-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build stackage2nix in NixOS sandbox #41
Comments
related #40 |
Currently, I see no ways of sandboxing the stackage2nix wrapper. See the issues below. stackage2nix wrapper requires following dependencies to be fetched, see nix/lib.nix
To be able to satisfy the sandbox requirements, all these dependencies should be prefetched before the build by the standard Stackage config filesOnly files are needed, so all-cabal-hashesTo build the exact copy of stackage packages set, hackage-dbAn issue with hackage-db is that URL doesn't have a particular version to put in |
|
Regarding the non-determinism of I've found this old comment on the original issue thread. The idea is to unpack the git objects and store them uncompressed bendlas/nixpkgs@4b9c24a Downsides:
Upsides:
|
Part of typeable#41 Requires typeable/nixpkgs-stackage#26 Maybe the old .git code-path should be supported also. So both a manual checkout and a nix-built all-cabal hashes can be used.
Do you really care about the git history or is it because the tool wants to query the current reference of the checkout? For the latter, it could make sense to re-build a fake
|
@zimbatm It's the mapping from sha1 to a file content that is needed. |
so the tool is not looking at the checked-out content but querying the git database directly instead? if you go down the fetchgit + unpacked blobs maybe you can make it smaller by using a shallow copy of the database. given the level of effort involved it could make sense to patch upstream as well |
@zimbatm The full history is still needed, as we need all blobs reachable from the required commit. I've discussed this with @4e6, and I think I'll just make a small tool that will create a canonical representation of git .pack file. So if everything (branches, tags) is properly pruned before that, the result will be a working git checkout that is also reproducible. I'll experiment with this approach here. If it'll work out, I try to do the same in the |
I tried the approach referenced in my previous comment with the unpacking of git objects bendlas/nixpkgs@4b9c24a This led to the increase of |
This allows a bare checkout `all-cabal-hashes`, which saves some space and removes a lot of separate files. But it also means that we'll be able represent a whole `all-cabal-hashes` repo as a single git .pack-file. Making that .pack-file reproducible will be a final thing to achieve typeable#41.
This allows a bare checkout `all-cabal-hashes`, which saves some space and removes a lot of separate files. But it also means that we'll be able represent a whole `all-cabal-hashes` repo as a single git .pack-file. Making that .pack-file reproducible will be a final thing to achieve #41.
Maybe we can use the github zip archive? It should allow fast random reads. |
Filenames are used only as a fallback, primary addressing method is by GitSHA1. So a full .git-repo is needed. |
As I understand it, the bare git repo is only used because it is more compact than doing a repo checkout. However, there is no good way to get an up-to-date one within a nix sandbox. I had to revert 86f11b8 while working on updating nixpkgs-stackage. |
@yorickvP To make a latest .zip usable, you need to calculate GitSHA1 of every file inside of it and cache this info somewhere. It's doable, except for hackage revisions (just grep by Proper solution is to create some canonical representation of a .git repo which will be reproducible. Maybe that will require writing a custom git .pack file generator. |
Does stack even expose the used cabal file revision? The intractability of the problem does not seem worth any of the potential savings of using older cabal files sometimes, assuming cabal files are rarely updated and do not break anything. |
@yorickvP Yes, it's exposed - e.g. search for If non-breaking updates are OK, why you've enabled the sandboxing? =) |
Unable to build
nix/stackage2nix
on NixOS with nix.useSandbox enabled.The text was updated successfully, but these errors were encountered: