Skip to content
Snippets Groups Projects

Switch to using mach-nix for python packaging.

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Jean-Paul Calderone
  • Jean-Paul Calderone
  • Jean-Paul Calderone
  • Jean-Paul Calderone
  • 1 1 # Generally describe the project
    2 2 [metadata]
    3 name = Zero-Knowledge Access Pass Authorizer
    3 name = zero-knowledge-access-pass-authorizer
  • Jean-Paul Calderone
  • 1 # This file has been generated by Niv.
  • Review: Changes requested

    Thanks. Some comments inline. In addition to those, while I see how the new mach-nix Tahoe packaging works in principle, in practice I must not really understand because I cannot reproduce a successful mach-nix-based Tahoe build independently. Using PrivateStorageio/mach-nix master@HEAD and a mach nix pypi db from this morning gives me errors either about cryptography == 35.0.0 being unsatisfiable or if I loosen that version constraint, errors about setuptools_rust being missing.

    I'd like to have a more solid grasp of mach-nix before switching ZKAPAuthorizer to it to avoid nix packaging for this project becoming an obstacle for me.

  • Created by: tomprince

    Using PrivateStorageio/mach-nix master@HEAD

    The correct branch to use is the merged branch.

  • Administrator
    Administrator @root started a thread on commit 9660e905
  • 76 };
    77
    78 privatestorage = let
    79 python-env = mach-nix.mkPython {
    80 inherit python providers;
    81 packagesExtra = [ zkapauthorizer tahoe-lafs ];
    82 };
    83 in
    84 pkgs.runCommandNoCC "privatestorage" {}
    85 ''
    86 mkdir -p $out/bin
    87 ln -s ${python-env}/bin/tahoe $out/bin
    88 # Include some tools that are useful for debugging.
    89 ln -s ${python-env}/bin/flogtool $out/bin
    90 ln -s ${python-env}/bin/eliot-prettyprint $out/bin
    91 '';
    • Created by: tomprince

      I used this, instead of directly using the environment, to control which executables are included in the derivation. This is mainly because this package included in environment.systemPackages.

    • So, to avoid polluting the system PATH with unnecessary extra executables? That seems reasonable. Maybe worth converting into a comment in the code here.

  • Administrator
    Administrator @root started a thread on commit 9660e905
  • 63 # See https://github.com/DavHau/mach-nix/issues/123
    64 # In particular, we explicitly include the requirements of tahoe-lafs
    65 # here, and include it in a python package overlay.
    66 requirementsExtra = tahoe-lafs.requirements;
    67 overridesPre = [
    68 (
    69 self: super: {
    70 inherit tahoe-lafs;
    71 }
    72 )
    73 ];
    74 # Record some settings here, so downstream nix files can consume them.
    75 meta.mach-nix = { inherit python providers; };
    76 };
    77
    78 privatestorage = let
    • Created by: tomprince

      I added this derivation, and turned default.nix into an attrset rather than a derivation to get the right binaries into the derivation used by PrivateStorageio and also expose the zkaupauthorizer derivation to tests.nix. It'd also be possible to expose the later as an attribute on this derivation; I'm not sure which approach is better (if either).

  • Administrator
    Administrator @root started a thread on commit 9660e905
  • 24 trialArgs' = if trialArgs == null then defaultTrialArgs else trialArgs;
    25 extraTrialArgs = builtins.concatStringsSep " " trialArgs';
    26 testSuite' = if testSuite == null then "_zkapauthorizer" else testSuite;
    27
    28 python = mach-nix.mkPython {
    29 inherit (zkapauthorizer.meta.mach-nix) python providers;
    30 requirements =
    31 builtins.readFile ./requirements/test.in;
    32 packagesExtra = [ zkapauthorizer ];
    33 _.hypothesis.postUnpack = "";
    34 };
    35 in
    36 pkgs.runCommand "zkapauthorizer-tests" {
    37 passthru = {
    38 inherit python;
    39 };
    • Created by: tomprince

      This is exposing the python environment with test dependencies, for use in shell.nix.

    • I want to like this. I gave up on Nix-supplied development environment a long time ago (due to the many bugs in and/or poor documentation about this features of nixpkgs Python support works). I would quite enjoy not using virtualenv anymore.

      But this doesn't actually provide a development environment, does it? The _zkapauthorizer package in the resulting Python environment comes from the Nix store - ie, this is not like a "pip install -e ." situation. So I wonder what this is for.

      The only thing I can think of is doing some very complex interactive debugging. For anything simple enough, the 1m setup time seems like it would be too much of a barrier.

    • Created by: tomprince

      If you aren't currently using shell.nix, then I won't worry more about getting it working in this PR.

      It would definitely be possible to get the equivalent of pip install -e . here. I did something similar for zkap-spending-service, though it might be more complex here to get the right dependencies.

      Or, maybe something like

      let
        sources = import nix/sources.nix;
      in
      { pkgs ? import sources.release2015 {}
      , tahoe-lafs-source ? "tahoe-lafs"
      }:
        let
          privatesotrage = pkgs.callPackage ./default.nix {
            inherit tahoe-lafs-source;
          };
        in
          pkgs.mkShell {
            inputsFrom = [
              privatestorage.zkapauthorizer
            ];
            packages = [
              pkgs.niv
            ];
          }

      might work after this PR.

  • Administrator
    Administrator @root started a thread on commit 8df02aae
  • 1 Contributing to ZKAPAuthorizer
    • Created by: tomprince

      While I definitely appreciate the benifits of sphix/restructuredtext of markdown, I originally wrote all the link in here with markdown syntax. I wonder if there is enough benefit of restructuredtext over markdown, given that both github and gitlab use markdown as the syntax for all the places you can write text in them.

    • My main argument for rst is that I am more familiar with it than I am with markdown. That's not much of an argument, I know. Preferences of GitHub and GitLab are somewhat compelling, I guess (although can't GitLab also do rst if you ask it nicely enough?)

      I don't know anything about what happens if you use Sphinx and markdown together. Do you lose functionality (I'm thinking about linking from rst to md and other similar interactions)?

      If it all just works, I guess I don't really object (but, of course, don't convert it in this PR).

    • Created by: tomprince

      I don't have particularly strong feelings either way, and probably won't spend a lot of time thinking about it. This was mostly idle musing prompted by the combination of renaming this file to match its actual file-type and the my "muscle memory" for writing links in markdown format led to the incorrect formatting initially.

      I do wonder a bit about the value of sphix (as opposed to rst vs md), given that we don't have the built docs available anywhere. Without that, I am much more like to go look at the source (either locally or in the VCS host), and neither github nor gitlab handle any of the sphinx extensions.

  • Jean-Paul Calderone
  • 50 nix-shell --run 'niv update tahoe-lafs --branch master'
    51
    52 It is also possible to pass ``pull/<pr-number>/head`` to test against a specific PR.
    53
    54 .. note::
    55
    56 Since tahoe-lafs doesn't have correct version information when installed from a github archive,
    57 the packaging in ``default.nix`` includes a fake version number.
    58 This will need to be update manually at least when the minor version of tahoe-lafs changes.
    59
    60 If you want to test multiple versions, you can add an additional source, pointing at other version
    61
    62 .. code:: shell
    63
    64 nix-shell --run 'niv add -n tahoe-lafs-next tahoe-lafs/tahoe-lafs --rev "<rev>"'
    65 nix-build tests.nix --argstr tahoe-lafs-source tahoe-lafs-next
    • Since niv doesn't support floating versions (I guess?) then I suppose the CI workflow for "test against master" would be something like:

      • run niv update tahoe-lafs-master --branch master
      • Run build w/ tahoe-lafs-source set to tahoe-lafs-master

      (after initially creating tahoe-lafs-master with niv, pointed at some arbitrary master revision)

      ?

      Hm. Or I guess, assuming that CI doesn't try to commit its pin change, you don't actually need tahoe-lafs-master - you can just update tahoe-lafs and then you don't even have to tell the Nix expression to use a different version...

  • 6 Examples of contributions include:
    7
    8 * Bug reports and patch reviews
    9 * Documentation improvements
    10 * Code patches
    11
    12 File a ticket at:
    13
    14 https://github.com/PrivateStorageio/ZKAPAuthorizer/issues/new
    15
    16 ZKAPAuthorizer uses GitHub keep track of bugs, feature requests, and associated patches.
    17
    18 Contributions are managed using GitHub's Pull Requests.
    19 For a PR to be accepted it needs to have:
    20
    21 * an associated issue
  • 1 {
    2 "mach-nix": {
    3 "branch": "merged",
    • maybe worth having a ticket filed for switching back to master/a release - w/ links to tickets/prs that need to be resolved in mach-nix for this to be possible.

  • Jean-Paul Calderone
  • 21 python-challenge-bypass-ristretto = "wheel";
    22 # Pure python packages that don't build correctly from sdists
    23 # - patches in nixpkgs that don't apply
    24 boltons = "wheel";
    25 chardet = "wheel";
    26 urllib3 = "wheel";
    27 # - incorrectly detected dependencies due to pbr
    28 fixtures = "wheel";
    29 testtools = "wheel";
    30 traceback2 = "wheel";
    31 # - Incorrectly merged extras - https://github.com/DavHau/mach-nix/pull/334
    32 tqdm = "wheel";
    33 };
    34 in
    35 rec {
    36 tahoe-lafs = mach-nix.buildPythonPackage rec {
    • Do you know if this expression can eventually go into Tahoe itself?

    • Created by: tomprince

      Maybe? I'd probably a little bit ambivalent about putting there in its current state, as a public interface. In particular, all the "just-so" choices of providers for various dependencies to get things to work. And mach-nix doesn't really have a good story around composing mach-nix.buildPythonPackage built packages, so I'm not sure how easy it would be for us to then re-use it.

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Please register or sign in to reply
    Loading