Yeah, I see your point, but by this logic we shouldn’t expose feature parameters at all, and say that overriding patchPhase and configureFlags is the way.

Alright, you convinced me. I’ll change it to MAY put asserts about known-to-be-stupid configurations.

Right. Then we can bless lib.oneOf providerSSL [null, "openssl", "libressl"], like some packages already do.

Ah, my mind skipped that. I should go to bed.

It still doesn’t strike me as a great pattern. It certainly won’t scale.
In this context, I propose the ffmpeg-test: How much would you dread implementing this for ffmpeg’s forest of configure flags?
A subset of them can be observed in the aforementioned file.

It’s also generally not something that I think we should spend significant resources on.

Partially correct. Providing these flags in the first place is optional:

There is a point to exposing such parameters though and that is abstraction; boolean flags are a helluvalot easier to work with than lists of strings.

If you as a maintainer do choose to expose config flags, standardising their names and format is this RFC’s core goal as I see it and I approve of that. We should keep it at that.

From what I glanced at ffmpeg flags you listed, the only alternatives are libva vs libva-small. Probably out of ignorance, but I am not scared.

For some reason, I can’t edit post on top, so re-posting revised version here. Two more points in changelog.

feature: feature_parameter_names
start-date: 2024-01-10
author: Dmitry Bogatov
co-authors: (find a buddy later to help out with the RFC)
shepherd-team: (names, to be nominated and accepted by RFC steering committee)
shepherd-leader: (name to be appointed by RFC steering committee)
related-issues: (will contain links to implementation PRs)

Summary

Nixpkgs usually exports compile-time options of the upstream build system
through the named parameters of derivation function, but does it inconsistent
way.

Motivation

Developer interface for building environment with specific features enabled and
disabled is more complicated and requires more knowledge of implementation
details compared to already existing systems.

For example, Gentoo Linux has exhaustive list of all known configuration
flags and has means to
programmatically query what flags are available for particular package. Nixpkgs
has neither, and this RFC strives to rectify it.

Detailed design

1. Derivation function MAY expose compile-time boolean options of the upstream
   build system to enable or disable a feature using parameters named either as
   enableX or withX, consistent with Autoconf naming convention.

   Autoconf ENABLE
   Autoconf WITH

2. If compile-time feature requires build and runtime dependency on package
   libfoo, corresponding feature parameter MUST match regular expression
   ^with[^a-z]. See guidelines below for choosing name of feature parameter.

3. If compile-time feature does not require any extra build dependencies,
   corresponding feature parameter MUST have name matching ^enable[^a-z] and
   SHOULD correspond to the upstream naming.

4. If upstream build features and build dependencies do not map one-to-one,
   then one with feature parameter SHOULD be added for every build dependecy
   and one enable feature SHOULD be added for every upstream build feature
   intended to be optional. Assertions to preclude incoherent feature
   configurations MAY be added.

5. These rules are to be enforced by static code analyse linter. Since no
   static code analyzis is perfect, it shall have support for inhibiting
   warnings in individual cases that do not fit into general scheme.

6. Parameter names matching ^(enable|with) regular expression MUST not be
   used for any other purpose. In particular, they always must be boolean.

7. Derivation function MAY expose compile-time string or numeric options of the
   upstream build system using feature parameters that MUST match ^conf[^a-z]
   regular expression, e.g confDefaultMaildir.

8. Due overwhelming amount of possible combinations of feature flags for some
   packages, nixpkgs maintainer is not expected to test or maintain them all,
   but SHOULD accept provided technically sound contributions related to
   configurations with non-default feature flags.

9. Due overwhelming amount of possible combinations of feature flags for some
   packages, only configurations that has name in package set (e.g emacs-nox)
   shall be built on CI.

The migration process.

Named parameters are part of the programming interface, and renaming them is a
breaking change. As such, renaming of the parameters is done in following way:

1. Following function is added into lib set:

let renamed = { oldName, newName, sunset, oldValue }: newValue:
   let warning = builtins.concatStringsSep " "
      [ "Feature flag"
      , oldName
      , "is renamed to"
      , newName
      , "; old name will no longer be available in nixpkgs="
      , sunset
      , "."
      ]
   in lib.warnIf (value != null) warning (if (value != null) then value else newValue);

Starting with following function:

{ lib
, stdenv
, nonCompliantFoo ? true
}:

# uses nonCompliantFoo
stdenv.mkDerivation { ... }

First step of migration is to replace it with the following:

{ lib
, stdenv
, nonCompliantFoo ? null
, enableFoo ? lib.renamed {
    oldName = "nonCompliantFoo";
    newName = "enableFoo";
    sunset = "25.11";
    value = nonCompliantFoo;
  } true
}:

# uses enableFoo
stdenv.mkDerivation { ... }

and after grace period of two releases, any mentions of nonCompliantFoo are
removed, and function becomes:

{ lib
, stdenv
, enableFoo ? true
}:

# uses enableFoo
stdenv.mkDerivation { ... }

Feature parameter naming guidelines

1. Feature flags that require single external dependency SHOULD be named after
   that dependency. Prefix lib SHOULD be removed. For example,

   systemd => withSystemd
   libgif  => withGif
   curl    => withCurl
   

2. When multiple feature flags require the same build dependency, for example
   derivation has optional support for FTP and HTTP protocols, any of which
   incur dependency on curl, and derivation would look like following:

   { lib, stdenv, curl, withCurl ? true, enableFTP ? true, enableHTTP ? true }:
   
   # Assertions are fully optional.
   assert enableFTP -> withCurl;
   assert enableHTTP -> withCurl;
   
   stdenv.mkDerivation {
      ...
   
      buildInputs = lib.optionals withCurl [ curl ];
   
      ...
   }
   

3. Mutually-exclusive build dependencies that provide the same feature are also
   handled with assertions. For example, if derivation has optional SSL support
   that may be provided by multiple libraries, but only one may be used and it
   must be chosen at compilation time, derivation will look like following:

   { lib, stdenv, enableSSL ? false, openssl, withOpenSSL ? false, libressl, withLibreSSL ? false }:
   
   # Assertions are fully optional.
   assert enableSSL -> withOpenSSL || withLibreSSL;
   assert !(withLibreSSL && withOpenSSL);
   
   stdenv.mkDerivation {
      ...
   
      # Asserts above make sure that at most one SSL implementation will be in
      # the list.
      buildInputs = lib.optionals withLibreSSL [ libressl ]
                  ++ lib.optionals withOpenSSL [ openssl ];
   
      ...
   }
   

4. When build dependency comes from particular package set, it MAY make sense to
   name feature parameter after it. E.g build dependency on qt6.qtbase should
   have withQt6 feature parameter.

5. If feature parameter name suggested by previous point is too generic,
   package name from the set MAY be included into the feature parameter name.
   Optional dependency on pythonPackages.pillow MAY have feature parameter
   withPythonPillow.

6. Build dependency on bindings to low-level libraries SHOULD be named after
   underlying library. For example, optional dependecy on pyqt5 Python
   bindings to Qt5 library should have withQt5 feature parameter.

Examples and Interactions

This is how one can query list of feature parameters that incur extra runtime dependencies:

$ nix eval --json --impure --expr 'with import ./. {}; builtins.attrNames gnuplot.override.__functionArgs' | jq '.[]| select(startswith("with"))'
"withCaca"
"withLua"
"withQt"
"withTeXLive"
"withWxGTK"

I picked the gnuplot as example since it is the closest to be compliant with proposed rules.

Drawbacks

1. The migration process involves renaming feature parameters, so these changes
   will likely conflict with other outstanding changes to the derivation, and potentially
   even with automatic version bumps.

Alternatives

Group all feature parameters into separate attrset parameter

Instead of writing

{ lib, stdenv, enableFoo ? true }:

# uses enableFoo
stdenv.mkDerivation { ... }

derivation can be written as

{ lib, stdenv, features ? { enableFoo = true; }}:

# uses features.enableFoo
stdenv.mkDerivation { ... }

It is definitely looks cleaner, but unfortunately hits several limitations of
the Nix language.

1. Nix language provides way to introspect function argument names,
   but no way to learn their default values. So this approach gives consistency, but no way to query list of derivation feature parameters.

2. Overrides become much more verbose. Simple and ubiquitous

   bar.override { withFoo = true; }
   

   becomes unwieldy

   bar.override (old: old // { features = old.features // { withFoo = true }; })
   

   That can be simplified by introducing overrideFeatures function, but we
   already have way too many
   override functions. Also, this version will silently override nothing in case
   of typo.

Any approach that tries to pass attribute set to function will have these
issues. Using existing config.nix
is no different.

Do nothing

Avoids all the work and drawbacks, but there is no evidence that consistency
problem will solve itself evolutionary.
For some build dependencies, we have multiple equally popular feature parameter
names, and people keep picking random one when adding new packages.

Prior art

As mentioned in motivation part, the best in class of feature flag
configuration system is Gentoo Linux:

• [USE flag index – Gentoo Linux]

There is not much work I can find about this problem in Nixpkgs other than my
previous attempts to solve it on package-by-package basis:

• Naming convention for optional feature flags · Issue #148730 · NixOS/nixpkgs · GitHub
• dbus: rename "enableSystemd" to "withSystemd" by KAction · Pull Request #234463 · NixOS/nixpkgs · GitHub

Unresolved questions

This RFC makes it possible to introspect feature parameters of particular
derivation, but still does not provide simple and efficient way to list all
existing feature parameters.

Future work

There are other configuration scenarios not covered by this RFC:

• Optional dependencies in shell wrappers (e.g passage).
• Finding way to get list of all existing feature parameters. That can be possibly done by building and distributing the index separately,
  like nix-index does it.

Changelog

1. Changed wording to not imply that every upstream build system knob SHOULD be
   exported via feature parameters. (Thx: @7c6f434c)

2. Relaxed wording on the name of feature parameters to avoid painting ourselves
   into ugly and non-intuitive names. (Thx: @7c6f434c)

3. Fix typo in regex to be consistent that feature flag name can’t have small
   letter after with|conf|enable prefix. (Ths: @don.dfh)

4. Explicitly mention that static code analysis has support for overrides based
   on human judgement call. (Thx: @7c6f434c)

5. Clarify solution scenarios when build inputs and feature flags don’t match
   one-to-one. (Thx: @Atemu, @7c6f434c)

6. Refine the deprecation plan to make sure the warning includes the sunset
   timestamp. (Thx: @pbsds)

7. Add rules about non-boolean feature parameters. (Thx: @Atemu, @pbsds)

8. Set expectations for building and maintaining multiple configurations. (Thx: @pbsds)

9. Removed non-boolean parameters from “Future Work” section.

10. Relaxed requirements for assertions about conflicting flags (Thx: @Atemu)

11. Add guideline so pythonPackages.pillow does not get withPython feature name. (Thx: @7c6f434c)

By the way, does this kill a huge chunk of static linting?

It does kill some of static linting. We ended up with much less of MUST’s than I hoped, but life is complicated.

Still, it can contain canonical spellings (e.g enableHTTP vs enableHttp), and it can enforce MUST about naming (e.g it can catch { withFoo ? "foobar" }).

IMHO the biggest problem is not that the options are named inconsistently, but that they are conflated with the other arguments. Even with a naming scheme or a features ? {...} attrset, which would somewhat solve the discoverability problem, they are still a much worse version of NixOS options: they have no types, no semantics for merging, it’s not possible to inspect the defaults and generate docs automatically.

For me the proper solution would be to turn packages into modules. This would solve all of the above and more, for example it would allow a package to inspect the features enabled in a dependency. Of course, this is easier said than done: adding a new kind of module-package while remaining compatible with the current function-package and mixing them in Nixpkgs seems like a major headache.

Actually I suspect that dropping this passthrough requirement would make name-linting theoretically possible, and it might not be completely unacceptably to just write withPythonPyqt.

Given that we have camel, snake, and skewer casing happily coexisting, maybe it should be written explicitly how the naming is mangled into a uniform form.

Also, if with vs enable separation is mandatory, this means pointless churn for packages where we switch between vendored and our versions of a dependency.

Please no. It’s enough that NixOS is full of non-local effects on a fixpoint (fine with me, not going to use NixOS anytime soon anyway), but we have actual functions with actual scope in Nixpkgs and it should be kept this way.

Yeah, maybe splitting documentation-and-typing, merging, and scope-busting performance-killing fixpoint into well-defined layers could give something usable and close to the current modules system. But I won’t believe it before I see it.

Of course the answer to the actually interesting question is hidden in a let. At least that’s how it went every time I wanted to use inspectability of modules.

Can you elaborate, please? I don’t think we ever should make it convenient to do vendorng.

Yes, but as a user, I want to disable Qt5, not hunt down pythonQt5, tclQt5 and so on. So I’d keep this pass-through clause.

Good point. I’ll elaborate on enableFoo in the guidelines section.

Globally: good luck keeping LibreOffice or Julia at zero vendoring for multiple releases. So what happens is we look «maybe this can be unvendored», but from time to time we are forced to go back to using the vendored version of something else. Doesn’t help that vendored versions sometimes carry project-specific patches…

The thing is, if one ever has an optional dependency in a safe-to-unvendor / too-complicated-to-unvendor-again cycle, by the wording of your proposal there will be pointless with/enable churn.

As a user you’ll need to have an idea what you have, and what has mandatory Qt dependencies. So yeah, withQt5 vs withQt6 vs withPythonPyqt is the least of your problems

Valid point. I’ll add clause that vendored dependencies, which technically are not external dependencies, are still with, not enable.

Can’t argue, yet I still would rather make relatively small user’s problem even smaller.

Latest revision. Two more entries in changelog – about vendoring and about camel case.

As writing I realized that current wording has unfortunate implication that derivations that support multiple SSL libraries with have enableSsl flag, while derivation that only support openssl will only have withOpenssl, which is somewhat inconsistent.

I have no ideas how to fix it short of hard-coding list of blessed features, like enableSsl, enablePdf.

feature: feature_parameter_names
start-date: 2024-01-10
author: Dmitry Bogatov
co-authors: (find a buddy later to help out with the RFC)
shepherd-team: (names, to be nominated and accepted by RFC steering committee)
shepherd-leader: (name to be appointed by RFC steering committee)
related-issues: (will contain links to implementation PRs)

Summary

Nixpkgs usually exports compile-time options of the upstream build system
through the named parameters of derivation function, but does it inconsistent
way.

Motivation

Developer interface for building environment with specific features enabled and
disabled is more complicated and requires more knowledge of implementation
details compared to already existing systems.

For example, Gentoo Linux has exhaustive list of all known configuration
flags and has means to
programmatically query what flags are available for particular package. Nixpkgs
has neither, and this RFC strives to rectify it.

Detailed design

1. Derivation function MAY expose compile-time boolean options of the upstream
   build system to enable or disable a feature using parameters named either as
   enableX or withX, consistent with Autoconf naming convention.

   Autoconf ENABLE
   Autoconf WITH

2. If compile-time feature requires build and runtime dependency on package
   libfoo, corresponding feature parameter MUST match regular expression
   ^with[^a-z]. See guidelines below for choosing name of feature parameter.

3. If compile-time feature does not require any extra build dependencies,
   corresponding feature parameter MUST have name matching ^enable[^a-z] and
   SHOULD correspond to the upstream naming.

4. As special provision, if optional vendored dependency is exposed by feature
   parameter, that paramter name MUST have match `^with[^a-z]’ regular
   expression.

5. If upstream build features and build dependencies do not map one-to-one,
   then one with feature parameter SHOULD be added for every build dependecy
   and one enable feature SHOULD be added for every upstream build feature
   intended to be optional. Assertions to preclude incoherent feature
   configurations MAY be added.

6. These rules are to be enforced by static code analyse linter. Since no
   static code analyzis is perfect, it shall have support for inhibiting
   warnings in individual cases that do not fit into general scheme.

7. Parameter names matching ^(enable|with) regular expression MUST not be
   used for any other purpose. In particular, they always must be boolean.

8. Derivation function MAY expose compile-time string or numeric options of the
   upstream build system using feature parameters that MUST match ^conf[^a-z]
   regular expression, e.g confDefaultMaildir.

9. Due overwhelming amount of possible combinations of feature flags for some
   packages, nixpkgs maintainer is not expected to test or maintain them all,
   but SHOULD accept provided technically sound contributions related to
   configurations with non-default feature flags.

10. Due overwhelming amount of possible combinations of feature flags for some
    packages, only configurations that has name in package set (e.g emacs-nox)
    shall be built on CI.

The migration process.

Named parameters are part of the programming interface, and renaming them is a
breaking change. As such, renaming of the parameters is done in following way:

1. Following function is added into lib set:

let renamed = { oldName, newName, sunset, oldValue }: newValue:
   let warning = builtins.concatStringsSep " "
      [ "Feature flag"
      , oldName
      , "is renamed to"
      , newName
      , "; old name will no longer be available in nixpkgs="
      , sunset
      , "."
      ]
   in lib.warnIf (value != null) warning (if (value != null) then value else newValue);

Starting with following function:

{ lib
, stdenv
, nonCompliantFoo ? true
}:

# uses nonCompliantFoo
stdenv.mkDerivation { ... }

First step of migration is to replace it with the following:

{ lib
, stdenv
, nonCompliantFoo ? null
, enableFoo ? lib.renamed {
    oldName = "nonCompliantFoo";
    newName = "enableFoo";
    sunset = "25.11";
    value = nonCompliantFoo;
  } true
}:

# uses enableFoo
stdenv.mkDerivation { ... }

and after grace period of two releases, any mentions of nonCompliantFoo are
removed, and function becomes:

{ lib
, stdenv
, enableFoo ? true
}:

# uses enableFoo
stdenv.mkDerivation { ... }

Feature parameter naming guidelines

1. Feature flags that require single external dependency SHOULD be named after
   that dependency. Prefix lib SHOULD be removed. For example,

   systemd => withSystemd
   libgif  => withGif
   curl    => withCurl
   

2. When multiple feature flags require the same build dependency, for example
   derivation has optional support for FTP and HTTP protocols, any of which
   incur dependency on curl, and derivation would look like following:

   { lib, stdenv, curl, withCurl ? true, enableFTP ? true, enableHTTP ? true }:
   
   # Assertions are fully optional.
   assert enableFTP -> withCurl;
   assert enableHTTP -> withCurl;
   
   stdenv.mkDerivation {
      ...
   
      buildInputs = lib.optionals withCurl [ curl ];
   
      ...
   }
   

3. Mutually-exclusive build dependencies that provide the same feature are also
   handled with assertions. For example, if derivation has optional SSL support
   that may be provided by multiple libraries, but only one may be used and it
   must be chosen at compilation time, derivation will look like following:

   { lib, stdenv, enableSSL ? false, openssl, withOpenSSL ? false, libressl, withLibreSSL ? false }:
   
   # Assertions are fully optional.
   assert enableSSL -> withOpenSSL || withLibreSSL;
   assert !(withLibreSSL && withOpenSSL);
   
   stdenv.mkDerivation {
      ...
   
      # Asserts above make sure that at most one SSL implementation will be in
      # the list.
      buildInputs = lib.optionals withLibreSSL [ libressl ]
                  ++ lib.optionals withOpenSSL [ openssl ];
   
      ...
   }
   

4. When build dependency comes from particular package set, it MAY make sense to
   name feature parameter after it. E.g build dependency on qt6.qtbase should
   have withQt6 feature parameter.

5. If feature parameter name suggested by previous point is too generic,
   package name from the set MAY be included into the feature parameter name.
   Optional dependency on pythonPackages.pillow MAY have feature parameter
   withPythonPillow.

6. Build dependency on bindings to low-level libraries SHOULD be named after
   underlying library. For example, optional dependecy on pyqt5 Python
   bindings to Qt5 library should have withQt5 feature parameter.

7. Camel case is preferred to other styles. E.g:

pam                   => withPam
http                  => enableHttp
gemini                => enableGemini
ssl                   => enableSsl
openssl               => withOpenssl
pythonPackages.pillow => withPythonPillow

Examples and Interactions

This is how one can query list of feature parameters that incur extra runtime dependencies:

$ nix eval --json --impure --expr 'with import ./. {}; builtins.attrNames gnuplot.override.__functionArgs' | jq '.[]| select(startswith("with"))'
"withCaca"
"withLua"
"withQt"
"withTeXLive"
"withWxGTK"

I picked the gnuplot as example since it is the closest to be compliant with proposed rules.

Drawbacks

1. The migration process involves renaming feature parameters, so these changes
   will likely conflict with other outstanding changes to the derivation, and potentially
   even with automatic version bumps.

Alternatives

Group all feature parameters into separate attrset parameter

Instead of writing

{ lib, stdenv, enableFoo ? true }:

# uses enableFoo
stdenv.mkDerivation { ... }

derivation can be written as

{ lib, stdenv, features ? { enableFoo = true; }}:

# uses features.enableFoo
stdenv.mkDerivation { ... }

It is definitely looks cleaner, but unfortunately hits several limitations of
the Nix language.

1. Nix language provides way to introspect function argument names,
   but no way to learn their default values. So this approach gives consistency, but no way to query list of derivation feature parameters.

2. Overrides become much more verbose. Simple and ubiquitous

   bar.override { withFoo = true; }
   

   becomes unwieldy

   bar.override (old: old // { features = old.features // { withFoo = true }; })
   

   That can be simplified by introducing overrideFeatures function, but we
   already have way too many
   override functions. Also, this version will silently override nothing in case
   of typo.

Any approach that tries to pass attribute set to function will have these
issues. Using existing config.nix
is no different.

Do nothing

Avoids all the work and drawbacks, but there is no evidence that consistency
problem will solve itself evolutionary.
For some build dependencies, we have multiple equally popular feature parameter
names, and people keep picking random one when adding new packages.

Prior art

As mentioned in motivation part, the best in class of feature flag
configuration system is Gentoo Linux:

• [USE flag index – Gentoo Linux]

There is not much work I can find about this problem in Nixpkgs other than my
previous attempts to solve it on package-by-package basis:

• Naming convention for optional feature flags · Issue #148730 · NixOS/nixpkgs · GitHub
• dbus: rename "enableSystemd" to "withSystemd" by KAction · Pull Request #234463 · NixOS/nixpkgs · GitHub

Unresolved questions

This RFC makes it possible to introspect feature parameters of particular
derivation, but still does not provide simple and efficient way to list all
existing feature parameters.

Future work

There are other configuration scenarios not covered by this RFC:

• Optional dependencies in shell wrappers (e.g passage).
• Finding way to get list of all existing feature parameters. That can be possibly done by building and distributing the index separately,
  like nix-index does it.

Changelog

1. Changed wording to not imply that every upstream build system knob SHOULD be
   exported via feature parameters. (Thx: 7c6f434c)

2. Relaxed wording on the name of feature parameters to avoid painting ourselves
   into ugly and non-intuitive names. (Thx: 7c6f434c)

3. Fix typo in regex to be consistent that feature flag name can’t have small
   letter after with|conf|enable prefix. (Ths: don.dfh)

4. Explicitly mention that static code analysis has support for overrides based
   on human judgement call. (Thx: 7c6f434c)

5. Clarify solution scenarios when build inputs and feature flags don’t match
   one-to-one. (Thx: Atemu, 7c6f434c)

6. Refine the deprecation plan to make sure the warning includes the sunset
   timestamp. (Thx: pbsds)

7. Add rules about non-boolean feature parameters. (Thx: Atemu, pbsds)

8. Set expectations for building and maintaining multiple configurations. (Thx: pbsds)

9. Removed non-boolean parameters from “Future Work” section.

10. Relaxed requirements for assertions about conflicting flags (Thx: Atemu)

11. Add guideline so pythonPackages.pillow does not get withPython feature name. (Thx: 7c6f434c)

12. Mention that vendored dependenices are still with. (Thx: 7c6f434c)

13. Elaborate on camel case convention. (Thx: 7c6f434c)

It’s enough that NixOS is full of non-local effects on a fixpoint (fine with me, not going to use NixOS anytime soon anyway), but we have actual functions with actual scope in Nixpkgs and it should be kept this way.

It would have to be a somewhat restricted version of the module system anyway, otherwise there’s no chance of scaling it to ~100000 packages. Evaluating NixOS is already slow with less than 2000 modules.

And, separately, evaluating Nixpkgs for CI is already too slow (the current proposal looks almost neutral, though)