bazel: fix strict action env #73309
bazel: fix strict action env #73309
Conversation
There was a problem hiding this comment.
seems to break a lot, then again, I think most of this is broken to begin with:
[20 built (10 failed), 474 copied (3168.7 MiB), 1114.8 MiB DL]
error: build of '/nix/store/clkxx1l9zpkk14hrpa36wv79jw2yfnbd-env.drv' failed
https://github.com/NixOS/nixpkgs/pull/73309
1 package are marked as broken and were skipped:
bazel-deps
27 package failed to build:
libtensorflow python27Packages.baselines python27Packages.dm-sonnet python27Packages.edward python27Packages.graph_nets python27Packages.tensorflow python27Packages.tensorflow-probability python27Packages.tensorflowWithCuda python27Packages.tflearn python37Packages.baselines python37Packages.dm-sonnet python37Packages.edward python37Packages.graph_nets python37Packages.optuna python37Packages.rl-coach python37Packages.tensorflow python37Packages.tensorflow-probability python37Packages.tensorflowWithCuda python37Packages.tflearn python38Packages.baselines python38Packages.dm-sonnet python38Packages.edward python38Packages.graph_nets python38Packages.tensorflow python38Packages.tensorflow-probability python38Packages.tensorflowWithCuda python38Packages.tflearn
2 package were build:
bazel bazel-watcher
|
@jonringer Thank you, I'm investigating it. What exactly do you mean with:
I have decided to spend a few time this week to improve bazel quality on nixpkgs, so if you have some ideas about what can be improved, please tell me. |
|
tensorflow is broken, and a lot of packages rely on it |
|
see #71282 |
guibou
force-pushed
the
bazel_fix_env
branch
from
5171398
to
5a05dad
Compare
|
@jonringer I do apologize for the build issues you have with bazel 1.0, I did the upgrade without ensuring that dependencies are working. I won't do that issue again. Eventually we'll solve @flokli I applied the changes you suggested. |
|
@GrahamcOfBorg build bazel.tests |
| @@ -479,6 +484,10 @@ stdenv.mkDerivation rec { | |||
| echo "build --override_repository=${remote_java_tools.name}=${remote_java_tools}" > $out/etc/bazelrc | |||
| echo "build --distdir=${distDir}" >> $out/etc/bazelrc | |||
|
|
|||
| # we set a custom bazelrc in $out/etc/bazelrc | |||
| # the following "try-import" restores the read of the system-wide bazel.bazelrc | |||
| echo "try-import /etc/bazel.bazelrc" >> $out/etc/bazelrc | |||
There was a problem hiding this comment.
Maybe a stupid question, but can we stop using $out/etc/bazelrc entirely, and instead add --override_repository=${remote_java_tools.name}=${remote_java_tools}" and --distdir=${distDir} to the bazel wrapper already present at https://github.com/NixOS/nixpkgs/pull/73309/files#diff-4746b81564a01e241a84d455575437e7R478?
There was a problem hiding this comment.
Well, plus that part:
build --distdir=${distDir}
fetch --distdir=${distDir}
build --copt="$(echo $NIX_CFLAGS_COMPILE | sed -e 's/ /" --copt="/g')"
build --host_copt="$(echo $NIX_CFLAGS_COMPILE | sed -e 's/ /" --host_copt="/g')"
build --linkopt="-Wl,$(echo $NIX_LDFLAGS | sed -e 's/ /" --linkopt="-Wl,/g')"
build --host_linkopt="-Wl,$(echo $NIX_LDFLAGS | sed -e 's/ /" --host_linkopt="-Wl,/g')"
build --host_javabase='@local_jdk//:jdk'
build --host_java_toolchain='${javaToolchain}'
and dropping the
# bazel reads its system bazelrc in /etc
# override this path to a builtin one
substituteInPlace \
src/main/cpp/option_processor.cc \
--replace BAZEL_SYSTEM_BAZELRC_PATH "\"$out/etc/bazelrc\""
There was a problem hiding this comment.
It'd probably also make sense to separate the strict_action_env fixes from the bazelrc improvements - so they should at least be in 2 separate commits.
There was a problem hiding this comment.
Maybe a stupid question, but can we stop using
$out/etc/bazelrcentirely, and instead add--override_repository=${remote_java_tools.name}=${remote_java_tools}"and--distdir=${distDir}to the bazel wrapper already present at https://github.com/NixOS/nixpkgs/pull/73309/files#diff-4746b81564a01e241a84d455575437e7R478?
Not possible. You can see that the options are in the build configuration section. However the wrapper does not know that we are using the build or another command. Moving this to the wrapper will need more logic, such as a detection of the command used by the bazel user.
The second part exists just at build time, that's the bazelrc of the buildtime bazel.
I do agree with the split. Done.
There was a problem hiding this comment.
Sorry for not being clear. I meant to split the whole bazelrc stuff in a followup PR.
|
@GrahamcOfBorg build bazel.tests |
- Bazel strict action env set a default PATH to `/bin/:/usr/bin:/usr/local/bin`. This was previously changed to disable this behavior to improve hermeticity. However the previous change was only removing `/bin:/usr/bin`, keeping `/usr/local/bin`, this commit also remove this entry.
`file` and `zip` are needed for some bazel test and by default the test runner take these binaries from the current `PATH` which may not contain them
|
@flokli : as discussed in a private conversation, I dropped the configuration file commit, so this PR only focus on bazel environment with strict action env. |
|
@GrahamcOfBorg build bazel.tests |
|
This seems to fail on darwin: @uri-canva @jonringer does that ring a bell? |
|
Yep, definitely seen it before, I'm pretty sure it's already broken on master, note it's in |
|
In that case, I don't see any strong reasons not to merge this in. |
Motivation for this change
This fix three bugs:
it restores the usage of/etc/bazel.bazelrcif users want to override bazel setting on a system-wide fashion./usr/local/binfrom the path searched by bazel in "strict action env" mode. This increases reproducibility in this context.diffandzipin the bazel test runner context. They are needed on some cases of test and where failing if bazel was used withstrict action env.Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @flokli @Profpatsch