Question I was confused by Jeremy Fleischman (jfly) :

When calculating store-paths, Nix does "Hashing modulo fixed-output derivations" -- this makes sense since you want the store-path to be stable for multiple drvs for the FOD.

His question:
Can we replace all the inputDrvs with their store-path and also achieve the same thing?
(replace via the same massaging that we do for FODs)

I'd appreciate some feedback on https://github.com/NixOS/nix/pull/14298, in particular regarding this:

One open question is that, with this fix, we accept copies of paths with any signature, even if that signature is not trusted. Perhaps we ought to only accept trusted signatures?

In reply to @jfly:matrix.org
My question is stronger than "can we?". I'm saying "mustn't we?"

I think if you're not looking at the paths or derivations the semantics of that would be the same.

Maybe it would be a conceptual simplification.

Sergei Zimmerman (xokdvium): that makes sense
but isn't this 2 step exactly what has to happen now anyways with FODs?

The confusing part is that the inputDrvs for non-FODs are not replaced with their output path but FODs are when caculating the out paths.

The drv's path though is just the hash of the ATerm ?This has the side-effect of causing brand new drvs for the whole system tree since drvs are just the hash of their ATerm without substitution?

In reply to @fzakaria:one.ems.host
I was going to explore the Katai struct. Is nars.sh and nar-access.sh the only NAR tests?

Hey there,

I am currently investigating nix assertion errors that consistently appear once in a while in our CI. Only MacOS machines are affected by this and the error persists until the nix store is garbage collected. It also only persists on the same user on the machine.

[...]
using cache entry 'fetchToStore:{"fingerprint":"3f0bf132df94785670cb324fbb759e85ff5ad0b6","method":"nar","name":"source","path":"/","store":"/nix/store"}' -> 'null', '/nix/store/72alw9m62226brv4v4m98fqrk31mlp34-source'
store path cache hit for '«github:runtimeverification/k/3f0bf132df94785670cb324fbb759e85ff5ad0b6?narHash=sha256-SYrGoV4PuOWux7d4nYhluWD515%2B9sh0DjAMcEDbREVM%3D»/nix/store/8ck644nfh5mb5dqkzgvqhfbznsk1n4df-source'
custom debug: storePath='72alw9m62226brv4v4m98fqrk31mlp34-source' originalInput.computeStorePath(*state.store)='8ck644nfh5mb5dqkzgvqhfbznsk1n4df-source'
Assertion failed: (!originalInput.getNarHash() || storePath == originalInput.computeStorePath(*state.store)), function copyInputToStore, file ../flake.cc, line 40.

This is the assertion that is violated though the check has since been moved in master. We currently run nix version 2.31.2.

So essentially the two nix store paths differ due to existing and non-existing submodule directories, without their content and also somewhat their parent directory, see:

% diff -qr expected instead | sort
Only in expected/haskell-backend/src/main: native
Only in expected/llvm-backend/src/main: native
Only in expected/web: k-web-theme

Does anybody see what could be wrong here or where to look for bugs in nix? I will probably continue to debug this, but there's a lot going on in nix that I am not aware of yet.