Daemon: nix-connection-error

Daemon: nix-connection-error

[Nikita Karetnikov]

[-- Attachment #1: Type: text/plain, Size: 782 bytes --]

# ./bootstrap
# ./configure --localstatedir=/nix/var --with-nixpkgs=/home/nixpkgs-github
# make
# make check

return

FAIL: tests/builders.scm
FAIL: tests/derivations.scm
FAIL: tests/packages.scm
FAIL: tests/store.scm
FAIL: tests/union.scm
FAIL: tests/guix-build.sh
FAIL: tests/guix-package.sh
FAIL: tests/guix-gc.sh
FAIL: tests/guix-daemon.sh

scheme@(guile-user)> ,use (guix store)
scheme@(guile-user)> (open-connection)
guix/store.scm:272:4: In procedure open-connection:
guix/store.scm:272:4: Throw to key `srfi-34' with args `(#<condition &nix-connection-error [file: "/nix/var/nix/daemon-socket/socket" errno: 111] 902bc18>)'.

Entering a new prompt.  Type `,bt' for a backtrace or `,q' to continue.
scheme@(guile-user) [1]> 

Did I forget anything?

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: Daemon: nix-connection-error

[Ludovic Courtès]

Nikita Karetnikov <nikita@karetnikov.org> skribis:

> # ./bootstrap
> # ./configure --localstatedir=/nix/var --with-nixpkgs=/home/nixpkgs-github

(Actually --with-nixpkgs has no effect; I’ll remove it.
Also why do this as root?  It’s a Bad Idea.)

> # make
> # make check
>
> return
>
> FAIL: tests/builders.scm
> FAIL: tests/derivations.scm
> FAIL: tests/packages.scm
> FAIL: tests/store.scm
> FAIL: tests/union.scm
> FAIL: tests/guix-build.sh
> FAIL: tests/guix-package.sh
> FAIL: tests/guix-gc.sh
> FAIL: tests/guix-daemon.sh

Any hints in test-suite.log or tests/*.log?

> scheme@(guile-user)> ,use (guix store)
> scheme@(guile-user)> (open-connection)
> guix/store.scm:272:4: In procedure open-connection:
> guix/store.scm:272:4: Throw to key `srfi-34' with args `(#<condition &nix-connection-error [file: "/nix/var/nix/daemon-socket/socket" errno: 111] 902bc18>)'.

scheme@(guile-user)> (strerror 111)
$4 = "Connection refused"

Could you check the permissions on /nix/var/nix/daemon-socket/socket?

HTH,
Ludo’.

Re: Daemon: nix-connection-error

[Nikita Karetnikov]

[-- Attachment #1: Type: text/plain, Size: 480 bytes --]

> Also why do this as root?  It’s a Bad Idea.)

Because I use Guix in a chroot.  Can it still be harmful?

> Any hints in test-suite.log or tests/*.log?

No.

> Could you check the permissions on /nix/var/nix/daemon-socket/socket?

srw-rw-rw- 1 root root 0 2013-06-22 01:34 socket

I've found out that the following works:

# ./pre-inst-env guix-daemon --build-users-group=nixbld &
# ./pre-inst-env guix build -K hello

But 'make check' fails for some reason.

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: Daemon: nix-connection-error

[Ludovic Courtès]

Nikita Karetnikov <nikita@karetnikov.org> skribis:

>> Also why do this as root?  It’s a Bad Idea.)
>
> Because I use Guix in a chroot.  Can it still be harmful?

Usually one never logs in as root.  You should only escalate as root
when needed, typically via sudo.

>> Any hints in test-suite.log or tests/*.log?
>
> No.

There’s probably an error message in test-suite.log in such cases.

>> Could you check the permissions on /nix/var/nix/daemon-socket/socket?
>
> srw-rw-rw- 1 root root 0 2013-06-22 01:34 socket
>
> I've found out that the following works:
>
> # ./pre-inst-env guix-daemon --build-users-group=nixbld &
> # ./pre-inst-env guix build -K hello
>
> But 'make check' fails for some reason.

‘make check’ uses a different store (see the ‘test-env’ script.)

It may be that $top_builddir/test-tmp/var/XXX/daemon-socket/socket is
created with the wrong user or permissions.

Could you check whether this works:

  ./test-env guile -c '(use-modules (guix store)) (pk (open-connection))'

If it fails, can you prefix that command line with ‘strace -f -o log’,
and post the output of ‘grep daemon-socket log’?

TIA,
Ludo’.

Re: Daemon: nix-connection-error

[Nikita Karetnikov]

[-- Attachment #1: Type: text/plain, Size: 233 bytes --]

> There’s probably an error message in test-suite.log in such cases.

Right, it was necessary to remove '/homeless-shelter'.  Should we handle
it differently?  Or is it enough to fail and print an error to the log
(like now)?

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: Daemon: nix-connection-error

[Ludovic Courtès]

Nikita Karetnikov <nikita@karetnikov.org> skribis:

>> There’s probably an error message in test-suite.log in such cases.
>
> Right, it was necessary to remove '/homeless-shelter'.  Should we handle
> it differently?  Or is it enough to fail and print an error to the log
> (like now)?

Handle what?  What was the error message exactly?

Normally it’s impossible to create that directory...  unless running as root.

Thanks,
Ludo’.

Re: Daemon: nix-connection-error

[Nikita Karetnikov]

[-- Attachment #1: Type: text/plain, Size: 662 bytes --]

> Handle what?

Handle this situation.  But I guess it's not needed because noone should
normally have '/homeless-shelter'.

I was testing a package from its build directory and forgot to unset
some variables ($HOME, for instance).

> What was the error message exactly?

guix build: error: build failed: directory `/homeless-shelter' exists;
please remove it

> unless running as root.

Well, my understanding is that it shouldn't be harmful (under normal
circumstances) for the main system.  But it's not smart because you
could affect the chroot itself, which is not desirable anyway.  So, I'm
going to use '--userspec' from now on.

Thanks for the heads up.

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: Daemon: nix-connection-error

[Ludovic Courtès]

Nikita Karetnikov <nikita@karetnikov.org> skribis:

>> Handle what?
>
> Handle this situation.  But I guess it's not needed because noone should
> normally have '/homeless-shelter'.
>
> I was testing a package from its build directory and forgot to unset
> some variables ($HOME, for instance).

Ah, so this was not the log of a chroot build, right?  (There’s no
/homeless-shelter directory in the chroot.)

>> What was the error message exactly?
>
> guix build: error: build failed: directory `/homeless-shelter' exists;
> please remove it

Perfect, then.  :-)

>> unless running as root.
>
> Well, my understanding is that it shouldn't be harmful (under normal
> circumstances) for the main system.  But it's not smart because you
> could affect the chroot itself, which is not desirable anyway.  So, I'm
> going to use '--userspec' from now on.

Not sure what --userspec is.

Anyway, in general, it’s a bad idea to do “normal things” as root,
because it’s easy to inadvertently break the system one way or another.

Thanks,
Ludo’.

Re: Daemon: nix-connection-error

[Nikita Karetnikov]

[-- Attachment #1: Type: text/plain, Size: 642 bytes --]

> Ah, so this was not the log of a chroot build, right?  (There’s no
> /homeless-shelter directory in the chroot.)

I'm puzzled.  The manual says that "each build process is run in a
chroot environment." [1]  However, I see

export HOME="/homeless-shelter"

in '/tmp/nix-build-coreutils-8.21.drv-7/environment-variables'.

Is anything wrong with Guix, or is it my fault?

Note that I was able to build a previous version (8.20) of Coreutils.

> Not sure what --userspec is.

'chroot --userspec=USER:GROUP' allows to specify a user and a group.

[1] https://gnu.org/software/guix/manual/guix.html#Invoking-guix_002ddaemon

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: Daemon: nix-connection-error

[Ludovic Courtès]

Nikita Karetnikov <nikita@karetnikov.org> skribis:

>> Ah, so this was not the log of a chroot build, right?  (There’s no
>> /homeless-shelter directory in the chroot.)
>
> I'm puzzled.  The manual says that "each build process is run in a
> chroot environment." [1]  However, I see
>
> export HOME="/homeless-shelter"
>
> in '/tmp/nix-build-coreutils-8.21.drv-7/environment-variables'.
>
> Is anything wrong with Guix, or is it my fault?

What makes you think there’s a contradiction here?

Turns out $HOME is automatically set by the daemon for each build (from
nix/libstore/build.cc):

    /* Set HOME to a non-existing path to prevent certain programs from using
       /etc/passwd (or NIS, or whatever) to locate the home directory (for
       example, wget looks for ~/.wgetrc).  I.e., these tools use /etc/passwd
       if HOME is not set, but they will just assume that the settings file
       they are looking for does not exist if HOME is set but points to some
       non-existing path. */
    Path homeDir = "/homeless-shelter";
    env["HOME"] = homeDir;

Yet, the daemon runs builds in a chroot, or complains if it cannot for
some reason (unless HAVE_CHROOT is unset.)

Can you check that HAVE_CHROOT is set, and that the build users exist?

>> Not sure what --userspec is.
>
> 'chroot --userspec=USER:GROUP' allows to specify a user and a group.

And what would you do with that?

As explained in the manual, the normal setup is to run the daemon as
root with --build-users-group; it then automatically calls chroot(2) and
seteuid(2) in the child processes that run the builds.

HTH,
Ludo’.