Add continues testing; Improve many things (#12)

testing + improvements * add tests for common systems via github actions * fix problems that occured while testing * implement own detection for nix sandbox capability instead of using sandbox-fallback
DavHau · Apr 27, 2021 · 7ebf4ca · 7ebf4ca
1 parent 030df34
commit 7ebf4ca
Show file tree

Hide file tree

Showing 10 changed files with 525 additions and 150 deletions.
diff --git a/.envrc b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/nix-portable.yml b/.github/workflows/nix-portable.yml
@@ -0,0 +1,118 @@
+
+name: "Build"
+on:
+  pull_request:
+  push:
+    branches: [master, ci]
+jobs:
+
+
+
+  build:
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+          # Nix Flakes doesn't work on shallow clones
+          fetch-depth: 0
+
+    - uses: cachix/install-nix-action@v12
+      with:
+        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+    
+    - uses: cachix/cachix-action@v8
+      with:
+        name: nix-portable
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+
+    - run: nix build -L .
+
+    - name: Archive result
+      uses: actions/upload-artifact@v2
+      with:
+        name: nix-portable
+        path: result/bin/nix-portable
+
+
+
+
+  test_qemu:
+    name: Test on distro via qemu
+    needs: build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        qemu_os: [ arch, centos7, centos8, debian, ubuntu ]
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+          # Nix Flakes doesn't work on shallow clones
+          fetch-depth: 0
+
+    - uses: cachix/install-nix-action@v12
+      with:
+        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+
+    - uses: cachix/cachix-action@v8
+      with:
+        name: nix-portable
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+
+    - run: nix run -L .#job-qemu-${{ matrix.qemu_os }}
+
+
+
+  test_docker:
+    name: Test inside docker container
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+          # Nix Flakes doesn't work on shallow clones
+          fetch-depth: 0
+
+    - uses: cachix/install-nix-action@v12
+      with:
+        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+    
+    - uses: cachix/cachix-action@v8
+      with:
+        name: nix-portable
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+
+    - run: nix run -L .#job-docker-debian
+
+
+  test_github:
+    name: Test inside github action
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+
+    - uses: actions/checkout@v2
+      with:
+          # Nix Flakes doesn't work on shallow clones
+          fetch-depth: 0
+
+    - uses: cachix/install-nix-action@v12
+      with:
+        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install
+        extra_nix_config: |
+          experimental-features = nix-command flakes
+    
+    - uses: cachix/cachix-action@v8
+      with:
+        name: nix-portable
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+
+    - run: nix run -L .#job-local
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 test/
 result*
 vm/
+.direnv/
+img
diff --git a/README.md b/README.md
@@ -1,31 +1,44 @@
 ## Nix Portable
 Nix - Static, Permissionless, Installation-free, Pre-configured
 
-Nix as a single binary which works without previous installation/configuration and without super user privileges or user namespaces.
+Nix as a single binary which doesn't require any configuration, privileges, or namespaces.
 
 ### Goals:
   - make it extremely simple to install nix
   - make nix work in restricted environments (containers, HPC, ...)
   - be able to use the official binary cache (by simulating the /nix/store)
   - make it easy to distribute nix (via other package managers)
 
-### Systems confirmed working (Please add yours via PR):
-  - CentOS 7
-  - Debian (in docker)
-  - NixOS
+### Tested on the following systems/environments:
+  * Distros:
+    - Arch Linux
+    - Debian 10
+    - CentOS 7
+    - CentOS 8
+    - NixOS
+    - Ubuntu 20.04
+  * Other Environments:
+    - Docker (debian image)
+    - Github Action
 
 ### Under the hood:
-  - the nix-portable binary is a self extracting archive, caching its contents under $HOME/.nix-portable
-  - either bublewrap (bwrap) or proot is used to simulate the /nix/store directory which actually resides in $HOME/.nix-portable/store
-  - a default nixpkgs channel is included and the NIX_PATH variable is set accordingly.
-  - nix version 2.4 is used and configured to enable `flakes` and `nix-command` out of the box.
+  - The nix-portable binary is a self extracting archive, caching its contents in $HOME/.nix-portable
+  - Either bublewrap or proot is used to simulate the /nix/store directory which actually resides in $HOME/.nix-portable/store
+  - A default nixpkgs channel is included and the NIX_PATH variable is set accordingly.
+  - Nix version 2.4 is used and configured to enable `flakes` and `nix-command` out of the box.
+
+
+### Drawbacks / Considerations:
+If user namespaces are not available on a system, nix-portable will fall back to using proot instead of bubblewrap.
+Proot's virtualization can have a significant performance overhead depending on the workload.
+In that situation, it might be beneficial to use a remote builder or alternatively build the derivations on another host and sync them via a cache like cachix.org.
 
 
 ### Missing Features:
   - managing nix profiles via `nix-env`
   - managing nix channels via `nix-channel`
-  - MacOS
-  - support other architecutres than x86_64 
+  - support MacOS
+  - support other architecutres besides x86_64 
 
 
 ### Executing nix-portable
@@ -66,14 +79,14 @@ nix-portable will try to figure out which runtime is best for your system.
 In case the automatically selected runtime doesn't work, use the follwing environment variables to specify the runtime, but pleaae also open an issue, so we can improve the automatic selection.
 
 ### Environmant Variables
-The following environment variables are optional and can be used to override the default behaviour of running nix-portable
+The following environment variables are optional and can be used to override the default behaviour of nix-portable
 ```
-NP_DEBUG      enable debug logging (to stdout)
+NP_DEBUG      (1 = debug msgs; 2 = 'set -e' for nix-portable)
 NP_MINIMAL    do not automatically install git
 NP_LOCATION   where to put the `.nix-portable` dir. (defaults to `$HOME`)
-NP_RUNTIME    which runtime to use (must be either 'bwrap' or 'proot') 
-NP_BWRAP      specify the path to the bwrap executable
-NP_PROOT      specify the path to the proot executable
+NP_RUNTIME    which runtime to use (must be 'bwrap' or 'proot') 
+NP_BWRAP      specify the path to the bwrap executable to use
+NP_PROOT      specify the path to the proot executable to use
 NP_RUN        override the complete command to run nix
               (to use an unsupported runtime, or for debugging)
               nix will then be executed like: $NP_RUN {nix-binary} {args...}