RuntimeError: ('Cannot determine deriver. Is this really a path into the nix store?', '/nix/var/nix/gcroots/booted-system')

[plumps]

This issue doesn't happen all the time. Seems to hit some machines randomly. What is the common property?

command:

$ NIX_REMOTE=daemon nice /var/setuid-wrappers/sudo /nix/store/71dzbkwqy9wk7wf7s7ki1nrdsgsl83vx-python3.4-vulnix-1.1.5.dev0/bin/vulnix --system --cache-dir /var/cache/vulnix -w https://raw.githubusercontent.com/flyingcircusio/vulnix.whitelist/master/fcio-whitelist.yaml

traceback

Traceback (most recent call last): File "/nix/store/71dzbkwqy9wk7wf7s7ki1nrdsgsl83vx-python3.4-vulnix-1.1.5.dev0/bin/.vulnix-wrapped", line 10, in <module> load_entry_point('vulnix==1.1.5.dev0', 'console_scripts', 'vulnix')() File "/nix/store/g0b6bkbdx44jcw36d4ncfw0shkcwsv9j-python3.4-click-6.6/lib/python3.4/site-packages/click/core.py", line 716, in __call__ return self.main(*args, **kwargs) File "/nix/store/g0b6bkbdx44jcw36d4ncfw0shkcwsv9j-python3.4-click-6.6/lib/python3.4/site-packages/click/core.py", line 696, in main rv = self.invoke(ctx) File "/nix/store/g0b6bkbdx44jcw36d4ncfw0shkcwsv9j-python3.4-click-6.6/lib/python3.4/site-packages/click/core.py", line 889, in invoke return ctx.invoke(self.callback, **ctx.params) File "/nix/store/g0b6bkbdx44jcw36d4ncfw0shkcwsv9j-python3.4-click-6.6/lib/python3.4/site-packages/click/core.py", line 534, in invoke return callback(*args, **kwargs) File "/nix/store/71dzbkwqy9wk7wf7s7ki1nrdsgsl83vx-python3.4-vulnix-1.1.5.dev0/lib/python3.4/site-packages/vulnix/main.py", line 175, in main store = populate_store(gc_roots, system, path) File "/nix/store/71dzbkwqy9wk7wf7s7ki1nrdsgsl83vx-python3.4-vulnix-1.1.5.dev0/lib/python3.4/site-packages/vulnix/main.py", line 107, in populate_store store.add_path('/nix/var/nix/gcroots/booted-system') File "/nix/store/71dzbkwqy9wk7wf7s7ki1nrdsgsl83vx-python3.4-vulnix-1.1.5.dev0/lib/python3.4/site-packages/vulnix/nix.py", line 44, in add_path 'nix store?', path) RuntimeError: ('Cannot determine deriver. Is this really a path into the nix store?', '/nix/var/nix/gcroots/booted-system')

[MostAwesomeDude]

Reproduced with nixops on GCE:

# vulnix -S -v
Traceback (most recent call last):
  File "/nix/store/g6z5cmdna30y0syi128wy24d4njwplwz-python3.5-vulnix-1.1.6.dev0/bin/.vulnix-wrapped", line 12, in <module>
    sys.exit(main())
  File "/nix/store/92misdili0a2xvh1d0x47p8g9gf71qda-python3.5-click-6.6/lib/python3.5/site-packages/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/nix/store/92misdili0a2xvh1d0x47p8g9gf71qda-python3.5-click-6.6/lib/python3.5/site-packages/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/nix/store/92misdili0a2xvh1d0x47p8g9gf71qda-python3.5-click-6.6/lib/python3.5/site-packages/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/nix/store/92misdili0a2xvh1d0x47p8g9gf71qda-python3.5-click-6.6/lib/python3.5/site-packages/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/nix/store/a5pfc3665h6h2nfshqgphk4wc1rywcxy-python3-3.5.2/lib/python3.5/contextlib.py", line 77, in __exit__
    self.gen.throw(type, value, traceback)
  File "/nix/store/92misdili0a2xvh1d0x47p8g9gf71qda-python3.5-click-6.6/lib/python3.5/site-packages/click/core.py", line 86, in augment_usage_errors
    yield
  File "/nix/store/92misdili0a2xvh1d0x47p8g9gf71qda-python3.5-click-6.6/lib/python3.5/site-packages/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/nix/store/g6z5cmdna30y0syi128wy24d4njwplwz-python3.5-vulnix-1.1.6.dev0/lib/python3.5/site-packages/vulnix/main.py", line 176, in main
    store = populate_store(gc_roots, system, path)
  File "/nix/store/g6z5cmdna30y0syi128wy24d4njwplwz-python3.5-vulnix-1.1.6.dev0/lib/python3.5/site-packages/vulnix/main.py", line 107, in populate_store
    store.add_path('/nix/var/nix/gcroots/current-system')
  File "/nix/store/g6z5cmdna30y0syi128wy24d4njwplwz-python3.5-vulnix-1.1.6.dev0/lib/python3.5/site-packages/vulnix/nix.py", line 44, in add_path
    'nix store?', path)
RuntimeError: ('Cannot determine deriver. Is this really a path into the nix store?', '/nix/var/nix/gcroots/current-system')

[rickynils]

I also ran into this. The reason this happens is that Vulnix requires the derivation of the store path to exist (returned by nix-store -qd <path>). However, there are several reasonable situations where the derivation can be missing. For example, if the store path is the result of binary substitution, or if the store path has been copied over from another machine with nix-copy-closure, the derivation will not exist.

I believe nixops uses nix-copy-closure.

Even if the --include-outputs option is used for nix-copy-closure, or if the .drv file is explicitly copied over, Nix will not find the derivation that Vulnix asks for.

I'm wondering if Vulnix could be modified not to look into the derivation dependencies, and only look at store paths, if it can't find the derivation file.

[rickynils]

Looking at the code in https://github.com/flyingcircusio/vulnix/blob/master/src/vulnix/nix.py#L64 it seems that the only field of the derivation that is actually used is the name field. However, the derivation name could just as well be inferred from the store path. If that was done, Vulnix didn't have to use the derivations at all. This would probably also mean a big performance gain, since we would avoid reading and parsing all those derivation files.

[plumps]

waiting for PRs 👍

[rickynils]

The following PR allows me to workaround the problem in some cases by scanning .drv files directly: https://github.com/flyingcircusio/vulnix/pull/26

My idea of ditching derivations altogether requires some more effort to implement.

[ckauhaus]

See NixOS/nixpkgs#61974 for new directions in this discussion.

[ckauhaus]

I don't think that this issue is currently actionable.