From: "Ludovic Courtès" <ludo@gnu.org>
To: Oleg Pykhalov <go.wigust@gmail.com>
Cc: Zhu Zihao via web <issues.guix.gnu.org@elephly.net>,
42173@debbugs.gnu.org
Subject: bug#42173: Nix on Guix System: can't update channels
Date: Tue, 21 Jul 2020 23:28:20 +0200 [thread overview]
Message-ID: <878sfclfrf.fsf@gnu.org> (raw)
In-Reply-To: <878sfdqpte.fsf@gmail.com> (Oleg Pykhalov's message of "Tue, 21 Jul 2020 10:39:57 +0300")
Hi!
Oleg Pykhalov <go.wigust@gmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Hi,
>>
>> (+Cc: Oleg, who worked on the Nix service.)
>>
>> Zhu Zihao via web <issues.guix.gnu.org@elephly.net> skribis:
>>
>>> I found that if I put "sandbox = false" to /etc/nix/nix.conf. Nix can update channel. Maybe nix's sandbox forget to import some guix binary path?
>>
>> Yes, probably. There’s probably an option similar to the
>> ‘--chroot-directory’ of ‘guix-daemon’ to specify additional directories
>> that must be in the “sandbox”.
>>
>> If you find that option, then we can arrange and add all the
>> dependencies of /gnu/store/…/bin/bash there (similar to what
>> ‘qemu-binfmt-service-type’ does).
>
> /gnu/store/…/bin/bash (we need a static-bash) is not enough, we also
> should handle all packages (and closures in case binaries are not
> static) listed in:
>
> $(guix build --no-grafts nix)/share/nix/corepkgs/config.nix
>
> let
> fromEnv = var: def:
> let val = builtins.getEnv var; in
> if val != "" then val else def;
> in rec {
> shell = "/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash";
> coreutils = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin";
> bzip2 = "/gnu/store/a9f7wmc75hbpg520phw9z4l9asm3qvsw-bzip2-1.0.8/bin/bzip2";
> gzip = "/gnu/store/ncydgq2znms5n1d2k5yqshhf58nsixwv-gzip-1.10/bin/gzip";
> xz = "/gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4/bin/xz";
> tar = "/gnu/store/v6f44zccwh9z5zk3pjlywjybbi8n2hjh-tar-1.32/bin/tar";
> tarFlags = "--warning=no-timestamp";
> tr = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin/tr";
> nixBinDir = fromEnv "NIX_BIN_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/bin";
> nixPrefix = "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6";
> nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/libexec";
> nixLocalstateDir = "/nix/var";
> nixSysconfDir = "/etc";
> nixStoreDir = fromEnv "NIX_STORE_DIR" "/nix/store";
>
> # If Nix is installed in the Nix store, then automatically add it as
> # a dependency to the core packages. This ensures that they work
> # properly in a chroot.
> chrootDeps =
> if dirOf nixPrefix == builtins.storeDir then
> [ (builtins.storePath nixPrefix) ]
> else
> [ ];
> }
>
> Currently I don't see a way to mount
> /gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32
> dependencies (and other packages) inside the Nix sandbox.
In ‘chrootDeps’ above (IIUC), you could add the closure of all these
things. To do that, you need to pass #:references-graphs. Then, on the
build side, you can use ‘read-reference-graph’ to parse the graph file,
get the closures, and add it to ‘chrootDeps’ instead of the empty list.
Does that make sense?
HTH,
Ludo’.
next prev parent reply other threads:[~2020-07-21 21:29 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-03 9:56 bug#42173: Nix on Guix System: can't update channels Alexandru-Sergiu Marton
2020-07-13 13:35 ` Ludovic Courtès
2020-07-19 8:14 ` Alexandru-Sergiu Marton
2020-07-15 5:28 ` Zhu Zihao via web
2020-07-16 10:12 ` Ludovic Courtès
2020-07-21 7:39 ` Oleg Pykhalov
2020-07-21 17:27 ` Oleg Pykhalov
2020-07-22 10:09 ` Ludovic Courtès
2020-07-21 21:28 ` Ludovic Courtès [this message]
2020-07-22 6:59 ` bug#42173: [PATCH 1/2] services: base: Export references-file Oleg Pykhalov
2020-07-22 6:59 ` bug#42173: [PATCH 2/2] services: nix: Fix sandbox Oleg Pykhalov
2020-07-22 10:34 ` Ludovic Courtès
2020-07-22 19:38 ` Oleg Pykhalov
2020-07-21 4:05 ` bug#42173: Nix on Guix System: can't update channels Zhu Zihao via web
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878sfclfrf.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=42173@debbugs.gnu.org \
--cc=go.wigust@gmail.com \
--cc=issues.guix.gnu.org@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).