Open stapelberg opened 8 years ago
That's a very good point. I think (hope) that it would be rare enough for debug symbols to be incompatible with the binaries that this isn't a major issue, but if it ever does happen we need a way to get a derivation rebuilt with the outputs replacing the previous versions... and I'm not sure what the best ergonomics for that would be. I have three ideas currently:
nix-store --repair-path
so that it will rebuild the path even if it's not corrupted; this would allow solving the problem with nix-store --repair-path $path --substituters ''
. This is the closest we already have to this functionality, AFAIK;nix-build
and nix-store -r
which would behave sort of like --check
(in that it rebuilds the path even if it's already there or if it can be substituted) and sort of like --repair-path
(replacing what's currently in the store);nix rebuild
.I'm not very happy with any of these, if anyone has any good ideas I'd appreciate them!
There's a simpler solution here (I think): modify Nix to never include two outputs from different sources in the store. So if you have foo-bin
in the store, and you ask for foo-debug
, Nix either:
foo-debug
from the same substituter that it got foo-bin
from (if this is a thing Nix knows); if we don't have this information, or if that substituter doesn't have foo-debug
, we:foo-bin
and foo-debug
, and download that; and if no such substituter exists, then:foo
ourselves and put all the outputs into the storeOf course! While tracking provenance of paths is complicated (Nix doesn't currently do this), replacing all outputs with what's been built as in your last suggestion seems pretty feasible to me. Maybe Nix even already does this. Thanks :D
Maybe Nix even already does this.
Unfortunately, it doesn't:
I suspect it shouldn't be too hard to change that though.
There is no solution for that, it is a consequence of nix design. Replacing all the outputs just defers the issue to packages down the dependency chain. Also, as soon as you have multiple caches, or a cache starts dropping entries, you get this issue. Replacing all the outputs fixes inter-outputs provenance incompatibilities. But then all the packages that depended on the previous, replaced output may suffer from inconsistencies with the new one. Even though there should be even less inconsistencies between packages than between outputs of a single package.
I just wanted to make a note about this blind spot in the design of nix, that remains well hidden as long as we all rely on a shared central cache that does not discard any path. And discarding some paths is exactly the solution to the problem at hand here.
So let's leave a note here about this issues for people to find out if they ever encounter this, and let's move on.
Who has enough accesses to enable to make the required tests and changes ?
modify Nix to never include two outputs from different sources in the store.
This isn't going to happen because it's a pretty fundamental assumption in Nix that store paths with the same name are substitutable for each other (whether by actually substituting them from a binary cache, or by (re)building them locally). But this issue is moot as long as builds are binary-reproducible, which is what we should strive for anyway. (E.g. CAS Nix doesn't work as well if packages are not binary-reproducible.)
Who has enough accesses to enable to make the required tests and changes ?
I suppose the next step would be hydra support for selectively copying outputs to the cache. Anyone could implement this :)
@layus I think with CA derivations this would be solved, because the debug output references the original, it will require it match a content-address; mixing output from non-deterministic builds won't work.
@Ericson2314 Yes indeed, because CA preserves the provenance relation ;-).
(C.F. #4344)
Debug info size: as we're about to default to gcc12 soon, it might be interesting to look into -gctf1
which should be way smaller than normal debug info (-g
/ -ggdb
) and still provide backtraces. https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
The format is just from the past few years though, so it's likely there will be some hurdles to solve first.
We should however keep in mind that it is not perfect. There is a risk of franken(debug)builds, namely the possibility that you associate a locally re-generated *-debug output with a cached output, and get mismatches because of build impurities. This would not happen if all the builds were perfectly reproducible, but that is not the case. See https://gist.github.com/layus/2a91694be330d5f2591dab9a52c47548 for a mwe.
this is already happening for qemu https://github.com/NixOS/nix/issues/7756
https://github.com/NixOS/nix/pull/8080 modifies nix so that it tags debug outputs when uploading them to s3 in a way that makes it possible to configure the s3 bucket backing cache.nixos.org to automatically remove debug outputs and debug outputs only after a configurable period of time.
PR https://github.com/NixOS/nixpkgs/pull/15539 mentions this, but I think it’s worthwhile to have a separate GitHub issue.
Currently, a large number of libraries are lacking debug symbols even though
environment.enableDebugInfo = true;
is specified in my/etc/nixos/configuration.nix
. The following list is taken from a gdb session on NetworkManager:In the above list, only glibc seems to come with debug symbols, no other library does.
https://nixos.org/nixos/manual/options.html#opt-environment.enableDebugInfo explains how to override individual packages, but that’s tedious and requires recompilation of all reverse-dependencies, which is really really inconvenient (my machine is compiling spidermonkey since half an hour… :-/).
Debian recently started building debug symbol paackages by default and Fedora seems to have debuginfo RPMs built by default as well. I think having debug symbols on by default is a feature that users of modern Linux distributions have come to expect :).
Could we enable debug symbols for all packages by default please?
cc @kevincox