From 2b0729da7a2431782fb2016dbf3b1a2095ed88af Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 15 May 2025 04:08:57 +0200 Subject: [PATCH 1/5] Migrate from "gc-" prefixed nix options These have been deprecated, e.g. gc-keep-outputs is now just keep-outputs. --- nixos-modules/hydra.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos-modules/hydra.nix b/nixos-modules/hydra.nix index 79d639e6..283a9b8d 100644 --- a/nixos-modules/hydra.nix +++ b/nixos-modules/hydra.nix @@ -228,8 +228,8 @@ in nix.settings = { trusted-users = [ "hydra-queue-runner" ]; - gc-keep-outputs = true; - gc-keep-derivations = true; + keep-outputs = true; + keep-derivations = true; }; services.hydra-dev.extraConfig = -- 2.49.0 From 78f57b82f71d731737fe01092cb436d8b58e5847 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Sun, 25 May 2025 20:51:05 -0400 Subject: [PATCH 2/5] flake.lock: Update Nixpkgs to 25.05 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/eea3403f7ca9f9942098f4f2756adab4ec924b2b?narHash=sha256-JT1wMjLIypWJA0N2V27WpUw8feDmTok4Dwkb0oYXDS4%3D' (2025-04-23) → 'github:NixOS/nixpkgs/db1aed32009f408e4048c1dd0beaf714dd34ed93?narHash=sha256-8A7HjmnvCpDjmETrZY1QwzKunR63LiP7lHu1eA5q6JI%3D' (2025-05-24) --- flake.lock | 8 ++++---- flake.nix | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 3e403f6f..3a8d6870 100644 --- a/flake.lock +++ b/flake.lock @@ -35,16 +35,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745408698, - "narHash": "sha256-JT1wMjLIypWJA0N2V27WpUw8feDmTok4Dwkb0oYXDS4=", + "lastModified": 1748124805, + "narHash": "sha256-8A7HjmnvCpDjmETrZY1QwzKunR63LiP7lHu1eA5q6JI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "eea3403f7ca9f9942098f4f2756adab4ec924b2b", + "rev": "db1aed32009f408e4048c1dd0beaf714dd34ed93", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11-small", + "ref": "nixos-25.05-small", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 979bfcbd..21bd793d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "A Nix-based continuous build system"; - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05-small"; inputs.nix = { url = "github:NixOS/nix/2.28-maintenance"; -- 2.49.0 From e6df0c141caf2968bbd5ecd21b2ab33e2cd31ba1 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Thu, 15 May 2025 00:09:42 -0400 Subject: [PATCH 3/5] flake.lock: Update Nix and nix-eval-jobs to 2.29 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nix': 'github:NixOS/nix/70921714cb3b5e6041b7413459541838651079f3?narHash=sha256-ZbB3IH9OlJvo14GlQZbYHzJojf/HCDT38GzYTod8DaU%3D' (2025-04-23) → 'github:NixOS/nix/d761dad79c79af17aa476a29749bd9d69747548f?narHash=sha256-rCpANMHFIlafta6J/G0ILRd%2BWNSnzv/lzi40Y8f1AR8%3D' (2025-05-25) • Updated input 'nix-eval-jobs': 'github:nix-community/nix-eval-jobs/1260c6599d22dfd8c25fea6893c3d031996b20e1?narHash=sha256-n220U5pjzCtTtOJtbga4Xr/PyllowKw9anSevgCqJEw%3D' (2025-04-11) → 'github:nix-community/nix-eval-jobs/d9262e535e35454daebcebd434bdb9c1486bb998?narHash=sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0%3D' (2025-05-25) --- flake.lock | 14 +++++++------- flake.nix | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 3a8d6870..2679eecb 100644 --- a/flake.lock +++ b/flake.lock @@ -3,16 +3,16 @@ "nix": { "flake": false, "locked": { - "lastModified": 1745420957, - "narHash": "sha256-ZbB3IH9OlJvo14GlQZbYHzJojf/HCDT38GzYTod8DaU=", + "lastModified": 1748154947, + "narHash": "sha256-rCpANMHFIlafta6J/G0ILRd+WNSnzv/lzi40Y8f1AR8=", "owner": "NixOS", "repo": "nix", - "rev": "70921714cb3b5e6041b7413459541838651079f3", + "rev": "d761dad79c79af17aa476a29749bd9d69747548f", "type": "github" }, "original": { "owner": "NixOS", - "ref": "2.28-maintenance", + "ref": "2.29-maintenance", "repo": "nix", "type": "github" } @@ -20,11 +20,11 @@ "nix-eval-jobs": { "flake": false, "locked": { - "lastModified": 1744370057, - "narHash": "sha256-n220U5pjzCtTtOJtbga4Xr/PyllowKw9anSevgCqJEw=", + "lastModified": 1748211873, + "narHash": "sha256-AJ22q6yWc1hPkqssXMxQqD6QUeJ6hbx52xWHhKsmuP0=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "1260c6599d22dfd8c25fea6893c3d031996b20e1", + "rev": "d9262e535e35454daebcebd434bdb9c1486bb998", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 21bd793d..e67a3a99 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,7 @@ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05-small"; inputs.nix = { - url = "github:NixOS/nix/2.28-maintenance"; + url = "github:NixOS/nix/2.29-maintenance"; # We want to control the deps precisely flake = false; }; -- 2.49.0 From de10c0e0fb24a220a1638d5fae6cac4c9611e601 Mon Sep 17 00:00:00 2001 From: John Ericson Date: Thu, 15 May 2025 00:24:25 -0400 Subject: [PATCH 4/5] Fix build with Nix 2.29 --- src/hydra-queue-runner/build-remote.cc | 2 +- src/hydra-queue-runner/hydra-queue-runner.cc | 4 ++-- src/hydra-queue-runner/queue-monitor.cc | 10 ++++++++-- src/hydra-queue-runner/state.hh | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/src/hydra-queue-runner/build-remote.cc b/src/hydra-queue-runner/build-remote.cc index 7e307c75..b372e7dd 100644 --- a/src/hydra-queue-runner/build-remote.cc +++ b/src/hydra-queue-runner/build-remote.cc @@ -50,7 +50,7 @@ static std::unique_ptr openConnection( auto remoteStore = machine->storeUri.params.find("remote-store"); if (remoteStore != machine->storeUri.params.end()) { command.push_back("--store"); - command.push_back(shellEscape(remoteStore->second)); + command.push_back(escapeShellArgAlways(remoteStore->second)); } } diff --git a/src/hydra-queue-runner/hydra-queue-runner.cc b/src/hydra-queue-runner/hydra-queue-runner.cc index ab146312..a4a7f0a7 100644 --- a/src/hydra-queue-runner/hydra-queue-runner.cc +++ b/src/hydra-queue-runner/hydra-queue-runner.cc @@ -14,7 +14,7 @@ #include #include "state.hh" #include "hydra-build-result.hh" -#include +#include #include #include @@ -832,7 +832,7 @@ void State::run(BuildID buildOne) << metricsAddr << "/metrics (port " << exposerPort << ")" << std::endl; - Store::Params localParams; + Store::Config::Params localParams; localParams["max-connections"] = "16"; localParams["max-connection-age"] = "600"; localStore = openStore(getEnv("NIX_REMOTE").value_or(""), localParams); diff --git a/src/hydra-queue-runner/queue-monitor.cc b/src/hydra-queue-runner/queue-monitor.cc index bb15ac04..0785be6f 100644 --- a/src/hydra-queue-runner/queue-monitor.cc +++ b/src/hydra-queue-runner/queue-monitor.cc @@ -492,8 +492,14 @@ Step::ptr State::createStep(ref destStore, runnable while step->created == false. */ step->drv = std::make_unique(localStore->readDerivation(drvPath)); { - auto parsedDrv = ParsedDerivation{drvPath, *step->drv}; - step->drvOptions = std::make_unique(DerivationOptions::fromParsedDerivation(parsedDrv)); + auto parsedOpt = StructuredAttrs::tryParse(step->drv->env); + try { + step->drvOptions = std::make_unique( + DerivationOptions::fromStructuredAttrs(step->drv->env, parsedOpt ? &*parsedOpt : nullptr)); + } catch (Error & e) { + e.addTrace({}, "while parsing derivation '%s'", localStore->printStorePath(drvPath)); + throw; + } } step->preferLocalBuild = step->drvOptions->willBuildLocally(*localStore, *step->drv); diff --git a/src/hydra-queue-runner/state.hh b/src/hydra-queue-runner/state.hh index edfad4fb..f7ab7de3 100644 --- a/src/hydra-queue-runner/state.hh +++ b/src/hydra-queue-runner/state.hh @@ -172,7 +172,7 @@ struct Step nix::StorePath drvPath; std::unique_ptr drv; std::unique_ptr drvOptions; - std::set requiredSystemFeatures; + nix::StringSet requiredSystemFeatures; bool preferLocalBuild; bool isDeterministic; std::string systemType; // concatenation of drv.platform and requiredSystemFeatures -- 2.49.0 From ae8c1554cb8aec9772cb25ec5c7a3b7a1cf11f34 Mon Sep 17 00:00:00 2001 From: Thomas Nixon Date: Fri, 23 May 2025 19:53:15 +0100 Subject: [PATCH 5/5] doc/manual: correct nginx reverse proxy example - hydra does not remove the base URI from the request before processing it, so this must be done in the reverse proxy. in nginx this is done by giving proxy_pass a URI rather than a protocol/host/port; see: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass - proxy_redirect is not correct/required: hydra uses proxy headers to correctly form redirects in most cases, and where it doesn't it produces local redirects which aren't matched by this directive anyway --- doc/manual/src/configuration.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/manual/src/configuration.md b/doc/manual/src/configuration.md index d370312a..856d314c 100644 --- a/doc/manual/src/configuration.md +++ b/doc/manual/src/configuration.md @@ -63,8 +63,7 @@ following: .. other configuration .. location /hydra/ { - proxy_pass http://127.0.0.1:3000; - proxy_redirect http://127.0.0.1:3000 https://example.com/hydra; + proxy_pass http://127.0.0.1:3000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; @@ -74,6 +73,9 @@ following: } } +Note the trailing slash on the `proxy_pass` directive, which causes nginx to +strip off the `/hydra/` part of the URL before passing it to hydra. + Populating a Cache ------------------ -- 2.49.0