Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #2984: attempt to copy if unlinking source directory fails #3321

Closed
wants to merge 1 commit into from
Closed

Fix #2984: attempt to copy if unlinking source directory fails #3321

wants to merge 1 commit into from

Conversation

yorickvP
Copy link
Contributor

We were seeing an error on single-user nix mode, where rename fails if the right permissions on the source path are missing. Since the paths are removed in sandbox mode anyways, we can use copyPath to work around this.

Testcase: nix-build '<nixpkgs>' -A documentation-highlighter --substituters ""

@edolstra
Copy link
Member

Hm, do you know why EACCES happens here?

@yorickvP
Copy link
Contributor Author

I suspect the build creates an actualPath/.. with no write bit set. Being root will ignore that completely, but single-user mode would have a problem. That suggests we can also fix this problem with a well-placed chmod.

@domenkozar domenkozar mentioned this pull request Feb 21, 2020
Open
srid added a commit to srid/rib that referenced this pull request Mar 3, 2020
@srid
Fix a nix bug
94f1a89 
cf. NixOS/nix#3321
srid added a commit to srid/rib that referenced this pull request Mar 3, 2020
@srid
Update nixpkgs and start rib-0.8 (#112)
25c4660 
* fix a nix bug regarding `runCommand` copying a symlink. cf. NixOS/nix#3321

* Upgrade pandoc-include-code

* Upgrade pandoc-types

* Fix warnings
@zhenyavinogradov
Copy link

Another trivial expression that triggers the problem: (import <nixpkgs> {}).runCommand "test" {} "mkdir --mode u-w $out"

@domenkozar domenkozar added the bug label Apr 15, 2020
@domenkozar
Copy link
Member

There's quite a few references here and on #2984 that trigger this bug on single-user installation.

@nh2
Copy link
Contributor

nh2 commented Jun 20, 2020
edited
Loading

I can confirm this issue on a single-user installation on Ubuntu:

nix-build mypackage.nix --out-link .nix-build-gc-root gives:

error: moving build output '/nix/store/...mypackage-0.1.0.0' from the sandbox to the Nix store: Permission denied

Also including the perms for

% ls -lah .nix-build-gc-root
lrwxrwxrwx 1 niklas niklas 58 Jun  9 14:22 .nix-build-gc-root -> /nix/store/...-mypackage-0.1.0.0/

but I don't think those matter, given that rm .nix-build-gc-root changes nothing about the error.

I'm pretty sure this is a new bug / regression, as I've run this before and it worked.

adrian-gierakowski added a commit to rhinofi/nixpkgs that referenced this pull request Jul 21, 2020
@adrian-gierakowski
build-support/docker: fix customisation-layer for streamLayeredImage …
1eda9cc 
…(MacOS)

to avoid error described in NixOS/nix#3321 (comment)

the problem manifests itself when building streamLayeredImage in single user mode
on MacOS using method described in NixOS#91084 (comment)
(via a remote builder)
@adrian-gierakowski adrian-gierakowski mentioned this pull request Jul 21, 2020
Closed
10 tasks
@thomasjm
Copy link
Contributor

@yorickvP doing a chmod u+w or equivalent on the source path sounds better. I just experimented locally and confirmed that the problem seems to arise iff the source path is missing the write bit, like you said. Falling back from rename to copyPath seems like it could incur a performance penalty to copy a large tree, no?

thomasjm added a commit to codedownio/nixpkgs that referenced this pull request Jul 23, 2020
@thomasjm
Fix docker builds to deal with issue from NixOS/nix#3321
74d0d03
@Ericson2314
Copy link
Member

BTW https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d445c30ea6f9693454ca96bae9089ba8738a6f78 seems slightly related.

@mkaito
Copy link
Contributor

mkaito commented Aug 27, 2020

I ran into this issue again today. I suppose there aren't that many single-user nix users out there. Should I reinstall nix in multi-user mode, or can I hope for this to get fixed?

thomasjm added a commit to codedownio/nixpkgs that referenced this pull request Sep 13, 2020
@thomasjm
Fix docker builds to deal with issue from NixOS/nix#3321
1487483
@nh2
Copy link
Contributor

nh2 commented Sep 26, 2020

I found a workaround for my case:

I had written a derivation that copied the outputs of another derivation like this:

cp -r ${pkgs.otherDerivation} $out

After that, the permissions of $out are dr-xr-xr-x and then that fails to copy from the sandbox to the nix store.

My workaround is to do this instead:

cp -r ${pkgs.otherDerivation} $out
chmod -R u+w $out

then it works also in my single-user install.

@Ericson2314
Copy link
Member

Perhaps #4054 fixed this?

@nixos-discourse
Copy link

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/docker-build-issue/9495/1

@nh2 nh2 mentioned this pull request Oct 16, 2020
Closed
@yorickvP yorickvP mentioned this pull request Dec 4, 2020
Merged
@yorickvP
Copy link
Contributor Author

Hopefully fixed by #4312, have no way to reproduce this anymore.

@yorickvP yorickvP closed this Dec 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@yorickvP @edolstra @zhenyavinogradov @domenkozar @nh2 @thomasjm @Ericson2314 @mkaito @nixos-discourse