Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Nix packaging, instructions, and CI #38

Merged
merged 13 commits into from
Oct 6, 2023
Merged

Add Nix packaging, instructions, and CI #38

merged 13 commits into from
Oct 6, 2023

Conversation

leif
Copy link
Member

@leif leif commented Jun 17, 2023
edited

this builds on top of #31 - thanks @ehmry !

I don't really know what I'm doing with Nix but CI appears to be generating a package hash which matches what I get when I run it locally in podman, so, that's cool.

ehmry and others added 12 commits April 15, 2023 10:12
@ehmry @dvn0
Add Nix packaging
64deedf 
Co-authored-by: dvn <git@dvn.me>
@ehmry
Do not build from i686-linux
d540cd8 
Some crypto libraries missing for 32-bit x86.
@leif
Merge branch 'main' into nix
5c1d69f
@leif
attempt at adding nixos build to CI
d96b50b
@leif
fix shell syntax, cleanup
d5c4b9b
@leif
Merge branch 'main' into nix
1594864
@leif
readme: add Nix instructions
7fd5f2f
@leif
remove macos-11 ci target
0afa034 
github's artifact upload is being flaky and this is randomly failing, but we
really don't need to be building everything for old versions of macos anyway.

and we should probably replace 12 with 13, but, will find out if that actually works later...
@leif
fix dirname
4f4e78a
@leif
ci: include all jobs in release deps
66bb7d2 
i guess this just worked with alpine before because android takes longer
@leif
add space
9d3a857
@leif
minor changes
478d881
@leif leif requested review from mixmasala and david415 June 17, 2023 17:25
@leif
make sure nixos.output is 1 line
ae1d8a8 
just in case more things could ever end up in nix_build
@leif leif requested a review from threebithacker June 17, 2023 20:00
@leif leif mentioned this pull request Jun 17, 2023
Closed
ehmry
ehmry approved these changes Jun 18, 2023
View reviewed changes
Copy link
Contributor

@ehmry ehmry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know how this so called Docker stuff works but looks fine to me.

There is contention over whether Nix flakes are better than doing Nix the old-way, but its probably what you want here because you get strong determinism.

@mixmasala
Copy link
Contributor

Great work: I see also the same package name that appears to contain a hash:

sha256sum nix_build/d7l96ghvm2d7jdrkhdpi5h52mmpl7fxm-katzen-unstable-20230617175049/bin/katzen
b8d4fd36df43049a806f65786307b4899435fc70c5babc6ec40eb7d9e7b70c5f  nix_build/d7l96ghvm2d7jdrkhdpi5h52mmpl7fxm-katzen-unstable-20230617175049/bin/katzen

mixmasala
mixmasala approved these changes Jun 18, 2023
View reviewed changes
Copy link
Contributor

@mixmasala mixmasala left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with how Nix packaging works - this works, and I get a local build that matches the CI run:
https://github.com/katzenpost/katzen/releases/tag/test_ae1d8a819d5e30e9751caa39b77b5ef6f768e10d

.github/workflows/go.yml Show resolved Hide resolved
mixmasala
mixmasala reviewed Jun 18, 2023
View reviewed changes
Copy link
Contributor

@mixmasala mixmasala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should vendorHash be constant?

katzen.nix Show resolved Hide resolved
@ehmry
Copy link
Contributor

ehmry commented Jul 6, 2023

The vendorHash needs to be a constant. Nix needs a fixed-hash on all it's inputs before it can realize a package. Nix can't guarantee determinism or reproducibility but being strict about inputs is usually good enough. A malicious build system can still change it's behavior according to system fingerprinting, but almost nobody is dealing with that right now.

@leif leif merged commit 596799b into main Oct 6, 2023
7 checks passed
@leif leif deleted the nix branch October 6, 2023 14:26
@leif leif mentioned this pull request Oct 9, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehmry ehmry ehmry approved these changes

@mixmasala mixmasala mixmasala approved these changes

@david415 david415 Awaiting requested review from david415

@threebithacker threebithacker Awaiting requested review from threebithacker

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@leif @mixmasala @ehmry