Skip to content

Commit

Permalink
ci: upgrade Nix from 2.3.12 to 2.6.0
Browse files Browse the repository at this point in the history
Due to changes in how Nix handles Git refs we need to specify
`refs/tags/` prefix in `package.json` to avoid the following error:
```
fatal: couldn't find remote ref refs/heads/v2.0.3-status-v6
error: program 'git' failed with exit code 128
```

I also had to rewrite some logic in `nix/scripts/source.sh` in order to
take account of single-user and multi-user installations.
We default to multi-user for Darwin, but not for any other OS due to
discovered issues with `nix-daemon` socket on Arch and open file limits.

Resolves: #12832
Depends on: status-im/status-jenkins-lib#37

Signed-off-by: Jakub Sokołowski <[email protected]>
  • Loading branch information
jakubgs committed Mar 7, 2022
1 parent ff0c89d commit a0220ea
Show file tree
Hide file tree
Showing 17 changed files with 318 additions and 136 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ _tmpdir-rm: ##@prepare Remove TMPDIR

_install-hooks: SHELL := /bin/sh
_install-hooks: ##@prepare Create prepare-commit-msg git hook symlink
@ln -s ../../scripts/hooks/prepare-commit-msg .git/hooks
@ln -sf ../../scripts/hooks/prepare-commit-msg .git/hooks
-include _install-hooks

# Remove directories and ignored files
Expand Down
4 changes: 2 additions & 2 deletions ci/Jenkinsfile.android
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
library 'status-jenkins-lib@v1.3.3'
library 'status-jenkins-lib@fix/nix-profile'

pipeline {
agent { label 'linux && x86_64 && nix-2.3' }
agent { label 'linux && x86_64 && nix-2.6' }

options {
timestamps()
Expand Down
2 changes: 1 addition & 1 deletion ci/Jenkinsfile.combined
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
library 'status-jenkins-lib@v1.3.3'
library 'status-jenkins-lib@fix/nix-profile'

pipeline {
agent { label 'linux' }
Expand Down
4 changes: 2 additions & 2 deletions ci/Jenkinsfile.ios
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
library 'status-jenkins-lib@v1.3.3'
library 'status-jenkins-lib@fix/nix-profile'

pipeline {
agent { label 'macos && x86_64 && nix-2.3 && xcode-12.5' }
agent { label 'macos && x86_64 && nix-2.6 && xcode-12.5' }

parameters {
string(
Expand Down
2 changes: 1 addition & 1 deletion ci/Jenkinsfile.nix-cache
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
library 'status-jenkins-lib@v1.3.3'
library 'status-jenkins-lib@fix/nix-profile'

pipeline {
agent { label params.AGENT_LABEL }
Expand Down
2 changes: 1 addition & 1 deletion ci/tools/Jenkinsfile.fastlane-clean
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
library 'status-jenkins-lib@v1.3.3'
library 'status-jenkins-lib@fix/nix-profile'

pipeline {
agent { label 'macos' }
Expand Down
2 changes: 1 addition & 1 deletion ci/tools/Jenkinsfile.playstore-meta
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
library 'status-jenkins-lib@v1.3.3'
library 'status-jenkins-lib@fix/nix-profile'

pipeline {
agent { label 'linux' }
Expand Down
50 changes: 27 additions & 23 deletions nix/KNOWN_ISSUES.md
Original file line number Diff line number Diff line change
@@ -1,35 +1,33 @@
# Known Issues

## MacOS 10.15 "Catalina"
## Too many open files

There is an unsolved issue with the root(`/`) file system in `10.15` being read-only:
https://github.com/NixOS/nix/issues/2925
### Single-User Installation

Our current recommended workaround is putting `/nix` under `/opt/nix` and symlinking it via `/etc/synthetic.conf`:

```bash
sudo mkdir /opt/nix
sudo chown ${USER} /opt/nix
sudo sh -c "echo 'nix\t/opt/nix' >> /etc/synthetic.conf"
reboot
Nix can open a lot of files when fetching things for `/nix/store` which can cause
```

After the system reboots you should see the `/nix` symlink in place:

```bash
% ls -l /nix
lrwxr-xr-x 1 root wheel 8 Oct 11 13:53 /nix -> /opt/nix
Too many open files"
```

In order to be able to use Nix with a symlinked `/nix` you need to include this in your shell:

```bash
export NIX_IGNORE_SYMLINK_STORE=1
The temporary way to fix this is set a new limit for current session using `ulimit`:
```sh
ulimit -n 131072
```
To increase limit permanently system-wide edit `/etc/sysctl.conf`:
```
fs.file-max = 131072
```
And use `sudo sysctl --system` to load these new settings.

Add it to your `.bashrc` or any other shell config file.
### Multi-User Installation

__NOTE__: Your old `/nix` directory will end up in `/Users/Shared/Relocated Items/Security/nix` after OS upgrade.
The other reason why this error could appear are limits fo `nix-daemon` service:
https://github.com/NixOS/nix/issues/6007

Since Systemd services ignore system-wide limits you will have to add the following line:
```
LimitNOFILE=4096:1048576
```
To the `/etc/systemd/system/nix-daemon.service` service definition.

## Cache Downloads Timing Out

Expand Down Expand Up @@ -69,3 +67,9 @@ Currently on NixOS `NIX_CONF_DIR` is being ignored in favor of the default `/etc
This will be possible to fix once Nix `2.4` comes out with support for `NIX_USER_CONF_FILES`.

For more details see https://github.com/NixOS/nix/issues/3723.

## Extra Sandbox Files Not Available

It's possible that on a multi-user installation files provided to the build sandbox using the `extra-sandbox-paths` option will ne be available, unless the current user is added to `trusted-users` in `nix.conf` file.

Issue: https://github.com/NixOS/nix/issues/6115
6 changes: 3 additions & 3 deletions nix/scripts/build.sh
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#!/usr/bin/env bash

# This script is a wrapper around nix-build with some niceties.
set -e

GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
Expand All @@ -8,7 +8,7 @@ source "${GIT_ROOT}/scripts/colors.sh"
source "${GIT_ROOT}/nix/scripts/source.sh"

# cleanup for artifacts created during builds
function cleanup() {
cleanup() {
# clear trapped signals
trap - EXIT ERR INT QUIT
# do the actual cleanup, ignore failure
Expand All @@ -29,7 +29,7 @@ if [[ -n "${_NIX_CLEAN}" ]]; then
fi

# build output will end up under /nix, we have to extract it
function extractResults() {
extractResults() {
local nixResultPath="$1"
mkdir -p "${resultPath}"
cp -vfr ${nixResultPath}/* "${resultPath}" | sed 's#'${PWD}'#.#'
Expand Down
18 changes: 9 additions & 9 deletions nix/scripts/clean.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,16 @@ set -e
GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
source "${GIT_ROOT}/nix/scripts/source.sh"

function log() { echo "$@" 1>&2; }
log() { echo "$@" 1>&2; }

# helpers for getting related paths in Nix store
function getSources() { nix-store --query --binding src "${1}"; }
function getOutputs() { nix-store --query --outputs "${1}"; }
function getDrvFiles() { nix-store --query --deriver "${1}"; }
function getReferrers() { nix-store --query --referrers "${1}"; }
function getRoots() { nix-store --query --roots "${1}"; }
getSources() { nix-store --query --binding src "${1}"; }
getOutputs() { nix-store --query --outputs "${1}"; }
getDrvFiles() { nix-store --query --deriver "${1}"; }
getReferrers() { nix-store --query --referrers "${1}"; }
getRoots() { nix-store --query --roots "${1}"; }

function findRelated() {
findRelated() {
path="${1}"
found+=("${path}")
if [[ "${path}" =~ .*.chroot ]]; then
Expand Down Expand Up @@ -51,7 +51,7 @@ function findRelated() {
}

# used to find things to delete based on a regex
function findByRegex() {
findByRegex() {
regex="${1}"

log "Searching by regex: '${regex}'"
Expand All @@ -70,7 +70,7 @@ function findByRegex() {
}

# used to find things to delete based on a given path
function findByResult() {
findByResult() {
mainPath="${1}"
log "Searching by result: '${mainPath}'"

Expand Down
37 changes: 37 additions & 0 deletions nix/scripts/lib.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/usr/bin/env bash

# Checking group ownership to identify installation type.
file_group() {
UNAME=$(uname -s)
if [[ "${UNAME}" == "Linux" ]]; then
stat -Lc "%G" "${1}" 2>/dev/null
elif [[ "${UNAME}" == "Darwin" ]]; then
stat -Lf "%Sg" "${1}" 2>/dev/null
fi
}

os_name() {
source /etc/os-release 2>/dev/null
echo "${NAME}"
}

is_arch_linux() {
[[ -f /etc/arch-release ]]
}

nix_install_type() {
NIX_STORE_DIR_GROUP=$(file_group /nix/store)
if [[ "$(os_name)" =~ NixOS ]]; then
echo "nixos"
elif [[ "${NIX_STORE_DIR_GROUP}" == "nixbld" ]]; then
echo "multi"
elif [[ "${NIX_STORE_DIR_GROUP}" == "${USER}" ]]; then
echo "single"
elif [[ "${NIX_STORE_DIR_GROUP}" == "" ]]; then
echo "No Nix installtion detected!" >&2
echo "none"
else
echo "Unknown Nix installtion type!" >&2
exit 1
fi
}
10 changes: 5 additions & 5 deletions nix/scripts/node_modules.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,13 @@ source "${GIT_ROOT}/scripts/colors.sh"
# More concise output from 'time'
export TIMEFORMAT="Done in: %Es"

function removeDir() {
removeDir() {
[[ ! -d "${tmp}" ]] && return
chmod -R u+w "${tmp}"
rm -rf "${tmp}"
}

function copyNodeModules() {
copyNodeModules() {
local src="${1}"
local dst="${2}"
# WARNING: The ../ is there to avoid a Nix builtins.path bug:
Expand All @@ -51,7 +51,7 @@ function copyNodeModules() {

# Find files that were modified and should cause a re-copying of node modules.
# Some files are generated/modified by build processes and should be ignored.
function findFilesNewerThan() {
findFilesNewerThan() {
local sentinel="${1}"
local dir="${2}"
find ${dir} -type f -writable \
Expand All @@ -63,7 +63,7 @@ function findFilesNewerThan() {
-print
}

function nodeModulesUnchanged() {
nodeModulesUnchanged() {
local src="$1"
local dst="$2"
local sentinelFile="${dst}/.copied~"
Expand Down Expand Up @@ -98,7 +98,7 @@ function nodeModulesUnchanged() {
return 0
}

function replaceNodeModules() {
replaceNodeModules() {
local src="$1"
local dst="$2"
local sentinelFile="${dst}/.copied~"
Expand Down
84 changes: 71 additions & 13 deletions nix/scripts/purge.sh
Original file line number Diff line number Diff line change
@@ -1,24 +1,82 @@
#!/usr/bin/env bash

set -e
# This script removes all Nix files.

GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
source "${GIT_ROOT}/nix/scripts/lib.sh"
source "${GIT_ROOT}/scripts/colors.sh"

# Purging /nix on NixOS would be disasterous
if [[ -f "/etc/os-release" ]]; then
OS_NAME=$(awk -F= '/^NAME/{print $2}' /etc/os-release)
if [[ "$OS_NAME" == "NixOS" ]]; then
echo -e "${RED}You should not purge Nix files on NixOS!${RST}" >&2
exit
nix_purge_multi_user() {
sudo systemctl stop nix-daemon.socket
sudo systemctl stop nix-daemon.service
sudo systemctl disable nix-daemon.socket
sudo systemctl disable nix-daemon.service
sudo systemctl daemon-reload
sudo rm -fr /etc/nix
sudo rm -f /etc/profile.d/nix.sh*

# Remove nix build users and groups
for NIX_USER in $(awk -F: '/nixbld/{print $1}' /etc/passwd); do
sudo userdel "${NIX_USER}"
done
sudo groupdel nixbld

# Restore old shell profiles
NIX_PROFILE_FILES=(
/etc/bash.bashrc /etc/bashrc /etc/bash/bashrc
/etc/zsh.zshhrc /etc/zshrc /etc/zsh/zshrc
)
for NIX_FILE in "${NIX_PROFILE_FILES[@]}"; do
if [[ -f "${NIX_FILE}.backup-before-nix" ]]; then
sudo mv -f "${NIX_FILE}.backup-before-nix" "${NIX_FILE}"
fi
done
}

nix_purge_user_profile() {
sudo rm -rf \
~/.nix-* \
~/.cache/nix \
~/.config/nixpkgs \
${GIT_ROOT}/.nix-gcroots
}

nix_purge_root() {
NIX_ROOT="/nix"
if [[ $(uname -s) == "Darwin" ]]; then
# Special case due to read-only root on MacOS Catalina
NIX_ROOT="/opt/nix"
fi
if [[ -z "${NIX_ROOT}" ]]; then
echo -e "${RED}Unable to identify Nix root!${RST}" >&2
exit 1
fi
sudo rm -fr "${NIX_ROOT}"
}

NIX_INSTALL_TYPE=$(nix_install_type)

if [[ "${1}" == "--force" ]] && [[ "${NIX_INSTALL_TYPE}" != "nixos" ]]; then
echo -e "${YLW}Purge forced, no checks performed!${RST}" >&2
nix_purge_multi_user
nix_purge_user_profile
nix_purge_root
exit
fi

NIX_ROOT="/nix"
if [[ $(uname -s) == "Darwin" ]]; then
# Special case due to read-only root on MacOS Catalina
NIX_ROOT="/opt/nix"
# Purging /nix on NixOS would be disasterous
if [[ "${NIX_INSTALL_TYPE}" == "nixos" ]]; then
echo -e "${RED}You should not purge Nix files on NixOS!${RST}" >&2
exit
elif [[ "${NIX_INSTALL_TYPE}" == "none" ]]; then
echo -e "${YLW}Nothing to remove, Nix not installed.${RST}" >&2
exit
elif [[ "${NIX_INSTALL_TYPE}" == "multi" ]]; then
echo -e "${YLW}Detected multi-user Nix installation.${RST}" >&2
nix_purge_multi_user
elif [[ "${NIX_INSTALL_TYPE}" == "single" ]]; then
echo -e "${YLW}Detected single-user Nix installation.${RST}" >&2
nix_purge_user_profile
fi
nix_purge_root

sudo rm -rf ${NIX_ROOT}/* ~/.nix-profile ~/.nix-defexpr ~/.nix-channels ~/.cache/nix ~/.status .nix-gcroots
echo -e "${GRN}Purged all Nix files from your system.${RST}" >&2
Loading

0 comments on commit a0220ea

Please sign in to comment.