- Load GitHub 403 retry helper only when available
- Fallback to plain `nix run` if retry function is not defined
- Prevent exit 127 when pkgmgr launcher is installed without retry script
- Fix E2E failure for `pkgmgr update pkgmgr --system`
https://chatgpt.com/share/693efd23-8b60-800f-adbb-9dfffc33f1f7
The virtual environment test no longer invokes the distro-installed pkgmgr launcher (Nix-based).
Instead, it explicitly installs and activates the Python venv via make setup-venv and runs pkgmgr from there.
This aligns the test with its actual purpose (venv validation), avoids accidental execution of the Nix launcher, and fixes the failure caused by the missing run_with_github_403_retry helper in the venv workflow.
https://chatgpt.com/share/693ee224-e838-800f-8fa0-45295b2f5e20
- Require retry_403.sh to exist and fail hard if missing
- Source retry helper unconditionally
- Run nix flake execution via run_with_github_403_retry
- Prevent transient GitHub API rate-limit failures during nix run
https://chatgpt.com/share/693ed83e-a2e8-800f-8c1b-d5d5afeaa6ad
* Add `force_update` to `RepoContext` and propagate it through install/update flows
* Add `pkgmgr install --update` to force re-running installers even if the same CLI layer is already loaded
* Enhance `NixFlakeInstaller` to ensure correct outputs (pkgmgr + optional default for package-manager) and support refresh/upgrade with index-based fallback remove+reinstall
* Make Python/Makefile installers emit an “upgraded” marker when `force_update` is used
* Add E2E tests for “three times install” scenarios (makefile, nix, venv) with shared run helper
* Fix git safe.directory wildcard quoting in E2E shell runner and minor cleanup/reordering of imports/comments
https://chatgpt.com/share/693db0b4-6ea4-800f-b44a-f03939c7fb9e
Add a reusable retry helper that detects GitHub API 403 rate-limit errors
during Nix flake evaluation and retries with exponential backoff.
Apply the retry logic to flake-only CI tests so transient GitHub rate
limits no longer cause random CI failures while preserving fast failure
for real errors.
https://chatgpt.com/share/693d7ec5-ac70-800f-a627-ef705c653ba1
* Rename `config.sh` to `bootstrap_config.sh` to clearly separate installer bootstrap config from Nix system config
* Add `nix_conf_file.sh` to manage `/etc/nix/nix.conf` safely and idempotently
* Ensure `nix-command` and `flakes` are enabled without overwriting existing experimental features
* Invoke Nix config enforcement from `nix/init.sh` during root installation
* Update documentation and ShellCheck annotations accordingly
* Extend CLI git proxy to include `git status`
https://chatgpt.com/share/693d5c4a-bad0-800f-adaf-4719dd4ca377
* Remove legacy *main.py* and introduce *pkgmgr* module entry via *python -m pkgmgr*
* Add ***main**.py* as the canonical entry point delegating to the CLI
* Export *PYTHONPATH=src* in Makefile to ensure reliable imports in dev and CI
* Update setup scripts (venv & nix) to use module execution
* Refactor all E2E tests to execute the real module entry instead of file paths
This aligns pkgmgr with standard Python packaging practices and simplifies testing, setup, and execution across environments.
https://chatgpt.com/share/693c9056-716c-800f-b583-fc9245eab2b4
Introduce a dedicated publish-containers workflow triggered after stable releases.
Unify container build and publish logic via scripts, add buildx-based multi-tag publishing,
default base image resolution, and Arch alias tags for latest/version/stable.
https://chatgpt.com/share/693c836b-0b00-800f-9536-9e273abd0fb5
* Centralize OS detection and normalization in a dedicated resolver module
* Treat Manjaro consistently as Arch across dependencies and package install
* Remove duplicated OS logic and legacy lib.sh
* Rename installation entrypoint to init.sh and update Makefile accordingly
https://chatgpt.com/share/693c7b50-3be0-800f-8aeb-daf3ee929ea3
* Move the Nix bootstrap from *scripts/init-nix.sh* to *scripts/nix/init.sh* with split-out helpers in *scripts/nix/lib/*
* Update Arch/Debian/Fedora packaging hooks to call */usr/lib/package-manager/nix/init.sh*
* Keep bootstrap behavior the same while improving maintainability and reuse
https://chatgpt.com/share/693c7159-b340-800f-929e-2515eeb0dd03
* Ensure nix is reachable for sudo on CentOS by providing /usr/bin and /usr/sbin fallbacks when absent
* Keep /usr/local/bin as primary CI path without breaking non-login shells
* Never overwrite distro-managed nix binaries (Arch-safe)
* Stabilize e2e and virgin-user tests across all distros
https://chatgpt.com/share/693c6013-af2c-800f-a1bc-baed0d29fab7
* Resolve the real *nix* executable to avoid self-referential symlink loops
* Prefer distro-managed paths (*/usr/sbin*, */usr/bin*) over */usr/local*
* Restrict global symlink creation to */usr/local/bin/nix* only
* Never overwrite Arch-managed */usr/bin/nix* or */bin/nix*
* Make CI and non-login shells reliable while preserving native Arch behavior
https://chatgpt.com/share/693c6013-af2c-800f-a1bc-baed0d29fab7
Add resolve_nix_bin to reliably locate the nix binary in non-login shells.
Create and enforce global nix symlinks for CI environments (/usr/local/bin, best-effort /usr/bin and /bin).
Apply symlink enforcement on fast path, after PATH adjustments, and post-install when running as root.
Improve warnings when nix is installed but not on PATH.
https://chatgpt.com/share/693c6013-af2c-800f-a1bc-baed0d29fab7
Move CA bundle detection from the Docker entrypoint to CentOS dependencies and persist it system-wide.
This ensures Nix, Git, curl, and Python HTTPS access works in virgin environments by configuring `/etc/profile.d` and `/etc/nix/nix.conf`.
Removes runtime-only CA exports from the container entrypoint and makes the setup reproducible and distro-correct.
https://chatgpt.com/share/693c5ddf-3260-800f-ac94-38c635dba307
Ensure /home/nix and .nix-profile are accessible for non-root users,
create /usr/local/bin/nix symlink with fail-fast behavior, and replace
silent permission fixes with explicit checks, clear error messages,
and deterministic exit codes.
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
Refactor Dockerfile into multi-stage virgin/full targets and introduce a single
flag-based image build script. Standardize image naming, remove redundant build
scripts, and update Makefile targets accordingly. CI workflows now build missing
virgin images and run root and user tests consistently across all supported
distributions.
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
* Switch virgin root/user workflows to use *make install* + *make setup/setup-venv*
* Add Git *safe.directory /src* to avoid flake evaluation failures on mounted repos
* Enable Nix flake run in workflows and prepare */nix* for non-root execution
* Refactor Arch packaging to build in an isolated */tmp* directory via *aur_builder*
* Rename installer scripts (*run-** → *dependencies.sh* / *package.sh*) and adjust Docker entry + env var to *REINSTALL_PKGMGR*
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
Refactor CI to clearly separate virtualenv-based container tests from pure Nix flake tests across all distros (arch, debian, ubuntu, fedora, centos).
Introduce dedicated test-env-nix workflow and Makefile targets, rename former container tests to test-env-virtual, and update stable pipeline dependencies.
Improve Nix reliability in containers by fixing installer permissions and explicitly validating nix availability and version during image build and tests.
Refactored the Nix initialization script to reduce duplicated code and
centralize the installation workflow. The core functionality remains
unchanged, but all installer calls now use a unified function with retry
support to ensure resilient downloads in CI and container environments.
Key improvements:
- Added download retry logic (5 minutes total, 20-second intervals)
- Consolidated installer invocation into `install_nix_with_retry`
- Reduced code duplication across container/host install paths
- Preserved existing installation behavior for all environments
- Maintained `nixbld` group and build-user handling
- Improved consistency and readability without altering semantics
This prevents intermittent failures such as:
“curl: (6) Could not resolve host: nixos.org”
and ensures stable, deterministic Nix setup in CI pipelines.
https://chatgpt.com/share/693b13ce-fdcc-800f-a7bc-81c67478edff
Implemented a robust retry mechanism for cloning the yay AUR helper during Arch dependency installation.
The new logic retries the git clone operation for up to 5 minutes with a 20-second pause between attempts, allowing the build to proceed even when GitHub intermittently returns HTTP 504 errors.
This improves the stability of Arch container builds, especially under network pressure or transient upstream outages.
The yay build process now only starts once the clone step completes successfully.
https://chatgpt.com/share/693b102b-fdb0-800f-9f2e-d4840f14d329
Implement `ensure_nix_build_group()` and use it in all code paths where Nix is installed as root.
This resolves Nix installation failures on Ubuntu containers (root, no systemd) where the installer aborts with:
```
error: the group 'nixbld' specified in 'build-users-group' does not exist
```
The fix standardizes creation of the `nixbld` group and `nixbld1..10` build users across:
* container root mode
* systemd host daemon installs
* root-on-host without systemd (Debian/Ubuntu CI case)
This makes Nix initialization deterministic across all test distros and fixes failing Ubuntu E2E runs.
https://chatgpt.com/share/693b0e1a-e5d4-800f-8a89-7d91108b0368
- Extend PATH probing to include /home/nix/.nix-profile/bin/nix (container mode).
- Automatically invoke init-nix.sh when nix is not found before first run.
- Ensure pkgmgr always attempts a one-time Nix initialization instead of failing prematurely.
- Improve error message to clarify that nix was still missing *after* initialization attempt.
- Keep existing flake-based execution path unchanged (exec nix run …).
This makes the wrapper fully reliable across Debian/Ubuntu package installs,
fresh containers, and minimal systems where Nix is not yet initialized.
https://chatgpt.com/share/693b005d-b250-800f-8830-ab71685f51b3
- Added `git rev-parse HEAD` to test-container workflow to confirm the exact
commit SHA used during CI runs.
- Updated Dockerfile to print BASE_IMAGE and OS release information during
build for better reproducibility diagnostics.
- Extended test-container script to dump the first 40 lines of
`docker image inspect` output, allowing verification of the image ID,
creation time, and applied build args.
These additions help trace discrepancies between local builds and GitHub
Actions, ensuring we can detect mismatches in commit SHA, base image,
or container metadata.
https://chatgpt.com/share/693ae07a-8c58-800f-88e6-254cdb00b676
- Introduce a GitHub Actions matrix for `test-container` and `test-e2e`
to run against arch, debian, ubuntu, fedora, and centos
- Run unit and integration tests only in the Arch container by passing
`distro="arch"` via make in the corresponding workflows
- Replace the global DISTROS loop with a single `distro` variable in
the Makefile, defaulting to `arch`, and export it for all scripts
- Update build scripts (build-image, build-image-no-cache, build-image-missing)
to build images for the selected distro only
- Simplify test-container script to validate a single distro image using
the `distro` environment variable
- Simplify E2E, unit, and integration test scripts to run against a
single distro container instead of iterating over all distros
https://chatgpt.com/share/693acbba-9e30-800f-94fb-fea4489e9078
All test scripts (unit, integration, e2e) previously overwrote the Docker
ENTRYPOINT by using `--entrypoint bash`, which bypassed the container’s
startup logic in `docker-entry.sh`.
`docker-entry.sh` performs essential initialization steps such as:
- CA bundle auto-detection (NIX_SSL_CERT_FILE, SSL_CERT_FILE, etc.)
- Nix environment setup
- PATH adjustments and distro logging
By removing the explicit `--entrypoint bash` and invoking:
bash -lc '...'
directly as the container command, the Dockerfile’s ENTRYPOINT is restored
and runs as intended before executing the test logic.
This fixes TLS issues in CentOS E2E runs where Nix was unable to fetch
flake inputs due to missing CA configuration.
https://chatgpt.com/share/693ac1f3-fb7c-800f-9e5c-b40c351a9f04
- Quote Nix store/cache volumes and distro image name in docker run
- Use strict bash flags (set -euo pipefail) inside test container
- Print distro ID robustly with fallback
- Configure /src as Git safe.directory when git is available
https://chatgpt.com/share/693a9c0e-59ec-800f-83a1-eec31bd76962
* Move Arch-specific ignore rules into `packaging/arch/.gitignore` and simplify top-level `.gitignore`/`.dockerignore`.
* Update Arch `PKGBUILD` to sync from the project root and drop `packaging/` from the installed tree.
* Fix OS-specific `package.sh` helpers to resolve the new `packaging/*` locations correctly for Arch, Debian/Ubuntu, Fedora, and CentOS.
- Add dev runner main.py that prefers local src/ over installed pkgmgr
- Move Arch/Debian/Fedora packaging files under packaging/* and update build scripts
- Adjust .gitignore/.dockerignore for new packaging paths and src/source/
- Improve config defaults discovery to support src/ layout and installed packages
- Update architecture diagram and add TODO overview for TAGS/MIRROR/SIGNING_KEY
https://chatgpt.com/share/693a76a0-e408-800f-9939-868524cbef4d
- Split virgin tests into separate root and user GitHub Actions workflows
(test-virgin-root, test-virgin-user) and adjust Arch container flows
- Introduce scripts/installation/venv-create.sh and reuse it from
scripts/installation/main.sh with separate root/system and user/dev paths
- Add PKGMGR architecture & setup map (assets/map.png) and section in README
with link to the up-to-date master page
- Simplify README by removing outdated Docker quickstart, usage examples,
and AI footer
- Extend .gitignore to exclude src/source artifacts
https://chatgpt.com/share/6939bbfe-5cb0-800f-8ea8-95628dc911f5
The init-nix.sh script previously hardcoded /usr/bin/bash as the login shell
for the 'nix' user, which exists on Arch but not on Debian. This caused the
Nix single-user installer (run via `su - nix`) to fail silently or break in
unpredictable ways on Debian-based images.
We now resolve the shell dynamically via `command -v bash` and fall back to
/bin/sh on minimal systems. This makes Nix installation deterministic across
Arch, Debian, Ubuntu, Fedora, CentOS and CI containers.
https://chatgpt.com/share/6939e97f-c93c-800f-887b-27c7e67ec46d
- Remove Makefile inline variable export (distro=arch) and invoke scripts via bash
- Add robust default in test-unit.sh and test-integration.sh:
: "${distro:=arch}"
- Prevent "unbound variable" errors under `set -u` when no distro is provided
