[bug#44492] [PATCH 01/52] gnu: Add rust-ruma-identifiers-validation-0.1.

[Leo Prikler]

Am Mittwoch, den 24.02.2021, 16:41 +0100 schrieb Nicolas Goaziou:
> Leo Prikler <leo.prikler@student.tugraz.at> writes:
> 
> > I was afraid this would cause rebuilds for the existing package.
> > Was
> > that fear unfounded?
> 
> I don't think it would change anything. It is what we usually do in
> "crates-io.scm".

Fair enough, I'll do so when I get to it.

> > I personally disagree.  The only reason a crate failing to build is
> > a
> > "valid input" to another is because that other crate can decide to
> > completely disregard it, which sounds neither "reliable" nor
> > "efficient" for a programming language, that prides itself as both.
> 
> Probably, but the problem at hand is not to fix how Rust builds its
> crates, but rather optimize Rust packaging.

I think those two issues are related, but that's a discussion for guix-
devel.  So is the rest of this, but I might as well make my case here.

> > I will only skip builds for dead crates, i.e. crates I can
> > reasonably
> > assume to only contain dead code due to their build failures.  This
> > does not seem to cost much when building dependant packages, as
> > I've
> > found that in order to actually build the crates I have to
> > explicitly
> > invoke `guix build <crate>`.
> 
> There's much more work involved. You have to take care of development
> inputs which increases drastically the number of crates to package.
> Moreover, you need to try building each of them, which takes time.
> Not
> skipping builds makes de facto some packages impossible to package.

We could work developer inputs into the recursive importer, that should
not be an issue.

Honestly, it is a greater waste of time to recompile every dependency,
have the build fail, change some minor thing in the package and
recompile everything again.  Yes, `guix build -K` helps to an extent,
but it doesn't help if I made a typo in my build phase and got a guile
backtrace.

If cargo inputs worked like normal inputs, they'd be built reliably
once and no time would be wasted rebuilding them over and over in any
packages using them.

> > Of course, there's still the problem of CI.  Long-term, I think we
> > should find a way for this efficient programming language to
> > reliably
> > produce reusable build artifacts.  Short term, hitting non-leaf
> > packages, that have cargo-build-system anywhere with a priority of
> > negative infinity sounds like a better workaround.  I want to be
> > able
> > (as a developer) to explicitly build crates and determine where
> > they
> > fail.
> 
> As a packager, you don't need to build the crate to fix any issue
> arising at a higher level, as I pointed out already. If you're
> developing the crate, that's another story. But then, you can quickly
> write your own package definition.

Maybe there'd be an argument if we had --no-skip-build, but I think
we're working our way backwards here; trying work around a workaround.

> I think the real questions about building intermediate crates, from
> a packager point of view, are:
> - does that make the packages reproducible?
> - does that make the packages more secure?
> - does that make the packages easier to define?
> 
> From my experience, the answer is "no" to any of these. This is a net
> loss.
I don't think there is any influence on the ease of definition, since
either one would be handled by the recursive importer.  The difficulty
for packagers currently would be to manually undo the automatic build
skipping done through the importer.

As for reproducibility/security, there is yet little to gain, because
the leaf crate can simply ignore its inputs and do whatever, but if we
built the crates ahead of time, and disallowed the automatic building
of dependencies, we would get efficient *and* reproducible Rust
packages.

Another thing that bugs me as a packager is that cargo inputs don't
work for `guix refresh`, so I can't even be sure whether to put my
patch to master or core-updates.

> > I believe we should not cowtow to Rust and Cargo, but instead force
> > them to adhere to our principles; principles of building
> > applications
> > *and* libraries reproducibly without encoding hashes in a huge ass-
> > lock 
> > file.
> 
> I don't think it is worth focusing of this. We currently do a good
> job
> in Rust packaging, really. But it doesn't make much sense to have
> some
> packages skipping builds and not some others.
If skipping only some builds is not an option, you are either left with
skipping all builds or skipping none, one of which is certainly silly.

> What saddens me a bit is that individuals (including me, of course)
> are
> currently doing as they see fit, but we haven't so far decided, as
> a group, how to deal with the question uniformly. I hope we can
> converge
> quickly.
I personally hope that some of the issues resulting from this "wild
west" approach to packaging will be alleviated by #46399.  Having
crates as regular inputs also increases the value of #:skip-build? #f.

Regards,
Leo