build on aarch64-darwin fails due to sandbox

n8henrie commented 4 months ago

(Sorry for the premature submit)

$ nix build --rebuild github:ryantm/agenix --no-link
error: builder for '/nix/store/s8bm7wj8564sa4pz8zxcl9wv5kc84wdx-agenix-0.15.0.drv' failed with exit code 2;
       last 10 log lines:
       > patching script interpreter paths in /nix/store/y2456q959mp1lq6m9b73lfw5rrqjmbcv-agenix-0.15.0
       > /nix/store/y2456q959mp1lq6m9b73lfw5rrqjmbcv-agenix-0.15.0/bin/agenix: interpreter directive changed from "#!/usr/bin/env bash" to "/nix/store/6nxav88iiz0g8m598xy643f8hhdz5kkx-bash-5.2-p21/bin/bash"
       > stripping (with command strip and flags -S) in  /nix/store/y2456q959mp1lq6m9b73lfw5rrqjmbcv-agenix-0.15.0/bin
       > Running phase: installCheckPhase
       > no Makefile or custom installCheckPhase, doing nothing
       > agenix version: 0.15.0
       > error: getting status of /nix/var/nix/daemon-socket/socket: Operation not permitted
       > There is no rule for secret1.age in ./secrets.nix.
       > /nix/store/sf52i9wcklk5i5f2w15p0kng8dq3qqwx-stdenv-darwin/setup: line 147: test: =: unary operator expected
       > /nix/store/sf52i9wcklk5i5f2w15p0kng8dq3qqwx-stdenv-darwin/setup: line 140: pop_var_context: head of shell_variables not a function context
       For full logs, run 'nix log /nix/store/s8bm7wj8564sa4pz8zxcl9wv5kc84wdx-agenix-0.15.0.drv'.
$
$ nix build --rebuild github:ryantm/agenix --no-link --option sandbox false
$ echo $?
0
$
$ nix-info -m
 - system: `"aarch64-darwin"`
 - host os: `Darwin 23.3.0, macOS 14.3.1`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.19.3`
 - channels(n8henrie): `""`
 - channels(root): `""`
 - nixpkgs: `/nix/store/v30afjhzqrwra6mkizz12az6dbryg7pr-source`

n8henrie commented 4 months ago

https://github.com/ryantm/agenix/pull/232 (specifically)

Sleepful commented 4 months ago

Same (or very similar) issue here. I had to go back to the 0.15.0 release:

let 
  commit = "564595d0ad4be7277e07fa63b5a991b3c645655d";
  tarball = builtins.fetchTarball {
      url = "https://github.com/ryantm/agenix/archive/${commit}.tar.gz";
      sha256 = "sha256:01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la";
    };
  agenix = "${tarball}/modules/age.nix";
  agenixnix = "${tarball}/pkgs/agenix.nix";
in
{
  imports = [ agenix ];
  environment.systemPackages = [ (pkgs.callPackage agenixnix {}) ];
}

zowoq commented 1 month ago

This is fixed by https://github.com/ryantm/agenix/pull/241

ryantm / agenix

build on aarch64-darwin fails due to sandbox #248