-
-
Notifications
You must be signed in to change notification settings - Fork 14.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
buildRustPackage is broken #23282
Comments
I'm experiencing this same problem while building the NixOS/Security tools. |
ping @wizeman |
This was broken here: #22987 and I'm seeing extremely suspicious behavior:
|
@grahamc: That's what is supposed to happen if, for example, the change in #22987 broke the fetching of cargo dependencies. Since the cargo dependencies get fetched as a fixed-output derivation, even if you change how the dependencies are fetched, Nix reuses the previously-succeeding fetch and says the build succeeded. It won't try to fetch the dependencies again unless |
Perhaps the change in #22987 can be reverted temporarily until this is fixed. |
I think I understand what you're saying, except with master, NixOS/security first fails to build saying the sha doesn't match. Then I update the sha, then it fails to build. Does this still make sense? |
Yes, it still makes sense. That could happen if the change in #22987 made the result of fetching the cargo dependencies incompatible with the "please-do-not-touch-the-network-just-reuse-what-we-downloaded-before" cargo fetch that happens in the |
I get it now: I suppose it isn't recalculating what the depsha SHOULD be, but instead simply finds it already present, and skips the calculation? |
Yes indeed, I ran into a |
hmm. I started looking at this (I broke it in #22987), and it's not something that's super trivial to me to fix. Can we revert for now? I was just getting rid of a deprecation warning anyway. |
1 similar comment
hmm. I started looking at this (I broke it in #22987), and it's not something that's super trivial to me to fix. Can we revert for now? I was just getting rid of a deprecation warning anyway. |
I've also noticed the same for a new project with a new default.nix, this wasn't easy to debug. with import <nixpkgs> {};
rec {
hello = pkgs.stdenv.mkDerivation rec {
name = "hello";
src = ./hello;
buildInputs = [ pkgs.rustc pkgs.cargo pkgs.rustPlatform.rustRegistry ];
postUnpack = ''
mkdir -p $sourceRoot/.cargo
cat <<EOF > $sourceRoot/.cargo/config
[source.crates-io]
replace-with = "nix-store-rust-registry"
[source.nix-store-rust-registry]
registry = "file://${pkgs.rustPlatform.rustRegistry}"
EOF
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
export CARGO_HOME=$sourceRoot/.cargo
mkdir -p $CARGO_HOME
cd $sourceRoot
cargo fetch --locked --verbose
cargo clean
cd ..
rm -Rf $sourceRoot/.cargo/registry/index/*/.git
find . -exec touch --date=@$SOURCE_DATE_EPOCH {} \;
'';
buildPhase = ''
export CARGO_HOME=$sourceRoot/.cargo
cargo build --frozen --release
'';
installPhase = ''
install -m 755 -d $out/bin
install -m 755 target/release/hello $out/bin
'';
};
} |
We could actually create a Advantages:
|
Here's what I built on top of @P-E-Meunier's script: # buildRustPackage.nix
{ pkgs ? import <nixpkgs> {}
, stdenv ? pkgs.stdenv
, rustPlatform ? pkgs.rustPlatform
, rustRegistry ? rustPlatform.rustRegistry }:
{ name
, release ? true
, doHydra ? false
, src
, buildInputs ? []
, ... } @ args:
stdenv.mkDerivation ({
SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
RUST_BACKTRACE = 1;
RUST_LOG = "${name}=info";
configurePhase = ''
# We don't need the configure phase
# but leave the user the option
# to specify his own.
'';
} // args // {
inherit src;
buildInputs = buildInputs ++ [
rustPlatform.rust.rustc
rustPlatform.rust.cargo
];
postUnpack = ''
export CARGO_HOME=$sourceRoot/.cargo
'' + (if rustRegistry != null then ''
mkdir -p $CARGO_HOME
cat <<EOF > $CARGO_HOME/config
[source.crates-io]
replace-with = "nix-registry"
[source.nix-registry]
registry = "file://${rustRegistry}"
EOF
workdir="`pwd`"
cd $sourceRoot
cargo fetch --locked
cargo clean
cd "$workdir"
rm -rf $CARGO_HOME/registry/index/*/.git
find . -execdir touch --date=@$SOURCE_DATE_EPOCH {} \;
'' else "");
buildPhase = ''
cargo build ${if release then "--release" else ""} --${if rustRegistry != null then "frozen" else "locked"}
'';
checkPhase = ''
cargo test
'';
installPhase = ''
install -m 755 -d $out/bin
for bin in `find target/${if release then "release" else "debug"} -maxdepth 1 -type f -not -name .\*`; do
install -m 755 $bin $out/bin/
done
'';
distPhase = ''
mkdir $out/tarballs
tar cf $out/tarballs/${name}.tar `find . -maxdepth 1 -not -name . -not -name target -not -name .hg\* -not -name .cargo`
'';
hydraPhase = ''
mkdir $out/nix-support
for bin in `find $out/bin -type f`; do
echo "file binary-dist $bin" >> $out/nix-support/hydra-build-products
done
'';
postPhases = if doHydra then "hydraPhase" else "";
}) You can pass in your own registry so you don't have to update the rev in your local nixpkgs clone (or explicitely pass Usage example: # default.nix
{ pkgs ? import <nixpkgs> {}
, buildRustPackage ? import ./buildRustPackage.nix { # or fetch from a repo
inherit pkgs;
rustRegistry = null;
} }:
buildRustPackage {
name = "cursedlife";
src = ./.;
buildInputs = with pkgs; [
ncurses
];
doCheck = true;
} It should also be possible to adapt # ...
buildRustPackage = import ./buildRustPackage.nix {
rustRegistry = pkgs.rustRegistry {
src = pkgs.fetchFromGitHub {
owner = "me";
repo = "my-rust-registry";
rev = "...";
};
};
}
# call buildRustPackage ... This doesn't have a |
Is there a PR for the above? |
I've started a PR (#24991) for a replacement for the whole thing. My PR uses nix to do what cargo normally does:
As mentionned in the PR, there are a number of things that still need to be done, I wouldn't mind help. |
Ah, I was unable to find the PR. We need to it update |
AFAIC the solution proposed by @dermetfan is not compatible with sandboxed builds. Apart from that, I really like it. How could we improve it to make it compatible? |
@NeQuissimus: I'm a little slow sorry, I just found a potential source of confusion. I worked on two distinct solutions in the past:
|
@NeQuissimus I worked on @dermetfan's buildRustPackage and here is what I think would do the job: https://gist.github.com/ckauhaus/808cbea9e41d99ae63208c02f245b0e6 Disclaimer: This is a largely untested proof-of-concept. In contrast to @P-E-Meunier's solution, I stick with the traditional approach and create a "fetch-deps" derivation specifically for each Cargo.lock. In contrast to previous solutions, I make use of the new cargo "local-registry" feature and bundle a cache of local *.crate file copies together with a index checkout. This approach is not particularly efficient, as it unpacks $src twice, makes an additional copy of the crates.io index and, of course, begins right from the start each time the fixed-output hash changes. BUT: it works in a sandbox and works with Cargo 1.20. I think it would be still an improvement over the current implementation of buildRustPackage especially as it is broken with 1.19 and relies on a deprecated Cargo feature (registry.index, see reverted PR #22987). Please review, discuss, improve the code. :-) |
It looks OK to me as an interim solution. But again, I am not really a Rust person... |
@NeQuissimus I think we should keep both @ckauhaus solution and #24991. That way we could use |
Ok, sounds encouraging. :-) I'll polish it a bit and test it with various Rust packages found in the source tree. |
#22737 (empty deps) should also be solved on this route. |
(triage) The nix-Rust ecosystem has now stabilized a bit with |
I also think we have this solved now. |
Issue description
pkgs.rust.buildRustPackage
fails every time since I upgraded to nixpkgs17.03pre101839.53a2baa
.This is perhaps also a chance to fix #22737.
In this example project:
The error message (
Unable to update registry file:///dev/null
) indicates that the behavior described in this code comment has changed. @wizeman?Technical details
17.03pre101839.53a2baa (Gorilla)
nix-env (Nix) 1.11.6
17.03pre101839.53a2baa
The text was updated successfully, but these errors were encountered: