Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Optional client side building #9344

Open
Ericson2314 opened this issue Nov 12, 2023 · 5 comments
Open

Optional client side building #9344

Ericson2314 opened this issue Nov 12, 2023 · 5 comments
Labels
feature Feature request or proposal

Comments

@Ericson2314
Copy link
Member

Ericson2314 commented Nov 12, 2023

Is your feature request related to a problem? Please describe.

  1. For fixed output derivations that need authentication, it is probably better to run them as the current user in order to give them secrets, especially ephemeral secrets (like expiring tokens) that might require some humans in the loop (various 2fa schemes) and are cumbersome to store in the store.

  2. Builtin fetching should be representable by derivations #9077 once the above is sorted out, we should do this too. Currently the main reason fetching is not done with derivations is authentication. This provides a proper solution. All fetching done as client-side derivations nicely meets in the middle of the current fixed-output derivations vs libfetchers divide.

  3. General decoupling. Building shouldn't depend on using the SQL database (and I don't think it currently does). It ought to work with other stores that also provide a file system view (LocalFSStore).

Describe the solution you'd like

  1. Have a method getBuilder like getFSAccessor, moving building methods there.

  2. Remote stores now can either use the current remote side scheduling/building or do their own. This can be dynamic, unlike strategies that bake the choice into the Store class hierarchy.

  3. LocalDerivationGoal should merely assume LocalFSStore, not LocalStore.

  4. LocalStore should be renamed SQLiteStore.

This provides enough building blocks to allow for a wide variety of remote building configurations.

Additional Context

Talking to @kolloch about AWS fetching and also the ACL store RFC.

Priorities

Add 👍 to issues you find important.

@Ericson2314 Ericson2314 added feature Feature request or proposal contributor-experience Developer experience for Nix contributors and removed feature Feature request or proposal labels Nov 12, 2023
@Ericson2314 Ericson2314 added feature Feature request or proposal and removed contributor-experience Developer experience for Nix contributors labels Nov 13, 2023
@thufschmitt thufschmitt removed this from Nix team Nov 17, 2023
@Ericson2314
Copy link
Member Author

2023-11-17 Nix team meeting notes:

  • @thufschmitt: Sounds complex
  • @Ericson2314: No necessarily that much. The build logic is already mostly independant from the store

Deferred, waiting for John and Tom to write a more advanced desing doc. Sounds good in principle.

@kolloch
Copy link
Contributor

kolloch commented Nov 19, 2023

Heyo @Ericson2314, thanks for this, some questions:

  1. How would this look for the user? Specify a certain derivation attribute to force local building?
  2. Would that still allow paralelization? How is that managed?

@kolloch
Copy link
Contributor

kolloch commented Nov 19, 2023

  1. General decoupling. Building shouldn't depend on using the SQL database (and I don't think it currently does). It ought to work with other stores that also provide a bike system view.

s/bike system view/build system view/?

I cannot follow this and the implementation details. What is the relevance of SQLite in this context?

@Ericson2314
Copy link
Member Author

How would this look for the user? Specify a certain derivation attribute to force local building?

Yes can rig up something with "required system features" I assume.

Would that still allow paralelization? How is that managed?

Yes. In the same way it is today, with or without remote builders.

I cannot follow this and the implementation details. What is the relevance of SQLite in this context?

Ooops I meant "file system view". Thanks for pointing out.

SQLite is not relevant! That is my point. However the code today currently requires building to happen with a LocalStore, i.e. a SQLiteStore (as it should be called). This is an artificial restriction that just confuses things.

Ericson2314 added a commit that referenced this issue Nov 19, 2023
It is not inherently tied to `LocalStore`, it could probably even go in
`libnixutil`. Functions not attached to `LocalStore` should not be
declared in `local-store.hh`.

I am moving it to facilitate experimenting for #9344. If
canonicalisation should be done client-side in client-side builds, there
wouldn't be a `LocalStore` at all so having to include that header to
get this freestanding function is cumbersome and wrong.

Perhaps canonicalisation should still be done server-side for security
reasons --- I don't mean to make that judgement call now --- but even if
so, this freestanding function still isn't connected to `LocalStore` so
while less urgent it is still better to move out of this header.
@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/2023-11-17-nix-team-meeting-minutes-104/35753/1

Ericson2314 added a commit that referenced this issue Nov 21, 2023
It is not inherently tied to `LocalStore`, it could probably even go in
`libnixutil`. Functions not attached to `LocalStore` should not be
declared in `local-store.hh`.

I am moving it to facilitate experimenting for #9344. If
canonicalisation should be done client-side in client-side builds, there
wouldn't be a `LocalStore` at all so having to include that header to
get this freestanding function is cumbersome and wrong.

Perhaps canonicalisation should still be done server-side for security
reasons --- I don't mean to make that judgement call now --- but even if
so, this freestanding function still isn't connected to `LocalStore` so
while less urgent it is still better to move out of this header.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature Feature request or proposal
Projects
None yet
Development

No branches or pull requests

3 participants