add an onboarding script for new kernel-builder users#418
Conversation
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
install.sh
Outdated
| # Use 'trusted-substituters' and 'trusted-public-keys' — these are daemon-level | ||
| # settings (written to nix.conf as root) so they don't require the user to be | ||
| # in 'trusted-users'. | ||
| echo "extra-trusted-substituters = $HF_SUBSTITUTER" | sudo tee -a /etc/nix/nix.conf >/dev/null | ||
| echo "extra-trusted-public-keys = $HF_PUBLIC_KEY" | sudo tee -a /etc/nix/nix.conf >/dev/null |
There was a problem hiding this comment.
maybe the keys should be trusted-substituters and trusted-public-keys (no extra)?
currently I get the following warning
warning: ignoring untrusted substituter 'https://huggingface.cachix.org', you are not a trusted user.
Run `man nix.conf` for more information on the `substituters` configuration option.
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
warning: ignoring untrusted substituter 'https://huggingface.cachix.org', you are not a trusted user.
Run `man nix.conf` for more information on the `substituters` configuration option.
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
There was a problem hiding this comment.
I am still getting
warning: ignoring untrusted substituter 'https://huggingface.cachix.org', you are not a trusted user.
Run `man nix.conf` for more information on the `substituters` configuration option.
warning: ignoring the client-specified setting 'trusted-public-keys', because it is a restricted setting and you are not a trusted user
after trying out a bunch of options. I am afraid my knowledge about nix is too limited at this point to keep on digging. Any suggestions?
There was a problem hiding this comment.
ooh I think we may need to add the user as a trusted-users = <username> otherwise the those values are ignored
| echo " Note: you may need to restart your shell or run:" | ||
| echo " . $NIX_PROFILE_SCRIPT" | ||
| echo "" |
There was a problem hiding this comment.
I think this will likely be required since we cant update the users shell from within this bash script install (i think...)
when I tested locally I needed to run . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh since the cli was not found.
another possible idea is that we add a symlink to the profile path into a location that is likely loaded into the users env already. maybe something like
sudo ln -sf "$HOME/.nix-profile/bin/kernel-builder" /usr/local/bin/kernel-builderalthough I'm not sure if this a bad practice when it comes to nix profiles. just a thought
There was a problem hiding this comment.
The script already sources the Nix profile via find_nix / . "$NIX_PROFILE_SCRIPT" within its own process, so kernel-builder --version works during the script.
I would prefer this to symlinking, though.
There was a problem hiding this comment.
yea sorry I wasn't clear, I meant it is likely required for the user to run, if we don't have some other method to make it available automatically. might be worth exploring the symlink or some other approach.
However if this is too tedious, I also think its okay if we require the user to run . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh for now
| extra-trusted-public-keys = $HF_PUBLIC_KEY | ||
| EOF | ||
| sudo systemctl restart nix-daemon 2>/dev/null || sudo pkill -HUP nix-daemon || true | ||
| sleep 3 |
There was a problem hiding this comment.
The issue is that systemctl restart might return before the Nix daemon is actually ready to serve requests with the new config — despite blocking on the unit state, the daemon's socket may not be ready yet.
This is needed in order to propagate the substitutes above to Nix config.
There was a problem hiding this comment.
Maybe there is a principled way of waiting until the socket is ready?
There was a problem hiding this comment.
For an onboarding script, I think this is fine to relax a bit of complexity.
drbh
left a comment
drbh
left a comment
There was a problem hiding this comment.
lgtm, working as expected with
curl -Ls https://raw.githubusercontent.com/huggingface/kernels/6c4a107ba2c488ce50b9a19994e0a1e008fd2e08/install.sh | bash
4 participants
Fix #414