deliciouslytyped
commented
5 years ago TODO: I was in a hurry< when writing this up, its a bit wrong, will fix later.
My cursory analysis is:
The underlying problem is that the sandbox-path equivalent variable at https://github.com/NixOS/nix/blob/5112a33fb17f792ceb6d641738277cbbe6a58bfc/src/libstore/globals.cc#L67 is set to "/bin/sh=" if SANDBOX_SHELL is not set. This results in https://github.com/NixOS/nix/blob/41ba5135e0a2d9940c4e8cbedff44eb1a47af782/src/libstore/build.cc#L2669 being triggered because of failure to stat the target of /bin/sh, being the empty string. The probable reason that this is the first and only debug message about mounts it that this is probably the very first path, inserted at https://github.com/NixOS/nix/blob/41ba5135e0a2d9940c4e8cbedff44eb1a47af782/src/libstore/build.cc#L1915 .
I'm not sure how the surrounding ifdef comes into play. If SANDBOX_SHELL isn't set maybe this wont happen, but when is SANDBOX_SHELL not set?
I'm not really familiar with this make stuff, maybe the problem is that https://github.com/NixOS/nix/blob/5112a33fb17f792ceb6d641738277cbbe6a58bfc/src/libstore/local.mk#L42 means that it's always set?
Something should be done per https://github.com/NixOS/nix/issues/2605#issuecomment-483686138 .
As a temporary hack I set
/etc/nix/nix.confto containsandbox-paths = /bin/sh=/bin/busybox, but instead something should probably be done using--with-sandbox-path? It would probably be best to get input from someone upstream.Also I was recommended to use a proper statically compiled dash instead of busybox.