Get rid of nix and use homebrew, fixes #274

.gitlab-ci.yml

@@ -11,12 +11,16 @@ variables:
   # Commit of ghc/ci-images repository from which to pull Docker images
   DOCKER_REV: 8d0224e6b2a08157649651e69302380b2bd24e11
 
+  # Sequential version number of all cached things.
+  # Bump to invalidate GitLab CI cache.
+  CACHE_REV: 0
+
 ############################################################
 # CI Step
 ############################################################
 
 .debian:
-  image: "debian:11"
+  image: "registry.gitlab.haskell.org/ghc/ci-images/x86_64-linux-deb10:$DOCKER_REV"
   tags:
     - x86_64-linux
   variables:
@@ -44,7 +48,7 @@ variables:
     CABAL_DIR: "$CI_PROJECT_DIR/cabal"
 
 .linux:armv7:
-  image: "arm32v7/debian:11"
+  image: "registry.gitlab.haskell.org/ghc/ci-images/armv7-linux-deb10:$DOCKER_REV"
   tags:
     - armv7-linux
   variables:
@@ -54,7 +58,7 @@ variables:
   retry: 2
 
 .linux:aarch64:
-  image: "aarch64/debian:11"
+  image: "registry.gitlab.haskell.org/ghc/ci-images/aarch64-linux-deb10:$DOCKER_REV"
   tags:
     - aarch64-linux
   variables:
@@ -164,26 +168,40 @@ variables:
     - .test_ghcup_version
     - .darwin:aarch64
     - .root_cleanup
+  cache:
+    key: darwin-brew-$CACHE_REV
+    paths:
+      - .brew
+      - .brew_cache
+  before_script:
+    # Install brew locally in the project dir. Packages will also be installed here.
+    - git clone --depth=1 https://github.com/Homebrew/brew $CI_PROJECT_DIR/.brew
+    - export PATH="$CI_PROJECT_DIR/.brew/bin:$CI_PROJECT_DIR/.brew/sbin:$PATH"
+
+    # otherwise we seem to get intel binaries
+    - export HOMEBREW_CHANGE_ARCH_TO_ARM=1
+
+    # make sure to not pollute the machine with temp files etc
+    - mkdir -p $CI_PROJECT_DIR/.brew_cache
+    - export HOMEBREW_CACHE=$CI_PROJECT_DIR/.brew_cache
+    - mkdir -p $CI_PROJECT_DIR/.brew_logs
+    - export HOMEBREW_LOGS=$CI_PROJECT_DIR/.brew_logs
+    - mkdir -p $CI_PROJECT_DIR/.brew_tmp
+    - export HOMEBREW_TEMP=$CI_PROJECT_DIR/.brew_tmp
+
+    # update and install packages
+    - brew update
+    - brew install llvm
+    - brew install autoconf automake coreutils
   script: |
-    set -Eeuo pipefail
-    function runInNixShell() {
-      time nix-shell $CI_PROJECT_DIR/.gitlab/shell.nix \
-        -I nixpkgs=https://github.com/angerman/nixpkgs/archive/75f7281738b.tar.gz \
-        --argstr system "aarch64-darwin" \
-        --pure \
-        --keep CI_PROJECT_DIR \
-        --keep MACOSX_DEPLOYMENT_TARGET \
-        --keep JSON_VERSION \
-        --keep ARTIFACT \
-        --keep OS \
-        --keep ARCH \
-        --keep CABAL_DIR \
-        --keep GHC_VERSION \
-        --keep CABAL_VERSION \
-        --run "$1" 2>&1
-    }
-    runInNixShell ./.gitlab/before_script/darwin/install_deps.sh 2>&1
-    runInNixShell ./.gitlab/script/ghcup_version.sh 2>&1
+    export PATH="$CI_PROJECT_DIR/.brew/opt/llvm/bin:$CI_PROJECT_DIR/.brew/bin:$CI_PROJECT_DIR/.brew/sbin:$PATH"
+    export CC=$CI_PROJECT_DIR/.brew/opt/llvm/bin/clang
+    export CXX=$CI_PROJECT_DIR/.brew/opt/llvm/bin/clang++
+    export LD=ld
+    export AR=$CI_PROJECT_DIR/.brew/opt/llvm/bin/llvm-ar
+    export RANLIB=$CI_PROJECT_DIR/.brew/opt/llvm/bin/llvm-ranlib
+    ./.gitlab/before_script/darwin/install_deps.sh
+    ./.gitlab/script/ghcup_version.sh
 
 .test_ghcup_version:freebsd12:
   extends:
@@ -508,26 +526,40 @@ release:darwin:aarch64:
     - .darwin:aarch64
     - .release_ghcup
     - .root_cleanup
+  cache:
+    key: darwin-brew-$CACHE_REV
+    paths:
+      - .brew
+      - .brew_cache
+  before_script:
+    # Install brew locally in the project dir. Packages will also be installed here.
+    - git clone --depth=1 https://github.com/Homebrew/brew $CI_PROJECT_DIR/.brew
+    - export PATH="$CI_PROJECT_DIR/.brew/bin:$CI_PROJECT_DIR/.brew/sbin:$PATH"
+
+    # otherwise we seem to get intel binaries
+    - export HOMEBREW_CHANGE_ARCH_TO_ARM=1
+
+    # make sure to not pollute the machine with temp files etc
+    - mkdir -p $CI_PROJECT_DIR/.brew_cache
+    - export HOMEBREW_CACHE=$CI_PROJECT_DIR/.brew_cache
+    - mkdir -p $CI_PROJECT_DIR/.brew_logs
+    - export HOMEBREW_LOGS=$CI_PROJECT_DIR/.brew_logs
+    - mkdir -p $CI_PROJECT_DIR/.brew_tmp
+    - export HOMEBREW_TEMP=$CI_PROJECT_DIR/.brew_tmp
+
+    # update and install packages
+    - brew update
+    - brew install llvm
+    - brew install autoconf automake
   script: |
-    set -Eeuo pipefail
-    function runInNixShell() {
-      time nix-shell $CI_PROJECT_DIR/.gitlab/shell.nix \
-        -I nixpkgs=https://github.com/angerman/nixpkgs/archive/75f7281738b.tar.gz \
-        --argstr system "aarch64-darwin" \
-        --pure \
-        --keep CI_PROJECT_DIR \
-        --keep MACOSX_DEPLOYMENT_TARGET \
-        --keep JSON_VERSION \
-        --keep ARTIFACT \
-        --keep OS \
-        --keep ARCH \
-        --keep CABAL_DIR \
-        --keep GHC_VERSION \
-        --keep CABAL_VERSION \
-        --run "$1" 2>&1
-    }
-    runInNixShell ./.gitlab/before_script/darwin/install_deps.sh 2>&1
-    runInNixShell ./.gitlab/script/ghcup_release.sh 2>&1
+    export PATH="$CI_PROJECT_DIR/.brew/opt/llvm/bin:$CI_PROJECT_DIR/.brew/bin:$CI_PROJECT_DIR/.brew/sbin:$PATH"
+    export CC=$CI_PROJECT_DIR/.brew/opt/llvm/bin/clang
+    export CXX=$CI_PROJECT_DIR/.brew/opt/llvm/bin/clang++
+    export LD=ld
+    export AR=$CI_PROJECT_DIR/.brew/opt/llvm/bin/llvm-ar
+    export RANLIB=$CI_PROJECT_DIR/.brew/opt/llvm/bin/llvm-ranlib
+    ./.gitlab/before_script/darwin/install_deps.sh
+    ./.gitlab/script/ghcup_release.sh
   variables:
     ARTIFACT: "aarch64-apple-darwin-ghcup"
     GHC_VERSION: "8.10.7"

.gitlab/before_script/linux/install_deps.sh

@@ -6,49 +6,16 @@ set -eux
 
 mkdir -p "${TMPDIR}"
 
-apt-get update -y
-apt-get install -y \
-    apt-transport-https \
-    autoconf \
-    automake \
-    build-essential \
-    curl \
-    gcc \
-    git \
-    gnupg2 \
-    libbz2-dev \
-    libffi-dev \
-    libffi7 \
-    libgmp-dev \
-    libgmp10 \
-    liblzma-dev \
-    libncurses-dev \
-    libncurses5 \
-    libnuma-dev \
-    libssl-dev \
-    libtinfo5 \
-    lsb-release \
-    pkg-config \
-    software-properties-common \
-    wget \
-    zlib1g-dev
-
+sudo apt-get update -y
+sudo apt-get install -y libnuma-dev zlib1g-dev libgmp-dev libgmp10 libssl-dev liblzma-dev libbz2-dev git wget lsb-release software-properties-common gnupg2 apt-transport-https gcc autoconf automake build-essential
 
 if [ "${CROSS}" = "arm-linux-gnueabihf" ] ; then
-    apt-get install -y gcc-arm-linux-gnueabihf
-    dpkg --add-architecture armhf
-    apt-get update -y
-    apt-get install -y libncurses-dev:armhf
+	sudo apt-get install -y gcc-arm-linux-gnueabihf
+	sudo dpkg --add-architecture armhf
+	sudo apt-get update -y
+	sudo apt-get install -y libncurses-dev:armhf
 fi
 
-apt-get install -y libseccomp-dev
-curl -L https://dev.exherbo.org/~alip/sydbox/sydbox-2.1.0.tar.bz2 | tar -xj
-cd sydbox-2.1.0
-./configure
-make
-make install
-cd ..
-
 export BOOTSTRAP_HASKELL_NONINTERACTIVE=1
 export BOOTSTRAP_HASKELL_GHC_VERSION=$GHC_VERSION
 export BOOTSTRAP_HASKELL_CABAL_VERSION=$CABAL_VERSION

.gitlab/ghcup_env

@@ -6,6 +6,6 @@ if [ "${OS}" = "WINDOWS" ] ; then
 else
 	export GHCUP_INSTALL_BASE_PREFIX="$CI_PROJECT_DIR"
 	export GHCUP_BIN="$CI_PROJECT_DIR/.ghcup/bin"
-	export PATH="$GHCUP_BIN:$CI_PROJECT_DIR/.local/bin:/opt/llvm/bin:$PATH"
+	export PATH="$GHCUP_BIN:$CI_PROJECT_DIR/.local/bin:$PATH"
 	export TMPDIR="$CI_PROJECT_DIR/tmp"
 fi

.gitlab/script/ghcup_version.sh

@@ -15,100 +15,14 @@ ecabal() {
 }
 
 raw_eghcup() {
-	if command -v sydbox 1>/dev/null ; then
-        sydbox \
-            -m core/sandbox/read:deny \
-            -m core/sandbox/write:deny \
-            -m core/sandbox/network:allow \
-            -m allowlist/read+/usr/lib/os-release \
-            -m "allowlist/read+${GHCUP_INSTALL_BASE_PREFIX}/.ghcup/***" \
-            -m "allowlist/write+${GHCUP_INSTALL_BASE_PREFIX}/.ghcup/***" \
-            -m "allowlist/read+${TMPDIR}/***" \
-            -m "allowlist/write+${TMPDIR}/***" \
-            -m "allowlist/read+/usr/lib/***" \
-            -m 'allowlist/read+/etc/ld.so.cache' \
-            -m "allowlist/read+/lib/***" \
-            -m 'allowlist/read+/etc/ssl/openssl.cnf' \
-            -m 'allowlist/read+/proc/sys/crypto/fips_enabled' \
-            -m 'allowlist/read+/etc/nsswitch.conf' \
-            -m 'allowlist/read+/etc/host.conf' \
-            -m 'allowlist/read+/etc/resolv.conf' \
-            -m 'allowlist/read+/etc/hosts' \
-            -m 'allowlist/read+/etc/gai.conf' \
-            -m 'allowlist/read+/etc/ssl/certs/ca-certificates.crt' \
-            -m 'allowlist/read+/usr/share/zoneinfo/Etc/UTC' \
-            -m 'allowlist/read+/dev/urandom' \
-            -m 'core/violation/decision:killall' \
-		    -- ghcup -v -c "$@"
-	else
-		ghcup -v -c "$@"
-	fi
+	ghcup -v -c "$@"
 }
 
 eghcup() {
 	if [ "${OS}" = "WINDOWS" ] ; then
-        sydbox \
-            -m core/sandbox/read:deny \
-            -m core/sandbox/write:deny \
-            -m core/sandbox/network:allow \
-            -m allowlist/read+/usr/lib/os-release \
-            -m "allowlist/read+${GHCUP_INSTALL_BASE_PREFIX}/.ghcup/***" \
-            -m "allowlist/write+${GHCUP_INSTALL_BASE_PREFIX}/.ghcup/***" \
-            -m "allowlist/read+${TMPDIR}/***" \
-            -m "allowlist/write+${TMPDIR}/***" \
-            -m "allowlist/read+/usr/lib/***" \
-            -m 'allowlist/read+/etc/ld.so.cache' \
-            -m "allowlist/read+/lib/***" \
-            -m 'allowlist/read+/etc/ssl/openssl.cnf' \
-            -m 'allowlist/read+/proc/sys/crypto/fips_enabled' \
-            -m 'allowlist/read+/etc/nsswitch.conf' \
-            -m 'allowlist/read+/etc/host.conf' \
-            -m 'allowlist/read+/etc/resolv.conf' \
-            -m 'allowlist/read+/etc/hosts' \
-            -m 'allowlist/read+/etc/gai.conf' \
-            -m 'allowlist/read+/etc/ssl/certs/ca-certificates.crt' \
-            -m 'allowlist/read+/usr/share/zoneinfo/Etc/UTC' \
-            -m 'allowlist/read+/dev/urandom' \
-            -m 'core/violation/decision:killall' \
-    
 		ghcup -v -c -s file:/$CI_PROJECT_DIR/data/metadata/ghcup-${JSON_VERSION}.yaml "$@"
 	else
-		if command -v sydbox 1>/dev/null ; then
-			ghcup -v -c -s file://$CI_PROJECT_DIR/data/metadata/ghcup-${JSON_VERSION}.yaml "$@"
-		else
-			ghcup -v -c -s file://$CI_PROJECT_DIR/data/metadata/ghcup-${JSON_VERSION}.yaml "$@"
-		fi
-	fi
-}
-
-eghcup_offline() {
-	if command -v sydbox 1>/dev/null ; then
-        sydbox \
-            -m core/sandbox/read:deny \
-            -m core/sandbox/write:deny \
-            -m core/sandbox/network:deny \
-            -m allowlist/read+/usr/lib/os-release \
-            -m "allowlist/read+${GHCUP_INSTALL_BASE_PREFIX}/.ghcup/***" \
-            -m "allowlist/write+${GHCUP_INSTALL_BASE_PREFIX}/.ghcup/***" \
-            -m "allowlist/read+${TMPDIR}/***" \
-            -m "allowlist/write+${TMPDIR}/***" \
-            -m "allowlist/read+/usr/lib/***" \
-            -m 'allowlist/read+/etc/ld.so.cache' \
-            -m "allowlist/read+/lib/***" \
-            -m 'allowlist/read+/etc/ssl/openssl.cnf' \
-            -m 'allowlist/read+/proc/sys/crypto/fips_enabled' \
-            -m 'allowlist/read+/etc/nsswitch.conf' \
-            -m 'allowlist/read+/etc/host.conf' \
-            -m 'allowlist/read+/etc/resolv.conf' \
-            -m 'allowlist/read+/etc/hosts' \
-            -m 'allowlist/read+/etc/gai.conf' \
-            -m 'allowlist/read+/etc/ssl/certs/ca-certificates.crt' \
-            -m 'allowlist/read+/usr/share/zoneinfo/Etc/UTC' \
-            -m 'allowlist/read+/dev/urandom' \
-            -m 'core/violation/decision:killall' \
-			-- ghcup -v --offline "$@"
-	else
-		ghcup -v --offline "$@"
+		ghcup -v -c -s file://$CI_PROJECT_DIR/data/metadata/ghcup-${JSON_VERSION}.yaml "$@"
 	fi
 }
 
@@ -219,7 +133,7 @@ else
 	# https://gitlab.haskell.org/haskell/ghcup-hs/issues/7
 	if [ "${OS}" = "LINUX" ] ; then
 		eghcup --downloader=wget prefetch ghc 8.10.3
-		eghcup_offline install ghc 8.10.3
+		eghcup --offline install ghc 8.10.3
 		if [ "${ARCH}" = "64" ] ; then
 			expected=$(cat "$( cd "$(dirname "$0")" ; pwd -P )/../ghc-8.10.3-linux.files" | sort)
 			actual=$(cd "${GHCUP_DIR}/ghc/8.10.3/" && find | sort)
@@ -228,17 +142,17 @@ else
 		fi
 	elif [ "${OS}" = "WINDOWS" ] ; then
 		eghcup prefetch ghc 8.10.3
-		eghcup_offline install ghc 8.10.3
+		eghcup --offline install ghc 8.10.3
 		expected=$(cat "$( cd "$(dirname "$0")" ; pwd -P )/../ghc-8.10.3-windows.files" | sort)
 		actual=$(cd "${GHCUP_DIR}/ghc/8.10.3/" && find | sort)
 		[ "${actual}" = "${expected}" ]
 		unset actual expected
 	else
 		eghcup prefetch ghc 8.10.3
-		eghcup_offline install ghc 8.10.3
+		eghcup --offline install ghc 8.10.3
 	fi
 	[ "$(ghc --numeric-version)" = "${ghc_ver}" ]
-	eghcup_offline set 8.10.3
+	eghcup --offline set 8.10.3
 	eghcup set 8.10.3
 	[ "$(ghc --numeric-version)" = "8.10.3" ]
 	eghcup set ${GHC_VERSION}
@@ -246,7 +160,7 @@ else
 	eghcup unset ghc
     "$GHCUP_BIN"/ghc --numeric-version && exit || echo yes
 	eghcup set ${GHC_VERSION}
-	eghcup_offline rm 8.10.3
+	eghcup --offline rm 8.10.3
 	[ "$(ghc --numeric-version)" = "${ghc_ver}" ]
 
 

.gitlab/shell.nix

@@ -1,90 +0,0 @@
-{ system ? "aarch64-darwin"
-#, nixpkgs ? fetchTarball https://github.com/angerman/nixpkgs/archive/257cb120334.tar.gz #apple-silicon.tar.gz
-, pkgs ? import <nixpkgs> { inherit system; }
-, compiler ? if system == "aarch64-darwin" then "ghc8103Binary" else "ghc8103"
-}: pkgs.mkShell {
-  # this prevents nix from trying to write the env-vars file.
-  # we can't really, as NIX_BUILD_TOP/env-vars is not set.
-  noDumpEnvVars=1;
-
-  # stop polluting LDFLAGS with -liconv
-  dontAddExtraLibs = true;
-
-  # we need to inject ncurses into --with-curses-libraries.
-  # the real fix is to teach terminfo to use libcurses on macOS.
-  # CONFIGURE_ARGS = "--with-intree-gmp --with-curses-libraries=${pkgs.ncurses.out}/lib";
-  CONFIGURE_ARGS = "--with-intree-gmp --with-curses-libraries=/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib --with-iconv-includes=/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include --with-iconv-libraries=/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib SH=/bin/bash";
-
-  # magic speedup pony :facepalm:
-  #
-  # nix has the ugly habbit of duplicating ld flags more than necessary.  This
-  # somewhat consolidates this.
-  shellHook = ''
-  export NIX_LDFLAGS=$(for a in $NIX_LDFLAGS; do echo $a; done |sort|uniq|xargs)
-  export NIX_LDFLAGS_FOR_TARGET=$(for a in $NIX_LDFLAGS_FOR_TARGET; do echo $a; done |sort|uniq|xargs)
-  export NIX_LDFLAGS_FOR_TARGET=$(comm -3 <(for l in $NIX_LDFLAGS_FOR_TARGET; do echo $l; done) <(for l in $NIX_LDFLAGS; do echo $l; done))
-
-
-  # Impurity hack for GHC releases.
-  #################################
-  # We don't want binary releases to depend on nix, thus we'll need to make sure we don't leak in references.
-  # GHC externally depends only on iconv and curses.  However we can't force a specific curses library for
-  # the terminfo package, as such we'll need to make sure we only look in the system path for the curses library
-  # and not pick up the tinfo from the nix provided ncurses package.
-  #
-  # We also need to force us to use the systems COREFOUNDATION, not the one that nix builds. Again this is impure,
-  # but it will allow us to have proper binary distributions.
-  #
-  # do not use nixpkgs provided core foundation
-  export NIX_COREFOUNDATION_RPATH=/System/Library/Frameworks
-  # drop curses from the LDFLAGS, we really want the system ones, not the nix ones.
-  export NIX_LDFLAGS=$(for lib in $NIX_LDFLAGS; do case "$lib" in *curses*);; *) echo -n "$lib ";; esac; done;)
-  export NIX_CFLAGS_COMPILE+=" -Wno-nullability-completeness -Wno-availability -Wno-expansion-to-defined -Wno-builtin-requires-header -Wno-unused-command-line-argument"
-
-  # unconditionally add the MacOSX.sdk and TargetConditional.h
-  export NIX_CFLAGS_COMPILE+=" -isystem /Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/include"
-  export NIX_LDFLAGS="-L/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib $NIX_LDFLAGS"
-
-  '';
-
-  nativeBuildInputs = (with pkgs; [
-    # This needs to come *before* ghc,
-    # otherwise we migth end up with the clang from
-    # the bootstrap GHC in PATH with higher priority.
-    clang_11
-    llvm_11
-
-    haskell.compiler.${compiler}
-    haskell.packages.${compiler}.cabal-install
-    haskell.packages.${compiler}.alex
-    haskell.packages.${compiler}.happy # _1_19_12 is needed for older GHCs.
-
-    automake
-    autoconf
-    m4
-
-    gmp
-    zlib.out
-    zlib.dev
-    glibcLocales
-    # locale doesn't build yet :-/
-    # locale
-
-    git
-
-    python3
-    # python3Full
-    # python3Packages.sphinx
-    perl
-
-    which
-    wget
-	curl
-    file
-
-    xz
-    xlibs.lndir
-
-    cacert ])
-  ++ (with pkgs.darwin.apple_sdk.frameworks; [ Foundation Security ]);
-}