tvl-depot/third_party/nix
Griffin Smith c5f3b12f04 feat(tvix): Support systemd socket activation
When the nix daemon starts up, first check (using sd_listen_fds) whether
we have been systemd socket-activated. If so, instead of passing the nix
daemon socket path to grpc, start a manual accept(2) loop, passing the
client file descriptors to grpc via AddInsecureChannelFromFd. There's an
open grpc issue at https://github.com/grpc/grpc/issues/19133 for
building support into grpc to do this automatically, but as of right now
this appears to be the only way to make this happen.

Making this happen, by the way, was a bit of a journey - at one point I
attempted to ServerBuilder's experimental AddExternalConnectionAcceptor
API, and that didn't work either - it appears that the final missing
piece to getting this working was explicitly fcntl(2)ing the client file
descriptors to set O_NONBLOCK before passing them into gRPC. With that
set, this all works inside of the test vm.

Fixes: b/56
Change-Id: I5d2ab2b5b02eb570249b30a9674e115c61b0ab0e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1882
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
2020-09-01 01:07:11 +00:00
..
.github Add 'third_party/nix/' from commit 'be66c7a6b24e3c3c6157fd37b86c7203d14acf10' 2020-05-17 15:52:38 +01:00
config chore(3p/nix): Clean up some unused defines 2020-05-30 23:17:48 +01:00
contrib Add 'third_party/nix/' from commit 'be66c7a6b24e3c3c6157fd37b86c7203d14acf10' 2020-05-17 15:52:38 +01:00
corepkgs refactor(tvix): Drop meson.build files 2020-08-31 15:38:16 +00:00
doc/manual refactor(tvix): Drop meson.build files 2020-08-31 15:38:16 +00:00
misc/systemd refactor(tvix): Drop meson.build files 2020-08-31 15:38:16 +00:00
scripts refactor(tvix): Drop meson.build files 2020-08-31 15:38:16 +00:00
src feat(tvix): Support systemd socket activation 2020-09-01 01:07:11 +00:00
tests chore(3p/nix): Remove support for plugins 2020-07-20 14:45:43 +00:00
.clang-format style(3p/nix): Change include formatting config for clang-format 2020-05-19 15:55:09 +01:00
.clang-tidy chore(3p/nix): disable modernize-use-trailing-return-type 2020-08-01 23:52:45 +00:00
.dir-locals.el fix(3p/nix): Set C++ style to "Google" in Emacs locals 2020-05-19 05:13:47 +01:00
.gitignore refactor(3p/nix): Introduce CMake as the build system for Nix 2020-05-28 00:11:25 +01:00
.skip-subtree chore(third_party): Skip subtrees of large external projects 2020-08-26 23:49:32 +00:00
.travis.yml Add 'third_party/nix/' from commit 'be66c7a6b24e3c3c6157fd37b86c7203d14acf10' 2020-05-17 15:52:38 +01:00
.version Add 'third_party/nix/' from commit 'be66c7a6b24e3c3c6157fd37b86c7203d14acf10' 2020-05-17 15:52:38 +01:00
clangd.nix chore(3p/nix): Enable cross-file-rename in clangd 2020-05-24 18:19:28 +01:00
CMakeLists.txt fix(tvix): use correct value of SANDBOX_SHELL 2020-08-14 02:56:04 +00:00
config.h.in fix(3p/nix): Properly configure SANDBOX_SHELL 2020-08-04 02:15:10 +00:00
COPYING Add 'third_party/nix/' from commit 'be66c7a6b24e3c3c6157fd37b86c7203d14acf10' 2020-05-17 15:52:38 +01:00
default.nix feat(tvix): Support systemd socket activation 2020-09-01 01:07:11 +00:00
OWNERS chore(tvix): Add riking to owners 2020-08-31 23:01:44 +00:00
README.md fix(3p/nix): Don't include depotPath in the main drv 2020-07-25 02:29:14 +00:00
test-vm.nix feat(tvix): Expose depot in the test vm 2020-09-01 01:07:11 +00:00

Tvix, also known as TVL's fork of Nix

Nix is a new take on package management that is fairly unique. Because of its purity aspects, a lot of issues found in traditional package managers don't appear with Nix.

To find out more about the tool, usage and installation instructions, please read the manual, which is available on the Nix website at http://nixos.org/nix/manual.

This repository is TVL's's fork of Nix, which we lovingly refer to as Tvix.

Fork background

Nix is a fantastic project with over a decade of demonstrated real-world usage, but also with quite a few problems.

First of all, the project consists of two main components: The Nix package collection ("nixpkgs") and the package manager itself.

The package collection is an enormous effort with hundreds of thousands of commits, encoding expert knowledge about lots of different software and ways of building and managing it. It is a very valuable piece of software.

The package manager however is an old C++ project with severe code quality issues, little to no documentation, no consistent style and no unit test coverage.

Its codebase is larger than it needs to be (often due to custom reimplementations of basic functionality) and is mostly ad-hoc structured, making it difficult to correctly implement large-scale improvements.

In addition, the upstream Nix project is diverging from the opinions of some community members via the introduction of concepts such as Nix flakes.

To counteract these things we have decided to fork Nix.

Fork goals

The things listed here are explicitly in-scope for work on the fork. This list is not exhaustive, and it is very likely that many other smaller things will be discovered along the way.

nixpkgs compatibility

This fork will maintain compatibility with nixpkgs as much as possible. If at any point we do need to diverge, we will do it in a way that is backwards compatible.

Code quality improvements

Code quality encompasses several different issues.

One goal is to slowly bring the codebase in line with the Google C++ style guide. Apart from the trivial reformatting (which is already done), this means slowly chipping away at incorrectly structured type hierarchies, usage of exceptions, usage of raw pointers, global mutability and so on.

Another goal is to reduce the amount of code in Nix by removing custom reimplementations of basic functionality (such as string splitting or reading files).

For functionality that is not part of the C++17 standard library, Abseil will be the primary external library used.

Explicit RPC mechanisms

Nix currently uses homegrown mechanisms of interacting with other Nix binaries, for example for remote builds or interaction between the CLI and the Nix daemon.

This will be replaced with gRPC.

New sandboxing mechanism

Nix implements its own sandboxing mechanism. This was probably the correct decision at the time, but is not necessary anymore because Linux containers have become massively popular and lots of new tooling is now available.

The goal is to replace the custom sandboxing implementation with pluggable OCI runtimes, which will make it possible to use arbitrary container runtimes such as gVisor or systemd-nspawn

Pluggable Nix store backends

The current Nix store implementation will be removed from Nix' core and instead be refactored into a gRPC API that can be implemented by different backends.

Builds as graph reductions

A Nix derivation that should be instantiated describes a build graph. This graph will become a first-class citizen, making it possible to distribute different parts of the computation to different nodes.

Implementing this properly will also allow us to improve the implementation of import-from-derivation by explicitly moving through different graph reduction stages.

Fork non-goals

To set expectations, there are some explicit non-goals, too.

  • Merging these changes back into upstream is not a goal, and maybe not even feasible. The core work has not even started yet and just basic cleanup has already created a diff of over 40 000 lines.

    This would likely also turn into a political effort, which we have no interest in.

  • Improved performance is not an (initial) goal. Nix performance is very unevenly distributed across the codebase (some things have seen a lot of ad-hoc optimisation, others are written like inefficient toy implementations) and we simply don't know what effect the cleanup will have.

    Once the codebase is in a better state we will be able to start optimising it again while retaining readability, but this is not a goal until a later point in time.

  • Compatibility with new upstream features is not a goal. Specifically we do not want Nix flakes, but other changes upstream makes will be considered for inclusion.

  • Support for non-Linux systems. Currently Nix support Mac OS and potentially other systems, but this support will be dropped.

    Once we have OCI-compatible sandboxes and a store protocol it will be possible to reintroduce these with less friction.

Building

To build the project, set up an out-of-tree cmake directory and run cmake in nix-shell.

mkdir ~/build/tvix
cd ~/build/tvix

nix-shell $DEPOT_PATH -A third_party.nix.build-shell

# Disable clang-tidy for quicker builds
cmake $DEPOT_PATH -DCLANG_TIDY_PATH=""
make -j16 -l12

Contributing to the fork

The TVL depot's default contribution guidelines apply.

In addition, please make sure that submitted code builds and is formatted with clang-format, using the configuration found in this folder.

License

Nix is released under the LGPL v2.1

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.