search

nlewo / nix2container

An archive-less dockerTools.buildImage implementation
Apache License 2.0
501 stars 45 forks source link

pip networking error #110

Closed adminy closed 8 months ago

adminy commented 8 months ago

flake.nix

{
  description = "Build a minimal image";
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
    nix2container.url = "github:nlewo/nix2container";
  };
  outputs = { self, nixpkgs, nix2container, ... }: let
    nix2img = nix2container.packages.x86_64-linux.nix2container;
    pkgs = import nixpkgs { system = "x86_64-linux"; };
    alpine = nix2img.pullImage {
      imageName = "alpine";
      imageDigest = "sha256:d695c3de6fcd8cfe3a6222b0358425d40adfd129a8a47c3416faff1a8aece389";
      sha256 = "Qwy5mRnnBFxReJ3xTANyNG10v8OfUu07/awGlmC2tss=";
    };
    install =  pkgs.runCommand "install" { } ''
      ${pkgs.python39}/bin/python3 -m venv $out/venv
      source $out/venv/bin/activate
      pip install requests
    '';
  in {
    packages.x86_64-linux.main = nix2img.buildImage {
      name = "small-image";
      tag = "latest";
      fromImage = alpine;
      copyToRoot = [(pkgs.buildEnv {
        name = "small-image";
        paths = with pkgs; [ python39 bashInteractive ];
        pathsToLink = [ "/bin" ];
      }) install];
    };
  };
}

gives the following error:

error: builder for '/nix/store/qninlcpsqniwp1vl9bdfa38if8mvx021-install.drv' failed with exit code 1;
       last 9 log lines:
       > WARNING: The directory '/homeless-shelter/.cache/pip' or its parent directory is 
not owned or is not writable by the current user. The cache has been disabled. Check the permissions and owner of that directory. If executing pip with sudo, you should use sudo's 
-H flag.
       > WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7ffff5874250>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /simple/requests/
       > WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7ffff5874520>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /simple/requests/
       > WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7ffff58746d0>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /simple/requests/
       > WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7ffff5874880>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /simple/requests/
       > WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.HTTPSConnection object at 0x7ffff5874a30>: Failed to establish a new connection: [Errno -3] Temporary failure in name resolution')': /simple/requests/
       > ERROR: Could not find a version that satisfies the requirement requests (from versions: none)
       > ERROR: No matching distribution found for requests
       >
       For full logs, run 'nix log /nix/store/qninlcpsqniwp1vl9bdfa38if8mvx021-install.drv'.
error: 1 dependencies of derivation '/nix/store/mvydbqz85d87f0pjkdkgy838qc8m8rxf-closure-graph.json.drv' failed to build
error: 1 dependencies of derivation '/nix/store/v6a06aaakakghxn1hd7whpl3flyady19-layers.json.drv' failed to build
error (ignored): error: cannot unlink '/tmp/nix-build-nix2container-1.0.0-go-modules.drv-2/go/pkg/mod/cache/download': Directory not empty
error: 1 dependencies of derivation '/nix/store/85bi9yr1lrfd3qirbj985ak25g0kd16b-image-small-image.json.drv' failed to build
error: 1 dependencies of derivation '/nix/store/i1gz6sip84s5cavslhgaphllln63afaa-copy-to-docker-daemon.drv' failed to build
make: *** [Makefile:19: local-build] Error 1

given that there is no such commands such as runAsRoot and I don't know how else I'm going to have an image with pre-prepared dependencies installed ... how is one supposed to install a shell in this image with precached dependencies for projects?

nlewo commented 8 months ago

Running pip install requests in a Nix derivation is not recommended because it is not reproducible. To avoid reproducibility issues, by default, Nix is able to disable network accesses during derivation build. (in some specific cases, network accesses are allowed, see "fixed output derivation" for instance.)

Instead of using pip, you should use something such as python.withPackage or poetry2nix for more complex use cases.

I close the issue because it is not a nix2container issue (but a Nix feature). (Of course, we can continue to discuss in this issue.)