[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Foreign packages and reproducibility (formerly Re: [PATCH] gnu: Add
|
From: |
Pjotr Prins |
|
Subject: |
Re: Foreign packages and reproducibility (formerly Re: [PATCH] gnu: Add ruby-nokogiri) |
|
Date: |
Sun, 21 Feb 2016 18:31:27 +0100 |
|
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Another option would be have a symlinked profile for every ruby interpreter with
the full hash
/var/guix/profile/per-ruby/ziy7a6zib846426kprc7fgimggh8bz97-ruby-2.1.3/
which contains symlinks to the libraries/gems installed against that ruby.
NOW we only need to tell the interpreter where to find the libraries using this
path. This could actually be patched in trivially at installation time.
(I think this is rather exciting, though again I have the feeling
someone has thought of this before).
Pj.
On Sun, Feb 21, 2016 at 06:22:31PM +0100, Pjotr Prins wrote:
> I am thinking about this again. It is relevant for all interpreters.
>
> The real pain is that between Ruby interpreters the profile can be shared
> which
> contains a path to the modules, e.g. say ruby-nokogiri. Currently you can run
>
> guix package -i ruby ruby-nokogiri
> ruby -e "require-2.2.1 'nokogiri'"
>
> next update ruby to a new (minor) version
>
> guix package -i ruby-2.2.2
>
> and run again
>
> ruby -e "require 'nokogiri'"
>
> will work.
>
> which is wrong because nokogiri was built against the first ruby interpreter.
> It is a problem from the view point of reproducible software execution.
>
> To prevent this we should *not* allow modules (i.e. nokogiri) in the
> profile.
>
> But now a user doing a simple
>
> ruby -e "require 'nokogiri'"
>
> will fail, because the interpreter does not know where nokogiri
> is. This is wrong because users should be able to access installed
> gems (that is the point of having gems!).
>
> One suggestion is wrappers and runpaths. I.e. wrap the invocation of
> 'ruby' with a script that will pass in the path to all installed gems.
>
> Q1: is there a limitation to the length of such a path (generally a
> bash variable)?
>
> Q2: would the wrapper be updated every time a new gem gets installed?
> How can we be sure it is deterministic? Installation order may matter.
>
> Q3: can we query guix on-the-fly for paths to all leaf nodes that
> depend on a ruby? That way a wrapper could be installed
> once. Would that be too slow? How can we be sure it is
> deterministic?
>
> I do not know how nix solves it exactly, but I do know they use a
> wrapper script.
>
> Finally, I do think that most Ruby gems should propagate ruby
> itself. Only rarely are gems executables. Mostly they are libraries,
> which implies you need to run ruby to run them. Right? It does not
> make sense to install a Ruby library without the ruby interpreter.
>
> Pj.
>
--
- Re: [PATCH] gnu: Add ruby-nokogiri, Pjotr Prins, 2016/02/17
- Re: [PATCH] gnu: Add ruby-nokogiri, Ben Woodcroft, 2016/02/17
- Foreign packages (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Pjotr Prins, 2016/02/18
- Re: Foreign packages (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Ricardo Wurmus, 2016/02/21
- Re: Foreign packages (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Ben Woodcroft, 2016/02/21
- Re: Foreign packages (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Pjotr Prins, 2016/02/21
- Foreign packages and reproducibility (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Pjotr Prins, 2016/02/21
- Re: Foreign packages and reproducibility (formerly Re: [PATCH] gnu: Add ruby-nokogiri),
Pjotr Prins <=
- Re: Foreign packages and reproducibility (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Pjotr Prins, 2016/02/22
- Re: Foreign packages and reproducibility (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Pjotr Prins, 2016/02/23
- Re: Foreign packages (formerly Re: [PATCH] gnu: Add ruby-nokogiri), Pjotr Prins, 2016/02/21