update glitch

nixos/pkgs/glitch-soc/README.md

@@ -2,16 +2,10 @@
 
 <https://github.com/glitch-soc/mastodon>
 
-Mostly copied from [nixpkgs upstream](https://github.com/NixOS/nixpkgs/tree/master/pkgs/servers/mastodon).
+Based on [nixpkgs upstream](https://github.com/NixOS/nixpkgs/tree/master/pkgs/servers/mastodon).
 
-Modifications for the new yarn berry lockfiles in `default.nix`, `yarn.nix` and `yarn-typescript.patch` stolen (with permissions) from [catgirl.cloud](https://git.catgirl.cloud/999eagle/dotfiles-nix/-/tree/main/overlay/mastodon/glitch).
+Modifications for the new yarn berry lockfiles and some other improvements stolen and adjusted (with permissions) from [catgirl.cloud](https://git.catgirl.cloud/999eagle/dotfiles-nix/-/tree/main/overlay/mastodon/glitch) (see also https://github.com/NixOS/nixpkgs/issues/277697).
 
-See also: https://github.com/NixOS/nixpkgs/issues/277697
+I've also made some further modifications myself to try and simplify the package and better understand it.
 
-Update:
-
-```
-./update.sh --owner glitch-soc --repo mastodon --patches "./yarn-typescript.patch" --rev $COMMIT
-```
-
-The yarn hash isn't updated automatically due to the lockfile thing, run a build and copy the hash from the error message to source.nix by hand.
+The package can be updated to the latest glitch-soc commit with `./update.sh`. The yarn hash in `version_data.nix` has to be adjusted manually afterwards from the error message though.

nixos/pkgs/glitch-soc/default.nix

@@ -1,63 +1,81 @@
-/*
-Copied from nixpkgs upstream:
-https://github.com/NixOS/nixpkgs/blob/nixos-23.11/pkgs/servers/mastodon/default.nix
-
-Modifications for new yarn lockfiles stolen (with permission) from:
-https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/main/overlay/mastodon/glitch/yarn.nix
-*/
-
-{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests
+{ lib, stdenv, stdenvNoCC, nodejs-slim, bundlerEnv
 , yarn-berry, callPackage, imagemagick, ffmpeg, file, ruby, writeShellScript
-, brotli
-
-  # Allow building a fork or custom version of Mastodon:
-, pname ? "mastodon"
-, version ? srcOverride.version
-, patches ? []
-  # src is a package
-, srcOverride ? callPackage ./source.nix { inherit patches; }
-, gemset ? ./. + "/gemset.nix"
-, yarnHash ? srcOverride.yarnHash
+, brotli, cacert
 }:
 
-stdenv.mkDerivation rec {
-  inherit pname version;
+let
 
-  src = srcOverride;
+  # optimally, updates only need to touch `version_data.nix`, and nothing else should be in there
+  versionData = import ./version_data.nix;
 
+  # use the first 7 characters of the glitch-soc commit hash as version string
+  version = builtins.substring 0 7 versionData.rev;
+
+  # the patched glitch-soc source
+  src = callPackage ./source.nix { };
+
+  # ruby gems, built from `gemset.nix`, which is generated by bundix in `update.sh` from the source Gemfile
   mastodonGems = bundlerEnv {
-    name = "${pname}-gems-${version}";
-    inherit version gemset ruby;
+    name = "glitch-soc-gems-${version}";  # bundlerEnv breaks when pname is set instead
+    inherit version ruby;
+    gemset = ./gemset.nix;
     gemdir = src;
-    # This fix (copied from https://github.com/NixOS/nixpkgs/pull/76765) replaces the gem
-    # symlinks with directories, resolving this error when running rake:
-    #   /nix/store/451rhxkggw53h7253izpbq55nrhs7iv0-mastodon-gems-3.0.1/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
-    postBuild = ''
-      for gem in "$out"/lib/ruby/gems/*/gems/*; do
-        cp -a "$gem/" "$gem.new"
-        rm "$gem"
-        # needed on macOS, otherwise the mv yields permission denied
-        chmod +w "$gem.new"
-        mv "$gem.new" "$gem"
-      done
-    '';
   };
 
+  # fetches JS dependencies via yarn based on the lockfile in the source
+  mastodonYarnDeps = stdenvNoCC.mkDerivation {
+    pname = "glitch-soc-yarn-deps";
+    inherit version src;
+
+    nativeBuildInputs = [ yarn-berry cacert ];
+
+    dontInstall = true;
+
+    NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
+
+    buildPhase = ''
+      mkdir -p $out
+
+      export HOME=$(mktemp -d)
+      echo $HOME
+
+      export YARN_ENABLE_TELEMETRY=0
+      export YARN_COMPRESSION_LEVEL=0
+
+      cache="$(yarn config get cacheFolder)"
+      yarn install --immutable --mode skip-build
+
+      cp -r $cache/* $out/
+    '';
+
+    outputHashAlgo = "sha256";
+    outputHash = versionData.yarnHash;
+    outputHashMode = "recursive";
+  };
+
+  # builds the node modules for mastodon using the previously fetched yarn deps
   mastodonModules = stdenv.mkDerivation {
-    pname = "${pname}-modules";
-    inherit src version;
+    pname = "glitch-soc-modules";
+    inherit version src;
 
-    # use the fixed yarn berry offline cache thingy
-    yarnOfflineCache = callPackage ./yarn.nix {
-      inherit src;
-      hash = yarnHash;
-    };
+    yarnOfflineCache = mastodonYarnDeps;
 
-    nativeBuildInputs = [ nodejs-slim yarn-berry mastodonGems mastodonGems.wrappedRuby brotli ];
+    nativeBuildInputs = [ nodejs-slim yarn-berry brotli mastodonGems mastodonGems.wrappedRuby ];
 
     RAILS_ENV = "production";
     NODE_ENV = "production";
 
+    /*
+    So it seems that somehow a change in Linux 6.9 changed something that broke libuv, an IO lib
+    used by Node. This undocumented env var disables the broken IO feature in libuv and it works
+    again.
+
+    - https://lore.kernel.org/lkml/d7003b6e-b8e3-41c4-9e6e-2b9abd0c5572@gmail.com/t/
+    - https://github.com/nodejs/node/issues/53051#issuecomment-2124940205
+    - https://github.com/nodejs/docker-node/issues/1912#issuecomment-1594233686
+    */
+    UV_USE_IO_URING = "0";
+
     buildPhase = ''
       runHook preBuild
 
@@ -70,7 +88,8 @@ stdenv.mkDerivation rec {
       mkdir -p ~/.yarn/berry
       ln -sf $yarnOfflineCache ~/.yarn/berry/cache
 
-      yarn install --immutable --immutable-cache
+      # --inline-builds prints build logs inline so they can be inspected with nix log
+      yarn install --immutable --immutable-cache --inline-builds
 
       patchShebangs ~/bin
       patchShebangs ~/node_modules
@@ -78,8 +97,13 @@ stdenv.mkDerivation rec {
       # skip running yarn install
       rm -rf ~/bin/yarn
 
-      OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder \
+      OTP_SECRET=precompile_placeholder \
+      SECRET_KEY_BASE=precompile_placeholder \
+      ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=precompile_placeholder \
+      ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=precompile_placeholder \
+      ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=precompile_placeholder \
         rails assets:precompile
+
       yarn cache clean
       rm -rf ~/node_modules/.cache
 
@@ -107,7 +131,15 @@ stdenv.mkDerivation rec {
     '';
   };
 
-  propagatedBuildInputs = [ imagemagick ffmpeg file mastodonGems.wrappedRuby ];
+# the actual main glitch-soc package
+
+in stdenv.mkDerivation {
+
+  pname = "glitch-soc";
+  inherit version src mastodonGems mastodonModules;
+
+  propagatedBuildInputs = [ mastodonGems.wrappedRuby ];
+  nativeBuildInputs = [ brotli ];
   buildInputs = [ mastodonGems nodejs-slim ];
 
   buildPhase = ''
@@ -164,17 +196,4 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
-  passthru = {
-    tests.mastodon = nixosTests.mastodon;
-    # run with: nix-shell ./maintainers/scripts/update.nix --argstr package mastodon
-    updateScript = ./update.sh;
-  };
-
-  meta = with lib; {
-    description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
-    homepage = "https://joinmastodon.org";
-    license = licenses.agpl3Plus;
-    platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
-    maintainers = with maintainers; [ happy-river erictapen izorkin ghuntley ];
-  };
 }

nixos/pkgs/glitch-soc/source.nix

@@ -1,19 +1,22 @@
-# This file was generated by pkgs.mastodon.updateScript.
-{ fetchFromGitHub, applyPatches, patches ? [] }:
+/*
+This fetches the glitch-soc source from GitHub and patches it.
+
+This needs to be a separately buildable package so that update.sh can build it during upgrading,
+because it needs it for generating `gemset.nix` from the Gemfile in the source.
+*/
+
+{
+  applyPatches,
+  fetchFromGitHub,
+}:
+
 let
-  version = "d7d4770";
-  revision = "d7d477047eba7cb88df54dd78f42095ed0fbea76";
-in
-(
-  applyPatches {
-    src = fetchFromGitHub {
-      owner = "glitch-soc";
-      repo = "mastodon";
-      rev = "${revision}";
-      hash = "sha256-x1fqDtCOiNS61EhnpObUuxrdTd5n2mhjoGbIYGivbDg=";
-    };
-    patches = patches ++ [./yarn-typescript.patch];
-  }) // {
-  inherit version;
-  yarnHash = "sha256-CIIz5wwWzvDKc/VbSIT7Z5D9kwOLoErXoO0WQWfV/g4=";
+  versionData = import ./version_data.nix;
+in applyPatches {
+  src = fetchFromGitHub {
+    owner = "glitch-soc";
+    repo = "mastodon";
+    inherit (versionData) rev hash;
+  };
+  patches = [];
 }

nixos/pkgs/glitch-soc/update.sh

@@ -1,108 +1,42 @@
-#!/usr/bin/env -S nix shell nixpkgs#bundix nixpkgs#coreutils nixpkgs#diffutils nixpkgs#nix-prefetch-git nixpkgs#nix-prefetch-github nixpkgs#gnused nixpkgs#jq nixpkgs#prefetch-yarn-deps -c bash
+#!/usr/bin/env -S nix shell nixpkgs#coreutils nixpkgs#bundix nixpkgs#nix-prefetch-github nixpkgs#jq -c bash
+
 set -e
 
-OWNER=mastodon
-REPO=mastodon
+cd "$(dirname "$0")"  # cd to the script's directory
 
-POSITIONAL=()
-while [[ $# -gt 0 ]]; do
-    key="$1"
+echo "Retrieving latest glitch-soc commit..."
+commit="$(curl -SsL 'https://api.github.com/repos/glitch-soc/mastodon/branches/main')"
+rev="$(jq -r '.commit.sha' <<<"$commit")"
+echo "Latest commit is $rev."
 
-    case $key in
-        --owner)
-            OWNER="$2"
-            shift # past argument
-            shift # past value
-            ;;
-        --repo)
-            REPO="$2"
-            shift # past argument
-            shift # past value
-            ;;
-        --ver)
-            VERSION="$2"
-            shift # past argument
-            shift # past value
-            ;;
-        --rev)
-            REVISION="$2"
-            shift # past argument
-            shift # past value
-            ;;
-        --patches)
-            PATCHES="$2"
-            shift # past argument
-            shift # past value
-            ;;
-        *)  # unknown option
-            POSITIONAL+=("$1")
-            shift # past argument
-            ;;
-    esac
-done
+echo
+echo "Prefetching source..."
+hash="$(nix-prefetch-github glitch-soc mastodon --rev "$rev" | jq -r '.hash')"
 
-if [[ -n "$POSITIONAL" ]]; then
-    echo "Usage: update.sh [--owner OWNER] [--repo REPO] [--ver VERSION] [--rev REVISION] [--patches PATCHES]"
-    echo "OWNER and REPO must be paths on github."
-    echo "If REVISION is not provided, the latest tag from github.com/mastodon/mastodon is fetched and VERSION is calculated from it."
-    echo "If OWNER and REPO are not provided, it defaults they default to mastodon and mastodon."
-    echo "PATCHES, if provided, should be one or more Nix expressions separated by spaces."
-    exit 1
-fi
-
-VERSION="${REVISION:0:7}"
-
-rm -f gemset.nix source.nix
-cd "$(dirname "${BASH_SOURCE[0]}")" || exit 1
-
-WORK_DIR=$(mktemp -d)
-
-# Check that working directory was created.
-if [[ -z "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
-    echo "Could not create temporary directory"
-    exit 1
-fi
-
-# Delete the working directory on exit.
-function cleanup {
-    # Report errors, if any, from nix-prefetch-git
-    grep "fatal" $WORK_DIR/nix-prefetch-git.out >/dev/stderr || true
-    rm -rf "$WORK_DIR"
-}
-trap cleanup EXIT
-
-echo "Fetching source code $REVISION"
-JSON=$(nix-prefetch-github "$OWNER" "$REPO" --rev "$REVISION" 2> $WORK_DIR/nix-prefetch-git.out)
-HASH=$(echo "$JSON" | jq -r .hash)
-
-cat > source.nix << EOF
-# This file was generated by pkgs.mastodon.updateScript.
-{ fetchFromGitHub, applyPatches, patches ? [] }:
-let
-  version = "$VERSION";
-  revision = "$REVISION";
-in
-(
-  applyPatches {
-    src = fetchFromGitHub {
-      owner = "$OWNER";
-      repo = "$REPO";
-      rev = "\${revision}";
-      hash = "$HASH";
-    };
-    patches = patches ++ [$PATCHES];
-  }) // {
-  inherit version;
-  yarnHash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+echo
+echo "Generating version_data.nix..."
+cat > version_data.nix << EOF
+# This file was generated with update.sh.
+{
+  rev = "$rev";
+  hash = "$hash";
+  yarnHash = "";
 }
 EOF
-SOURCE_DIR="$(nix-build --no-out-link -E '(import <nixpkgs> {}).callPackage ./source.nix {}')"
 
-echo "Creating gemset.nix"
-bundix --lockfile="$SOURCE_DIR/Gemfile.lock" --gemfile="$SOURCE_DIR/Gemfile"
-echo "" >> gemset.nix  # Create trailing newline to please EditorConfig checks
+echo
+echo "Building source derivation..."
+srcdir="$(nix build --no-link --print-out-paths --no-warn-dirty ../..#glitch-soc-source)"
+echo "Source derivation is $srcdir."
 
-# echo "Creating yarn-hash.nix"
-# YARN_HASH="$(prefetch-yarn-deps "$SOURCE_DIR/yarn.lock")"
-# YARN_HASH="$(nix hash to-sri --type sha256 "$YARN_HASH")"
-# sed -i "s/sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=/$YARN_HASH/g" source.nix
+echo
+echo "Generating gemset.nix using built source derivation..."
+rm -f gemset.nix
+bundix --quiet --lockfile $srcdir/Gemfile.lock --gemfile $srcdir/Gemfile
+echo "" >> gemset.nix
+
+echo
+echo "Done."
+
+echo
+echo "You'll have to manually enter the commit hash for the yarn deps from the error message when first trying to build the package."

nixos/pkgs/glitch-soc/version_data.nix

@@ -0,0 +1,6 @@
+# This file was generated with update.sh.
+{
+  rev = "60c2310fd879885755c620b060828e3d6a560e0b";
+  hash = "sha256-BiRtSYaBQQK6jgKkJqCaKtf2SaRDN1Sa5H5o0XKj4eQ=";
+  yarnHash = "sha256-haLT8KnJr1r4VPjeXfR5nm0yUbAbeB+D9reOXrdfwCY=";
+}

nixos/pkgs/glitch-soc/yarn-typescript.patch

@@ -1,15 +0,0 @@
---- a/yarn.lock
-+++ b/yarn.lock
-@@ -16483,11 +16483,11 @@
-
- "typescript@patch:typescript@npm%3A5#optional!builtin<compat/typescript>, typescript@patch:typescript@npm%3A^5.0.4#optional!builtin<compat/typescript>":
-   version: 5.3.3
--  resolution: "typescript@patch:typescript@npm%3A5.3.3#optional!builtin<compat/typescript>::version=5.3.3&hash=e012d7"
-+  resolution: "typescript@patch:typescript@npm%3A5.3.3#optional!builtin<compat/typescript>::version=5.3.3&hash=29ae49"
-   bin:
-     tsc: bin/tsc
-     tsserver: bin/tsserver
--  checksum: 1d0a5f4ce496c42caa9a30e659c467c5686eae15d54b027ee7866744952547f1be1262f2d40de911618c242b510029d51d43ff605dba8fb740ec85ca2d3f9500
-+  checksum: e22df47df9b2b2f2617b8bf511a29aea3d177f9f7a0756818230a76b01cbd7da988bf55f9463aaa1a4c1ff90b80f8dc5676460d4e9dfc010572cbba59b822b0c
-   languageName: node
-   linkType: hard

nixos/pkgs/glitch-soc/yarn.nix

@@ -1,40 +0,0 @@
-/*
-Stolen (with permission) from:
-https://git.catgirl.cloud/999eagle/dotfiles-nix/-/blob/main/overlay/mastodon/glitch/yarn.nix
-*/
-
-{
-  stdenvNoCC,
-  yarn-berry,
-  cacert,
-  src,
-  hash,
-}:
-stdenvNoCC.mkDerivation {
-  name = "yarn-deps";
-  nativeBuildInputs = [yarn-berry cacert];
-  inherit src;
-
-  dontInstall = true;
-
-  NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
-
-  buildPhase = ''
-    mkdir -p $out
-
-    export HOME=$(mktemp -d)
-    echo $HOME
-
-    export YARN_ENABLE_TELEMETRY=0
-    export YARN_COMPRESSION_LEVEL=0
-
-    cache="$(yarn config get cacheFolder)"
-    yarn install --immutable --mode skip-build
-
-    cp -r $cache/* $out/
-  '';
-
-  outputHashAlgo = "sha256";
-  outputHash = hash;
-  outputHashMode = "recursive";
-}