search

trofi / nix-guix-gentoo

Gentoo overlay for nix and guix functional package managers.
107 stars 9 forks source link

nix-channel --update doesn't work in nix-2.3.2-r1, again #5

Closed pvgoran closed 4 years ago

pvgoran commented 4 years ago

When I try to fetch channels using a portage-installed nix, I get the following:

% sudo /usr/bin/nix-channel --update                 
unpacking channels...
/nix/store/ccm5fz10c5n4ch6z64flcgsqqdbm9bw8-unpack-channel.sh: line 1: mkdir: not found
builder for '/nix/store/qpw90k3hp0qg5gdibagasvdnk28yyfys-nixpkgs-20.03pre212208.8130f3c1c2b.drv' failed with exit code 127
error: build of '/nix/store/qpw90k3hp0qg5gdibagasvdnk28yyfys-nixpkgs-20.03pre212208.8130f3c1c2b.drv' failed
error: program '/usr/bin/nix-env' failed with exit code 100

Supposedly it was broken by the switch to busybox-nix-sandbox-shell (https://github.com/trofi/nix-guix-gentoo/commit/508ab8379faeb7e4c772eae99250758b6c263578). This minimized version of busybox lacks the features that are needed by the unpack script.

pvgoran commented 4 years ago

I fixed it by changing the configuration in busybox-nix-sandbox-shell like this:

--- /var/lib/layman/nix-guix/sys-apps/busybox-nix-sandbox-shell/busybox-nix-sandbox-shell-1.31.1.ebuild 2020-02-18 22:57:07.283047863 +0700
+++ ./busybox-nix-sandbox-shell-1.31.1.ebuild   2020-02-20 15:53:07.243024122 +0700
@@ -59,6 +59,19 @@
    busybox_set_config ASH_PRINTF y
    busybox_set_config ASH_TEST y

+   busybox_set_config FEATURE_SH_STANDALONE y
+   busybox_set_config MKDIR y
+   busybox_set_config MV y
+   busybox_set_config TAR y
+
+   busybox_set_config FEATURE_TAR_GNU_EXTENSIONS y
+   busybox_set_config FEATURE_TAR_UNAME_GNAME y
+   busybox_set_config FEATURE_TAR_AUTODETECT y
+   busybox_set_config FEATURE_SEAMLESS_XZ y
+   busybox_set_config FEATURE_SEAMLESS_LZMA y
+   busybox_set_config FEATURE_SEAMLESS_BZ2 y
+   busybox_set_config FEATURE_SEAMLESS_GZ y
+
    busybox_set_config INSTALL_NO_USR y
    busybox_set_config LFS y
    busybox_set_config STATIC y
trofi commented 4 years ago

From what I see our options match upstream's flags from

    # 1. We stick to nixpkg's options:
    #     https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/busybox/sandbox-shell.nix
    #     https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/busybox/default.nix

Does it mean we somehow deviate from nix's shell? Or nixpkgs also happen to be broken?

pvgoran commented 4 years ago

I'm not much of an expert here, so everything that I write below could be not quite correct.

As far as I could understand, on NixOS there is no need to have busybox provide tar and other stuff, because they are brought in as separate programs by stdenv. When nix is run from inside the functional /nix/store, it (the store) is mounted inside chroot, and stdenv's programs thus become available. There is some kind of bootstrap sequence for stdenv, and early stages apparently make the required programs available to nix when there is no /nix/store yet. Maybe by disable sandboxing, or by bind-mounting the statically compiled variants of these programs inside chroot.

So if you want to configure busybox in a way that matches nixpkgs', probably you'll also need to use nixpkgs' bootstrap process to prepare basic /nix/store, and install it as a part of package. I don't think it's a good idea.

Now, having the busybox shell provide these programs (mkdir, mv, tar) seems dangerous, too. (And probably more of tar's features need to be enabled, just in case some builder relies on them.) But the fact is that nix-2.3.2-r1 could fetch a channel for me only after I made the listed changes to busybox-nix-sandbox-shell-1.31.1's ebuild.

trofi commented 4 years ago

Generally I would expect nix to just work outside NixOS withou manual fidding with initial available packages in /nix/store.

pvgoran commented 4 years ago

Probably it does, but the nix ebuild doesn't install those initial packages in /nix/store, does it?

(nix's installation package which is downloaded by curl https://nixos.org/nix/install | sh does include a bunch of pre-installed packages that go into /nix/store.)

trofi commented 4 years ago

Yes, gentoo does not install prebuilt binaries from /nix/store. We would like to avoid reliance on external binaries mostly for portability and flexibility reasons.

pvgoran commented 4 years ago

Makes perfect sense. But this means that making Gentoo-installed nix work in sandbox requires additional tricks, because it isn't be a kind of installation nix normally expects.

And I proposed one such trick.

trofi commented 4 years ago

Upstream will eventually abandon sh/tar/mv dependencies and switch over to built-in channel unpacker: https://github.com/NixOS/nix/commit/045708db4343174f30f3647776971c852f72a9e8

Meanwhile extending busybox-nix-sandbox-shell makes sense.

trofi commented 4 years ago

Attempted to fix it with https://github.com/trofi/nix-guix-gentoo/commit/5e5044a52e76a0df14dbb57f73e201dec3e7bf09

pvgoran commented 4 years ago

I tested nix-channel --update with the new version of busybox-nix-sandbox-shell, it worked. (I took care to make sure I'm running the Gentoo-installed nix-channel, rather than the Nix-installed one.)

pvgoran commented 4 years ago

Thank you for your work on this package!