ci: upgrade Nix from 2.3.12 to 2.5.1

Due to changes in how Nix handles Git refs we need to specify
`refs/tags/` prefix in `package.json` to avoid the following error:
```
fatal: couldn't find remote ref refs/heads/v2.0.3-status-v6
error: program 'git' failed with exit code 128
```

I also had to rewrite some logic in `nix/scripts/source.sh` in order to
take account of single-user and multi-user installations.

Resolves: #12832
Issue: NixOS/nix#5291

Signed-off-by: Jakub Sokołowski <[email protected]>

ci/Jenkinsfile.android

@@ -1,7 +1,7 @@
-library 'status-jenkins-lib@v1.3.3'
+library 'status-jenkins-lib@fix/nix-profile'
 
 pipeline {
-  agent { label 'linux && x86_64 && nix-2.3' }
+  agent { label 'linux && x86_64 && nix-2.5' }
 
   options {
     timestamps()

ci/Jenkinsfile.combined

@@ -1,4 +1,4 @@
-library 'status-jenkins-lib@v1.3.3'
+library 'status-jenkins-lib@fix/nix-profile'
 
 pipeline {
   agent { label 'linux' }

ci/Jenkinsfile.ios

@@ -1,7 +1,7 @@
-library 'status-jenkins-lib@v1.3.3'
+library 'status-jenkins-lib@fix/nix-profile'
 
 pipeline {
-  agent { label 'macos && x86_64 && nix-2.3 && xcode-12.5' }
+  agent { label 'macos && x86_64 && nix-2.5 && xcode-12.5' }
 
   parameters {
     string(

ci/Jenkinsfile.nix-cache

@@ -1,4 +1,4 @@
-library 'status-jenkins-lib@v1.3.3'
+library 'status-jenkins-lib@fix/nix-profile'
 
 pipeline {
   agent { label params.AGENT_LABEL }

ci/tools/Jenkinsfile.fastlane-clean

@@ -1,4 +1,4 @@
-library 'status-jenkins-lib@v1.3.3'
+library 'status-jenkins-lib@fix/nix-profile'
 
 pipeline {
   agent { label 'macos' }

ci/tools/Jenkinsfile.playstore-meta

@@ -1,4 +1,4 @@
-library 'status-jenkins-lib@v1.3.3'
+library 'status-jenkins-lib@fix/nix-profile'
 
 pipeline {
   agent { label 'linux' }

nix/KNOWN_ISSUES.md

@@ -1,5 +1,21 @@
 # Known Issues
 
+## Too many open files
+
+Nix can open a lot of files when fetching things for `/nix/store` which can cause
+```
+Too many open files"
+```
+The temporary way to fix this is set a new limit for current session using `ulimit`:
+```sh
+ulimit -n 65536
+```
+To increase limit permanently system-wide edit `/etc/sysctl.conf`:
+```
+fs.file-max = 65536
+```
+And use `sudo sysctl --system` to load these new settings.
+
 ## MacOS 10.15 "Catalina"
 
 There is an unsolved issue with the root(`/`) file system in `10.15` being read-only:

nix/scripts/build.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-
+# This script is a wrapper around nix-build with some niceties.
 set -e
 
 GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
@@ -8,7 +8,7 @@ source "${GIT_ROOT}/scripts/colors.sh"
 source "${GIT_ROOT}/nix/scripts/source.sh"
 
 # cleanup for artifacts created during builds
-function cleanup() {
+cleanup() {
   # clear trapped signals
   trap - EXIT ERR INT QUIT
   # do the actual cleanup, ignore failure
@@ -29,7 +29,7 @@ if [[ -n "${_NIX_CLEAN}" ]]; then
 fi
 
 # build output will end up under /nix, we have to extract it
-function extractResults() {
+extractResults() {
   local nixResultPath="$1"
   mkdir -p "${resultPath}"
   cp -vfr ${nixResultPath}/* "${resultPath}" | sed 's#'${PWD}'#.#'

nix/scripts/clean.sh

@@ -5,16 +5,16 @@ set -e
 GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
 source "${GIT_ROOT}/nix/scripts/source.sh"
 
-function log() { echo "$@" 1>&2; }
+log() { echo "$@" 1>&2; }
 
 # helpers for getting related paths in Nix store
-function getSources()   { nix-store --query --binding src "${1}"; }
-function getOutputs()   { nix-store --query --outputs "${1}"; }
-function getDrvFiles()  { nix-store --query --deriver "${1}"; }
-function getReferrers() { nix-store --query --referrers "${1}"; }
-function getRoots()     { nix-store --query --roots "${1}"; }
+getSources()   { nix-store --query --binding src "${1}"; }
+getOutputs()   { nix-store --query --outputs "${1}"; }
+getDrvFiles()  { nix-store --query --deriver "${1}"; }
+getReferrers() { nix-store --query --referrers "${1}"; }
+getRoots()     { nix-store --query --roots "${1}"; }
 
-function findRelated() {
+findRelated() {
     path="${1}"
     found+=("${path}")
     if [[ "${path}" =~ .*.chroot ]]; then
@@ -51,7 +51,7 @@ function findRelated() {
 }
 
 # used to find things to delete based on a regex
-function findByRegex() {
+findByRegex() {
     regex="${1}"
 
     log "Searching by regex: '${regex}'"
@@ -70,7 +70,7 @@ function findByRegex() {
 }
 
 # used to find things to delete based on a given path
-function findByResult() {
+findByResult() {
     mainPath="${1}"
     log "Searching by result: '${mainPath}'"
 

nix/scripts/lib.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+# Checking group ownership to identify installation type.
+file_group() {
+    UNAME=$(uname -s)
+    if [[ "${UNAME}" == "Linux" ]]; then
+        stat -Lc "%G" /nix/store 2>/dev/null
+    elif [[ "${UNAME}" == "Darwin" ]]; then
+        stat -Lf "%Sg" /nix/store 2>/dev/null
+    fi
+}
+
+nix_install_type() {
+    source /etc/os-release 2>/dev/null
+    NIX_STORE_DIR_GROUP=$(file_group /nix)
+    if [[ "${NAME}" =~ NixOS ]]; then
+        echo "nixos"
+    elif [[ "${NIX_STORE_DIR_GROUP}" == "nixbld" ]]; then
+        echo "multi"
+    elif [[ "${NIX_STORE_DIR_GROUP}" == "${USER}" ]]; then
+        echo "single"
+    else
+        echo "Unknown Nix installtion type!" >&2
+        exit 1
+    fi
+}

nix/scripts/node_modules.sh

@@ -23,13 +23,13 @@ source "${GIT_ROOT}/scripts/colors.sh"
 # More concise output from 'time'
 export TIMEFORMAT="Done in: %Es"
 
-function removeDir() {
+removeDir() {
     [[ ! -d "${tmp}" ]] && return
     chmod -R u+w "${tmp}"
     rm -rf "${tmp}"
 }
 
-function copyNodeModules() {
+copyNodeModules() {
   local src="${1}"
   local dst="${2}"
   # WARNING: The ../ is there to avoid a Nix builtins.path bug:
@@ -51,7 +51,7 @@ function copyNodeModules() {
 
 # Find files that were modified and should cause a re-copying of node modules.
 # Some files are generated/modified by build processes and should be ignored.
-function findFilesNewerThan() {
+findFilesNewerThan() {
   local sentinel="${1}"
   local dir="${2}"
   find ${dir} -type f -writable \
@@ -63,7 +63,7 @@ function findFilesNewerThan() {
       -print 
 }
 
-function nodeModulesUnchanged() {
+nodeModulesUnchanged() {
   local src="$1"
   local dst="$2"
   local sentinelFile="${dst}/.copied~"
@@ -98,7 +98,7 @@ function nodeModulesUnchanged() {
   return 0
 }
 
-function replaceNodeModules() {
+replaceNodeModules() {
   local src="$1"
   local dst="$2"
   local sentinelFile="${dst}/.copied~"

nix/scripts/purge.sh

@@ -1,24 +1,44 @@
 #!/usr/bin/env bash
-
+# This script removes all Nix files.
 set -e
 
 GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
+source "${GIT_ROOT}/nix/scripts/lib.sh"
 source "${GIT_ROOT}/scripts/colors.sh"
 
-# Purging /nix on NixOS would be disasterous
-if [[ -f "/etc/os-release" ]]; then
-    OS_NAME=$(awk -F= '/^NAME/{print $2}' /etc/os-release)
-    if [[ "$OS_NAME" == "NixOS" ]]; then
-        echo -e "${RED}You should not purge Nix files on NixOS!${RST}" >&2
-        exit
-    fi
-fi
-
 NIX_ROOT="/nix"
 if [[ $(uname -s) == "Darwin" ]]; then
     # Special case due to read-only root on MacOS Catalina
     NIX_ROOT="/opt/nix"
 fi
+if [[ -z "${NIX_ROOT}" ]]; then
+    echo -e "${RED}Unable to identify Nix root!${RST}" >&2
+    exit 1
+fi
+
+# Purging /nix on NixOS would be disasterous
+if [[ "${NIX_INSTALL_TYPE}" == "nixops" ]]; then
+    echo -e "${RED}You should not purge Nix files on NixOS!${RST}" >&2
+    exit
+elif [[ "${NIX_INSTALL_TYPE}" == "multi" ]]; then
+    echo -e "${YLW}Detected multi-user Nix installation.${RST}" >&2
+    sudo systemctl stop nix-daemon.socket
+    sudo systemctl stop nix-daemon.service
+    sudo systemctl disable nix-daemon.socket
+    sudo systemctl disable nix-daemon.service
+    sudo systemctl daemon-reload
+    # Restore old bash profile
+    if grep 'nix-daemon.sh' /etc/bash.bashrc.backup-before-nix; then
+        echo -e "${RED}Backup of /etc/bash.bashrc contains Nix setup!${RST}" >&2
+        exit 1
+    else
+        sudo mv -f /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
+    fi
+fi
+sudo rm -rf ${NIX_ROOT} \
+    /etc/nix ~/.config/nixpkgs \
+    ~/.nix-profile ~/.nix-defexpr \
+    ~/.nix-channels ~/.cache/nix \
+    ~/.status .nix-gcroots
 
-sudo rm -rf ${NIX_ROOT}/* ~/.nix-profile ~/.nix-defexpr ~/.nix-channels ~/.cache/nix ~/.status .nix-gcroots
 echo -e "${GRN}Purged all Nix files from your system.${RST}" >&2

nix/scripts/setup.sh

@@ -1,51 +1,76 @@
 #!/usr/bin/env bash
+# This script installs a specific version of Nix.
+set -eo pipefail
 
 GIT_ROOT=$(cd "${BASH_SOURCE%/*}" && git rev-parse --show-toplevel)
 source "${GIT_ROOT}/scripts/colors.sh"
 
-NIX_VERSION="2.3.12"
+NIX_VERSION="2.5.1"
 NIX_INSTALL_URL="https://nixos.org/releases/nix/nix-${NIX_VERSION}/install"
-NIX_INSTALL_SHA256="468a49a1cef293d59508bb3b62625dfcd99ec00334a14309f125cf8de513d5f1"
+NIX_INSTALL_SHA256="e265dfd8e80223633a9726009b42c534ac3d5f2b6da5ad6432ca1f6ea88206d0"
 NIX_INSTALL_PATH="/tmp/nix-install-${NIX_VERSION}"
 
-function install_nix() {
-  # Don't break people's profiles
-  export NIX_INSTALLER_NO_MODIFY_PROFILE=1
-  # Fix for installing on MacOS Catalina
-  export NIX_IGNORE_SYMLINK_STORE=1
-  # Download installer and verify SHA256
-  curl -s "${NIX_INSTALL_URL}" -o "${NIX_INSTALL_PATH}"
-  echo "${NIX_INSTALL_SHA256}  ${NIX_INSTALL_PATH}" | sha256sum -c
-  chmod +x "${NIX_INSTALL_PATH}"
-  # Run the installer
-  "${NIX_INSTALL_PATH}" --no-daemon
-  if [ $? -eq 0 ]; then
-    echo -e "${GRN}The Nix package manager was successfully installed.${RST}"
-  else
-    echo -e "${RED}Failed to install Nix package manager!${RST}" >&2
-    echo "Please see: https://nixos.org/nix/manual/#chap-installation" >&2
-    exit 1
-  fi
+install_nix() {
+    # Don't break people's profiles.
+    export NIX_INSTALLER_NO_MODIFY_PROFILE=1
+
+    # Download installer and verify SHA256>
+    curl -s "${NIX_INSTALL_URL}" -o "${NIX_INSTALL_PATH}"
+    echo "${NIX_INSTALL_SHA256}  ${NIX_INSTALL_PATH}" | sha256sum -c
+    chmod +x "${NIX_INSTALL_PATH}"
+
+    # Identify installation type.
+    if [[ -z "${NIX_INSTALL_OPTS}" ]]; then
+        if [[ "$(uname -r)" =~ microsoft ]]; then
+            # Systemd is not started by default on WSL.
+            NIX_INSTALL_OPTS="--no-daemon"
+        elif [[ "$(uname -s)" == "Darwin" ]]; then
+            NIX_INSTALL_OPTS="--daemon"
+        elif [[ "$(uname -s)" == "Linux" ]]; then
+            # Multi-user can only work with Systemd.
+            if [[ -x "$(command -v systemctl)" ]]; then
+                NIX_INSTALL_OPTS="--daemon"
+            else
+                NIX_INSTALL_OPTS="--no-daemon"
+            fi
+        fi
+    fi
+
+    # Run the installer
+    "${NIX_INSTALL_PATH}" "${NIX_INSTALL_OPTS}"
+    if [[ $? -eq 0 ]]; then
+        echo -e "${GRN}The Nix package manager was successfully installed.${RST}"
+    else
+        echo -e "${RED}Failed to install Nix package manager!${RST}" >&2
+        echo "Please see: https://nixos.org/nix/manual/#chap-installation" >&2
+        exit 1
+    fi
 }
 
+if [[ ! -x "$(command -v sha256sum)" ]]; then
+    echo -e "${RED}The 'sha256sum' utility is required for Nix installation.${RST}" >&2
+    echo -e "${YLW}Install 'coreutils' package on your system.${RST}" >&2
+    exit 1
+fi
+
 if [[ ! -x "$(command -v curl)" ]]; then
-  echo -e "${RED}The 'curl' utility is required for Nix installation.${RST}" >&2
-  exit 1
+    echo -e "${RED}The 'curl' utility is required for Nix installation.${RST}" >&2
+    exit 1
 fi
 
 if [[ "$(source /etc/os-release 2>/dev/null && echo "${NAME}")" == *NixOS* ]]; then
-  echo -e "${GRN}Already running NixOS.${RST}"
-  exit
+    echo -e "${GRN}Already running NixOS.${RST}"
+    exit
 fi
 
 if [[ -x "$(command -v nix)" ]]; then
-  echo -e "${GRN}Nix package manager already installed.${RST}"
-  exit
+    echo -e "${GRN}Nix package manager already installed.${RST}"
+    exit
 fi
 
 if [[ "${IN_NIX_SHELL}" == 'pure' ]]; then
-  echo -e "${GRN}Already in a pure Nix shell.${RST}"
-  exit
+    echo -e "${GRN}Already in a pure Nix shell.${RST}"
+    exit
 fi
 
 # If none of the checks before succeeded we need to install Nix