-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Apple Silicon (aarch64-darwin) #95903
Comments
My company has a DTK, so I'm planning to test Nixpkgs on it as soon as Nixpkgs is ready :) There is already support for a |
Yeah - we will probably have to assume aarch64-darwin means Mac instead of iOS now. With the LLVM triple we do have a way to disambiguate: aarch64-apple-ios vs. aarch64-apple-darwin Which is even more confusing, since iOS is technically still using the Darwin kernel! But nevermind that, I suspect this distinction will get even more blurred with Mac Catalyst. I'd be interested if you can just execute an iOS binary from CLI on the DTK. Unfortunately, pure-darwin stdenv is left to wait for update of https://github.com/tpoechtrager/cctools-port. We can probably either use the native stdenv or |
What's required from |
The code signing requirement sounds like the end of the line for macOS support in Nix - or at the very least, for having prebuilt binaries in the binary cache. Users could still build stuff locally using their local signing key (through some impure mechanism, I guess), but they wouldn't be able to share the result with other users and the binaries wouldn't be reproducible. |
There's a similar thread in From what I understand; signing is done ad-hocly and needs no user interaction and thus does not pose any issues for the availability of a binary cache. Quoting:
So it sounds like we're good? |
Or is homebrew not backed by a binary cache? i.e. always built from source? |
Then it's not clear to me what the signing key is (or what the point of this kind of signing is...). The release notes mention "a simple ad-hoc signature issued locally" but if that's tied to the machine then you wouldn't be able to share binaries. |
@arianvp There's a purity/reproducibility problem still, but I guess that's not the worst thing. Absent proper support for detached signatures the closest thing to a "right" way to do this is to teach Nix's hashing to ignore the signature field 😭 |
|
As far as I can tell adhoc signatures are a hash of the contents of the binary and do not involve an identity, private key or any certificate chain. If so, there's no problem with reproducibility or distribution. My understanding is mostly based of a description of adhoc signing on stack overflow but I haven't found a more authoritative source. I did a quick test of linking on a DTK. If another DTK user is able to produce the same binary from the same sources it'd be good evidence that there's no machine local key. |
I've now thoroughly investigated ad-hoc signatures and implemented a minimal generator: thefloweringash/sigtool. The short version is that it is a list of sha256 hashes of the binary contents up to the start of the embedded signature. I have a work in progress branch of nixpkgs that is able to cross compile and run a basic set of utilities on a dtk. I'm currently using this tool in a setup hook (adding to |
@thefloweringash Do you have a link to your branch, or instructions for other folks with a DTK to try out the currently-partially-working version of Nix? |
Now that it appears Big Sur is sorted, what’s the status on this one? |
Note that the foundation has one developer toolkit machine and can set it up for access if that helps anyone work on this. You can request access here :) Once stdenv compiles, foundation will order a few machines from https://opencollective.com/nixos donations. |
I've tagged something that works as apple-silicon-1. It's incredibly messy, the commit history is equally messy, and still needs a ton of work. However, it can cross-compile bootstrap tools to aarch64-darwin, and then natively build things like My cross compilation source machine is x86_64-darwin running 10.15. It should be possible to "cross compile" on aarch64 Mac via rosetta, but I haven't tried it. To natively compile, install regular x86_64-darwin nix and update nix.conf to include
Natively building hello
Cross compiling hello:
Cross compiling bootstrap tools:
|
I am not sure if this is the right issue. But would this a good moment to move away from This would mean that the whole dance around creating a Nix store volume would not be necessary on Apple Silicon Macs. |
As long as mac uses something like apfs, and the nix installer has a option to encrypt the partition I would like to keep a partition for the nix store. And keeping it under /nix makes the differences between oses smaller. |
Another advantage of APFS is being able to opt-in to case-sensitivity, which is required for cross-compiling Linux, some nixpkgs ecosystem tools like hackage2nix, and probably other things. |
But that's regardless of whether the store lives in |
Sure, but I don’t think ”reinstall your entire system on a new case‐sensitive APFS volume” is a reasonable thing for us to suggest users do, and if we’re going to support creating an APFS Nix volume for that reason then we might as well also continue to use it to keep the store prefix the same across platforms. I think that if we can get an automatically‐encrypted‐on‐FileVault, case‐sensitive APFS |
I think it's unrelated to apple silicon support, so this isn't the right issue.
I'd say it's the opposite: if we were to change the path of the nix store I would prefer if we'd do it either completely before or completely after the apple silicon support: I would not want x86 macOS installations to be different from aarch64 macOS installations in ways that are not strictly necessary, and aarch64 support is likely to be buggy at the start, and I would not want to make that coincide with the change of the path of the nix store, a change that is itself very likely to introduce bugs. |
I have tested python3, node, and postgres today on a Mac with the M1 chip and my system set to aarch64-darwin. Has worked great so far :-) |
🎉 Same here! finally set edit: extracted my |
So I suppose we can close this then? Things that don't work yet probably warrant new issues. |
Has the Nix release mentioned here been made? Though I guess it's not a direct blocker for a Nixpkgs issue. |
|
What about the ghc. I don't follow that. I would like to keep this open, until that is working |
GHC 8.10.5 with Apple Silicon support has already been released. (Although it has other issues) |
Following previous comments of attempts at a successful build, this is my attempt trying the latest release. MacOs M1 BigSur 11.4 running latest Nix 2.3.14 I'm able to do a proper Only persistent error I tend to run into even with different build attempts previously is:
Which I had attempted to resolve here with listed attempts & clean installs. I'm pretty new to Nix, its a bit difficult to understand if this would be the OS compatibility being a factor for producing the error. |
So far in my setup, these don't work with
|
On the GHC side:
However, a few bugs were found (some stemming from GHC's CI using nix to build GHC, and thus having had some unwanted nix-paths leak into the build product), a crash in the aarch64-darwin linker. The last part is the hardest to rectify quickly, as it essentially entails auditing all Haskell code for proper FFI declarations. We are trying to come up with some automation for this. |
I've opened #129427 to make sure evaluation errors don't slip into master. The last bit missing is documentation and user testing. I'd encourage M1 users to install Nix via:
|
I would like to avoid this ticket staying open forever with reports for packages not working; and instead mark Apple silicon as "Initital basic support done" and open new tickets for any packages that don't work yet. I'm sure there are hundreds if not thousands of packages that do not compile on M1 and we can all track them in new tickets invdividually.
Similarly it seems that upstream doesn't even have the M1 story figured out completely yet. it doesn't make sense to have that as a blocker for M1 support in nixpkgs. We can open a new issue for that too.
Yes documenting M1 is supported in the manual or the website sounds like something we should at least address before closing this. |
I apologize for not trying I've also had great luck with using the Flakes and the new |
Sounds fair. :) The installation itself was flawless. |
✅ TL; DR: Issue with 👋 For some reason my nix is considering Checked the architecture using
Added a custom
Build and apply my flake:
The impact: I have some issues using As suggested I also set the
Edit: arrrghhh:
So.. my nix executable is running on Rosetta, so this means I need to reinstall Nix to ensure that runs on Apple Native... 😢 Update2:Reinstalled Nix and renders the same result:
Any ideas? Last UpdateIssue with nix-darwin which is out-of-scope of this ticket. |
Installation works flawlessly! Thanks ! any plans on updating the documentation also ? |
@fr34k8 I've updated https://nix.dev/tutorials/install-nix to have instructions per OS. Also planning to look at fixing GHC in the following days. |
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/nixos-emulation-on-mac-mini-m1/14659/1 |
I ended up on this page after failing to follow the instructions that @callahad provided in a thread on hacker news. It seems that in version
I saw this error message for both of these versions off of Hydra.
I think there has been a regression in between these versions, in case anyone else is interested in pursuing this. |
GHC now builds on aarch64-darwin as of just merged #135345 Note that for many Haskell packages to build (I hope to fix cachix today) we need to wait for haskell-updates branch to be merged (ETA ~week). @vamega I haven't seen that before and our installer tests work well. Is your setup somehow special? |
I'd suggest posting that to LnL7/nix-darwin#334 |
@bphenriques I was having the same issue as you this week (somehow got an In my flake, I use |
@domenkozar I'm not sure how my setup could be special.
|
I'm closing this issue as the original goal of supporting Apple Silicon is achieved! Our build farm is running 6 M1 macOS machines and https://www.macstadium.com/ has donated us another 5 machines that @grahamc is setting up for use in ofborg/hydra. Nix natively installs on aarch64-darwin and we have a hydra jobset that builds 21.05 and unstable channels. GHC has been fixed just last week, with now over 25000 packages building on aarch64-darwin. Documentation on how to install Nix on macOS Future work:
For any issues please open bugs either here or in Nix repository. |
Apple will be transitioning to ARM in the near future, starting with their Big Sur release.
It would be great if we can get nixpkgs support for compiling ARM packages on Darwin
The NixOS Foundation has access to a Developer Transition Kit for testing, thanks to the friendly folks at Apple.
For now @edolstra and @rbvermaa have access to this DTK.
Note that we can get additional DTKs approved for anyone interested working on this ticket. We have a contact at Developer Relations who can help us with this. Please contact me if you would like to order a DTK to work on Nixpkgs support. (Cost is 500 US Dollars)
We also could get access to cloud machines through MacStadium. This might be interesting at a later stage for Hydra?
The original email that I got from Apple DevRel
The text was updated successfully, but these errors were encountered: