-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: better document Rust template #46
Conversation
f9baa9d
to
63fa110
Compare
There is a “nix-prefetch-url/git” approach that is technically more correct than using the fakeSha. We should mention that as well. |
templates/rust/pkgs/default.nix
Outdated
# buildInputs = | ||
# [openssl] | ||
# platform specific dependencies can be added as well | ||
# ++ lib.optional hostPlatform.isDarwin [darwin.apple_sdk.frameworks.Security]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
libiconv
is pretty commonly referenced on macos too
We should also link to the different apple frameworks or explain how to read the linker error messages in the nix context
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not incredibly familiar with all the different apple frameworks - would you be able to explain that? Or point me to some docs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Me neither my familiarity stems from trying to build rust projects and ever so often the linker fails
Security
is a fairly frequent one (e.g. its a transitive dependency of the very popular tokio web-stack)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Haha okay I'll poke around
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added comments about linker failures. I think we a need a way for users to find frameworks, and I put a comment with desired behavior in the last commit, but that's not reality yet
templates/rust/pkgs/default.nix
Outdated
lockFile = ../Cargo.lock; | ||
# The hash of each dependency that uses a git source must be specified | ||
# The hash can be found by setting it to lib.fakeSha256 as shown below and running flox build. | ||
# The build will fail but output the expected sha, which can then be added here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As @tomberek mentioned the less weird way of getting the hash should be
nix store prefetch-file "<url>"
However the url part is not necessarily known for cargo dependencies 🤔
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will the url be apparent for any dependency a user needs to set the output hash? I feel like we should just recommend the one simplest way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no with these generated ones its usually quite difficult to anticipate the url
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Then I think I would only document the fakeSha256 approach, since this is targeted at a first time user. cc @tomberek
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, ultimately thats a nix ux issue we won't solve now
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tbh, I think it's not the solution we would need in the end, since I definitely do not want to maintain these hashes here manually (those are actually pinned within Cargo.lock). I see that there is an issue (Matthew found that one here: NixOS/nixpkgs#183344) but the provided solution is a workaround for that one (at least from my "simple" user perspective). I therefore suggest to put the actual issue link to the comments as well and somehow record a future todo to revisit / remove the workaround as soon as the nixpkgs issue is solved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 tracking the issue of managing the hashes manually
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately NixOS/nixpkgs#183344 seems to be a different issue,but one we have to be aware of regardless.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@elbart
As a bit of a background
Cargo locks git and registry dependencies differently.
In case of registry provided dependencies (your standard crates.io for example) the lock looks like this:
[[package]]
name = "anyhow"
version = "1.0.43"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "28ae2b3dec75a406790005a200b1bd89785afc02517a00ca99ecfe093ee9e6cf"
dependencies = [
"backtrace",
]
Cargo adds a checksum
to verify the integrity of the downloaded package, this checksum is reused by nix as the hash for this package, hence no need to specify it again.
On the other hand git dependencies are locked like this:
[[package]]
name = "libc"
version = "0.2.126"
source = "git+https://github.com/rust-lang/libc?rev=f143f2b9ace1c9b99dd5c104470e94f5990ed7d2#f143f2b9ace1c9b99dd5c104470e94f5990ed7d2"
There is no checksum
provided here as cargo considers the git rev to provide enough integrity guarantees.
Nix does not though. Broadly speaking, any resource fetched by nix needs a checksum.
Nix can't derive it from the lock file so you need to specify it separately.
//
As a side note, (you don't need to look into these yourself these projects might be overwhelming without the nix background)
Alternatively to this pure nix approach, there are external tools that separately, convert your Cargo.toml/Cargo.lock into a nix variant. Since these tools are not part of the nix build they can download and checksum the git dependencies as well as e.g. improve build caching.
a30d972
to
014acb7
Compare
Add comments about imports, outputHashes, and buildInputs Helps #41
014acb7
to
f7d2b51
Compare
Add comments about imports, outputHashes, and buildInputs