Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.30.2-1.fc44.src.rpm Description: Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis of the NixOS Linux distribution, but it can be used equally well under other Unix systems. See the README.fedora.md file for setup instructions. Fedora Account System Username: petersen Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=136066932
This packages the main nix files that live under FHS for Fedora. There are several subpackages: the important ones being nix-core and nix-daemon. Although it is possible to setup /nix etc manually, I have created a copr repo providing nix-multiuser and nix-singleuser, along with nix-filesystem, designed to work with this package: https://copr.fedorainfracloud.org/coprs/petersen/nix-setup/
This was conceptually inspired by the Debian/Ubuntu nix-bin package which as existed now for some years and basically does the same thing. But actually they (now at least) have https://packages.ubuntu.com/questing/nix-setup-systemd which does setup /nix I think: https://packages.ubuntu.com/questing/all/nix-setup-systemd/filelist Perhaps we can try to replicate this in Fedora too?
Copr build: https://copr.fedorainfracloud.org/coprs/build/9426383 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09426383-nix/fedora-review/review.txt Found issues: - Unversioned so-files directly in %_libdir. Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_devel_packages - Explicit dependency on perl-devel is not allowed unless building architecture-specific code which links to libperl.so Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/Perl/ - Systemd service file(s) in nix-daemon Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_scriptlets Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.30.2-2.fc44.src.rpm - fix nix-devel requires - add systemd scriptlets for nix-daemon
Created attachment 2103818 [details] The .spec file difference from Copr build 9426383 to 9435805
Copr build: https://copr.fedorainfracloud.org/coprs/build/9435805 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09435805-nix/fedora-review/review.txt Found issues: - Unversioned so-files directly in %_libdir. Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_devel_packages - Explicit dependency on perl-devel is not allowed unless building architecture-specific code which links to libperl.so Read more: https://docs.fedoraproject.org/en-US/packaging-guidelines/Perl/ Please know that there can be false-positives. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
(In reply to Jens Petersen from comment #2) > This was conceptually inspired by the Debian/Ubuntu nix-bin package which as > existed now for some years and basically does the same thing. > But actually they (now at least) have > https://packages.ubuntu.com/questing/nix-setup-systemd which does setup /nix > I think: > https://packages.ubuntu.com/questing/all/nix-setup-systemd/filelist Having looking through it more closely, perhaps I was optimistic - it doesn't seem to go much further than this package.
> MESON_OPTS=( ... ) > %if %{with docs} > MESON_OPTS+=(-Ddoc-gen=true) > %endif The nice thing about using shell array for the config option is that the additions can be handled in the same array. So this could be written as: MESON_OPTS=( ... %if %{with docs} -Ddoc-gen=true %endif ) But I think it's better to be even more explicit: MESON_OPTS=( ... -Ddoc-gen=%[%{with docs}?"enabled":"disabled"] ) We then don't depend on the upstream default, and the value is recorded in the build log. I'd also suggest adding: --libexecdir=%{_libexecdir} This will move stuff that doesn't need to be in /usr/bin to libexec. > - Unversioned so-files directly in %_libdir. That seems to be a mismatch with how nix does things (separate sublayouts for each package) and what everybody else does. They don't need to do library versioning because they want to recompile everything all the time anyway. I'm not sure what the best choice here is. The packaging guidelines are adamant [https://docs.fedoraproject.org/en-US/packaging-guidelines/#_downstream_so_name_versioning]: > Under no circumstances should the unversioned library be shipped in Fedora. I think a "downstream soname" should be added as described in the packaging guidelines. This will allow both versions to exist on disk, which is important to allow programs using those libraries to work during upgrades. -- Another big question is the use of /nix for the store. IIUC, theoretically this path could be changed, but it is baked into the compiled nix packages, so changing the path would invalidate the whole cache of shared packages, making such an installation of nix not really usable. So I think we want to keep this path. The packaging guidelines say > Fedora does not allow new directories directly under / or /usr without FPC approval. Right now this package sidesteps the issue by not setting up the store and referring the user to the copr (or to manual setup). I think this is fine for now, but long-term I think we'd want to not require that. I think the nicest solution would be to ask FPC to add an exception saying that "/nix" may optionally be used for the purpose of installing nixos packages. -- Another issue that came during the discussion on Matrix was whether it's OK to package software to install other software from external sources at all without additional approval. I looked at the guidelines [https://docs.fedoraproject.org/en-US/packaging-guidelines/what-can-be-packaged/], and it seems fairly clearly allowed: > Most things considered to be "free software" or "open source software" are permitted [...] > Some software (or in some cases, portions of that software) cannot be packaged for legal reasons. This includes issues related to licensing, patents, trademark law, etc. > [...] code is permitted (assuming, of course, that it has an open source compatible license, is not legally questionable, etc.), only some kinds of content are permissible. (Sadly, the packaging guidelines link to https://fedoraproject.org/wiki/Legal:Main and other wiki pages which redirect to the top-level legal page. One'd hope that people would be more careful to preserve URL stability for such important pages.) So since this is open-source code with good licensing, no content is packaged, with no patent or trademark law issues, everything seems good. (And we have many other packages to install other software, pip, nodejs, cargo, conda, various perl and python utilities, uv, etc.) -- I think Provides:nix should be added to one of the packages. Users are likely to use 'sudo dnf install nix', and this should work. Should 'readline' be used instead of 'editline'? IIUC, the latter's advantage is that it is smaller, but we have readline installed everywhere, so I think the installation footprint is smaller with with libreadline (on top of it being the better thing).
I tested the following patch: diff --git nix.spec nix.spec index 43ed7ee4ae..da6e24b8f1 100644 --- nix.spec +++ nix.spec @@ -13,3 +13,3 @@ License: LGPL-2.1-or-later URL: https://github.com/NixOS/nix -Source0: https://github.com/NixOS/nix/archive/v%{version}/%{name}-%{version}.tar.gz +Source0: https://github.com/NixOS/nix/archive/%{version}/%{name}-%{version}.tar.gz Source1: nix.conf @@ -135,2 +135,5 @@ cp -p %{SOURCE3} README.fedora.md +libtag="0.$(date +%Y%m%d -d @${SOURCE_DATE_EPOCH:?})" +perl -i -0pe "s|( library\\(.*install : true,)|\\1\\n version : \'${libtag}\',|smg" \ + src/lib*/meson.build @@ -200,3 +203,3 @@ cp %{SOURCE1} %{SOURCE2} %{buildroot}/etc/nix/ %exclude %{_bindir}/nix-daemon -%{_libdir}/*.so +%{_libdir}/*.so.0{,.*} %{perl_vendorarch}/Nix @@ -225,2 +228,3 @@ cp %{SOURCE1} %{SOURCE2} %{buildroot}/etc/nix/ %{_libdir}/pkgconfig/*.pc +%{_libdir}/*.so It seems to do the right thing. The resulting binary works as expected and I think it satisfies the guidelines.
Thank you! Oops, sorry missed your comments last month... (In reply to Zbigniew Jędrzejewski-Szmek from comment #8) > But I think it's better to be even more explicit: > MESON_OPTS=( ... > -Ddoc-gen=%[%{with docs}?"enabled":"disabled"] > ) > We then don't depend on the upstream default, and the value is recorded in > the build log. I like this, thanks > I'd also suggest adding: > --libexecdir=%{_libexecdir} Sure > > - Unversioned so-files directly in %_libdir. > That seems to be a mismatch with how nix does things (separate sublayouts > for each package) and what everybody else does. They don't need to do > library versioning because they want to recompile everything all the time > anyway. I'm not sure what the best choice here is. I wonder if we should just go with static libs like Debian here? Otherwise the shared libraries should probably be separated out anyway, though I don't know what needs them and probably it could wait until such a need arises (making it configurable feels slightly overdo though I suppose it is probably doable). > Another big question is the use of /nix for the store. IIUC, theoretically > this path could be changed, but it is baked into the compiled nix packages, > so changing the path would invalidate the whole cache of shared packages, > making such an installation of nix not really usable. So I think we want to > keep this path. The packaging guidelines say > > Fedora does not allow new directories directly under / or /usr without FPC approval. > > Right now this package sidesteps the issue by not setting up the store and > referring the user to the copr (or to manual setup). I think this is fine > for now, but long-term I think we'd want to not require that. I think the > nicest solution would be to ask FPC to add an exception saying that "/nix" > may optionally be used for the purpose of installing nixos packages. Yes I agree that would be good - so far FPC has resisted though, but maybe if the package is available the discussion becomes more practical than hypothetical. Help and support for this would be welcome. :-) > I think Provides:nix should be added to one of the packages. Users are > likely to use 'sudo dnf install nix', and this should work. Actually maybe we should just bite the bullet and rename nix-core to nix. (In my original nix copr, the nix package corresponds to what I am calling nix-multiuser now in nix-setup copr.) > Should 'readline' be used instead of 'editline'? Yeah I suppose so - it seems supported by upstream now: I had gone to the trouble earlier of packaging editline just for this ;-(
Hm, and debian just excludes: usr/include/* usr/lib/*/*.a usr/lib/*/pkgconfig/* usr/lib/pkgconfig/*
Maybe I will just drop the perl binding too: not sure what needs it? Debian doesn't ship them either :shrug: Also I opened https://github.com/NixOS/nix/issues/13960 about SONAME. Another approach for the libnix*.so would be to put nix under its own directory (libdir/nix/ say). Then it could use rpaths to find its libs: the devel files could still be excluded.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.1-1.fc44.src.rpm - https://github.com/NixOS/nix/blob/2.31.1/doc/manual/source/release-notes/rl-2.31.md - rename nix-core to base package - use readline (#2388768) - improve MESON_OPTS setup (zbyszek, #2388768) - use static libs and drop devel package - disable perl binding
Created attachment 2106217 [details] The .spec file difference from Copr build 9435805 to 9543542
Copr build: https://copr.fedorainfracloud.org/coprs/build/9543542 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09543542-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.1-2.fc44.src.rpm - noarch nix-daemon subpackage cannot use _isa requires Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=137011702
Created attachment 2106347 [details] The .spec file difference from Copr build 9543542 to 9545858
Copr build: https://copr.fedorainfracloud.org/coprs/build/9545858 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09545858-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Hmm, almost all nix commands immediately segfault with this build. But on backtrace is generated. Any ideas?
(In reply to Zbigniew Jędrzejewski-Szmek from comment #19) > Hmm, almost all nix commands immediately segfault with this build. But on > backtrace is generated. Any ideas? Oops good catch ("nix-shell -p hello" was still working for me and that's my only testcase, haha ;-) Seems it is caused by the static linking ;-( So I will revert that...
Anyway good news: upstream seems receptive to adding the SONAME, so I open a straightforward PR to add that to the meson build: https://github.com/NixOS/nix/pull/13966 Hopefully that addresses most of your original points now.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.1-3.fc44.src.rpm - revert to shared libs, add libs subpackage and restore devel - apply upstream submitted PR to enable sonanme versioning (#13966) Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=137040231
(noting the patch is slightly out of date now, but it only affects the disabled tests)
Created attachment 2106394 [details] The .spec file difference from Copr build 9545858 to 9550062
Copr build: https://copr.fedorainfracloud.org/coprs/build/9550062 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09550062-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
(In reply to Jens Petersen from comment #21) > Anyway good news: upstream seems receptive to adding the SONAME, > so I open a straightforward PR to add that to the meson build: > https://github.com/NixOS/nix/pull/13966 Okay that was quick: already merged and being backported to 2.30 and 2.31!
Well it got reverted as quickly again, lol (https://github.com/NixOS/nix/pull/13970 sigh). I feel like the unexpected backporting was the last straw. So I am wondering now if moving the libraries out of libdir isn't better. Though we can also keep a Fedora soname I suppose.
So I actually tried to install the libs into %{_libdir}/nix and after patching `install_rpath` into the meson.build files got it working. But rpmlint seemed to complain without sonames so reverting to downstream sonames seems good enough to me, as you already had suggested.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.1-4.fc44.src.rpm - add simple check with LD_LIBRARY_PATH Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=137105592
Created attachment 2106593 [details] The .spec file difference from Copr build 9550062 to 9554717
Copr build: https://copr.fedorainfracloud.org/coprs/build/9554717 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09554717-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Okay I reworked my soversion PR to use the nix version and that has now been merged.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.1-5.fc44.src.rpm - set the soversion to the nix version (#13995, #14001) Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=137166744
Created attachment 2106761 [details] The .spec file difference from Copr build 9554717 to 9558690
Copr build: https://copr.fedorainfracloud.org/coprs/build/9558690 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09558690-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
I think this looks very good now. Let's go through the checklist: - package name is OK (nix) - license is acceptable for Fedora (LGPL-2.1-or-later) - license is specified correctly - latest upstream version - BReq/Req/Prov/Rec look OK - builds and installs OK ;) - the binary is functional - %check is not present, but required dep is missing, so this is OK - systemd macros are used appropriately - header files and libraries are properly split out rpmlint: > nix-daemon.noarch: W: non-conffile-in-etc /etc/profile.d/nix-daemon.fish > nix-daemon.noarch: W: non-conffile-in-etc /etc/profile.d/nix-daemon.sh Sadly this is where profile files need to be installed. This is fine. > nix.src: W: strange-permission 13995.patch 666 > nix.src: W: strange-permission 14001.patch 666 > nix.src: W: strange-permission README.md 666 > nix.src: W: strange-permission nix-2.31.1.tar.gz 666 > nix.src: W: strange-permission nix.conf 666 > nix.src: W: strange-permission nix.spec 666 > nix.src: W: strange-permission registry.json 666 This doesn't matter. Permissions will be normalized when importing into dist-git. > nix.x86_64: W: no-manual-page-for-binary nix > nix.x86_64: W: no-manual-page-for-binary nix-build > nix.x86_64: W: no-manual-page-for-binary nix-channel > nix.x86_64: W: no-manual-page-for-binary nix-collect-garbage > nix.x86_64: W: no-manual-page-for-binary nix-copy-closure > nix.x86_64: W: no-manual-page-for-binary nix-env > nix.x86_64: W: no-manual-page-for-binary nix-hash > nix.x86_64: W: no-manual-page-for-binary nix-instantiate > nix.x86_64: W: no-manual-page-for-binary nix-prefetch-url > nix.x86_64: W: no-manual-page-for-binary nix-shell > nix.x86_64: W: no-manual-page-for-binary nix-store > nix-daemon.noarch: W: no-manual-page-for-binary nix-daemon > nix-daemon.noarch: W: no-documentation > nix-devel.x86_64: W: no-documentation Happens. > nix-daemon.noarch: W: post-without-tmpfile-creation /usr/lib/tmpfiles.d/nix-daemon.conf I think fedora-review hasn't caught up with this being automated by %filetriggers. > nix-daemon.noarch: W: dangling-relative-symlink /usr/bin/nix-daemon nix This is fine. nix-daemon Requires nix, and nix provides the target file. > nix-libs.x86_64: E: incorrect-fsf-address /usr/share/licenses/nix-libs/COPYING Meh. > nix-daemon.noarch: W: tmpfile-not-in-filelist /nix/var/nix/daemon-socket > nix-daemon.noarch: W: tmpfile-not-in-filelist /nix/var/nix/builds This one is a problem. I think that until we have secured the FPC exception, it's not OK to provide a config that will create /nix/ automatically. This is what would happen when systemd-tmpfiles is run. So I think this file must be skippped for now, or maybe renamed to /usr/lib/tmpfiles.d/nix-daemon.conf.example for now. > 5 packages and 0 specfiles checked; 1 errors, 27 warnings, 65 filtered, 1 badness; has taken 1.4 s > %files > %{_libdir}/libnix*.so.* The guidelines now say that using globs is not allowed. The version is defined in meson as: > nix_soversion = meson.project_version().strip('pre') So maybe something like this: %{lua:macros.version_no_pre = macros.version:gsub('pre','')} %{_libdir}/libnix*.so.%{version_no_pre} (This is a bit convoluted, but I wanted to avoid shelling out and %define nix_soversion %{gsub %version pre} causes a syntax error and %define nix_soversion %{gsub %version pre ''} causes a literal '' to be present and %define nix_soversion %{lua:macros.version:gsub('pre','')} causes ' 0' to be suffixed.) I'll file a ticket to allow /nix to be used, but for now, let's not use it. I think that if the issues listed are fixed, the package can be approved.
https://pagure.io/fesco/issue/3473 creates the exception request.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #36) > > nix.src: W: strange-permission 13995.patch 666 > > nix.src: W: strange-permission 14001.patch 666 > > nix.src: W: strange-permission README.md 666 > > nix.src: W: strange-permission nix-2.31.1.tar.gz 666 > > nix.src: W: strange-permission nix.conf 666 > > nix.src: W: strange-permission nix.spec 666 > > nix.src: W: strange-permission registry.json 666 Yea, this is actually a copr bug: https://github.com/fedora-copr/copr/issues/3888 > > nix.x86_64: W: no-manual-page-for-binary nix > > nix.x86_64: W: no-manual-page-for-binary nix-build > > nix.x86_64: W: no-manual-page-for-binary nix-channel > > nix.x86_64: W: no-manual-page-for-binary nix-collect-garbage > > nix.x86_64: W: no-manual-page-for-binary nix-copy-closure > > nix.x86_64: W: no-manual-page-for-binary nix-env > > nix.x86_64: W: no-manual-page-for-binary nix-hash > > nix.x86_64: W: no-manual-page-for-binary nix-instantiate > > nix.x86_64: W: no-manual-page-for-binary nix-prefetch-url > > nix.x86_64: W: no-manual-page-for-binary nix-shell > > nix.x86_64: W: no-manual-page-for-binary nix-store > > nix-daemon.noarch: W: no-manual-page-for-binary nix-daemon > > nix-daemon.noarch: W: no-documentation > > nix-devel.x86_64: W: no-documentation > Happens. Right the manpages need mdbook I think to be built iirc, which we don't have in Fedora yet. > > nix-libs.x86_64: E: incorrect-fsf-address /usr/share/licenses/nix-libs/COPYING > Meh. I reported this to upstream in https://github.com/NixOS/nix/issues/13758 - I guess I can open an PR too - to maintain my streak ;o) > > nix-daemon.noarch: W: tmpfile-not-in-filelist /nix/var/nix/daemon-socket > > nix-daemon.noarch: W: tmpfile-not-in-filelist /nix/var/nix/builds > This one is a problem. I think that until we have secured the > FPC exception, it's not OK to provide a config that will create /nix/ > automatically. This is what would happen when systemd-tmpfiles is run. > So I think this file must be skippped for now, or maybe renamed to > /usr/lib/tmpfiles.d/nix-daemon.conf.example for now. Ah right indeed - I missed this: then I will "move" it to nix-setup copr for now if possible. > > %files > > %{_libdir}/libnix*.so.* > > The guidelines now say that using globs is not allowed. Actually since the soversion is now identical to the nix version it should be trivial to do, thanks (at least for releases): but some hack like you sketch would be needed for pre-release snapshots. > I'll file a ticket to allow /nix to be used, but for now, let's not use it. Wow, thanks. I was also pondering a Fedora Change, but I am a slightly ambivalent: on the one hand I don't particularly want to "promote" the use of nix (in Fedora), on the other hand "give the people what they want" - a Change may not hurt either... and it would be a new feature, but yes it would be rather more meaningful with '/nix'.
I think some sort of a public announcement would make some sense. Mostly because I think there's a lot of people who would be interested in this and it could generate some positive buzz. Either a Change, or maybe a Fedora Magazine article… But let's get this working smoothly first ;)
(In reply to Jens Petersen from comment #38) > > > nix-libs.x86_64: E: incorrect-fsf-address /usr/share/licenses/nix-libs/COPYING > > Meh. > > I reported this to upstream in https://github.com/NixOS/nix/issues/13758 - I opened https://github.com/NixOS/nix/pull/14008 > > > nix-daemon.noarch: W: tmpfile-not-in-filelist /nix/var/nix/daemon-socket > > > nix-daemon.noarch: W: tmpfile-not-in-filelist /nix/var/nix/builds > > This one is a problem. I think that until we have secured the > > FPC exception, it's not OK to provide a config that will create /nix/ > > automatically. This is what would happen when systemd-tmpfiles is run. > > So I think this file must be skippped for now, or maybe renamed to > > /usr/lib/tmpfiles.d/nix-daemon.conf.example for now. > > Ah right indeed - I missed this: then I will "move" it to nix-setup copr for > now if possible. > > > > %files > > > %{_libdir}/libnix*.so.* > > > > The guidelines now say that using globs is not allowed. Is it okay in other places? Specifically for .so files perhaps > So I think this file must be skippped for now, or maybe renamed to > /usr/lib/tmpfiles.d/nix-daemon.conf.example for now. Would a symlink in my nix-setup work?
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.1-6.fc44.src.rpm - list .so files explicitly without globbing (#2388768) - disable /usr/lib/tmpfiles.d/nix-daemon.conf for now (#2388768)
Created attachment 2106859 [details] The .spec file difference from Copr build 9558690 to 9563277
Copr build: https://copr.fedorainfracloud.org/coprs/build/9563277 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09563277-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
(I played with a few "hacks"... 1) With /nix -> /opt/nix, I get: Sep 19 09:21:02 localhost-live nix-daemon[5765]: unexpected Nix daemon error: error: the path '"/nix"' is a symlink; this is not allowed for the Nix store and its parent directories and similar error in singleuser mode. 2) However in singleuser mode (without /nix/var): with /nix/store -> ~/.local/share/nix/store "nix-shell -p hello" works for me anyway - but I don't know if that is good enough in general, though it helps with the / "storage problem". Probably need more testcases.)
(I meant "sudo ln -s ~/.local/share/nix/root/nix/store /nix/")
2.32 seems to need boost-unordered ...
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.2-1.fc44.src.rpm https://koji.fedoraproject.org/koji/taskinfo?taskID=138068070
Created attachment 2109593 [details] The .spec file difference from Copr build 9563277 to 9684533
Copr build: https://copr.fedorainfracloud.org/coprs/build/9684533 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09684533-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
The exception for nix was approved in https://pagure.io/fesco/issue/3473. The ticket has not been updated yet, but the resolution was: > !agreed /nix top-level directory may be used exclusively for Nix runtime and package store. It shall not be part of the filesystem package, but packages are allowed to create it. (+6, 1, -0) So… can you absorb the changes from the separate packages in copr here?
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.2-2.fc44.src.rpm - FHS Exception for /nix was approved (https://pagure.io/fesco/issue/3473) - add multiuser setup to daemon subpackage - add singleuser and nix-filesystem subpackages Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=138231443
As a first step I folded my nix-setup copr into this package. Still largely untested. I ended up merging the multiuser subpackage into the daemon subpackage here. I think I will add Conflicts between nix-daemon and nix-singleuser in the next update.
Created attachment 2110034 [details] The .spec file difference from Copr build 9684533 to 9700241
Copr build: https://copr.fedorainfracloud.org/coprs/build/9700241 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09700241-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
I opened bug 2406036 asking about boost-unordered btw.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.2-3.fc44.src.rpm - use tmpfiles.d for nix-filesystem - improve the readme - list bin files explicitly - nix-singleuser now owns its dirs - add nix-daemon conflicts for ostree and containers - add nix-singleuser recommends for containers Koji scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=138378142
Created attachment 2110627 [details] The .spec file difference from Copr build 9700241 to 9725178
Copr build: https://copr.fedorainfracloud.org/coprs/build/9725178 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09725178-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
(In reply to Jens Petersen from comment #55) > I opened bug 2406036 asking about boost-unordered btw. I realized 2.32 needs boost >= 2.87
(I meant boost 1.87, sigh)
rpmlint says: nix-daemon.noarch: W: zero-perms-ghost Suggestion: "%ghost %attr(0755,root,root) /nix/var/nix/builds" nix-daemon.noarch: W: zero-perms-ghost Suggestion: "%ghost %attr(0755,root,root) /nix/var/nix/daemon-socket" nix-daemon.noarch: W: post-without-tmpfile-creation /usr/lib/tmpfiles.d/nix-daemon.conf nix-daemon.noarch: W: post-without-tmpfile-creation /usr/lib/tmpfiles.d/nix-filesystem.conf nix-daemon.noarch: W: non-standard-gid /nix/store nixbld nix-daemon.noarch: W: non-standard-gid /nix/var/log/nix/drvs nixbld nix-daemon.noarch: W: non-standard-gid /nix/var/nix nixbld nix-daemon.noarch: W: non-standard-gid /nix/var/nix/db nixbld nix-daemon.noarch: W: non-standard-gid /nix/var/nix/gc.lock nixbld nix-daemon.noarch: W: non-standard-gid /nix/var/nix/profiles nixbld nix-daemon.noarch: W: non-standard-gid /nix/var/nix/profiles/per-user nixbld nix-daemon.noarch: W: non-standard-gid /nix/var/nix/temproots nixbld nix-daemon.noarch: E: non-standard-dir-perm /nix/store 1775 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/log/nix/drvs 1775 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/nix 775 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/nix/builds 0 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/nix/daemon-socket 0 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/nix/db 775 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/nix/profiles 775 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/nix/profiles/per-user 775 nix-daemon.noarch: E: non-standard-dir-perm /nix/var/nix/temproots 775 nix-daemon.noarch: W: non-conffile-in-etc /etc/profile.d/nix-daemon.fish nix-daemon.noarch: W: non-conffile-in-etc /etc/profile.d/nix-daemon.sh
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.2-4.fc44.src.rpm - drop filesystem subpackage and ghost singleuser dirs - nix-daemon and nix-singleuser conflict with eachother
Created attachment 2110640 [details] The .spec file difference from Copr build 9725178 to 9725472
Copr build: https://copr.fedorainfracloud.org/coprs/build/9725472 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09725472-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Also if anyone following could suggest other lightweight "tests" we can use to test manually - that would be helpful. Maybe some small dummy project with a nix flake or nix.shell file say for example?
(I cooked up some trivial *.nix files with help from AI.) @zbyszek I think the package is in a reasonable state or point now where some new feedback would be helpful. Quite a lot of changes since you last commented. Can you have a look when you find some time? Specially thank you for the getting the Fesco exception through!
I also started to draft https://fedoraproject.org/wiki/Changes/Nix_package_tool
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.2-5.fc44.src.rpm - split nix-users from nix-daemon and drop nix-singleuser - drop all conflicts
Created attachment 2110781 [details] The .spec file difference from Copr build 9725472 to 9732136
Copr build: https://copr.fedorainfracloud.org/coprs/build/9732136 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09732136-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.2-6.fc44.src.rpm - rename users subpackage to system - improve /nix/var dirs ownership and perms - rename sysusers file to nix.conf - move nix-daemon tmpfiles.d to nix-daemon
I think I am pretty happy with the package now.
Created attachment 2110801 [details] The .spec file difference from Copr build 9732136 to 9732304
Copr build: https://copr.fedorainfracloud.org/coprs/build/9732304 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2388768-nix/fedora-rawhide-x86_64/09732304-nix/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
I didn't mention here, but now there are also f43 builds available from https://copr.fedorainfracloud.org/coprs/petersen/nix/ Though I am testing with: sudo dnf copr enable @fedora-review/fedora-review-2388768-nix fedora-rawhide-x86_64 One can also see git history at https://github.com/juhp/nix-fedora/tree/fedora
> %pre daemon > %tmpfiles_create_package nix-daemon %{_builddir}/%{name}-%{version}/redhat-linux-build/src/nix/misc/systemd/nix-daemon.conf > > %pre filesystem > %tmpfiles_create_package nix-filesystem %SOURCE5 > > %pre system > %sysusers_create_package nix-system %SOURCE4 Are those all necessary? rpm has scriptlets to execute sysusers config (before package installation) and systemd has scriptlets to execute tmpfiles config (after transaction). So I think those are redundant in F42+. (In F41, systemd would execute sysusers config via %posttrans.) Those scripts shouldn't actually cause any harm… But I think they should be dropped unless necessary. Checklist: - package name is OK (nix) - license is acceptable for Fedora (LGPL-2.1-or-later) - license is specified correctly - latest upstream version — not entirely, we need a boost upgrade for the latest upgrade, but it's OK to trail momentarily. - BReq/Req/Prov/Rec look OK - builds and installs OK ;) - the binary is functional - %check is not present, but required dep is missing, so this is OK - systemd macros are used appropriately — mostly, see my comment above. - header files and libraries are properly split out - shared libraries are in %_libdir and have a version suffix We have the FESCo approval to use the dir. The text of the guidelines hasn't been updated yet, but we don't need to block on that and it seems this will take a while because of unrelated changes touching the same area. Package is APPROVED. -- Thank you for filing the change. I think it's good to do this to advertise. I made some small tweaks and changed the status to ReadyForWrangler.
The Pagure repository was created at https://src.fedoraproject.org/rpms/nix
Thank you for the review, Zbigniew!
(In reply to Zbigniew Jędrzejewski-Szmek from comment #76) > > %pre daemon > > %tmpfiles_create_package nix-daemon %{_builddir}/%{name}-%{version}/redhat-linux-build/src/nix/misc/systemd/nix-daemon.conf > > > > %pre filesystem > > %tmpfiles_create_package nix-filesystem %SOURCE5 > > > > %pre system > > %sysusers_create_package nix-system %SOURCE4 > Are those all necessary? I wanted to ask you the same question :) > rpm has scriptlets to execute sysusers config (before package installation) > and systemd has scriptlets to execute tmpfiles config (after transaction). > So I think those are redundant in F42+. (In F41, systemd would execute > sysusers config via %posttrans.) > > Those scripts shouldn't actually cause any harm… But I think they should be > dropped unless necessary. Okay I can drop them then, thanks. TBH I am not that familiar with them. rpmlint still seems to warn about them, but sounds like that is outdated. > Thank you for filing the change. I think it's good to do this to advertise. > I made some small tweaks and changed the status to ReadyForWrangler. Cool
> > %pre daemon > > %tmpfiles_create_package nix-daemon %{_builddir}/%{name}-%{version}/redhat-linux-build/src/nix/misc/systemd/nix-daemon.conf > > > > %pre filesystem > > %tmpfiles_create_package nix-filesystem %SOURCE5 > > > > %pre system > > %sysusers_create_package nix-system %SOURCE4 : > rpm has scriptlets to execute sysusers config (before package installation) > and systemd has scriptlets to execute tmpfiles config (after transaction). > So I think those are redundant in F42+. (In F41, systemd would execute > sysusers config via %posttrans.) BTW I will probably build for f41, but I could condition the tmpfiles scripts. Are they needed for EPEL10? (I can't build for epel10 yet because it is missing boost-url but I plan to later if possible.)
Spec URL: https://petersen.fedorapeople.org/reviews/nix/nix.spec SRPM URL: https://petersen.fedorapeople.org/reviews/nix/nix-2.31.2-8.fc44.src.rpm - drop redundant sysusers and tmpfiles.d scriptlets (#2388768) - add obsoletes for petersen/nix copr subpackages and recommend nix-daemon if systemd
Just to be transparent - uploaded the final package I am building now for rawhide
https://pagure.io/releng/fedora-scm-requests/issue/79305
https://pagure.io/releng/fedora-scm-requests/issue/79316