nix build fails with logrotate config check error

milogert commented 2 years ago

Describe the bug

I am currently unable to build my system (flakes) because of a logrotate config check error.

Let me know if you need any other information beyond what I provided below!

Steps To Reproduce

Steps to reproduce the behavior:

Run nix build ".#nixosConfigurations.mySystemName.config.system.build.toplevel"
See failures. There are two that seem to alternate.

Expected behavior

The system should be built as expected.

Screenshots

First failure:

Second failure:

Additional context

Currently I am on https://github.com/NixOS/nixpkgs/tree/2770cc0b1e8faa0e20eb2c6aea64c256a706d4f2
I haven't made any changes surrounding logrotate and systemd
I tried setting services.logrotate.checkConfig = false but that didn't seem to do anything
I have tried removing the two offending files (/tmp/logrotate.conf and /var/lib/logrotate.status) but they seem to come back and the errors occur again.

Notify maintainers

@viric @martinetd

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.


milo in 🌐 hog in .dotfiles on  master [$!+⇡]
✖ nix-shell -p nix-info --run "nix-info -m"
this path will be fetched (0.00 MiB download, 0.00 MiB unpacked):
  /nix/store/r117jrgb4nlfspk212gla8z5zgx45s22-nix-info
copying path '/nix/store/r117jrgb4nlfspk212gla8z5zgx45s22-nix-info' from 'https://cache.nixos.org'...
 - system: `"x86_64-linux"`
 - host os: `Linux 5.15.43, NixOS, 22.11 (Raccoon)`
 - multi-user?: `yes`
 - sandbox: `no`
 - version: `nix-env (Nix) 2.9.1`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos````

martinetd commented 2 years ago

hmm for the workaround first, I have tried services.logrotate.checkConfig = false and it works properly for me, I don't see why it wouldn't work -- something must make that it's not set? I'm not sure if you can e.g. print the value through repl somehow...

for the bug itself (please copy/paste the text instead of screenshots!), that must bedue to sandbox = no, which means it'll try to run on the real system where the builder doesn't have permission to /var/lib/logrotate.status for obvious reason. we can make it use a different path with e.g. -s /tmp/logrotate.status Could you try https://github.com/NixOS/nixpkgs/pull/180778 ?

martinetd commented 2 years ago

Ok after much more struggle than necessary I could confirm that it's due to lack of sandbox and reproduce. /tmp is out as well, but just using CWD works -- I'll update the PR in a minute

However I couldn't reproduce the checkConfig part not working -- that one must be on your end.

NixOS / nixpkgs