If/when Nix switches to CAS storage, then binaries that reference different dependencies but for the rest are the same will not result in deduplication.
openssl gets a patch release which results in a small change in the
.so file but nothing else.
This results in
curl rebuilding. The resulting binary will (should) be the same, except for the reference to
openssl being updated.
The checksum is different and everybody needs to install the new version; the unchanged supporting files will be hardlinked, but the binaries will have a few different bytes.
In “regular” Linux distros, simply updating the
openssl package would be sufficient. In low-powered devices, that is preferable.
curl was somehow able to decide which
openssl to use at runtime, the package would be unchanged and any dependencies would not need rebuilding. There could be a separate wrapper package that wraps binaries and libraries, perhaps by patching
ld.so. This separate wrapper would be tiny, all dependent packages could then skip a rebuild by only updating their own wrappers, and the bigger wrapped packages remain unchanged and unbuilt.
Another option might be to generate diffs for all builds with the same version. It wouldn’t help with skipping rebuilds, and local diskspace would still be impacted, but there would be less to download.