Nix on Guix System: can't update channels

  • Done
  • quality assurance status badge
Details
4 participants
  • Alexandru-Sergiu Marton
  • Oleg Pykhalov
  • Zhu Zihao via web
  • Ludovic Courtès
Owner
unassigned
Submitted by
Alexandru-Sergiu Marton
Severity
normal
A
A
Alexandru-Sergiu Marton wrote on 3 Jul 2020 11:56
(address . bug-guix@gnu.org)
87a70gud45.fsf@posteo.ro
Hi,

I tried to set up the Nix package manager on my Guix System
following the instructions at
Unfortunately, after reconfiguring the system and adding a channel
with `nix-channel --add
update the channels (`nix-channel --update`), this is what I got:

Toggle snippet (17 lines)
[brown@121408 ~]$ nix-channel --update unpacking channels...
while setting up the build environment: executing
'/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash':
No such file or directory builder for
'/nix/store/fqvvrsyznxfzckxbiz6krlykdb6w105n-nixpkgs-20.09pre232864.55668eb671b.drv'
failed with exit code 1 error: build of
'/nix/store/fqvvrsyznxfzckxbiz6krlykdb6w105n-nixpkgs-20.09pre232864.55668eb671b.drv'
failed error: program
'/gnu/store/lsixql26nig4v3icn124ja3ivjpgvn99-nix-2.3.6/bin/nix-env'
failed with exit code 100 --8<---------------cut
here---------------end--------------->8---

Any tips on how to fix this?

Cheers,
Sergiu
L
L
Ludovic Courtès wrote on 13 Jul 2020 15:35
(name . Alexandru-Sergiu Marton)(address . brown121407@posteo.ro)(address . 42173@debbugs.gnu.org)
87blkjr0zq.fsf@gnu.org
Hi Alexandru-Sergiu,

Alexandru-Sergiu Marton <brown121407@posteo.ro> skribis:

Toggle quote (12 lines)
> I tried to set up the Nix package manager on my Guix System following
> the instructions at http://guix.gnu.org/manual/en/guix.html#index-Nix
> . Unfortunately, after reconfiguring the system and adding a channel
> with `nix-channel --add https://nixos.org/channels/nixpkgs-unstable`,
> when I tried to update the channels (`nix-channel --update`), this is
> what I got:
>
> --8<---------------cut here---------------start------------->8---
> [brown@121408 ~]$ nix-channel --update unpacking channels... while setting up the build environment: executing '/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash': No such file or directory builder for '/nix/store/fqvvrsyznxfzckxbiz6krlykdb6w105n-nixpkgs-20.09pre232864.55668eb671b.drv' failed with exit code 1 error: build of '/nix/store/fqvvrsyznxfzckxbiz6krlykdb6w105n-nixpkgs-20.09pre232864.55668eb671b.drv' failed error: program '/gnu/store/lsixql26nig4v3icn124ja3ivjpgvn99-nix-2.3.6/bin/nix-env' failed with exit code 100 --8<---------------cut here---------------end--------------->8---
>
> Any tips on how to fix this?

It seems that the Nix binaries captured the
/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash
file name somewhere. Does this file actually exist?

What does this return?

guix gc --references /gnu/store/lsixql26nig4v3icn124ja3ivjpgvn99-nix-2.3.6

Thanks,
Ludo’.
Z
Z
Zhu Zihao via web wrote on 15 Jul 2020 07:28
Nix on Guix System: can't update channels
(address . 42173@debbugs.gnu.org)
7fc08d8c7780.aa19f4b146749b1@guile.gnu.org
I found that if I put "sandbox = false" to /etc/nix/nix.conf. Nix can update channel. Maybe nix's sandbox forget to import some guix binary path?
L
L
Ludovic Courtès wrote on 16 Jul 2020 12:12
(name . Zhu Zihao via web)(address . issues.guix.gnu.org@elephly.net)
877dv37or1.fsf@gnu.org
Hi,

(+Cc: Oleg, who worked on the Nix service.)

Zhu Zihao via web <issues.guix.gnu.org@elephly.net> skribis:

Toggle quote (2 lines)
> I found that if I put "sandbox = false" to /etc/nix/nix.conf. Nix can update channel. Maybe nix's sandbox forget to import some guix binary path?

Yes, probably. There’s probably an option similar to the
‘--chroot-directory’ of ‘guix-daemon’ to specify additional directories
that must be in the “sandbox”.

If you find that option, then we can arrange and add all the
dependencies of /gnu/store/…/bin/bash there (similar to what
‘qemu-binfmt-service-type’ does).

However, it’d still be good to find where that /gnu/store/…/bin/bash
file name is captured.

Thanks,
Ludo’.
A
A
Alexandru-Sergiu Marton wrote on 19 Jul 2020 10:14
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 42173@debbugs.gnu.org)
87o8obsz07.fsf@posteo.ro
Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (8 lines)
> It seems that the Nix binaries captured the
> /gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash
> file name somewhere. Does this file actually exist?
>
> What does this return?
>
> guix gc --references /gnu/store/lsixql26nig4v3icn124ja3ivjpgvn99-nix-2.3.6

Sorry for the delay.

The bash thing exists, indeed:

Toggle snippet (4 lines)
[brown@121408 ~]$ ls -lah /gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash
-r-xr-xr-x 2 root root 800K Jan 1 1970 /gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash

And here's the output for that gc command:

Toggle snippet (20 lines)
[brown@121408 ~]$ guix gc --references /gnu/store/lsixql26nig4v3icn124ja3ivjpgvn99-nix-2.3.6
/gnu/store/01b4w3m6mp55y531kyi1g8shh722kwqm-gcc-7.5.0-lib
/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32
/gnu/store/5gc93y4n3f9p5sivp0i4f7ixqmqz3zpv-libseccomp-2.4.3
/gnu/store/5i02vg0pdmvv38kyqvbima2m5nknzpdi-brotli-1.0.7
/gnu/store/807c6g9xqrxdjyhm8wm1r6jjjmc8q4vs-sqlite-3.31.1
/gnu/store/a9f7wmc75hbpg520phw9z4l9asm3qvsw-bzip2-1.0.8
/gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31
/gnu/store/hcxpkksmbql6s4al8yy2myr25kh4cic0-openssl-1.1.1g
/gnu/store/k55975qhhph9a42f3ps1xq3jxyscd681-editline-1.17.1
/gnu/store/lsixql26nig4v3icn124ja3ivjpgvn99-nix-2.3.6
/gnu/store/m9rv4r32gnvpbmsd9m5b1mqs1i6fnqdk-curl-7.71.0
/gnu/store/ncydgq2znms5n1d2k5yqshhf58nsixwv-gzip-1.10
/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16
/gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4
/gnu/store/s54c6rbl40416ll0krrr52m3yivxcl3x-libsodium-1.0.18
/gnu/store/v6f44zccwh9z5zk3pjlywjybbi8n2hjh-tar-1.32
/gnu/store/wgk6wwmcbrb2mw2aj7lzd861gsnkz1an-boost-1.72.0

--
Sergiu
Z
Z
Zhu Zihao via web wrote on 21 Jul 2020 06:05
Nix on Guix System: can't update channels
(address . 42173@debbugs.gnu.org)
7fc08d8ddb80.1dea4a53425ba2cb@guile.gnu.org
We can add the path to bash to build-sandbox-path in /etc/nix.conf, described in https://nixos.wiki/wiki/FAQ.
O
O
Oleg Pykhalov wrote on 21 Jul 2020 09:39
(name . Ludovic Courtès)(address . ludo@gnu.org)
878sfdqpte.fsf@gmail.com
Hi,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (16 lines)
> Hi,
>
> (+Cc: Oleg, who worked on the Nix service.)
>
> Zhu Zihao via web <issues.guix.gnu.org@elephly.net> skribis:
>
>> I found that if I put "sandbox = false" to /etc/nix/nix.conf. Nix can update channel. Maybe nix's sandbox forget to import some guix binary path?
>
> Yes, probably. There’s probably an option similar to the
> ‘--chroot-directory’ of ‘guix-daemon’ to specify additional directories
> that must be in the “sandbox”.
>
> If you find that option, then we can arrange and add all the
> dependencies of /gnu/store/…/bin/bash there (similar to what
> ‘qemu-binfmt-service-type’ does).

/gnu/store/…/bin/bash (we need a static-bash) is not enough, we also
should handle all packages (and closures in case binaries are not
static) listed in:

$(guix build --no-grafts nix)/share/nix/corepkgs/config.nix
Toggle snippet (31 lines)
let
fromEnv = var: def:
let val = builtins.getEnv var; in
if val != "" then val else def;
in rec {
shell = "/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash";
coreutils = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin";
bzip2 = "/gnu/store/a9f7wmc75hbpg520phw9z4l9asm3qvsw-bzip2-1.0.8/bin/bzip2";
gzip = "/gnu/store/ncydgq2znms5n1d2k5yqshhf58nsixwv-gzip-1.10/bin/gzip";
xz = "/gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4/bin/xz";
tar = "/gnu/store/v6f44zccwh9z5zk3pjlywjybbi8n2hjh-tar-1.32/bin/tar";
tarFlags = "--warning=no-timestamp";
tr = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin/tr";
nixBinDir = fromEnv "NIX_BIN_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/bin";
nixPrefix = "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6";
nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/libexec";
nixLocalstateDir = "/nix/var";
nixSysconfDir = "/etc";
nixStoreDir = fromEnv "NIX_STORE_DIR" "/nix/store";

# If Nix is installed in the Nix store, then automatically add it as
# a dependency to the core packages. This ensures that they work
# properly in a chroot.
chrootDeps =
if dirOf nixPrefix == builtins.storeDir then
[ (builtins.storePath nixPrefix) ]
else
[ ];
}

Currently I don't see a way to mount
/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32
dependencies (and other packages) inside the Nix sandbox.

Oleg.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl8Wm80ACgkQFn+OpQAa
+pzwYBAAgTjjfnHx8hNC7ueDy7sDFKj3B20at10fDQatGVwseSXEIkMRfBpzWk6H
H7mhZdPQV/ZS/uz6OAsZ3TFqvGGvaOpzJhMQeK0PsuZ7DF/JPMB1Kf+fBusAPhKD
kqKPYf7k5LhejkByGKuQVjYqFfIovlY+INna5Aa8B6q9mzUvUtBRODLcnLNtkibZ
6OYfQ/7l66D5txd6VicMZ+dL3WD+d2gvEskmCGMUIKa6aXVmE93/noeWGDq9yQ4o
uaHD3YT1794fkBQBr1syX+qbkXNbp28oepWAwBqIcOMW4ejQiIWxtGJduT1FGV0B
Cax2X3M/MNJYU6TRtQyUvwXEj3Da7vOsk05bwoZ1a/xO3UkUej6NQWEVP6eGl8Fp
ib/73ddFkC/7ScVZp36UO6QPNrcGEsyJZitFSH1lVp0qGBWY+Dxu6Efq3UqY6mUa
dFnsBUQGqYmAfDWLZptU7nZNYAMsJb+8cVc2G2x5K+lGwCHY5dMpwi06GWcD/xmf
tLF3TQ5AKx05/8829oOh0kJzRKuk5Z2yOvAtataIrHzNUHB9YRfKBFYP51SQN8wN
jHfvGN6xgL3gvwgum8AZudGAeAApZzeKRrKDoEcEecQQ1KJb0lXVPPpt0auMPSF6
CXYsp/dURE+/5wOkxyuqYtQmrenmXbCpuqT1WsVFW6pczSAfK4k=
=VGMy
-----END PGP SIGNATURE-----

O
O
Oleg Pykhalov wrote on 21 Jul 2020 19:27
(name . Ludovic Courtès)(address . ludo@gnu.org)
87tuy0ye1d.fsf@gmail.com
Oleg Pykhalov <go.wigust@gmail.com> writes:

[…]

Toggle quote (4 lines)
> Currently I don't see a way to mount
> /gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32
> dependencies (and other packages) inside the Nix sandbox.

Found one way:
Toggle snippet (9 lines)
(with-output-to-file "/etc/nix/nix.conf"
(lambda _
(display "sandbox = true")
(newline)
(format #t "build-sandbox-paths = ~{~a ~}~%"
'#$(package-closure (map (match-lambda ((name package) package))
(package-inputs nix))))))

But I fail to pass a self-written test. :-) Bind mounts are existing
according to nix-daemon with ‘--debug’ flag. Should investigate more.

Oleg.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl8XJW4ACgkQFn+OpQAa
+pybghAAwtKuI/oCEc99qG8gjzUiHmmhED3pw2gdoEYhcpOcjTdt7eJo1guT+B0F
EPdWAFTYWQG2WEtr+DtvyAYhvMij6p8y+5JGx7GyQdrMAiZtH8J1sBCHXiZ66E5y
XVs3w2ICQ9hkDTjq9YgirHOuS4coD9REULXCkOJYXk7qnxYLICnB0WEwTbhMj/2d
2WStE2RK9LuhRU6zuO5oenSfX6UGA7ai+iBkkyRuyfcnKxmykumLRZyAyAueaovd
iLft8/mIvL4JL9yaFeaxgJinNhtkxTj8Z0VMQDCSXqr+6NBYieLtxxUSZ2RW+K8T
4m9fON5cqvgKyXxrzXseQoyPS4/trSZGkh9jgMqkFpKSVfcrp/+17ClNT6YTlQlx
7tYfOsibt0ul9CoFRFE87i9wfKI/khfVNF//KwoBZozqGowCZ7U+V+4MiIXQxf4/
jvq3aitaSMDI2wekmDsabO4F09h4HIRp/EK5MPuZo7zAXN1peOYZscoO9oc9Pzs6
I3PQadlO+aMguappZjmalu1xCoYgLgcQbHA9bnIOpKVKPCN+TKQ7M5TYu2BMvUrv
5WzBHRRKfWTX5ZoyqYHjUfENFfcXRJkBqFQFb7VBbHinz8Pd1wj65iWKhZsuTYGC
Ibm/k7pWRwwffug8V/Qgoa/M0REl7oGDNcFCGEwEpcgU6ChoFDg=
=wymB
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 21 Jul 2020 23:28
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
878sfclfrf.fsf@gnu.org
Hi!

Oleg Pykhalov <go.wigust@gmail.com> skribis:

Toggle quote (58 lines)
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi,
>>
>> (+Cc: Oleg, who worked on the Nix service.)
>>
>> Zhu Zihao via web <issues.guix.gnu.org@elephly.net> skribis:
>>
>>> I found that if I put "sandbox = false" to /etc/nix/nix.conf. Nix can update channel. Maybe nix's sandbox forget to import some guix binary path?
>>
>> Yes, probably. There’s probably an option similar to the
>> ‘--chroot-directory’ of ‘guix-daemon’ to specify additional directories
>> that must be in the “sandbox”.
>>
>> If you find that option, then we can arrange and add all the
>> dependencies of /gnu/store/…/bin/bash there (similar to what
>> ‘qemu-binfmt-service-type’ does).
>
> /gnu/store/…/bin/bash (we need a static-bash) is not enough, we also
> should handle all packages (and closures in case binaries are not
> static) listed in:
>
> $(guix build --no-grafts nix)/share/nix/corepkgs/config.nix
>
> let
> fromEnv = var: def:
> let val = builtins.getEnv var; in
> if val != "" then val else def;
> in rec {
> shell = "/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash";
> coreutils = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin";
> bzip2 = "/gnu/store/a9f7wmc75hbpg520phw9z4l9asm3qvsw-bzip2-1.0.8/bin/bzip2";
> gzip = "/gnu/store/ncydgq2znms5n1d2k5yqshhf58nsixwv-gzip-1.10/bin/gzip";
> xz = "/gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4/bin/xz";
> tar = "/gnu/store/v6f44zccwh9z5zk3pjlywjybbi8n2hjh-tar-1.32/bin/tar";
> tarFlags = "--warning=no-timestamp";
> tr = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin/tr";
> nixBinDir = fromEnv "NIX_BIN_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/bin";
> nixPrefix = "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6";
> nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/libexec";
> nixLocalstateDir = "/nix/var";
> nixSysconfDir = "/etc";
> nixStoreDir = fromEnv "NIX_STORE_DIR" "/nix/store";
>
> # If Nix is installed in the Nix store, then automatically add it as
> # a dependency to the core packages. This ensures that they work
> # properly in a chroot.
> chrootDeps =
> if dirOf nixPrefix == builtins.storeDir then
> [ (builtins.storePath nixPrefix) ]
> else
> [ ];
> }
>
> Currently I don't see a way to mount
> /gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32
> dependencies (and other packages) inside the Nix sandbox.

In ‘chrootDeps’ above (IIUC), you could add the closure of all these
things. To do that, you need to pass #:references-graphs. Then, on the
build side, you can use ‘read-reference-graph’ to parse the graph file,
get the closures, and add it to ‘chrootDeps’ instead of the empty list.

Does that make sense?

HTH,
Ludo’.
O
O
Oleg Pykhalov wrote on 22 Jul 2020 08:59
[PATCH 1/2] services: base: Export references-file.
(address . 42173@debbugs.gnu.org)
20200722065939.18138-1-go.wigust@gmail.com
* gnu/services/base.scm (references-file): Export procedure.
---
gnu/services/base.scm | 2 ++
1 file changed, 2 insertions(+)

Toggle diff (15 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 83dc406aac..491f35702a 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -177,6 +177,8 @@
pam-limits-service-type
pam-limits-service
+ references-file
+
%base-services))
;;; Commentary:
--
2.27.0
O
O
Oleg Pykhalov wrote on 22 Jul 2020 08:59
[PATCH 2/2] services: nix: Fix sandbox.
(address . 42173@debbugs.gnu.org)
20200722065939.18138-2-go.wigust@gmail.com
* gnu/tests/package-management.scm: New file.
* gnu/local.mk: Add this.
* gnu/services/nix.scm (<nix-configuration>): New record.
(nix-activation): Generate Nix config file.
(nix-service-type): Add default value.
(nix-shepherd-service): Allow provide Nix package.
* doc/guix.texi (Miscellaneous Services)[Nix service]<nix-configuration>:
Document record.
---
doc/guix.texi | 21 +++++
gnu/local.mk | 1 +
gnu/services/nix.scm | 90 +++++++++++++--------
gnu/tests/package-management.scm | 131 +++++++++++++++++++++++++++++++
4 files changed, 211 insertions(+), 32 deletions(-)
create mode 100644 gnu/tests/package-management.scm

Toggle diff (311 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 26ef937604..5639a360be 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27597,6 +27597,27 @@ $ source /run/current-system/profile/etc/profile.d/nix.sh
@end defvr
+@deftp {Data Type} nix-configuration
+This data type represents the configuration of the Nix daemon.
+
+@table @asis
+@item @code{nix} (default: @code{nix})
+The Nix package to use.
+
+@item @code{sandbox} (default: @code{#t})
+Specifies whether builds are sandboxed by default.
+
+@item @code{build-sandbox-paths} (default: @code{'()})
+This is a list of strings or objects appended to the
+@code{build-sandbox-paths} field of the configuration file.
+
+@item @code{extra-config} (default: @code{'()})
+This is a list of strings or objects appended to the configuration file.
+It is used to pass extra text to be added verbatim to the configuration
+file.
+@end table
+@end deftp
+
@node Setuid Programs
@section Setuid Programs
diff --git a/gnu/local.mk b/gnu/local.mk
index 0eac01d72d..2c19562171 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -674,6 +674,7 @@ GNU_SYSTEM_MODULES = \
%D%/tests/mail.scm \
%D%/tests/messaging.scm \
%D%/tests/networking.scm \
+ %D%/tests/package-management.scm \
%D%/tests/reconfigure.scm \
%D%/tests/rsync.scm \
%D%/tests/security-token.scm \
diff --git a/gnu/services/nix.scm b/gnu/services/nix.scm
index 3c0065207d..04e7726e4d 100644
--- a/gnu/services/nix.scm
+++ b/gnu/services/nix.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2019 Oleg Pykhalov <go.wigust@gmail.com>
+;;; Copyright © 2019, 2020 Oleg Pykhalov <go.wigust@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -31,7 +31,9 @@
#:use-module (guix store)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-26)
+ #:use-module (ice-9 match)
#:use-module (ice-9 format)
+ #:use-module (guix modules)
#:export (nix-service-type))
;;; Commentary:
@@ -40,10 +42,17 @@
;;;
;;; Code:
-
-;;;
-;;; Accounts
-;;;
+(define-record-type* <nix-configuration>
+ nix-configuration make-nix-configuration
+ nix-configuration?
+ (package nix-configuration-package ;package
+ (default nix))
+ (sandbox nix-configuration-sandbox ;boolean
+ (default #t))
+ (build-sandbox-paths nix-configuration-build-sandbox-paths ;list of strings
+ (default '()))
+ (extra-config nix-configuration-extra-options ;list of strings
+ (default '())))
;; Copied from gnu/services/base.scm
(define* (nix-build-accounts count #:key
@@ -74,32 +83,49 @@ GID."
(id 40000))
(nix-build-accounts 10 #:group "nixbld")))
-(define (nix-activation _)
- "Return the activation gexp."
- (with-imported-modules '((guix build utils))
- #~(begin
- (use-modules (guix build utils)
- (srfi srfi-26))
- (for-each (cut mkdir-p <>) '("/nix/store" "/nix/var/log"
- "/nix/var/nix/gcroots/per-user"
- "/nix/var/nix/profiles/per-user"))
- (chown "/nix/store"
- (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01")))
- (chmod "/nix/store" #o775)
- (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles"
- "/nix/var/nix/profiles/per-user")))))
+(define nix-activation
+ ;; Return the activation gexp.
+ (match-lambda
+ (($ <nix-configuration> package sandbox build-sandbox-paths extra-config)
+ (with-imported-modules (source-module-closure
+ '((guix build store-copy)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 format)
+ (srfi srfi-1)
+ (srfi srfi-26))
+ (for-each (cut mkdir-p <>) '("/nix/store" "/nix/var/log"
+ "/nix/var/nix/gcroots/per-user"
+ "/nix/var/nix/profiles/per-user"))
+ (chown "/nix/store"
+ (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01")))
+ (chmod "/nix/store" #o775)
+ (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles"
+ "/nix/var/nix/profiles/per-user"))
+ (mkdir-p "/etc/nix")
+ (with-output-to-file "/etc/nix/nix.conf"
+ (lambda _
+ (format #t "sandbox = ~a~%" (if #$sandbox "true" "false"))
+ (format #t "build-sandbox-paths = ~{~a ~}~%"
+ (append (append-map (cut call-with-input-file <> read)
+ '#$(map references-file
+ (list package)))
+ '#$build-sandbox-paths))
+ (for-each (cut display <>) '#$extra-config))))))))
-(define (nix-shepherd-service _)
- "Return a <shepherd-service> for Nix."
- (list
- (shepherd-service
- (provision '(nix-daemon))
- (documentation "Run nix-daemon.")
- (requirement '())
- (start #~(make-forkexec-constructor
- (list (string-append #$nix "/bin/nix-daemon"))))
- (respawn? #f)
- (stop #~(make-kill-destructor)))))
+(define nix-shepherd-service
+ ;; Return a <shepherd-service> for Nix.
+ (match-lambda
+ (($ <nix-configuration> package _ ...)
+ (list
+ (shepherd-service
+ (provision '(nix-daemon))
+ (documentation "Run nix-daemon.")
+ (requirement '())
+ (start #~(make-forkexec-constructor
+ (list (string-append #$package "/bin/nix-daemon"))))
+ (respawn? #f)
+ (stop #~(make-kill-destructor)))))))
(define nix-service-type
(service-type
@@ -108,7 +134,7 @@ GID."
(list (service-extension shepherd-root-service-type nix-shepherd-service)
(service-extension account-service-type nix-accounts)
(service-extension activation-service-type nix-activation)))
- (default-value '())
- (description "Run the Nix daemon.")))
+ (description "Run the Nix daemon.")
+ (default-value (nix-configuration))))
;;; nix.scm ends here
diff --git a/gnu/tests/package-management.scm b/gnu/tests/package-management.scm
new file mode 100644
index 0000000000..dbb9df22df
--- /dev/null
+++ b/gnu/tests/package-management.scm
@@ -0,0 +1,131 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Oleg Pykhalov <go.wigust@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests package-management)
+ #:use-module (gnu packages base)
+ #:use-module (gnu packages package-management)
+ #:use-module (gnu services)
+ #:use-module (gnu services networking)
+ #:use-module (gnu services nix)
+ #:use-module (gnu system)
+ #:use-module (gnu system vm)
+ #:use-module (gnu tests)
+ #:use-module (guix gexp)
+ #:use-module (guix git-download)
+ #:use-module (guix packages)
+ #:export (%test-nix))
+
+;;; Commentary:
+;;;
+;;; This module provides a test definition for the nix-daemon
+;;;
+;;; Code:
+
+(define* (run-nix-test name test-os)
+ "Run tests in %NIX-OS Guix operating system, which has nix-daemon running."
+ (define os
+ (marionette-operating-system
+ test-os
+ #:imported-modules '((gnu services herd))))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)
+ (port-forwardings '((8080 . 80)))
+ (memory-size 1024)))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (srfi srfi-11)
+ (srfi srfi-64)
+ (gnu build marionette)
+ (web client)
+ (web response))
+
+ (define marionette
+ (make-marionette (list #$vm)))
+
+ (mkdir #$output)
+ (chdir #$output)
+
+ (test-begin #$name)
+
+ ;; XXX: Shepherd reads the config file *before* binding its control
+ ;; socket, so /var/run/shepherd/socket might not exist yet when the
+ ;; 'marionette' service is started.
+ (test-assert "shepherd socket ready"
+ (marionette-eval
+ `(begin
+ (use-modules (gnu services herd))
+ (let loop ((i 10))
+ (cond ((file-exists? (%shepherd-socket-file))
+ #t)
+ ((> i 0)
+ (sleep 1)
+ (loop (- i 1)))
+ (else
+ 'failure))))
+ marionette))
+
+ (test-assert "Nix daemon running"
+ (marionette-eval
+ '(begin
+ ;; Wait for nix-daemon to be up and running.
+ (start-service 'nix-daemon)
+ (with-output-to-file "guix-test.nix"
+ (lambda ()
+ (display "\
+with import <nix/config.nix>;
+
+derivation {
+ system = builtins.currentSystem;
+ name = \"guix-test\";
+ builder = shell;
+ args = [\"-c\" \"mkdir $out\\necho FOO > $out/foo\"];
+ PATH = coreutils;
+}
+")))
+ (zero? (system* (string-append #$nix "/bin/nix-build")
+ "--substituters" "" "--debug" "--no-out-link"
+ "guix-test.nix")))
+ marionette))
+
+ (test-end)
+
+ (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+ (gexp->derivation (string-append name "-test") test))
+
+(define %nix-os
+ ;; Return operating system under test.
+ (let ((base-os
+ (simple-operating-system
+ (service nix-service-type)
+ (service dhcp-client-service-type))))
+ (operating-system
+ (inherit base-os)
+ (packages (cons nix (operating-system-packages base-os))))))
+
+(define %test-nix
+ (system-test
+ (name "nix")
+ (description "Connect to a running nix-daemon")
+ (value (run-nix-test name %nix-os))))
+
+;;; package-management.scm ends here
--
2.27.0
L
L
Ludovic Courtès wrote on 22 Jul 2020 12:09
Re: bug#42173: Nix on Guix System: can't update channels
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)
87imefkgir.fsf@gnu.org
Hi Oleg,

Oleg Pykhalov <go.wigust@gmail.com> skribis:

Toggle quote (18 lines)
> Oleg Pykhalov <go.wigust@gmail.com> writes:
>
> […]
>
>> Currently I don't see a way to mount
>> /gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32
>> dependencies (and other packages) inside the Nix sandbox.
>
> Found one way:
>
> (with-output-to-file "/etc/nix/nix.conf"
> (lambda _
> (display "sandbox = true")
> (newline)
> (format #t "build-sandbox-paths = ~{~a ~}~%"
> '#$(package-closure (map (match-lambda ((name package) package))
> (package-inputs nix))))))

That’s inaccurate: ‘package-closure’ does not capture non-package
inputs, and it’s the set of build-time dependencies, not references.

Using #:references-graphs solves that problem because it gives you
precisely the closure of each package, as returned by ‘guix gc -R’.

HTH!

Ludo’.
L
L
Ludovic Courtès wrote on 22 Jul 2020 12:34
Re: [PATCH 2/2] services: nix: Fix sandbox.
(name . Oleg Pykhalov)(address . go.wigust@gmail.com)(address . 42173@debbugs.gnu.org)
87zh7rj0sa.fsf@gnu.org
Hi!

Oleg Pykhalov <go.wigust@gmail.com> skribis:

Toggle quote (9 lines)
> * gnu/tests/package-management.scm: New file.
> * gnu/local.mk: Add this.
> * gnu/services/nix.scm (<nix-configuration>): New record.
> (nix-activation): Generate Nix config file.
> (nix-service-type): Add default value.
> (nix-shepherd-service): Allow provide Nix package.
> * doc/guix.texi (Miscellaneous Services)[Nix service]<nix-configuration>:
> Document record.

Nice! You can add a “Fixes” line too.

Toggle quote (4 lines)
> +@item @code{build-sandbox-paths} (default: @code{'()})
> +This is a list of strings or objects appended to the
> +@code{build-sandbox-paths} field of the configuration file.

I’d use “files” or “items” instead of “paths”, for consistency.

Toggle quote (11 lines)
> + (mkdir-p "/etc/nix")
> + (with-output-to-file "/etc/nix/nix.conf"
> + (lambda _
> + (format #t "sandbox = ~a~%" (if #$sandbox "true" "false"))
> + (format #t "build-sandbox-paths = ~{~a ~}~%"
> + (append (append-map (cut call-with-input-file <> read)
> + '#$(map references-file
> + (list package)))
> + '#$build-sandbox-paths))
> + (for-each (cut display <>) '#$extra-config))))))))

Here you’re adding the closure of Nix itself, which is a bit more than
needed I guess, but maybe it’s OK (perhaps with a comment explaining
that ‘config.nix’ captures store file names.)

Actually I thought this would have to be addressed in the ‘nix’ package
itself because this is where those store file names are captured. But
maybe it’s OK to do it in the service. WDYT?

Toggle quote (2 lines)
> +(define* (run-nix-test name test-os)
> + "Run tests in %NIX-OS Guix operating system, which has nix-daemon running."
^
TEST-OS

Toggle quote (2 lines)
> +(define %nix-os

Pretty fun. :-)

Toggle quote (6 lines)
> +(define %test-nix
> + (system-test
> + (name "nix")
> + (description "Connect to a running nix-daemon")
> + (value (run-nix-test name %nix-os))))

Great that you were able to write a test for that!

Thanks,
Ludo’.
O
O
Oleg Pykhalov wrote on 22 Jul 2020 21:38
(address . 42173-done@debbugs.gnu.org)
87ft9j732x.fsf@gmail.com
Hi,

Ludovic Courtès <ludo@gnu.org> writes:

[…]

Toggle quote (14 lines)
>> + (with-output-to-file "/etc/nix/nix.conf"
>> + (lambda _
>> + (format #t "sandbox = ~a~%" (if #$sandbox "true" "false"))
>> + (format #t "build-sandbox-paths = ~{~a ~}~%"
>> + (append (append-map (cut call-with-input-file <> read)
>> + '#$(map references-file
>> + (list package)))
>> + '#$build-sandbox-paths))
>> + (for-each (cut display <>) '#$extra-config))))))))
>
> Actually I thought this would have to be addressed in the ‘nix’ package
> itself because this is where those store file names are captured. But
> maybe it’s OK to do it in the service. WDYT?

I think it's good enough for now to fix the issue. We could delete
prepending ‘build-sandbox-paths’ with ‘nix’ closure in future.

Toggle quote (4 lines)
>> +(define %nix-os
>
> Pretty fun. :-)

Yea, :-).

Pushed to master as 4656180d5de1fef2846bea9af27ae509f32376ba

Oleg.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl8YlaYACgkQFn+OpQAa
+pxhVw//d+loKm+gxOWel+43appqPIPd5m0zllbzUa6X/+c3mNNcidGF4wDbhO01
uOW9wr8vxq7vKQYz+2UbM7R7rfYArm79seQfCCjmukX1nUVO8Nhrj6NCnhLDQjc9
Tj3uI7Gu/Ui4pgKwOWXNXNmF36rX3UqBCdNoteHHGbbDZ5/OhQTZSq+pFmVwNdEz
13OrWCi9/UtvNxGU+GT68hiubk9BZDc0vxAd2yZeLWtqcm67tj7EiEwwXgVJnHlu
ynLGPGplkWfyIvyz32fUw1M0P1uh/iTgxh8s7/QxyzIZNVDMQ8PnDKwzBt7cv1pc
3GXai1KogOM6Vy1dHKRIECr/PhRq9HSeFReOYEa5NiNbOVoUA8wOxDijvteXbAsk
QFSZ7auhuWj2dTV5cqqHfJYoWJlRLvEI+1l/USdUvu9VJZhBEm73TmKLwgk6hcE0
ad71b78Yey0HcB4RRt9Y31XDBspr1ylDYnq6Tj/NK6MQGJf/B+s3jIW2LqeBMAYX
hCQFP6FTKi9tgCX2gO2kFA1gNAhe5ggNy0YzWjZl81cyyuHl94ip9IMiXHeLJQ+4
fKAii89xaSbG4Gv2Kxtn07sqNBZBAZ0Suqh8J7a8T5P/6Qc+X6Mfw3BL4hcQ6TRo
FWIDIruqfzOxoPIIWRYI0dSDzR/iAWSf9+DBB+CbXXT9CA+PUP0=
=5O7I
-----END PGP SIGNATURE-----

Closed
?