CEP: Recipe serialization in packages

[wolfv]

Rendered version: ✏️ https://github.com/wolfv/ceps/blob/cep-recipe-serialization/cep-recipe-serialization.md

[jaimergp]

This is implicit, but I guess that this dictionary is a dict[str, str] one right? Tool name string to version string.

[schuylermartin45]

Just going to throwing this out there, are we worried about how these files scale? I can imagine some very complex multi-output, multi-platform recipes could produce very long rendered_recipe.yaml files.

[wolfv]

Well, each package only contains a rendered recipe for a single output, for a single platform. So it's not going to be crazy big. But lockfiles can indeed become relatively large. I think I would expect at most something like ~1 Mb. However, that should compress pretty well (except for the checksums). And the benefits are pretty huge (SBOMs, reproducibility, ...).

[wolfv]

It would, however, be an option to only store e.g. the URL + 1 hash. That would reduce the size quite decently. Happy to consider / discuss that.

[schuylermartin45]

Ah I missed that there was one file per output. I saw the build section and immediately thought those were individual outputs.

I don't have a strong opinion, I'm just pointing out this as a potential future headache. I know we have some large manifest-type files in conda world (looking at you, repodata.json) and I'm sure we all agree we don't want to repeat that pattern.

[wolfv]

We could add a content hash here (as proposed recently in conda-build).

[JeanChristopheMorinPerso]

Can we say that this is the "evaluated" form? In my mind this isn't an evaluated form, it's more a serialized form.

[chenghlee]

I thought ${{ compiler('c') }} got evaluated to (e.g.) gcc_linux-64? Where does compiler: c come from?

[wolfv]

We currently have an "intermediate" form in rattler-build. We need that for pin_subpackage because that needs to have the rest of the recipe rendered first.
However, for compiler we can make the function return the final value instead. It would have some other benefits (e.g. that we can use the compiler function in other contexts easily).

[JeanChristopheMorinPerso]

What's the rational behind not fully resolving the value?

[wolfv]

The value is fully resolved later on in the resolved dependencies. Internally we keep it unresolved in the recipe to later resolve it during the execution.

[JeanChristopheMorinPerso]

Does this contain the full build string? For example py312h7f4fdc5_0 or is it really just the hash (7f4fdc5)? If it contains only the hash, should there be a suffix entry too?

[wolfv]

yes, this contains only the hash. There is a hash_prefix entry indeed. Hash and build-string are two different things :)

[JeanChristopheMorinPerso]

Is this solely based on the variant or can it be influenced by build.string?

[wolfv]

No, the hash is used by default in the build string, but the build string cannot influence the hash directly.

[JeanChristopheMorinPerso]

What happens when merge_build_and_host_envs is True?

[chenghlee]

I feel like we're missing a CEP or, at a minimum, a reference to some other spec or documentation. This list of directories should correspond to the prescribed behaviors for the tools that process the package recipe.

[jaimergp]

I assume merged build and host means that host_prefix == build_prefix, so both values are the same. Alternatively, host_prefix == null.

[JeanChristopheMorinPerso]

Are they almost a 1 to 1 from CEP-14?

[wolfv]

The finalized sources are almost but not exactly. We are adding the actual rev of the git repository (so that we can retrieve the actual commit when rebuilding).

[JeanChristopheMorinPerso]

Are they mandatory? Should the tool that produce the packages add the field even if it's not set in the original recipe?

[JeanChristopheMorinPerso]

How does conda-build or rattler-build know which tool was used? Should this be somewhat defined?

[wolfv]

I added a used_build_tool.json file in the specification :)

[dholth]

Why not .json?
Do we still need info/recipe/meta.yaml ?

[chenghlee]

We might want to avoid using the word "everything" here. From what I gathered below, this CEP covers what goes into the info/recipe directory of the output package(s), and not literally everything that goes into the package.

[chenghlee]

If the original recipe was not named recipe.yaml, then we rename it inside the package.

Is there a reason to rename, rather than capture the build command that was used while preserving the original filename? As written, this also suggests the existing (v1) recipes that use meta.yaml would/should have said meta.yaml renamed to recipe.yaml in the output package, and that seems...odd?

[wolfv]

We could keep the recipe.yaml name. We should definitely have a consistent name for the rendered recipe (currently rendered_recipe.yaml). I don't have super strong feelings. I do like it if we can find the recipe in a consistent place though so that extracting / inspecting it is easy.

[chenghlee]

I thought ${{ compiler('c') }} got evaluated to (e.g.) gcc_linux-64? Where does compiler: c come from?

[chenghlee]

If we are going to use cross-compilation language ("target", "build", "host"), we should spend some space to explain what each of these terms really mean. E.g., describing both host_platform and build_platform as "the platform used for building the package" is confusing.

[chenghlee]

We should specify where such configuration comes from and what actually gets recorded. E.g., do the values come from conda_build_config.yaml, and if so, do we only preserve those keys that are actually used in processing this recipe, or do we replicate all values from the cbc.yaml?

[wolfv]

I think for now it is fine to say "from the variant"? :)

[chenghlee]

Is there a reason to repeat the contents for RepoDataRecord? Seems to me that the URL and SHA256 checksum of the package would be enough to recreate the various build environments.

[wolfv]

yeah, I agree. sha hash and url should be enough. I think it might be interesting to include additional information (e.g. licenses) so that tools could report on what-went-into the package ... Of course, given that we still have access to the packages we could recreate this information from the repodata / packages, too.

[wolfv]

I think there might be a few more arguments:

• repodata changes over time and this is an accurate snapshot as how it was at the time
• it makes it easier to extract a conda-lock file from the rendered recipe
• there might be additioanl opportunities for tooling in the future (license scanning, ...)

[chenghlee]

Wouldn't the filename be part of path?

[wolfv]

Filename is more for renaming the file in the work directory. So yes, you could add a file_name argument if you want (and then it would be rendered).

[chenghlee]

We should clarify where these patches come from. (I suspect, relative to the top-level of the directory, but it should be explicitly stated.)

[wolfv]

relative to the recipe directory, yeah.

[chenghlee]

Is this supposed to correspond to the --depth argument to git clone (which basically truncates history), or to (any) submodule clone/init operations?

[wolfv]

Yeah this is to truncate history (conda-build has the same argument).

[chenghlee]

See previous comments re: target_directory.

[dholth]

Is this just for fun

[wolfv]

No, it's for perfectly reproducible builds (https://github.com/prefix-dev/reproducible-builds)

[wolfv]

Overview here: https://prefix-dev.github.io/reproducible-builds/

[dholth]

Would it be a better idea to reproduce the data after compression? I also notice the number of threads has been removed? The zstandard version is recorded somewhere or implied by the tool version?

[baszalmstra]

The number of threads doesnt influence the final artifact so we removed it.

[wolfv]

In the ideal world we can re-create the compressed artifact bit-for-bit. Content hashes are also important. But for security reasons and so on I believe it's nicer to be able to really recreate the artifact. At least I believe that's what most people in reproducible-builds.org are trying :)

[wolfv]

The value is fully resolved later on in the resolved dependencies. Internally we keep it unresolved in the recipe to later resolve it during the execution.

[wolfv]

We could keep the recipe.yaml name. We should definitely have a consistent name for the rendered recipe (currently rendered_recipe.yaml). I don't have super strong feelings. I do like it if we can find the recipe in a consistent place though so that extracting / inspecting it is easy.

[wolfv]

Filename is more for renaming the file in the work directory. So yes, you could add a file_name argument if you want (and then it would be rendered).

[wolfv]

Yeah this is to truncate history (conda-build has the same argument).

[wolfv]

@baszalmstra - we removed these here, right?

[baszalmstra]

Yep updated this in 00ad601

[wolfv]

here again

[baszalmstra]

I updated them in 00ad601

[wolfv]

I think this needs to be updated as well

[baszalmstra]

I updated them in 00ad601

[wolfv]

I just did another pass as well.

[wolfv]

I changed this CEP a little - most of the CEP is now "implementation specific" and serves as documentation of what rattler-build does.

However, the CEP does require alternative build tools to implement a rendered recipe, and also requires a new file to be added to the package (info/used_build_tool.json).

[jezdez]

@conda/steering-council

This vote falls under the "Enhancement Proposal Approval" policy of the conda governance policy,
please vote and/or comment on this proposal at your earliest convenience.

It needs 60% of the Steering Council to vote yes to pass.

To vote, please leave yes, no or abstain as comments below.

If you have questions concerning the proposal, you may also leave a comment or code review.

This vote will end on 2024-07-16, End of Day, Anywhere on Earth (AoE). This is an extended voting period due to summer holiday time in the Northern Hemisphere.

[baszalmstra]

yes

[wolfv]

Please use the following form to vote:

@xhochy (Uwe Korn)

• yes
• no
• abstain

@CJ-Wright (Christopher J. 'CJ' Wright)

• yes
• no
• abstain

@mariusvniekerk (Marius van Niekerk)

• yes
• no
• abstain

@goanpeca (Gonzalo Peña-Castellanos)

• yes
• no
• abstain

@chenghlee (Cheng H. Lee)

• yes
• no
• abstain

@ocefpaf (Filipe Fernandes)

• yes
• no
• abstain

@marcelotrevisani (Marcelo Duarte Trevisani)

• yes
• no
• abstain

@msarahan (Michael Sarahan)

• yes
• no
• abstain

@mbargull (Marcel Bargull)

• yes
• no
• abstain

@jakirkham (John Kirkham)

• yes
• no
• abstain

@jezdez (Jannis Leidel)

• yes
• no
• abstain

@wolfv (Wolf Vollprecht)

• yes
• no
• abstain

@jaimergp (Jaime Rodríguez-Guerra)

• yes
• no
• abstain

@kkraus14 (Keith Kraus)

• yes
• no
• abstain

@baszalmstra (Bas Zalmstra)

• yes
• no
• abstain

[mariusvniekerk]

This can be prohitively expensive to compute

[wolfv]

yeah, I think it's still worth it though. We might even add a content hash :)
But we could also add knobs to disable it.

[jaimergp]

Just a few typos I found.

[jaimergp]

Huh, this has changed from bld.bat?

[wolfv]

yep :)

[jaimergp]

I assume merged build and host means that host_prefix == build_prefix, so both values are the same. Alternatively, host_prefix == null.

[wolfv]

@marcelotrevisani @jakirkham @CJ-Wright @mbargull last chance to vote!

[chenghlee]

For the record: voted "no" because while I like the ideas presented in this CEP, I don't think the CEP as written is ready to be adopted as a specification. IMO, various unanswered questions/comments need to be addressed before adoption, and we should better separate behavioral specifications from implementation details.

[mbargull]

I think it is good to have these parts of the build output/process specified which is why I support to have a proposal for it here.
I do agree with Cheng in that this is not yet ready to be put in, though, since the "Specification" section is a bit light in detail and the bigger part of the text, i.e., description of implementation details, are likely to change, so nothing we'd set in stone here.

[jakirkham]

Thanks Wolf! 🙏

Think these are good improvements. Am voting yes with a few suggestions/questions (tried to use the checkbox, but had issues with it for some reason)

[jakirkham]

Maybe it is worth extending this in the future with other dependencies (like the solver used, Jinja version, etc.), in which case we may want to nest these somehow

[jakirkham]

Think currently we use max_pin / min_pin with x.x.x. And use upper_bound / lower_bound with 1.2.3

https://docs.conda.io/projects/conda-build/en/latest/resources/variants.html#pinning-expressions

[h-vetinari]

This is intentionally unified in the recent set of CEPs, please see this thread

[jakirkham]

Am curious how these work together. We have exact and a more relaxed spec as well bounds. What takes precedence?

[wolfv]

They should not be allowed together, right?

[mbargull]

(tried to use the checkbox, but had issues with it for some reason)

@jakirkham
It's really odd that it doesn't like to accept your edit :/.
I checked "yes" on your behalf.

[jakirkham]

Thanks Marcel! 🙏

Yeah this happened to me a couple times. So just used "approved" to mean the same thing. Think it is because I tried on my iPhone with GitHub Mobile (not sure why it can't check a box or why it makes an empty edit though 🤷‍♂️)

[wolfv]

The vote is closed, and we have the following result:

Total voters: 15 (valid: 13 = 86.67%)

Yes votes (11 / 84.62%):

• @xhochy (Uwe Korn)
• @mariusvniekerk (Marius van Niekerk)
• @goanpeca (Gonzalo Peña-Castellanos)
• @ocefpaf (Filipe Fernandes)
• @msarahan (Michael Sarahan)
• @jakirkham (John Kirkham)
• @jezdez (Jannis Leidel)
• @wolfv (Wolf Vollprecht)
• @jaimergp (Jaime Rodríguez-Guerra)
• @kkraus14 (Keith Kraus)
• @baszalmstra (Bas Zalmstra)

No votes (2 / 15.38%)):

• @chenghlee (Cheng H. Lee)
• @mbargull (Marcel Bargull)

Abstain votes (0 / 0.00%):

Not voted (2):

• @CJ-Wright (Christopher J. 'CJ' Wright)
• @marcelotrevisani (Marcelo Duarte Trevisani)

Invalid votes (0):

Thus we reached quorum and enough YES votes to mark this as accepted. 🎉