lib: add callLocklessFlake #167947
lib: add callLocklessFlake #167947
Conversation
MatthewCroughan
requested review from
edolstra,
nbp and
infinisil
as code owners
ofborg
bot
added
10.rebuild-darwin: 0
|
Should this be in flake-utils repo instead of here? |
|
@Artturin It would be a real shame to depend on a library like flake-utils in any flake, than to be able to simply say |
lib/trivial.nix
Outdated
| callLocklessFlake ./directoryContainingFlake { inherit nixpkgs; } | ||
| */ | ||
| callLocklessFlake = path: inputs: let | ||
| r = {outPath = path;} // |
There was a problem hiding this comment.
| r = {outPath = path;} // | |
| self = {outPath = path;} // |
There was a problem hiding this comment.
{outPath = path;}
Canonicalize outPath? Depending on the type, might need something like builtins.path { name = "source": ... }.
Not sure, maybe this should be the caller's responsibility. If they want to avoid putting intermediate paths in the store, perhaps we shouldn't.
There was a problem hiding this comment.
In most cases I'd see this used via a sub-flake in a monorepo or another flake input which would already be canonicalized.
There was a problem hiding this comment.
I agree. Let's not make the mistake again of doing too much.
There was a problem hiding this comment.
After seeing that the current behavior does not match user expectations, I'm not convinced that we should leave this as is.
outPath = builtins.path { name = "source"; inherit path; } matches what flakes do iirc, and it could still be made optional afterwards.
Let's not make the mistake again of doing too much.
In this case the mistake has already been made, and we better follow along.
I do not get the impression that non-store flake sources to be implemented. @tomberek, wdyt?
There was a problem hiding this comment.
I don't have a strong opinion either way at the moment.
I'm not sure what the behavior is with builtins.path in term of multiple copies. I'm thinking of cases like a monorepo where a subdirectory already exists in the Store somewhere, just not as a top-level store path.
There was a problem hiding this comment.
After some thought, this scenario seems rather serious:
- user sees that
outPathisn't copied, uses it for some sources imports, etc - user applies
callLocklessFlaketo directory with confidential files, which is safe to do - we change
callLocklessFlaketo match other users' expectations of callingbuiltins.path - user updates Nixpkgs
- user unknowingly puts confidential files in the store or binary cache
A similar scenario exists for the opposite direction, where a store path size (and therefore closure size) can increase unknowingly.
It seems like it's a matter of time before someone comes along to make it do the "right" thing and enact (3), so let's preempt that by adding a copy parameter without a default, fixing the problem at (1). We can assign a default once flakes stabilize and when we know how this function is used in practice.
I'm not sure what the behavior is with builtins.path in term of multiple copies.
Subflakes always call it, so outPath is always a top-level path. It may not always do this in the future, but for now it seems that we should replicate that behavior. (Maybe I've been holding it wrong, or maybe this changes)
There's no need for the flake to be a subflake and normal flakes also put outPath in the store on way or another.
MatthewCroughan
force-pushed
the
mc/callLocklessFlake
branch
from
606673f
to
7e175da
Compare
MatthewCroughan
force-pushed
the
mc/callLocklessFlake
branch
2 times, most recently
from
475cf20
to
3260ad3
Compare
|
@roberth I've done as you requested. All that's left to do is add a test in lib/tests. I will do this shortly. |
This is essentially a copy of the function of the same name, from flake-compat. callLocklessFlake is useful when trying to utilise a flake.nix without a lock file, often for when you want to create a subflake from within a parent flake. Co-authored-by: Tom Bereknyei <tomberek@gmail.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
This commit creates flakes.nix, which is a library containing functions which relate to interacting with flakes. It also moves related functions from trivial.nix into it.
MatthewCroughan
force-pushed
the
mc/callLocklessFlake
branch
from
3260ad3
to
cc05277
Compare
MatthewCroughan
force-pushed
the
mc/callLocklessFlake
branch
from
b622920
to
3f128cc
Compare
|
I've added what I think is a decent test, I'm not sure how i could do it better, so please advise on a better way to do it if there is one. |
|
I think this is a very bad idea and I have reverted it in #173093. |
This reverts commit PR NixOS#167947. Flakes aren't standardised and the `lib` namespace shouldn't be polluted with utilities that serve only experimental uses.
|
I figured users of this function would anticipate breaking changes, as Flakes are clearly advertised to be experimental. NixOS/rfcs#82 has been mentioned as a solution in the other thread. I've offered to shepherd it some time ago. If you're interested, please join. |
|
I do not think it's fair to say that Flakes are experimental, given how many users there are, and the plan to stabilize them. They may be unstable, in terms of API and technicality, but I do not agree that they are experimental. |
|
Flakes are deeply flawed when it comes to user facing design/implementation choices. If anything, they should be considered more experimental than they currently are. But maybe I should have more faith in upstream's courage to make (very) breaking changes. That said, I'll reiterate: |
|
I don't mind the revert for now. I'm working on a better replacement for this that will be strictly speaking more compliant with flakes/subflakes as well as a bit more powerful (allow dynamically generated input + follows attrsets). |
|
Usually, Nixpkgs cares about a strict subset of stable features of (non-latest, because all the interwoven release cycles) stable Nix. There are useful things easily doable in Nix but not expected to be done in Nixpkgs. |
Merging it in the first place set a bad precedent with far reaching implications for the stability expectation for all of |
This function was added to nixpkgs in NixOS/nixpkgs#167947 by Artturin. And later reverted because it's for unstable flakes. So let's add it here, since a lot of projects are already importing flake-utils.
This function was added to nixpkgs in NixOS/nixpkgs#167947 by MatthewCroughan. And later reverted because it's for unstable flakes. So let's add it here, since a lot of projects are already importing flake-utils.
|
Since this got reverted, I made a PR to add it to flake-utils. What do you think? |
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/url-of-flake-inside-flake/32939/2 |
This is essentially a copy of the function of the same name, from
flake-compat. callLocklessFlake is useful when trying to utilise a
flake.nix without a lock file, often for when you want to create a
subflake from within a parent flake.
Co-authored-by: Tom Bereknyei tomberek@gmail.com
Taken from: https://github.com/tomberek/relative/blob/0943a113c19e17b5f51c054de5233f2d3c97ce35/flake.nix#L32-L36
Inspired by: https://github.com/edolstra/flake-compat/blob/64a525ee38886ab9028e6f61790de0832aa3ef03/default.nix#L84-L88
Description of changes
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes