Nixpkgs: nix-build --option builders '' doesn't build with impureEnvVars from current shell
Issue description
duplicate of:
- https://github.com/NixOS/nix/issues/1118#issuecomment-414083797
- https://stackoverflow.com/questions/51912288/how-to-pass-impureenvvars-to-local-nix-build-instead-of-nix-daemon-how-to-disa
Steps to reproduce
code=`<<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name="impure";
phases=["buildPhase"];
impureEnvVars=["IMPURE"];
buildPhase=''
env | grep IMPURE
if [ -z $IMPURE ]; then
echo "Error"
exit 1
fi
echo "foo" > $out
'';
}
EOF`
export IMPURE=iop; nix-build --option builders "" --option trusted-users $USER -E "$code"
should use IMPURE env variable inside buildPhase, but actually its empty
Technical details
$ nix-shell -p nix-info --run "nix-info -m"
- system: `"x86_64-linux"`
- host os: `Linux 4.14.59, NixOS, 18.03.133029.d0c868ec17c (Impala)`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.0.4`
- channels(srghma): `"qtpass-1.2.1, terraform-0.11.7, nix-diff-1.0.1, intero-0.1.20.drv, libreoffice-6.0.2.1, icedtea-web-1.6.2, xkbcomp-1.4.0, qtox-1.13.0, utox-0.16.1, bfg-repo-cleaner, jq-1.5, firefox-60.0.2esr, home-manager-path, python3-3.6.5, sqlitebrowser-3.10.1"`
- channels(root): `"nixos-18.03, nixpkgs-unstable-18.09pre147772.d1ae60cbad7"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs`
$ cat /etc/nix/nix.conf
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
max-jobs = 8
cores = 0
sandbox = true
extra-sandbox-paths =
substituters = https://cache.nixos.org https://cachix.cachix.org https://srghma.cachix.org
trusted-substituters =
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM= srghma.cachix.org-1:EUHKjTh/WKs49hFtw6bwDE9oQLeX5afml0cAKc97MbI=
auto-optimise-store = false
require-sigs = true
trusted-users = root srghma
allowed-users = *
builders =
auto-optimise-store = true
max-jobs = auto
keep-outputs = true # don't delete store paths that are used at build time, useful for development
my dotfiles https://github.com/srghma/dotfiles/tree/a543b62503d6539399149b20bb47bfc0469dc3b3
srghma
All 6 comments
Disable the sandbox, that should work.
FRidh
on 25 Aug 2018
❤1
not working
code=`<<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name="impure";
phases=["buildPhase"];
impureEnvVars=["IMPURE"];
buildPhase=''
env | grep IMPURE
if [ -z $IMPURE ]; then
echo "Error"
exit 1
fi
echo "foo" > $out
'';
}
EOF`
export IMPURE=iop; nix-build --option sandbox false --option builders "" --option trusted-users $USER -E "$code"
not working either
nix = {
useSandbox = false;
trustedUsers = [ "root" "srghma" ];
envVars = {
IMPURE = "true";
};
};
$ sudo nixos-rebuild switch
building Nix...
building the system configuration...
activating the configuration...
setting up /etc...
setting up tmpfiles
$ cat /etc/nix/nix.conf
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
max-jobs = 8
cores = 0
sandbox = false
extra-sandbox-paths =
substituters = https://cache.nixos.org https://cachix.cachix.org https://srghma.cachix.org https://hie-nix.cachix.org
trusted-substituters =
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM= srghma.cachix.org-1:EUHKjTh/WKs49hFtw6bwDE9oQLeX5afml0cAKc97MbI= hie-nix.cachix.org-1:EjBSHzF6VmDnzqlldGXbi0RM3HdjfTU3yDRi9Pd0jTY=
auto-optimise-store = false
require-sigs = true
trusted-users = root srghma
allowed-users = *
builders =
auto-optimise-store = true
max-jobs = auto
keep-outputs = true # by default nix deletes build dependencies and leaves only resuliting package, this prevents it, useful for development
$ code=`<<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name="impure";
phases=["buildPhase"];
impureEnvVars=["IMPURE"];
buildPhase=''
env | grep IMPURE
if [ -z $IMPURE ]; then
echo "Error"
exit 1
fi
echo "foo" > $out
'';
}
EOF`
export IMPURE=iop; nix-build -E "$code"
these derivations will be built:
/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv
building '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv'...
building
impureEnvVars=IMPURE
buildPhase=env | grep IMPURE
if [ -z $IMPURE ]; then
Error
builder for '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv' failed with exit code 1
error: build of '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv' failed
nix = {
useSandbox = true;
envVars = {
IMPURE = "true";
};
};
not working
```
$ sudo nixos-rebuild switch
....
$ cat /etc/nix/nix.conf
WARNING: this file is generated from the nix.* options in
your NixOS configuration, typically
/etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
max-jobs = 8
cores = 1
sandbox = true
extra-sandbox-paths =
substituters = https://cache.nixos.org/
trusted-substituters =
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
auto-optimise-store = false
require-sigs = true
trusted-users = root
allowed-users = *
builders =
$ code=<<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name="impure";
phases=["buildPhase"];
impureEnvVars=["IMPURE"];
buildPhase=''
env | grep IMPURE
if [ -z $IMPURE ]; then
echo "Error"
exit 1
fi
echo "foo" > $out
'';
}
EOF
nix-build -E "$code"
these derivations will be built:
/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv
building '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv'...
building
impureEnvVars=IMPURE
buildPhase=env | grep IMPURE
if [ -z $IMPURE ]; then
Error
builder for '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv' failed with exit code 1
error: build of '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv' failed
````
srghma
on 25 Aug 2018
nix = {
useSandbox = true;
trustedUsers = [ "root" "srghma" ];
};
not working
$ sudo nixos-rebuild switch
...
$ cat /etc/nix/nix.conf
# WARNING: this file is generated from the nix.* options in
# your NixOS configuration, typically
# /etc/nixos/configuration.nix. Do not edit it!
build-users-group = nixbld
max-jobs = 8
cores = 1
sandbox = true
extra-sandbox-paths =
substituters = https://cache.nixos.org/
trusted-substituters =
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
auto-optimise-store = false
require-sigs = true
trusted-users = root srghma
allowed-users = *
builders =
$ code=`<<'EOF'
with import <nixpkgs> {};
stdenv.mkDerivation {
name="impure";
phases=["buildPhase"];
impureEnvVars=["IMPURE"];
buildPhase=''
env | grep IMPURE
if [ -z $IMPURE ]; then
echo "Error"
exit 1
fi
echo "foo" > $out
'';
}
EOF`
export IMPURE=iop; nix-build -E "$code"
these derivations will be built:
/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv
building '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv'...
building
impureEnvVars=IMPURE
buildPhase=env | grep IMPURE
if [ -z $IMPURE ]; then
Error
builder for '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv' failed with exit code 1
error: build of '/nix/store/dvsl63bq4qmlrs79wbxvc3vrbxzw6xad-impure.drv' failed
@FRidh tnx for the reply, but I still can't manage it, nor with nix-build, nor with nix.envVars in /etc/nixos/configuration.nix
srghma
on 25 Aug 2018
@srghma : from the documentation
This attribute is only allowed in fixed-output derivations, where impurities such as these are okay since (the hash of) the output is known in advance. It is ignored for all other derivations.
Which means you have to make your derivation a fixed output. The following derivation:
with import <nixpkgs> {};
stdenv.mkDerivation {
name="impure";
phases=["buildPhase"];
impureEnvVars=["IMPURE"];
# This is a fixed-output derivation; the output must be a regular
# file with SHA256 hash sha256.
outputHashMode = "flat";
outputHashAlgo = "sha256";
outputHash = "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b";
buildPhase=''
env | grep IMPURE
if [ -z $IMPURE ]; then
echo "Error"
exit 1
fi
echo "foo" > $out
'';
}
built as root:
$ sudo IMPURE=iop nix-build ./imp
these derivations will be built:
/nix/store/lkb5pr76433jdsq4y18fyvlj2yya8g0q-impure.drv
building '/nix/store/lkb5pr76433jdsq4y18fyvlj2yya8g0q-impure.drv'...
building
impureEnvVars=IMPURE
IMPURE=iop
buildPhase=env | grep IMPURE
if [ -z $IMPURE ]; then
hash mismatch in fixed-output derivation '/nix/store/a6br5383vrzb42zw6nwvcdhb8zk84byi-impure':
wanted: sha256:0sslrbd0b64gxxcc02afjv7fwkmn4i8w19win08yjvqbr0clgfh1
got: sha256:0k4lwj58f2w5yh92ilrwy9917pycipbrdrr13vbb3yd02j09vfxm
error: build of '/nix/store/lkb5pr76433jdsq4y18fyvlj2yya8g0q-impure.drv' failed
Enteee
on 2 Mar 2020
🚀1
❤1
🎉1
👍1
Was this page helpful?
0 / 5 - 0 ratings
Related issues
ghost
路
3Comments
spacekitteh
路
3Comments
lverns
路
3Comments
vaibhavsagar
路
3Comments
copumpkin
路
3Comments
Most helpful comment
@srghma : from the documentation
Which means you have to make your derivation a fixed output. The following derivation:
built as root: