[Nix-dev] monitor.nixos.org

Tomasz Czyż tomasz.czyz at gmail.com
Mon Nov 28 14:32:16 CET 2016 

2016-11-28 13:18 GMT+00:00 Profpatsch <mail at profpatsch.de>:

> On 16-11-12 06:39pm, Rok Garbas wrote:
> > On Sat, Nov 12, 2016 at 6:27 PM, Daniel Frank
> > I wrote recently[1] how we tackle this problem at RelEng team at
> > Mozilla. I'm slowly moving all my nix projects to do the same. I will
> > also do the same for the packages I manage in nixpkgs at least that is
> > what I will write to Santa this year, to give me more time to play
> > work on nixpkgs :)
> >
> >
> > [1] https://garbas.si/2016/updating-your-nix-sources.html
>
> So you had a very similar idea about update scripts.
>
> We should chat about that; I think there should be a system
> in place for derivations to specify how the next version can
> be found and if possible how to automatically update the version
> tags & hashes.
>
debian has such a strategy:
- https://wiki.debian.org/debian/watch
-
https://github.com/FedericoCeratto/debian-package-init/blob/master/deb_create_watch.py

I think better place to execute this would be in CI pipeline, when you can
decide if after upgrading the package you are still able to build the
project.

Also, I'm not sure if automatic upgrades would be that great without manual
verification. There are cases when packages have no signatures and somebody
switched the code on the website (this happens from time to time).

Probably topic worth discussing.

Maybe workflow like that could be a start point:

- monitor - checks if upgrades are possible
- CI/hydra
    - checks if upgrades are possible
    - if yes, tries to upgrade package and build it
    - if package is built correctly, sends email to package maintainers
with a patch (or open pull request) and asks for verification.

Also I had an idea that would be nice to integrate this update command into
"meta" of derivation. What do you think?




>
> Those can obviously not be executed by nix itself, but by other
> systems like the nixos monitor.
>
> --
> Proudly written in Mutt with Vim on NixOS.
> Q: Why is this email five sentences or less?
> A: http://five.sentenc.es
> May take up to five days to read your message. If it’s urgent, call me.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>



-- 
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161128/fa8d79c6/attachment-0001.html>

More information about the nix-dev mailing list