[Nix-dev] nixpkgs Dependencies Availability Test

Martin Vahi martin.vahi at softf1.com
Thu Nov 19 23:24:00 CET 2015 

Is about 300MiB in size due to a clone of the

    https://github.com/NixOS/nixpkgs

and resides at

http://technology.softf1.com/nix/2015/2015_11_19_NixOS_nixpkgs_download_test_by_martin_vahi_at_softf1_com.tar.bz2

sha256:
f05cf8bb85527a14f22adf0e2b3a7fa56f63461b7580620e4d54204c4d2db1ba

The idea is roughly:

    git clone https://github.com/NixOS/nixpkgs
    cd nixpkgs
    find . -name '*.nix' > list_of_nixfiles.txt

and then each of the nix-files is searched for
pairs of fetch-url's and hash values and a gigantic
bash-script is generated that contains lines of calls
to the nix-prefetch-url

---a--demo--excerpt--start---
nix-prefetch-url --type sha256
http://bits.xensource.com/oss-xen/release/4.5.1/xen-4.5.1.tar.gz
0w8kbqy7zixacrpbk3yj51xx7b3f6l8ghsg3551w8ym6zka13336 ;
nix-prefetch-url --type sha256 sourceInfo.url sourceInfo.hash ;
nix-prefetch-url --type sha256
http://download.belastingdienst.nl/belastingdienst/apps/linux/ib2007_linux.tar.gz
13p3gv086jn95wvmfygdmk9qjn0qxqdv7pp0v5pmw6i5hp8rmjxf ;
---a--demo--excerpt--end---

I executed the gigantic bash script and my conclusion
is that many up-stream packages, their files, are offline
or their hashes do not match, specially those of the

    https://www.npmjs.com/

In those circumstances it is absolutely no wonder
that there are various build problems. I propose that
in addition to "stable" and "unstable" packages
would be classified as "Nix-contained" and
"up-stream-dependent".

The "Nix-contained" packages would
be buildable without downloading anything from any
server other than the Nix project servers and
various caches. I believe that package specific,
up-stream dependent, package upgrade tools might be
bundled with the "Nix-contained" packages, so that
when the up-stream servers come online, the
package upgrade could be _manually_ made and
the "Nix-contained" set of packages is supplemented
with a new version of the package without removing
the old version.

Currently it seems to me that the
up-stream dependent package build scripts
try to do 2 in one: build a Nix package and
upgrade its dependencies. In the case of the
"Nix-contained" packages the package building
would work without downloading anything from
upstream and all testing and experimentation
that is related to the upgrade of the dependencies
of a "Nix-contained" package, would be carried out
by the package maintainer at a time, when he/she
has the time to work on the package, not
whenever the package is being automatically built.


Thank You for reading my letter and
I hope to receive criticism that
tells that I'm missing/omitting
a lot of important issues or have
otherwise come up with a spectacular blunder. :-D

Regards,
Martin.Vahi at softf1.com

P.S. The "manual" upgrade of dependencies
will probably be a requirement even due to
computational limitations and security
requirements. Formal verification might
take a lot of CPU-power and it might not
be optimal to run that every time a
package is built.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20151120/b15b26e7/attachment.bin

More information about the nix-dev mailing list