Open MartinPotier opened 6 years ago
Why is it so? github.com
and hackage.haskell.org
are indeed accessible.
As I see it, nix/stackage2nix
builder is trying to clone github.com/fpco/lts-haskell and git
is unable to resolve the hostname.
I can't reproduce it with nixpkgs pinned to fresh 17.09 version:
nix-build nix/stackage2nix -I nixpkgs='https://github.com/NixOS/nixpkgs/archive/c3d4871340a0d89550c089fb24ddf3688fe6687e.tar.gz'
Do you have some specific network setup (like proxy or something) that might block apps from the internet access?
Damn that's weird. I tried with the line you provided and I get the same error. I've tried that on two different networks (DNS, IPs, Firewalls, etc. are different). Turning my firewall off did not change anything. Not using proxies or anything.
What I don't get is: what's different when I run nix-build? Those two websites are accessible without problem in my user environment. Maybe a DNS problem, but why?
please check if nix-prefetch-git
works for you
nix-shell --pure -p nix-prefetch-scripts --run 'nix-prefetch-git --url https://github.com/fpco/lts-haskell.git --rev refs/heads/master'
This seems to run, on the network side at least:
$ nix-shell --pure -p nix-prefetch-scripts --run 'nix-prefetch-git --url https://github.com/fpco/lts-haskell.git --rev refs/heads/master'
Initialized empty Git repository in /run/user/1000/git-checkout-tmp-0rLa4rKM/lts-haskell/.git/
remote: Counting objects: 368, done.
remote: Compressing objects: 100% (43/43), done.
remote: Total 368 (delta 352), reused 338 (delta 325), pack-reused 0Receiving objects: 100% (368/368), 36.86 MiB | 92.00 KiB/s, done.
Resolving deltas: 100% (352/352), done.
From https://github.com/fpco/lts-haskell
* branch master -> FETCH_HEAD
* [new branch] master -> origin/master
Switched to a new branch 'fetchgit'removing `.git'...
error: Nix database directory ‘/nix/var/nix/db’ is not writable: Permission denied
You can try to add impureEnvVars
attribute to mkDerivation
functions in lib.nix, as it is done in fetchgit/default.nix and see if that helps.
Hmm, but GIT_PROXY_COMMAND
and SOCKS_SERVER
are not set in my environment. Do you really think that would help?
There are other env variables defined in proxyImpureEnvVars
that are inherited from the user. And it is the main difference I see between nix-prefetch-git
and my custom fetcher. The other thing they do is setting http.proxy
to git config from env variable. But that should not matter because git
should understand env variables.
So, adding impureEnvVars = stdenv.lib.fetchers.proxyImpureEnvVars;
to mkDerivation
funs in lib.nix did not change the output.
Could this come from a SSL certificate problem? I'm really perplexed by this error.
This is very peculiar indeed. I don't think it's related to SSL because first, it should resolve the hostname, and only then perform an SSL handshake.
I returned to your error log and noticed that curl
fails with the same issue.
curl: (6) Could not resolve host: hackage.haskell.org
For any reason, do you run this on NixOS? Does nix-builder process runs on the same machine? I have a feeling that nix-builder is aware of some particular configuration parameter, which is passed to built-in fetchers making them work. And we are just unaware of this mechanics. But that's all just speculations.
Anyway, let's check that git and curl works in pure nix shell
nix-shell --pure -p git --run 'git clone --depth 1 https://github.com/fpco/lts-haskell.git'
nix-shell --pure -p curl --run 'curl hackage.haskell.org/timestamp.json'
If it works, maybe look for env variables that were inherited from your environment, and try to pass them to mkDerivation
function.
If it doesn't (yay, we're able to reproduce the issue) then you can log in pure nix-shell and try to figure out the reason, it should be easier to do in an interactive environment.
Both git
and curl
run without trouble in a pure nix-shell. Let's look at env
comparisons:
in a nix-shell --pure -p git
:
CONFIG_SHELL=/nix/store/hqi64wjn83nw4mnf9a5z9r4vmpl72j3r-bash-4.4-p12/bin/bash
DISPLAY=:0.0
HOME=/home/eeva
IN_NIX_SHELL=1
LOGNAME=eeva
NIX_BUILD_CORES=1
NIX_BUILD_TOP=/run/user/1000
NIX_ENFORCE_NO_NATIVE=1
NIX_LDFLAGS=-rpath /nix/store/1mms40ghqrbfzb951fxxrhx23wkkpxns-shell/lib64 -rpath /nix/store/1mms40ghqrbfzb951fxxrhx23wkkpxns-shell/lib
NIX_STORE=/nix/store
PAGER=less -R
PATH=/nix/store/mgzvk5q1cm7nyw673wysd7vxy8i7z12z-git-2.15.0/bin:/nix/store/f1wh87ibiw3nwxhcv0g9g5wy4khxs78c-patchelf-0.9/bin:/nix/store/0ns4r436sp18fgjf3njp7965j44z327y-paxctl-0.9/bin:/nix/store/r90xqqmd36fv3s53bf92s3vxhdnbwfn7-coreutils-8.28/bin:/nix/store/02xjvflg03d9wlzdw1ig54rgwa32jwxq-findutils-4.6.0/bin:/nix/store/3g6pn4wkpkyh6d0xld9jwjmmr5iw675w-diffutils-3.6/bin:/nix/store/j4rqdjgf0im2dv7gycg80hplnjrnawxx-gnused-4.4/bin:/nix/store/wia9b594w2ghzhpcjdi9mnlf8j24nm3i-gnugrep-3.1/bin:/nix/store/7c056l4rs55pbfcpcxhir7b5rmg96fwx-gawk-4.1.4/bin:/nix/store/yc6lrl2rqysl2hahd4la5zyg2yq0sqdq-gnutar-1.29/bin:/nix/store/675h774wq8zcqjg5j9f6yfshjjzcc9gi-gzip-1.8/bin:/nix/store/hckln844gfn5x44gnmfsx871f0rhkch2-bzip2-1.0.6.0.1-bin/bin:/nix/store/k6m8sdv51rkwkhhayhwh2hz4sp81i2g9-gnumake-4.2.1/bin:/nix/store/hqi64wjn83nw4mnf9a5z9r4vmpl72j3r-bash-4.4-p12/bin:/nix/store/9zmrqqm34c7g2023342ca74s5a1y5fqc-patch-2.7.5/bin:/nix/store/4ijcflvcra3s3y2iigv96w56vv7sw6zb-xz-5.2.3-bin/bin
PWD=/tmp
SHELL=/nix/store/hqi64wjn83nw4mnf9a5z9r4vmpl72j3r-bash-4.4-p12/bin/bash
SHLVL=1
SOURCE_DATE_EPOCH=1
TEMP=/run/user/1000
TEMPDIR=/run/user/1000
TERM=xterm-kitty
TMP=/run/user/1000
TMPDIR=/run/user/1000
USER=eeva
_=/nix/store/r90xqqmd36fv3s53bf92s3vxhdnbwfn7-coreutils-8.28/bin/env
_PATH=/nix/store/mgzvk5q1cm7nyw673wysd7vxy8i7z12z-git-2.15.0/bin:/nix/store/f1wh87ibiw3nwxhcv0g9g5wy4khxs78c-patchelf-0.9/bin:/nix/store/0ns4r436sp18fgjf3njp7965j44z327y-paxctl-0.9/bin
__ETC_PROFILE_SOURCED=1
buildCommand=
buildInputs=/nix/store/mgzvk5q1cm7nyw673wysd7vxy8i7z12z-git-2.15.0
builder=/nix/store/hqi64wjn83nw4mnf9a5z9r4vmpl72j3r-bash-4.4-p12/bin/bash
configureFlags=
name=shell
nativeBuildInputs=
out=/nix/store/1mms40ghqrbfzb951fxxrhx23wkkpxns-shell
passAsFile=buildCommand
propagatedBuildInputs=
propagatedNativeBuildInputs=
shell=/nix/store/hqi64wjn83nw4mnf9a5z9r4vmpl72j3r-bash-4.4-p12/bin/bash
stdenv=/nix/store/3il50zdnyw2hws9nxw6s5yjzfkppm2aj-stdenv
system=x86_64-linux
Whereas in your builder:
propagatedBuildInputs=
stdenv=/nix/store/066fqdvgfnzdr27i1ffz7cghf8r89glg-stdenv
TZ=UTC
version=0
out=/nix/store/f1rlw0mr9jrwl2wdpm2nnhfzg6splp53-all-cabal-hashes
CONFIG_SHELL=/nix/store/hqi64wjn83nw4mnf9a5z9r4vmpl72j3r-bash-4.4-p12/bin/bash
buildInputs=/nix/store/mgzvk5q1cm7nyw673wysd7vxy8i7z12z-git-2.15.0
builder=/nix/store/hqi64wjn83nw4mnf9a5z9r4vmpl72j3r-bash-4.4-p12/bin/bash
CC=gcc
STRIP=strip
OBJCOPY=objcopy
propagatedNativeBuildInputs=
system=x86_64-linux
PWD=/tmp/nix-build-all-cabal-hashes.drv-0
phases=installPhase
HOME=/homeless-shelter
TMP=/tmp/nix-build-all-cabal-hashes.drv-0
NIX_ENFORCE_NO_NATIVE=1
RANLIB=ranlib
AS=as
AR=ar
SSL_CERT_FILE=/nix/store/z7r8sgk8y7s5r24vrzf2h1dkqcbw4nwj-nss-cacert-3.32.1/etc/ssl/certs/ca-bundle.crt
NIX_CC=/nix/store/dvh411w314lvqvdlrf1m76jxq8mh207g-gcc-wrapper-6.4.0
NIX_STORE=/nix/store
NIX_CC_WRAPPER_x86_64_unknown_linux_gnu_TARGET_HOST=1
configureFlags=
_PATH=/nix/store/mgzvk5q1cm7nyw673wysd7vxy8i7z12z-git-2.15.0/bin:/nix/store/f1wh87ibiw3nwxhcv0g9g5wy4khxs78c-patchelf-0.9/bin:/nix/store/0ns4r436sp
That was it. For now I can build if I set the nix sandbox config option to false.