Alex Auvolat
c16116559d
All checks were successful
continuous-integration/drone/push Build is passing
102 lines
3.4 KiB
Markdown
102 lines
3.4 KiB
Markdown
+++
|
|
title = "Miscellaneous notes"
|
|
weight = 20
|
|
+++
|
|
|
|
|
|
## Quirks about cargo2nix/rust in Nix
|
|
|
|
If you use submodules in your crate (like `crdt` and `replication` in `garage_table`), you must list them in `default.nix`
|
|
|
|
The Windows target does not work. it might be solvable through [overrides](https://github.com/cargo2nix/cargo2nix/blob/master/overlay/overrides.nix). Indeed, we pass `x86_64-pc-windows-gnu` but mingw need `x86_64-w64-mingw32`
|
|
|
|
We have a simple [PR on cargo2nix](https://github.com/cargo2nix/cargo2nix/pull/201) that fixes critical bugs but the project does not seem very active currently. We must use [my patched version of cargo2nix](https://github.com/superboum/cargo2nix) to enable i686 and armv6l compilation. We might need to contribute to cargo2nix in the future.
|
|
|
|
|
|
## Nix
|
|
|
|
Nix has no armv7 + musl toolchains but armv7l is backward compatible with armv6l.
|
|
|
|
```bash
|
|
cat > $HOME/.awsrc <<EOF
|
|
export AWS_ACCESS_KEY_ID="xxx"
|
|
export AWS_SECRET_ACCESS_KEY="xxx"
|
|
EOF
|
|
|
|
# source each time you want to send on the cache
|
|
source ~/.awsrc
|
|
|
|
# copy garage build dependencies (and not only the output)
|
|
nix-build
|
|
nix-store -qR --include-outputs $(nix-instantiate default.nix)
|
|
| xargs nix copy --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage'
|
|
|
|
# copy shell dependencies
|
|
nix-build shell.nix -A inputDerivation
|
|
nix copy $(nix-store -qR result/) --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage'
|
|
```
|
|
|
|
More example of nix-copy
|
|
|
|
```
|
|
# nix-build produces a result/ symlink
|
|
nix copy result/ --to 's3://nix?endpoint=garage.deuxfleurs.fr®ion=garage'
|
|
|
|
# alternative ways to use nix copy
|
|
nix copy nixpkgs.garage --to ...
|
|
nix copy /nix/store/3rbb9qsc2w6xl5xccz5ncfhy33nzv3dp-crate-garage-0.3.0 --to ...
|
|
```
|
|
|
|
|
|
Clear the cache:
|
|
|
|
```bash
|
|
mc rm --recursive --force garage/nix/
|
|
```
|
|
|
|
---
|
|
|
|
A desirable `nix.conf` for a consumer:
|
|
|
|
```toml
|
|
substituters = https://cache.nixos.org https://nix.web.deuxfleurs.fr
|
|
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix.web.deuxfleurs.fr:eTGL6kvaQn6cDR/F9lDYUIP9nCVR/kkshYfLDJf1yKs=
|
|
```
|
|
|
|
And now, whenever you run a command like:
|
|
|
|
```
|
|
nix-shell
|
|
nix-build
|
|
```
|
|
|
|
Our cache will be checked.
|
|
|
|
### Some references about Nix
|
|
|
|
|
|
- https://doc.rust-lang.org/nightly/rustc/platform-support.html
|
|
- https://nix.dev/tutorials/cross-compilation
|
|
- https://nixos.org/manual/nix/unstable/package-management/s3-substituter.html
|
|
- https://fzakaria.com/2020/09/28/nix-copy-closure-your-nix-shell.html
|
|
- http://www.lpenz.org/articles/nixchannel/index.html
|
|
|
|
|
|
## Drone
|
|
|
|
Do not try to set a build as trusted from the interface or the CLI tool,
|
|
your request would be ignored. Instead, directly edit the database (table `repos`, column `repo_trusted`).
|
|
|
|
Drone can do parallelism both at the step and the pipeline level. At the step level, parallelism is restricted to the same runner.
|
|
|
|
## Building Docker containers
|
|
|
|
We were:
|
|
- Unable to use the official Docker plugin because
|
|
- it requires to mount docker socket in the container but it is not recommended
|
|
- you cant set the platform when building
|
|
- Unable to use buildah because it needs `CLONE_USERNS` capability
|
|
- Unable to use the kaniko plugin for Drone as we can't set the target platform
|
|
- Unable to use the kaniko container provided by Google as we can't run arbitrary logic: we need to put our secret in .docker/config.json.
|
|
|
|
Finally we chose to build kaniko through nix and use it in a `nix-shell`.
|