nix: gentoo-provided busybox causes ar to fail

[flokli]

When using nix provided via this overlay, /bin/sh is pointed to gentoo's /bin/busybox, instead of a nix-built busybox:

Nix installed via https://nixos.org/nix/ :

nix show-config | grep sandbox-paths
sandbox-paths = /bin/sh=/nix/store/l5nj1jfgmh73yjfmwab04ip3wjk8cnkr-busybox-1.31.1-x86_64-unknown-linux-musl/bin/busybox

Nix installed via this overlay:

nix show-config | grep sandbox-paths
sandbox-paths = /bin/sh=/bin/busybox

This seems to cause build processes to pick the busybox-provided ar instead of binutil's ar (which does support the s option)

nix-build -A systemd from a nixpkgs checkout:

[122/1232] Linking static target src/basic/libbasic.a.
[123/1232] Linking static target src/basic/libbasic.a.
FAILED: src/basic/libbasic.a 
rm -f src/basic/libbasic.a && ar csrD src/basic/libbasic.a 'src/basic/a6ba3eb@@basic@sta/MurmurHash2.c.o' 'src/basic/a6ba3eb@@basic@sta/af-list.c.o' 'src/basic/a6ba3eb@@basic@sta/alloc-util.c.o' 'src/basic/a6ba3eb@@basic@sta/architecture.c.o' 'src/basic/a6ba3eb@@basic@sta/arphrd-list.c.o' 'src/basic/a6ba3eb@@basic@sta/async.c.o' 'src/basic/a6ba3eb@@basic@sta/audit-util.c.o' 'src/basic/a6ba3eb@@basic@sta/blockdev-util.c.o' 'src/basic/a6ba3eb@@basic@sta/btrfs-util.c.o' 'src/basic/a6ba3eb@@basic@sta/bus-label.c.o' 'src/basic/a6ba3eb@@basic@sta/cap-list.c.o' 'src/basic/a6ba3eb@@basic@sta/capability-util.c.o' 'src/basic/a6ba3eb@@basic@sta/cgroup-util.c.o' 'src/basic/a6ba3eb@@basic@sta/chattr-util.c.o' 'src/basic/a6ba3eb@@basic@sta/conf-files.c.o' 'src/basic/a6ba3eb@@basic@sta/copy.c.o' 'src/basic/a6ba3eb@@basic@sta/device-nodes.c.o' 'src/basic/a6ba3eb@@basic@sta/dirent-util.c.o' 'src/basic/a6ba3eb@@basic@sta/env-file.c.o' 'src/basic/a6ba3eb@@basic@sta/env-util.c.o' 'src/basic/a6ba3eb@@basic@sta/errno-list.c.o' 'src/basic/a6ba3eb@@basic@sta/escape.c.o' 'src/basic/a6ba3eb@@basic@sta/ether-addr-util.c.o' 'src/basic/a6ba3eb@@basic@sta/extract-word.c.o' 'src/basic/a6ba3eb@@basic@sta/fd-util.c.o' 'src/basic/a6ba3eb@@basic@sta/fileio.c.o' 'src/basic/a6ba3eb@@basic@sta/format-util.c.o' 'src/basic/a6ba3eb@@basic@sta/fs-util.c.o' 'src/basic/a6ba3eb@@basic@sta/glob-util.c.o' 'src/basic/a6ba3eb@@basic@sta/gunicode.c.o' 'src/basic/a6ba3eb@@basic@sta/hash-funcs.c.o' 'src/basic/a6ba3eb@@basic@sta/hashmap.c.o' 'src/basic/a6ba3eb@@basic@sta/hexdecoct.c.o' 'src/basic/a6ba3eb@@basic@sta/hostname-util.c.o' 'src/basic/a6ba3eb@@basic@sta/in-addr-util.c.o' 'src/basic/a6ba3eb@@basic@sta/io-util.c.o' 'src/basic/a6ba3eb@@basic@sta/kbd-util.c.o' 'src/basic/a6ba3eb@@basic@sta/khash.c.o' 'src/basic/a6ba3eb@@basic@sta/label.c.o' 'src/basic/a6ba3eb@@basic@sta/limits-util.c.o' 'src/basic/a6ba3eb@@basic@sta/locale-util.c.o' 'src/basic/a6ba3eb@@basic@sta/log.c.o' 'src/basic/a6ba3eb@@basic@sta/login-util.c.o' 'src/basic/a6ba3eb@@basic@sta/memfd-util.c.o' 'src/basic/a6ba3eb@@basic@sta/memory-util.c.o' 'src/basic/a6ba3eb@@basic@sta/mempool.c.o' 'src/basic/a6ba3eb@@basic@sta/mkdir-label.c.o' 'src/basic/a6ba3eb@@basic@sta/mkdir.c.o' 'src/basic/a6ba3eb@@basic@sta/mountpoint-util.c.o' 'src/basic/a6ba3eb@@basic@sta/namespace-util.c.o' 'src/basic/a6ba3eb@@basic@sta/nulstr-util.c.o' 'src/basic/a6ba3eb@@basic@sta/ordered-set.c.o' 'src/basic/a6ba3eb@@basic@sta/parse-util.c.o' 'src/basic/a6ba3eb@@basic@sta/path-util.c.o' 'src/basic/a6ba3eb@@basic@sta/plymouth-util.c.o' 'src/basic/a6ba3eb@@basic@sta/prioq.c.o' 'src/basic/a6ba3eb@@basic@sta/proc-cmdline.c.o' 'src/basic/a6ba3eb@@basic@sta/process-util.c.o' 'src/basic/a6ba3eb@@basic@sta/procfs-util.c.o' 'src/basic/a6ba3eb@@basic@sta/random-util.c.o' 'src/basic/a6ba3eb@@basic@sta/ratelimit.c.o' 'src/basic/a6ba3eb@@basic@sta/replace-var.c.o' 'src/basic/a6ba3eb@@basic@sta/rlimit-util.c.o' 'src/basic/a6ba3eb@@basic@sta/rm-rf.c.o' 'src/basic/a6ba3eb@@basic@sta/selinux-util.c.o' 'src/basic/a6ba3eb@@basic@sta/sigbus.c.o' 'src/basic/a6ba3eb@@basic@sta/signal-util.c.o' 'src/basic/a6ba3eb@@basic@sta/siphash24.c.o' 'src/basic/a6ba3eb@@basic@sta/smack-util.c.o' 'src/basic/a6ba3eb@@basic@sta/socket-label.c.o' 'src/basic/a6ba3eb@@basic@sta/socket-util.c.o' 'src/basic/a6ba3eb@@basic@sta/sort-util.c.o' 'src/basic/a6ba3eb@@basic@sta/stat-util.c.o' 'src/basic/a6ba3eb@@basic@sta/strbuf.c.o' 'src/basic/a6ba3eb@@basic@sta/string-table.c.o' 'src/basic/a6ba3eb@@basic@sta/string-util.c.o' 'src/basic/a6ba3eb@@basic@sta/strv.c.o' 'src/basic/a6ba3eb@@basic@sta/strxcpyx.c.o' 'src/basic/a6ba3eb@@basic@sta/syslog-util.c.o' 'src/basic/a6ba3eb@@basic@sta/terminal-util.c.o' 'src/basic/a6ba3eb@@basic@sta/time-util.c.o' 'src/basic/a6ba3eb@@basic@sta/tmpfile-util.c.o' 'src/basic/a6ba3eb@@basic@sta/unit-def.c.o' 'src/basic/a6ba3eb@@basic@sta/unit-name.c.o' 'src/basic/a6ba3eb@@basic@sta/user-util.c.o' 'src/basic/a6ba3eb@@basic@sta/utf8.c.o' 'src/basic/a6ba3eb@@basic@sta/util.c.o' 'src/basic/a6ba3eb@@basic@sta/virt.c.o' 'src/basic/a6ba3eb@@basic@sta/xattr-util.c.o'
ar: invalid option -- 's'
BusyBox v1.30.1 (2019-11-27 22:40:53 CET) multi-call binary.

Usage: ar [-o] [-v] [-p] [-t] [-x] ARCHIVE FILES

Extract or list FILES from an ar archive

    -o  Preserve original dates
    -p  Extract to stdout
    -t  List
    -x  Extract
    -v  Verbose

[124/1232] Compiling C object 'src/libsystemd/7253779@@systemd_static@sta/sd-bus_bus-common-errors.c.o'.

cc @heijligen

[trofi]

Oh, interesting. That means /bin/sh is being used somewhere in systemd's build system and calls 'ar' as a builtin command (probably via meson).

One could say it's a bug in systemd's .nix package definition. It should call ar by absolute path and not rely on a builtin alias.

I wonder if installing nix using nix would be enough to pull in bash as a sandbox or we already persist it into nix-daemon.

But sys-apps/nix should strive to provide /bin/bash as a /bin/sh if possible.

[flokli]

/bin/sh should point to a minimal sh, not bash.

On NixOS, it's pointing to that one here: https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/busybox/sandbox-shell.nix . It's configured to be used here: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/package-management/nix/default.nix#L89

Can't you build a similar one via portage and configure nix to this one?

[trofi]

You can change default config in /etc/portage/savedconfig/sys-apps/busybox-* and rebuild sys-apps/busybox. We can have a separate ebuild just for nix.

[flokli]

@trofi I'm not really a gentoo user anymore, but wanted to report that bug with the Gentoo ebuild regardless.

I think a separate ebuild for the nix busybox sounds like the right way to go forward ([busybox-]sandbox-shell is how it's called in nixpkgs and nix).

[trofi]

Thanks for all the hints!

[trofi]

https://github.com/trofi/nix-guix-gentoo/commit/508ab8379faeb7e4c772eae99250758b6c263578 fixes at least systemd build for me.