| 18 Feb 2025 |
 jade_ | if that's not what happens, your daemon has diverged from the modern ones | 17:14:02 |
| jade_ | also if you want to not deal with an evaluator you can probably nix-copy-closure the drv files into $PWD/store before beginning the test substitution | 17:14:47 |
 Robert Hensing (roberth) | and https://github.com/NixOS/nix/pull/12503, to be upstreamed into nixpkgs too | 18:42:27 |
 emily | mra: fwiw our side of the ecosystem is on the way towards deprecating allowSubstitutes = false; (hence --always-allow-substitutes etc.) as not really useful in practice | 22:40:38 |
| emily | not sure whether Guix would have an easier time phasing it out than us, but if so it might be worth considering rather than fixing | 22:41:15 |
| emily | (I thought Guix had rewritten the daemon, 2012 nix-daemon sounds scary…) | 22:41:45 |
| emily | (there's been a good few CVEs since then) | 22:41:46 |
 ElvishJerricco | Why is it not really useful? | 23:19:32 |
| emily | there's a bunch of discussion in https://github.com/NixOS/nix/issues/4442 | 23:20:23 |
| emily | and tl;dr rationale in https://github.com/NixOS/nix/pull/8047 https://github.com/NixOS/nix/issues/3686 | 23:21:04 |
| emily | (mostly it just does not seem like "whether you can fetch a built result from a substituter" should be within the purview of a derivation anyway. hints to prefer building on a local machine are one thing) | 23:21:40 |
| jade_ | guessing it is probably because guix cares far, far too mucha tremendous amount about licensing and so stuff like zfs integrated into a linux kernel is not something they consider ok to substitute | 23:21:58 |
| emily | I somewhat doubt Guix has a zfs.ko package to begin with | 23:24:23 |
| emily | but in this case the bug report was about TeX Live | 23:24:29 |
| emily | (I'd expect hydraPlatforms/license to be disjoint from allowSubstitutes anyway? but I have no idea how they do things in Guixland :) ) | 23:25:14 |
| 19 Feb 2025 |
 apteryx | there is one in the zfs package (its 'module' output). and indeed, looking into this is motivated by being able to reliably prevent fetching binaries which could constitute copyright violations, such as the combination of GPLv2 only linux modules with the zfs CDDL in a binary initrd, for example. | 01:24:25 |
| apteryx | and the texlive issue (where apparently we aren't able to control that the way we thought it should work) appeared related, or worrying in that context :-) | 01:25:21 |
| apteryx | Thanks for the pointers! It seems our 'guix-daemon' binary doesn't expose a --store argument :-/ | 01:32:19 |
| apteryx | We do have --max-jobs though | 01:32:38 |
| apteryx | I'll try setting it to 0 and see what it does. So far I'm following the daemon execution flow in GDB | 01:33:58 |
| apteryx | the --max-jobs=0 trick is useful, I think it causes builds to fail like: guix build: erreur : path /gnu/store/b5sn5ha961hab37r7vl5p2n6sf46x582-texlivetexmf-20240312' is not valid` | 01:51:33 |
| apteryx | any idea how I can pretty print a nix::Goal shared pointer in GDB? | 02:16:03 |
| apteryx | a std::set containing such objects, I meant | 02:16:21 |
| apteryx | p goals looks like this: $5 = std::set with 1 element = {[0] = std::shared_ptr<nix::Goal> (use count 1, weak count 3) = {get() = 0x72d570}} | 02:20:35 |
| apteryx | starting to look like the problem is that buildPaths builds a lists of substitutable goals, which include the output of an unsubstitutable derivation: | 02:32:06 |
| apteryx | 2: *goal = {<std::enable_shared_from_this<nix::Goal>> = {_M_weak_this = std::weak_ptr<nix::Goal> (use count 2, weak count 3) = {get() = 0x5e29a0}}, _vptr.Goal = 0x4c75e0 <vtable for nix::SubstitutionGoal+16>, worker = @0x7fffffff85c0, waitees = std::set with 0 elements, waiters = std::__cxx11::list = {[0] = std::weak_ptr<nix::Goal> (use count 1, weak count 5) = {get() = 0x5b08f0}}, nrFailed = 0, nrNoSubstituters = 0, nrIncompleteClosure = 0, name = "substitution of `/gnu/store/b5sn5ha961hab37r7vl5p2n6sf46x582-texlivetexmf-20240312'", exitCode = nix::Goal::ecBusy}
(gdb) where
#0 nix::Worker::run (this=0x7fffffff85c0, _topGoals=std::set with 1 element = {...}) at nix/libstore/build.cc:3448
#1 0x00000000004659c9 in nix::LocalStore::buildPaths (this=0x55b4d0, drvPaths=std::set with 1 element = {...}, buildMode=nix::bmNormal) at nix/libstore/build.cc:3642
#2 0x000000000040ad6c in performOp (trusted=false, clientVersion=356, from=..., to=..., op=9) at nix/nix-daemon/nix-daemon.cc:481
#3 0x000000000040e01b in processConnection (trusted=false, userId=1000) at nix/nix-daemon/nix-daemon.cc:841
#4 0x000000000040e754 in operator() (__closure=0x524f50) at nix/nix-daemon/nix-daemon.cc:1003
#5 0x0000000000410fda in std::__invoke_impl<void, acceptConnection(int)::<lambda()>&>(std::__invoke_other, struct {...} &) (__f=...) at /gnu/store/d50i890p2lg97kvc131p62wy52krapbd-profile/include/c++/bits/invoke.h:61
#6 0x000000000040f718 in std::__invoke_r<void, acceptConnection(int)::<lambda()>&>(struct {...} &) (__fn=...) at /gnu/store/d50i890p2lg97kvc131p62wy52krapbd-profile/include/c++/bits/invoke.h:154
#7 0x000000000040f5db in std::_Function_handler<void(), acceptConnection(int)::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /gnu/store/d50i890p2lg97kvc131p62wy52krapbd-profile/include/c++/bits/std_function.h:290
#8 0x0000000000441f00 in std::function<void()>::operator() (this=0x7fffffffaf10) at /gnu/store/d50i890p2lg97kvc131p62wy52krapbd-profile/include/c++/bits/std_function.h:590
#9 0x00000000004ab2ef in nix::startProcess (fun=..., dieWithParent=false, errorPrefix="unexpected build daemon error: ", runExitHandlers=true) at nix/libutil/util.cc:1025
#10 0x000000000040ed6b in acceptConnection (fdSocket=3) at nix/nix-daemon/nix-daemon.cc:977
#11 0x000000000040f40e in daemonLoop (sockets=std::vector of length 1, capacity 1 = {...}) at nix/nix-daemon/nix-daemon.cc:1055
#12 0x000000000040f4bd in run (sockets=std::vector of length 1, capacity 1 = {...}) at nix/nix-daemon/nix-daemon.cc:1064
#13 0x000000000041a262 in main (argc=12, argv=0x7fffffffc208) at nix/nix-daemon/guix-daemon.cc:569
| 02:32:14 |
| apteryx | texlivetexmf is a private package marked with #:substitutable? #f while texlive uses texlivetexmf as an input but isn't marked itself as non-substitutable. | 02:34:11 |
| emily | I think you want to control such things on the "production" end (i.e. CI doesn't build such binaries) rather than "consumption" (i.e. can you fetch them from a substituter). I don't think that e.g. using a local cache on a LAN to share your zfs.ko build between machines is any more problematic than creating it in the first place | 02:56:25 |
| emily | that's how it works in Nix/Nixpkgs; Hydra won't build things with non-free licences, so they are never substituted from the default substituters configuration, but nothing prevents you from caching them yourself | 02:57:10 |
| apteryx | you may still want CI to be able to build something to detect problems, but not distributing it as a substitute | 02:59:05 |
