crate) mod bootstrap_launchctl_service; | |||
| pub(crate) mod configure_remote_building; | |||
| pub(crate) mod create_apfs_volume; | |||
| #[cfg(not(feature = "nix-community"))] | |||
| pub(crate) mod create_enterprise_edition_volume; | |||
| // #[cfg(not(feature = "nix-community"))] | |||
There was a problem hiding this comment.
Suggested change
| // #[cfg(not(feature = "nix-community"))] | |
| #[cfg(not(feature = "nix-community"))] |
There was a problem hiding this comment.
We backed off of this approach to avoid having to go weed out and special/case the uses (but I should have cleaned up the commented-out copies, so it's right to poke at them).
| pub(crate) mod create_enterprise_edition_volume; | ||
| // #[cfg(not(feature = "nix-community"))] | ||
| pub(crate) mod create_determinate_nix_volume; | ||
| pub(crate) mod create_determinate_volume_service; |
There was a problem hiding this comment.
Suggested change
| pub(crate) mod create_determinate_volume_service; | |
| #[cfg(not(feature = "nix-community"))] | |
| pub(crate) mod create_determinate_volume_service; |
src/action/macos/mod.rs
Outdated
| // #[cfg(not(feature = "nix-community"))] | ||
| pub use create_determinate_nix_volume::CreateDeterminateNixVolume; | ||
| pub use create_determinate_volume_service::CreateDeterminateVolumeService; |
There was a problem hiding this comment.
Suggested change
| // #[cfg(not(feature = "nix-community"))] | |
| pub use create_determinate_nix_volume::CreateDeterminateNixVolume; | |
| pub use create_determinate_volume_service::CreateDeterminateVolumeService; | |
| #[cfg(not(feature = "nix-community"))] | |
| pub use create_determinate_nix_volume::CreateDeterminateNixVolume; | |
| #[cfg(not(feature = "nix-community"))] | |
| pub use create_determinate_volume_service::CreateDeterminateVolumeService; |
| #[cfg_attr( | ||
| feature = "cli", | ||
| clap(long, default_value = "false", requires = "determinate_nix") | ||
| )] |
There was a problem hiding this comment.
We could skip this since it requires determinate nix, but I don't think we need to since its already effectively disabled
mkenigs
reviewed
Nov 22, 2024
src/planner/linux.rs
Outdated
| linux::ProvisionSelinux, | ||
| common::{ | ||
| ConfigureNix, ConfigureUpstreamInitService, | ||
| CreateUsersAndGroups, ProvisionDeterminateNixd, ProvisionNix, |
There was a problem hiding this comment.
I did this, but I will note that it did make me wonder whether we should just revert the change that extracted
use crate::action::common::ConfigureDeterminateNixdInitService; from this block in order to apply #[cfg(not(feature = "nix-community"))] to it (and the exclusion down around 270ish) so that we don't have a formatting diff?
When we discussed this, we decided it was net-good to have these since they helped ~document the intent/effect of the change to snip out the --determinate flag. Maybe it'd be better to just put comments on them?
There was a problem hiding this comment.
I think making the change is a bit more thorough but minimizing the diff is going to be less work. I'm okay with either
…_0.27.0 Includes substantial conflict resolution.
abathur
force-pushed
the
merge_upstream_post_0.27.0_again
branch
from
43416a7
to
b8b7ace
Compare
abathur
commented
Nov 23, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reworked history to fold in changes we discussed on tues/weds. @mkenigs