Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nix 1.11.10 fails to build on macOS #1413

Closed
matthewbauer opened this issue Jun 17, 2017 · 4 comments
Closed

Nix 1.11.10 fails to build on macOS #1413

matthewbauer opened this issue Jun 17, 2017 · 4 comments
Assignees
@edolstra

Comments

@matthewbauer
Copy link
Member

The 1.11.10 Nix version is not building on the Hydra build farm currently. Here is the log:

http://hydra.nixos.org/build/54425786/nixlog/1

The relevant lines are:

sandbox-exec: sandbox_apply_container: Operation not permitted
builder for ‘/private/tmp/nix-build-nix-1.11.10.drv-0/nix-1.11.10/tests/test-tmp/store/cmk2j4kh5cqyyhv1z7zb6q1wi9667aaq-dependencies-input-1.drv’ failed with exit code 71
cannot build derivation ‘/private/tmp/nix-build-nix-1.11.10.drv-0/nix-1.11.10/tests/test-tmp/store/94asi55xz1xk44q8srklxaqrla13laf4-dependencies.drv’: 1 dependencies couldn't be built
error: build of ‘/private/tmp/nix-build-nix-1.11.10.drv-0/nix-1.11.10/tests/test-tmp/store/94asi55xz1xk44q8srklxaqrla13laf4-dependencies.drv’ failed
FAIL: tests/tarball.sh

I'm not exactly sure what's going on here. My theory is that MacOS sandboxing does not like running a sandbox within a sandbox. The tests need to create their own sandbox to run correctly even though they are already in their parent sandbox. Maybe there is a way to detect that the machine is in the sandbox and just assume that it is safe to reuse? (probably a security hazard unless you can check that everything that should be denied is actually denied).
@domenkozar
Copy link
Member

cc @edolstra

@vcunat
Copy link
Member

vcunat commented Jun 17, 2017

Note that this has been blocking nixpkgs-unstable for quite some time now. Disabling all nix's tests would probably fix that, but I'd personally prefer to avoid that, even as temporary solution.

@edolstra edolstra self-assigned this Jun 17, 2017
edolstra added a commit that referenced this issue Jun 19, 2017
@edolstra
macOS: Ugly hack to make the tests succeed
1888f78 
Sandboxes cannot be nested, so if Nix's build runs inside a sandbox,
it cannot use a sandbox itself. I don't see a clean way to detect
whether we're in a sandbox, so use a test-specific hack.

#1413
edolstra added a commit that referenced this issue Jun 19, 2017
@edolstra
macOS: Ugly hack to make the tests succeed
11dd08f 
Sandboxes cannot be nested, so if Nix's build runs inside a sandbox,
it cannot use a sandbox itself. I don't see a clean way to detect
whether we're in a sandbox, so use a test-specific hack.

#1413
(cherry picked from commit 1888f78)
@grahamc
Copy link
Member

grahamc commented Jul 9, 2017

I believe this is fixed now, as I've built Nix a few times.

@vcunat
Copy link
Member

vcunat commented Jul 9, 2017

On Hydra it did build for some time but now 1.11.11 fails: http://hydra.nixos.org/build/55984532

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@edolstra edolstra

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@matthewbauer @grahamc @domenkozar @edolstra @vcunat