maintainers/scripts/bootstrap-files/README.md at python-updates

tjh.dev / nixpkgs
fork atom
nixpkgs mirror (for testing) github.com/NixOS/nixpkgs
nix
fork atom
nixpkgs / maintainers / scripts / bootstrap-files / README.md
at python-updates 126 lines 4.9 kB view raw view rendered
wrap content
  1# Bootstrap files
  2
  3Currently `nixpkgs` builds most of its packages using bootstrap seed binaries (without the reliance on external inputs):
  4
  5- `bootstrap-tools`: an archive with the compiler toolchain and other helper tools enough to build the rest of the `nixpkgs`.
  6- initial binaries needed to unpack `bootstrap-tools.*`.
  7  On `linux` it's just `busybox`, on `darwin` and `freebsd` it is `unpack.nar.xz` which contains the binaries and script needed to unpack the tools.
  8  These binaries can be executed directly from the store.
  9
 10These are called "bootstrap files".
 11
 12Bootstrap files should always be fetched from Hydra and uploaded to `tarballs.nixos.org` to guarantee that all the binaries were built from the code committed into `nixpkgs` repository.
 13
 14The uploads to `tarballs.nixos.org` are done by `@NixOS/infra` team members who have S3 write access.
 15
 16This document describes the procedure of updating bootstrap files in `nixpkgs`.
 17
 18## How to upload bootstrap files (for infra team)
 19
 20When a PR updates bootstrap files, the commit message contains the upload commands.
 21Infra team members with S3 access can upload as follows:
 22
 231. Clone or navigate to the [nixos-infra](https://github.com/NixOS/nixos-infra) repository and enter the `terraform` directory:
 24
 25   ```
 26   $ cd nixos-infra/terraform
 27   ```
 28
 292. Authenticate with AWS SSO:
 30
 31   ```
 32   $ aws sso login
 33   ```
 34
 353. Realize the build output locally (fetch from hydra cache):
 36
 37   ```
 38   $ nix-store --realize /nix/store/<hash>-stdenv-bootstrap-tools
 39   ```
 40
 414. Upload to S3 with public-read ACL:
 42
 43   ```
 44   $ aws s3 cp --recursive --acl public-read \
 45       /nix/store/<hash>-stdenv-bootstrap-tools/on-server/ \
 46       s3://nixpkgs-tarballs/stdenv/<target>/<nixpkgs-revision>/
 47   ```
 48
 495. Verify the upload by downloading and checking hashes:
 50
 51   ```
 52   $ aws s3 cp --recursive s3://nixpkgs-tarballs/stdenv/<target>/<nixpkgs-revision>/ ./
 53   $ sha256sum bootstrap-tools.tar.xz busybox
 54   $ sha256sum /nix/store/<hash>-stdenv-bootstrap-tools/on-server/*
 55   ```
 56
 57   Compare these hashes with those shown in the PR's commit message.
 58
 59The exact paths and hashes are provided in each bootstrap update commit message generated by `refresh-tarballs.bash`.
 60
 61## How to request the bootstrap seed update
 62
 63To get the tarballs updated let's use an example `i686-unknown-linux-gnu` target:
 64
 651. Create a local update:
 66
 67   ```
 68   $ maintainers/scripts/bootstrap-files/refresh-tarballs.bash --commit --targets=i686-unknown-linux-gnu
 69   ```
 70
 712. Test the update locally. I'll build local `hello` derivation with the result:
 72
 73   ```
 74   $ nix-build -A hello --argstr system i686-linux
 75   ```
 76
 77   To validate cross-targets `binfmt` `NixOS` helper can be useful.
 78   For `riscv64-unknown-linux-gnu` the `/etc/nixos/configuration.nix` entry would be `boot.binfmt.emulatedSystems = [ "riscv64-linux" ]`.
 79
 803. Propose the commit as a PR to update bootstrap tarballs, tag people who can help you test the updated architecture and once reviewed tag `@NixOS/infra-build` to upload the tarballs.
 81
 82## How to add bootstrap files for a new target
 83
 84The procedure to add a new target is very similar to the update procedure.
 85The only difference is that you need to set up a new job to build the `bootstrapFiles`.
 86To do that you will need the following:
 87
 881. Add your new target to `lib/systems/examples.nix`
 89
 90   This will populate `pkgsCross.$target` attribute set.
 91   If you are dealing with `bootstrapFiles` upload you probably already have it.
 92
 932. Add your new target to `pkgs/stdenv/linux/make-bootstrap-tools-cross.nix`.
 94   This will add a new hydra job to `nixpkgs:cross-trunk` jobset.
 95
 963. Wait for a Hydra to build your bootstrap tarballs.
 97
 984. Add your new target to `maintainers/scripts/bootstrap-files/refresh-tarballs.bash` around `CROSS_TARGETS=()`.
 99
1005. Add your new target to `pkgs/stdenv/linux/default.nix` and follow standard bootstrap seed update procedure above.
101
102## Bootstrap files job definitions
103
104There are two types of bootstrap files:
105
106- natively built `stdenvBootstrapTools.build` Hydra jobs in [`nixpkgs:trunk`](https://hydra.nixos.org/jobset/nixpkgs/trunk#tabs-jobs) jobset.
107  Incomplete list of examples is:
108
109  * `aarch64-unknown-linux-musl.nix`
110  * `i686-unknown-linux-gnu.nix`
111
112  These are Tier 1 Hydra platforms.
113
114- cross-built by `bootstrapTools.build` Hydra jobs in [`nixpkgs:cross-trunk`](https://hydra.nixos.org/jobset/nixpkgs/cross-trunk#tabs-jobs) jobset.
115  Incomplete list of examples is:
116
117  * `mips64el-unknown-linux-gnuabi64.nix`
118  * `mips64el-unknown-linux-gnuabin32.nix`
119  * `mipsel-unknown-linux-gnu.nix`
120  * `powerpc64le-unknown-linux-gnu.nix`
121  * `riscv64-unknown-linux-gnu.nix`
122
123  These are usually Tier 2 and lower targets.
124
125The `.build` job contains `/on-server/` subdirectory with binaries to be uploaded to `tarballs.nixos.org`.
126The files are uploaded to `tarballs.nixos.org` by writers to `S3` store.