Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installing Nix fails on Ubuntu 18.04.1 LTS Error: cloning builder process: Invalid argument #2651

Open
braedenf opened this issue Jan 24, 2019 · 20 comments

Comments

Projects
None yet
10 participants
@braedenf
Copy link

commented Jan 24, 2019

Hi

I am running Ubuntu Linux on my Windows 10 machine using WSL, I have installed may packages on WSL before and have not had many issues. I have tried various methods to install nix, but get similar results. I have seen related issues for Ubuntu, however the issue usually relates to permission errors.

Here is the output when I run curl https://nixos.org/nix/install | sh:

~$ curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0   8012      0 --:--:-- --:--:-- --:--:--  8012
downloading Nix 2.2.1 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.2.1/nix-2.2.1-x86_64-linux.tar.bz2' to '/tmp/nix-binary-tarball-unpack.oRBavFjSIj'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  2368k      0  0:00:09  0:00:09 --:--:-- 1269k
performing a single-user installation of Nix...
copying Nix to /nix/store.................................
initialising Nix database...
installing 'nix-2.2.1'
error: cloning builder process: Invalid argument
error: unable to start build process
/tmp/nix-binary-tarball-unpack.oRBavFjSIj/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
@zarybnicky

This comment has been minimized.

Copy link

commented Jan 24, 2019

I have the same problem with Debian Stretch 9.6 running on an OpenVZ hypervisor.

Trying out strace leads me to the following lines that seem relevant:

[pid 28894] set_robust_list(0x7f723d5ebee0, 24) = 0
[pid 28894] ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 28894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 28894] getuid()                    = 0
[pid 28894] setgroups(0, NULL)          = 0
[pid 28894] mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f723d49d000
[pid 28894] clone(child_stack=0x7f723d59cff0, flags=CLONE_PARENT|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
[pid 28894] clone(child_stack=0x7f723d59cff0, flags=CLONE_PARENT|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
[pid 28894] write(2, "error: ", 7error: )      = 7
[pid 28894] write(2, "cloning builder process: Invalid"..., 41cloning builder process: Invalid argument) = 41
[pid 28894] write(2, "\n", 1
)           = 1
[pid 28894] exit_group(1)               = ?
[pid 28894] +++ exited with 1 +++
@zarybnicky

This comment has been minimized.

Copy link

commented Jan 24, 2019

Looking through http://man7.org/linux/man-pages/man2/clone.2.html#ERRORS - on my system it seems most likely to be one of the options NEWIPC, NEWNET, NEWPID, or NEWUTS, where the manpage says "[...] was specified in flags, but the kernel was not configured with the [...] option". And given my experience with the OpenVZ host, I'm inclined to think this is the problem.

@zarybnicky

This comment has been minimized.

Copy link

commented Jan 24, 2019

As for the WSL issue - googling leads me to issues like microsoft/WSL#2242, but every clone-related issue I found was already closed. @braedenf What's your WSL or Windows release?

@zarybnicky

This comment has been minimized.

Copy link

commented Jan 24, 2019

Or better: @braedenf can you also attach your strace output? Assuming we're using the same binary, this should work for you as well: sudo HOME=/root strace -f /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1/bin/nix-env -i /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1.

@braedenf

This comment has been minimized.

Copy link
Author

commented Jan 25, 2019

The OS version of Windows I am using is : 17134.523. I do not have the ~/nix/.. directory as the nix installer didn't get that far. Do you think I need to configure my profile for nix to build correctly, as that is what the error seems to indicate?

@braedenf

This comment has been minimized.

Copy link
Author

commented Jan 25, 2019

I have done some digging and the common issue with WSL and Nix is that WSL's system paths are too long. I have enabled NTFS Win32 long path support, however I still have the same error. The error I get with the strace command is - 85error: the group 'nixbld' specified in 'build-users-group' does not exist ) = 85
Here is my strace output:

[pid 474] unlink("/nix/var/nix/db/db.sqlite-wal") = 0 [pid 474] fcntl(4, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=1073741824, l_len=2}) = 0 [pid 474] fcntl(4, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0 [pid 474] fstat(4, {st_mode=S_IFREG|0644, st_size=53248, ...}) = 0 [pid 474] stat("/nix/var/nix/db/db.sqlite", {st_mode=S_IFREG|0644, st_size=53248, ...}) = 0 [pid 474] close(4) = 0 [pid 474] brk(0x1941e000) = 0x1941e000 [pid 474] close(3) = 0 [pid 474] write(2, "\33[31;1merror:\33[0m the group 'nix"..., 85error: the group 'nixbld' specified in 'build-users-group' does not exist ) = 85 [pid 474] exit_group(1) = ? [pid 475] <... rt_sigtimedwait resumed> <unfinished ...>) = ? [pid 475] +++ exited with 1 +++ [pid 476] <... futex resumed>) = ? [pid 476] +++ exited with 1 +++ [pid 477] <... futex resumed>) = ? [pid 478] <... futex resumed>) = ? [pid 477] +++ exited with 1 +++ [pid 478] +++ exited with 1 +++ [pid 479] <... futex resumed>) = ? [pid 480] <... futex resumed>) = ? [pid 479] +++ exited with 1 +++ [pid 480] +++ exited with 1 +++ [pid 481] <... futex resumed>) = ? [pid 482] <... futex resumed>) = ? [pid 481] +++ exited with 1 +++ [pid 474] +++ exited with 1 +++ +++ exited with 1 +++

@braedenf

This comment has been minimized.

Copy link
Author

commented Jan 25, 2019

It looks as though the issue may relate to "/nix/var/nix/db/db.sqlite".

@symphorien

This comment has been minimized.

Copy link
Contributor

commented Jan 28, 2019

Can you try installing nix after having created /etc/nix/nix.conf with content

sandbox = false

?
The sandbox uses user namespaces and Error: cloning builder process: Invalid argument is typically associated to unsupported user namespaces.

@zarybnicky

This comment has been minimized.

Copy link

commented Jan 28, 2019

The installer refuses to start when /etc/nix exists, but I'll try to work around it

@MartinPotier

This comment has been minimized.

Copy link

commented Jan 28, 2019

Exact same error on CentOS Linux release 7.6.1810 (Core)

EDIT: although, creating echo 'sandbox = false' > /etc/nix/nix.conf beforehand allows the install to finish.

@braedenf

This comment has been minimized.

Copy link
Author

commented Jan 28, 2019

I added sandbox = false to the nix.conf file which got further in the install, but got hung on waiting for the sql-db to intialise. So, I also added use-sqlite-wal = false to the nix.conf file, which was a suggestion on #2292. Now the install of nix has installed successfully, even though through a work around. Thanks for all the help!

@zarybnicky

This comment has been minimized.

Copy link

commented Jan 28, 2019

I was unable to install using the installer itself after creating nix.conf (due to There are some relics of a previous installation of Nix at /etc/nix, the check if [ -d /etc/nix ]; then), but after patching the installer to ignore /etc/nix, I got a bit further:

GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread
installing 'nix-2.2.1'
error: while setting up the build environment: unable to load seccomp BPF program: Invalid argument

Strace shows me a different error when running sudo HOME=/root strace -f /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1/bin/nix-env -i /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1:

[pid 29597] prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
[pid 29597] seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 ENOSYS (Function not implemented)
[pid 29597] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=0x1130ef20}) = -1 EINVAL (Invalid argument)
[pid 29597] write(2, "\1while setting up the build envi"..., 94 <unfinished ...>

The solution for this is #1882 - setting filter-syscalls = false in nix.conf. It seems my OpenVZ host has a very limited set of kernel features - neither user namespacing, nor seccomp.

I'm still getting GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread though on every nix-* invocation (and several times when calling nix-info), and that's something I didn't find a solution to anywhere.

@braedenf braedenf closed this Jan 28, 2019

@braedenf braedenf reopened this Jan 28, 2019

@braedenf

This comment has been minimized.

Copy link
Author

commented Jan 28, 2019

Oh wow so OpenVZ has only the root namespace? Seems like linux sub-environments that have peculiar kernel configurations are a pain point for Nix. Maybe a solution would be to have a guided install for Nix, that prompts the user about what kind of setup is available for their system. Such as one option for a regular setup, another for a custom setup and so on. Anyway i'll leave a contributor to close this issue, as there are some work around solutions available here.

@jlou2u

This comment has been minimized.

Copy link

commented Feb 14, 2019

workaround for me was to use 2.1.3 installer:

sh <(curl https://nixos.org/releases/nix/nix-2.1.3/install) --daemon

@mekosmowski

This comment has been minimized.

Copy link

commented Feb 16, 2019

I added sandbox = false to the nix.conf file which got further in the install, but got hung on waiting for the sql-db to intialise. So, I also added use-sqlite-wal = false to the nix.conf file, which was a suggestion on #2292. Now the install of nix has installed successfully, even though through a work around. Thanks for all the help!

This worked for me with the Debian WSL.

@symphorien

This comment has been minimized.

Copy link
Contributor

commented Feb 19, 2019

The installer refuses to start when /etc/nix exists, but I'll try to work around it

By the way, for a single user install, you can put the configuration in ~/.config/nix/nix.conf instead, and the installer will not refuse to run.

@matthiasbeyer

This comment has been minimized.

Copy link
Contributor

commented Mar 18, 2019

Can reproduce on CentOS7, doing a echo 'sandbox = false' > /etc/nix/nix.conf helps.

alexhrescale added a commit to alexhrescale/initializer that referenced this issue Mar 26, 2019

fix failing setup via sandbox, fix jupyter extension build
- echo 'sandbox = false' | sudo tee /etc/nix/nix.conf
  via NixOS/nix#2651;
- nbextensions build was failing due to libxml2; fix with
  adding python37Packages.lxml to NIX_PYTHON_PACKAGES

alexhrescale added a commit to alexhrescale/initializer that referenced this issue Mar 26, 2019

fix failing setup via sandbox, fix jupyter extension build
- echo 'sandbox = false' | sudo tee /etc/nix/nix.conf
  via NixOS/nix#2651;
- nbextensions build was failing due to libxml2; fix with
  adding python37Packages.lxml to NIX_PYTHON_PACKAGES
@DanielFabian

This comment has been minimized.

Copy link

commented Apr 24, 2019

Could someone point me to the install script that does the single-user install? It would be really nice to add the two workarounds into the install script.

It should be fairly easy to verify that this only happens on WSL according to StackOverflow

@domenkozar

This comment has been minimized.

@edolstra

This comment has been minimized.

Copy link
Member

commented Apr 25, 2019

Nix (build.cc, not the installer) should detect whether user namespaces are available, and if not, refrain from using them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.