Pin Nixpkgs (without Flakes)#405
Conversation
|
Oops, I forgot |
|
It's weird to have a |
|
I would tend to agree, but this is where #404 comes in, tying the loose end. When I had it designed in my mind a few weeks back it wasn't going to rely on flake.lock at all. |
|
I was under the impression that you are not intending to merge it anytime soon. From #404:
|
|
¯\_(ツ)_/¯ I can always revert back to not using flake.lock; but instead to lock by adding the rev/hash in |
|
And removed the old crufty |
samueldr
force-pushed
the
feature/pkgs-pinning
branch
from
d30a6ef to
6e5db0b
Compare
|
Was just using flake-compat considered? That is how I utilize flakes without anyone being the wiser in various projects consumed by then community. Aside, I know this isn't where you might want to spend energy but I've been treating this as a blocker and am excited to see the discussion. Sincere thanks to all. |
|
How has the "lack" of Flakes been a blocker? As far as I understand it, Mobile NixOS has been usable in a Flakes-based configuration since we got Using this repository as-is without integrating in a NixOS configuration is only good to produce an unusable unconfigured image. Or am I missing something still? |
|
The way you parse the flake.lock is a bit erronous. As soon as the user pins nixpkgs to a revision outside of GitHub it just fails. It would be definitely better to use import (import (fetchTarball https://github.com/edolstra/flake-compat/archive/master.tar.gz) {
src = builtins.fetchGit ./.;
}).defaultNix.inputs.nixpkgsMaybe just remove the |
samueldr
force-pushed
the
feature/pkgs-pinning
branch
from
6e5db0b to
c041b41
Compare
samueldr
changed the title
|
Yeah, I got a recommendation from another user for using that; I didn't know enough about Flakes to know if it could break some use case. When I had planned pinning Nixpkgs (without Flakes, still) it was with a "plain" import like I'm now doing. I'm planning to merge this soon, unless people here see reasons not to. One nice side-effect, as it is, is that we get pre-built artifacts from Hydra by default, so new users are less likely to need to build anything. |
doc/default.nix
Outdated
| let pkgs' = pkgs; in # Break the cycle | ||
| let | ||
| pkgs = import pkgs'.path { | ||
| inherit (pkgs') system config; | ||
| overlays = pkgs'.overlays ++ [ | ||
| (final: super: { | ||
| mobile-nixos-process-doc = final.callPackage ./_support/converter {}; | ||
| }) | ||
| ]; | ||
| }; |
There was a problem hiding this comment.
TODO:
shell.nix
Outdated
| let pkgs' = pkgs; in # Break the cycle | ||
| let | ||
| pkgs = import pkgs'.path { | ||
| inherit (pkgs') system config; | ||
| overlays = pkgs'.overlays ++ [ | ||
| (import ./overlay/overlay.nix) | ||
| ]; | ||
| }; |
There was a problem hiding this comment.
TODO:
We're instead re-importing the given Nixkgs with overlays.
Why re-import? It's because `extend` doesn't play well with some
features from Nixpkgs:
```
nix-repl> (pkgs.extend(f: s: { foobarbaz = "hi"; })).foobarbaz
"hi"
nix-repl> (pkgs.extend(f: s: { foobarbaz = "hi"; })).pkgsCross.aarch64-multiplatform.foobarbaz
error: attribute 'foobarbaz' missing, at (string):1:1
```
…o eval-with-configuration.nix
…th-configuration.nix
It wasn't really "nice" to use... Had no real value IMO.
samueldr
force-pushed
the
feature/pkgs-pinning
branch
from
c041b41 to
7df4d7e
Compare
|
I see there are still warnings to set NIX_PATH in the "Getting Started" and "Device Porting Guide" pages in the docs. Should these be purged? |
|
Good catch; they should be removed. They're largely useless without providing |
5 participants
This does not replace nor obsoletes #404. In fact, #404 should be rebased on top of this to better synchronize the non-flake and flake-based implementation of the project.
What?
The TODO item about pinning Nixpkgs has long been put on the backburner; a hole was burned at the bottom of the pot.
This changes the default behaviour of
nix-buildin the repository; instead of relying on the ambiant<nixpkgs>it uses a known good revision of Nixpkgs.Overriding to use your own
<nixpkgs>can still be done using--arg pkgs 'import <nixpkgs> {}'. It should help reduce the friction of first builds for end-users.This does not affect use inside a system configuration:
The Nixpkgs used is whatever the NixOS modules system resolved, just as it would already.
But Flakes?
What about Flakes? This does not replace usage of Nix Flakes. It uses the pinning mechanism for better cooperation for once we have a good user-story for Nix Flakes.
So unless I'm mistaken, merging this changes absolutely nothing with regards to Flakes. Whether it be current Flakes users, or for a future use of Flakes.
But hermeticity?
Flakes are not the only way to add hermeticity to a Nix build. Though the builds are still not hermetic by default! The "default" build still reads the ambiant environment for the current system. Convenience here is worth the minor loss of hermeticity; it is made obvious through tracing that cross-compilation is automatically being used, and there is a known way to undo that "hole" if the user desires it.
And
release.nix?It is by design that the Hydra-consumed
release.nixstill relies onNIX_PATHfor<nixpkgs>. Assumptions are made that Hydra evaluations are declared correctly enough to be functionally equivalent to totally hermetic.