| 23 Aug 2021 |
andi- | As long as the file has been loaded before the sandbox has been entered it shouldn't be a problem. It is very common to open a FD, enter a sandbox and only then operate on it. | 16:15:22 |
baloo | in this case, it's relying on nss to dlopen the libraries, but yes | 16:15:53 |
andi- | Could it be a glibc mismatch of sorts? | 16:16:36 |
andi- | Another glibc on the host than what is in the sandbox and does the fetching? | 16:16:49 |
andi- | and thus it might not be "tricked" into reusing the already loaded stuff? | 16:16:59 |
baloo | what I don't understand is that some looks must be working | 16:18:19 |
baloo | like all the cache.nixos.org at least | 16:18:33 |
baloo | * what I don't understand is that some lookups must be working | 16:18:48 |
davidak | In reply to @andi:kack.it Could it be a glibc mismatch of sorts? i was running this on a system build from a PR (master+). not sure which nixpkgs version it is using. could be a mismatch if it's an older version
nix run \
--option extra-substituters 'https://nixpkgs-update.cachix.org/' \
--option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \
-f https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz \
-c nixpkgs-update --help
| 16:18:50 |
andi- | Do we have a minimal reproducer for this that doesn't involve flakes, nixpkgs-update, ....? A simple derivation? | 16:18:56 |
andi- | In reply to @davidak:matrix.org
i was running this on a system build from a PR (master+). not sure which nixpkgs version it is using. could be a mismatch if it's an older version
nix run \
--option extra-substituters 'https://nixpkgs-update.cachix.org/' \
--option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \
-f https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz \
-c nixpkgs-update --help
It started building from bootstrap or so. How long before that error occurs? | 16:23:46 |
nrdxp | In reply to @baloo_:matrix.org I can now inject my own custom vdso to a whole process tree. And customize logic there. do you have this anywhere I could play with it 😅 or do you plan to submit a PR? I'd love to review it | 16:24:23 |
baloo | I need to cleanup my code and document it. | 16:24:49 |
baloo | but I'll push it on Github. although I don't recommend running it :D | 16:25:20 |
davidak | In reply to @andi:kack.it It started building from bootstrap or so. How long before that error occurs? few minutes. when it connects to tarballs.nixos.org or ftpmirror.gnu.org | 16:25:25 |
andi- | And what makes this expression special? That uncached / custom nixpkgs? | 16:25:58 |
davidak | does it get the packages from cachix on your system or build every single package? it builds 120 packages in my case which took about 2 hours | 16:26:04 |
andi- | I don't know if it fetches from cachix. I never trusted / used it. | 16:26:18 |
andi- | I used your command 1:1 | 16:26:22 |
andi- | I am not a trusted user on my systems so probably not. | 16:26:36 |
davidak | yes, in that case not. but i added my user to trustedUsers, but it still builds everything. that's a bit strange. not used cachix before, so i'm not sure if the cache is maybe outdated | 16:28:13 |
andi- | try reproducing the error with this:
let pkgs = import <nixpkgs> {}; in
pkgs.fetchurl {
url = "mirror://gnu/whatever/something-v1234.tar.gz";
sha256 = "0000000000000000000000000000000000000000000000000000000000000000";
}
| 16:31:43 |
andi- | It might also be a case of many downloads happening at the same time where some of them are then causing the DNS thing to fall over? | 16:33:14 |
andi- | Looking at the Nix issue that pretty much looks like it is fetching all the (missing) sources. | 16:33:34 |
baloo | nrdxp: https://github.com/baloo/emmett for now | 16:37:48 |
andi- | Use this to verify the latter:
let
pkgs = import <nixpkgs> { };
d = "0000000000000000000000000000000000000000000000000000000000000000";
in
pkgs.symlinkJoin {
name = "whatever";
paths = builtins.genList
(x:
let s = toString x; in
pkgs.fetchurl {
url = "mirror://gnu/whatever/something-v${s}.tar.gz";
sha256 = s + (builtins.substring 0 (builtins.stringLength d - builtins.stringLength s) d);
}) 1000;
}
``
| 16:37:55 |
andi- | that just tries to fetch 1000 imaginary packages that will never exist and should stress the fetching code out. | 16:38:19 |
baloo | it's reproducible with only 1 | 18:09:25 |
baloo | (here) | 18:09:35 |
baloo | and makes less noise | 18:10:11 |