| 5 Sep 2021 |
 baloo | like:
[pid 909751] openat(AT_FDCWD, "/nix/store/9bh3986bpragfjmr32gay8p95k91q4gy-glibc-2.33-47/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
| 19:49:45 |
| baloo | I don't believe this is normal | 19:50:14 |
 @rick:matrix.ciphernetics.nl | I thought that library should be loaded before the sandbox is created | 19:50:55 |
| @rick:matrix.ciphernetics.nl | * I thought that library should be loaded before the sandbox is created, or something in that regard | 19:51:18 |
| baloo | there is an "nss hack" in nix. could be that | 19:51:43 |
| baloo | but I'm confused, because on my setup, nix invokes curl which in turn loads nss | 19:52:32 |
| baloo | invokes = execve(/nix/store/..../bin/curl) | 19:53:01 |
 Zhaofeng Li | Wait, the builtin:fetchurl builder should use libcurl? | 19:53:42 |
| baloo | iirc, yeah | 19:53:54 |
| Zhaofeng Li | Are you sure you are running the command above? | 19:53:55 |
| Zhaofeng Li | Because pkgs.fetchurl uses curl CLI and it does work | 19:54:47 |
| Zhaofeng Li | Only <nix/fetchurl.nix> seems to be affected | 19:55:02 |
| baloo | ha could be. | 19:58:29 |
| baloo | running the same strace here, and it looks like you're correct, it does not execve curl | 19:59:10 |
| baloo | but ... I still see: | 19:59:16 |
| baloo | [pid 137791] openat(AT_FDCWD, "/nix/store/9bh3986bpragfjmr32gay8p95k91q4gy-glibc-2.33-47/lib/libnss_dns.so.2", O_RDONLY|O_CLOEXEC) = 10
| 19:59:23 |
| baloo | that works fine ... | 19:59:28 |
| baloo | huuum | 19:59:41 |
| baloo | could you share the output of mount? | 19:59:52 |
| baloo | is /nix/store in the same filesystem than /? | 20:00:11 |
| Zhaofeng Li | No, different filesystem | 20:00:35 |
| baloo | ha! | 20:00:47 |
 tomberek | would using nixUstable to run the build help? | 20:00:55 |
| Zhaofeng Li | @tomberek I'm using nixUnstable | 20:01:11 |
| baloo | tomberek: https://github.com/NixOS/nix/issues/5089#issuecomment-905193921 tried both in a nix tests here | 20:01:27 |
| baloo | both were working fine | 20:01:35 |
| baloo | but the filesystem of /nix/store being different than /, that could be a mount namespace issue | 20:02:13 |
| Zhaofeng Li | Ok, I looked at the logs a bit closer, and it looks like the NSS loading hack didn't really work. getaddrinfo doesn't seem to load libnss_dns | 20:04:58 |
| Zhaofeng Li | It opens a socket to nscd and doesn't load libnss_dns at all. | 20:05:32 |
| @rick:matrix.ciphernetics.nl | I'm also using different filesystems for / and for /nix/store | 20:05:48 |
