Optional client side building #9344
Comments
Ericson2314
added
feature
|
2023-11-17 Nix team meeting notes:
Deferred, waiting for John and Tom to write a more advanced desing doc. Sounds good in principle. |
|
Heyo @Ericson2314, thanks for this, some questions:
|
I cannot follow this and the implementation details. What is the relevance of SQLite in this context? |
Yes can rig up something with "required system features" I assume.
Yes. In the same way it is today, with or without remote builders.
Ooops I meant "file system view". Thanks for pointing out. SQLite is not relevant! That is my point. However the code today currently requires building to happen with a |
It is not inherently tied to `LocalStore`, it could probably even go in `libnixutil`. Functions not attached to `LocalStore` should not be declared in `local-store.hh`. I am moving it to facilitate experimenting for #9344. If canonicalisation should be done client-side in client-side builds, there wouldn't be a `LocalStore` at all so having to include that header to get this freestanding function is cumbersome and wrong. Perhaps canonicalisation should still be done server-side for security reasons --- I don't mean to make that judgement call now --- but even if so, this freestanding function still isn't connected to `LocalStore` so while less urgent it is still better to move out of this header.
|
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/2023-11-17-nix-team-meeting-minutes-104/35753/1 |
It is not inherently tied to `LocalStore`, it could probably even go in `libnixutil`. Functions not attached to `LocalStore` should not be declared in `local-store.hh`. I am moving it to facilitate experimenting for #9344. If canonicalisation should be done client-side in client-side builds, there wouldn't be a `LocalStore` at all so having to include that header to get this freestanding function is cumbersome and wrong. Perhaps canonicalisation should still be done server-side for security reasons --- I don't mean to make that judgement call now --- but even if so, this freestanding function still isn't connected to `LocalStore` so while less urgent it is still better to move out of this header.
Is your feature request related to a problem? Please describe.
For fixed output derivations that need authentication, it is probably better to run them as the current user in order to give them secrets, especially ephemeral secrets (like expiring tokens) that might require some humans in the loop (various 2fa schemes) and are cumbersome to store in the store.
Builtin fetching should be representable by derivations #9077 once the above is sorted out, we should do this too. Currently the main reason fetching is not done with derivations is authentication. This provides a proper solution. All fetching done as client-side derivations nicely meets in the middle of the current fixed-output derivations vs libfetchers divide.
General decoupling. Building shouldn't depend on using the SQL database (and I don't think it currently does). It ought to work with other stores that also provide a file system view (
LocalFSStore).Describe the solution you'd like
Have a method
getBuilderlikegetFSAccessor, moving building methods there.Remote stores now can either use the current remote side scheduling/building or do their own. This can be dynamic, unlike strategies that bake the choice into the
Storeclass hierarchy.LocalDerivationGoalshould merely assumeLocalFSStore, notLocalStore.LocalStoreshould be renamedSQLiteStore.This provides enough building blocks to allow for a wide variety of remote building configurations.
Additional Context
Talking to @kolloch about AWS fetching and also the ACL store RFC.
Priorities
Add 👍 to issues you find important.
The text was updated successfully, but these errors were encountered: