Switch to using mach-nix for python packaging.
Created by: tomprince
Used in https://whetstone.privatestorage.io/privatestorage/PrivateStorageio/-/merge_requests/166.
Merge request reports
Activity
1 1 # Generally describe the project 2 2 [metadata] 3 name = Zero-Knowledge Access Pass Authorizer 3 name = zero-knowledge-access-pass-authorizer Review: Changes requested
Thanks. Some comments inline. In addition to those, while I see how the new mach-nix Tahoe packaging works in principle, in practice I must not really understand because I cannot reproduce a successful mach-nix-based Tahoe build independently. Using PrivateStorageio/mach-nix master@HEAD and a mach nix pypi db from this morning gives me errors either about
cryptography == 35.0.0
being unsatisfiable or if I loosen that version constraint, errors aboutsetuptools_rust
being missing.I'd like to have a more solid grasp of mach-nix before switching ZKAPAuthorizer to it to avoid nix packaging for this project becoming an obstacle for me.
76 }; 77 78 privatestorage = let 79 python-env = mach-nix.mkPython { 80 inherit python providers; 81 packagesExtra = [ zkapauthorizer tahoe-lafs ]; 82 }; 83 in 84 pkgs.runCommandNoCC "privatestorage" {} 85 '' 86 mkdir -p $out/bin 87 ln -s ${python-env}/bin/tahoe $out/bin 88 # Include some tools that are useful for debugging. 89 ln -s ${python-env}/bin/flogtool $out/bin 90 ln -s ${python-env}/bin/eliot-prettyprint $out/bin 91 ''; 63 # See https://github.com/DavHau/mach-nix/issues/123 64 # In particular, we explicitly include the requirements of tahoe-lafs 65 # here, and include it in a python package overlay. 66 requirementsExtra = tahoe-lafs.requirements; 67 overridesPre = [ 68 ( 69 self: super: { 70 inherit tahoe-lafs; 71 } 72 ) 73 ]; 74 # Record some settings here, so downstream nix files can consume them. 75 meta.mach-nix = { inherit python providers; }; 76 }; 77 78 privatestorage = let Created by: tomprince
I added this derivation, and turned
default.nix
into an attrset rather than a derivation to get the right binaries into the derivation used by PrivateStorageio and also expose thezkaupauthorizer
derivation totests.nix
. It'd also be possible to expose the later as an attribute on this derivation; I'm not sure which approach is better (if either).
24 trialArgs' = if trialArgs == null then defaultTrialArgs else trialArgs; 25 extraTrialArgs = builtins.concatStringsSep " " trialArgs'; 26 testSuite' = if testSuite == null then "_zkapauthorizer" else testSuite; 27 28 python = mach-nix.mkPython { 29 inherit (zkapauthorizer.meta.mach-nix) python providers; 30 requirements = 31 builtins.readFile ./requirements/test.in; 32 packagesExtra = [ zkapauthorizer ]; 33 _.hypothesis.postUnpack = ""; 34 }; 35 in 36 pkgs.runCommand "zkapauthorizer-tests" { 37 passthru = { 38 inherit python; 39 }; I want to like this. I gave up on Nix-supplied development environment a long time ago (due to the many bugs in and/or poor documentation about this features of nixpkgs Python support works). I would quite enjoy not using virtualenv anymore.
But this doesn't actually provide a development environment, does it? The
_zkapauthorizer
package in the resulting Python environment comes from the Nix store - ie, this is not like a "pip install -e ." situation. So I wonder what this is for.The only thing I can think of is doing some very complex interactive debugging. For anything simple enough, the 1m setup time seems like it would be too much of a barrier.
Created by: tomprince
If you aren't currently using
shell.nix
, then I won't worry more about getting it working in this PR.It would definitely be possible to get the equivalent of
pip install -e .
here. I did something similar for zkap-spending-service, though it might be more complex here to get the right dependencies.Or, maybe something like
let sources = import nix/sources.nix; in { pkgs ? import sources.release2015 {} , tahoe-lafs-source ? "tahoe-lafs" }: let privatesotrage = pkgs.callPackage ./default.nix { inherit tahoe-lafs-source; }; in pkgs.mkShell { inputsFrom = [ privatestorage.zkapauthorizer ]; packages = [ pkgs.niv ]; }
might work after this PR.
1 Contributing to ZKAPAuthorizer Created by: tomprince
While I definitely appreciate the benifits of sphix/restructuredtext of markdown, I originally wrote all the link in here with markdown syntax. I wonder if there is enough benefit of restructuredtext over markdown, given that both github and gitlab use markdown as the syntax for all the places you can write text in them.
My main argument for rst is that I am more familiar with it than I am with markdown. That's not much of an argument, I know. Preferences of GitHub and GitLab are somewhat compelling, I guess (although can't GitLab also do rst if you ask it nicely enough?)
I don't know anything about what happens if you use Sphinx and markdown together. Do you lose functionality (I'm thinking about linking from rst to md and other similar interactions)?
If it all just works, I guess I don't really object (but, of course, don't convert it in this PR).
Created by: tomprince
I don't have particularly strong feelings either way, and probably won't spend a lot of time thinking about it. This was mostly idle musing prompted by the combination of renaming this file to match its actual file-type and the my "muscle memory" for writing links in markdown format led to the incorrect formatting initially.
I do wonder a bit about the value of sphix (as opposed to rst vs md), given that we don't have the built docs available anywhere. Without that, I am much more like to go look at the source (either locally or in the VCS host), and neither github nor gitlab handle any of the sphinx extensions.
50 nix-shell --run 'niv update tahoe-lafs --branch master' 51 52 It is also possible to pass ``pull/<pr-number>/head`` to test against a specific PR. 53 54 .. note:: 55 56 Since tahoe-lafs doesn't have correct version information when installed from a github archive, 57 the packaging in ``default.nix`` includes a fake version number. 58 This will need to be update manually at least when the minor version of tahoe-lafs changes. 59 60 If you want to test multiple versions, you can add an additional source, pointing at other version 61 62 .. code:: shell 63 64 nix-shell --run 'niv add -n tahoe-lafs-next tahoe-lafs/tahoe-lafs --rev "<rev>"' 65 nix-build tests.nix --argstr tahoe-lafs-source tahoe-lafs-next Since niv doesn't support floating versions (I guess?) then I suppose the CI workflow for "test against master" would be something like:
- run
niv update tahoe-lafs-master --branch master
- Run build w/ tahoe-lafs-source set to tahoe-lafs-master
(after initially creating tahoe-lafs-master with niv, pointed at some arbitrary master revision)
?
Hm. Or I guess, assuming that CI doesn't try to commit its pin change, you don't actually need
tahoe-lafs-master
- you can just updatetahoe-lafs
and then you don't even have to tell the Nix expression to use a different version...- run
6 Examples of contributions include: 7 8 * Bug reports and patch reviews 9 * Documentation improvements 10 * Code patches 11 12 File a ticket at: 13 14 https://github.com/PrivateStorageio/ZKAPAuthorizer/issues/new 15 16 ZKAPAuthorizer uses GitHub keep track of bugs, feature requests, and associated patches. 17 18 Contributions are managed using GitHub's Pull Requests. 19 For a PR to be accepted it needs to have: 20 21 * an associated issue 21 python-challenge-bypass-ristretto = "wheel"; 22 # Pure python packages that don't build correctly from sdists 23 # - patches in nixpkgs that don't apply 24 boltons = "wheel"; 25 chardet = "wheel"; 26 urllib3 = "wheel"; 27 # - incorrectly detected dependencies due to pbr 28 fixtures = "wheel"; 29 testtools = "wheel"; 30 traceback2 = "wheel"; 31 # - Incorrectly merged extras - https://github.com/DavHau/mach-nix/pull/334 32 tqdm = "wheel"; 33 }; 34 in 35 rec { 36 tahoe-lafs = mach-nix.buildPythonPackage rec { Created by: tomprince
Maybe? I'd probably a little bit ambivalent about putting there in its current state, as a public interface. In particular, all the "just-so" choices of providers for various dependencies to get things to work. And mach-nix doesn't really have a good story around composing
mach-nix.buildPythonPackage
built packages, so I'm not sure how easy it would be for us to then re-use it.