[COM-29] Nix package with all dependencies

Question

[COM-29] Nix package with all dependencies

l0b0 opened this issue a year ago · 3 comments

Is this issue related to an issue?.

Installing using cURL and then having to download a bunch of dependencies doesn't sound very reproducible. When working in a team I want to make sure everybody is running exactly the same version of all development tools.

Describe the outcome you'd like from us

As a new user with Nix installed, it would be great to be able to install all the SI dependencies in a reproducible fashion with a single command, such as nix-shell -p system-initiative. This would mean creating a package in nixpkgs. As far as I can tell there is no mention of SI in nixpkgs yet.

Describe alternatives you've considered

N/A

Code of Conduct

I agree to follow this project's Code of Conduct

Additional context

No response

_COM-29

Answer 1 · 2023-08-17T12:42:34.000Z

EDIT: I think I misunderstood the question. This is presumably only about installing the client software and not about development. I think a nixpkgs package does make sense, though a flake might mean that users could stay up to date even if nixpkgs falls behind (If I understand flakes correctly.)

Which items did you have to curl? I already had Nix installed and direnv configured so all I had to do was clone the repo and cd into it and nix took care of the rest.

Could you list the steps you had to take?

Separately, I agree that it would make sense for the si cli tool to eventually be packaged into nixpkgs.
If the itch doesn't hit someone else first I might make a pass at it.

Also, given that there's already a flake file (currently only being used for development dependencies as far as I can tell,) it could probably be extended to allow installing si as a flake. I have yet to do any packaging like that so that's less likely to be something I could help with.

Answer 2 · 2023-08-18T22:56:03.000Z

I should've mentioned that this is in relation to your download page, which says to curl -sSfL https://auth.systeminit.com/install.sh | sh, and then your install tutorial, which says that, in addition to that command,

Run the command si start in a terminal window, which will check for system dependencies, prompt for the necessary credentials, and download/start the System Initiative components.

So there's two separate install processes, and several non-reproducible steps:

curl -sSfL https://auth.systeminit.com/install.sh depends on the current state of that file.
The current version of install.sh has reference to (at least) non-reproducible "https://auth-api.systeminit.com/github/releases/latest".
I don't know whether si start is reproducible, but presumably not based on the other parts of the install process.

Having a Nix derivation which provides all the necessary packages would remove this non-reproducibility. And having that derivation in nixpkgs would make installing SI as simple as nix-shell -p system-initiative or adding pkgs.system-initiative to environment.systemPackages in NixOS.

Answer 3 · 2023-08-22T20:16:46.000Z

We're unlikely to support any third party packaging systems in the near term future. We want to ensure that everyone is getting binaries that are compiled, published, and managed by us, and that they get them at the same time and via the same mechanism. Our release and versioning strategy is to make the latest version stable at all times, and use feature flags to enable/disable any in progress work, rather than rely on package versioning to do so.

We might reconsider this position eventually, but we won't be changing our minds any time soon. I'm closing this issue, but not closing the door in the future. :)