-
-
Notifications
You must be signed in to change notification settings - Fork 160
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC 0109] Nixpkgs Generated Code Policy #109
Conversation
It would be useful to explain somewhere in the RFC that IFD refers to "Import From Derivation" to help people not familiar with the acronym understand it better. I think this is particularly important for any user visible configuration, so I think it would be a mistake to call it |
rfcs/0000-nixpkgs-ifd.md
Outdated
# Summary | ||
[summary]: #summary | ||
|
||
Many of us want IFD to be allowed in Nixpkgs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While I find it a nice pragmatic solution that solves headaches, to me it reduces the value of Nix as evaluation and building are now mixed again.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the core philosophical thing the shepherd team will need to discuss I think.
To me, computation in NIx code vs computation in derivations whose outputs we import isn't the core difference. Rather, it is should the "plan" be written with the upstream sources plugged in as black boxes (like today), or not (with IFD, but also with builtins.fetchurl
and doing it all in Nix, no IFD needed). That is the essential difference in approach we must discuss.
I think that for this to go through we have to fix the interaction between |
Done |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/status-of-lang2nix-approaches/14477/28 |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/status-of-lang2nix-approaches/14477/29 |
How will this impact nix-env and other evaluations which expect evaluation to be "cheap" to provide user tools like search and package lists? What if we collaborated with language ecosystems to have them implement lockfiles we can parse and interpret, like the poetry2nix which does not require IFD? |
Do you suggest ~ When contrasting with the motivation & and the last sentence of this RFC, that might at least be something to put into the future or alternative sections. |
I don't think it would be a problem. Also, importantly, adding lock files will not remove the need for IFD in many cases. There are however some important questions that aren't answered by @Ericson2314:
I'm personally thinking that for the future, perhaps explicitly building a new Nixpkgs is the best approach. E.g. you'd make a copy of Nixpkgs where you'd replace every instance of |
Nominating myself for shepherdship. |
Yes my thoughts exactly. The IFD stuff would start as just a few extra things, and the user that ops in to using |
Do we have any other nominations? |
rfcs/0000-nixpkgs-ifd.md
Outdated
Right now, to deal with these packages, we either convert by hand, or commit lots of generated code into Nixpkgs. | ||
But I don't think either of those options is healthy or sustainable. | ||
The problem with the first is sheer effort; we'll never be able to keep up. | ||
The problem with the second is bloating Nixpkgs but more importantly reproducability: If someone wants to update that generated code it is unclear how. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If there is more documentation needed we should rather write and improve documention IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SuperSandro2000 to me the documentation argument is like saying "what's the problem with saying what apt-get
to run in the readme?" as is brought up in https://twitter.com/a_cowley/status/1463923361550159880.
The answer is that no amount of a documentation is a substitute for automation. I don't want to read about a number of steps, I want to run 1 command that works as purely as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but that would also be possible without IFD if better automation would be written. Also we would still need to lock some input versions which makes it impossible to make fully reproducible but less which would probably make it easier to be reproducible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I agree with both of those statements. Vendoring generated code alone doesn't required IFD. IFD just allows the use of vendoring to be minimized.
rfcs/0000-nixpkgs-ifd.md
Outdated
It *must* have in its run-time closure any derivation output that Nixpkgs with `enableImportFromDerivation = true` imports. | ||
\(CI will verify these conditions as described in the next subsection.\) | ||
|
||
3. Any code vendored in Nixpkgs *must* correspond to code produced in an imported derivation, so the code can be mechanistically re-vendored. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we still vendor all the files I don't see the benefit of IFD. Do we want to get the tooling there to better support IFD? That sounds like nixpkgs would be a playground which should be out of tree IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shouldn't vendor any more than today. And in fact we should vendor less: instead of vendoring all of hackage, we should just vendor enough to build cabal2nix
, and bootstrap everything else wit IFD from that.
But I don't want to put in the RFC what we should and shouldn't vendor, just establish the principles by which vendoring is allowed today.
Even if we kept all Hackage vendored as today, it would be still better if you could just update a fetchgit
of the relevant from data from Nixpkgs and then regenerate everything purely.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And in fact we should vendor less
but only when we can remove parts of the vendored files which would require the final nix user to have IFD enabled which is not going to happen anytime soon if I understood it correct. And that is my main point: this will only come in really useful if we don't need any vendor files anymore.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SuperSandro2000 I'm a bit confused?
which is not going to happen anytime soon if I understood it correct
Yes, I do say I don't want to immediately crate a big dust-up making haskellPackages
IFD only.
What I rather do is go in the other direction. There are many would-be things like haskellPackages
that don't get merged because we don't have an appetite for more generated code. Your response to @sternenseemann's wanted to add a second stable package set, NixOS/nixpkgs#138407 (comment), is in fact a prefect example of this! :)! Let's go those things out of limbo by making them use IFD instead of vendoring, and them pioneer the new IFD approach.
I hope that well become a success, and we will then be open to using IFD for things that are vendored today, like the default haskellPackages
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One prospect could in fact be to remove every haskell package that is marked as broken presently from hackage-packages.nix
since those are never touched by CI anyways. We have been hesitant to do this so far, because some of those tend to fix themselves after a while or are really easy to unbreak, so removing them ruins the contributing experience.
Requiring local users to enable ifd to (try) to build these could actually be a fairly decent option.
I agree. This seems like a much saner approach.
Yes! Thank you for voicing that, because I very much did not succeed in bringing that up. I'll decompose it into a problem statement (as I see it):
Yeah, good point. I suppose it won't help developers too much to have an easy way to migrate their project to Nix, because if something breaks, developers will have to learn about overlays, overrides, deep-replacing and other fun Nix internals. I would probably quit Nix if I were in that position, because the promise of "easy to use" had been broken once the first issue arose (even if a solution is trivial, like downgrading a dependency!) |
I'll write it in a separate comment for visibility, but I think we need to decide if we want this RFC for Nixpkgs maintainers or for regular developers that are interested in Nix.
So basically, what I'm trying to say is, would us standardizing the autogen code be valuable and feasible at this point? I now have my doubts about both; perhaps a better way to go about it would be from bottom-up. First developing the tooling that autogens code in standardized way (dream2nix), and then having an RFC to adopt it in the Nixpkgs. What do you say? |
And, separately, unifying quite different approaches of different ecosystems would probably lead to a leaky abstraction. |
@amjoseph-nixpkgs
Apologies if I get it wrong since I don't know much about this, but is the exception related to the fact the Haskell community already has the concept of a closure of dependencies at specific versions that are all compatible with each other, and a non-nix implementation of it, https://www.stackage.org, that translating that into a package set in nixpkgs made sense, and made it relatively nix idiomatic, when compared to other language ecosystems? That would be very different from consuming third party packages from other language ecosystems, where there isn't a single dependency closure across the ecosystem, but rather each package resolves its own dependency closure. |
No. There are only 2,613 packages in stackage but 17,556 packages in the auto-generated More details on the role of Stackage in |
Right, but I mean:
are two completely different things, so the existence of By thinking of it that way, maybe we can make the new RFC more focused on the specific problem we want to solve. Again sorry if I'm saying something that doesn't make sense, I'm missing a lot of context, but I do have interest in |
You are making a lot of sense. I'm specifically talking about |
It seems recent discussion is regarding the process and there is a proposal to close and re-write/re-start. The shepherd team should meet and decide if this is the course of action. If a meeting is too much, let's at least establish a clear proposal and decision asynchronously. |
author: John Ericson (@Ericson2314) | ||
co-authors: (find a buddy later to help out with the RFC) | ||
shepherd-team: @L-as @sternenseemann @tomberek @DavHau | ||
shepherd-leader: @sternenseemann |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
author: John Ericson (@Ericson2314) | |
co-authors: (find a buddy later to help out with the RFC) | |
shepherd-team: @L-as @sternenseemann @tomberek @DavHau | |
shepherd-leader: @sternenseemann | |
author: @sternenseemann | |
co-authors: @Ericson2314 | |
shepherd-team: @L-as @kfearsoff @tomberek @DavHau | |
shepherd-leader: @tomberek |
Apologies for the previous suggestion, where I mistakenly missed out making sternenseemann the author.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wait, I thought @Ericson2314 wrote this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pinging everyone involved! As discussed a little bit earlier, I propose to close this RFC as rejected. After that, two separate RFCs will be put out (sorry if the names are bad, just an example!):
The first RFC will take care of bettering the current codegen infrastructure in Nixpkgs: The second RFC will basically be a draft for quite some time. @DavHau summarized very well the conditions that must be met in order for the bridging to be effective. And actually, the RFC can be much less ambitious, too! If we can get a good UI/UX going, then we don't even have to change Nixpkgs itself - we can focus on guiding users to use I feel like the spirit of the initial RFC text was about the RFC number 2, and iterated rewrites lead to it becoming a confused mix of both. I think it would be for the best to split into two new RFCs, because while the discussion points in this PR are invaluable, it is becoming harder and harder to navigate the conversation due to the confusion surrounding the RFC's goals |
Since these tools must be only invoked inside the derivations to generate code, the impure inputs must be gotten via fixed output derivations. | ||
This might require changes to those tools to separate the pure work from the impuire gather steps. | ||
|
||
Additionally, as @7c6f434c point out, some upstream tooling thinks it is being pure, but the "lock files" (or similar) pinning mechanism it provides isn't up to the task for Nix's purposes. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can give a specific example of Gradle lockfiles. It specifies the package and its version, but it doesn't specify its hash. There is a separate mechanism for storing dependencies' hashes, but due to the way Gradle works the same version may be fetched from a different repository in a different part of the build graph, which may have a different hash, but Gradle only stores one hash per dependency
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/cargo-lock-considered-harmful/49047/3 |
Sorry for necroposting. This was discontinued and no work was done after rejecting this RFC, right? I created NixOS/nixpkgs#336137 and would like to improve ecosystem of updaters in nixpkgs. I could also start implementing technical part of this RFC (I mean, I didn't read the RFC as it's rejected, but would love to help with future RFC) If there is no work done on a new RFC, I could try to make it. Though writing in English is not my strong side at all |
Nixpkgs contains non-trivial amounts of generated, rather than hand-written code. We want to start systematizing to make it easier to maintain. There is plenty of future work building upon this we could do, but we stop here for now to avoid needing to change any tools (Nix, Hydra, etc.).
Rendered