From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,
	RCVD_IN_MSPIKE_WL,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=3.4.6
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 8430410944;
	Tue, 10 Jan 2023 20:27:58 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 44C781093A; Tue, 10 Jan 2023 20:27:55 +0000 (UTC)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com
 [66.111.4.25])
	by atuin.qyliss.net (Postfix) with ESMTPS id 360C810934
	for <devel@spectrum-os.org>; Tue, 10 Jan 2023 20:27:51 +0000 (UTC)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.47])
	by mailout.nyi.internal (Postfix) with ESMTP id 37D185C015C;
	Tue, 10 Jan 2023 15:27:47 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Tue, 10 Jan 2023 15:27:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:date:date:from:from:in-reply-to:in-reply-to
	:message-id:mime-version:references:reply-to:sender:subject
	:subject:to:to; s=fm2; t=1673382467; x=1673468867; bh=980SmPEzZ5
	UhhUq3bcpqnj3JDQG2HXg6OKED1NVbHLQ=; b=RDnXUZWNqtItfeDyJ0SqLVPT71
	JC4ZICQEd3V3ezdp8U7q489Yh8Yxpr4M7DCNuKPuP6MYHJyJg0D0fx4RPBGcPH2a
	gHz5nz+Wbp+yuSrBVZ3Z8DgKgrZDhEVRerFbe5l7dkAWoj8Q8M46/QvKGtTNlcYF
	tjupDphDk4ECFdALBoEwP70yI3KKWoIMmrF/M10zOiWw7BYbYK9CelEZ2K6DSyS6
	Gn8nZfUdHHUkwsad5nWE8+DJJJdYkNjhuWPNqc0bP0sMyHjyZMnA/tl+GxjtEOUx
	dETR8m0QuFv0a0u0XWxqrCd/JePzK1TfzEflEJ2Wi7jDn0QPUhTBm8KqER1w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:date:date:feedback-id
	:feedback-id:from:from:in-reply-to:in-reply-to:message-id
	:mime-version:references:reply-to:sender:subject:subject:to:to
	:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm3; t=1673382467; x=1673468867; bh=980SmPEzZ5UhhUq3bcpqnj3JDQG2
	HXg6OKED1NVbHLQ=; b=FYmvRWOItCi/aeVsNt8RrN/bWSkcIr3vruVeNCj7Uysi
	eHtdOwrAP3UodFzLG+8saGzPfKR42S/zNvaMntHbWeXXOsKdckZmp6m7KflAdgl3
	OOm6LtkmPdwS4jsbVRF8XxIU0ZYDmTvshLLnR0FYO7lAC9OvllnvzLFBzufZ3IqS
	gKc+R860oyhpMYf6alPKkSxNULfb2HMW+z2VGYWBQjp5fRzwJIXyFPGiX2SUSNwu
	i7AyKoZQVODRoEPNQaD15g0NvoeXUmoRJs/jq1Kzyvtw45vpHYZs10kJkiTvFIKw
	zrokcQZlzB6+1h5GPER2xxrvMVsQRRlTyirPYuNAww==
X-ME-Sender: <xms:Qsq9Y63N_1TA4hUcukkKhxWAFp1Awf6-Lwb8GcOOmbaBrlR7wSTvOA>
    <xme:Qsq9Y9EcJu1u2VGBp064Q6Jw2GGyXkhlxHhS5NKnD239lctAxUL3d-dmI9SDysfe2
    2hihS6T8Izqz91wxg>
X-ME-Received: 
 <xmr:Qsq9Yy5jKv2o9sd6czj_wJO73x_8PwgRpnyIUnhJfn2wX7DxOaUgCOPpj6ZRbh56I3DTmcqvdKiibpmOqHSCeY1SdG5ADo4Kog>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedvhedrledvgdejiecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpeffhffvvefukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpeetlhihshhs
    rgcutfhoshhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpedvge
    duffeiueeglefguefgkeekfeefjeduffdufedtveejfeeuiedvledvjeegueenucffohhm
    rghinhepshhpvggtthhruhhmqdhoshdrohhrghdpuggrthgrrghtuhhrshgvrhhvihgtvg
    drshgvpdhnihigohhsrdhorhhgpdhsthgrtghkohhvvghrfhhlohifrdgtohhmnecuvehl
    uhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihsh
    hsrgdrihhs
X-ME-Proxy: <xmx:Qsq9Y736cneXaU7nBf288rQzjfeXU5Ar14B1skaK_4TAhPrOaAp6Rw>
    <xmx:Qsq9Y9FUunEvuS3mnLHWIq2A_NIyNCy8mJaQp8jhZSlUNSDeUYK_qA>
    <xmx:Qsq9Y09_HMQpLqWAz9V7asBGKS7CWy20U4CowafR3J7SZ4vsGhc4pw>
    <xmx:Q8q9YwN4AwbVf2JFUK9m04vzckrmzUVIp_yvj2eQ9APLLanXHTrZAQ>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 10 Jan 2023 15:27:46 -0500 (EST)
Received: by x220.qyliss.net (Postfix, from userid 1000)
	id 3AF5828795; Tue, 10 Jan 2023 20:27:44 +0000 (UTC)
Date: Tue, 10 Jan 2023 20:27:44 +0000
From: Alyssa Ross <hi@alyssa.is>
To: Valentin Kharin <valentin.kharin@unikie.com>
Subject: Re: [PATCH v2 1/2] Add flakes support
Message-ID: <20230110202744.7b3oqkdfwy2mmdaf@x220>
References: <20221227091604.18039-1-valentin.kharin@unikie.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="r3ximp2xinhiqon4"
Content-Disposition: inline
In-Reply-To: <20221227091604.18039-1-valentin.kharin@unikie.com>
Message-ID-Hash: R6PAFXX4S4ACNWJQDJY57ZS37ADJNSJT
X-Message-ID-Hash: R6PAFXX4S4ACNWJQDJY57ZS37ADJNSJT
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1;
 header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: devel@spectrum-os.org
X-Mailman-Version: 3.3.5
Precedence: list
List-Id: Patches and low-level development discussion <devel.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/message/R6PAFXX4S4ACNWJQDJY57ZS37ADJNSJT/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/devel@spectrum-os.org/>
List-Help: <mailto:devel-request@spectrum-os.org?subject=help>
List-Owner: <mailto:devel-owner@spectrum-os.org>
List-Post: <mailto:devel@spectrum-os.org>
List-Subscribe: <mailto:devel-join@spectrum-os.org>
List-Unsubscribe: <mailto:devel-leave@spectrum-os.org>


--r3ximp2xinhiqon4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Dec 27, 2022 at 11:16:03AM +0200, Valentin Kharin wrote:
> Signed-off-by: Valentin Kharin <valentin.kharin@unikie.com>
> ---
>  flake.lock         | 43 ++++++++++++++++++++++++++++++++
>  flake.lock.license |  3 +++
>  flake.nix          | 62 ++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 108 insertions(+)
>  create mode 100644 flake.lock
>  create mode 100644 flake.lock.license
>  create mode 100644 flake.nix

Hi!  Thanks for v2!

I've actually tried this out now, and it's nice! :)

I have a couple of questions about how particular concepts will map to
flakes:

 - How will custom configurations work?  There are a few mechanisms that
   can be used today (NIX_PATH, config.nix in the source tree, passing
   an argument when importing Spectrum), but I don't think the flake
   exposes any of these?

 - How would using img/app/shell.nix to test different appvms work?
   Currently, I do e.g. nix-shell --arg run ../../vm/app/lynx.nix
   to get a shell where I can do a test run of that VM, but --arg
   apparently can't be used with flakes either.  What would an
   equivalent workflow be?

One code comment below as well.

> diff --git a/flake.nix b/flake.nix
> new file mode 100644
> index 0000000..ab54fed
> --- /dev/null
> +++ b/flake.nix
> @@ -0,0 +1,62 @@
> +# SPDX-License-Identifier: MIT
> +# SPDX-FileCopyrightText: 2022 Unikie
> +
> +{
> +  description = "A compartmentalized operating system";
> +
> +  # NOTE: Revision specification format is ?ref=refs%2fheads%2f<BRANCH>&rev=<COMMIT_REVISION>
> +  inputs.nixpkgs.url =
> +    "git+https://spectrum-os.org/git/nixpkgs/?ref=refs%2fheads%2frootfs";
> +  inputs.flake-utils.url = "github:numtide/flake-utils";
> +
> +  nixConfig = {
> +    extra-substituters = [ "https://cache.dataaturservice.se/spectrum/" ];
> +    trusted-public-keys = [
> +      "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
> +      "spectrum-os.org-1:rnnSumz3+Dbs5uewPlwZSTP0k3g/5SRG4hD7Wbr9YuQ="
> +    ];
> +  };
> +
> +  outputs = { self, nixpkgs, flake-utils }:
> +    let
> +      supportedSystems = with flake-utils.lib.system; [ x86_64-linux aarch64-linux ];
> +    in flake-utils.lib.eachSystem supportedSystems (system:
> +      let
> +        pkgs = nixpkgs.legacyPackages.${system};
> +        config = { inherit pkgs; };
> +        lib = pkgs.lib;
> +
> +        mkEntryPoint = { name ? builtins.baseNameOf path, path
> +          , enableShell ? true, enablePackage ? true }:
> +          let
> +            shell = {
> +              # NOTE: https://stackoverflow.com/a/43850372
> +              devShells.${name} =
> +                import (path + "/shell.nix") { inherit config; };
> +            };
> +            package = { packages.${name} = import path { inherit config; }; };
> +          in (if enableShell then shell else { })
> +          // (if enablePackage then package else { });
> +
> +        # Entry point is a directory with shell.nix and default.nix
> +        # This function maps every entry point to corresponding devShell and package
> +        mapEntryPoints = epoints:
> +          builtins.foldl' lib.recursiveUpdate { } (map mkEntryPoint epoints);

This set of helper functions (plus the flake-utils dependency) was a bit
scary to me, so I did some experimentation on my own and came up with
this:  (I didn't bother adding every component.)

	outputs = { self, nixpkgs }:
	  let
	    inherit (nixpkgs.lib) foldAttrs mergeAttrs;
	  in
	  foldAttrs mergeAttrs {} (map (system:
	    let
	      config = { pkgs = nixpkgs.legacyPackages.${system}; };
	    in {
	      devShells.${system} = {
	        root = import ./shell.nix { inherit config; };
	        appvm = import img/app/shell.nix { inherit config; };
	        documentation = import ./Documentation { inherit config; };
	        initramfs = import host/initramfs/shell.nix { inherit config; };
	      };

	      packages.${system} = {
	        documentation = import ./Documentation { inherit config; };
	        appvm = import img/app { inherit config; };
	        initramfs = import host/initramfs { inherit config; };
	      };
	    }) [ "aarch64-linux" "x86_64-linux" ]);

So from what I can tell, flake-utils in particular wasn't really buying
us much?

IMO, it also ends up being a lot easier to understand without to have
the components inlined like this, even at the expense of having to list
a component twice if it needs to have both a package and a devShell.
It saves people from having to figure out what a couple of fairly
complicated functions are doing when they want to understand how things
work or debug a problem.

What do you think?

> +      in lib.recursiveUpdate (mapEntryPoints [
> +        {
> +          path = ./.;
> +          enablePackage = false;
> +        }
> +        { path = ./host/initramfs; }
> +        { path = ./host/rootfs; }
> +        { path = ./host/start-vm; }
> +        { path = ./img/app; }
> +        { path = ./release/live; }
> +        { path = ./vm/sys/net; }
> +      ]) {
> +        # Add some other flake schema related stuff here.
> +        # NOTE: flake-utils.lib.eachDefaultSystem automagically adds ${system}.
> +        devShells.documentation = import ./Documentation { inherit config; };
> +        packages.documentation = import ./Documentation { inherit config; };
> +      });
> +}
> --
> 2.38.1
>
>

--r3ximp2xinhiqon4
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAmO9yjwACgkQ+dvtSFmy
ccDL0g//V98NfOJLYhI6AOWAW7OuPABcOw4FW4t/ZurLXBmCTZQT8/QdCtHbfQAV
H3JAOLsgUS5UUIXvYNluzXfdgHisVK1mzskKuAHIpVbtG5xTqVVM0Vk3S7UzwqOU
CmggN3MWc6iehVNwzUpep73on/tOuIs19rLiJYL0FsTpaY9/bgSWWHrgTr08AHfy
pDLxkQYO+/a8fFZH2uKVDcfbJFu4xXgO3UuUf689LtinbdDGkORlPxPitfak1Wbc
rm7kQX+stpe/cQgdl+MbXC+eHy/UmcyZCeEunCmOINpUILOPmWerIm9qWpiBFZsK
jtr4HRK8yihW8KbOKbGz8Xfyd+EiEttRbTTlHR5bxRdMMG7qJbEcGX0fVfN1adPo
+foK+ExdGD4JLFet75nqc8PD3zrA7AlcDBuXWU2N7jHVz8aD3nPNtp67nwnTiA1d
c/Ku26J/ivYR/71X6HuCkRBw/KSJotjvamdjAU33BchMljfAf2NFebDDh8d+YoWZ
yaxa1k9Zkcevs9yqzTefD+2RiTHpDCFrFe/VPxH/lx+hbW18KnuQJSUTRd0b3K1m
SeOx4tOliIZvs3tVQKaYa9ZwCHwikiBuX6JIRcq65hqf1Zq8R4Sjhc3iFbn0+71M
kAq8Zv7cxvMfGLVNTl0nXVrZo466NqDHlBLadMQkNVNXReiNp04=
=56x8
-----END PGP SIGNATURE-----

--r3ximp2xinhiqon4--