From abd52dd8723a8b0293d25603769205cefeacab50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 26 Mar 2025 21:45:55 +0100 Subject: [PATCH] nixVersions.{nix_2_28,nix_2_26}: switch simplified meson build So we are adding a simplified version that builds a monolithic nix binary to get finished in time for the release. Afterwards we will switch to the modular build again. --- lib/tests/nix-for-tests.nix | 2 +- .../nix/{common.nix => common-autoconf.nix} | 0 .../package-management/nix/common-meson.nix | 287 ++++++++++++++++++ pkgs/tools/package-management/nix/default.nix | 65 ++-- .../tools/package-management/nix/nix-perl.nix | 25 +- 5 files changed, 334 insertions(+), 45 deletions(-) rename pkgs/tools/package-management/nix/{common.nix => common-autoconf.nix} (100%) create mode 100644 pkgs/tools/package-management/nix/common-meson.nix diff --git a/lib/tests/nix-for-tests.nix b/lib/tests/nix-for-tests.nix index 96c01241773a..a9a5b2f8de54 100644 --- a/lib/tests/nix-for-tests.nix +++ b/lib/tests/nix-for-tests.nix @@ -14,7 +14,7 @@ builtins.mapAttrs ( attr: pkg: - if lib.versionAtLeast pkg.version "2.26" then + if lib.versionAtLeast pkg.version "2.29pre" then pkg.overrideScope (finalScope: prevScope: { aws-sdk-cpp = null; }) else pkg.override { withAWS = false; } diff --git a/pkgs/tools/package-management/nix/common.nix b/pkgs/tools/package-management/nix/common-autoconf.nix similarity index 100% rename from pkgs/tools/package-management/nix/common.nix rename to pkgs/tools/package-management/nix/common-autoconf.nix diff --git a/pkgs/tools/package-management/nix/common-meson.nix b/pkgs/tools/package-management/nix/common-meson.nix new file mode 100644 index 000000000000..d6d27f18ebd4 --- /dev/null +++ b/pkgs/tools/package-management/nix/common-meson.nix @@ -0,0 +1,287 @@ +{ + lib, + fetchFromGitHub, + version, + suffix ? "", + hash ? null, + src ? fetchFromGitHub { + owner = "NixOS"; + repo = "nix"; + rev = version; + inherit hash; + }, + patches ? [ ], + maintainers ? lib.teams.nix.members ++ [ + lib.maintainers.lovesegfault + lib.maintainers.artturin + ], + self_attribute_name, +}@args: +assert (hash == null) -> (src != null); +{ + stdenv, + bison, + boehmgc, + boost, + brotli, + busybox-sandbox-shell, + bzip2, + callPackage, + cmake, + curl, + darwin, + doxygen, + editline, + flex, + git, + gtest, + jq, + lib, + libarchive, + libblake3, + libcpuid, + libgit2, + libsodium, + lowdown, + lowdown-unsandboxed, + toml11, + man, + meson, + ninja, + mdbook, + mdbook-linkcheck, + nlohmann_json, + nixosTests, + openssl, + perl, + python3, + pkg-config, + rapidcheck, + rsync, + Security, + sqlite, + util-linuxMinimal, + xz, + enableDocumentation ? stdenv.buildPlatform.canExecute stdenv.hostPlatform, + enableStatic ? stdenv.hostPlatform.isStatic, + withAWS ? !enableStatic && (stdenv.hostPlatform.isLinux || stdenv.hostPlatform.isDarwin), + aws-sdk-cpp, + withLibseccomp ? lib.meta.availableOn stdenv.hostPlatform libseccomp, + libseccomp, + + confDir, + stateDir, + storeDir, + + # passthru tests + pkgsi686Linux, + pkgsStatic, + runCommand, + pkgs, +}: + +stdenv.mkDerivation (finalAttrs: { + pname = "nix"; + + version = "${version}${suffix}"; + VERSION_SUFFIX = suffix; + + inherit src patches; + + outputs = + [ + "out" + "dev" + ] + ++ lib.optionals enableDocumentation [ + "man" + "doc" + ]; + + hardeningEnable = lib.optionals (!stdenv.hostPlatform.isDarwin) [ "pie" ]; + + hardeningDisable = [ + "shadowstack" + ] ++ lib.optional stdenv.hostPlatform.isMusl "fortify"; + + nativeCheckInputs = [ + git + man + ]; + + nativeBuildInputs = + [ + bison + cmake + flex + jq + meson + ninja + pkg-config + rsync + ] + ++ lib.optionals enableDocumentation [ + (lib.getBin lowdown-unsandboxed) + mdbook + mdbook-linkcheck + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + util-linuxMinimal + ] + ++ lib.optionals enableDocumentation [ + python3 + doxygen + ]; + + buildInputs = + [ + boost + brotli + bzip2 + curl + editline + libgit2 + libsodium + lowdown + openssl + sqlite + toml11 + xz + ] + ++ lib.optionals (lib.versionAtLeast version "2.26") [ + libblake3 + ] + ++ lib.optionals stdenv.hostPlatform.isDarwin [ + Security + ] + ++ lib.optionals stdenv.hostPlatform.isx86_64 [ + libcpuid + ] + ++ lib.optionals withLibseccomp [ + libseccomp + ] + ++ lib.optionals withAWS [ + aws-sdk-cpp + ] + ++ lib.optionals (stdenv.hostPlatform.isDarwin) [ + darwin.apple_sdk.libs.sandbox + ]; + + propagatedBuildInputs = [ + boehmgc + nlohmann_json + libarchive + ]; + + checkInputs = [ + gtest + rapidcheck + ]; + + postPatch = '' + patchShebangs --build tests + ''; + + preConfigure = + # Copy libboost_context so we don't get all of Boost in our closure. + # https://github.com/NixOS/nixpkgs/issues/45462 + lib.optionalString (!enableStatic) '' + mkdir -p $out/lib + cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib + rm -f $out/lib/*.a + ${lib.optionalString stdenv.hostPlatform.isLinux '' + chmod u+w $out/lib/*.so.* + patchelf --set-rpath $out/lib:${lib.getLib stdenv.cc.cc}/lib $out/lib/libboost_thread.so.* + ''} + ''; + + dontUseCmakeConfigure = true; + + mesonFlags = + [ + (lib.mesonBool "bindings" false) + (lib.mesonOption "libstore:store-dir" storeDir) + (lib.mesonOption "libstore:localstatedir" stateDir) + (lib.mesonOption "libstore:sysconfdir" confDir) + (lib.mesonEnable "libutil:cpuid" stdenv.hostPlatform.isx86_64) + (lib.mesonEnable "libstore:seccomp-sandboxing" withLibseccomp) + (lib.mesonBool "libstore:embedded-sandbox-shell" ( + stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isStatic + )) + (lib.mesonBool "doc-gen" enableDocumentation) + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + (lib.mesonOption "libstore:sandbox-shell" "${busybox-sandbox-shell}/bin/busybox") + # RISC-V support in progress https://github.com/seccomp/libseccomp/pull/50 + ] + ++ lib.optionals (stdenv.cc.isGNU && !enableStatic) [ + # TODO: do we still need this? + # "--enable-lto" + ]; + + doCheck = true; + + # socket path becomes too long otherwise + preInstallCheck = + lib.optionalString stdenv.hostPlatform.isDarwin '' + export TMPDIR=$NIX_BUILD_TOP + '' + # See https://github.com/NixOS/nix/issues/5687 + + lib.optionalString (stdenv.hostPlatform.system == "aarch64-linux") '' + echo "exit 0" > tests/functional/flakes/show.sh + '' + + '' + # nixStatic otherwise does not find its man pages in tests. + export MANPATH=$man/share/man:$MANPATH + ''; + + separateDebugInfo = stdenv.hostPlatform.isLinux && enableStatic; + + passthru = { + inherit aws-sdk-cpp boehmgc; + + # TODO: + perl-bindings = perl.pkgs.toPerlModule ( + callPackage ./nix-perl.nix { + nix = finalAttrs.finalPackage; + inherit Security; + } + ); + + tests = import ./tests.nix { + inherit + runCommand + version + src + lib + stdenv + pkgs + pkgsi686Linux + pkgsStatic + nixosTests + self_attribute_name + ; + nix = finalAttrs.finalPackage; + }; + }; + + # point 'nix edit' and ofborg at the file that defines the attribute, + # not this common file. + pos = builtins.unsafeGetAttrPos "version" args; + meta = with lib; { + description = "Powerful package manager that makes package management reliable and reproducible"; + longDescription = '' + Nix is a powerful package manager for Linux and other Unix systems that + makes package management reliable and reproducible. It provides atomic + upgrades and rollbacks, side-by-side installation of multiple versions of + a package, multi-user package management and easy setup of build + environments. + ''; + homepage = "https://nixos.org/"; + license = licenses.lgpl21Plus; + inherit maintainers; + platforms = platforms.unix; + outputsToInstall = [ "out" ] ++ optional enableDocumentation "man"; + mainProgram = "nix"; + }; +}) diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix index de70aa46badf..89f6805752b7 100644 --- a/pkgs/tools/package-management/nix/default.nix +++ b/pkgs/tools/package-management/nix/default.nix @@ -20,20 +20,35 @@ let # Called for Nix < 2.26 - common = + commonAutoconf = args: - nixDependencies.callPackage (import ./common.nix ({ inherit lib fetchFromGitHub; } // args)) { + nixDependencies.callPackage + (import ./common-autoconf.nix ({ inherit lib fetchFromGitHub; } // args)) + { + inherit + Security + storeDir + stateDir + confDir + ; + aws-sdk-cpp = + if lib.versionAtLeast args.version "2.12pre" then + nixDependencies.aws-sdk-cpp + else + nixDependencies.aws-sdk-cpp-old; + }; + + # Called for Nix == 2.28. Transitional until we always use + # per-component packages. + commonMeson = + args: + nixDependencies.callPackage (import ./common-meson.nix ({ inherit lib fetchFromGitHub; } // args)) { inherit Security storeDir stateDir confDir ; - aws-sdk-cpp = - if lib.versionAtLeast args.version "2.12pre" then - nixDependencies.aws-sdk-cpp - else - nixDependencies.aws-sdk-cpp-old; }; # https://github.com/NixOS/nix/pull/7585 @@ -140,7 +155,7 @@ lib.makeExtensible ( ( { nix_2_3 = - (common { + (commonAutoconf { version = "2.3.18"; hash = "sha256-jBz2Ub65eFYG+aWgSI3AJYvLSghio77fWQiIW1svA9U="; patches = [ @@ -155,48 +170,30 @@ lib.makeExtensible ( enableParallelChecking = false; }; - nix_2_24 = common { + nix_2_24 = commonAutoconf { version = "2.24.14"; hash = "sha256-SthMCsj6POjawLnJq9+lj/UzObX9skaeN1UGmMZiwTY="; self_attribute_name = "nix_2_24"; }; - nix_2_25 = common { + nix_2_25 = commonAutoconf { version = "2.25.5"; hash = "sha256-9xrQhrqHCSqWsQveykZvG/ZMu0se66fUQw3xVSg6BpQ="; self_attribute_name = "nix_2_25"; }; - nixComponents_2_26 = nixDependencies.callPackage ./modular/packages.nix rec { + nix_2_26 = commonMeson { version = "2.26.3"; - inherit (self.nix_2_24.meta) maintainers; - otherSplices = generateSplicesForNixComponents "nixComponents_2_26"; - src = fetchFromGitHub { - owner = "NixOS"; - repo = "nix"; - tag = version; - hash = "sha256-5ZV8YqU8mfFmoAMiUEuBqNwk0T3vUR//x1D12BiYCeY="; - }; + hash = "sha256-R+HAPvD+AjiyRHZP/elkvka33G499EKT8ntyF/EPPRI="; + self_attribute_name = "nix_2_28"; }; - # Note, this might eventually become an alias, as packages should - # depend on the components they need in `nixComponents_2_26`. - nix_2_26 = addTests "nix_2_26" self.nixComponents_2_26.nix-everything; - - nixComponents_2_28 = nixDependencies.callPackage ./modular/packages.nix rec { + nix_2_28 = commonMeson { version = "2.28.1"; - inherit (self.nix_2_24.meta) maintainers; - otherSplices = generateSplicesForNixComponents "nixComponents_2_28"; - src = fetchFromGitHub { - owner = "NixOS"; - repo = "nix"; - rev = version; - hash = "sha256-R+HAPvD+AjiyRHZP/elkvka33G499EKT8ntyF/EPPRI="; - }; + hash = "sha256-R+HAPvD+AjiyRHZP/elkvka33G499EKT8ntyF/EPPRI="; + self_attribute_name = "nix_2_28"; }; - nix_2_28 = addTests "nix_2_28" self.nixComponents_2_28.nix-everything; - nixComponents_git = nixDependencies.callPackage ./modular/packages.nix rec { version = "2.29pre20250407_${lib.substring 0 8 src.rev}"; inherit (self.nix_2_24.meta) maintainers; diff --git a/pkgs/tools/package-management/nix/nix-perl.nix b/pkgs/tools/package-management/nix/nix-perl.nix index 99ce5101265b..f3b42e4c7c2e 100644 --- a/pkgs/tools/package-management/nix/nix-perl.nix +++ b/pkgs/tools/package-management/nix/nix-perl.nix @@ -14,11 +14,13 @@ meson, ninja, bzip2, + libarchive, }: let atLeast223 = lib.versionAtLeast nix.version "2.23"; atLeast224 = lib.versionAtLeast nix.version "2.24"; + atLeast226 = lib.versionAtLeast nix.version "2.26"; mkConfigureOption = { @@ -39,21 +41,24 @@ stdenv.mkDerivation (finalAttrs: { postUnpack = "sourceRoot=$sourceRoot/${lib.optionalString atLeast224 "src"}/perl"; # TODO: Remove this once the nix build also uses meson - postPatch = lib.optionalString atLeast224 '' + postPatch = lib.optionalString (atLeast224 && lib.versionOlder nix.version "2.27") '' substituteInPlace lib/Nix/Store.xs \ --replace-fail 'config-util.hh' 'nix/config.h' \ --replace-fail 'config-store.hh' 'nix/config.h' ''; - buildInputs = [ - boost - bzip2 - curl - libsodium - nix - perl - xz - ] ++ lib.optional (stdenv.hostPlatform.isDarwin) Security; + buildInputs = + [ + boost + bzip2 + curl + libsodium + nix + perl + xz + ] + ++ lib.optional (stdenv.hostPlatform.isDarwin) Security + ++ lib.optional atLeast226 libarchive; # Not cross-safe since Nix checks for curl/perl via # NEED_PROG/find_program, but both seem to be needed at runtime