Hello. I apologize if this is a stupid question, but I’m still not understanding the concepts behind Nix.
I am reading the Dolstra thesis to learn Nix, and there is one thing that is entirely unclear to me: why is scanning for retained dependencies necessary?
As far as I understand, a derivation can only have dependencies on things that have been explicitly listed as dependencies of that derivation. If that’s the case (and I could be wrong), why not just assume that a derivation has runtime dependencies on everything in a derivation that it is dependent on?
pure nix derivations only have access to dependencies they declare. this means that, even though it’s not readily apparent, the dependencies include the entire compiler environment used to build a derivation, additional build tools like make, parser generators like flex and yacc, maybe a set of utilities that are needed only by the test suite but not by the final package, and many more. retaining those would cause huge closure sizes for the tiniest programs (eg GNU hello). pruning runtime dependencies that don’t seem to be referenced alleviates that.
Okay, I think I understand the need to ensure build-time dependencies don’t explode closures.
However, apologies for not understanding, but I don’t see how
this means that, even though it’s not readily apparent, the dependencies include the entire compiler environment used to build a derivation
follows from
pure nix derivations only have access to dependencies they declare.
In fact, it seems to me like the entire compiler environment is an undeclared dependency, which means the derivation shouldn’t have access to it, right? Or is it declared in magic like stdenv?
If it is declared in stdenv, or something like it, then why couldn’t Nix just make derivation authors separate build-time and runtime dependencies?
it is, and dependencies that are accessed via interpolation into build scripts (eg ${pkgs.something}/bin/check-a-thing $src) are also added to the dependencies.
as to why separation isn’t enforced as you suggest, i don’t know that but would guess that it’s a quality-of-life thing.
This would be possible. It would be more work, as well as be more fragile and humans will mess up declaring the runtime deps all the time, and you’d end up wanting some way to automatically scan for references anyway. An assumption made by Nix is that this can be done automatically by scanning (“conservative garbage collection” in the thesis) and verified the idea empirically by the existence of Nixpkgs. There are times where this mechanism fails (eg: JARs), but it has been quite reliable compared to the manual alternative.
