Hacker News new | ask | show | jobs
by progman 4261 days ago
You have misunderstood me.

I know cabal - with and without sandbox. I said am amazed that sandboxes or nix tools are necessary in Haskell _at all_ while every other language which uses a package manager has one that works out of the box without any hassle and without any sandbox tricks.

> Nix and NixOS are two completely unrelated projects, that not even be recommendable in a development environment.

Other Haskell developers don't agree. They prefer nix even over cabal sandboxes. Quote: "Nix helps me avoid Cabal hell" and "Nix is much better than cabal sandbox".

https://ocharles.org.uk/blog/posts/2014-02-04-how-i-develop-...
2 comments
jmillikin 4261 days ago 

  > every other language which uses a package manager has
  > one that works out of the box without any hassle and
  > without any sandbox tricks.
I have programmed professionally with C, C++, Go, Haskell, Java, Javascript, Python, and Ruby. While this is not "every other language", I feel it's a sufficient cross-section to be useful for the purposes of this thread.

Trying to do any sort of open-source development without a library sandbox, in any language, is madness. OS package managers are completely unable to deal with multi-version dependency graphs. NixOS is no different, unless you want to install the cartesian product of the possible combinations -- how much SSD space do you have?

---

My experience with Haskell leads me to believe that "Cabal hell" is an artifact of certain library developers' API versioning philosophies. Namely, they release numerous libraries all depending on each other with tight version bounds, and change the API regularly. This behavior is fundamentally incompatible with dependency resolution in a compiled language.

Say you have four libraries:

  foo-1.0 depends on bar==3.8 and qux==1.5
  bar-3.8 depends on baz==0.2 and qux==1.5
  baz-0.2 has no dependencies
  qux-1.5 has no dependencies
Then tomorrow you want to release an API-incompatible version of qux and use those new features in foo:

  foo-1.1 depends on bar==1.1 and qux==1.6
  bar-1.1 depends on baz==1.1 and qux==1.5
What do you do here? There's no good choice. Two versions of qux can't be linked into the same binary, and the tight API versioning prevents Cabal from being able to construct a coherent package set.

Now imagine that instead of four libraries, it's O(50), and they're all changing regularly.

Writing lots of tooling and writing manifestos against Cabal sort of helps, for a bit, but it's a lot of work and is deeply unsatisfying for the kind of person who likes to make progress on other goals.

IMO the only practical solution is to loosen the dependency version bounds, and commit to maintaining API compatibility for several releases. I have never encountered Cabal hell when using packages with reasonable versioning philosophies.

link
berdario 4261 days ago
> Trying to do any sort of open-source development without a library sandbox, in any language, is madness.

I agree, but there're some interesting differences in how different language tools implement a sandbox.

Python and Haskell (with Virtualenv and Cabal-dev/sandbox) have separate local repo/caches in which packages are installed (this is useful if you want packages in a reliable location to install executables)

Ruby and Clojure (with Bundler and Leiningen) have a common repo/cache with multiple libraries version, and the version resolution is handled inside the project itself (e.g. when you need to whip up a repl or build the project)

(I'm not mentioning rbenv or the like, since that doesn't handle version graphs by itself... but obviously it can be used just like Virtualenv)

IMHO, the second approach is better suited for a language (implementation) that has an explicit compilation step in which an artifact/binary is built, just like for Haskell/GHC

(then again, something like the first approach is still useful for executables and maybe also to try out different compiler versions)

> Two versions of qux can't be linked into the same binary

It might be possible, but yes... it's a world of pain

http://stackoverflow.com/questions/3232822/linking-with-mult...

link
dllthomas 4261 days ago
I think a big part of the issue is that - because of the way Haskell's cross-module inlining works - you need to generate different artifacts not just for each version you use but for each set of dependencies chosen for each set of flags set for version you use. I think this strips away much of the benefit of the second approach.
link
tome 4261 days ago
This sounds like something Backpack might be able to help with! (I don't actually know. I'm speculating. And hoping ...)
link
dllthomas 4260 days ago
Interesting. I hope you're right. I've been waiting for the finished version to pay Backpack much attention, so I also don't know whether you are.
link
tome 4260 days ago
Part of the benefit of backpack seems to be that you can compile modules separately from their dependencies and if this is correct it should go some way to addressing the issue you raise.
link
zak_mc_kracken 4261 days ago
> What do you do here?

Pick a language where developers are not so cavalier with backward compatibility?

Java has Maven which allows you to exclude transitive dependencies for such situations, and in more than a decade of developing with the language, I've only had to use this functionality a handful of times.

Developers sometimes mess up and break backward compatibility but this should be an extremely rare event. That or the compiler itself is terribly implemented and creating incompatible binaries just by bumping up versions (looking at you Scala).

link
progman 4261 days ago
Thanks for your detailed answer. I think you are right in recommending a way of less tight version bounds.
link
platz 4261 days ago
If you need it, cabal takes an option --allow-newer which can selectively or globally ignore upper bounds, in case the package owner specified too tight a bound
link
frowaway001 4259 days ago
> Trying to do any sort of open-source development without a library sandbox, in any language, is madness.

Really?

Even Java people have been perfectly fine without it. Sandboxing is just a hack around Cabal/GHC not having any workable version support.

link
berdario 4261 days ago
To be fair other languages need sandboxes as well: Virtualenv in Python and Bundler in Ruby fill the role

But in a language like Haskell, a sandbox is definitely a subpar solution (glacial compilation times and huge artifacts sizes inside ~/.cabal: 1GB on my machine, compared to the few hundred MB of my ~/.m2). Unless we find a way to bootstrap a sandbox from a vetted/trusted base one that contains things like Yesod (but vetting packages is a job better handled by stackage and/or nix ).

I use Nix, but I'm not comfortable yet in using it with Haskell... to try things quickly I'd need to whip up a nix-shell. But I'm more used to simply have easy access to a ghci repl at my fingertip. And if I install both things, I have to keep care at not trying to cabal install things onto the nix-installed ghc, nor to do the quick-and-dirty thing (go back to install things in ~/.cabal)

Something like lein-try [1] plus Nix might cover my use cases. But Stackage seems simpler and closer to the workflow most haskell developers are accustomed with (and it could be useful also for platforms that don't have Nix available)... if only it'd have more adoption

[1] https://github.com/rkneufeld/lein-try

link