search

madjar / nox

Tools to make nix nicer to use
MIT License
308 stars 35 forks source link

Unable to use nox after NixOS 17.03 update 17.03.1316.412b0a17aa (Gorilla) #64

Open sjagoe opened 7 years ago

sjagoe commented 7 years ago

With grsecurity testing patches no longer being public, nixpkgs has disabled support for grsec patches by making kernelPatches.grsecurity_testing throw:

  grsecurity_testing = throw ''
    Upstream has ceased free support for grsecurity/PaX.

    See https://grsecurity.net/passing_the_baton.php
    and https://grsecurity.net/passing_the_baton_faq.php
    for more information.
  '';

It seems that this has caused nox to abort evaluation, and is now unable to install any packages.

Note: I am not using the grsec patches.

sjagoe@simon-x1:~$ nox some-package
Refreshing cache
error: while evaluating ‘versionAtLeast’ at /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/lib/strings.nix:363:24, called from /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/pkgs/os-specific/linux/evdi/default.nix:30:15:
while evaluating ‘versionOlder’ at /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/lib/strings.nix:351:22, called from /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/lib/strings.nix:363:29:
while evaluating the attribute ‘grsecurity_testing’ at /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/pkgs/os-specific/linux/kernel/patches.nix:102:3:
Upstream has ceased free support for grsecurity/PaX.

See https://grsecurity.net/passing_the_baton.php
and https://grsecurity.net/passing_the_baton_faq.php
for more information.

Error: An error occured while running nix (displayed above). Maybe the nixpkgs eval is broken.
sjagoe@simon-x1:~$ nixos-version
17.03.1316.412b0a17aa (Gorilla)
sjagoe@simon-x1:~$ uname -a
Linux simon-x1 4.11.4 #1-NixOS SMP Wed Jun 7 10:10:31 UTC 2017 x86_64 GNU/Linux
calvertvl commented 7 years ago

I get the following output from a local checkout:

$ nox some-package
Refreshing cache
error: while evaluating ‘versionAtLeast’ at /home/calvertvl/repos/nixpkgs/lib/strings.nix:363:24, called from /home/calvertvl/repos/nixpkgs/pkgs/os-specific/linux/evdi/default.nix:30:15:
while evaluating ‘versionOlder’ at /home/calvertvl/repos/nixpkgs/lib/strings.nix:351:22, called from /home/calvertvl/repos/nixpkgs/lib/strings.nix:363:29:
while evaluating the attribute ‘grsecurity_testing’ at /home/calvertvl/repos/nixpkgs/pkgs/os-specific/linux/kernel/patches.nix:82:3:
Upstream has ceased free support for grsecurity/PaX.

See https://grsecurity.net/passing_the_baton.php
and https://grsecurity.net/passing_the_baton_faq.php
for more information.

Error: An error occured while running nix (displayed above). Maybe the nixpkgs eval is broken.

Doing a git bisect on NixOS/nixpkgs@master, it looks like the breaking commit is NixOS/nixpkgs@b1f0af7ef67260724c914a823e87ea2b4516b7e9

From what I can tell, this breaks the command run to cache packages: nix-env -qa --json --show-trace, so this is technically not a bug in nox (especially as nix-env -qa works fine).

sjagoe commented 7 years ago

It seems that while nix-env -qa --json does display the issue (process exits 1 and the error is printed to stderr), the full JSON content is still returned on stdout.

EDIT: As @praduca notes below, nix-env -qa --json succeeds without error when run as root and only fails when run as my regular user.

praduca commented 7 years ago

on my system, nox doesn't work for the user environment, but for root it does... I have no idea why :) EDIT: The same when using nix-env: Woks for root, doesn't for normal user.

nico202 commented 6 years ago

my nox is still broken, anyone knows how to fix it? I have the same error message like the OP

sjagoe commented 6 years ago

I never put much effort into making it work. However, after updating to nixos 17.09, it mysteriously started working again. I guess grsecurity was removed entirely in 17.09, so it no longer throws.

nico202 commented 6 years ago

I'm on 18.03pre and still have it. Tried to solve deleting .nix-defexpr and now it does not work at all .-. (no results). Ops

sjagoe commented 6 years ago

When I have time, I might have a go at fixing this. I do think nox shouldn't fail if there is a throw in nixpkgs, and as I noted before, when I encountered this issue, while nix-env -qa --json would exit 1 (causing the nox failure), the full json output is still printed to stdout. So nox could handle this more elegantly with a warning while still allowing the user to install packages.

nico202 commented 6 years ago

@sjagoe ok deleting this folder and nix-channel, re-adding the channels, nix-channel --update, and nix-env -u solved it