[PATCH 1/2] Add flakes support
Signed-off-by: Valentin Kharin <valentin.kharin@unikie.com> --- flake.lock | 43 +++++++++++++++++++++++++++++++++ flake.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..aa4ee5e --- /dev/null +++ b/flake.lock @@ -0,0 +1,43 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1669635185, + "narHash": "sha256-vYg6GjnsEWNWt/4TmfFN9WtQmSXb4S796J2UOfyTcW0=", + "ref": "refs/heads/rootfs", + "rev": "3176ddef4b4cec85faa2f49d29ce74816d452dc0", + "revCount": 429673, + "type": "git", + "url": "https://spectrum-os.org/git/nixpkgs/" + }, + "original": { + "ref": "refs/heads/rootfs", + "type": "git", + "url": "https://spectrum-os.org/git/nixpkgs/" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..6e77006 --- /dev/null +++ b/flake.nix @@ -0,0 +1,71 @@ +{ + description = "A compartmentalized operating system"; + + # NOTE: Revision specification format is ?ref=refs%2fheads%2f<BRANCH>&rev=<COMMIT_REVISION> + inputs.nixpkgs.url = + "git+https://spectrum-os.org/git/nixpkgs/?ref=refs%2fheads%2frootfs"; + inputs.flake-utils.url = "github:numtide/flake-utils"; + + outputs = { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + config = { inherit pkgs; }; + lib = pkgs.lib; + + mkEntryPoint = { name ? builtins.baseNameOf path, path + , enableShell ? true, enablePackage ? true }: + let + shell = { + # NOTE: https://stackoverflow.com/a/43850372 + devShells.${name} = + import (path + "/shell.nix") { inherit config; }; + }; + package = { packages.${name} = import path { inherit config; }; }; + in (if enableShell then shell else { }) + // (if enablePackage then package else { }); + + # Entry point is a directory with shell.nix and default.nix + # This function maps every entry point to corresponding devShell and package + mapEntryPoints = epoints: + builtins.foldl' lib.recursiveUpdate { } (map mkEntryPoint epoints); + in lib.recursiveUpdate (mapEntryPoints [ + { + path = ./.; + enablePackage = false; + } + { path = ./host/initramfs; } + { path = ./host/rootfs; } + { path = ./host/start-vm; } + { path = ./img/app; } + { path = ./release/live; } + { path = ./vm/sys/net; } + ]) { + # Add some other flake schema related stuff here. + # NOTE: flake-utils.lib.eachDefaultSystem automagically adds ${system}. + devShells.documentation = import ./Documentation { inherit config; }; + packages.documentation = import ./Documentation { inherit config; }; + + nixosModules = let + substituters = [ "https://cache.dataaturservice.se/spectrum/" ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "spectrum-os.org-1:rnnSumz3+Dbs5uewPlwZSTP0k3g/5SRG4hD7Wbr9YuQ=" + ]; + in { + # NOTE: See https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-substitu... + # and https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-trusted-... + # to understand difference between these two modules. + binary-cache = { ... }: { + nix.settings = { inherit trusted-public-keys substituters; }; + }; + # Doesn't enabled by + trusted-binary-cache = { ... }: { + nix.settings = { + inherit trusted-public-keys; + trusted-substituters = substituters; + }; + }; + }; + }); +} -- 2.38.1
Signed-off-by: Valentin Kharin <valentin.kharin@unikie.com> --- .../installation/getting-spectrum.adoc | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/Documentation/installation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc index 6aec34f..ec13145 100644 --- a/Documentation/installation/getting-spectrum.adoc +++ b/Documentation/installation/getting-spectrum.adoc @@ -22,6 +22,13 @@ If you want to try Spectrum out to get a feel for it, without installing it, you can run it in a development VM with some example applications. +This builds just enough of Spectrum to try it out in a VM, but it will +still take a very long time. + +You can use one of the following methods to build Spectrum. + +=== Default + [source,shell] ---- git clone https://spectrum-os.org/git/spectrum @@ -32,8 +39,17 @@ cd spectrum/host/rootfs nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run' ---- -This builds just enough of Spectrum to try it out in a VM, but it will -still take a very long time. +=== Flakes + +Flakes is more hermetic, fast, and reproducable way of building. + +[source,shell] +---- +git clone https://spectrum-os.org/git/spectrum && cd spectrum +nix develop .#rootfs && cd host/rootfs/ && make run +---- + +For more information on flakes, see https://nixos.wiki/wiki/Flakes[NixOS Wiki]. == Building Installer -- 2.38.1
On Wed, Dec 14, 2022 at 01:09:54PM +0200, Valentin Kharin wrote:
Signed-off-by: Valentin Kharin <valentin.kharin@unikie.com>
Reviewed-by: Alyssa Ross <alyssa.ross@unikie.com> (There are some minor e.g. spelling mistakes but I can just fix those up when I apply it.)
--- .../installation/getting-spectrum.adoc | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/Documentation/installation/getting-spectrum.adoc b/Documentation/installation/getting-spectrum.adoc index 6aec34f..ec13145 100644 --- a/Documentation/installation/getting-spectrum.adoc +++ b/Documentation/installation/getting-spectrum.adoc @@ -22,6 +22,13 @@ If you want to try Spectrum out to get a feel for it, without installing it, you can run it in a development VM with some example applications.
+This builds just enough of Spectrum to try it out in a VM, but it will +still take a very long time. + +You can use one of the following methods to build Spectrum. + +=== Default + [source,shell] ---- git clone https://spectrum-os.org/git/spectrum @@ -32,8 +39,17 @@ cd spectrum/host/rootfs nix-shell -I nixpkgs=../../../nixpkgs-spectrum --run 'make run' ----
-This builds just enough of Spectrum to try it out in a VM, but it will -still take a very long time. +=== Flakes + +Flakes is more hermetic, fast, and reproducable way of building. + +[source,shell] +---- +git clone https://spectrum-os.org/git/spectrum && cd spectrum +nix develop .#rootfs && cd host/rootfs/ && make run +---- + +For more information on flakes, see https://nixos.wiki/wiki/Flakes[NixOS Wiki].
== Building Installer
-- 2.38.1
On Wed, Dec 14, 2022 at 01:09:53PM +0200, Valentin Kharin wrote:
Signed-off-by: Valentin Kharin <valentin.kharin@unikie.com>
Thanks! I've been ill so just getting around to looking at this now. I've left some comments below, but it looks on the right track.
--- flake.lock | 43 +++++++++++++++++++++++++++++++++ flake.nix | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix
Both files need license information attached. Following existing conventions in Spectrum, this should be: - MIT for flake.nix - CC0-1.0 for flake.lock Since flake.lock is a generated file, you can put the license information in a flake.lock.license file — there are other examples of this in the tree you can refer to. You can do a basic check that the license information looks right by running `reuse lint`.
diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..aa4ee5e --- /dev/null +++ b/flake.lock @@ -0,0 +1,43 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1669635185, + "narHash": "sha256-vYg6GjnsEWNWt/4TmfFN9WtQmSXb4S796J2UOfyTcW0=", + "ref": "refs/heads/rootfs", + "rev": "3176ddef4b4cec85faa2f49d29ce74816d452dc0", + "revCount": 429673, + "type": "git", + "url": "https://spectrum-os.org/git/nixpkgs/" + }, + "original": { + "ref": "refs/heads/rootfs", + "type": "git", + "url": "https://spectrum-os.org/git/nixpkgs/" + } + }, + "root": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..6e77006 --- /dev/null +++ b/flake.nix @@ -0,0 +1,71 @@ +{ + description = "A compartmentalized operating system"; + + # NOTE: Revision specification format is ?ref=refs%2fheads%2f<BRANCH>&rev=<COMMIT_REVISION> + inputs.nixpkgs.url = + "git+https://spectrum-os.org/git/nixpkgs/?ref=refs%2fheads%2frootfs"; + inputs.flake-utils.url = "github:numtide/flake-utils"; + + outputs = { self, nixpkgs, flake-utils }: + flake-utils.lib.eachDefaultSystem (system:
We should probably list only supported platforms here, right? (And then maybe we wouldn't need the flake-utils dependency?)
+ let + pkgs = nixpkgs.legacyPackages.${system}; + config = { inherit pkgs; }; + lib = pkgs.lib; + + mkEntryPoint = { name ? builtins.baseNameOf path, path + , enableShell ? true, enablePackage ? true }: + let + shell = { + # NOTE: https://stackoverflow.com/a/43850372 + devShells.${name} = + import (path + "/shell.nix") { inherit config; }; + }; + package = { packages.${name} = import path { inherit config; }; }; + in (if enableShell then shell else { }) + // (if enablePackage then package else { }); + + # Entry point is a directory with shell.nix and default.nix + # This function maps every entry point to corresponding devShell and package + mapEntryPoints = epoints: + builtins.foldl' lib.recursiveUpdate { } (map mkEntryPoint epoints); + in lib.recursiveUpdate (mapEntryPoints [ + { + path = ./.; + enablePackage = false; + } + { path = ./host/initramfs; } + { path = ./host/rootfs; } + { path = ./host/start-vm; } + { path = ./img/app; } + { path = ./release/live; } + { path = ./vm/sys/net; } + ]) { + # Add some other flake schema related stuff here. + # NOTE: flake-utils.lib.eachDefaultSystem automagically adds ${system}. + devShells.documentation = import ./Documentation { inherit config; }; + packages.documentation = import ./Documentation { inherit config; }; + + nixosModules = let + substituters = [ "https://cache.dataaturservice.se/spectrum/" ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "spectrum-os.org-1:rnnSumz3+Dbs5uewPlwZSTP0k3g/5SRG4hD7Wbr9YuQ=" + ]; + in { + # NOTE: See https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-substitu... + # and https://nixos.org/manual/nix/stable/command-ref/conf-file.html#conf-trusted-... + # to understand difference between these two modules. + binary-cache = { ... }: { + nix.settings = { inherit trusted-public-keys substituters; }; + }; + # Doesn't enabled by
This comment looks unfinished?
+ trusted-binary-cache = { ... }: { + nix.settings = { + inherit trusted-public-keys; + trusted-substituters = substituters; + }; + }; + }; + }); +} -- 2.38.1
participants (2)
-
Alyssa Ross -
Valentin Kharin