Help please - removing security.csm in gke

[Jonpez2]

This is not actually an issue with nixery but I'm hoping that someone here might know the answer to this, since you seem to have run on GKE... I apologize for the off topic question, please forgive me!

I am trying to use nixos/nix on gke as follows:

I set up a pod with container nixos/nix, and command "nix-env --show-trace -p curl --command 'curl google.com'". I get the following error:

error: removing extended attribute 'security.csm' from '/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh': Operation not permitted

   … while evaluating the attribute 'args' of the derivation 'shell'

   at /nix/store/nixnj684ymc0vdkh7h9qcbn9mpnd22nk-spaqrzbdjrssahhbi4808rqsg1sg0xbm-source/pkgs/stdenv/generic/make-derivation.nix:201:11:

      200|         // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
      201|           name =
         |           ^
      202|             let

Have you come across this error before, and do you know how to fix it?

(What are you actually doing, I hear you ask. Well, I'm hoping to add the nix package manager into my development environment hosted on GKE, as a small step towards a principled environment. Perhaps after this first step I will move to fully nix-built and -controlled environments, but I can't quite land there yet. Please bear with me on so many levels.)

THank you for reading, and hopefully for responding :)

[Jonpez2]

As always, less than 24 hours after asking for help, I found the simple workaround - https://github.com/NixOS/nix/pull/4765

Sorry for the noise!