!LemuOOvbWqRXodtSsw:nixos.org

NixOS Reproducible Builds

457 Members
Report: https://reproducible.nixos.org Project progress: https://github.com/orgs/NixOS/projects/3097 Servers

Load older messages

SenderMessageTime
15 Oct 2024
@atemu12:matrix.orgAtemuI believe07:25:08
@atemu12:matrix.orgAtemuIt never went through normalisation07:25:30
@atemu12:matrix.orgAtemu"Alive" is perhaps the wrong term here. "Not actually realised yet from the perspective of Nix" would probably be more fitting07:26:42
@atemu12:matrix.orgAtemu If you nix-store --verify-path it, Nix should tell you that the path doesn't exist 07:28:46
@atemu12:matrix.orgAtemuAnd indeed if you try to realise such a path, Nix will substitute or build it07:31:39
@pyrox:pyrox.devdish [Fox/It/She] changed their display name from Pyrox [ It/She/They/Xem ] to dish [Fox/It/She].07:36:18
@katexochen:matrix.orgPaul Meyer (katexochen)
In reply to @katexochen:matrix.org
No explanation how the writable file ended up in the image, no. I'd have to look deeper into the hardlink optimization. Maybe there is a race with creating the link under /nix/store/.links and the build failing? Then any file from a successful derivation could be hardlinked against a writable file.

I searched for writable files that are hardlinked into a derivation that doesn't have a .lock, and it seems like there is none, so my theory doesn't work out:

#!/usr/bin/env bash

while read -r file; do
    links=$(stat -c %h "$file")
    if [[ "$links" -le 1 ]]; then
        echo "No links for $file"
        continue
    fi
    inode=$(stat -c %i "$file")
    while read -r linkedFile; do
        if [[ "$linkedFile" == "$file" ]]; then
            continue
        fi
        linkedDrv=$(echo "$linkedFile" | cut -d'/' -f1-4)
        if [[ -e "${linkedDrv}.lock" ]]; then
            echo "Lock file exists for $linkedDrv"
            continue
        fi
        echo "$linkedFile"
    done < <(find /nix/store -type f -inum "$inode" 2>/dev/null)
done < <(find /nix/store -type f -perm -u+w ! -perm -g+w ! -perm -o+w 2>/dev/null)
07:53:37
@katexochen:matrix.orgPaul Meyer (katexochen)Not sure where to look next07:54:19
@atemu12:matrix.orgAtemuLook for what exactly? I'm not following.07:55:02
@katexochen:matrix.orgPaul Meyer (katexochen)For an explanation how a writable file ended up in a realised derivation/in the image.07:59:02
@katexochen:matrix.orgPaul Meyer (katexochen) * For an explanation how a writable file ended up in a realised derivation/in the image (on one system, and not on another)08:00:36
@katexochen:matrix.orgPaul Meyer (katexochen)

This is what we are trying to debug (from an uki/repart nixos image):

❯ diffoscope f*/initrd_0
--- f-btrfs/initrd_0
+++ f-ext/initrd_0
│┄ comprises of 1 embedded members
├── .cpio file embedded at offset 0
│ ├── file list
│ │ @@ -981,15 +981,15 @@
│ │  -r--r--r--   0        0        0     2274 1970-01-01 00:00:01.000000 ./nix/store/frngrlq2xa2szv4bx91jkymv0dy9akmx-kbd-2.6.4/share/keymaps/sun/sunt5-uk.map.gz
│ │  -r--r--r--   0        0        0     4926 1970-01-01 00:00:01.000000 ./nix/store/frngrlq2xa2szv4bx91jkymv0dy9akmx-kbd-2.6.4/share/keymaps/sun/sunt5-us-cz.map.gz
│ │  -r--r--r--   0        0        0     1706 1970-01-01 00:00:01.000000 ./nix/store/frngrlq2xa2szv4bx91jkymv0dy9akmx-kbd-2.6.4/share/keymaps/sun/sunt6-uk.map.gz
│ │  drwxr-xr-x   0        0        0        0 1970-01-01 00:00:01.000000 ./nix/store/fvsswlqh6pc2f5x9qvahm4qbjgjlp86j-linux-pam-1.6.1/
│ │  drwxr-xr-x   0        0        0        0 1970-01-01 00:00:01.000000 ./nix/store/fvsswlqh6pc2f5x9qvahm4qbjgjlp86j-linux-pam-1.6.1/lib/
│ │  lrwxrwxrwx   0        0        0       16 1970-01-01 00:00:01.000000 ./nix/store/fvsswlqh6pc2f5x9qvahm4qbjgjlp86j-linux-pam-1.6.1/lib/libpam.so.0 -> libpam.so.0.85.1
│ │  -rwxrwxrwx   0        0        0    67608 1970-01-01 00:00:01.000000 ./nix/store/fvsswlqh6pc2f5x9qvahm4qbjgjlp86j-linux-pam-1.6.1/lib/libpam.so.0.85.1
│ │ --rw-r--r--   0        0        0        0 1970-01-01 00:00:01.000000 ./nix/store/gq7vys7yw9gsrrk5jzp4qx1glc15hwlp-initrd-kmod-blacklist-ubuntu
│ │ +-r--r--r--   0        0        0        0 1970-01-01 00:00:01.000000 ./nix/store/gq7vys7yw9gsrrk5jzp4qx1glc15hwlp-initrd-kmod-blacklist-ubuntu
08:02:31
@atemu12:matrix.orgAtemuI see08:11:22
@atemu12:matrix.orgAtemu What's that last line about btw? +-r--r--r-- 08:11:40
@atemu12:matrix.orgAtemuIs it actually RW in the image?08:11:51
@katexochen:matrix.orgPaul Meyer (katexochen)Last two lines are the diff between the two images (looks a bit confusing without color) 08:20:16
@atemu12:matrix.orgAtemuAhh that makes sense08:21:22
@atemu12:matrix.orgAtemuThe path is writeable on the build system though, right?08:21:37
@katexochen:matrix.orgPaul Meyer (katexochen)Yes, I'm pretty sure it was writable on my local system. But I cleaned up that path and couldn't find a way to reproduce that yet.08:29:42
@atemu12:matrix.orgAtemuAs mentioned before, there have been cases reported before where some system daemons remount /nix/store. I don't have the issue handy but I'm sure you can find it. Make sure you're not running any of those.08:32:52
16 Oct 2024
@h7x4:nani.wtfh7x4 joined the room.11:31:34
18 Oct 2024
@sammy:cherrykitten.dev@sammy:cherrykitten.dev left the room.08:36:59
19 Oct 2024
@jwillikers:matrix.orgjwillikers joined the room.12:09:21
21 Oct 2024
@tolgaerok:matrix.org@tolgaerok:matrix.org left the room.04:35:43
@emilazy:matrix.orgemily do we make __DATE__ reproducible OOTB? 19:33:31
22 Oct 2024
@drupol:matrix.orgPolIt is by default09:07:09
@drupol:matrix.orgPol * It is by default (IIRC)09:07:22
@rnhmjoj:maxwell.ydns.eu@rnhmjoj:maxwell.ydns.eu left the room.12:40:01
23 Oct 2024
@noi0103:matrix.orgnoi0103 joined the room.13:53:13
24 Oct 2024
@jopejoe1:matrix.orgjopejoe1 [4094] set a profile picture.07:35:08

Show newer messages

Back to Room ListRoom Version: 6