nix-2.2.2 fails to update channels: ``` qdesktop ~ # nix-channel --update unpacking channels... while setting up the build environment: executing '/bin/bash': No such file or directory builder for '/nix/store/q7jp1fvirvfggj9ciybdzfbg46fy4rqb-nixpkgs-19.09pre191265.c4adeddb5f8.drv' failed with exit code 1 error: build of '/nix/store/q7jp1fvirvfggj9ciybdzfbg46fy4rqb-nixpkgs-19.09pre191265.c4adeddb5f8.drv' failed error: program '/usr/bin/nix-env' failed with exit code 100 ``` There is a discussion about this bug in https://github.com/NixOS/nix/issues/2673
I had impression I fixed it by passing busybox: --with-sandbox-shell=/bin/busybox Can you post your output of: $ nix show-config | fgrep sandbox
(In reply to Sergei Trofimovich from comment #1) > I had impression I fixed it by passing busybox: > --with-sandbox-shell=/bin/busybox I had the same error and this workaround works for me while running "nix-channel --update".
qdesktop ~ # nix show-config | fgrep sandbox extra-sandbox-paths = sandbox = true sandbox-build-dir = /build sandbox-dev-shm-size = 50% sandbox-paths = /bin/sh=/bin/busybox and using the flag you specified makes it work (but I guess it's just a workaround): qdesktop ~ # nix-channel --update --with-sandbox-shell=/bin/busybox unpacking channels... created 2 symlinks in user environment
(In reply to Kirill Zaborsky from comment #3) > qdesktop ~ # nix show-config | fgrep sandbox > extra-sandbox-paths = > sandbox = true > sandbox-build-dir = /build > sandbox-dev-shm-size = 50% > sandbox-paths = /bin/sh=/bin/busybox > > and using the flag you specified makes it work (but I guess it's just a > workaround): > > qdesktop ~ # nix-channel --update --with-sandbox-shell=/bin/busybox > unpacking channels... > created 2 symlinks in user environment Oh, I had no idea you can pass that flag as a commandline argument as well. I meant ./configure's flag. That is good to know :) Any chance you were running old nix-daemon? Or it was freshly started after nix being updated?
I don't quite remember when I upgraded nix. And also I've restarted nixdaemon multiple times which doesn't give me anything.
Reproduced locally on freshly created user. nix-build tries to use system /bin/bash if nix store does not provide one but does not pull in it's runtime libraries into container. Looking.
It looks like nix-channel --update --with-sandbox-shell=/bin/busybox doesn't work anymore: qdesktop /home/qrilka # nix-channel --update --with-sandbox-shell=/bin/busybox unpacking channels... qdesktop /home/qrilka # And nix-info shows that root is at nixpkgs-19.09pre182717.b58ada326aa which is from June and I couldn't get updates
Updating nix to 2.3 didn't change the situation
As a workaround I have disabled sandbox for doing nix-channel --update
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d230dd2ca9479868134a2278c8759f03a80e01e7 commit d230dd2ca9479868134a2278c8759f03a80e01e7 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2019-10-10 22:08:33 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2019-10-10 22:08:48 +0000 sys-apps/nix: fix nix bootstrap, bug #693482 Fix `nix-channel --update` does not work on freshly-installed nix. `nix-channel --update` does a few main things: 1. fetch new tarball with nix expressions 2. unpack that tarball as part of the build system using a shell script derived by unpack-channel.nix. 3. install the result into /nix/store [2.] fails because tarball unpacking runs in a sandboxed environment in a container with /nix/store and /bin/sh mounted. unpack-channel.nix needs bash, tar and xz binaries in PATH. These are normally provided by bash, tar and xz packages from /nix/store. Unfortunately bash, tar and xz packages are not yet fetched as we only have nix installed without nixpkgs tree. 1. we patch unpack-channel.nix to only require 'sh' 2. we use /bin/sh as a static busybox and point nix at it: ./configure --with-sandbox-shell=/bin/busybox Reported-by: Kirill Zaborsky Closes: https://bugs.gentoo.org/693482 Bug: https://github.com/NixOS/nix/issues/2673 Package-Manager: Portage-2.3.76, Repoman-2.3.17 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-apps/nix/files/nix-2.3-bootstrap.patch | 58 ++++++++++++ sys-apps/nix/nix-2.3-r1.ebuild | 138 +++++++++++++++++++++++++++++ 2 files changed, 196 insertions(+)
Pushed the workaround into sys-apps/nix-2.3-r1. `nix-channel --update` should work with a sandbox enabled now.
Works fine, thank you!
Thank for the report and test! It's always easy to miss when nix is already up and running.
