Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin from nix cache #1687

Merged

Conversation

tlaurion
Copy link
Collaborator

@tlaurion tlaurion commented May 23, 2024

WiP: not yet under nixos-unstable. See c7d1495 log for details.
EDIT: part of nixos-unstable as of this PR, having called nix flake update to update flake.lock to pin to new package list including qemu built with canokey by default as per https://nixpk.gs/pr-tracker.html?pr=311914 PR inclusion and hydra having built all derivatives, downloadable from cache for flake.nix based develop to build docker image reproducibly.

Notes:


Track:


Todo:

  • @JonathonHall-Purism ready for review, assigned to you. Merge when ready
  • docker tag tlaurion/heads-dev-env:v0.1.9 tlaurion/heads-dev-env:latest && docker push tlaurion/heads-dev-env:latest

@tlaurion tlaurion marked this pull request as draft May 23, 2024 15:37
@tlaurion tlaurion force-pushed the use_nixos-unstable_prebuild_qemu-canokey branch 2 times, most recently from 921f28e to 656e6a4 Compare May 25, 2024 16:48
@tlaurion
Copy link
Collaborator Author

tlaurion commented May 25, 2024

Updated README.md notes and used it to build docker image out of nix develop, updated flake.nix and flake.lock accordingly to include now prebuild qemu with canokey support and tested to work.

Tested working successfully. Added last todo in OP needing to be done at time of merging (push latest to be another tag of v0.1.9 docker image.

@tlaurion
Copy link
Collaborator Author

tlaurion commented May 25, 2024

Oups lol. I pushed vx.y.z copy/pasting my example without changing variables content at
https://github.com/linuxboot/heads/pull/1687/files#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R127

Fixing to v0.1.9, force pushing

@tlaurion tlaurion force-pushed the use_nixos-unstable_prebuild_qemu-canokey branch from 656e6a4 to 5627a5f Compare May 25, 2024 16:54
…builtin, downloaded from nix cache

- flake.lock: bumps lcoekd package list to latest packages list through 'nix flake update'
- flake.nix : comment out customizations of derivatives, removing canokey-qemu lib since qemu_full depends on qemu which depends on canokey-qemu by default now
- flake.nux: add 'less' so that 'git log' is usable
- circleci/config.yml: use docker v0.1.9
- README.md : update docker image maintainer notes to ease upstreaming of docker images and for others to play around, requiring dockerhub account

For testing iterations of this, I used:
docker_version="v0.1.9" && docker_hub_repo="tlaurion/heads-dev-env" && sed "s@\(image: \)\(.*\):\(v[0-9]*\.[0-9]*\.[0-9]*\)@\1\2:$docker_version@" -i .circleci/config.yml && nix --print-build-logs --verbose develop --ignore-environment --command true && nix build .#dockerImage && docker load < result && docker tag linuxboot/heads:dev-env "$docker_hub_repo:$docker_version" && docker push "$docker_hub_repo:$docker_version"
Then added final commit, and pushed.

Signed-off-by: Thierry Laurion <[email protected]>
@tlaurion tlaurion force-pushed the use_nixos-unstable_prebuild_qemu-canokey branch from 5627a5f to c7d1495 Compare May 25, 2024 16:56
@tlaurion tlaurion changed the title WiP: use nixos-unstable channel's prebuilt qemu_full with canokey support builtin from nix cache Use nixos-unstable channel's prebuilt qemu_full with canokey support builtin from nix cache May 25, 2024
@tlaurion tlaurion marked this pull request as ready for review May 25, 2024 17:02
@tlaurion
Copy link
Collaborator Author

tlaurion commented May 29, 2024

@JonathonHall-Purism needs approval + merge when ready!
Then have to push latest as per OP #1687 (comment)

flake.nix Outdated Show resolved Hide resolved
@JonathonHall-Purism
Copy link
Collaborator

JonathonHall-Purism commented May 30, 2024

  • the nix develop produced docker image is reproducible

That's awesome 🤩 Let me give it a try 🤞

edit: It works! I reproduced the v0.1.9 image

@tlaurion
Copy link
Collaborator Author

tlaurion commented May 30, 2024

  • the nix develop produced docker image is reproducible

That's awesome 🤩 Let me give it a try 🤞

edit: It works! I reproduced the v0.1.9 image

@JonathonHall-Purism isn't this awesome? Meaning commits of today will be reproducible forever! Done!
(If derivatives not in cache, that would mean people having to rebuild from source, but yet again, docker hub proves that docker images from before were rebuildable and circleci shows which docker image was used back then if shortcut is needed).

I'm really impressed by Nix.

@tlaurion tlaurion merged commit 34c7bb5 into linuxboot:master May 30, 2024
2 of 6 checks passed
@tlaurion
Copy link
Collaborator Author

@JonathonHall-Purism Drop what you would love to have under docker image under #1690

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants