Skip to content

closureInfo: disallow substitutes, instead of only prefering local build#123943

Closed
ajs124 wants to merge 1 commit intoNixOS:masterfrom
helsinki-systems:closureInfo_disallowSubstitutes
Closed

closureInfo: disallow substitutes, instead of only prefering local build#123943
ajs124 wants to merge 1 commit intoNixOS:masterfrom
helsinki-systems:closureInfo_disallowSubstitutes

Conversation

@ajs124
Copy link
Member

@ajs124 ajs124 commented May 21, 2021

"exportReferencesGraph" combined with "__structuredAttrs = true" "includes
the sizes and hashes of paths". If the result of the closureInfo is
substituted, but the contents of any path of the closure differs between
the binary cache and the local store, which can easily happen, because
not everything is perfectly reproducible, this leads to hash mismatches in
the image builders, which pass the output of closureInfo to
"nix-store --load-db".

Also see NixOS/nix#4840

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Added a release notes entry if the change is major or breaking
  • Fits CONTRIBUTING.md.

@ajs124
closureInfo: disallow substitutes, instead of only preffering local b…
8c9720e 
…uild

"exportReferencesGraph" combined with "__structuredAttrs = true" "includes
the sizes and hashes of paths". If the result of the closureInfo is
substituted, but the contents of any path of the closure differs between
the binary cache and the local store, which can easily happen, because
not everything is perfectly reproducible, this leads to hash mismatches in
the image builders, which pass the output of closureInfo to
"nix-store --load-db".
@ajs124 ajs124 marked this pull request as ready for review May 21, 2021 23:17
@ajs124 ajs124 requested a review from cleverca22 May 21, 2021 23:17
@ofborg ofborg bot added 10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches. labels May 21, 2021
@ajs124 ajs124 requested a review from edolstra May 22, 2021 22:00
jonringer
jonringer approved these changes Jun 10, 2021
View reviewed changes
Copy link
Contributor

@jonringer jonringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @edolstra

@ajs124 ajs124 mentioned this pull request Jun 23, 2021
Closed
roberth
roberth requested changes Jun 24, 2021
View reviewed changes
Copy link
Member

@roberth roberth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing prevents a subsequent derivation, like the one that builds the image, from incorporating the output of closureInfo, causing it to be substitutable. So while this may help with the symptoms you're experiencing, it is not a general solution.

This derivation exacerbates all reproducibility problems, which no-one expects a derivation to do. For this reason, this functionality must only be used in derivations that produce no references to the original paths; instead incorporating all paths in an image (or similar). After all that's the only way to guarantee a consistent output. (a locally built path with unreproducible output may exist before substituting the derivation with the closureInfo dependency)

I would suggest replacing it by a hash- and size-free variant such as writeReferencesToFile wherever possible. That function only writes all closure paths and doesn't exacerbate reproducibility problems. The remaining use cases, hopefully only image building derivations, don't benefit at all from having this dangerous logic in a separate derivation. Perhaps its (limited) logic can be provided as a script instead, with some clear warnings that any derivations using it must not reference the original paths.

@ajs124 ajs124 marked this pull request as draft July 29, 2021 09:17
@vcunat vcunat mentioned this pull request Aug 1, 2021
Closed
@ajs124 ajs124 closed this Aug 19, 2021
@ajs124 ajs124 deleted the closureInfo_disallowSubstitutes branch August 19, 2021 15:08
@ajs124 ajs124 mentioned this pull request Oct 27, 2022
Merged
11 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@roberth roberth roberth requested changes

@dasJ dasJ dasJ approved these changes

@cleverca22 cleverca22 Awaiting requested review from cleverca22

@edolstra edolstra Awaiting requested review from edolstra

+1 more reviewer

@jonringer jonringer jonringer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

10.rebuild-darwin: 11-100 This PR causes between 11 and 100 packages to rebuild on Darwin. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 1001-2500 This PR causes many rebuilds on Linux and should target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ajs124 @roberth @dasJ @jonringer