| 13 Sep 2022 |
 k0kada (he/him) | Ah ok, this makes sense | 22:13:40 |
 mei 🌒& | there's people like $partner who i'd like to respond to quickly also on matrix so sometimes the idly-checking-matrix habit crosses ovre | 22:14:12 |
| mei 🌒& | * there's people like $partner who i'd like to respond to quickly also on matrix so sometimes the idly-checking-matrix habit crosses over | 22:14:14 |
 Yuki (they/them) (Old) |
error: you are not privileged to build input-addressed derivations
I need to add my user to trusted users hu | 22:21:57 |
| Yuki (they/them) (Old) | * Testing with a NixOS remote builder
error: you are not privileged to build input-addressed derivations
I need to add my user to trusted users hu | 22:22:11 |
| Yuki (they/them) (Old) | Remote builder works, gonna move on to root single user mode nix | 22:47:28 |
| Yuki (they/them) (Old) | astolfo:~/nix-doom-emacs-tests # nix build .
warning: the group 'nixbld' specified in 'build-users-group' does not exist
warning: the group 'nixbld' specified in 'build-users-group' does not exist
error: the group 'nixbld' specified in 'build-users-group' does not exist
(use '--show-trace' to show detailed location information)
| 22:52:29 |
| Yuki (they/them) (Old) | ugh | 22:52:30 |
| Yuki (they/them) (Old) | @k0kada It builds successfully
astolfo:~/nix-doom-emacs-tests # nix build .
astolfo:~/nix-doom-emacs-tests # ls -l
total 36
drwxr-xr-x 8 root root 4096 Sep 14 00:49 .git
-rw-r--r-- 1 root root 18 Sep 14 00:49 .gitignore
drwxr-xr-x 2 root root 4096 Sep 14 00:49 doom.d
-rw-r--r-- 1 root root 14608 Sep 14 00:49 flake.lock
-rw-r--r-- 1 root root 704 Sep 14 00:49 flake.nix
lrwxrwxrwx 1 root root 68 Sep 14 01:29 result -> /nix/store/y8qv91yb34d6f65pw3p26qmb7s0f3vi6-emacs-with-packages-28.1
| 23:29:21 |
| Yuki (they/them) (Old) | * @k0kada It builds successfully (with root, nix single user)
astolfo:~/nix-doom-emacs-tests # nix build .
astolfo:~/nix-doom-emacs-tests # ls -l
total 36
drwxr-xr-x 8 root root 4096 Sep 14 00:49 .git
-rw-r--r-- 1 root root 18 Sep 14 00:49 .gitignore
drwxr-xr-x 2 root root 4096 Sep 14 00:49 doom.d
-rw-r--r-- 1 root root 14608 Sep 14 00:49 flake.lock
-rw-r--r-- 1 root root 704 Sep 14 00:49 flake.nix
lrwxrwxrwx 1 root root 68 Sep 14 01:29 result -> /nix/store/y8qv91yb34d6f65pw3p26qmb7s0f3vi6-emacs-with-packages-28.1
| 23:29:40 |
| Yuki (they/them) (Old) | In reply to@yuki:backalley.club
@k0kada It builds successfully (with root, nix single user)
astolfo:~/nix-doom-emacs-tests # nix build .
astolfo:~/nix-doom-emacs-tests # ls -l
total 36
drwxr-xr-x 8 root root 4096 Sep 14 00:49 .git
-rw-r--r-- 1 root root 18 Sep 14 00:49 .gitignore
drwxr-xr-x 2 root root 4096 Sep 14 00:49 doom.d
-rw-r--r-- 1 root root 14608 Sep 14 00:49 flake.lock
-rw-r--r-- 1 root root 704 Sep 14 00:49 flake.nix
lrwxrwxrwx 1 root root 68 Sep 14 01:29 result -> /nix/store/y8qv91yb34d6f65pw3p26qmb7s0f3vi6-emacs-with-packages-28.1
@k0kada | 23:32:41 |
| Yuki (they/them) (Old) | it seems my client borked the ping | 23:32:47 |
| Yuki (they/them) (Old) | i'm gonna go to sleep, feel free to ping me if you need me to do more tests | 23:34:45 |
| 14 Sep 2022 |
 ribosomerocker | In reply to@ckie:ckie.dev
mon_aaraj: please write those questions on github and i'll get back to you next time i murder all my unread emails just did | 00:23:39 |
| k0kada (he/him) | In reply to @yuki:backalley.club
@k0kada It builds successfully (with root, nix single user)
astolfo:~/nix-doom-emacs-tests # nix build .
astolfo:~/nix-doom-emacs-tests # ls -l
total 36
drwxr-xr-x 8 root root 4096 Sep 14 00:49 .git
-rw-r--r-- 1 root root 18 Sep 14 00:49 .gitignore
drwxr-xr-x 2 root root 4096 Sep 14 00:49 doom.d
-rw-r--r-- 1 root root 14608 Sep 14 00:49 flake.lock
-rw-r--r-- 1 root root 704 Sep 14 00:49 flake.nix
lrwxrwxrwx 1 root root 68 Sep 14 01:29 result -> /nix/store/y8qv91yb34d6f65pw3p26qmb7s0f3vi6-emacs-with-packages-28.1
Huh... So I am really thinking the issue is in the sandbox | 08:20:33 |
| Yuki (they/them) (Old) | how do I make sure that nix only builds on the distributed builder? | 09:55:55 |
| mei 🌒& | Yuki (they/them): --option max-jobs 0 | 10:15:15 |
| k0kada (he/him) | So my hypothesis:
The sandbox probably needs some elevated permissions to do its job correctly, but if running as a single user it is probably not doing so because you're running Nix as a your current user
Not a problem in multi-user mode/single-user mode as root because, well, you're running the whole thing as root | 10:41:04 |
| k0kada (he/him) | I really am not sure how user ns in Linux works, but maybe to use single-mode correctly you need to setuid or something the nix binary? | 10:41:45 |
| k0kada (he/him) | Anyway, for me this looks more a bug in Nix them anything we can do | 10:42:23 |
| k0kada (he/him) | It will also only affect if you're building Emacs locally for some reason | 10:42:52 |
| k0kada (he/him) | If you get Emacs from cache it should works fine | 10:43:03 |
| k0kada (he/him) | Yuki (they/them): 👆️ | 10:43:43 |
| k0kada (he/him) | Now, the question is, what is happening? What is actually leaking in single-user mode that is causing this behavior? | 10:44:44 |
| k0kada (he/him) | * Now, the question is, what is happening? What is leaking in single-user mode that is causing this behavior? | 10:45:42 |
| k0kada (he/him) | Yuki (they/them): https://github.com/nix-community/nix-doom-emacs/tree/do-not-fail-builds-when-fake-home-is-populated
Can you try this branch?
| 10:52:33 |
| Yuki (they/them) (Old) | In reply to@k0kada:matrix.org
Anyway, for me this looks more a bug in Nix them anything we can do I'm still wondering with whose responsibility is it in the Nix ecosystem to ensure a clean slate for build environments. | 12:25:30 |
| Yuki (they/them) (Old) | I'm under the presumption that the sandbox environment is only there to further isolate the build environment but it's the builder script or something among those lines from nixpkgs which clears out env, sets the deterministic CFLAGS, etc. | 12:26:33 |
| k0kada (he/him) | In reply to @yuki:backalley.club
I'm under the presumption that the sandbox environment is only there to further isolate the build environment but it's the builder script or something among those lines from nixpkgs which clears out env, sets the deterministic CFLAGS, etc. No, the sandbox is responsible for everything actually | 12:29:01 |
| Yuki (they/them) (Old) | I see | 12:28:30 |
