Comments (10)
Thanks @06kellyjac. Could you check what happens if you specifically disable the sandbox by appending --option sandbox false
to your nix-build
command?
from nix-portable.
The newest version now works inside a github action without any extra flags.
The sandbox works and is automatically enabled for GH actions.
Also user namespaces via bwrap are now used, which is significantly more efficient compared to proot.
I'll close this for now. In case there is still any problem, feel free to re-open.
from nix-portable.
Hey, could you try executing it again with:
NP_DEBUG=1 and post the log?
Also you can try setting NP_RUNTIME=proot in case bwrap doesn't work.
Usually it should automatically detect that bwrap doesn't work and fall back to proot. But something goes wrong, so I'm curious about the debug log
from nix-portable.
with NP_DEBUG=1
, I can see that it is not using bwrap
(because it doesn't work on GH actions workers?), and it is falling back to proot: https://github.com/luizirber/2021-02-26-text-minhash/runs/2014796967#step:5:14
from nix-portable.
Since the 'sandbox-fallback' option is set in the nix config, nix should fall back to not using a sandbox. Let's see if disabling the sandbox will work. I'll fork your project and play with it a bit tomorrow.
from nix-portable.
I ended up reverting the nix-portable commit in my repo, the old way is slower but it works... But I think nix-portable
can be a huge boost for CI (when you don't want to setup cachix and such)
from nix-portable.
The cachix/nix-install-action takes 4s. I don't think that nix-portable will be any faster than that.
Or am I missing any aspect?
from nix-portable.
The cachix/nix-install-action takes 4s. I don't think that nix-portable will be any faster than that.
Or am I missing any aspect?
nix-portable
will be easier to cache using the github cache action. The cachix one doesn't work well with it (lots of missing symlinks if I try to cache /nix
), and I don't wanna go all the trouble of setting up https://github.com/cachix/cachix-action and extra secrets.
(I was trying to cache ~/.nix-portable/store
in luizirber/2021-02-26-text-minhash@8a6d9b9#diff-551d1fcf87f78cc3bc18a7b332a4dc5d8773a512062df881c5aba28a6f5c48d7L19, but didn't get to trigger the caching to see if it worked because of the sandbox error)
from nix-portable.
Having this issue on arco, using release 006, I think I tried 005 too but cant remember
[jk@arco nix]$ NP_DEBUG=1 nix-portable nix-build -A container
figuring out ssl certs
figuring out which runtime to use
bwrap executable: /usr/bin/bwrap
proot executable: /home/jk/.nix-portable/bin/proot
bwrap doesn't work on this system -> will use proot
creating bind args for /etc/ssl/certs/ca-certificates.crt
needGit: false
git already installed or not required
running command: /home/jk/.nix-portable/bin/proot -R /home/jk/.nix-portable/emptyroot -b /home/jk/.nix-portable/store:/nix/store -b /home/jk/.nix-portable/store/7fryg0wgx7zs5rfz00mi6kf755diakc5-busybox-1.31.1/bin/:/bin -b /usr/lib:/lib64 -b /dev:/dev -b /boot:/boot -b /opt:/opt -b /proc:/proc -b /usr/bin:/sbin -b /var:/var -b /run:/run -b /lost+found:/lost+found -b /srv:/srv -b /root:/root -b /swapfile:/swapfile -b /sys:/sys -b /tmp:/tmp -b /mnt:/mnt -b /usr/bin:/bin -b /usr/lib:/lib -b /home:/home -b /usr:/usr -b /etc/host.conf:/etc/host.conf -b /etc/hosts:/etc/hosts -b /etc/passwd:/etc/passwd -b /etc/group:/etc/group -b /etc/nsswitch.conf:/etc/nsswitch.conf -b /etc/resolv.conf:/etc/resolv.conf -b /usr/share/zoneinfo/Europe/London:/etc/localtime -b /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt /home/jk/.nix-portable/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/nix-build -A container
these 4 derivations will be built:
/nix/store/dhkjkl5xg9albnvwhh71na9ls8053pbf-container-config.json.drv
/nix/store/f5w2ngfzcqrmk3p0ykwkp5as01fnkrnv-docker-layer-container.drv
/nix/store/hn65jy7wyyniwyshmgj8q374fn6r1ph7-runtime-deps.drv
/nix/store/fjvf8cj8b0n9lgdjxcf1wlm424dw2hy5-docker-image-container.tar.gz.drv
error: --- SysError ------------------------------------------------------------------------------------------------------------------------------ nix-build
getting sandbox mount namespace: No such file or directory
default.nix:
{ pkgs ? import <nixpkgs> {} }:
{
container = pkgs.dockerTools.buildImage {
name = "container";
contents = pkgs.hello;
};
}
from nix-portable.
That works fine:
[jk@arco nix]$ NP_DEBUG=1 nix-portable nix-build -A container --option sandbox false
figuring out ssl certs
figuring out which runtime to use
bwrap executable: /usr/bin/bwrap
proot executable: /home/jk/.nix-portable/bin/proot
bwrap doesn't work on this system -> will use proot
creating bind args for /etc/ssl/certs/ca-certificates.crt
loading new store paths
running command: /home/jk/.nix-portable/bin/proot -R /home/jk/.nix-portable/emptyroot -b /home/jk/.nix-portable/store:/nix/store -b /home/jk/.nix-portable/store/7fryg0wgx7zs5rfz00mi6kf755diakc5-busybox-1.31.1/bin/:/bin -b /usr/lib:/lib64 -b /dev:/dev -b /boot:/boot -b /opt:/opt -b /proc:/proc -b /usr/bin:/sbin -b /var:/var -b /run:/run -b /lost+found:/lost+found -b /srv:/srv -b /root:/root -b /swapfile:/swapfile -b /sys:/sys -b /tmp:/tmp -b /mnt:/mnt -b /usr/bin:/bin -b /usr/lib:/lib -b /home:/home -b /usr:/usr -b /etc/host.conf:/etc/host.conf -b /etc/hosts:/etc/hosts -b /etc/passwd:/etc/passwd -b /etc/group:/etc/group -b /etc/nsswitch.conf:/etc/nsswitch.conf -b /etc/resolv.conf:/etc/resolv.conf -b /usr/share/zoneinfo/Europe/London:/etc/localtime -b /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt /home/jk/.nix-portable/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/nix-store --load-db
needGit: false
git already installed or not required
running command: /home/jk/.nix-portable/bin/proot -R /home/jk/.nix-portable/emptyroot -b /home/jk/.nix-portable/store:/nix/store -b /home/jk/.nix-portable/store/7fryg0wgx7zs5rfz00mi6kf755diakc5-busybox-1.31.1/bin/:/bin -b /usr/lib:/lib64 -b /dev:/dev -b /boot:/boot -b /opt:/opt -b /proc:/proc -b /usr/bin:/sbin -b /var:/var -b /run:/run -b /lost+found:/lost+found -b /srv:/srv -b /root:/root -b /swapfile:/swapfile -b /sys:/sys -b /tmp:/tmp -b /mnt:/mnt -b /usr/bin:/bin -b /usr/lib:/lib -b /home:/home -b /usr:/usr -b /etc/host.conf:/etc/host.conf -b /etc/hosts:/etc/hosts -b /etc/passwd:/etc/passwd -b /etc/group:/etc/group -b /etc/nsswitch.conf:/etc/nsswitch.conf -b /etc/resolv.conf:/etc/resolv.conf -b /usr/share/zoneinfo/Europe/London:/etc/localtime -b /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt /home/jk/.nix-portable/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/nix-build -A container --option sandbox false
these 4 derivations will be built:
/nix/store/dhkjkl5xg9albnvwhh71na9ls8053pbf-container-config.json.drv
/nix/store/f5w2ngfzcqrmk3p0ykwkp5as01fnkrnv-docker-layer-container.drv
/nix/store/hn65jy7wyyniwyshmgj8q374fn6r1ph7-runtime-deps.drv
/nix/store/fjvf8cj8b0n9lgdjxcf1wlm424dw2hy5-docker-image-container.tar.gz.drv
these 40 paths will be fetched (105.62 MiB download, 457.02 MiB unpacked):
/nix/store/0gc9dr71ldp79cla2qbl3kwdd4ig46pi-linux-headers-5.5
# ...
/nix/store/zhazc5rmyp5yd38pz9cvfrmpzs79kd2j-gnugrep-3.4
copying path '/nix/store/gz01vlpf2qmmzaa25swafy8xkc30g6a9-perl5.32.0-Time-Duration-1.21' from 'https://cache.nixos.org'...
# ...
copying path '/nix/store/6lrvwc4p79acm6153mqd3cg4qa38gqgw-stdenv-linux' from 'https://cache.nixos.org'...
building '/nix/store/dhkjkl5xg9albnvwhh71na9ls8053pbf-container-config.json.drv'...
building '/nix/store/f5w2ngfzcqrmk3p0ykwkp5as01fnkrnv-docker-layer-container.drv'...
Adding contents...
Adding /nix/store/wmsbkyp09jbgp4p9ki62sb44b7ly418v-hello-2.10
Packing layer...
Finished building layer 'container'
building '/nix/store/hn65jy7wyyniwyshmgj8q374fn6r1ph7-runtime-deps.drv'...
building '/nix/store/fjvf8cj8b0n9lgdjxcf1wlm424dw2hy5-docker-image-container.tar.gz.drv'...
Adding layer...
tar: Removing leading `/' from member names
Adding meta...
Cooking the image...
Finished.
/nix/store/v600l8gd25crqy0fj6ksn5j0njx36ms5-docker-image-container.tar.gz
Ideally I want to have the sandbox but it's nice to have it working 🙂
from nix-portable.
Related Issues (20)
- nixpkgs#emacs29-gtk3 with packages ends up with Operation not permitted in fixupPhase
- I cannot start nix-portable as a user HOT 7
- super slow access to webarchive when downloading proot
- [Help Wanted] nix bundle within nix-portable HOT 1
- Ability to simply enter the sandbox HOT 2
- Making Nix-Portable's runner script POSIX HOT 1
- Relative flake input files
- CACert issue?
- Bundler does not work in aarch64_linux
- homeless-shelter writable and causes failure if something writes there HOT 1
- set LOCALE_ARCHIVE for nix-shell
- Fails to run with vfs mount
- nix-portable breaks on symlinked home directory
- Error "nix is unable to build packages" when there's nothing to build HOT 1
- Debugging 'unzip: short read' HOT 2
- Sudo in nix-portable HOT 6
- nix-store no libgssapi_krb5.so.2 HOT 2
- How to update to nixos 23.11? HOT 1
- What is the `nix --store` runtime? HOT 3
- cannot use `nix --store` runtime which is selected by default HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nix-portable.