make some shell scripts use hermetic aspect toolchains #140
Conversation
|
At some point I also wanted to replace I thought it would be nicer to have one source of hermetic tooling for the shell scripts and for the rules, so there would be "one way and one source" of tools like @thesayyn what do you think? |
|
rules_nixpkgs will make everything depend on nixos in ways I dont think you want, it will also make it hard to do remote builds. (FWIW I am a NixOs user) |
That's good to know! I just watched @aherrmann's "Hermetic shell scripts in Bazel" from Bazelcon 2022 and it seemed quite simple and abstracted from NixOs. Can you give me more info / context and/or links? I'm interested in learning more about this! |
|
@jjmaestro probably this is the best current reference for at least the remote issue: https://www.tweag.io/blog/2024-02-29-remote-execution-rules-nixpkgs/ Essentially nixos stores all its packages in the store under hashed paths, this assumes the store is:
FWIW aspectlibs coreutils isnt the full gnu coreutils but the rust uutils reimplementation which makes it quite portable. Sed is naturally missing from that as is awk, although goawk could be an alternative if you dont want to live in pure shell. |
|
Awesome, thanks a ton! This is really good info, I was also looking into |
|
FWIW rules_sh is orthogonal to rules_nixpkgs and can be used without it. We commonly use Nix to provide the actual shell tools, but they can come from other sources as well. E.g. there's an open issue to fetch and wrap a busibox toolchain. |
| print $0 | ||
| }' | "$bsdtar" $@ -cf "$out" -C "$tmp/" @- | ||
| "$bsdtar" -cf - "$@" --format=mtree "${include[@]}" --options '!gname,!uname,!sha1,!nlink,!time' "@$control_path" | \ | ||
| while IFS= read -r line; do |
There was a problem hiding this comment.
i found awk scripts to be much more readable and easy to author for text editing purposes. however in this case we don't have awk built off the shelf.
I have bazel recipes in place to build GAWK for windows, darwin and linux but never made a release.
There was a problem hiding this comment.
maybe it's better to introduce a gawk toolchain in bazel-lib and use that? i am not sure how much effort that would take.
|
Now that there is https://github.com/bazelbuild/rules_shell, it became much more confusing. coreutils toolchain from bazel-lib uses rust reimplementation of coreutils like @GregBowyer said so it is portable to windows,darwin and linux. back when i was evaluating rules_nixpkgs, windows support was a big blocker, so i don't think we can use that, we could probably use the toolchain types from rules_shell but let's keep it focused. |
This changes some of the shellscripts to use the aspect tools for coreutils to be more hermetic.
This also has a probably buggy rewrite of the embedded awk scripts to avoid needing an awk toolchain.