build-support/rust: add cargoPurityFlag parameter #187838
Conversation
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/is-it-possible-to-override-cargosha256-in-buildrustpackage/4393/8 |
|
The Discourse link above is the primary motivation for this. Here is a somewhat-messy example of the case where |
ghost
marked this pull request as ready for review
|
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/rust-development-on-nixos/20866/5 |
Cargo-driven builds within a Rust derivation must not access the network. Cargo offers two different flags to achieve this: * `--frozen`, which we currently use. * `--offline`, which is less picky about the `Cargo.lock` file. Both of these prevent access to the network. However, adding a `[patch]` section to your `Cargo.toml` will cause `cargo build --frozen` to fail, whereas `cargo build --offline` will still succeed. In order for nixpkgs users to be able to take advantage of Cargo `[patch]` stanzas, we need to provide a way for them to requrest `--offline` be used instead of `--frozen`. This commit adds a `cargoPurityFlag` parameter which does that. Simply changing `--frozen` to `--offline` across the board seemed too risky to me. The Cargo manual has the following warning: > Beware that this may result in different dependency resolution than > online mode. Cargo will restrict itself to crates that are > downloaded locally, even if there might be a newer version as > indicated in the local copy of the index. https://doc.rust-lang.org/cargo/commands/cargo-build.html?highlight=frozen#manifest-options https://doc.rust-lang.org/cargo/reference/overriding-dependencies.html#the-patch-section
|
Rebased. |
ofborg
bot
added
10.rebuild-darwin: 5001+
and removed
10.rebuild-darwin: 2501-5000
labels
| @@ -44,6 +44,11 @@ | |||
| , useNextest ? false | |||
| , depsExtraArgs ? {} | |||
|
|
|||
| # You must use "--offline" instead of "--frozen" if `Cargo.lock` is | |||
| # valid-but-outdated, for example when adding a `[patch]` stanza to | |||
| # `Cargo.toml` without regenerating `Cargo.lock`. | |||
There was a problem hiding this comment.
If you're adding a patch stanza why can't you regenerate the lock at the same time?
For that matter why use a patch stanza? Patch toml and lock, add to cargoPatches.
There was a problem hiding this comment.
Because you're adding the patch stanza from inside a derivation!
This lets us do for crate dependencies of a buildRustPackage what we can already do for ordinary packages in nixpkgs -- override a specific dependency throughout all of nixpkgs.
My own motivating example case is the ring crate, which is basically "openssl/boringssl for Rust". It's a deep, deep dependency of a huge chunk of the ecosystem. Ring does not build on PowerPC, and the Ring maintainer has ignored a patch submitted by IBM for over two full years. There needs to be a way for people to route around this sort of nonsense.
But this is generally useful on all platforms, for the same reasons why .override is useful. At least until crate2nix conquers the universe.
There was a problem hiding this comment.
Here is what the example usage looks like:
This shows what "replace this crate with that crate in this one package" looks like:
I'm working on a more general "replace this crate with that crate in every use of buildRustPackage".
There was a problem hiding this comment.
This lets us do for crate dependencies of a buildRustPackage what we can already do for ordinary packages in nixpkgs -- override a specific dependency throughout all of nixpkgs.
How does that work?
There was a problem hiding this comment.
For the example you posted you can do this:
Patch toml and lock, add to cargoPatches.
|
I'm very, very hesitant on letting this into nixpkgs. We're using frozen for a reason, I don't see that we want to let people switch packages to offline as they'll never be switched back. |
The motivating use is If the |
Somewhat.
Why is using |
|
We want people to use |
I will prepare a concrete proposal that will limit the use of
Because you have to regenerate the
For patching a "leaf crate" ( However I don't think we want people using |
ghost
marked this pull request as draft
At this stage I don't see that this would change my mind, frankly I think merging it will make nixpkgs worse off overall. With more complicated cases like treewide patching it may be more compelling but even after you update it with your proposal this PR is only a first step towards that. I really don't think this should be merged until we can review the entire thing. I realize you may not want to put in all of that work in without some assurance that it will be merged but I don't see that I can offer that. |
ghost
mentioned this pull request
stale
bot
added
the
2.status: stale
ghost
closed this
Description of changes
Builds within a derivation must not access the network. Cargo offers two different flags to achieve this:
--frozen, which we currently use.--offline, which is less picky about theCargo.lockfile.Both of these prevent access to the network. However, adding a
[patch]section to yourCargo.tomlwill causecargo build --frozento fail with the following error message:In order for nixpkgs users to be able to take advantage of Cargo
[patch]stanzas, we need to provide a way for them to request--offlinebe used instead of--frozen. This commit adds acargoPurityFlagparameter which does that.Simply changing
--frozento--offlineacross the board seemed too risky to me. The Cargo manual has the following warning:https://doc.rust-lang.org/cargo/commands/cargo-build.html?highlight=frozen#manifest-options
https://doc.rust-lang.org/cargo/reference/overriding-dependencies.html#the-patch-section
Things done
sandbox = trueset innix.conf? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)nixos/doc/manual/md-to-db.shto update generated release notes