could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted

[vsoch]

Hi! I'm not sure if this is related to the install action, but I am getting this error after install and then trying to update:

I am running this in GitHub actions, specifically:

name: "Build and populate cache"
on:
  pull_request:
  push:
    branches:
      - main
  schedule:
    # rebuild everyday at 3:45
    - cron:  '45 3 * * *'
jobs:
  tests:
    strategy:
      matrix:
        # Set this to notify the global nur package registry that changes are
        # available.
        #
        # The repo name as used in
        # https://github.com/nix-community/NUR/blob/master/repos.json
        nurRepo:
          - rseops
        # Set this to cache your build results in cachix for faster builds
        # in CI and for everyone who uses your cache.
        #
        # Format: Your cachix cache host name without the ".cachix.org" suffix.
        # Example: mycache (for mycache.cachix.org)
        #
        # For this to work, you also need to set the CACHIX_SIGNING_KEY or
        # CACHIX_AUTH_TOKEN secret in your repository secrets settings in
        # Github found at
        # https://github.com/<your_githubname>/nur-packages/settings/secrets
        cachixName:
          - rseops
        nixPath:
          - nixpkgs=channel:nixos-unstable
          - nixpkgs=channel:nixpkgs-unstable
          - nixpkgs=channel:nixos-22.05
    runs-on: ubuntu-latest
    steps:
    - name: Checkout repository
      uses: actions/checkout@v3
    - name: Install nix
      uses: cachix/install-nix-action@v18
      with:
        nix_path: "${{ matrix.nixPath }}"
        # nix 2.6 breaks restrict-eval, when using the NIX_PATH
        # see https://github.com/NixOS/nix/issues/5980
        install_url: https://releases.nixos.org/nix/nix-2.5.1/install
        extra_nix_config: |
          experimental-features = nix-command flakes
          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
    - name: Show nixpkgs version
      run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
    - name: Setup cachix
      uses: cachix/cachix-action@v12
      # Don't replace <YOUR_CACHIX_NAME> here!
      if: ${{ matrix.cachixName != '<YOUR_CACHIX_NAME>' && github.event_name != 'pull_request' }}
      with:
        name: ${{ matrix.cachixName }}
        # signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
    - name: Check evaluation
      run: |
        nix-env -f . -qa \* --meta --xml \
          --allowed-uris https://static.rust-lang.org \
          --option restrict-eval true \
          --option allow-import-from-derivation true \
          --drv-path --show-trace \
          -I nixpkgs=$(nix-instantiate --find-file nixpkgs) \
          -I $PWD
    - name: Build nix packages
      run: nix shell -f '<nixpkgs>' nix-build-uncached -c nix-build-uncached ci.nix -A cacheOutputs
    - name: Trigger NUR update
      # Don't replace <YOUR_REPO_NAME> here!
      if: ${{ matrix.nurRepo != '<YOUR_REPO_NAME>' && github.event_name != 'pull_request' }}
      run: curl -XPOST "https://nur-update.herokuapp.com/update?repo=${{ matrix.nurRepo }}"

This is a Nix User Repository, if that is important to know! It was working before yesterday, and yesterday I added the cachix sections - those seemed to work for the PR builds and then merge into main, but now this morning a commit to main has this failure. Any help you could provide would be greatly appreciated!

[vsoch]

okay I might have found a fix? I removed:

install_url: https://releases.nixos.org/nix/nix-2.5.1/install

and that seemed to build - hopefully it's not ephemeral!

[andir]

I'm having the same issue with https://releases.nixos.org/nix/nix-2.3.16/install. Will try without that in a second.

Edit: works without pinning the Nix installation but now my build fails as it depends on an older version of Nix :|

[vsoch]

oh no!!

For provenance, the issue (to pin in the first place) was:

        # nix 2.6 breaks restrict-eval, when using the NIX_PATH
        # see https://github.com/NixOS/nix/issues/5980

https://github.com/NixOS/nix/issues/5980

[andir]

I suspect this is due to https://github.blog/changelog/2022-12-01-github-actions-larger-runners-using-ubuntu-latest-label-will-now-use-ubuntu-22-04/ ?

[domenkozar]

This is weird as it's fixed by restarting the nix-daemon, which is done by the installer.