Closed pvgoran closed 4 years ago
I fixed it by changing the configuration in busybox-nix-sandbox-shell like this:
--- /var/lib/layman/nix-guix/sys-apps/busybox-nix-sandbox-shell/busybox-nix-sandbox-shell-1.31.1.ebuild 2020-02-18 22:57:07.283047863 +0700
+++ ./busybox-nix-sandbox-shell-1.31.1.ebuild 2020-02-20 15:53:07.243024122 +0700
@@ -59,6 +59,19 @@
busybox_set_config ASH_PRINTF y
busybox_set_config ASH_TEST y
+ busybox_set_config FEATURE_SH_STANDALONE y
+ busybox_set_config MKDIR y
+ busybox_set_config MV y
+ busybox_set_config TAR y
+
+ busybox_set_config FEATURE_TAR_GNU_EXTENSIONS y
+ busybox_set_config FEATURE_TAR_UNAME_GNAME y
+ busybox_set_config FEATURE_TAR_AUTODETECT y
+ busybox_set_config FEATURE_SEAMLESS_XZ y
+ busybox_set_config FEATURE_SEAMLESS_LZMA y
+ busybox_set_config FEATURE_SEAMLESS_BZ2 y
+ busybox_set_config FEATURE_SEAMLESS_GZ y
+
busybox_set_config INSTALL_NO_USR y
busybox_set_config LFS y
busybox_set_config STATIC y
From what I see our options match upstream's flags from
# 1. We stick to nixpkg's options:
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/busybox/sandbox-shell.nix
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/busybox/default.nix
Does it mean we somehow deviate from nix's shell? Or nixpkgs also happen to be broken?
I'm not much of an expert here, so everything that I write below could be not quite correct.
As far as I could understand, on NixOS there is no need to have busybox provide tar
and other stuff, because they are brought in as separate programs by stdenv
. When nix
is run from inside the functional /nix/store
, it (the store) is mounted inside chroot, and stdenv
's programs thus become available. There is some kind of bootstrap sequence for stdenv
, and early stages apparently make the required programs available to nix
when there is no /nix/store
yet. Maybe by disable sandboxing, or by bind-mounting the statically compiled variants of these programs inside chroot.
So if you want to configure busybox
in a way that matches nixpkgs
', probably you'll also need to use nixpkgs
' bootstrap process to prepare basic /nix/store
, and install it as a part of package. I don't think it's a good idea.
Now, having the busybox shell provide these programs (mkdir
, mv
, tar
) seems dangerous, too. (And probably more of tar
's features need to be enabled, just in case some builder relies on them.) But the fact is that nix-2.3.2-r1
could fetch a channel for me only after I made the listed changes to busybox-nix-sandbox-shell-1.31.1
's ebuild.
Generally I would expect nix
to just work outside NixOS
withou manual fidding with initial available packages in /nix/store
.
Probably it does, but the nix
ebuild doesn't install those initial packages in /nix/store
, does it?
(nix
's installation package which is downloaded by curl https://nixos.org/nix/install | sh
does include a bunch of pre-installed packages that go into /nix/store
.)
Yes, gentoo does not install prebuilt binaries from /nix/store
. We would like to avoid reliance on external binaries mostly for portability and flexibility reasons.
Makes perfect sense. But this means that making Gentoo-installed nix
work in sandbox requires additional tricks, because it isn't be a kind of installation nix
normally expects.
And I proposed one such trick.
Upstream will eventually abandon sh
/tar
/mv
dependencies and switch over to built-in channel unpacker: https://github.com/NixOS/nix/commit/045708db4343174f30f3647776971c852f72a9e8
Meanwhile extending busybox-nix-sandbox-shell
makes sense.
Attempted to fix it with https://github.com/trofi/nix-guix-gentoo/commit/5e5044a52e76a0df14dbb57f73e201dec3e7bf09
I tested nix-channel --update
with the new version of busybox-nix-sandbox-shell
, it worked. (I took care to make sure I'm running the Gentoo-installed nix-channel
, rather than the Nix-installed one.)
Thank you for your work on this package!
When I try to fetch channels using a portage-installed
nix
, I get the following:Supposedly it was broken by the switch to busybox-nix-sandbox-shell (https://github.com/trofi/nix-guix-gentoo/commit/508ab8379faeb7e4c772eae99250758b6c263578). This minimized version of busybox lacks the features that are needed by the unpack script.