xen: 4.15 -> {4.16,4.17,4.18,4.19}#324693
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
8dbcbe0 to
80dcdc6
Compare
|
Fixed the unpatched binaries. Keep in mind XKCD 1513 as you review. |
This comment was marked as outdated.
This comment was marked as outdated.
|
Would you be willing to cherry-pick the maintainers and Then we can try to merge bits and pieces of this so that only the gnarly stuff that I'm not comfortable with is left 😄 |
|
This will currently fail to build due to #331107. |
Is there anything else that blocks review for merge? |
So far, nobody who reviewed feels comfortable enough with Xen to approve this PR, so the fact this has no approvals is a possible blocker. |
I meant implementation-wise like is there anything you still feel like needs to be handled or once the referenced issue is solved do you feel like it's ready for merge? |
|
Yes, I do believe this is ready to merge, but we have an issue where there is an abundance of reviewers who are knowledgeable about Nix, and an abundance of reviewers that are knowledgeable about Xen, but basically no active reviewers who are knowledgeable about both. |
I don't think that is an issue, rather the blocking issue seems to be security considering the nature of Xen (also some people like andy above seem to be working on infra adjustments), but that (to me at least) seems like is sufficiently managed for NixOS standards. |
radhus
left a comment
There was a problem hiding this comment.
Great work! Don't know if my approval mean much - but I think this overall makes Xen way more easily maintainable now!
As there aren't any automated dom0 tests, if the code looks fine from both a Xen and Nixpkgs perspective, and you're able to manually test dom0 with some domU's, shouldn't we just consider merging and let any issues be fixed in upcoming PRs, given that you're the maintainer going forward? 🤗
|
@andyhhp Considering your reply in #324693 (comment) are you planing to co-maintain this package to address thomas's concern to make the package more reliable? Optionally i am willing to help with maintenance if none's against it as NiXium's projected to use Xen on majority of it's systems. EDIT: sorry i though you meant cleaning NixOS's CIs, feel free to ignore my question then. |
Yea, the lack of automated tests is kinda a problem too for a production environment, but in terms of management it's probably better to merge in the current state and add them later as this is already getting kinda complex to review and i am not sure what should we be checking in the nixos context beyond the obvious once. |
In my opinion, it's next to impossible to add more tests, at least without rewriting the Nixpkgs test infrastructure. Xen requires a bare-metal host to be a dom0 in, which isn't the case with NixOS tests, much less package tests |
Sorry, I'm an upstream Xen developer, and can advise on that side of things, but I don't have time (or indeed the expertise) to advise on the NixOS side of things. |
That sounds like an over-reaction, the infra should have the tools needed, but it needs to b researched to figure out how to implement them else RFC
My apologies i confused you with nix developer and realized my mistake shortly after. |
Xen requires a bare-metal host to run. It's not a question of tooling, it's a question of not running tests inside containers/VMs, which isn't supported by Nixpkgs, and would require a tremendous amount of resources to effectively implement. |
Hopefully the final Result of 2 packages marked as broken and skipped:
45 packages built:
|
Kreyren
left a comment
There was a problem hiding this comment.
As discussed in nixos devel chat and with nixos security team representative for the approach to get this implemented and maintained.
Refer to the linked discussion for usage notes in production/mission critical environment.
There are too many changes to list between these versions, but here's what's important for Nixpkgs: - Enabled xen.efi building, allowing the nixos/xen module to support EFI booting. - Renamed xen-light to xen-slim, and removed the old xen-slim package, as qemu-traditional has been removed per an upstream recommendation. - xen-slim (formerly xen-light) no longer builds iPXE. - You can now use the OVMF from Xen's repos. - Further generalised generic.nix. Maintaining three versions at once is finally doable. - Removed as many recursions as possible. - Split the package output. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
The update script is interactive, not automated, and is meant to run with human intervention in order to verify Xen's code signature. It produces default.nix files for all security-supported branches. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
xen-light was dropped in favour of xen and xen-slim Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net> Reviewed-by: Matei Dibu <contact@mateidibu.dev>
In function 'libvchan__check_domain_alive': error: unknown type name 'xc_dominfo_t'; did you mean 'xc_meminfo_t'? error: implicit declaration of function 'xc_domain_getinfo'; did you mean 'xc_domain_getvnuma'? [-Werror=implicit-function-declaration] error: request for member 'domid' in something not a structure or union error: request for member 'dying' in something not a structure or union Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net> Reviewed-by: Joachim Ernst <mail-maintainer@0x4A6F.dev>
In file included from ./driver/xen/xen_private.h:42, error: unknown type name 'xc_dominfo_t'; did you mean 'xc_meminfo_t'? PR NixOS#328873 reverts this commit and updates LibVMI. Signed-off-by: Fernando Rodrigues <alpha@sigmasquadron.net>
|
Congrats on this huge achievement! |
Description of changes
Required by #324911.
Things done
sandbox = truepkg-configtest passes successfully.nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"../result/bin/)Closes #320335, closes #26899.
Add a 👍 reaction to pull requests you find important.