stdenv: Refactor meta checks #27045
stdenv: Refactor meta checks #27045
Conversation
|
@vcunat, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @copumpkin and @Ericson2314 to be potential reviewers. |
lib/check-meta.nix
Outdated
| in rec { | ||
|
|
||
| # Extend a derivation with checks for brokenness, license, etc. | ||
| # Throw a descriptive error when the check fails; return derivaitonArg otherwise. |
lib/check-meta.nix
Outdated
| attrs = mkDerivationArg; # TODO: probably get rid of passing this one | ||
|
|
||
| # See discussion at https://github.com/NixOS/nixpkgs/pull/25304#issuecomment-298385426 | ||
| # for why this defaults to false, but I (@copumpkin) want to default it to true soon. |
There was a problem hiding this comment.
maybe add a date to the comment to give a notion of "soon" :)
There was a problem hiding this comment.
We'd have to ask @copumpkin about that.
There was a problem hiding this comment.
I dunno, maybe just take out the comment since I don't think people will want this turned on by default.
lib/check-meta.nix
Outdated
| isUnfree = licenses: lib.lists.any (l: | ||
| !l.free or true || l == "unfree" || l == "unfree-redistributable") licenses; | ||
|
|
||
| # Alow granular checks to allow only some unfree packages |
lib/check-meta.nix
Outdated
| # allowUnfree = false; | ||
| # allowUnfreePredicate = (x: pkgs.lib.hasPrefix "flashplayer-" x.name); | ||
| # } | ||
| allowUnfreePredicate = config.allowUnfreePredicate or (x: false); |
There was a problem hiding this comment.
Would it make sense to also allow a blacklist implementation? Right now it's only possible to go from false -> true.
lib/check-meta.nix
Outdated
|
|
||
| showLicense = license: license.shortName or "unknown"; | ||
|
|
||
| pos_str = meta.position or "«unknown-file»"; |
There was a problem hiding this comment.
what is the reason to switch to use snake_case here and below?
pkgs/stdenv/generic/default.nix
Outdated
| { | ||
| inherit config meta derivationArg; | ||
| mkDerivationArg = attrs; | ||
| platform = system; # TODO: cross-compilation? |
There was a problem hiding this comment.
In the meantime I noticed this probably means targetPlatform.system, and that's probably OK. (I'd have rather chosen hostPlatform.system but it hardly makes a difference.)
There was a problem hiding this comment.
Stdenv is like a compiler in that that the target platform of the stdenv is the host platform of things made with it's mkDerivation. I'm going to make that less horribly confusing with a refactor following this.
|
I plan to fix the various typos etc. in followup commit(s); most of it is just unchanged in these commits anyway. |
|
sounds good, my comments apply to the old code and thus can be addressed later. |
lib/check-meta.nix
Outdated
| # Check if a derivation is valid, that is whether it passes checks for | ||
| # e.g brokenness or license. | ||
| # | ||
| # Return { valid: Bool } and additionally |
There was a problem hiding this comment.
and additionally should be xor (feel free to use human or)
There was a problem hiding this comment.
It's more of a:
data Result = Valid | Invalid { reason :: String, ErrorMsg :: String }Where valid: Bool is the tag in the tagged union, and thus must always be present.
lib/check-meta.nix
Outdated
| else if !allowBroken && attrs.meta.platforms or null != null && !lib.lists.elem platform attrs.meta.platforms then | ||
| { valid = false; reason = "broken"; errormsg = "is not supported on ‘${platform}’"; } | ||
| else if !(hasAllowedInsecure attrs) then | ||
| { valid = false; reason = "insecure"; errormsg = "is marked as insecure"; } |
There was a problem hiding this comment.
Probably out of scope, but it would be a good place to reference some optional field with details about why it is marked as insecure.
|
@vcunat Per #22277 (comment) should we not put it in lib? Otherwise anything more we need to do? How bad is the performance stuff? I wouldn't be necessarily be opposed to fixing it later (with the typos / overhaul) either. |
| meta = { } | ||
| # If the packager hasn't specified `outputsToInstall`, choose a default, | ||
| # which is the name of `p.bin or p.out or p`; | ||
| # if he has specified it, it will be overridden below in `// meta`. |
There was a problem hiding this comment.
Just write if specified, it will be ...
|
@Ericson2314: oh, right, let's move it to |
lib/check-meta.nix
Outdated
| # Extend a derivation with checks for brokenness, license, etc. | ||
| # Throw a descriptive error when the check fails; return derivaitonArg otherwise. | ||
| # Note: no dependencies are checked in this step. | ||
| addMetaChecks = { config, platform, meta, derivationArg, mkDerivationArg }: let |
There was a problem hiding this comment.
This should be system not platform, because while those terms are almost use interchangeably in nixpkgs, the two-part dash-separated string name is always called system.
In the original code is was called system, so I that's why I bring this up now---once I fix for cross, it will all be gone anyways.
There was a problem hiding this comment.
I looked at it from the other side – called it platform because of being matched to meta.platforms, but I don't have any strong opinion about it.
There was a problem hiding this comment.
Fair. but that one is the odd one out. I'll probably end generalizing that, rather than renaming it, because it's not possible to enumerate every conceivable compatible platform.
|
@vcunat I fixed both things I mentioned at https://github.com/obsidiansystems/nixpkgs/tree/meta-refactor-2. Also I rebased it onto the latest nixpkgs-unstable (which my I made it not reevaluate lib (by simply passing it in), which seems to be sharing enough to eliminate most of the performance gap. Either way, I don't think that should prevent merge. I trust it can be made as good or better than before with little effort. |
This just moves some expressions around in preparation to further changes.
Suggested by Ericson2314.
|
@Ericson2314: OK. I see you've moved the file and I assume there's been no other change in meta checks. |
|
@vcunat well passing the lib as I wrote above. But yes, those are the only two. I'll fix the name issue you mentioned, and then I think I can push to your rebase branch to merge from here, sound good? |
Only cosmetic changes are done otherwise. Real refactoring is left for later. There's a small slow-down on my machine: $ time nix-env -qa -P >/dev/null gets from ~2.8 to ~3.5 seconds (negligible change in RAM). That's most likely caused by sharing less computation between different mkDerivation calls, and I plan to improve that soon.
|
@Ericson2314: sounds good. |
Ericson2314
force-pushed
the
meta-refactor-2-rebased
branch
from
f4eacca to
e8e5745
Compare
|
Oh, and I did a quick final sanity check no hashes were changed with |
|
Did the slowdown mentioned in e8e5745 get resolved? Going from ~2.8s to ~3.5s is not a small slowdown! |
|
@edolstra I think so. Not reevaluated |
|
Probably not. I'm looking at https://hydra.nixos.org/job/nixpkgs/trunk/metrics/metric/nix-env.qa.time , 7 july, increased from 3.9 to 5.1 |
|
Right, it hasn't been (at least not by me). I have a WIP on that, and I really want to catch it before 18.03. |
Just a first stage of #22277 ATM, doing almost nothing but separating the meta-checking code.
I think I now understand why the previous PR and this one have a slight performance regression, and I'll look into fixing it, hopefully before we merge this.
@Ericson2314: I assume you don't want to change the meta-checking code significantly for now and just want it out of the way. Still, the performance fixes will need some small changes to stdenv's
default.nix.