search

viperML / nh

Yet another nix cli helper
European Union Public License 1.2
850 stars 33 forks source link

Error activating system configration #117

Closed thom-cameron closed 2 weeks ago

thom-cameron commented 3 months ago

Hi there. I just updated to nixos 24.05 and therefore have access to nh. It's cool, thanks for making it.

When trying to switch to a new system configuration using nh, I get an error though: 

thom@nix-lat:~
> nh os switch -v                                                                                         
TRACE nh::logging:86: Logging OK
DEBUG nh:21: args=NHParser { verbose: true, command: Os(OsArgs { action: Switch(OsRebuildArgs { common: CommonRebuildArgs { dry: false, ask: false, flakeref: FlakeRef("/home/thom/.config/nixos"), update: false, no_nom: false, diff_provider: "nvd diff" }, hostname: None, specialisation: None, no_specialisation: false, extra_args: [] }) }) }
DEBUG nh::nixos:42: out_dir: TempDir { path: "/tmp/nh-os-iVxsvr" }
DEBUG nh::nixos:43: out_link "/tmp/nh-os-iVxsvr/result"
> Building NixOS configuration
DEBUG nh::commands:136: cmd=Pipeline { nix build '/home/thom/.config/nixos#nixosConfigurations."nix-lat".config.system.build.toplevel' --log-format internal-json --verbose --out-link /tmp/nh-os-iVxsvr/result | nom --json }
Finished at 11:16:43 after 0s
DEBUG nh::nixos:96: target_specialisation: None
> Comparing changes
DEBUG nh::commands:53: cmd=Exec { nvd diff /run/current-system /tmp/nh-os-iVxsvr/result }
<<< /run/current-system
>>> /tmp/nh-os-iVxsvr/result
No version or selection state changes.
Closure size: 1806 -> 1806 (0 paths added, 0 paths removed, delta +0, disk usage +0B).
> Activating configuration
DEBUG nh::commands:53: cmd=Exec { sudo /tmp/nh-os-iVxsvr/result/bin/switch-to-configuration test }
Error: 
   0: Activating configuration
   1: Exec format error (os error 8)
   2: Exec format error (os error 8)

Location:
   src/commands.rs:57

I think everything is configured fine on my end as nh home switch is working fine for me.

I wonder if it's an issue with permissions as I have replaced sudo with doas (with a symlink). This would be a bit strange though as nh clean all prompts me for my password and cleans up successfully.

viperML commented 3 months ago

No idea what the issue could be. Have you tried to run sudo /tmp/nh-os-iVxsvr/result/bin/switch-to-configuration test on your regular terminal?

thom-cameron commented 3 months ago

Just tried that but nh doesn't appear to have written the "nh-os-iVxsvr" folder it says it has. I just get a "command not found" as a result.

It also seems to be able to create "nh-home-*" folders, just not os ones.

viperML commented 3 months ago

For any os command, it doesn't create any /tmp/nh-os-* folder?

EDIT: Also, what is your nix version?

thom-cameron commented 3 months ago

Nope. Here's an example:

thom@nix-lat:~
> ls /tmp/ | rg ^nh                                                                                        
nh-home-eDPDz5

thom@nix-lat:~
> nh os build                                                                                             
> Building NixOS configuration
warning: Git tree '/home/thom/.config/nixos' is dirty
Finished at 12:03:32 after 9s
> Comparing changes
<<< /run/current-system
>>> /tmp/nh-os-QYAV08/result
No version or selection state changes.
Closure size: 1806 -> 1806 (0 paths added, 0 paths removed, delta +0, disk usage +0B).

thom@nix-lat:~
> ls /tmp/ | rg ^nh                                                                                       
nh-home-eDPDz5

I'm on nixos/home-manager version 24.05 and nix version 2.18.2.

viperML commented 3 months ago

And if you run the nix build command manually?

mkdir -p /tmp/nh-os-iVxsvr

nix build '/home/thom/.config/nixos#nixosConfigurations."nix-lat".config.system.build.toplevel' --out-link /tmp/nh-os-iVxsvr/result
thom-cameron commented 3 months ago

After creating the directory with doas mkdir, here's what I get:

nix build '/home/thom/.config/nixos#nixosConfigurations."nix-lat".config.system.build.toplevel' --out-link /tmp/nh-os-iVxsvr/result
warning: Git tree '/home/thom/.config/nixos' is dirty
error: creating symlink from '/tmp/nh-os-iVxsvr/result.tmp-244084-1335243724' to '/nix/store/1jhdl46wy34q866lb3vhr207pbwh7lbi-nixos-system-nix-lat-24.05.20240524.d12251e': Permission denied
viperML commented 3 months ago

The directory must be created by your user, and you should be able to do so from the permissions of /tmp:

$ stat --format="%a" /tmp
1777
thom-cameron commented 3 months ago

Ah apologies, yeah, that works ok actually:

thom@nix-lat:~
> mkdir -p /tmp/nh-os-iVxsvr                                                                              
  nix build '/home/thom/.config/nixos#nixosConfigurations."nix-lat".config.system.build.toplevel' --out-link /tmp/nh-os-iVxsvr/result
warning: Git tree '/home/thom/.config/nixos' is dirty

thom@nix-lat:~
> ls /tmp/nh-os-iVxsvr/result/                                                                            
activate               dry-activate        init                    kernel-modules  sw
append-initrd-secrets  etc                 init-interface-version  kernel-params   system
bin                    extra-dependencies  initrd                  nixos-version   systemd
boot.json              firmware            kernel                  specialisation
viperML commented 3 months ago

Then I have no idea why nix doesn't create the symlink if ran within nh

Schweber commented 2 months ago

I have the same problem as OP, and nearly the same output and setup. The only difference is, that the name of my /tmp/nh- directory is different and that i'm on nixos-unstable and not on 24.05.

I could solve the problem by enabling sudo. Thereafter, nh was able to activate the configuration. If i disable sudo again, it fails again.

Could you please try to reproduce it yourself by disabling sudo and enabling doas? I have the impression, that nh disregards the symlink of sudo to doas and always tries to execute sudo directly.

My relevant settings in configuration.nix should be the following:

  security = {
    sudo = {
      enable = false;
      execWheelOnly = true;
      extraConfig = ''
        Defaults passwd_timeout=0
        Defaults timestamp_timeout=10'';
    };
    doas = {
      enable = true;
      wheelNeedsPassword = true;
      extraRules = [
        {
          groups = ["wheel"];
          persist = true;
          keepEnv = true;
        }
      ];
    };
  };
environment.systemPackages = with pkgs; [
    (pkgs.writeScriptBin "sudo" ''exec doas "$@"'')
  ];
viperML commented 2 months ago

Ah right, I just remember I use the crate tempfile for the outlink, which is cleared after nh exits, with errors or not.

I have the impression, that nh disregards the symlink of sudo to doas and always tries to execute sudo directly.

That's handled by the crate subprocess, which I should probably replace with std::process

Schweber commented 23 hours ago

You closed this as completed and nh just updated to 3.5.25 on nixos-unstable. However, it still fails with

Error:
   0: No such file or directory (os error 2)
   1: No such file or directory (os error 2)

Location:
   src/commands.rs:59

when i set security.sudo.enable = false; and it tries to activate the new derivation.

Is it meant to work already or will this come in a future version?

viperML commented 22 hours ago

Could you run with --verbose and paste the output?

Schweber commented 21 hours ago 
nh os switch --verbose                                                                                                            ERR  58m 15s  18:24 
TRACE nh::logging:86: Logging OK
DEBUG nh:22: args=NHParser { verbose: true, command: Os(OsArgs { action: Switch(OsRebuildArgs { common: CommonRebuildArgs { dry: false, ask: false, flakeref: FlakeRef("/home/sperber/Dokumente/Install/Linux/Nixos/flake"), update: false, no_nom: false, diff_provider: "nvd diff", out_link: None }, hostname: None, specialisation: None, no_specialisation: false, extra_args: [], bypass_root_check: false }) }) }
DEBUG nh::nixos:58: out_path=("/tmp/nh-osK24sF9/result", TempDir { path: "/tmp/nh-osK24sF9" })
> Building NixOS configuration
DEBUG nh::commands:136: cmd=Pipeline { nix build '/home/sperber/Dokumente/Install/Linux/Nixos/flake#nixosConfigurations.""desktop"".config.system.build.toplevel' --log-format internal-json --verbose --out-link /tmp/nh-osK24sF9/result | nom --json }
warning: Git tree '/home/sperber/Dokumente/Install/Linux/Nixos/flake' is dirty
these 11 derivations will be built:
  /nix/store/z41952fincyw8qpk2zwmga1hzvxwv2xl-system-path.drv
  /nix/store/1adhad7b7cjs5hhj62wry83nyzywf6cg-X-Restart-Triggers-polkit.drv
  /nix/store/8m8zxcsmq5wpi0namh3c3svk1mz3al8z-dbus-1.drv
  /nix/store/47pzzwp78cf7w64v3fjkr4m4n3n8jsv7-X-Restart-Triggers-dbus.drv
  /nix/store/i5mmfwdgm4c6sihs6kji9qiahd5d9hnw-unit-polkit.service.drv
  /nix/store/qn4hjdnljjah02pm2hkql7i40fr9y2iq-unit-dbus.service.drv
  /nix/store/s8557jmvhj376jmshhl06xz56cn6bqay-system-units.drv
  /nix/store/i7g26sdy8lwp3k76a0db7j9nriw12r4k-unit-dbus.service.drv
  /nix/store/zgi1cl79p2nhv1b1k33ix5fkq9vzjm27-user-units.drv
  /nix/store/gxlml9q8vinjnhs6m1mvvdms8yy8rk80-etc.drv
  /nix/store/a5gacvax04472l4xmzlv1wh4ly23m42r-nixos-system-desktop-24.11.20240906.574d1ea.drv
system-path> building '/nix/store/z41952fincyw8qpk2zwmga1hzvxwv2xl-system-path.drv'
system-path> created 8359 symlinks in user environment
X-Restart-Triggers-polkit> building '/nix/store/1adhad7b7cjs5hhj62wry83nyzywf6cg-X-Restart-Triggers-polkit.drv'
dbus> building '/nix/store/8m8zxcsmq5wpi0namh3c3svk1mz3al8z-dbus-1.drv'
unit-polkit.service> building '/nix/store/i5mmfwdgm4c6sihs6kji9qiahd5d9hnw-unit-polkit.service.drv'
X-Restart-Triggers-dbus> building '/nix/store/47pzzwp78cf7w64v3fjkr4m4n3n8jsv7-X-Restart-Triggers-dbus.drv'
unit-dbus.service> building '/nix/store/i7g26sdy8lwp3k76a0db7j9nriw12r4k-unit-dbus.service.drv'
unit-dbus.service> building '/nix/store/qn4hjdnljjah02pm2hkql7i40fr9y2iq-unit-dbus.service.drv'
user-units> building '/nix/store/zgi1cl79p2nhv1b1k33ix5fkq9vzjm27-user-units.drv'
system-units> building '/nix/store/s8557jmvhj376jmshhl06xz56cn6bqay-system-units.drv'
etc> building '/nix/store/gxlml9q8vinjnhs6m1mvvdms8yy8rk80-etc.drv'
nixos-system-desktop-24.11.20240906.574d1ea> building '/nix/store/a5gacvax04472l4xmzlv1wh4ly23m42r-nixos-system-desktop-24.11.20240906.574d1ea.drv'
┏━ Dependency Graph:
┃       ┌─ ✔ unit-dbus.service
┃    ┌─ ✔ user-units
┃    │     ┌─ ✔ X-Restart-Triggers-polkit
┃    │  ┌─ ✔ unit-polkit.service
┃    │  │        ┌─ ✔ system-path ⏱ 1s
┃    │  │     ┌─ ✔ dbus-1
┃    │  │  ┌─ ✔ X-Restart-Triggers-dbus
┃    │  ├─ ✔ unit-dbus.service
┃    ├─ ✔ system-units
┃ ┌─ ✔ etc
┃ ✔ nixos-system-desktop-24.11.20240906.574d1ea
┣━━━ Builds
┗━ ∑ ⏵ 0 │ ✔ 11 │ ⏸ 0 │ Finished at 18:24:34 after 11s
DEBUG nh::nixos:112: target_specialisation: None
> Comparing changes
DEBUG nh::commands:53: cmd=Exec { nvd diff /run/current-system /tmp/nh-osK24sF9/result }
<<< /run/current-system
>>> /tmp/nh-osK24sF9/result
Version changes:
[C*]  #1  sudo  <none>, 1.9.15p5 -> <none>
Removed packages:
[R.]  #1  apparmor-closure-rules-security.wrappers.sudo        <none>
[R.]  #2  apparmor-closure-rules-security.wrappers.sudoedit    <none>
[R.]  #3  nixos-security.wrappers-sudo                         <none>
[R.]  #4  nixos-security.wrappers-sudoedit                     <none>
[R.]  #5  security-wrapper-sudo-x86_64-unknown-linux-musl      <none>
[R.]  #6  security-wrapper-sudoedit-x86_64-unknown-linux-musl  <none>
[R.]  #7  sudo.pam                                             <none>
[R.]  #8  sudoers                                              <none>
Closure size: 1558 -> 1549 (19 paths added, 28 paths removed, delta -9, disk usage -6.1MiB).
> Activating configuration
DEBUG nh::commands:53: cmd=Exec { sudo /tmp/nh-osK24sF9/result/bin/switch-to-configuration test }
activating the configuration...
setting up /etc...
removing obsolete symlink ‘/etc/pam.d/sudo’...
removing obsolete file ‘/etc/sudoers’...
reloading user units for sperber...
restarting sysinit-reactivation.target
reloading the following units: apparmor.service, dbus.service
restarting the following units: polkit.service
DEBUG nh::commands:53: cmd=Exec { sudo nix-env --profile /nix/var/nix/profiles/system --set /tmp/nh-osK24sF9/result }
Error:
   0: No such file or directory (os error 2)
   1: No such file or directory (os error 2)

Location:
   src/commands.rs:59

This seems to be the problem: DEBUG nh::commands:53: cmd=Exec { sudo nix-env --profile /nix/var/nix/profiles/system --set /tmp/nh-osK24sF9/result }

viperML commented 17 hours ago

And you have sudo?

viperML commented 16 hours ago

removing obsolete file ‘/etc/sudoers’...

Please use <whatever> nh os rebuild -R if you plan to remove sudo.

Schweber commented 10 hours ago

Please use <whatever> nh os rebuild -R if you plan to remove sudo.

That worked but if i use nh afterwards (the "normal" way) it still fails of course:

$ nh os switch --verbose
...
DEBUG nh::commands:53: cmd=Exec { sudo /tmp/nh-osHREyJb/result/bin/switch-to-configuration test }
Error:
   0: Activating configuration
   1: No such file or directory (os error 2)
   2: No such file or directory (os error 2)

Location:
   src/commands.rs:57

I want to use nh with doas just like with sudo.

I have the impression, that nh disregards the symlink of sudo to doas and always tries to execute sudo directly.

That's handled by the crate subprocess, which I should probably replace with std::process

Can you please make nh follow symlinks for sudo instead of hardcoding it? I've symlinked sudo to doas and everything works fine except nh.

viperML commented 5 hours ago

I want to use nh with doas just like with sudo.

You will have to wait for #107 then