Build failure: nixpkgs-manual.lib-docs (aarch64-darwin)

[n8henrie]

Steps To Reproduce

Steps to reproduce the behavior:

1. nix build github:nixos/nixpkgs/master#nixpkgs-manual

(nixpkgs is currently at 8b16862469fc1e239f672ddd2e9af3fa9dd9352d)

Build log

$ nix build github:nixos/nixpkgs/8b16862469fc1e239f672ddd2e9af3fa9dd9352d#nixpkgs-manual --print-build-logs
nixpkgs-lib-docs> Running phase: unpackPhase
nixpkgs-lib-docs> unpacking source archive /nix/store/1g7xbdvciq46z44p6jn7iq339i76fkpn-source
nixpkgs-lib-docs> source root is source
nixpkgs-lib-docs> Running phase: patchPhase
nixpkgs-lib-docs> Running phase: updateAutotoolsGnuConfigScriptsPhase
nixpkgs-lib-docs> Running phase: configurePhase
nixpkgs-lib-docs> no configure script, doing nothing
nixpkgs-lib-docs> Running phase: buildPhase
nixpkgs-lib-docs> no Makefile or custom buildPhase, doing nothing
nixpkgs-lib-docs> Running phase: installPhase
nixpkgs-lib-docs> error: getting status of '/nix/store/.links': Operation not permitted
error: builder for '/nix/store/ld71sq49lrzsyvkv7lgzgdvk1nsmi9q1-nixpkgs-lib-docs.drv' failed with exit code 1;
       last 10 log lines:
       > unpacking source archive /nix/store/1g7xbdvciq46z44p6jn7iq339i76fkpn-source
       > source root is source
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > no configure script, doing nothing
       > Running phase: buildPhase
       > no Makefile or custom buildPhase, doing nothing
       > Running phase: installPhase
       > error: getting status of '/nix/store/.links': Operation not permitted
       For full logs, run 'nix log /nix/store/ld71sq49lrzsyvkv7lgzgdvk1nsmi9q1-nixpkgs-lib-docs.drv'.
error: 1 dependencies of derivation '/nix/store/1ijkrar95hiiv66rhi5c28acc4w6zjqq-nixpkgs-manual.drv' failed to build

Additional context

Seems to be a sandbox issue:

$ nix build --option sandbox false github:nixos/nixpkgs/8b16862469fc1e239f672ddd2e9af3fa9dd9352d#nixpkgs-manual
$ stat result/share/doc/nixpkgs/manual.html
  File: result/share/doc/nixpkgs/manual.html
  Size: 2292903         Blocks: 4480       IO Block: 4096   regular file
Device: 1,28    Inode: 487077511   Links: 1
Access: (0444/-r--r--r--)  Uid: (    0/    root)   Gid: (    0/   wheel)
Access: 2024-09-05 08:12:21.000000000 -0600
Modify: 1969-12-31 17:00:01.000000000 -0700
Change: 2024-09-05 08:12:21.387630182 -0600
 Birth: 1969-12-31 17:00:01.000000000 -0700

Notify maintainers

@philiptaron

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"aarch64-darwin"`
 - host os: `Darwin 23.6.0, macOS 14.6.1`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.5`
 - channels(n8henrie): `""`
 - channels(root): `""`
 - nixpkgs: `/nix/store/2kf5a8im7faidqc26npfnv91iz6al2ix-source`

---

Add a :+1: reaction to issues you find important.

[philiptaron]

I don't reproduce this, either with the sandbox option or without. I suspect this has nothing to do with nixpkgs-manual and something to do with your Nix installation.

I tried on aarch64-darwin with both Lix 2.90 and Nix 2.18, and on x86_64-darwin with Nix 2.24.

[n8henrie]

Huh.

It's been an issue for the last several days, originally noted when I was building the manual (and an opener script) like so:

 (writeShellScriptBin "nixpkgs-manual" ''
           ${if stdenv.isLinux then "${xdg-utils}/bin/xdg-open" else "open"} \
             "${callPackage "${pkgs.path}/doc" { }}/share/doc/nixpkgs/manual.html"
         '')

Searching for issues is how I discovered your new package (thank you) but building the new package gives me the same error, so I assumed the issue was somewhere in the docs -- When I omit these from my configuration, it builds normally.

I've tried removing /nix/store/.links and rebuilding and have also tried rebooting, and I get the same error regardless.

I'm on nix 2.18.5.

I'm sure you've already done / considered this, but:

• Is your sandbox set to relaxed or just true?
• Did you happen to build with the sandbox off first (because then it will succeed on successive attempts due to cache unless you --rebuild)

$ nix show-config | grep sandbox
darwin-log-sandbox-violations = false
sandbox = true
sandbox-fallback = false
sandbox-paths = /System/Library/Frameworks /System/Library/PrivateFrameworks /bin/bash /bin/sh /private/tmp /
private/var/tmp /usr/lib

[n8henrie]

Looks like it may be actually the nixpkgs-manual.lib-docs attribute:

$ nix build --rebuild github:nixos/nixpkgs/8b16862469fc1e239f672ddd2e9af3fa9dd9352d#nixpkgs-manual.lib-docs --print-build-logs
nixpkgs-lib-docs> Running phase: unpackPhase
nixpkgs-lib-docs> unpacking source archive /nix/store/1g7xbdvciq46z44p6jn7iq339i76fkpn-source
nixpkgs-lib-docs> source root is source
nixpkgs-lib-docs> Running phase: patchPhase
nixpkgs-lib-docs> Running phase: updateAutotoolsGnuConfigScriptsPhase
nixpkgs-lib-docs> Running phase: configurePhase
nixpkgs-lib-docs> no configure script, doing nothing
nixpkgs-lib-docs> Running phase: buildPhase
nixpkgs-lib-docs> no Makefile or custom buildPhase, doing nothing
nixpkgs-lib-docs> Running phase: installPhase
nixpkgs-lib-docs> error: getting status of '/nix/store/.links': Operation not permitted
error: builder for '/nix/store/ld71sq49lrzsyvkv7lgzgdvk1nsmi9q1-nixpkgs-lib-docs.drv' failed with exit code 1;
       last 10 log lines:
       > unpacking source archive /nix/store/1g7xbdvciq46z44p6jn7iq339i76fkpn-source
       > source root is source
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > no configure script, doing nothing
       > Running phase: buildPhase
       > no Makefile or custom buildPhase, doing nothing
       > Running phase: installPhase
       > error: getting status of '/nix/store/.links': Operation not permitted
       For full logs, run 'nix log /nix/store/ld71sq49lrzsyvkv7lgzgdvk1nsmi9q1-nixpkgs-lib-docs.drv'.

[n8henrie]

Still getting this with current master.

Could anyone from @NixOS/darwin-maintainers confirm whether this is a "me" issue? (You'll only need the --rebuild if you've built it before.)

With sandbox enabled:

$ nix build --rebuild github:nixos/nixpkgs/8b16862469fc1e239f672ddd2e9af3fa9dd9352d#nixpkgs-manual.lib-docs
nixpkgs-lib-docs> Running phase: unpackPhase
nixpkgs-lib-docs> unpacking source archive /nix/store/3q00f8w2hc6665vmr515ccqygwwkxq52-source
nixpkgs-lib-docs> source root is source
nixpkgs-lib-docs> Running phase: patchPhase
nixpkgs-lib-docs> Running phase: updateAutotoolsGnuConfigScriptsPhase
nixpkgs-lib-docs> Running phase: configurePhase
nixpkgs-lib-docs> no configure script, doing nothing
nixpkgs-lib-docs> Running phase: buildPhase
nixpkgs-lib-docs> no Makefile or custom buildPhase, doing nothing
nixpkgs-lib-docs> Running phase: installPhase
nixpkgs-lib-docs> error: getting status of '/nix/store/.links': Operation not permitted
error: builder for '/nix/store/2mqfpfb5sr8lh12zd3z4cffqxvafj6h1-nixpkgs-lib-docs.drv' failed with exit code 1;
       last 10 log lines:
       > unpacking source archive /nix/store/3q00f8w2hc6665vmr515ccqygwwkxq52-source
       > source root is source
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > no configure script, doing nothing
       > Running phase: buildPhase
       > no Makefile or custom buildPhase, doing nothing
       > Running phase: installPhase
       > error: getting status of '/nix/store/.links': Operation not permitted
       For full logs, run 'nix log /nix/store/2mqfpfb5sr8lh12zd3z4cffqxvafj6h1-nixpkgs-lib-docs.drv'.

[reckenrode]

error: getting status of '/nix/store/.links': Operation not permitted

Disable automatic store optimization in nix.conf.

[n8henrie]

@reckenrode Thanks for your thoughts -- I assume this builds without error for you?

I disabled automatic store optimization last week in trying to troubleshoot this issue, and tried mving and re-running. I did enable the timer-based optimization however, since the thread seemed to suggest people were not having issues with that route. I'll try disabling that as well I guess?

[gshpychka]

Still getting this with current master.

Could anyone from @NixOS/darwin-maintainers confirm whether this is a "me" issue? (You'll only need the --rebuild if you've built it before.)

I'm seeing the same error with the sandbox enabled (auto-optimize-store is disabled)

[n8henrie]

Thank you @gshpychka -- glad to know it's not just me.

[n8henrie]

Same issue on my wife's machine:

$ nix show-config | grep '^sandbox '
sandbox = true
$
$ nix build github:nixos/nixpkgs/8b16862469fc1e239f672ddd2e9af3fa9dd9352d#nixpkgs-manual.lib-docs
error: builder for '/nix/store/ld71sq49lrzsyvkv7lgzgdvk1nsmi9q1-nixpkgs-lib-docs.drv' failed with exit code 1;
       last 10 log lines:
       > unpacking source archive /nix/store/1g7xbdvciq46z44p6jn7iq339i76fkpn-source
       > source root is source
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > no configure script, doing nothing
       > Running phase: buildPhase
       > no Makefile or custom buildPhase, doing nothing
       > Running phase: installPhase
       > error: getting status of '/nix/store/.links': Operation not permitted
       For full logs, run 'nix log /nix/store/ld71sq49lrzsyvkv7lgzgdvk1nsmi9q1-nixpkgs-lib-docs.drv'.

Her machine does have auto-optimize-store:

$ nix eval .#darwinConfigurations.meganair.config.nix.settings.auto-optimise-store
warning: Git tree '/Users/megankuhn/.config/nix-darwin' is dirty
true

Mine does not:

$ nix eval .#darwinConfigurations.natepro.config.nix.settings.auto-optimise-store
false

@gshpychka did you ever have auto-optimise-store enabled? Just wondering because I used to (before last week), so wondering if there is some kind of residual impurity after disabling it that gives me this persisting error, or if it's something else entirely.

[n8henrie]

Contextual issue for @reckenrode's comment: https://github.com/NixOS/nix/issues/7273

[n8henrie]

Also, my error seems a little different:

Abbreviated from the linked issue: error: cannot link '/nix/store/.tmp-link-...' to '/nix/store/.links/...': File exists vs above: error: getting status of '/nix/store/.links': Operation not permitted

[gshpychka]

@gshpychka did you ever have auto-optimise-store enabled? Just wondering because I used to (before last week), so wondering if there is some kind of residual impurity after disabling it that gives me this persisting error, or if it's something else entirely.

I don't think so, because enabling it breaks builds for me (linked issue above).

[n8henrie]

@reckenrode I have auto-optimise-store disabled and am deleting that directory completely and it still gives the same error. I know you have your hands full with a million projects, but if you or @emilazy or any of the darwin magicians have any ideas I'd appreciate it.

$ nix --version
nix (Nix) 2.18.5
$ nix show-config | grep optimise
auto-optimise-store = false
$ sudo launchctl kickstart -kp system/org.nixos.nix-daemon
service spawned with pid: 17187
$ nix show-config | grep optimise
auto-optimise-store = false
$ sudo rm -rf /nix/store/.links
$ stat /nix/store/.links
stat: cannot stat '/nix/store/.links': No such file or directory
$ nix build  github:nixos/nixpkgs/master#nixpkgs-manual.lib-docs --print-build-logs
nixpkgs-lib-docs> Running phase: unpackPhase
nixpkgs-lib-docs> unpacking source archive /nix/store/sqx92kblc3zli3yvpq4d32wd54ayl2m3-source
nixpkgs-lib-docs> source root is source
nixpkgs-lib-docs> Running phase: patchPhase
nixpkgs-lib-docs> Running phase: updateAutotoolsGnuConfigScriptsPhase
nixpkgs-lib-docs> Running phase: configurePhase
nixpkgs-lib-docs> no configure script, doing nothing
nixpkgs-lib-docs> Running phase: buildPhase
nixpkgs-lib-docs> no Makefile or custom buildPhase, doing nothing
nixpkgs-lib-docs> Running phase: installPhase
nixpkgs-lib-docs> error: getting status of '/nix/store/.links': Operation not permitted
error: builder for '/nix/store/pw4g5rlmqnndzjvx022am7mxz3y93cjn-nixpkgs-lib-docs.drv' failed with exit code 1;
       last 10 log lines:
       > unpacking source archive /nix/store/sqx92kblc3zli3yvpq4d32wd54ayl2m3-source
       > source root is source
       > Running phase: patchPhase
       > Running phase: updateAutotoolsGnuConfigScriptsPhase
       > Running phase: configurePhase
       > no configure script, doing nothing
       > Running phase: buildPhase
       > no Makefile or custom buildPhase, doing nothing
       > Running phase: installPhase
       > error: getting status of '/nix/store/.links': Operation not permitted
       For full logs, run 'nix log /nix/store/pw4g5rlmqnndzjvx022am7mxz3y93cjn-nixpkgs-lib-docs.drv'.

[emilazy]

It’s going to be something to do with the docs generation code running a nested Nix that’s trying to look at the host store for some reason, I think.

[emilazy]

Yep: https://github.com/NixOS/nixpkgs/blob/a0bc9c076c6300a4ff44b8884d99db40b7693ab1/doc/doc-support/lib-function-docs.nix#L105-L109

I’m guessing you have the sandbox on, right? (edit: yep, you do.) I’m not sure why it’s looking at the store, but perhaps --store $(mktemp -d) would help.

[n8henrie]

Wow, you are amazing. Thank you.

$ git diff

doc/doc-support/lib-function-docs.nix
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

───────────────────────────────┐
106: stdenvNoCC.mkDerivation { │
───────────────────────────────┘
       --arg nixpkgsPath "./." \
       --argstr revision ${nixpkgs.rev or "master"} \
       --argstr libsetsJSON ${lib.escapeShellArg (builtins.toJSON libsets)} \
+      --store $(mktemp -d) \
       > locations.json

     function docgen {
$ nix build .#nixpkgs-manual.lib-docs
$ nix build .#nixpkgs-manual
$ ls result/share/doc/nixpkgs/
anchor-use.js  anchor.min.js  highlightjs  manual.html  media  nixpkgs-manual.epub  style.css