[Nix-dev] fixed-output derivation that *also* depend on (some of) its inputs?

Bjørn Forsman bjorn.forsman at gmail.com
Wed Oct 1 10:32:57 CEST 2014 

On 27 September 2014 11:12, Vladimír Čunát <vcunat at gmail.com> wrote:
> On 09/24/2014 09:58 PM, Bjørn Forsman wrote:
>>
>> On 22 September 2014 17:16, Shea Levy <shea at shealevy.com> wrote:
>>>
>>> I suppose a flag that says to rebuild if the output is valid but doesn't
>>> have the right deriver could be what you want? But for now the best
>>> answer
>>> seems to be "change the hash when it needs to change"
>>
>>
>> I don't know what "deriver" is.
>
> Deriver is the derivation that built a path (i.e. the build recipe).
> If you built a path yourself, you can get it by
> nix-store -q --deriver /nix/store/path

Ah, thanks.

Shea, it looks like the deriver (*.drv) doesn't change unless "name"
or the output hash attrs changes. So rebuild-if-deriver-changed won't
make any difference.

>> Even though it's a bit hackish, using
>>
>> stdenv.mkDerivation rec {
>>    extraHash = builtins.hashString "sha256" (buildCommand);
>>    name = "foo-${extraHash}-0.0";
>>
>> works just like I want it to.

Ouch, it broke real bad when using it in the real world[1]:

  fetchGrailsAppDeps = { stdenv, grails, src, sha256 }:
    stdenv.mkDerivation rec {
      srcHash = builtins.substring 0 20 (builtins.hashString "sha256"
(builtins.toString src));
      name = "grails-app-deps-${srcHash}";
      [SNIP]
    };

$ nix-build grails-app.nix
error: the string `grails-app-deps-b0f29513403e6dca5372' is not
allowed to refer to a store path (such as
`!out!/nix/store/80bd47sghjl4i41sd783b2w49lqzkm93-git-export.drv'), at
/nix/store/rjvnj4skg17is5x9jhzq1yl96mdvch0c-nix-1.7/share/nix/corepkgs/derivation.nix:8:12

This only happens when "src = fetchgit { ... }" and not when "src =
./path/to/source". Why?

And what does this check protect against?

Now I have a big fat warning "IMPORTANT: Remember to force re-download
deps whenever you update the source!" in my expression :-(

Oh, this is bad...

> I think I understand what you want: the output should not change except on
> updating the package itself, but one can only find out the hash by
> performing the build. On update you want to do that.
>
> I personally force such rebuilds by changing the first few sha256 characters
> to zeros. The extraHash way and Shea's suggestion are other fine ways. For
> this use case, I find no clear winner, and I don't think we can do
> significantly better.

What about a new, optional derivation input like "extraHashInputs = [
list of attrs that will be included in calculation of $out ];"?

[1]: https://gist.github.com/bjornfor/3f2fda1b1ce077225df5

Best regards,
Bjørn Forsman

More information about the nix-dev mailing list