Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: make: Support Nix and Guix with reproducible builds #29

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

WIP: make: Support Nix and Guix with reproducible builds #29

wants to merge 1 commit into from

Conversation

xelxebar
Copy link

@xelxebar xelxebar commented Jan 4, 2024

Building on Nix and Guix require a reproduible build process. The auto-download feature of our build process violates this constraint. Furthermore, Nix and Guix builds typically occur in a network-isolated environment.

make: Support reproducible builds
79b7ebd 
Building on Nix and Guix require a reproduible build process. The auto-download
feature of our build process violates this constraint. Furthermore, Nix and Guix
builds typically occur in a network-isolated environment.
@xelxebar xelxebar mentioned this pull request Jan 4, 2024
Closed
@xelxebar
Copy link
Author

xelxebar commented Jan 4, 2024

Initial discussion started here: #22.

@xelxebar
Copy link
Author

xelxebar commented Jan 4, 2024
edited
Loading

You can see how I took a different approach than IS_NIX. By defining LEIN and GRAALVM_PATH appropriately, as well as clearing GRAALVM_DOWNLOAD, the builder can circumvent auto-downloads. Probably should document these kinds of details, once this PR settles out.

Also, note that we introduce a host dependency of pkg-config to detect libz, replacing the ldconfig hack because Nix/Guix can't maintain a global /etc/ld.so.cache.

@xelxebar xelxebar changed the title Draft: make: Support reproducible builds WIP: make: Support reproducible builds Jan 6, 2024
@xelxebar
Copy link
Author

xelxebar commented Jan 6, 2024
edited
Loading

@ingydotnet What's your dev process around updating/changing dependencies?
Almost certainly we will have to introduce some kind of dependency lockfile a la package-lock.json _etc. Whatever this turns out to be, I'd like to make lockfile generation as transparent to your current dev process as possible.

BTW, Nix/Guix don't really have off-the-shelf support for packaging Clojure projects at the moment, so this PR will require more time and work than anticipated.

@ingydotnet ingydotnet marked this pull request as draft January 6, 2024 14:32
@ingydotnet ingydotnet changed the title WIP: make: Support reproducible builds WIP: make: Support Nix and Guix with reproducible builds Jan 10, 2024
@stigtsp
Copy link

stigtsp commented Feb 26, 2024
edited
Loading

There is a PR for yamlscript for nixpkgs here:

As a first step, it packages the standalone jar from the release page as a native binary using GraalVM. We could update this derivation to be a source build later of course.

@ingydotnet
Copy link
Member

@xelxebar what should we do with this one?
@stigtsp introduced nix support compiling from published jar files with nix version of native-image.
I'm not sure guix support will ever work, unless we can build java clojure and native-image from source.
But I haven't actually looked into it...

@stigtsp
Copy link

stigtsp commented Dec 22, 2024

I don't believe GraalVM supports reproducible binaries :-/

@ingydotnet
Copy link
Member

I don't believe GraalVM supports reproducible binaries :-/

Right, that's what I imagined would be the blocking issue. (thanks for weighing in @stigtsp )

I assume that's a deal breaker for Guix.

Babashka is a software that is built very similar to YS.
Google found this https://github.com/giuliano108/guix-packages/blob/master/notes/babashka.md

@xelxebar would that be a possible way to do ys for guix?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xelxebar @stigtsp @ingydotnet