Nixpkgs: Problem: tarballs.nixos.org is too helpful

You seem to be the describing exactly the desired operation of the fixed output hash and the intended purpose of tarballs.nixos.org

If the hash were available locally, we would not even ask tarballs.nixos.org but just conclude that we already have that src, so fetching must be a no-op.

I believe the racket(-minimal) expression should be changed to avoid this; I added a comment at least: d0413d1ac95.

IIRC we've had some discussions around suggestions like including the basename in the hash computation, but anything like this is rather hard to make happen, as compatibility is quite a headache and it would have slight down-sides as well.

I don't think a similar change would happen in close future, and it would belong to https://github.com/nixos/nix (but certainly feel free to continue some discussion in this thread)

That comment will probably improve this specific case -- thanks.

I suspect I am missing some project history here, that there is some specific case or pattern that caused tarballs.* to come into existance. What is that?

I imagine that most derivation builds never go there, as the fetchurl derivation would usually be available on hydra. Am I wrong?

tarballs.nixos.org isn't really the root of the problem here anyway. The fixed-output derivations are (i.e. content-addressed ones). The main motivation is that switching a fetcher's URL or even the protocol shouldn't cause a rebuild/refetch (which would cascade to dependants).

Without it #45650 would have had a build failure because https://mirror.racket-lang.org/installers/7.0/racket-minimal-7.0-src.tgz is a different fixed-output derivation from https://mirror.racket-lang.org/installers/6.12/racket-minimal-6.12-src.tgz, and the former does not return content with the hash 0c565jy[...].

What's the compelling reason for t.n.o and why is it better than what hydra already caches?

The main motivation is that switching a fetcher's URL or even the protocol shouldn't cause a rebuild/refetch (which would cascade to dependants).

If you update the URL of the fixed-output derivation, the hash of the derivation will be changed regardless of t.n.o and all its dependents will be rebuilt, right? But the URL itself will only be queried until the derivation has run on hydra.

It looks like the compelling reason is in bb672805 , that upstreams sometimes change URL structures and that introduces fragility in nixpkgs -- unless the derivation is cached. I guess the issue is that it's currently hard to protect the derivation from getting gc'ed?

I'm just asking the stupid questions here, I know I'm probably missing some important point.

If you update the URL of the fixed-output derivation, the hash of the derivation will be changed regardless of t.n.o and all its dependents will be rebuilt, right?

No, fixed-output-derivations have their hashes based on the name (which is usually simply "source") and the _output_, not the input.

I guess the issue is that it's currently hard to protect the derivation from getting gc'ed?

In a sense. Generally, we have gcroots for eg. hello, not hello.src.

No, fixed-output-derivations have their hashes based on the name (which is usually simply "source") and the output, not the input.

There are certainly source derivations just named source (e.g. fetchFromGitHub derivations without an explicit name), but in the case of e.g. fetchurl, and therefore in the case of e.g. the racket source, the name of the derivation comes from the basename of the URL:

$ nix-instantiate -E 'with import <nixpkgs> {}; fetchurl { url = http://example.com/; sha256="0000000000000000000000000000000000000000000000000000"; }' 2>/dev/null
/nix/store/n9pad0sw3xfycrqzcj1p2kngv3l7kqyw-example.com.drv

we have gcroots for eg. hello, not hello.src.

Yeah, I guess for a small project it's easy to say "just set keep-outputs to true" (which I think would preserve those source outputs, right?), but for nixpkgs that might mean huge disk space needs?

Anyway, I think my point was that t.n.o was unintuitive to me, because I expected fetchurl caching to work like any other fixed-output derivation. I even prepared a patch to make sure racket-minimal.src would change its name when the racket version was bumped, before I realized that the existing implementation already did that and it was something else that threw it off.