Closed martinpitt closed 2 years ago
nixos wants a super-privileged container, running the "attaching" bit as user does not work.
$ sudo DEBUG=1 tests/run-nix
FAILED: meson-test
/nix/store/b1p9wa97fakdwmg7yyp1mancwg1icc2f-meson-0.57.1/bin/meson test --no-rebuild --print-errorlogs
ninja: build stopped: subcommand failed.
build failed in checkPhase with exit code 1
To attach install cntr and run the following command as root:
cntr attach -t command cntr-/nix/store/b7dmz2q3cy53r0zpcnn5zjiys2kw4jvd-umockdev-0.17.0
So I attached to the running container, then ran that cntr attach
command, and cd /tmp/nix-build-umockdev-0.17.0.drv-0/source
. However, this is still not the "right" environment -- neither meson
nor ninja
commands are available. @flokli, @jtojnar, what else do I need to do to get in the real env where meson and the tests run? Thanks!
I. e. I can run meson from that private path as in the build log, but it doesn't find anything else:
$ /nix/store/b1p9wa97fakdwmg7yyp1mancwg1icc2f-meson-0.57.1/bin/meson test -C build
Can't find ninja, can't rebuild test.
I. e. there must be some magic to define $PATH
to all the installed nix packages?
I am surprised by /bin/sh: /nix/store/jsp3h3wpzc842j0rz61m5ly71ak6qgdn-glibc-2.32-54/lib/libc.so.6: version
GLIBC_2.33' not found (required by /tmp/nix-build-umockdev-0.17.0.drv-0/source/build/libumockdev-preload.so.0)`, will try to look.
I cannot reproduce it locally so it might be something with containers or the glibc weirdness.
You can enter the environment by replacing nix-build
with nix-shell
(i.e. nix-shell --keep-failed /tmp/default.nix
).
https://github.com/NixOS/nixpkgs/archive/master.tar.gz
contains /nix/store/563528481rvhc5kxwipjmg6rqrl95mdx-glibc-2.33-56
and it is fetched so that should not be an issue.
Sounds like the old glibc version comes from /bin/sh
, which should not be accessible in sandbox.
Actually, looks like there is no sed: /bin/sh: line 4: sed: command not found
so sandboxing does not get enabled?
@jtojnar : Ugh, yes, well spotted! I feel a bit embarrassed now.
Not having sed nor awk is a bit awkward, but I replaced it with shell string manipulation now, and also added the missing set -e
.
Thanks, and have some nice EOY holidays!
At some time in the last four days, umockdef failed to build and test on NixOS. Most recent run:
These reproduce perfectly well in local podman with
tests/run-nix
.@flokli @jtojnar I'll need some help with debugging this.