-
-
Notifications
You must be signed in to change notification settings - Fork 14.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build-support/rust: add cargoPurityFlag parameter #187838
Conversation
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/is-it-possible-to-override-cargosha256-in-buildrustpackage/4393/8 |
The Discourse link above is the primary motivation for this. Here is a somewhat-messy example of the case where |
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/rust-development-on-nixos/20866/5 |
Cargo-driven builds within a Rust derivation must not access the network. Cargo offers two different flags to achieve this: * `--frozen`, which we currently use. * `--offline`, which is less picky about the `Cargo.lock` file. Both of these prevent access to the network. However, adding a `[patch]` section to your `Cargo.toml` will cause `cargo build --frozen` to fail, whereas `cargo build --offline` will still succeed. In order for nixpkgs users to be able to take advantage of Cargo `[patch]` stanzas, we need to provide a way for them to requrest `--offline` be used instead of `--frozen`. This commit adds a `cargoPurityFlag` parameter which does that. Simply changing `--frozen` to `--offline` across the board seemed too risky to me. The Cargo manual has the following warning: > Beware that this may result in different dependency resolution than > online mode. Cargo will restrict itself to crates that are > downloaded locally, even if there might be a newer version as > indicated in the local copy of the index. https://doc.rust-lang.org/cargo/commands/cargo-build.html?highlight=frozen#manifest-options https://doc.rust-lang.org/cargo/reference/overriding-dependencies.html#the-patch-section
Rebased. |
@@ -44,6 +44,11 @@ | |||
, useNextest ? false | |||
, depsExtraArgs ? {} | |||
|
|||
# You must use "--offline" instead of "--frozen" if `Cargo.lock` is | |||
# valid-but-outdated, for example when adding a `[patch]` stanza to | |||
# `Cargo.toml` without regenerating `Cargo.lock`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you're adding a patch stanza why can't you regenerate the lock at the same time?
For that matter why use a patch stanza? Patch toml and lock, add to cargoPatches.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because you're adding the patch stanza from inside a derivation!
This lets us do for crate dependencies of a buildRustPackage
what we can already do for ordinary packages in nixpkgs -- override a specific dependency throughout all of nixpkgs.
My own motivating example case is the ring
crate, which is basically "openssl/boringssl for Rust". It's a deep, deep dependency of a huge chunk of the ecosystem. Ring does not build on PowerPC, and the Ring maintainer has ignored a patch submitted by IBM for over two full years. There needs to be a way for people to route around this sort of nonsense.
But this is generally useful on all platforms, for the same reasons why .override
is useful. At least until crate2nix conquers the universe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here is what the example usage looks like:
This shows what "replace this crate with that crate in this one package" looks like:
I'm working on a more general "replace this crate with that crate in every use of buildRustPackage
".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This lets us do for crate dependencies of a buildRustPackage what we can already do for ordinary packages in nixpkgs -- override a specific dependency throughout all of nixpkgs.
How does that work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the example you posted you can do this:
Patch toml and lock, add to cargoPatches.
I'm very, very hesitant on letting this into nixpkgs. We're using frozen for a reason, I don't see that we want to let people switch packages to offline as they'll never be switched back. |
The motivating use is If the |
Somewhat.
Why is using |
We want people to use |
I will prepare a concrete proposal that will limit the use of
Because you have to regenerate the
For patching a "leaf crate" ( However I don't think we want people using |
At this stage I don't see that this would change my mind, frankly I think merging it will make nixpkgs worse off overall. With more complicated cases like treewide patching it may be more compelling but even after you update it with your proposal this PR is only a first step towards that. I really don't think this should be merged until we can review the entire thing. I realize you may not want to put in all of that work in without some assurance that it will be merged but I don't see that I can offer that. |
Description of changes
Builds within a derivation must not access the network. Cargo offers two different flags to achieve this:
--frozen
, which we currently use.--offline
, which is less picky about theCargo.lock
file.Both of these prevent access to the network. However, adding a
[patch]
section to yourCargo.toml
will causecargo build --frozen
to fail with the following error message:In order for nixpkgs users to be able to take advantage of Cargo
[patch]
stanzas, we need to provide a way for them to request--offline
be used instead of--frozen
. This commit adds acargoPurityFlag
parameter which does that.Simply changing
--frozen
to--offline
across the board seemed too risky to me. The Cargo manual has the following warning:https://doc.rust-lang.org/cargo/commands/cargo-build.html?highlight=frozen#manifest-options
https://doc.rust-lang.org/cargo/reference/overriding-dependencies.html#the-patch-section
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)nixos/doc/manual/md-to-db.sh
to update generated release notes