Description
I was reading the internal concurrency guidelines of cabal install located here:
This paragraph in particular looks very important, regarding multiple concurrent builds of the same package:
Note that because builds are not reproducible in general (nor even necessarily ABI compatible) then it is essential that the loser abandon their build and use the one installed by the winner, so that subsequent packages are built against the exact package from the store rather than some morally equivalent package that may not be ABI compatible.
The regular cabal-install uses locking in order to protect against concurrent builds, but cabal-cache does not do any locking.
Therefore (if I am not mistaken) there is a danger that we can violate the above rule and get corrupt builds.
Here is an example scenario:
- S3 bucket is empty
- Builder 1 locally builds package A₁
- Builder 2 locally builds package A₂ (Same package-id as A₁)
- Builder 1 uploads package A₁ to the bucket
- Builder 3 downloads package A₁ from bucket
- Builder 3 builds package B₃ (which depends on A₁)
- Builder 3 uploads package B₃ to the bucket
- Builder 2 uploads package A₂ to the bucket (overwriting A₁)
- Builder 4 downloads A₂ and B₃ from the bucket, and now gets a corrupt build, because B₃ was built against A₁, but is now being used against A₂ (A₁ and A₂ are supposed to be "morally equivalent" but as explained in the quote above "may not be ABI compatible")