New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
modules-closure.sh: rewrite to use modinfo #107871
base: master
Are you sure you want to change the base?
Conversation
@lheckemann do you think this is a sane approach generally? (not asking you to review the code just yet, bash can cause quite a headache) |
147ad0f
to
6f9c6d6
Compare
Side remark: I would have much preferred to write this is a proper language (vs bash). It would be quite nice to settle on a language for nontrivial builders in |
👍 on the idea. Regarding a different language: I'm not sure a bash-free build would sell well since you lose stdenv, but I'm all for writing a different-language script to do the actual logic and using it from the bash builder (like for configuring the kernel, where the logic happens in perl).
That should be a safe assumption: modules can't be loaded if their dependencies aren't loaded yet. |
6f9c6d6
to
057f748
Compare
Actually an interpreted language is probably not a good idea here, since this code will run locally on almost every NixOS machine, so the interpreter would effectively slip into the runtime closure. I would be quite happy to write this external program in, say haskell, but I am not quite sure if people are willing to have
Thats good to know! I noticed that it won't help as much as I initially thought though, because two modules still can depend on a common one, so the undirected graph may (and likely will) still have cycles. So we still need to either track seen modules, or accept that we visit nodes several times, which is bad performance wise. |
We already require perl in the runtime closure since a number of core nixos utilities (e.g. the /etc/passwd generator script) are written in perl, and python is in the closure of any system using grub (dependency via libzfs) or systemd-boot (boot menu generator script is written in python). That said, I'm not sure I understand how it would get into the runtime closure? After all, it's only used within the derivation, and the derivation's output (modules closure) certainly shouldn't have any references to the interpreter. Hard agree on not pulling ghc in though. :)
I think this is premature optimisation, module closure generation (a) doesn't happen that often, and (b) is still going to be orders of magnitude faster than other steps that usually happen at the same time, e.g. evaluating the system config. Though I don't think tracking seen modules would be too hard? |
Well formally speaking its not in the runtime closure, but since most people build their
Its already implemented actually, I was thinking about dropping it to simplify the code. |
Ok lets stick with the bash implementation for now. |
057f748
to
beea534
Compare
cc @iblech (as an expert on bash scripting) |
😊 That's very kind of you. Let's say that I went enough times through quoting hell that I now know my path through that hell. :-) Also I never worked with arrays in bash. In line 124, is there a particular reason why you don't use Thank you for your work on #60416! |
beea534
to
b988824
Compare
The motivation for the |
b988824
to
8d6455f
Compare
@ofborg test boot zfs and again |
also I gave rust a shot in the pr linked above |
the other PR is merged now. |
8d6455f
to
5401590
Compare
I marked this as stale due to inactivity. → More info |
Motivation for this change
Should fix #60416 (leakage of information from the building system), because
modinfo
only looks at the dependency information in the modules themselves.Because
modinfo
only lists direct dependencies, we have to compute the closure ourselves with this approach.Assumptions in the current implementation:
modinfo -F name
produces)There are two additional assumptions I did not make, but which could be used to simplify the code if they hold:
modinfo -F depends
produces unique names (which do not resolve to several modules)This should produce bit-for-bit identical results compared to the old version (unless you have modules / module options on your kernel cmdline of course). You can (and should) check that with
diffoscope
.Things done
So far I tested this on my local system.
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)