bug#42173: Nix on Guix System: can't update channels

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

From: "Ludovic Courtès" <ludo@gnu.org>
To: Oleg Pykhalov <go.wigust@gmail.com>
Cc: Zhu Zihao via web <issues.guix.gnu.org@elephly.net>,
	42173@debbugs.gnu.org
Subject: bug#42173: Nix on Guix System: can't update channels
Date: Tue, 21 Jul 2020 23:28:20 +0200	[thread overview]
Message-ID: <878sfclfrf.fsf@gnu.org> (raw)
In-Reply-To: <878sfdqpte.fsf@gmail.com> (Oleg Pykhalov's message of "Tue, 21 Jul 2020 10:39:57 +0300")

Hi!

Oleg Pykhalov <go.wigust@gmail.com> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi,
>>
>> (+Cc: Oleg, who worked on the Nix service.)
>>
>> Zhu Zihao via web <issues.guix.gnu.org@elephly.net> skribis:
>>
>>> I found that if I put "sandbox = false" to /etc/nix/nix.conf. Nix can update channel. Maybe nix's sandbox forget to import some guix binary path?
>>
>> Yes, probably.  There’s probably an option similar to the
>> ‘--chroot-directory’ of ‘guix-daemon’ to specify additional directories
>> that must be in the “sandbox”.
>>
>> If you find that option, then we can arrange and add all the
>> dependencies of /gnu/store/…/bin/bash there (similar to what
>> ‘qemu-binfmt-service-type’ does).
>
> /gnu/store/…/bin/bash (we need a static-bash) is not enough, we also
> should handle all packages (and closures in case binaries are not
> static) listed in:
>
> $(guix build --no-grafts nix)/share/nix/corepkgs/config.nix
>
> let
>   fromEnv = var: def:
>     let val = builtins.getEnv var; in
>     if val != "" then val else def;
> in rec {
>   shell = "/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash";
>   coreutils = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin";
>   bzip2 = "/gnu/store/a9f7wmc75hbpg520phw9z4l9asm3qvsw-bzip2-1.0.8/bin/bzip2";
>   gzip = "/gnu/store/ncydgq2znms5n1d2k5yqshhf58nsixwv-gzip-1.10/bin/gzip";
>   xz = "/gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4/bin/xz";
>   tar = "/gnu/store/v6f44zccwh9z5zk3pjlywjybbi8n2hjh-tar-1.32/bin/tar";
>   tarFlags = "--warning=no-timestamp";
>   tr = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin/tr";
>   nixBinDir = fromEnv "NIX_BIN_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/bin";
>   nixPrefix = "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6";
>   nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/libexec";
>   nixLocalstateDir = "/nix/var";
>   nixSysconfDir = "/etc";
>   nixStoreDir = fromEnv "NIX_STORE_DIR" "/nix/store";
>
>   # If Nix is installed in the Nix store, then automatically add it as
>   # a dependency to the core packages. This ensures that they work
>   # properly in a chroot.
>   chrootDeps =
>     if dirOf nixPrefix == builtins.storeDir then
>       [ (builtins.storePath nixPrefix) ]
>     else
>       [ ];
> }
>
> Currently I don't see a way to mount
> /gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32
> dependencies (and other packages) inside the Nix sandbox.

In ‘chrootDeps’ above (IIUC), you could add the closure of all these
things.  To do that, you need to pass #:references-graphs.  Then, on the
build side, you can use ‘read-reference-graph’ to parse the graph file,
get the closures, and add it to ‘chrootDeps’ instead of the empty list.

Does that make sense?

HTH,
Ludo’.

next prev parent reply	other threads:[~2020-07-21 21:29 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-03  9:56 bug#42173: Nix on Guix System: can't update channels Alexandru-Sergiu Marton
2020-07-13 13:35 ` Ludovic Courtès
2020-07-19  8:14   ` Alexandru-Sergiu Marton
2020-07-15  5:28 ` Zhu Zihao via web
2020-07-16 10:12   ` Ludovic Courtès
2020-07-21  7:39     ` Oleg Pykhalov
2020-07-21 17:27       ` Oleg Pykhalov
2020-07-22 10:09         ` Ludovic Courtès
2020-07-21 21:28       ` Ludovic Courtès [this message]
2020-07-22  6:59         ` bug#42173: [PATCH 1/2] services: base: Export references-file Oleg Pykhalov
2020-07-22  6:59           ` bug#42173: [PATCH 2/2] services: nix: Fix sandbox Oleg Pykhalov
2020-07-22 10:34             ` Ludovic Courtès
2020-07-22 19:38               ` Oleg Pykhalov
2020-07-21  4:05 ` bug#42173: Nix on Guix System: can't update channels Zhu Zihao via web

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=878sfclfrf.fsf@gnu.org \
    --to=ludo@gnu.org \
    --cc=42173@debbugs.gnu.org \
    --cc=go.wigust@gmail.com \
    --cc=issues.guix.gnu.org@elephly.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).