Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NixOS packaging #44

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Add NixOS packaging #44

wants to merge 1 commit into from

Conversation

stephank
Copy link

@stephank stephank commented Dec 3, 2024

I'm not sure if this is useful to land here / something we'd want to maintain here, but I thought I'd open a draft PR to al least share the idea.

This adds a dist/package.nix containing a Nix package definition. We can't just swap out libssl on NixOS, so this recreates a typical install, reusing the OpenSSL libcrypto and headers via symlinks.

The flake.nix is optional convenience for consuming the git repo as a dependency.

I derived an automated integration test with Nginx from an existing NixOS test. With Nix installed, you can run this with nix-build tests/nixos.nix.

Turns out HTTP/3 doesn't yet work, though. 🤷

@cpu
Copy link
Member

cpu commented Dec 4, 2024

Thanks!

I'm not sure if this is useful to land here / something we'd want to maintain here, but I thought I'd open a draft PR to al least share the idea.

I'm supportive but defer to @ctz for the final decision since I'm a biased Nix-enjoyer-slash-sicko. I think if he's onboard we should add some CI integration to try and keep away the bitrot.

@ctz
Copy link
Member

ctz commented Dec 5, 2024

Yes I don't object to this living here; though I don't use Nix myself so something to defend it in CI is extremely desirable.

@stephank
Copy link
Author

stephank commented Dec 10, 2024

Running the test on GitHub Actions is a little over 3 minutes: https://github.com/stephank/rustls-openssl-compat/actions/runs/12256865517/job/34193063214

I think I'll run this work by NixOS itself first. There's a decent chance they'll land it any way, and NixOS CI has hot caches for this stuff, unlike GitHub. NixOS/nixpkgs#363932

3 minutes isn't that bad, but it's also fetching a whole bunch from cache.nixos.org, which I believe is a bit of a topic in NixOS at the moment, because of hosting/bandwidth sponsorships falling away. Building an integration test on Ubuntu is probably more performant here.

So I guess the remaining point of this PR is: do we want broader distribution testing in this repo? :)

@cpu
Copy link
Member

cpu commented Dec 10, 2024

Running the test on GitHub Actions is a little over 3 minutes: https://github.com/stephank/rustls-openssl-compat/actions/runs/12256865517/job/34193063214

That doesn't seem unreasonable to me.

I think I'll run this work by NixOS itself first. There's a decent chance they'll land it any way, and NixOS CI has hot caches for this stuff, unlike GitHub. NixOS/nixpkgs#363932

Cool 👍

3 minutes isn't that bad, but it's also fetching a whole bunch from cache.nixos.org, which I believe is a bit of a topic in NixOS at the moment, because of hosting/bandwidth sponsorships falling away. Building an integration test on Ubuntu is probably more performant here.

Over in rustls-platform-verifier where I landed a bit of Nix we're using DeterminateSystems/magic-nix-cache-action. Is there a reason you'd prefer not to do the same here? I don't have strong feelings, just curious.

So I guess the remaining point of this PR is: do we want broader distribution testing in this repo? :)

My feeling is that if we're going to keep some .nix in this repo it should be tested in CI. If the NixOS PR lands and you think it's better tested in that repo then I'd vote we remove the .nix here vs keeping both in sync with only the external repo getting test coverage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants