From 708074ae6db9e0468e4f48477f856e8c2d059795 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Thu, 24 Apr 2025 12:18:05 -0400 Subject: [PATCH] treewide: Prevent IFD by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Import-from-derivation (IFD) has problematic performance, and is disabled in Nixpkgs by policy. It is arguably good practice for libraries to avoid it whenever possible, as it has poor ergonomics in some cases, especially with dry builds, as it requires multiple eval+build phases. As such, prevent its use in Home Manager by default by putting existing tests that use IFD behind a config. In CI, run a first pass with IFD disabled, skipping tests without the config. Then run a second pass with IFD enabled and including tests with the config. This second pass will also run tests without the config, but they should be cached from the previous run, so the cost is not double (only eval time should be paid twice). It’s necessary to change from using NMT’s `run` to `build` as `run` itself uses IFD. Of the tests that have the config: - kitty/theme-to-themeFile: this is a test for deprecated config, and so should be removed eventually anyway - podman: the implementation relies on IFD to create individual systemd units from the derivation output, and so it is not straightforward to remove the IFD; doing so would require rethinking how the module works to instead have the systemd unit files included as-is rather than as individually configured units in the Nix config. --- .github/workflows/test.yml | 7 ++++++- docs/manual/contributing/tests.md | 16 +++++++++++----- tests/big-test.nix | 10 ++++++++++ .../programs/kitty/theme-to-themeFile.nix | 3 ++- tests/modules/services/podman-linux/build.nix | 9 +++++++-- .../modules/services/podman-linux/container.nix | 4 +++- tests/modules/services/podman-linux/image.nix | 4 +++- .../services/podman-linux/integration.nix | 9 +++++++-- tests/modules/services/podman-linux/manifest.nix | 4 +++- tests/modules/services/podman-linux/network.nix | 4 +++- tests/modules/services/podman-linux/volume.nix | 4 +++- 11 files changed, 58 insertions(+), 16 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ab49afc4a..e7c0a551e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,6 +26,11 @@ jobs: - run: ./format --ci - run: nix-shell --show-trace . -A install - run: yes | home-manager -I home-manager=. uninstall - - run: nix-shell -j auto --show-trace --arg enableBig false --pure tests -A run.all + - name: Run tests + run: nix-build -j auto --show-trace --arg enableBig false --pure --option allow-import-from-derivation false tests -A build.all + env: + GC_INITIAL_HEAP_SIZE: 4294967296 + - name: Run tests (with IFD) + run: nix-build -j auto --show-trace --arg enableBig false --pure --arg enableLegacyIfd true tests -A build.all env: GC_INITIAL_HEAP_SIZE: 4294967296 diff --git a/docs/manual/contributing/tests.md b/docs/manual/contributing/tests.md index 41eec3447..f7413eb4d 100644 --- a/docs/manual/contributing/tests.md +++ b/docs/manual/contributing/tests.md @@ -13,20 +13,20 @@ functions available in test scripts, you can look at NMT's The full Home Manager test suite can be run by executing ``` shell -$ nix-shell --pure tests -A run.all +$ nix-build --pure --option allow-import-from-derivation false tests -A build.all ``` in the project root. List all test cases through ``` shell -$ nix-shell --pure tests -A list +$ nix-build --pure tests --option allow-import-from-derivation false -A list ``` and run an individual test, for example `alacritty-empty-settings`, through ``` shell -$ nix-shell --pure tests -A run.alacritty-empty-settings +$ nix-build --pure tests --option allow-import-from-derivation false -A build.alacritty-empty-settings ``` However, those invocations will impurely source the system's Nixpkgs, @@ -34,11 +34,17 @@ and may cause failures. To run against the Nixpkgs from the `flake.lock` file, use instead e.g. ``` shell -$ nix build --reference-lock-file flake.lock ./tests#test-all +$ nix build --reference-lock-file flake.lock --option allow-import-from-derivation false ./tests#test-all ``` or ``` shell -$ nix build --reference-lock-file flake.lock ./tests#test-alacritty-empty-settings +$ nix build --reference-lock-file flake.lock --option allow-import-from-derivation false ./tests#test-alacritty-empty-settings +``` + +Some tests may be marked with `enableLegacyIfd`, those may be run by run with e.g. + +``` shell +$ nix-build --pure tests --arg enableLegacyIfd true -A build.mytest ``` diff --git a/tests/big-test.nix b/tests/big-test.nix index 5396f170e..233ae7340 100644 --- a/tests/big-test.nix +++ b/tests/big-test.nix @@ -10,4 +10,14 @@ packages or tests that take long to run. ''; }; + + options.test.enableLegacyIfd = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Whether to enable tests that use import-from-derivation (IFD). Use of IFD + in Home Manager is deprecated, and this option should not be used for new + tests. + ''; + }; } diff --git a/tests/modules/programs/kitty/theme-to-themeFile.nix b/tests/modules/programs/kitty/theme-to-themeFile.nix index 5506dbdb7..849be1e2e 100644 --- a/tests/modules/programs/kitty/theme-to-themeFile.nix +++ b/tests/modules/programs/kitty/theme-to-themeFile.nix @@ -1,11 +1,12 @@ { + config, lib, options, realPkgs, ... }: -{ +lib.mkIf config.test.enableLegacyIfd { programs.kitty = { enable = true; theme = "Space Gray Eighties"; diff --git a/tests/modules/services/podman-linux/build.nix b/tests/modules/services/podman-linux/build.nix index f54f7f8b3..a70c1e53f 100644 --- a/tests/modules/services/podman-linux/build.nix +++ b/tests/modules/services/podman-linux/build.nix @@ -1,6 +1,11 @@ -{ pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: + +lib.mkIf config.test.enableLegacyIfd { imports = [ ./podman-stubs.nix ]; services.podman = { diff --git a/tests/modules/services/podman-linux/container.nix b/tests/modules/services/podman-linux/container.nix index 8f8768903..153d6e195 100644 --- a/tests/modules/services/podman-linux/container.nix +++ b/tests/modules/services/podman-linux/container.nix @@ -1,4 +1,6 @@ -{ +{ config, lib, ... }: + +lib.mkIf config.test.enableLegacyIfd { imports = [ ./podman-stubs.nix ]; services.podman = { diff --git a/tests/modules/services/podman-linux/image.nix b/tests/modules/services/podman-linux/image.nix index 7d3159b7a..86dafdc0f 100644 --- a/tests/modules/services/podman-linux/image.nix +++ b/tests/modules/services/podman-linux/image.nix @@ -1,4 +1,6 @@ -{ +{ config, lib, ... }: + +lib.mkIf config.test.enableLegacyIfd { imports = [ ./podman-stubs.nix ]; services.podman = { diff --git a/tests/modules/services/podman-linux/integration.nix b/tests/modules/services/podman-linux/integration.nix index 607e45890..fca0a5f15 100644 --- a/tests/modules/services/podman-linux/integration.nix +++ b/tests/modules/services/podman-linux/integration.nix @@ -1,6 +1,11 @@ -{ pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: + +lib.mkIf config.test.enableLegacyIfd { imports = [ ./podman-stubs.nix ]; services.podman = { diff --git a/tests/modules/services/podman-linux/manifest.nix b/tests/modules/services/podman-linux/manifest.nix index 6ac4ba8ac..ea956967a 100644 --- a/tests/modules/services/podman-linux/manifest.nix +++ b/tests/modules/services/podman-linux/manifest.nix @@ -1,4 +1,6 @@ -{ +{ config, lib, ... }: + +lib.mkIf config.test.enableLegacyIfd { imports = [ ./podman-stubs.nix ]; services.podman = { diff --git a/tests/modules/services/podman-linux/network.nix b/tests/modules/services/podman-linux/network.nix index 7e7becc77..904bab822 100644 --- a/tests/modules/services/podman-linux/network.nix +++ b/tests/modules/services/podman-linux/network.nix @@ -1,4 +1,6 @@ -{ +{ config, lib, ... }: + +lib.mkIf config.test.enableLegacyIfd { imports = [ ./podman-stubs.nix ]; services.podman = { diff --git a/tests/modules/services/podman-linux/volume.nix b/tests/modules/services/podman-linux/volume.nix index 2c07c9a0f..83e3007f3 100644 --- a/tests/modules/services/podman-linux/volume.nix +++ b/tests/modules/services/podman-linux/volume.nix @@ -1,4 +1,6 @@ -{ +{ config, lib, ... }: + +lib.mkIf config.test.enableLegacyIfd { imports = [ ./podman-stubs.nix ]; services.podman = {