1{ nix ? builtins.fetchGit ./. 2, nixpkgs ? builtins.fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-19.03.tar.gz 3, officialRelease ? false 4, systems ? [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ] 5}: 6 7let 8 9 pkgs = import nixpkgs { system = builtins.currentSystem or "x86_64-linux"; }; 10 11 jobs = rec { 12 13 14 tarball = 15 with pkgs; 16 17 with import ./release-common.nix { inherit pkgs; }; 18 19 releaseTools.sourceTarball { 20 name = "nix-tarball"; 21 version = builtins.readFile ./.version; 22 versionSuffix = if officialRelease then "" else "pre${toString nix.revCount}_${nix.shortRev}"; 23 src = nix; 24 inherit officialRelease; 25 26 buildInputs = tarballDeps ++ buildDeps ++ propagatedDeps; 27 28 configureFlags = "--enable-gc"; 29 30 postUnpack = '' 31 (cd $sourceRoot && find . -type f) | cut -c3- > $sourceRoot/.dist-files 32 cat $sourceRoot/.dist-files 33 ''; 34 35 preConfigure = '' 36 (cd perl ; autoreconf --install --force --verbose) 37 # TeX needs a writable font cache. 38 export VARTEXFONTS=$TMPDIR/texfonts 39 ''; 40 41 distPhase = 42 '' 43 runHook preDist 44 make dist 45 mkdir -p $out/tarballs 46 cp *.tar.* $out/tarballs 47 ''; 48 49 preDist = '' 50 make install docdir=$out/share/doc/nix makefiles=doc/manual/local.mk 51 echo "doc manual $out/share/doc/nix/manual" >> $out/nix-support/hydra-build-products 52 ''; 53 }; 54 55 56 build = pkgs.lib.genAttrs systems (system: 57 58 let pkgs = import nixpkgs { inherit system; }; in 59 60 with pkgs; 61 62 with import ./release-common.nix { inherit pkgs; }; 63 64 releaseTools.nixBuild { 65 name = "nix"; 66 src = tarball; 67 68 buildInputs = buildDeps; 69 70 propagatedBuildInputs = propagatedDeps; 71 72 preConfigure = 73 # Copy libboost_context so we don't get all of Boost in our closure. 74 # https://github.com/NixOS/nixpkgs/issues/45462 75 '' 76 mkdir -p $out/lib 77 cp -pd ${boost}/lib/{libboost_context*,libboost_thread*,libboost_system*} $out/lib 78 rm -f $out/lib/*.a 79 ${lib.optionalString stdenv.isLinux '' 80 chmod u+w $out/lib/*.so.* 81 patchelf --set-rpath $out/lib:${stdenv.cc.cc.lib}/lib $out/lib/libboost_thread.so.* 82 ''} 83 ''; 84 85 configureFlags = configureFlags ++ 86 [ "--sysconfdir=/etc" ]; 87 88 enableParallelBuilding = true; 89 90 makeFlags = "profiledir=$(out)/etc/profile.d"; 91 92 installFlags = "sysconfdir=$(out)/etc"; 93 94 doInstallCheck = true; 95 installCheckFlags = "sysconfdir=$(out)/etc"; 96 97 separateDebugInfo = true; 98 }); 99 100 101 perlBindings = pkgs.lib.genAttrs systems (system: 102 103 let pkgs = import nixpkgs { inherit system; }; in with pkgs; 104 105 releaseTools.nixBuild { 106 name = "nix-perl"; 107 src = tarball; 108 109 buildInputs = 110 [ jobs.build.${system} curl bzip2 xz pkgconfig pkgs.perl boost ] 111 ++ lib.optional (stdenv.isLinux || stdenv.isDarwin) libsodium; 112 113 configureFlags = '' 114 --with-dbi=${perlPackages.DBI}/${pkgs.perl.libPrefix} 115 --with-dbd-sqlite=${perlPackages.DBDSQLite}/${pkgs.perl.libPrefix} 116 ''; 117 118 enableParallelBuilding = true; 119 120 postUnpack = "sourceRoot=$sourceRoot/perl"; 121 }); 122 123 124 binaryTarball = pkgs.lib.genAttrs systems (system: 125 126 with import nixpkgs { inherit system; }; 127 128 let 129 toplevel = builtins.getAttr system jobs.build; 130 version = toplevel.src.version; 131 installerClosureInfo = closureInfo { rootPaths = [ toplevel cacert ]; }; 132 in 133 134 runCommand "nix-binary-tarball-${version}" 135 { #nativeBuildInputs = lib.optional (system != "aarch64-linux") shellcheck; 136 meta.description = "Distribution-independent Nix bootstrap binaries for ${system}"; 137 } 138 '' 139 cp ${installerClosureInfo}/registration $TMPDIR/reginfo 140 cp ${./scripts/create-darwin-volume.sh} $TMPDIR/create-darwin-volume.sh 141 substitute ${./scripts/install-nix-from-closure.sh} $TMPDIR/install \ 142 --subst-var-by nix ${toplevel} \ 143 --subst-var-by cacert ${cacert} 144 substitute ${./scripts/install-darwin-multi-user.sh} $TMPDIR/install-darwin-multi-user.sh \ 145 --subst-var-by nix ${toplevel} \ 146 --subst-var-by cacert ${cacert} 147 substitute ${./scripts/install-systemd-multi-user.sh} $TMPDIR/install-systemd-multi-user.sh \ 148 --subst-var-by nix ${toplevel} \ 149 --subst-var-by cacert ${cacert} 150 substitute ${./scripts/install-multi-user.sh} $TMPDIR/install-multi-user \ 151 --subst-var-by nix ${toplevel} \ 152 --subst-var-by cacert ${cacert} 153 154 if type -p shellcheck; then 155 # SC1090: Don't worry about not being able to find 156 # $nix/etc/profile.d/nix.sh 157 shellcheck --exclude SC1090 $TMPDIR/install 158 shellcheck $TMPDIR/create-darwin-volume.sh 159 shellcheck $TMPDIR/install-darwin-multi-user.sh 160 shellcheck $TMPDIR/install-systemd-multi-user.sh 161 162 # SC1091: Don't panic about not being able to source 163 # /etc/profile 164 # SC2002: Ignore "useless cat" "error", when loading 165 # .reginfo, as the cat is a much cleaner 166 # implementation, even though it is "useless" 167 # SC2116: Allow ROOT_HOME=$(echo ~root) for resolving 168 # root's home directory 169 shellcheck --external-sources \ 170 --exclude SC1091,SC2002,SC2116 $TMPDIR/install-multi-user 171 fi 172 173 chmod +x $TMPDIR/install 174 chmod +x $TMPDIR/create-darwin-volume.sh 175 chmod +x $TMPDIR/install-darwin-multi-user.sh 176 chmod +x $TMPDIR/install-systemd-multi-user.sh 177 chmod +x $TMPDIR/install-multi-user 178 dir=nix-${version}-${system} 179 fn=$out/$dir.tar.xz 180 mkdir -p $out/nix-support 181 echo "file binary-dist $fn" >> $out/nix-support/hydra-build-products 182 tar cvfJ $fn \ 183 --owner=0 --group=0 --mode=u+rw,uga+r \ 184 --absolute-names \ 185 --hard-dereference \ 186 --transform "s,$TMPDIR/install,$dir/install," \ 187 --transform "s,$TMPDIR/create-darwin-volume.sh,$dir/create-darwin-volume.sh," \ 188 --transform "s,$TMPDIR/reginfo,$dir/.reginfo," \ 189 --transform "s,$NIX_STORE,$dir/store,S" \ 190 $TMPDIR/install \ 191 $TMPDIR/create-darwin-volume.sh \ 192 $TMPDIR/install-darwin-multi-user.sh \ 193 $TMPDIR/install-systemd-multi-user.sh \ 194 $TMPDIR/install-multi-user \ 195 $TMPDIR/reginfo \ 196 $(cat ${installerClosureInfo}/store-paths) 197 ''); 198 199 200 coverage = 201 with pkgs; 202 203 with import ./release-common.nix { inherit pkgs; }; 204 205 releaseTools.coverageAnalysis { 206 name = "nix-build"; 207 src = tarball; 208 209 enableParallelBuilding = true; 210 211 buildInputs = buildDeps ++ propagatedDeps; 212 213 dontInstall = false; 214 215 doInstallCheck = true; 216 217 lcovFilter = [ "*/boost/*" "*-tab.*" "*/nlohmann/*" "*/linenoise/*" ]; 218 219 # We call `dot', and even though we just use it to 220 # syntax-check generated dot files, it still requires some 221 # fonts. So provide those. 222 FONTCONFIG_FILE = texFunctions.fontsConf; 223 }; 224 225 226 #rpm_fedora27x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora27x86_64) [ ]; 227 228 229 #deb_debian8i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.debian8i386) [ "libsodium-dev" ] [ "libsodium13" ]; 230 #deb_debian8x86_64 = makeDeb_x86_64 (diskImageFunsFun: diskImageFunsFun.debian8x86_64) [ "libsodium-dev" ] [ "libsodium13" ]; 231 232 #deb_ubuntu1710i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1710i386) [ ] [ "libsodium18" ]; 233 #deb_ubuntu1710x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1710x86_64) [ ] [ "libsodium18" "libboost-context1.62.0" ]; 234 235 236 # System tests. 237 tests.remoteBuilds = (import ./tests/remote-builds.nix rec { 238 inherit nixpkgs; 239 nix = build.x86_64-linux; system = "x86_64-linux"; 240 }); 241 242 tests.nix-copy-closure = (import ./tests/nix-copy-closure.nix rec { 243 inherit nixpkgs; 244 nix = build.x86_64-linux; system = "x86_64-linux"; 245 }); 246 247 tests.setuid = pkgs.lib.genAttrs 248 ["i686-linux" "x86_64-linux"] 249 (system: 250 import ./tests/setuid.nix rec { 251 inherit nixpkgs; 252 nix = build.${system}; inherit system; 253 }); 254 255 tests.binaryTarball = 256 with import nixpkgs { system = "x86_64-linux"; }; 257 vmTools.runInLinuxImage (runCommand "nix-binary-tarball-test" 258 { diskImage = vmTools.diskImages.ubuntu1204x86_64; 259 } 260 '' 261 set -x 262 useradd -m alice 263 su - alice -c 'tar xf ${binaryTarball.x86_64-linux}/*.tar.*' 264 mkdir /dest-nix 265 mount -o bind /dest-nix /nix # Provide a writable /nix. 266 chown alice /nix 267 su - alice -c '_NIX_INSTALLER_TEST=1 ./nix-*/install' 268 su - alice -c 'nix-store --verify' 269 su - alice -c 'PAGER= nix-store -qR ${build.x86_64-linux}' 270 271 # Check whether 'nix upgrade-nix' works. 272 cat > /tmp/paths.nix <<EOF 273 { 274 x86_64-linux = "${build.x86_64-linux}"; 275 } 276 EOF 277 su - alice -c 'nix upgrade-nix -vvv --nix-store-paths-url file:///tmp/paths.nix' 278 (! [ -L /home/alice/.profile-1-link ]) 279 su - alice -c 'PAGER= nix-store -qR ${build.x86_64-linux}' 280 281 mkdir -p $out/nix-support 282 touch $out/nix-support/hydra-build-products 283 umount /nix 284 ''); # */ 285 286 /* 287 tests.evalNixpkgs = 288 import (nixpkgs + "/pkgs/top-level/make-tarball.nix") { 289 inherit nixpkgs; 290 inherit pkgs; 291 nix = build.x86_64-linux; 292 officialRelease = false; 293 }; 294 295 tests.evalNixOS = 296 pkgs.runCommand "eval-nixos" { buildInputs = [ build.x86_64-linux ]; } 297 '' 298 export NIX_STATE_DIR=$TMPDIR 299 300 nix-instantiate ${nixpkgs}/nixos/release-combined.nix -A tested --dry-run \ 301 --arg nixpkgs '{ outPath = ${nixpkgs}; revCount = 123; shortRev = "abcdefgh"; }' 302 303 touch $out 304 ''; 305 */ 306 307 308 installerScript = 309 pkgs.runCommand "installer-script" 310 { buildInputs = [ build.x86_64-linux ]; 311 } 312 '' 313 mkdir -p $out/nix-support 314 315 substitute ${./scripts/install.in} $out/install \ 316 ${pkgs.lib.concatMapStrings 317 (system: "--replace '@binaryTarball_${system}@' $(nix hash-file --base16 --type sha256 ${binaryTarball.${system}}/*.tar.xz) ") 318 [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" ] 319 } \ 320 --replace '@nixVersion@' ${build.x86_64-linux.src.version} 321 322 echo "file installer $out/install" >> $out/nix-support/hydra-build-products 323 ''; 324 325 }; 326 327 328 makeRPM_i686 = makeRPM "i686-linux"; 329 makeRPM_x86_64 = makeRPM "x86_64-linux"; 330 331 makeRPM = 332 system: diskImageFun: extraPackages: 333 334 with import nixpkgs { inherit system; }; 335 336 releaseTools.rpmBuild rec { 337 name = "nix-rpm"; 338 src = jobs.tarball; 339 diskImage = (diskImageFun vmTools.diskImageFuns) 340 { extraPackages = 341 [ "sqlite" "sqlite-devel" "bzip2-devel" "libcurl-devel" "openssl-devel" "xz-devel" "libseccomp-devel" "libsodium-devel" "boost-devel" "bison" "flex" ] 342 ++ extraPackages; }; 343 # At most 2047MB can be simulated in qemu-system-i386 344 memSize = 2047; 345 meta.schedulingPriority = 50; 346 postRPMInstall = "cd /tmp/rpmout/BUILD/nix-* && make installcheck"; 347 #enableParallelBuilding = true; 348 }; 349 350 351 makeDeb_i686 = makeDeb "i686-linux"; 352 makeDeb_x86_64 = makeDeb "x86_64-linux"; 353 354 makeDeb = 355 system: diskImageFun: extraPackages: extraDebPackages: 356 357 with import nixpkgs { inherit system; }; 358 359 releaseTools.debBuild { 360 name = "nix-deb"; 361 src = jobs.tarball; 362 diskImage = (diskImageFun vmTools.diskImageFuns) 363 { extraPackages = 364 [ "libsqlite3-dev" "libbz2-dev" "libcurl-dev" "libcurl3-nss" "libssl-dev" "liblzma-dev" "libseccomp-dev" "libsodium-dev" "libboost-all-dev" ] 365 ++ extraPackages; }; 366 memSize = 2047; 367 meta.schedulingPriority = 50; 368 postInstall = "make installcheck"; 369 configureFlags = "--sysconfdir=/etc"; 370 debRequires = 371 [ "curl" "libsqlite3-0" "libbz2-1.0" "bzip2" "xz-utils" "libssl1.0.0" "liblzma5" "libseccomp2" ] 372 ++ extraDebPackages; 373 debMaintainer = "Eelco Dolstra <eelco.dolstra@logicblox.com>"; 374 doInstallCheck = true; 375 #enableParallelBuilding = true; 376 }; 377 378 379in jobs 380