-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mutiple replaceRuntimeDependencies may reintroduce depenendices #4336
Comments
I won't object to a good implementation of this, but IMO |
(triage) @roconnor Do you still want to follow up on this? |
No response, so close @zimbatm. |
This is going to be replaced by a proper solution soon (hopefully). See #14000 and related work. |
This issue would be fixed by #10851 , because the patching mechanism works by constructing the patches out of all the fixed packages, instead of chaining independent replacement of dependencies. I even have a test case which I used to verify that #10851 is working properly: |
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: #4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
Instead of iterating over all replacements and applying them one by one, use the newly introduced replaceDependencies function to apply them all at once for replaceRuntimeDependencies. The advantages are twofold in case there are multiple replacements: * Performance is significantly improved, because there is only one pass over the closure to be made. * Correctness is improved, because replaceDependencies also replaces dependencies of the replacements themselves if applicable. Fixes: NixOS#4336
replaceRuntimeDependencies is implemented by doing a fold over the list of runtime dependency replacements. The issues is that after replacing one depencency, say bash, with an updated version, the next replacement might replace say firefox, with an updated version that depends on the old bash. This is probably unexpected from the user's perspective and could cause dangerous surprises if a user is using this as a security update mechanism.
I should say that this is only a theoretical issue; I haven't verified this acutally happens, but I wanted to file an issue before I forget about it.
One possible solution is to do some sort of topological sort of the list of replacements based on the dependency order of the "new" packages on the "old" packages so that outermost dependencies are replaced first. But some since "new" packages may have completely different run-time dependencies some though is needed to make sure this works right.
I think a better solution is to come up with an elegent way of simulateously processing all replacements directly in the replaceDependency code, but I would need to sit down and think about how to do this.
The text was updated successfully, but these errors were encountered: