nix: don't pass --experimental-features to nix commands #1311
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yup, lets do this! |
|
The code looks good but there's quite a few failing cicd tests. Related to:
I tried looking into "why" but am failing. |
gcurtis
force-pushed
the
gcurtis/exp-features
branch
from
741d778
to
b5e8c92
Compare
When running nix commands, devbox passes two flags to enable experimental features: 1. `nix --extra-experimental-features ...` 2. `nix --option experimental-features ...` The second flag causes issues because it overwrites the user's nix.conf. It doesn't seem to be doing anything, so remove it and just use `--extra-experimental-features`. There's also some cleanup to switch all callers of `nix.ExperimentalFlags` to use `nix.Command` instead. This function sets the correct flags and forwards SIGINTs to Nix instead of just killing the process when devbox gets interrupted. Details ------- A specific bug caused by this flag is #1263. The DeterminateSystems installer configures Nix without a build users group and instead enables the `auto-allocate-uids` setting in `/etc/nix/nix.conf` on Linux. If this setting gets disabled by devbox, then the Nix daemon has no way of building flakes and fails. The reason why `--option experimental-features ...` was added is because we were still seeing errors about ca-derivations not being enabled even though the `--extra-experimental-features ca-derivations` flag was set. Overwriting the config setting seemed to fix it, but that might've been a red herring. The ca-derivations feature is unique in that it must be set in the Nix daemon, not just the client. This is because it changes the schema of the Nix database, requiring a restart of the daemon. The only reliable way to enable it is to add it to `/etc/nix/nix.conf`. Given that this flag is currently breaking some users and doesn't seem to be having the intended effect, I think we should remove it and figure out another way to ensure ca-derivations is enabled. Switching to using the DeterminateSystems installer and printing errors telling the user how to enable it are probably the best bet.
gcurtis
force-pushed
the
gcurtis/exp-features
branch
4 times, most recently
from
e75be49
to
b5f7722
Compare
gcurtis
force-pushed
the
gcurtis/exp-features
branch
from
b5f7722
to
a92946e
Compare
|
The macOS auto-install test is still failing, so I'm going to postpone this until next cycle. I think this PR will require a couple other changes:
I'm really not sure why |
gcurtis
added a commit
that referenced
this pull request
Jul 26, 2023
Changes extracted from #1311 so they can be merged sooner. - Upgrade the Nix installer action to v4 and configure the experimental features Devbox needs. - Print out the Nix version, `/etc/nix/nix.conf`, and the resolved Nix config to make debugging easier. - Do the same for `test-nix-versions` and add the last 3 Nix releases to the matrix. Nix 2.15.1 is the current stable version and 2.17.0 is the latest. - Update `TestContentAddressedPath` to accept hashes from Nix <2.17 and 2.17+.
gcurtis
added a commit
that referenced
this pull request
Jul 26, 2023
Changes extracted from #1311 so they can be merged sooner. - Upgrade the Nix installer action to v4 and configure the experimental features Devbox needs. - Print out the Nix version, `/etc/nix/nix.conf`, and the resolved Nix config to make debugging easier. - Do the same for `test-nix-versions` and add the last 3 Nix releases to the matrix. Nix 2.15.1 is the current stable version and 2.17.0 is the latest. - Update `TestContentAddressedPath` to accept hashes from Nix <2.17 and 2.17+.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When running nix commands, devbox passes two flags to enable experimental features:
nix --extra-experimental-features ...nix --option experimental-features ...The second flag causes issues because it overwrites the user's nix.conf. It doesn't seem to be doing anything, so remove it and just use
--extra-experimental-features. There's also some cleanup to switch all callers ofnix.ExperimentalFlagsto usenix.Commandinstead. This function sets the correct flags and forwards SIGINTs to Nix instead of just killing the process when devbox gets interrupted.Details
A specific bug caused by this flag is #1263. The DeterminateSystems installer configures Nix without a build users group and instead enables the
auto-allocate-uidssetting in/etc/nix/nix.confon Linux. If this setting gets disabled by devbox, then the Nix daemon has no way of building flakes and fails.The reason why
--option experimental-features ...was added is because we were still seeing errors about ca-derivations not being enabled even though the--extra-experimental-features ca-derivationsflag was set. Overwriting the config setting seemed to fix it, but that might've been a red herring.The ca-derivations feature is unique in that it must be set in the Nix daemon, not just the client. This is because it changes the schema of the Nix database, requiring a restart of the daemon. The only reliable way to enable it is to add it to
/etc/nix/nix.confand restart the nix-daemon process.Given that this flag is currently breaking some users and doesn't seem to be having the intended effect, I think we should remove it and figure out another way to ensure ca-derivations is enabled. Switching to using the DeterminateSystems installer and printing errors telling the user how to enable it are probably the best bet.