make-derivation.nix: lib.warn if drv.__spliced missing

[ghost]

This should wait until after 23.11, but I'd like to try to merge it fairly promptly thereafter.

Right now when an unspliced package appears as a dependency, we just silently do the wrong thing, cross our fingers, and hope for the best. This is the reason why troubleshooting cross compilation is such a headache.

This PR adds a lib.warn for this situation when cross compiling. So we still do the wrong thing, but at least we tell the user that something is probably wrong. The warning will also cause CI to fail. I fixed about a dozen of these failures. The list-of-shame provides an escape hatch for urgent situations.

The list-of-shame currently has (about) two dozen of these splicing failures; these are ignored in order to get CI to pass. The idea is to get a check like this in place to prevent even more of these bugs from occurring while we work to eliminate the ones that are already there. Since lib.warn causes CI failures this will prevent people from introducing any more of these bugs (or else force them to add their stinky deeds to the list of shame).

• CI passes
• No mass rebuild (14 packages rebuilt, due to fixing splice failures)

[ghost]

Ping @Artturin @alyssais

Proof that we are not splicing Rust hooks: check out this PR, then run:

nix-instantiate . -A pkgsCross.aarch64-multiplatform.fd

in the output you'll see:

trace: warning: derivation fd:
                     unspliced dependency /nix/store/99jm62fd7xh1yzjys0z3r70d1vvra51r-cargo-build-hook.sh
                       build=x86_64-unknown-linux-gnu
                       target=aarch64-unknown-linux-gnu

trace: warning: derivation fd:
                     unspliced dependency /nix/store/84aap5fr5s6yblga5w6fbx71j21l591a-cargo-check-hook.sh
                       build=x86_64-unknown-linux-gnu
                       target=aarch64-unknown-linux-gnu

trace: warning: derivation fd:
                     unspliced dependency /nix/store/0796vgahxgg8n7w1gr2pdb9sd3kibk13-cargo-install-hook.sh
                       build=x86_64-unknown-linux-gnu
                       target=aarch64-unknown-linux-gnu

trace: warning: derivation fd:
                     unspliced dependency /nix/store/qppx46087vy5xx8j3jajbzbqsjhvcp2b-cargo-setup-hook.sh
                       build=x86_64-unknown-linux-gnu
                       target=aarch64-unknown-linux-gnu

[Artturin]

Is similar to #204387

[ghost]

Is similar to #204387

Well, I think they're sort of orthogonal (and both are a good idea). It looks like checkExecutableOnBuild always succeeds when the __spliced attribute is missing even if it should be there -- whereas the point of this PR is to emit a warning in exactly that situation. Currently it takes way too long to figure out if a problem is caused by splicing not happening.

You should merge yours first since mine isn't done and is easier to rebase.

[Artturin]

Befofe merge there should be a way to fix the warning.

We should find out a way to splice or work around the lack of splicing when a function that returns derivation(s) is used (without adding it to be reachable from top-level).

Maybe a callPackage like func which internally calls with the various sets callPackage's, but a issue would still be what the user passes if it was not already spliced (eg overrideAttrs was used).

always succeeds when the __spliced attribute is missing even if it should be there

Explicitly used sets like buildPackages won't have a __spliced in packages

[ghost]

We should find out a way to splice or work around the lack of splicing when a function that returns derivation(s) is used (without adding it to be reachable from top-level).

The way to do that is to have all derivations be spliced, always, all the time. Then we don't have to worry about it.

In other words, do the splicing in mkDerivation.

[ghost]

Explicitly used sets like buildPackages won't have a __spliced in packages

I think that's the point. Those should never be used in depsFooBar.

They should only be used when you need to interpolate into a string, like "${buildPlatform.lndir} ..."

[Artturin]

the llvm sets use the normal makeScope and that's why there's no __spliced's in the sets own callPackage

I'm little by little working on making the sets better #253671
once I dedupe more stuff it'll be much easier to dedupe and improve the llvm/*/default.nix'es

Nice list name.

[SuperSandro2000]

I am trying to get more fit in cross: Shouldn't this use canExecute?

[ghost]

If this is what you mean, then yes, that would be an improvement (let's put it in a separate PR though -- one thing at a time).

diff --git a/pkgs/development/libraries/cracklib/default.nix b/pkgs/development/libraries/cracklib/default.nix
index ba5d96a95182..defdb2965173 100644
--- a/pkgs/development/libraries/cracklib/default.nix
+++ b/pkgs/development/libraries/cracklib/default.nix
@@ -15,10 +15,10 @@ stdenv.mkDerivation rec {
     hash = "sha256-yosEmjwtOyIloejRXWE3mOvHSOOVA4jtomlN5Qe6YCA=";
   };

-  nativeBuildInputs = lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) buildPackages.cracklib;
+  nativeBuildInputs = lib.optional (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) buildPackages.cracklib;
   buildInputs = [ zlib gettext ];

-  postPatch = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) ''
+  postPatch = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
     chmod +x util/cracklib-format
     patchShebangs util

[kjeremy]

This goes against your comment below about using buildPackages in nativeBuildInputs.

[ghost]

This goes against your comment below about using buildPackages in nativeBuildInputs.

Indeed! Nice catch. If this PR were merged CI would have caught that.

The patch above should, in addition to the changes it makes, also delete the buildPackages. before cracklib.

[ghost]

Fixed merge conflict.

[kjeremy]

@amjoseph-nixpkgs can we merge this soon?

[kjeremy]

@amjoseph-nixpkgs What do you think about merging this so that it forces the issue of fixing packages for cross? I would personally like it so that I can hunt down the cross issues in all of my out of tree packages.

[kjeremy]

@amjoseph-nixpkgs 23.11 branched off a while ago. Can we merge this?

[kjeremy]

@amjoseph-nixpkgs why close this? I found this useful when trying to figure out why some of my cross pkgs were broken.

[katexochen]

@kjeremy I think this PR was closed in in the light of #50105 (comment). While not necessary, Adam chose to closed some of their open PRs (which is of cause okay if they like to do so).