From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 7EBA61EA43; Mon, 14 Jul 2025 10:30:38 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id F3CD91EA3D; Mon, 14 Jul 2025 10:30:35 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_MISSING,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from fout-b3-smtp.messagingengine.com (fout-b3-smtp.messagingengine.com [202.12.124.146]) by atuin.qyliss.net (Postfix) with ESMTPS id 567121EA3B for ; Mon, 14 Jul 2025 10:30:34 +0000 (UTC) Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41]) by mailfout.stl.internal (Postfix) with ESMTP id E70EB1D002E5; Mon, 14 Jul 2025 06:30:32 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-01.internal (MEProxy); Mon, 14 Jul 2025 06:30:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm1; t=1752489032; x=1752575432; bh=xDd4aG9PGC TmeTRuX3PmY1r3uQuW29V/DPIlkErn5xE=; b=TQNsPbLD4pBUxG5cdoTwdozNbK ksisGz1x4jIcjpELNEP8egC4lV/FHOT2CXGmXJVsxwqeIFXtQN4hU9AZKOQ+MAaY T1jXcgjQxgNrCqYpIJoXEiMwKVVY75Tt9nAsW5NM/+COnZe/lws+5SD+iII5IFbt u539d3AxAncUyiRcnDUfIughLVRMSE2UqKT8JdPAFVR4DsFzdiFdpCPNWHyZoCQC xqGcHCEliAoIFPOidJGUzhWYhycajgFTwAPLqDWnMgqOPfeqqsHhPhZj55fK/fPn OC3FxcsbIYhAzcK1gdAp2q00yJtUWH4FKFWwpo14numULOeIHrc4kRaYML6Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1752489032; x=1752575432; bh=xDd4aG9PGCTmeTRuX3PmY1r3uQuW29V/DPI lkErn5xE=; b=ZGB0mNNO+wFc0MkVvsdXHgDnZJqdd1hkX3q38LrYpB1BhzCX4XD P4NnoO+bYqXVq8llGNckusZXiM1s6yyXY/jOr0kBVzvfTGQsAJfQBVO4iXUrnIfR 3gBIhka9l3xApIws0O48QJo2fPC2vSKM/M6Ovgaz/Sg+RBwEKVOCskID0i590Unw mIfLRGuFYpnBDXmIGfoNGnYvxulnPlsTEBZImbg439CFdzkiP78Hnjdn0udza+XA NEaNKvuRj1bjrLkGv6KDxqVUS1sTVkfH08QBHiXt5K4ndHZZN4EIpfIE2a+ygYqx KpUNaRKpV/gj6oS6vjJLbwtjz+1vqadHDUA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgdehudejvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjug hrpefhvffujghffffkgggtsehgtderredttdejnecuhfhrohhmpeetlhihshhsrgcutfho shhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeevhfeijeffhe eujefgkefhfffgveehiedvfefgledtteduudehvefghfeuffetteenucffohhmrghinhep shhpvggtthhruhhmqdhoshdrohhrghdpghhithhhuhgsrdgtohhmnecuvehluhhsthgvrh fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrihhs pdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeguvg hmihhosggvnhhouhhrsehgmhgrihhlrdgtohhmpdhrtghpthhtohepuggvvhgvlhesshhp vggtthhruhhmqdhoshdrohhrgh X-ME-Proxy: Feedback-ID: i12284293:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 14 Jul 2025 06:30:32 -0400 (EDT) Received: by sf.qyliss.net (Postfix, from userid 1000) id 96E3829C1B3E3; Mon, 14 Jul 2025 12:30:31 +0200 (CEST) From: Alyssa Ross To: Demi Marie Obenour , Spectrum OS Development Subject: Re: Cannot build release.nix without KVM In-Reply-To: References: Date: Mon, 14 Jul 2025 12:30:30 +0200 Message-ID: <875xfv83p5.fsf@alyssa.is> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Message-ID-Hash: JYHYM7F2H5O7W47SDZAJSW6KFHEHPYTO X-Message-ID-Hash: JYHYM7F2H5O7W47SDZAJSW6KFHEHPYTO X-MailFrom: hi@alyssa.is X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Demi Marie Obenour writes: > On a Qubes OS VM (which doesn't have nested virtualization), building > release.nix fails because start-vmm-test (rightly) errors out. Having > KVM be a *build*-time dependency of Spectrum OS seems rather strict, > especially because I can always copy the generated files over to another > machine and run them there. In particular, I can copy the resulting image > and run it in QEMU. Ah, I've made a mistake here I think. KVM shouldn't be a build dependency, because the Scaleway aarch64 builders used to populate the binary cache don't have it. It's only recently that release.nix includes start-vmm-test, so I haven't run those builders since, and hadn't noticed it. One option would be to introduce a build configuration[1] option that just disables any tests that need KVM. Another would be to run those tests inside QEMU TCG if KVM is available, which would have the benefit of the tests still running (and not introducing more config options). I wonder what the most lightweight way to optionally run some code in a TCG VM would be=E2=80=A6 [1]: https://spectrum-os.org/doc/development/build-configuration.html > Ideally I could use Nix's remote build support for this. However, that > is designed for the case where I am offloading work to a powerful and > trusted server, whereas in my case the remote machine is for testing > purposes only. Therefore, to save money, it is cheap, and it is also > generally treated as untrusted because I don't hold it to the same > standards I hold my highly trusted main laptop to. For instance, it > doesn't have credentials to send emails. Using a TCG VM as a remote builder would also be an option, but it would probably be nicer to have the build take care of that. > Is it possible to copy what I need for the tests (using 'nix copy' > or 'nix-copy-closure' perhaps?) and skip them locally? Can I run > the tests that do not need KVM while still running the rest? This > is probably simple for anyone familiar with Nix, but that is not > me. You can pass --keep-going to your build command, and then any failures won't get in the way of the rest of the build. nix-output-monitor[2] gives nice output that makes it obvious what failed. [2]: https://github.com/maralorn/nix-output-monitor --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaHTcRgAKCRBbRZGEIw/w oibiAP9ufGpOupz39yp7PAeirH2gw2iayVsjqXNlwyy0+NO8VwD8CI+18Tg5RXc7 eCGH4S8kl8q7zD5J1+MXAiZfebKr+QE= =nw2U -----END PGP SIGNATURE----- --=-=-=--