search

NixOS / nix

Nix, the purely functional package manager
https://nixos.org/
GNU Lesser General Public License v2.1
12.58k stars 1.51k forks source link

Nix 2.15.1 produces invalid /etc/group #8502

Open qbit opened 1 year ago

qbit commented 1 year ago

Describe the bug

Nix 2.15.1 produces invalid /etc/group file in the chroot.

Steps To Reproduce

{ pkgs ? import <nixpkgs> {} }:
pkgs.runCommand "wtf" {
  nativeBuildInputs = [ pkgs.strace ];
} ''
  echo "# /etc/passwd"
  cat /etc/passwd
  echo "# /etc/group"
  cat /etc/group
  echo "# id"
  id
''

nix-build the above ^

Outputs:

this derivation will be built:
  /nix/store/ab5lphwa141fkbjhrk5f4rznm25psfk9-wtf.drv
building '/nix/store/ab5lphwa141fkbjhrk5f4rznm25psfk9-wtf.drv'...
# /etc/passwd
root:x:0:0:Nix build user:/build:/noshell
nixbld:x:30001:30000:Nix build user:/build:/noshell
nobody:x:65534:65534:Nobody:/:/noshell
# /etc/group
root:x:0:
nixbld:!:100:
nogroup:x:65534:
# id
uid=30001(nixbld) gid=30000 groups=30000
error: builder for '/nix/store/ab5lphwa141fkbjhrk5f4rznm25psfk9-wtf.drv' failed to produce output path for output 'out' at '/nix/store/ab5lphwa141fkbjhrk5f4rznm25psfk9-wtf.drv.chroot/nix/store/qw5w9m81h2m5zidaf381sgl4pw6bvxz0-wtf'

Expected behavior

/etc/group should have:

nixbld:!:30000:

nix-env --version output

nix-env (Nix) 2.15.1

Priorities

Add :+1: to issues you find important.

bjornfor commented 1 year ago

I think this is by design, to help with reproducibility. I.e. not leaking host UIDs/GIDs into the build.

qbit commented 1 year ago

Huh, well the behavior seems to be new as it's causing breakage here: https://github.com/NixOS/nixpkgs/blame/nixos-23.05/nixos/modules/services/logging/logrotate.nix#L54-L55

It also seems the GIDs are different on different systems.

qbit commented 1 year ago

also, wouldn't it still be leaking the 3000X ids?

K900 commented 1 year ago

The problem isn't the UID, it's the GID. The build user is in group 30000, but the nixbld group is GID 100.

Ericson2314 commented 1 year ago

Is this using automatic UID evaluation?

qbit commented 1 year ago

Nope

deepfire commented 4 weeks ago

Breaks logrotate on current Nixpkgs master:

error: builder for '/nix/store/cszlszng8qwf7wbqihjcprywv7yfqgqn-logrotate.conf.drv' failed with exit code 1;
       last 1 log lines:
       > /nix/store/0kg70swgpg45ipcz3pr2siidq9fn6d77-coreutils-9.5/bin/id: cannot find name for group ID 30000
       For full logs, run 'nix log /nix/store/cszlszng8qwf7wbqihjcprywv7yfqgqn-logrotate.conf.drv'.