diff --git a/.github/workflows/push_cachix_dev.yml b/.github/workflows/push_cachix_dev.yml new file mode 100644 index 000000000..7a6341a1b --- /dev/null +++ b/.github/workflows/push_cachix_dev.yml @@ -0,0 +1,39 @@ +name: Push packages to AsterNixOS's development cache on Cachix + +on: + workflow_dispatch: + pull_request: + paths: + - .github/workflows/push_cachix_pkgs.yml + - distro/** + push: + branches: + - main + paths: + - .github/workflows/push_cachix_pkgs.yml + - distro/** + +jobs: + push-pkgs: + runs-on: ubuntu-4-cores-150GB-ssd + container: + image: asterinas/asterinas:0.16.2-20251209 + options: -v /dev:/dev --privileged + timeout-minutes: 60 + steps: + - uses: actions/checkout@v4 + + - name: Build Asterinas NixOS patched packages (dry run) + if: github.event_name == 'pull_request' + run: | + make kernel BOOT_PROTOCOL=linux-efi-handover64 || true + make cachix + + - name: Build Asterinas NixOS patched packages and push to development cache + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + run: | + make kernel BOOT_PROTOCOL=linux-efi-handover64 || true + export CACHIX_AUTH_TOKEN=${{ secrets.CACHIX_AUTH_TOKEN_FOR_DEV_CACHE }} + make push_cachix 2>&1 | tee cachix.log || true + tail --lines 10 cachix.log | grep -q -E "^(All done|Nothing to push)" || (echo "Push cachix failed" && exit 1) + echo "Push cachix succeeds!" diff --git a/.gitignore b/.gitignore index 2ca58aed7..4ce0d1f12 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,6 @@ aster-nix-profile-*.svg # distro results distro/result + +# cachix package list +cachix.list diff --git a/Makefile b/Makefile index 72f75cf7b..2501bbbbb 100644 --- a/Makefile +++ b/Makefile @@ -67,6 +67,16 @@ NIXOS_STAGE_2_INIT ?= /bin/sh -l AUTO_INSTALL ?= true # End of ISO installer settings +# Cachix binary cache settings +CACHIX_AUTH_TOKEN ?= +RELEASE_CACHIX_NAME ?= "aster-nixos-release" +RELEASE_SUBSTITUTER ?= https://aster-nixos-release.cachix.org +RELEASE_TRUSTED_PUBLIC_KEY ?= aster-nixos-release.cachix.org-1:xB6U/f5ck5vGDJZ04kPp3zGpZ4Nro9X4+TSSMAETVFE= +DEV_CACHIX_NAME ?= "aster-nixos-dev" +DEV_SUBSTITUTER ?= https://aster-nixos-dev.cachix.org +DEV_TRUSTED_PUBLIC_KEY ?= aster-nixos-dev.cachix.org-1:xrCbE2flfliFTQCY/2HeJoT2tCO+5kMTZeLIUH9lnIA= +# End of Cachix binary cache settings + # ========================= End of Makefile options. ========================== SHELL := /bin/bash @@ -333,6 +343,24 @@ run_nixos: OVMF = off run_nixos: @./tools/nixos/run_nixos.sh target/nixos +# Build the Asterinas NixOS patched packages +cachix: + @nix-build distro/cachix \ + --argstr test-command "${NIXOS_TEST_COMMAND}" \ + --option extra-substituters "${RELEASE_SUBSTITUTER} ${DEV_SUBSTITUTER}" \ + --option extra-trusted-public-keys "${RELEASE_TRUSTED_PUBLIC_KEY} ${DEV_TRUSTED_PUBLIC_KEY}" \ + --out-link cachix.list + +# Push the Asterinas NixOS patched packages to Cachix +.PHONY: push_cachix +push_cachix: USE_RELEASE_CACHE ?= 0 +push_cachix: cachix +ifeq ($(USE_RELEASE_CACHE), 1) + @cachix push $(RELEASE_CACHIX_NAME) < cachix.list +else + @cachix push $(DEV_CACHIX_NAME) < cachix.list +endif + .PHONY: gdb_server gdb_server: initramfs $(CARGO_OSDK) @cd kernel && cargo osdk run $(CARGO_OSDK_BUILD_ARGS) --gdb-server wait-client,vscode,addr=:$(GDB_TCP_PORT) diff --git a/distro/aster_nixos_installer/default.nix b/distro/aster_nixos_installer/default.nix index 33e312d97..3deccf1a2 100644 --- a/distro/aster_nixos_installer/default.nix +++ b/distro/aster_nixos_installer/default.nix @@ -1,5 +1,6 @@ { disable-systemd ? "false", stage-2-hook ? "/bin/sh -l", log-level ? "error" -, console ? "hvc0", test-command ? "", pkgs ? import { } }: +, console ? "hvc0", test-command ? "", extra-substituters ? "" +, extra-trusted-public-keys ? "", pkgs ? import { } }: let aster-kernel = builtins.path { name = "aster-nix-osdk-bin"; @@ -16,6 +17,8 @@ let aster-log-level = log-level; aster-console = console; aster-test-command = test-command; + aster-substituters = extra-substituters; + aster-trusted-public-keys = extra-trusted-public-keys; }; }; install_aster_nixos = pkgs.replaceVarsWith { @@ -23,6 +26,8 @@ let replacements = { aster-configuration = aster_configuration; aster-etc-nixos = etc-nixos; + aster-substituters = extra-substituters; + aster-trusted-public-keys = extra-trusted-public-keys; }; isExecutable = true; }; @@ -32,10 +37,10 @@ in pkgs.stdenv.mkDerivation { buildCommand = '' mkdir -p $out/{bin,etc_nixos} cp ${install_aster_nixos} $out/bin/install_aster_nixos.sh - ln -s ${aster_configuration} $out/etc_nixos/aster_configuration.nix - ln -s ${etc-nixos}/configuration.nix $out/etc_nixos/configuration.nix - ln -s ${etc-nixos}/modules $out/etc_nixos/modules - ln -s ${etc-nixos}/overlays $out/etc_nixos/overlays + cp -L ${aster_configuration} $out/etc_nixos/aster_configuration.nix + cp -L ${etc-nixos}/configuration.nix $out/etc_nixos/configuration.nix + cp -r ${etc-nixos}/modules $out/etc_nixos/modules + cp -r ${etc-nixos}/overlays $out/etc_nixos/overlays ln -s ${aster-kernel} $out/kernel ''; } diff --git a/distro/aster_nixos_installer/templates/aster_configuration.nix b/distro/aster_nixos_installer/templates/aster_configuration.nix index 27f2d8e11..8d07887f5 100644 --- a/distro/aster_nixos_installer/templates/aster_configuration.nix +++ b/distro/aster_nixos_installer/templates/aster_configuration.nix @@ -74,6 +74,16 @@ description = "If set to true, the system will not proceed to switch to the root filesystem after initial boot. Instead, it will drop into an initramfs shell. This is primarily intended for debugging purposes."; }; + substituters = lib.mkOption { + type = lib.types.str; + default = "@aster-substituters@"; + description = "The substituters fo Asterinas NixOS."; + }; + trusted-public-keys = lib.mkOption { + type = lib.types.str; + default = "@aster-trusted-public-keys@"; + description = "The trusted public keys of Asterinas NixOS."; + }; }; }; } diff --git a/distro/aster_nixos_installer/templates/install_nixos.sh b/distro/aster_nixos_installer/templates/install_nixos.sh index 16a88eef3..db0ee31b7 100644 --- a/distro/aster_nixos_installer/templates/install_nixos.sh +++ b/distro/aster_nixos_installer/templates/install_nixos.sh @@ -132,6 +132,8 @@ cp -r @aster-etc-nixos@/modules ${BUILD_DIR}/etc/nixos cp -r @aster-etc-nixos@/overlays ${BUILD_DIR}/etc/nixos export PATH=${PATH}:/run/current-system/sw/bin -nixos-install --root ${BUILD_DIR} --no-root-passwd +nixos-install --root ${BUILD_DIR} --no-root-passwd \ + --option extra-substituters "@aster-substituters@" \ + --option extra-trusted-public-keys "@aster-trusted-public-keys@" echo "Congratulations! Asterinas NixOS has been installed successfully!" \ No newline at end of file diff --git a/distro/cachix/default.nix b/distro/cachix/default.nix new file mode 100644 index 000000000..7c10f869f --- /dev/null +++ b/distro/cachix/default.nix @@ -0,0 +1,28 @@ +{ pkgs ? import { }, test-command ? "", extra-substituters ? "" +, extra-trusted-public-keys ? "", ... }: +let + installer = pkgs.callPackage ../aster_nixos_installer { + inherit test-command extra-substituters extra-trusted-public-keys; + }; + nixos = pkgs.nixos (import "${installer}/etc_nixos/configuration.nix"); + cachixPkgs = with nixos.pkgs; + [ + hello-asterinas + xfce.xfdesktop + xfce.xfwm4 + xorg.xorgserver + runc + runc.man + podman + podman.man + aster_systemd + ] ++ (with nixos.config; [ + system.build.toplevel + systemd.package + systemd.package.debug + systemd.package.dev + systemd.package.man + virtualisation.podman.package + virtualisation.podman.package.man + ]); +in pkgs.writeClosure cachixPkgs diff --git a/distro/etc_nixos/modules/core.nix b/distro/etc_nixos/modules/core.nix index 80766413b..feeb5eda9 100644 --- a/distro/etc_nixos/modules/core.nix +++ b/distro/etc_nixos/modules/core.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, options, ... }: let kernel = builtins.path { name = "aster-nix-osdk-bin"; @@ -100,6 +100,8 @@ in { ''; system.activationScripts.modprobe = lib.mkForce ""; + nix.nixPath = options.nix.nixPath.default + ++ [ "nixpkgs-overlays=/etc/nixos/overlays" ]; nix.settings = { filter-syscalls = false; require-sigs = false; @@ -107,6 +109,8 @@ in { # FIXME: Support Nix build users (nixbld*) and remove this setting. For detailed gaps, see # . build-users-group = ""; + substituters = [ "${config.aster_nixos.substituters}" ]; + trusted-public-keys = [ "${config.aster_nixos.trusted-public-keys}" ]; }; # FIXME: Currently, during `nixos-rebuild`, `texinfo/install-info` encounters a `SIGBUS`. diff --git a/distro/iso_image/default.nix b/distro/iso_image/default.nix index 84fe295ac..e9c1a1ff1 100644 --- a/distro/iso_image/default.nix +++ b/distro/iso_image/default.nix @@ -1,7 +1,9 @@ -{ pkgs ? import { }, autoInstall ? false, test-command ? "", ... }: +{ pkgs ? import { }, autoInstall ? false, test-command ? "" +, extra-substituters ? "", extra-trusted-public-keys ? "", ... }: let - installer = - pkgs.callPackage ../aster_nixos_installer { inherit test-command; }; + installer = pkgs.callPackage ../aster_nixos_installer { + inherit test-command extra-substituters extra-trusted-public-keys; + }; configuration = { imports = [ "${pkgs.path}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" diff --git a/tools/nixos/build_iso.sh b/tools/nixos/build_iso.sh index 0df72a8f1..e63297245 100755 --- a/tools/nixos/build_iso.sh +++ b/tools/nixos/build_iso.sh @@ -14,4 +14,6 @@ mkdir -p ${TARGET_DIR} nix-build ${DISTRO_DIR}/iso_image \ --arg autoInstall ${AUTO_INSTALL} \ --argstr test-command "${NIXOS_TEST_COMMAND}" \ + --argstr extra-substituters "${RELEASE_SUBSTITUTER} ${DEV_SUBSTITUTER}" \ + --argstr extra-trusted-public-keys "${RELEASE_TRUSTED_PUBLIC_KEY} ${DEV_TRUSTED_PUBLIC_KEY}" \ --out-link ${TARGET_DIR}/iso_image diff --git a/tools/nixos/build_nixos.sh b/tools/nixos/build_nixos.sh index 597af009d..4ceb12f4b 100755 --- a/tools/nixos/build_nixos.sh +++ b/tools/nixos/build_nixos.sh @@ -16,7 +16,9 @@ nix-build aster_nixos_installer/default.nix \ --argstr stage-2-hook "${NIXOS_STAGE_2_INIT}" \ --argstr log-level "${LOG_LEVEL}" \ --argstr console "${CONSOLE}" \ - --argstr test-command "${NIXOS_TEST_COMMAND}" + --argstr test-command "${NIXOS_TEST_COMMAND}" \ + --argstr extra-substituters "${RELEASE_SUBSTITUTER} ${DEV_SUBSTITUTER}" \ + --argstr extra-trusted-public-keys "${RELEASE_TRUSTED_PUBLIC_KEY} ${DEV_TRUSTED_PUBLIC_KEY}" popd mkdir -p ${ASTERINAS_DIR}/target/nixos