Skip to content

Support the MacOS sandbox for larger projects#489

Open
j-baker wants to merge 3 commits intoipetkov:masterfrom
j-baker:jbaker/fix_many_crates_osx_issue
Open

Support the MacOS sandbox for larger projects#489
j-baker wants to merge 3 commits intoipetkov:masterfrom
j-baker:jbaker/fix_many_crates_osx_issue

Conversation

@j-baker
Copy link
Contributor

@j-baker j-baker commented Dec 29, 2023
edited
Loading

Motivation

Fixes #482.

MacOS has trouble with derivations which (directly or transitively) have many buildInputs.

Crane at present creates a build structure in which a given cargo command will transitively depend on numCrates nix store paths. This means that Crane fails to build projects with over about 600 crate dependencies on MacOS if the sandbox is enabled.

This MR utilises a tiering approach to improve this.

Each registry is assigned to a shard based on the hash of the crate name. If there are <32 crates in a registry there is one shard, if <2048 there are 16 shards, otherwise 256. Crates are directly extracted into these shard derivations rather than symlinking.

What this means is:

  1. Crane will not create a vendoring derivation with many inputs unless a project has a truly crazy number of dependencies.
  2. No downstream cargo derivation will have many inputs either.

Checklist

  • added tests to verify new behavior
  • added an example template or updated an existing one
  • updated docs/API.md (or general documentation) with changes
  • updated CHANGELOG.md

@j-baker
Support the MacOS sandbox for larger projects
c09d077 
Fixes ipetkov#482.

MacOS has trouble with derivations which (directly or transitively)
have many buildInputs.

Crane at present creates a build structure in which a given cargo
command will transitively depend on numCrates nix store paths. This
means that Crane fails to build projects with over about 600 crate
dependencies on MacOS if the sandbox is enabled.

This MR utilises a tiering approach to improve this.

Each registry is assigned to a shard based on the hash of the crate
name. If there are <32 crates in a registry there is one shard, if
<2048 there are 16 shards, otherwise 256. Crates are directly extracted
into these shard derivations rather than symlinking.

What this means is:

1. Crane will not create a vendoring derivation with many inputs
   unless a project has a truly crazy number of dependencies.
1. No downstream cargo derivation will have many inputs either.
@j-baker
fmt
db196fb
@j-baker
changelog
efddb2d
@ipetkov
Copy link
Owner

ipetkov commented Jan 14, 2024

Hi @j-baker thanks for the PR!

One bit of hesitation I have with the current direction is that it ends up pessimizing dependency handling for the "default" case (of not building inside of a macOS sandbox)... The approach to symlink crate sources in the final vendor directory means that each unique crate-version-source is unpacked only once in the Nix store (regardless of whether Nix store optimization/hard-linking is enabled) so that derivations with completely different sets of dependencies don't end up unpacking sources multiple times (each which uses up some CPU and disk space).

I'm not familiar with how the macOS sandbox operates, but based on your comment #482 (comment) it sounds like each derivation is getting its own sandbox, and the vendor derivation's dependencies along with the real build's deps pushes it over the edge. Another potential (and maybe simpler?) solution is to introduce some kind of vendorInstallMode variable to vendorCargoDeps (similar to installCargoArtifactsMode) which results in a deep copy of the source (instead of a symlink which would remain the default). That way one can opt-into this "more expensive" behavior as necessary.

Thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

symlinking of crates causes issues with macos sandbox

2 participants

@j-baker @ipetkov