I am experimenting with tools like Docker and nix to see if there is a modern solution to build environment dependency hell.
Docker has no knowledge or ability to cache packages downloaded within the (usually linux) environment inside the container; it does cache intermediate parts of the build for each line in your Dockerfile, but if your bloated dependency pulls in half of ubuntu from apt, Docker is going to download it from scratch any time you change anything above it in our Dockerfile.
Nix seems to have promising infrastructure for maintaining the dependency tree, as well as sharing/caching dependencies of any number of versions, but doesn't enforce isolation nearly as strongly; processes by default will still be able to access your whole tree; they're built to only go through the nix tree for shared libraries and such.
Is there some sane way to combine the benefits of nix and Docker (or some other existing tool) to have caching of binaries and encapsulation work at the same time?
Some ideas:
- Docker + local ubuntu mirror + btrfs to achieve caching?
- nix + chroot with a flag to keep the nix database shared?
Note, I'm interested in something language/ecosystem agnostic, and that has good coverage of open-source libraries.
