Open nmattia opened 5 years ago
Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:
Oh my gosh this would be so handy to have official!
I marked this as stale due to inactivity. → More info
This is still important to me!
I'd love to see this too :+1:
I would also still really love to see this!
Note: naersk
was just moved to https://github.com/nix-community/naersk, so I guess we're one step closer!
I marked this as stale due to inactivity. → More info
This is still important to me!
fyi: #221716
Issue description
I’ve been experimenting with a new build platform that doesn’t require specifying a
cargoSha256
but instead relies on the information contained in theCargo.lock
. There are some open issues, maybe someone here will have good solutions!(note: happy to move this to discourse if needed)
The problems with the current rust platform (in particular with
cargoSha256
) is that it’scargoSha256
. This means tweaking the existing checksum, re-building, copying the new hash, etc. This becomes a huge mess when lots of developers are working on the same cargo project.sha256
) and in some cases the build may succeed nonetheless (think: security patch in a dependency, which doesn’t tinker with the crate’s interface). However a build on a different machine — where the vendored crates haven’t been cached yet — will result in a hash mismatch.How
The idea is to leverage the “recently” added
builtins.fromTOML
to read theCargo.lock
in Nix directly and fetch all crates before the build even begins (I’ve done something similar for npm). The lockfile looks something like this:Quoting naersk (the POC for this new platform):
The corollary is that the lockfile contains all the information Nix needs in order to download dependencies (at least for crates coming from crates.io, see below for git dependencies).
Current status
The POC works surprisingly well. Most libs build out of the box but there are some issues that worry me a bit.
Libs that build
(I basically went through the list of trending rust repos)
Missing
fetchFromGitHub
and friends require asha256
. There are some workarounds:builtins.fetchgit
... which doesn’t require asha256
. The major drawbacks is thatfetchgit
will redownload the repo every hour and doesn’t support submodules. Moreover it’s somewhat ugly.cargoSha256
for git deps ... which is somewhat work ergonomic than having a singlecargoSha256
for all deps, but still not idealnix-build
/derivation — it’s a pain to make sure thatcargo
(in a dev’s terminal) uses the same dependencies. There are some workarounds that can be implemented in a nix-shell (shellHook
setting$CARGO_HOME
with custom config, orshellHook
that symlinks the store paths in $PWD) but it’s still very, very suboptimal.CC @grahamc @basvandijk