search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.51k stars 13.68k forks source link

minimal install cd.iso can't be built with `nixpkgs.config.contentAddressedByDefault = true;` #261512

Open trofi opened 11 months ago

trofi commented 11 months ago

Describe the bug

Ideally install .iso should be buildable against ca-derivations via nixpkgs.config.contentAddressedByDefault = true;. This fails today as:

  error: A definition for option `system.extraDependencies."[definition 1-entry 1]"' is not of type `path in the Nix store'. Definition values:
       - In `/nix/store/m90lvfa50gc7s1ysa9zzx2drdm10pmyc-source/nixos/modules/profiles/installation-device.nix': <derivation stdenv-linux>

Steps To Reproduce

Executable reproducer:

  1. Create iso.nix with the following contents:
# iso.nix
{ config, pkgs, ... }:
{
  imports = [
    <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
  ];
  # This breaks the build:
  nixpkgs.config.contentAddressedByDefault = true;
}
  1. Try to build an .iso:
$ nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix

       … while calling the 'derivationStrict' builtin

         at /builtin/derivation.nix:9:12: (source not available)

       … while evaluating derivation 'nixos-23.11pre-git-x86_64-linux.iso'
         whose name attribute is located at /nix/store/m90lvfa50gc7s1ysa9zzx2drdm10pmyc-source/pkgs/stdenv/generic/make-derivation.nix:300:7

       … while evaluating attribute 'sources' of derivation 'nixos-23.11pre-git-x86_64-linux.iso'

         at /nix/store/m90lvfa50gc7s1ysa9zzx2drdm10pmyc-source/nixos/lib/make-iso9660-image.nix:57:3:

           56|
           57|   sources = map (x: x.source) contents;
             |   ^
           58|   targets = map (x: x.target) contents;

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: A definition for option `system.extraDependencies."[definition 1-entry 1]"' is not of type `path in the Nix store'. Definition values:
       - In `/nix/store/m90lvfa50gc7s1ysa9zzx2drdm10pmyc-source/nixos/modules/profiles/installation-device.nix': <derivation stdenv-linux>

Expected behavior

.iso should build successfully.

Metadata

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"

 - system: `"x86_64-linux"`
 - host os: `Linux 6.5.7, NixOS, 23.11 (Tapir), 23.11.20231016.17c847f`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.17.0`
 - channels(root): `""`
 - channels(slyfox): `""`
 - nixpkgs: `/run/current-system/sw/share/nixos-flakes/inputs/nixpkgs`
Artturin commented 11 months ago

https://github.com/NixOS/nixpkgs/pull/237259 Broke it

https://github.com/NixOS/nixpkgs/blob/f9ac2c657d28c9db12184904ef4febbacae33a4c/lib/types.nix#L497-L503

The match isn't working because

nix-repl> pkgs = import ./. { config = { contentAddressedByDefault = true; }; }

nix-repl> toString pkgs.busybox
"/083nm0nmzng04dzx05w8zbc4ha70674wc1slfbk09ng69a28fgg2"
Artturin commented 11 months ago

CC @ncfavier @roberth

trofi commented 11 months ago

I wonder if something like

nix-repl> pkgs.lib.isDerivation pkgs.busybox
true

would be a reasonable short-cut to allow as well.

Artturin commented 11 months ago

I'm not aware of other ways it could be worked around, unless a builtin is made.

Lots of possible CA breakages with these checks isStorePath hasPrefix.+storeDir match.+storeDir

Artturin commented 11 months ago

https://github.com/NixOS/nixpkgs/pull/261571

trofi commented 11 months ago

261571

Gets past eval but seems to fail to actually use those paths:

error: builder for '/nix/store/vcgqn8fdnzzwysai4lfsm8ndlb1w1qdq-closure-info.drv' failed with exit code 5;
       last 2 log lines:
       > structuredAttrs is enabled
       > jq: error (at <stdin>:0): Cannot iterate over null (null)
       For full logs, run 'nix log /nix/store/vcgqn8fdnzzwysai4lfsm8ndlb1w1qdq-closure-info.drv'.
roberth commented 11 months ago

@Ericson2314 did you try this?