davhau / nix-portable Goto Github PK
View Code? Open in Web Editor NEWNix - Static, Permissionless, Installation-free, Pre-configured
License: MIT License
Nix - Static, Permissionless, Installation-free, Pre-configured
License: MIT License
move runtimeScript to separate file
why?
how?
also avoid the "escape + echo" pattern
echo "${runtimeScriptEscaped}" > $out/bin/nix-portable.zip
by using temporary files
just my 2 cents. nice tool!
I am trying to run nix-portable on our CentOS HPC cluster (CentOS Linux release 7.6.1810 (Core)
, Linux login01 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 29 14:49:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
). The home directories are on a NFS and namespaces are not available.
When trying to run nix-portable I get:
NP_DEBUG=1 nix-portable nix-shell -p nano
installing files
figuring out ssl certs
SSL_CERT_FILE not defined. trying to find certs automatically
found /etc/ssl/certs/ca-bundle.crt with real path /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
figuring out which runtime to use
bwrap executable: /home/mi24ris/.nix-portable/bin/bwrap
proot executable: /home/mi24ris/.nix-portable/bin/proot
bwrap: Creating new namespace failed, likely because the kernel does not support user namespaces. bwrap must be installed setuid on such systems.
bwrap doesn't work on this system -> will use proot
base command will be: /home/mi24ris/.nix-portable/bin/proot -r /home/mi24ris/.nix-portable/emptyroot -b /dev:/dev -b /home/mi24ris/.nix-portable/store:/nix/store -b /proc:/proc -b /run:/run -b /sys:/sys -b /tmp:/tmp -b /etc:/etc -b /root:/root -b /var:/var -b /usr:/usr -b /usr/bin:/bin -b /usr/sbin:/sbin -b /usr/lib:/lib -b /usr/lib64:/lib64 -b /boot:/boot -b /home:/home -b /media:/media -b /mnt:/mnt -b /opt:/opt -b /srv:/srv -b /.autorelabel:/.autorelabel -b /cluster:/cluster -b /beegfs:/beegfs -b /.readahead:/.readahead -b /backup1:/backup1 -b /backup2:/backup2 -b /xcatpost:/xcatpost -b /applications-merged:/applications-merged -b /local:/local -b /tpi1:/tpi1 -b /nfsdata:/nfsdata -b /hs_err_pid26423.log:/hs_err_pid26423.log -b /hs_err_pid26386.log:/hs_err_pid26386.log -b /hs_err_pid35596.log:/hs_err_pid35596.log -b /hs_err_pid30100.log:/hs_err_pid30100.log -b /hs_err_pid45475.log:/hs_err_pid45475.log -b /hs_err_pid45597.log:/hs_err_pid45597.log -b /hs_err_pid45631.log:/hs_err_pid45631.log -b /-:/- -b /hs_err_pid33509.log:/hs_err_pid33509.log -b /hs_err_pid34531.log:/hs_err_pid34531.log -b /hs_err_pid34650.log:/hs_err_pid34650.log -b /hs_err_pid35790.log:/hs_err_pid35790.log -b /hs_err_pid35835.log:/hs_err_pid35835.log -b /nfs04:/nfs04 -b /hs_err_pid38932.log:/hs_err_pid38932.log -b /etc/host.conf:/etc/host.conf -b /etc/hosts:/etc/hosts -b /etc/networks:/etc/networks -b /etc/passwd:/etc/passwd -b /etc/group:/etc/group -b /etc/nsswitch.conf:/etc/nsswitch.conf -b /etc/resolv.conf:/etc/resolv.conf -b /usr/share/zoneinfo/Europe/Berlin:/usr/share/zoneinfo/Europe/Berlin -b /home/mi24ris:/home/mi24ris -b /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/home/mi24ris/.nix-portable/ca-bundle.crt
Testing if nix can build stuff without sandbox
this derivation will be built:
/nix/store/d1dixwac2sq99s6zxss75xv7nzy0qk1x-test.drv
building '/nix/store/d1dixwac2sq99s6zxss75xv7nzy0qk1x-test.drv'...
ErroSysError~executing '/nix/store/9ywr69qi622lrmx5nn88gk8jpmihy0dz-bash-4.4-p23/bin/bash': No such file or directory
error: builder for '/nix/store/d1dixwac2sq99s6zxss75xv7nzy0qk1x-test.drv' failed with exit code 1
Fatal error: nix is unable to build packages
And the store is also actually missing this bash. I am a little bit clueless what's happening, as it works for another user on the cluster.
In the following Github action, running nix-portable
doesn't produce any outputs. The same command runs fine on my machine (NixOS), but not on GH Actions. Have you come across a simliar issue?
name: Portable Nix
env:
NP_GIT: /usr/bin/git
on:
pull_request:
workflow_call:
jobs:
build:
name: "Build"
runs-on: [self-hosted, ubuntu-latest]
steps:
- uses: actions/checkout@v3
- name: "Install Portable Nix ❄️"
run: |
mkdir ~/bin
curl -o ~/bin/nix-portable https://github.com/DavHau/nix-portable/releases/download/v009/nix-portable
chmod +x ~/bin/nix-portable
~/bin/nix-portable nix run nixpkgs#hello
- name: "Test dev shell"
run: |
~/bin/nix-portable nix develop -c java --version
Output:
Running nix-portable
with NP_DEBUG=1
produces the same result.
Any ideas?
Currently nix builds don't work. ls
operations fail during builds.
To reproduce, execute nix-portable inside a debian docker container:
docker run --rm -v $(pwd)/nix-portable:/nix-portable -it debian
inside the container execute any build:
/nix-portable nix build --impure --expr "(import <nixpkgs> {}).hello.overrideAttrs (_:{abc=1;})"
It fails with:
error: builder for '/nix/store/msj4z165q92hgik21g6r2gp6chy9wjyn-hello-2.10.drv' failed with exit code 1;
last 10 log lines:
> patching sources
> configuring
> configure flags: --disable-dependency-tracking --prefix=/nix/store/p83nw19z0437nfsfh34lyi01lnvn9yy2-hello-2.10
> checking for a BSD-compatible install... /nix/store/0y7rv26ffa359wvqd3js94cn73z882fg-coreutils-8.32/bin/install -c
> checking whether build environment is sane... ls: cannot access './configure': No such file or directory
> ls: cannot access 'conftest.file': No such file or directory
> configure: error: ls -t appears to fail. Make sure there is not a broken
> alias in your environment
> configure: error: newly created file is older than distributed files!
> Check your system clock
For full logs, run 'nix log /nix/store/msj4z165q92hgik21g6r2gp6chy9wjyn-hello-2.10.drv'.
Trying to use nix-portable
on an (idiosyncratic ... but aren't they all!) HPC system, I get the following error:
$ ./nix-portable run nixpkgs#cowsay -- hello
unzip: short read
How should I go about understanding what it causing it?
I see that the timestamp on .nix-portable/tmpbin
is updated whenever I run the above command, but the directory is empty, so I can't immediately check my hypothesis that nix-portable
is trying to download and unzip a resource, but is getting an error message instead of the resource.
I see the packages in nix-portable are out-of-date. What should I do to update?
Thank you.
Hi, thank you for developing this project,this is the only way I can use nix on CentOS 7. I was able to install nix-portable
and I am trying to follow tutorials on setting up simple environments for python:
$ nix-shell -p 'python311.withPackages(ps: with ps; [ numpy toolz ])'
error: undefined variable 'python311'
at «string»:1:107:
1| {...}@args: with import <nixpkgs> args; (pkgs.runCommandCC or pkgs.runCommand) "shell" { buildInputs = [ (python311.withPackages(ps: with ps; [ numpy toolz ])) ]; } ""
The same command works on the multi-user installation of nix on a computer where I do have sudo access. I was able to run nix-shell -p python3
via nix-portable though which installs python 3.8, so I am not quite sure what exactly is wrong in the first example. On a different note, how do I update built-in nix to be more up to date (I downloaded v009 from January last year)?
It's a cool project and it'd be nice if there were more maintainers
(I can be a co-maintainer if it's ok with you)
This makes the behavior closer to the real nix
and enables it to be used on HPCs for parallel computing.
AFAIK, the script is unable to be run concurrently so far because of
An example of the "global temporary path" is the "/tmpbin" introduced by #28, which can be workaround by adding random characters to the path used by each instance, the way mktemp
does.
The latter could probably be workaround by implementing some kind of wait
mechanism through a file or something. I'm not familiar with multi-threading, and might not be able to come up with a thoughtful solution.
Hi!
I tried running nix-portable
(release v003) on a "scientific linux" server to no avail:
$ ./nix-portable nix-shell -p bash
error: removing extended attribute 'system.nfs4_acl' from '/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh': Input/output error
(use '--show-trace' to show detailed location information)
$ ./nix-portable nix-shell --show-trace -p bash
error: removing extended attribute 'system.nfs4_acl' from '/nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25b-default-builder.sh': Input/output error
… while evaluating the attribute 'args' of the derivation 'shell'
at /nix/store/35czmc3z397zlf6h1bc1zvh6bh71gpbc-l5vpx3y1iyz01yr55lw1jw0zx6g00kj6-source/pkgs/build-support/trivial-builders.nix:7:7:
6| stdenv.mkDerivation ({
7| name = lib.strings.sanitizeDerivationName name;
| ^
8| inherit buildCommand;
Env:
Operating System: Scientific Linux 7.5 (Nitrogen)
CPE OS Name: cpe:/o:scientificlinux:scientificlinux:7.5:GA
Kernel: Linux 3.10.0-1127.18.2.el7.x86_64
Architecture: x86-64
Is there a way to remedy that? Or at least how to further debug this issue?
$ echo "$NP_LOCATION"
/home/User/Files/Subdirectory With Spaces In Name/MoreFiles/Project
$ ./nix-portable nix-shell ./shell.nix
./nix-portable: line 42: test: /home/User/Files/Subdirectory
/home/User/Files/Subdirectory With Spaces In Name/MoreFiles/Project/.nix-portable/busybox/bin/busybox: No such file or directory
nix in nix portable is running behind. there should be a new updated version with the latest version of nix in nix portable
NP_RUNTIME=bwrap ./nix-portable nix-shell --run "bash" --cores 4 -j4 --pure ci/shell.nix
With the following ci/shell.nix
:
{ clangOnly ? "no" }:
let
sources = import ./nix/sources.nix;
pkgs = import sources.nixpkgs { };
mach-nix = import (builtins.fetchGit {
url = "https://github.com/DavHau/mach-nix/";
ref = "refs/tags/3.1.1";
}) {
pkgs = pkgs;
python = "python37";
};
customPython = mach-nix.mkPython rec {
requirements = ''
pytest
toml
'';
};
llvmPkgs = pkgs.buildPackages.llvmPackages_11;
myStdenv = if clangOnly=="yes" then llvmPkgs.stdenv else pkgs.gcc10Stdenv;
myBinutils = if clangOnly=="yes" then llvmPkgs.bintools else pkgs.binutils;
mkShellNewEnv = pkgs.mkShell.override { stdenv = myStdenv; };
in mkShellNewEnv {
nativeBuildInputs = [ pkgs.cmake ];
buildInputs = with pkgs; [
customPython
bashInteractive
which
gfortran
valgrind
gdb
fmt
llvm_11
lld_11
myBinutils
bison_3_5
zlib
libbfd
re2c
git
xonsh
rapidjson
];
}
Errors out with:
NP_RUNTIME=bwrap ./nix-portable nix-shell --run "bash" --cores 4 -j4 --pure ci/shell.nix --show-trace
error: error: executing 'git': No such file or directory
error: program 'git' failed with exit code 1
… while fetching the input 'git+https://github.com/DavHau/mach-nix/?ref=refs%2ftags%2f3.1.1'
… while evaluating anonymous lambda
at /nix/store/4jmvxvjk7zkx48fcmj64bn0426gl6mdv-nixpkgs-src/pkgs/stdenv/generic/make-derivation.nix:143:17:
142| (map (drv: drv.__spliced.hostHost or drv) depsHostHost)
143| (map (drv: drv.crossDrv or drv) buildInputs)
| ^
144| ]
… from call site
… while evaluating 'getOutput'
at /nix/store/4jmvxvjk7zkx48fcmj64bn0426gl6mdv-nixpkgs-src/lib/attrsets.nix:482:23:
481| */
482| getOutput = output: pkg:
| ^
483| if pkg.outputUnspecified or false
… from call site
… while evaluating the attribute 'buildInputs' of the derivation 'nix-shell'
at /nix/store/4jmvxvjk7zkx48fcmj64bn0426gl6mdv-nixpkgs-src/pkgs/build-support/mkshell/default.nix:28:3:
27| stdenv.mkDerivation ({
28| name = "nix-shell";
| ^
29| phases = ["nobuildPhase"];
No matter what I try, I always get:
$ nix --version
nix (Nix) 2.4pre20201201_5a6ddb3
How can I upgrade nix version inside the container?
The closest I can get is change the channel as indicated in #26 and run nix-shell -p nix
, but that removes the comfort of using nix from outside the container by creating a symlink from nix
to nix-portable
.
Thanks.
direnv has this cool feature to download scripts to extend direnv functionality.
I use this method here in nix-direnv: https://github.com/nix-community/nix-direnv#direnv-source_url
Would you be interested in having similar functionality for nix-portable
? The script could check if nix is available and if not download nix-portable (with the appropriate arch check).
This would allow for nix-portable
to be used in much the same way as gradlew
and be shipped with projects. On systems with Nix, nix-portable
would be able to detect and run the system-wide install of Nix instead of itself. This behaviour could be modified with a flag or environment variable.
Alternatively, nix-portable
could obtain access to the system-wide Nix store or talk to the system-wide Nix daemon if it detects it, so that the sandbox is retained, but the risk of data duplication is reduced
Hi,
nix newbie here!
I often work on a centOS7 system on which I am not root. A few days ago I came across nix-portable and since then I can finally use modern software on the system. Thank you very much for this!
Currently I'm using a shell.nix
file where I specify all my programms to install and use seperate dotfiles for configuration.
However the this really got me started, and I've now started setting up nixos in a VM with home-manager based on this minimal example config.
I wonder if there is any way to use the home-manager config also with nix-protable?
I tried nix-portable on void, porteus, devuan, and endeavouros (arch) always getting the same error, example in void:
error: setting up a private mount namespace: Operation not permitted
I read around that I have to activate "user namespaces", but for void it seemed already active (In the other distros there were different parameters to set):
user.max_user_namespaces = 14505
However when I tried to run the command with sudo, I could see htop running.
Could it be a permission issue?
I should specify that while I tested nix-portable on void installed on a physical machine, the other three distributions were on a virtual machine (virtual box).
Thanks :)
I have been struggling to update the bundled nixpkgs, as it is quite old these days. I can see that using nix-channel is not supported:
Lines 40 to 42 in 55feedf
Well... I just found a way to do it, and wanted to share it in case it helps adding that support.
# nix-portable comes like this:
~> nix-portable nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
"20.09pre-git"
# Let's try to update it:
~> nix-portable nix-channel --add https://nixos.org/channels/nixos-21.11 nixpkgs
~> nix-portable nix-channel --update
unpacking channels...
# It didn't work:
~> nix-portable nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
"20.09pre-git"
# Now, the magic:
~> ln -sf ../../.nix-defexpr/channels/nixpkgs ~/.nix-portable/channels/nixpkgs
~> nix-portable nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
"21.11.335037.e67c94a1adb"
IIUC, by shipping that symlink out of the box, we'd get usable nix-channel
!
nix-portable 006 does not seem to work on this machine with CentOS 7.4.
Log:
$ NP_DEBUG=1 nix-portable nix-shell --help
figuring out ssl certs
SSL_CERT_FILE not defined. trying to find certs automatically
found /etc/ssl/certs/ca-bundle.crt
figuring out which runtime to use
bwrap executable: /[redacted]/nix-portable/.nix-portable/bin/bwrap
proot executable: /[redacted]/nix-portable/.nix-portable/bin/proot
bwrap doesn't work on this system -> will use proot
creating bind args for /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
needGit: false
git already installed or not required
running command: /[redacted]/nix-portable/.nix-portable/bin/proot -R /[redacted]/nix-portable/.nix-portable/emptyroot -b /[redacted]/nix-portable/.nix-portable/store:/nix/store -b /[redacted]/nix-portable/.nix-portable/store/7fryg0wgx7zs5rfz00mi6kf755diakc5-busybox-1.31.1/bin/:/bin -b /boot:/boot -b /usr:/usr -b /run:/run -b /.readahead:/.readahead -b /tmp:/tmp -b /lost+found:/lost+found -b /srv:/srv -b /root:/root -b /net:/net -b /nfs:/nfs -b /sys:/sys -b /var:/var -b /usr/lib64:/lib64 -b /usr/sbin:/sbin -b /mig:/mig -b /udd:/udd -b /usr/lib:/lib -b /mnt:/mnt -b /usr/bin:/bin -b /opt:/opt -b /dev:/dev -b /home:/home -b /temp_dd:/temp_dd -b /proc:/proc -b /media:/media -b /var/lib/snapd/snap:/snap -b /local:/local -b /soft:/soft -b /etc/host.conf:/etc/host.conf -b /etc/hosts:/etc/hosts -b /etc/networks:/etc/networks -b /etc/passwd:/etc/passwd -b /etc/group:/etc/group -b /etc/nsswitch.conf:/etc/nsswitch.conf -b /etc/resolv.conf:/etc/resolv.conf -b /usr/share/zoneinfo/Europe/Paris:/etc/localtime -b /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /[redacted]/nix-portable/.nix-portable/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/nix-shell -h
proot error: execve("/nix/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/nix-shell"): No such file or directory
proot info: possible causes:
* the program is a script but its interpreter (eg. /bin/sh) was not found;
* the program is an ELF but its interpreter (eg. ld-linux.so) was not found;
* the program is a foreign binary but qemu was not specified;
* qemu does not work correctly (if specified);
* the loader was not found or doesn't work.
fatal error: see `proot --help`.
proot error: trying to remove a directory outside of '/tmp', please report this error.
proot error: can't chmod '/tmp/proot-116897-nOPci8': No such file or directory
If I manually enter into the proot (with the same "running command"):
$ /nix/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/nix-shell --help
-sh: /nix/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/nix-shell: /nix/store/q53f5birhik4dxg3q3r2g5f324n7r5mc-glibc-2.31-74/lib/ld-linux-x86-64.so.2: bad ELF interpreter: No such file or directory
$ file /nix/store/q53f5birhik4dxg3q3r2g5f324n7r5mc-glibc-2.31-74/lib/ld-linux-x86-64.so.2
/nix/store/q53f5birhik4dxg3q3r2g5f324n7r5mc-glibc-2.31-74/lib/ld-linux-x86-64.so.2: unreadable symlink `/nix/store/q53f5birhik4dxg3q3r2g5f324n7r5mc-glibc-2.31-74/lib/ld-linux-x86-64.so.2' (No such file or directory)
ld-linux-x86-64.so.2
is a symlink to ld-2.31.so
but this seems to be broken somehow inside the proot environment.
If I replace the symlink by a file, I still get the same error (bad ELF interpreter: No such file or directory
) but the file
commands give the expected file type (ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b958a693633bb00f1c8335ab324f835633518e39, not stripped
)
Note that I used a custom location with $NP_LOCATION
. If I unset this environment variable, nix-portable hangs:
$ NP_DEBUG=1 nix-portable nix-shell --help
figuring out ssl certs
SSL_CERT_FILE not defined. trying to find certs automatically
found /etc/ssl/certs/ca-bundle.crt
figuring out which runtime to use
bwrap executable: /[home redacted]/.nix-portable/bin/bwrap
proot executable: /[home redacted]y/.nix-portable/bin/proot
bwrap doesn't work on this system -> will use proot
creating bind args for /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
For information, I used proot+nix on this machine a while ago and it used to work.
Environment:
$ uname -a
Linux [redacted] 3.10.0-693.11.6.el7.x86_64 #1 SMP Thu Jan 4 01:06:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
I'm using nix-portable to configure stuff related to my dotfiles, including setting up a shell and terminal multiplexer. Currently this means I can't run sudo commands when I'm using said dotfiles, at least if I'm not a system that doesn't have real nix.
Is there a way to tweak the bubblewrap config to fix this?
Hi, I occasionally need a lightweight static Nix so when I google for it I land on this repo.
Then I remember that there was some kind of official static build, so I look some more and find NixOS/nixpkgs#56281 .
I think in the past I've used both this build (thanks BTW!) and the one in Hydra, and I wonder if there are any differences between them?
I haven't seen any activity over a year
Using nix-portable v011
$ nix-portable nix run nixpkgs#htop
error: setting up a private mount namespace: Operation not permitted
By the way, bwrap runs fine.
$ NP_RUNTIME=bwrap nix-portable nix run nixpkgs#htop
$ zgrep CONFIG_USER_NS /proc/config.gz
CONFIG_USER_NS=y
CONFIG_USER_NS_UNPRIVILEGED=y
$ cat /proc/sys/kernel/unprivileged_userns_clone
1
$ unshare -r -n echo YES
YES
$ uname -a
Linux mipha 6.7.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Sun, 03 Mar 2024 00:30:36 +0000 x86_64 GNU/Linux
$ NP_DEBUG=2 nix-portable nix run nixpkgs#htop 2>&1 | tee np_debug.log
$ NP_DEBUG=2 strace nix-portable nix run nixpkgs#htop 2>&1 | tee strace.log
$ grep unshare strace.log
unshare(CLONE_NEWNS|CLONE_NEWUSER) = 0
unshare(CLONE_NEWNS|CLONE_NEWUSER) = -1 EPERM (Operation not permitted)
unshare(CLONE_NEWNS) = -1 EPERM (Operation not permitted)
$ strace unshare -r -m echo YES 2>&1 | egrep 'unshare|YES'
execve("/usr/bin/unshare", ["unshare", "-r", "-m", "echo", "YES"], 0x7ffc6e302bd0 /* 79 vars */) = 0
unshare(CLONE_NEWNS|CLONE_NEWUSER) = 0
execve("/home/user/perl5/bin/echo", ["echo", "YES"], 0x7ffdf5a71d28 /* 79 vars */) = -1 ENOENT (No such file or directory)
execve("/opt/asdf-vm/bin/echo", ["echo", "YES"], 0x7ffdf5a71d28 /* 79 vars */) = -1 ENOENT (No such file or directory)
execve("/home/user/sbin/echo", ["echo", "YES"], 0x7ffdf5a71d28 /* 79 vars */) = -1 ENOENT (No such file or directory)
execve("/home/user/bin/echo", ["echo", "YES"], 0x7ffdf5a71d28 /* 79 vars */) = -1 ENOENT (No such file or directory)
execve("/usr/local/sbin/echo", ["echo", "YES"], 0x7ffdf5a71d28 /* 79 vars */) = -1 ENOENT (No such file or directory)
execve("/usr/local/bin/echo", ["echo", "YES"], 0x7ffdf5a71d28 /* 79 vars */) = -1 ENOENT (No such file or directory)
execve("/usr/bin/echo", ["echo", "YES"], 0x7ffdf5a71d28 /* 79 vars */) = 0
write(1, "YES\n", 4YES
nix-portable-010
RHEL 7.9
Linux 3.10.0-1160.53.1.el7.x86_64
The first time I tried to run nix-portable, I got:
$ nix-portable nix-shell -p zsh
...
tar: /etc/group: bad record
tar: /etc/group: bad record
tar: /etc/group: bad record
/p/home/jraa/.nix-portable/store/cqvxiq4l98b7d1ra0sqj1p83cb8sk99z-nix-2.18.0/bin/nix-store: error while loading shared libraries: libgssapi_krb5.so.2: cannot open shared object file: No such file or directory
This is a large HPC system with many users. file /etc/groups
says ... with very long lines
. Not sure if that is relevant?
Subsequent attempts to run give:
$ nix-portable nix-shell -p zsh
Fatal error: nix is unable to build packages
Is there something I can do to fix this?
Hello,
first thanks for your extraordinary contributions to nix !
In matthewbauer/nix-bundle#69 you wrote
We could just pull a static proot binary from proot's gitlab like I did it with nix-portable.
I plan to do something similar, i. e. somehow pull the static nix-user-chroot aarch64 binary in nix-bundle. Just don't know where to start yet.
Is nix-portable's scope regarding bundling in some way similar to nix-bundle's ? I'm asking because I want to check if I could also use nix-portable to bundle a certain haskell package for the aarch64-linux target, see matthewbauer/nix-bundle#80
version: nix-portable-010
I am trying to setup nix-portable on an HPC cluster and it turns out that our
configured home directories are links somewhere else. This breaks nix-portable
when it tries to call bwrap:
$ ./nix-portable nix run nixpkgs#hello
bwrap: Can't mkdir parents for /Users/erooke/.nix-portable/ca-bundle.crt: No such file or directory
$ HOME=$(readlink -f $HOME) ./nix-portable nix run nixpkgs#hello
Hello, world!
I don't know how common of a setup this is or if there is interest in fixing it here but it took me a hot minute to figure out what was going wrong.
Here are some features that I think will be a good addition for this project
nix-portable nix-export --app firefox
for app icons export or nix-portable nix-export --bin firefox --export-path ~/.local/bin
$ NP_DEBUG=2 ./nix-portable nix-shell -p hello
…
error: cannot connect to socket at '/nix/var/nix/daemon-socket/socket': No such file or directory
(use '--show-trace' to show detailed location information)
+ echo 'Fatal error: nix is unable to build packages'
Fatal error: nix is unable to build packages
+ exit 1
This is on Manjaro, with a system-wide installation of Nix from the distro repositories.
The socket filepath in question does exist in the system root, unrelated to nix-portable
:
$ file /nix/var/nix/daemon-socket/socket
/nix/var/nix/daemon-socket/socket: socket
Happens with nix build
of latest master
, and also with nix-portable-009
release from January 2022.
I downloaded the v009 binary, and ran
nix-portable nix-shell -p bash
but it fails with the following error:
warning: error: unable to download 'http://isl.gforge.inria.fr/isl-0.17.1.tar.xz': Timeout was reached (28); retrying in 274 ms
warning: error: unable to download 'http://isl.gforge.inria.fr/isl-0.17.1.tar.xz': Timeout was reached (28); retrying in 612 ms
warning: error: unable to download 'http://isl.gforge.inria.fr/isl-0.17.1.tar.xz': Timeout was reached (28); retrying in 1170 ms
^[[B^[[Bwarning: error: unable to download 'http://isl.gforge.inria.fr/isl-0.17.1.tar.xz': Timeout was reached (28); retrying in 2150 ms
error: unable to download 'http://isl.gforge.inria.fr/isl-0.17.1.tar.xz': Timeout was reached (28)
error: builder for '/nix/store/g2ag62lgniwh7gisv3qk721l93wrhm71-isl-0.17.1.tar.xz.drv' failed with exit code 1
error: 1 dependencies of derivation '/nix/store/mq3nnxd4rznimdjv51czdmpnzklj9zm8-isl-0.17.1.drv' failed to build
error: 1 dependencies of derivation '/nix/store/ll8mjfvnhd3rq0vf56qrxqxa0iqvb8i1-gcc-9.3.0.drv' failed to build
building '/nix/store/vd1qyrzvbchgflbgrf3y588k5af0d7mj-libffi-3.3.tar.gz.drv'...
error: 1 dependencies of derivation '/nix/store/hxa00450r312f19vhsx9d9z2k5f8dlfi-bootstrap-stage4-gcc-wrapper-9.3.0.drv' failed to build
error: 1 dependencies of derivation '/nix/store/bmk3hs8m6wcnvk9cg30z3fhjkdhfbxgn-stdenv-linux.drv' failed to build
error: 1 dependencies of derivation '/nix/store/7vjnd11idy69hhnrnj2yzjy1hri9h0yc-test.drv' failed to build
+ echo 'Fatal error: nix is unable to build packages'
Fatal error: nix is unable to build packages
+ exit 1
According to this pr there is a new mirror available, but unsure how to change that, any guidance on how to fix this? thanks!
System Information
$ uname -a
Linux xxx.ac.uk 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux
When building emacs29-gtk3 with packages, I end up with few Operation not permitted on chmods. These are executed in the fixupPhase. I am on Alpine Linux. I've tried all nix, bwrap and proot as backends.
The command ran: nix-build -E 'with import <nixpkgs> {}; (pkgs.emacsPackagesFor pkgs.emacs29-gtk3).emacsWithPackages(p: [ p.vterm ])'
. It builds fine on NixOS.
Workaround: use nixpkgs#emacs29
$ nix-portable nix-shell --gc`, an error
finding garbage collector roots...
0 store paths deleted, 0.00 MiB freed
reading symlink: Operation not permitted
error: --- SysError -------------- nix-store
reading symlink: Operation not permitted
The same error occurs when running directly or inside a nix-shell environment.
When entering an arbitrary nix-shell (e.g. by nix-portable nix-shell -p git
), readlink
works alright on the result
links and all the symlinks under /nix/var/nix/gcroots/auto
(/nix/var/nix/gcroots/per-user/myuser
is empty). However, when trying
$ readlink /nix/var/nix/gcroots/profiles
$ echo $?
1
while ls -l /nix/var/nix/gcroots
shows that /nix/var/nix/gcroots/profiles
is a bolic link to /nix/var/nix/profiles
.
Platform: CentOS 7 (CERN LXPLUS)
I know this is a bit of a long shot, but any ideas why this fails for me? I started up a ubuntu:latest
docker container, wgetted the latest release of nix-portable, then ran ./nix-portable nix build github:gytis-ivaskevicius/ion-shell#ion-shellac -L -v
. This builds until it hits the following error:
ion-shell-vendor.tar.gz> error: failed to sync
ion-shell-vendor.tar.gz> Caused by:
ion-shell-vendor.tar.gz> failed to copy over vendored sources for: ab_glyph_rasterizer v0.1.4
ion-shell-vendor.tar.gz> Caused by:
ion-shell-vendor.tar.gz> failed to create directory `ion-shell-vendor.tar.gz/ab_glyph_rasterizer`
ion-shell-vendor.tar.gz> Caused by:
ion-shell-vendor.tar.gz> File exists (os error 17)
ion-shell-vendor.tar.gz> Traceback (most recent call last):
ion-shell-vendor.tar.gz> File "/nix/store/l2c8c8jpnic6csbqsdlwi71yb4j7q4zi-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 42, in <module>
ion-shell-vendor.tar.gz> main()
ion-shell-vendor.tar.gz> File "/nix/store/l2c8c8jpnic6csbqsdlwi71yb4j7q4zi-cargo-vendor-normalise/bin/.cargo-vendor-normalise-wrapped", line 17, in main
ion-shell-vendor.tar.gz> assert list(data.keys()) == ["source"]
ion-shell-vendor.tar.gz> AssertionError
Any idea what to make of this? This builds on x8664 linux. In any case this project is very cool! Thanks for putting in the time and effort to make this functional.
Hello! I need to add another acl to the list of ignored-acls in nix.conf (specifically security.csm). Should I add yet another environment variable to be picked up somewhere around here, or is there a better way?
Thank you!
Go to https://app.kasmweb.com/#/cast/1481835260 , it's a demo for a web-based Ubuntu desktop environment.
Open a terminal and run:
wget --no-check-certificate https://github.com/DavHau/nix-portable/releases/download/v010/nix-portable
chmod a+x nix-portable
./nix-portable nix run nixpkgs#jq
There should be nothing to build here but it crashes with "nix is unable to build packages"
I ran it with NP_DEBUG=2
, here's the log: errorlog.txt
Here is the link: https://github.com/dnkmmr69420/nix-portable-utils I've made installers and other useful simple utilities for nix portable. Check it or even try it out yourself.
I'm doing something like this:
$ ./nix-portable nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
$ ./nix-portable nix-channel --update
$ ./nix-portable nix-env -qaP mc
nixpkgs.mc mc-4.8.26
$ ./nix-portable nix-env -iA nixpkgs.mc
replacing old 'mc-4.8.26'
installing 'mc-4.8.26'
after mc or vim or whatever is installed, I'm trying to run it:
$ ./nix-portable mc
bwrap: execvp /home/mint/.nix-portable/store/p8d4qqiqcmx935m2b5a1gsmr6sp1ihsn-nix-2.4pre20201201_5a6ddb3/bin/mc: No such file or directory
store hash is a completely other one than physically present in mc dir, that's strange. Maybe I'm doing something wrong ?
The README lists macOS as not supported yet. As far as I understand it's difficult to do because proot
/bwrap
don't exist on that platform. But it would be great to discuss the possibilities.
I can help moderate too if you want too
Reproduction step:
NP_LOCATION
on ram-based file system.
NP_LOCATION="$TMPDIR" nix-portable bla bla bla
rm -rf .nix-portable
rm cannot remove '.nix-portable/store/...': permission denied
error.I'm trying to use this package to get nix to work into the BuildBuddy CI (vgijssel/setup#544, https://buildbuddy.slack.com/archives/CUY16GNK1/p1695741762934659?thread_ts=1695126450.569509&cid=CUY16GNK1). When running the installer I get the following error
find: /vfs: Interrupted system call
It seems the /vfs
mount is special within the Firecracker VM and find breaks when accessing it. Would it be possible to supply an ignore list to nix-portable? For example
NP_IGNORE_MOUNTS='/vfs' nix-portable nix-shell -p bash
Hi,
Thanks for your work on this project! It'd be great if an official nix-portable binary could be released for `armv7l-linux
I'm running nix-portable with NP_LOCATION=/scratch/danio
and these files in my PATH
:
wxrwxrwx 1 danio eall_s 12 Aug 19 16:28 nix -> nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:29 nix-build -> nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:29 nix-collect-garbage -> nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:29 nix-copy-closure -> nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:29 nix-index -> nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:29 nix-info -> nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:29 nix-instantiate -> nix-portable
-rwxr-xr-x 1 danio eall_s 37M Apr 28 14:17 nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:29 nix-shell -> nix-portable
lrwxrwxrwx 1 danio eall_s 12 Aug 19 16:28 nix-store -> nix-portable
-rwxr-xr-x 1 danio eall_s 114 Aug 21 14:46 nix_wrapper.sh
nix_wrapper.sh:
#!/bin/sh
exec bash -c '
mkdir -p /scratch/danio
export NP_LOCATION="/scratch/danio"
exec $SSH_ORIGINAL_COMMAND
'
on an NFS share
Some builds seem to work but others fail. I've seen it when I tried to build qtwebengine using this node as a builder, but now I also see it when running nix-build -vvvvvvvvvv -I "nixos=https://github.com/NixOS/nixpkgs/archive/refs/heads/nixos-21.05.tar.gz" -A omnikey
with a local default.nix
the key seems to lie here in the log:
stat: cannot statx '/nix/store/ah9102l9q1fsgsama0gss32w7p9a3il5-read-omnikey-0.1.0/bin/read-omnikey': No such file or directory
waiting for children
building of '/nix/store/bwyhffd4s60yl242194a5ldyqdyzllha-read-omnikey-0.1.0.drv!out' from .drv file: got EOF
building of '/nix/store/bwyhffd4s60yl242194a5ldyqdyzllha-read-omnikey-0.1.0.drv!out' from .drv file: woken up
building of '/nix/store/bwyhffd4s60yl242194a5ldyqdyzllha-read-omnikey-0.1.0.drv!out' from .drv file: build done
killing process 6457
builder process for '/nix/store/bwyhffd4s60yl242194a5ldyqdyzllha-read-omnikey-0.1.0.drv' finished
lock released on '/nix/store/ah9102l9q1fsgsama0gss32w7p9a3il5-read-omnikey-0.1.0.lock'
building of '/nix/store/bwyhffd4s60yl242194a5ldyqdyzllha-read-omnikey-0.1.0.drv!out' from .drv file: done
building of '/nix/store/bwyhffd4s60yl242194a5ldyqdyzllha-read-omnikey-0.1.0.drv!out' from .drv file: goal destroyed
error: --- Error -------------------------------------------------------------------- nix-build
builder for '/nix/store/bwyhffd4s60yl242194a5ldyqdyzllha-read-omnikey-0.1.0.drv' failed with exit code 1
Specifically the stat: cannot statx '/nix/store/ah9102l9q1fsgsama0gss32w7p9a3il5-read-omnikey-0.1.0/bin/read-omnikey': No such file or directory
Do you have an idea of what's wrong?
I can't find any explanation for it
I have just downloaded the portable binary version 006 and run this but getting a FileTransferError. I installed ca-certificates through Arch linux package manager but it didn't solve the issue.
$ nix run 'github:nixos/nixpkgs#hello'
error: --- FileTransferError --------------------------------------------------- nix
unable to download 'https://api.github.com/repos/nixos/nixpkgs/commits/HEAD':
Problem with the SSL CA cert (path? access rights?) (77)
Distro: Arch Linux
This tool looks awesome! I was wondering if you'd mind attaching a license to it.
On distributions with UsrMerge like Arch Linux, /bin
is a symlink to /usr/bin
. If git is already installed, nix-portable will find it at /usr/bin/git
and sets needGit
to false. Then it proceeds to bind ${busybox}/bin
to /bin
, which actually binds to /usr/bin
and hides the host's git binary. Executing any nix
command that requires git now results in:
executing 'git': No such file or directory
There are multiple ways to fix, maybe just don't bind ${busybox}/bin
but prepends it to PATH
? Or perhaps it doesn't even need to bring its own busybox, just assume the system's coreutils, tar, xz as dependencies which should be available on almost every system.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.