Florian Klink flokli

This document sketches out how devenv could be using Tvix, instead of Nix for Evaluation.

Currently building with Tvix as well is out of scope, but we're fine with Tvix ingesting things in its own (in-memory or semi-ephemeral in a cache directory) store, and copying from there into the "real" Nix store.

Ultimately, devenv evaluates a few attrpaths in a Nix file. As internally fetchTree is used, it being supported in Tvix is a requirement.

Assuming there is fetchTree support, we can evaluate these files with Tvix too.

Keybase proof

I hereby claim:

I am flokli on github.
I am flokli (https://keybase.io/flokli) on keybase.
I have a public key whose fingerprint is D581 720C FA3E 9BC3 610C D996 89F2 59B8 FA0D 181F

To claim this, I am signing this object:

	#! /usr/bin/env nix-shell
	#! nix-shell -i bash -p minica -p mitmproxy

	set -e

	echo "Creating CA key and certificate, as well as wildcard cert"
	minica -domains '*' \|\| true

	echo "Assembling chain.pem"
	(openssl x509 -text <./_/cert.pem && openssl x509 -text <./minica.pem && cat ./_/key.pem) > chain.pem

	{ stdenv
	, lib

	, fetchurl

	, makeWrapper
	, fontconfig
	, libXft
	, opensc
	, xorg

	// Builds a OCI bundle from a BuildRequest and a path, which points to an
	// existing (and empty) path to a directory (usually a temporary).
	//
	// This function emits an OCI bundle that will run the build specifed in the
	// buildRequest.
	//
	// After running this function, the directory contains the following:
	//
	// - `config.json`, the OCI runtime spec itself
	// - `scratch`, a directory containing other directories which will be

	tvix-cli from https://cl.tvl.fyi/c/depot/+/8572/33:

	❯ /nix/store/fi3j1sbpd2fzwbjnak924z58zhpd07j0-hyperfine-1.16.1/bin/hyperfine --warmup 10 './target/release/tvix -E "with import <nixpkgs>{}; toString stdenv"' 'nix-instantiate --eval --json --expr "with import <nixpkgs>{}; toString stdenv"'
	Benchmark 1: ./target/release/tvix -E "with import <nixpkgs>{}; toString stdenv"
	Time (mean ± σ): 1.235 s ± 0.013 s [User: 1.161 s, System: 0.074 s]
	Range (min … max): 1.218 s … 1.254 s 10 runs

	Benchmark 2: nix-instantiate --eval --json --expr "with import <nixpkgs>{}; toString stdenv"
	Time (mean ± σ): 193.7 ms ± 3.4 ms [User: 161.7 ms, System: 32.0 ms]
	Range (min … max): 190.3 ms … 203.1 ms 14 runs

	running tests
	PERL_DL_NONLAZY=1 "/nix/store/rgw6wzny8rqpri516srzvjv2gqsg1niv-perl-5.36.0/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/.t
	t/01_NetPBM.t ................................. ok
	t/02_Scanner_Options_brother.t ................ ok
	t/02_Scanner_Options_Brother_DCP-7025.t ....... ok
	t/02_Scanner_Options_Brother_MFC_5100c.t ...... ok
	t/02_Scanner_Options_Brother_MFC_8860DN.t ..... ok
	t/02_Scanner_Options_canonLiDE25.t ............ ok
	t/02_Scanner_Options_canoscan_FB_630P.t ....... ok
	t/02_Scanner_Options_epson1.t ................. ok

	❯ nix-build -A nixosTests.systemd-cryptenroll
	this derivation will be built:
	/nix/store/wrrx8d9splrkd484p6cjrrwpn1n81f98-vm-test-run-systemd-cryptenroll.drv
	building '/nix/store/wrrx8d9splrkd484p6cjrrwpn1n81f98-vm-test-run-systemd-cryptenroll.drv'...
	Machine state will be reset. To keep it, pass --keep-vm-state
	start all VLans
	start vlan
	running vlan (pid 7; ctl /build/vde1.ctl)
	(finished: start all VLans, in 0.00 seconds)
	run the VM test script

	package main

	import (
	"encoding/hex"
	"fmt"

	nixhash "github.com/nix-community/go-nix/pkg/hash"
	"github.com/nix-community/go-nix/pkg/nixbase32"
	)

	{ pkgs, lib, ... }:

	let
	nsncdPackage = pkgs.rustPlatform.buildRustPackage rec {
	pname = "nsncd";
	version = "unstable-2021-10-13";

	src = pkgs.fetchFromGitHub {
	owner = "flokli";
	repo = "nsncd";