From nobody Wed Dec 14 00:49:53 2022 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NWxbh4JW2z4kHFb for ; Wed, 14 Dec 2022 00:50:08 +0000 (UTC) (envelope-from delphij@gmail.com) Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NWxbh2XC8z45WY for ; Wed, 14 Dec 2022 00:50:08 +0000 (UTC) (envelope-from delphij@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-wm1-x32c.google.com with SMTP id ay40so10063672wmb.2 for ; Tue, 13 Dec 2022 16:50:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=qpnx7QRR4DBHYgZqqQWWcwDIFd6ICd5iRo3K8hTH1pA=; b=U4+yITXGQvmcrfyFXeb9AkQu1TZW23ihK6UnRnpgCys5rdPY9zdT40Ajew2dNqcj1P F8+95htoDMzTT/RcQiKTyE4rZhIZfcyg9tzuDIGZRYludr0iOV9H6Tz4jqNcQV1RjU8H 0sW80A5rZL2kmBxAKqrlA6/heU5dQz+OdzoKLYbTwa0MjXVXhFwSkrKi5T1IWeHuxVR2 x43BTNyWBtbplPhIYyNUjFNmLWQshvHFvBMDnJVpkSh+/Xn7aAkysIYMdSE6S6NBAP5T eBhbSYUlmKEfHBsuORmrM0PmFjeXUFAyeCoqbLaFMgrYjsZnMPfqJstY0JvfcB9KEvkg hKPA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qpnx7QRR4DBHYgZqqQWWcwDIFd6ICd5iRo3K8hTH1pA=; b=bjecUjow52wR2jit1lNmVJ3u5WNRkaLsx1RS2jcvA2fbk9svGPIuZzfoVqu0XsD7Yj vGYQFPYWeNf7i+GedU4PNINnb/kfr89a/r/UwX/tEIJ1w+y3vWO0mQrB87Cz/MSwXyTi 4qefRxkCsxg9j2YLxMTHIpgvtV/LUYHPffNXHZLMYa2xrMgvKhg8wxH7uVwfdlmAxRDc 38f2BR30lB0rrR2TLU65o/Z4tESu2kYmN8fhKFZNYMQy+c2voblO8aC7LYtOYVm42hGt lhUktvf1SpeukIrBjX19Xu6fPd8m2x4oAfMgdXj5gjIT4FGxPpHGNIDxCqIM9l4NAPCf KPJw== X-Gm-Message-State: ANoB5pnVePLPfKPxsiraYbTu8TfZ2twNn/k83sWayVmjJRbcdVBGdH/q oQUTA8mwdUx7RnpeeGj7Efv0gB3l+1yah0fqG90W2KozeBxVyA== X-Google-Smtp-Source: AA0mqf7v8Y7UAetSIAwcNGO7V7beRJtaLlDe3zGH8Jn4xZTu16MAJj1ZJz4uZCAVx+mVDs50IDpjldDhdwtu2yJnPps= X-Received: by 2002:a05:600c:502c:b0:3d0:8748:5aa4 with SMTP id n44-20020a05600c502c00b003d087485aa4mr43389wmr.161.1670979006280; Tue, 13 Dec 2022 16:50:06 -0800 (PST) List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 References: <39n96570-44r2-opnp-512n-po85597n6qn6@mx.roble.com> In-Reply-To: <39n96570-44r2-opnp-512n-po85597n6qn6@mx.roble.com> From: Xin LI Date: Tue, 13 Dec 2022 16:49:53 -0800 Message-ID: Subject: Re: lang/rust is super slow to build To: Roger Marquis Cc: freebsd-ports@freebsd.org Content-Type: multipart/alternative; boundary="00000000000018bb6f05efbf1ef4" X-Rspamd-Queue-Id: 4NWxbh2XC8z45WY X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --00000000000018bb6f05efbf1ef4 Content-Type: text/plain; charset="UTF-8" On Tue, Dec 13, 2022 at 3:32 PM Roger Marquis wrote: > > IMHO the ports collection should provide and use prebuilt packages of > > compilers (LLVM, GCC, Rust, etc.) built from the FreeBSD packages > builder, > > and ports framework (possibly also the base system) should be changed to > > use prebuilt packages by default. > > That would violate the principle of least surprise. If the same command > used with one port compiles from source but when used from another port > downloads a pre-built binary that's to be avoided (whether or not some > java ports already do this). > POLA doesn't mean we can not make reasonable changes to the existing practices. In fact, poudriere is already using prebuilt packages: when a set of packages depends on GCC, for example, it would build a binary package, then use that binary package for building these packages instead of building GCC over and over again. > If we're talking about Poudriere then please first consider better > build-time optimizations than downloading binaries that may have > security implications and will change over time. > Well optimization is an orthogonal goal. We should explore build time optimizations, but that doesn't change the fact that repeatedly building the same source artifact shall generate the same binary artifacts. Optimization means one can build these binaries faster when they want, and using prebuilt artifacts means one doesn't have to rebuild them over and over again, which is usually not needed. Using prebuilt binaries is not necessarily compromising security when done right. I think to ensure safety of these prebuilt binaries, we need to invest in e.g. making package builds reproducible (so an independent third party can audit and validate that the binaries are actually built from the source that they claimed to be when they want), ensure that the builders are safe, and sign the packages on the builders. > > Tangent: If we're talking about additional make (not pkg) functionality > then please add a constant to only create packages, for the target app > and all dependencies, and install them only using pkg (the OpenBSD > model). > > Roger > > --00000000000018bb6f05efbf1ef4 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

On Tue, Dec 13, 2022 at 3:32 PM Roger M= arquis <marquis@roble.com> w= rote:
> IMHO = the ports collection should provide and use prebuilt packages of
> compilers (LLVM, GCC, Rust, etc.) built from the FreeBSD packages buil= der,
> and ports framework (possibly also the base system) should be changed = to
> use prebuilt packages by default.

That would violate the principle of least surprise.=C2=A0 If the same comma= nd
used with one port compiles from source but when used from another port
downloads a pre-built binary that's to be avoided (whether or not some<= br> java ports already do this).

POLA doesn'= ;t mean we can not make reasonable changes to the existing practices.
=

=
In fact, poudriere is already using prebuilt packages: when a set of pack= ages depends on GCC, for example, it would build a binary package, then use= that binary package for building these packages instead of building GCC ov= er and over again.
=C2=A0
If we're talking about Poudriere then please first consider better
build-time optimizations than downloading binaries that may have
security implications and will change over time.

<= /div>
Well optimization is an orthogonal goal.=C2=A0 We should explore buil= d time optimizations, but that doesn't change the fact that repeatedly = building the same source artifact shall generate the same binary artifacts.= =C2=A0 Optimization means one can build these binaries faster when they wan= t, and using prebuilt artifacts means one doesn't have to rebuild them = over and over again, which is usually not needed.

Using prebuilt bin= aries is not necessarily compromising security when done right.=C2=A0 I thi= nk to ensure safety of these prebuilt binaries, we need to invest in e.g. m= aking package builds reproducible (so an independent third party can audit = and validate that the binaries are actually built from the source that they= claimed to be when they want), ensure that the builders are safe, and sign= the packages on the builders.
=C2=A0

Tangent: If we're talking about additional make (not pkg) functionality=
then please add a constant to only create packages, for the target app
and all dependencies, and install them only using pkg (the OpenBSD
model).

Roger

--00000000000018bb6f05efbf1ef4--