New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
python3Minimal: Add top-level for a minimal Python 3 build #66762
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you have a specific case in Nixpkgs in mind where you want to use this? In the past "crippled" versions were removed because of the confusion they could cause. Having tkinter
in a separate package was a compromise for having a decent closure size. See
#19255
Consider also the name for when people do use nix-env -i
.
Note there is also the boot.nix
, though that is specifically for Darwin for bootstrapping.
e985377
to
3b9c745
Compare
Particularly in https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py and in similar cases like #48378. |
Is that really worth it? Many people will have another |
3b9c745
to
09f0f1f
Compare
09f0f1f
to
a6c23e2
Compare
Maybe not yet? I do however think it's worth it as a step in the right direction for smaller closures. I also see the potential in other areas such as
We explicitly call it As a side note: |
I really like having a minimal python for these and other noninteractive, script-style tasks. Having it explicitly named We probably want to document the existence of it once some scripts start using it, but I'd be fine with merging this as it is. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the pname
has to be different, especially when python3Minimal
is in the top-level.
Would you use a python without tls support in a docker container? I would quickly run into problems when communicating with external services. |
I suggest disabling |
It really depends on your usecase, whether that version of python is doing the actual ssl communication, or if it's just a helper script. |
I don't see much benefit / closure size reduction from that. Let's say, you want to use all the "minimizing aspects" of the main python, but there's some language bindings only pulling in a library already part of your closure, and you want to make use of that. |
I agree with @Mic92 that removing OpenSSL is too restrictive. |
According to https://github.com/NixOS/rfcs/blob/0d1cc2015543039a6ffc73d821457dd9210f56d1/rfcs/0046-platform-support-tiers.md#tier-2-3, Musl-based package are on Tier 2 support, so they are infinitely-small close to be built by Hydra (Tier 2-ε is on Hydra). cc @7c6f434c : can we suppose that Tier 2 support packages are allowed to be built by Hydra? |
I don't have opinions on Hydra resource mangement, I am just trying to codify the current state (and prepare the language for evolving the description)! What is the likely use case where Nixpkgs is used, Python3 is used but glibc is not used at all? Does Python3 path itself get smaller just because of switching to musl (not because of a finer tuning of configuration)? |
@7c6f434c well yeah, you are right - we can't strip glibc that easy. But current implementation will cause package rebuilds in
Some docker/container stuff. Personally, I don't have a glibc-free usecase. @flokli does it makes sense to patch |
@danbst extension modules will then point to |
@FRidh I was talking about something like |
There is no size benefit. It is to prevent having to deal with tickets where users start building packages using that Python. |
No, I wouldn't. But these changes would make it a lot easier to override and add back tls/openssl, than it would to do all the closure minification myself. |
> What is the likely use case where Nixpkgs is used, Python3 is used but glibc is not used at all?
Some docker/container stuff. Personally, I don't have a glibc-free usecase.
If we only count the difference between the closure of Python and the closure of Bash, does applying everything but switch to musl give the same benefits as this proposal with switch to musl?
|
@7c6f434c in that sense, python package isn't much different in glibc and musl variants. It's size is same, and image size for python+bash would be reduced only if both are musl-based. OTOH, glibc is 30Mb, and musl is 6Mb. So we tradeoff +6Mb excess size for composite images and -30Mb size reduction for standalone python images. But I agree now this idea is bad. I've tried to use |
But I agree now this idea is bad. I've tried to use `pkgsMusl.python3.withPackages` and it turns out, that something somewhere still brings regular `pkgs.python3` into closure, which is another case for investigation, not related to this PR.
I think having `python3Minimal` for `glibc` systems is nice and useful; of course, if it has some extra conditionals to make sure its use via `pkgsMusl` works better, it's also useful.
|
So we do agree exposing the arguments in a composable way as in that PR is something useful to have in nixpkgs? In that case, any feedback to the code itself? |
I think it may be useful to have, and it could possibly used as a buildtime
dependency, however, I am not in favor of using this anywhere in Nixpkgs as
runtime dependency, because typical users will have an interpreter for
other reasons anyway.
…On Wed, Aug 21, 2019, 00:36 Florian Klink ***@***.***> wrote:
So we do agree exposing the arguments in a composable way as in that PR is
something useful to have in nixpkgs?
In that case, any feedback to the code itself?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#66762?email_source=notifications&email_token=AAQHZ326HC7T4YJLNNGLJ33QFRWYHA5CNFSM4IMPZFI2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD4X3WIA#issuecomment-523221792>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAQHZ34TM5BA537V6PDERWLQFRWYHANCNFSM4IMPZFIQ>
.
|
This builds Python without optional dependencies. We can't just use python3.override, as things like python3Minimal.withPackages would pass the wrong python derivation into these modules.
alright - this PR doesn't use |
Not including ssl is too restrictive as a lot of applications need internet access nowadays, has there been any talk about adding it back? |
IIRC this is used to build glibc, which needs some python in its build system and other small usecases, where we want it to be as minimal as possible. Pulling in openssl into that wouldn't work. If you want another python, you might want to use just plain |
Scratch that, see #66762 (comment). |
It's additional 7MB and openssl will be in pretty much any closure anyway. |
We could disable openssl when building glibc but have python3Minimal with the ssl module. WDYT? |
Overriding openssl isn't trivial:
Results into
|
See also #169475 |
Motivation for this change
The regular
python3
closure is pretty big, especially for non-interactive scripts.Before:
After:
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nix-review --run "nix-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @