Is about 300MiB in size due to a clone of the https://github.com/NixOS/nixpkgs
and resides at http://technology.softf1.com/nix/2015/2015_11_19_NixOS_nixpkgs_download_test_by_martin_vahi_at_softf1_com.tar.bz2 sha256: f05cf8bb85527a14f22adf0e2b3a7fa56f63461b7580620e4d54204c4d2db1ba The idea is roughly: git clone https://github.com/NixOS/nixpkgs cd nixpkgs find . -name '*.nix' > list_of_nixfiles.txt and then each of the nix-files is searched for pairs of fetch-url's and hash values and a gigantic bash-script is generated that contains lines of calls to the nix-prefetch-url ---a--demo--excerpt--start--- nix-prefetch-url --type sha256 http://bits.xensource.com/oss-xen/release/4.5.1/xen-4.5.1.tar.gz 0w8kbqy7zixacrpbk3yj51xx7b3f6l8ghsg3551w8ym6zka13336 ; nix-prefetch-url --type sha256 sourceInfo.url sourceInfo.hash ; nix-prefetch-url --type sha256 http://download.belastingdienst.nl/belastingdienst/apps/linux/ib2007_linux.tar.gz 13p3gv086jn95wvmfygdmk9qjn0qxqdv7pp0v5pmw6i5hp8rmjxf ; ---a--demo--excerpt--end--- I executed the gigantic bash script and my conclusion is that many up-stream packages, their files, are offline or their hashes do not match, specially those of the https://www.npmjs.com/ In those circumstances it is absolutely no wonder that there are various build problems. I propose that in addition to "stable" and "unstable" packages would be classified as "Nix-contained" and "up-stream-dependent". The "Nix-contained" packages would be buildable without downloading anything from any server other than the Nix project servers and various caches. I believe that package specific, up-stream dependent, package upgrade tools might be bundled with the "Nix-contained" packages, so that when the up-stream servers come online, the package upgrade could be _manually_ made and the "Nix-contained" set of packages is supplemented with a new version of the package without removing the old version. Currently it seems to me that the up-stream dependent package build scripts try to do 2 in one: build a Nix package and upgrade its dependencies. In the case of the "Nix-contained" packages the package building would work without downloading anything from upstream and all testing and experimentation that is related to the upgrade of the dependencies of a "Nix-contained" package, would be carried out by the package maintainer at a time, when he/she has the time to work on the package, not whenever the package is being automatically built. Thank You for reading my letter and I hope to receive criticism that tells that I'm missing/omitting a lot of important issues or have otherwise come up with a spectacular blunder. :-D Regards, martin.v...@softf1.com P.S. The "manual" upgrade of dependencies will probably be a requirement even due to computational limitations and security requirements. Formal verification might take a lot of CPU-power and it might not be optimal to run that every time a package is built.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev