Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Building a flake by another uid fails with unclear error message #6636

Closed
edolstra opened this issue Jun 9, 2022 · 10 comments · Fixed by #6643
Closed

Building a flake by another uid fails with unclear error message #6636

edolstra opened this issue Jun 9, 2022 · 10 comments · Fixed by #6643
Labels
bug error-messages Confusing messages and better diagnostics

Comments

@edolstra
Copy link
Member

edolstra commented Jun 9, 2022

Describe the bug

When I run nixos-rebuild, I use a flake in my home directory, i.e. the flake's Git repo is not owned by root. This has started failing with this error message:

# nix build /home/eelco/Misc/eelco-configurations/machine/#nixosConfigurations.machine.config.system.build.toplevel
warning: Not a git repository. Use --no-index to compare two paths outside a working tree
usage: git diff --no-index [<options>] <path> <path>
...
error: program 'git' failed with exit code 129
(use '--show-trace' to show detailed location information)

This is because of the new security checks in Git 2.35.2 (which make no sense, BTW). A workaround is to set safe.directory in ~/.gitconfig.

Expected behavior

Ideally this should just work. Alternatively, it should print a better error message.
@edolstra edolstra added bug error-messages Confusing messages and better diagnostics labels Jun 9, 2022
@Artturin
Copy link
Member

Artturin commented Jun 9, 2022

@Ma27

@Artturin Artturin mentioned this issue Jun 9, 2022
Closed
@edolstra
Copy link
Member Author

edolstra commented Jun 9, 2022

Nix could automatically set safe.directory to the Git repo. Unfortunately, passing the environment variables GIT_CONFIG_COUNT=1 GIT_CONFIG_KEY_0=safe.directory GIT_CONFIG_VALUE_0=<repo> seems to be ignored, even though it should work.

@ncfavier
Copy link
Member

ncfavier commented Jun 9, 2022

Wasn't #6440 supposed to solve this?

@Ma27
Copy link
Member

Ma27 commented Jun 10, 2022

Yes it was and it solved the issues back then.

@edolstra on which Nix version does this happen? Can take a look at sunday, but currently I'm on vacation.

@ncfavier
Copy link
Member

The problem seems to be that #4638 was merged without properly resolving the conflicts in src/libfetchers/git.cc, and some --git-dir flags were removed.

@akiross
Copy link

akiross commented Jun 10, 2022
edited
Loading

Uh, I just opened this and I wonder if it's related. I'm using nix (Nix) 2.9.0pre20220530_af23d38.

TLDR;
I can nix build .#container in a flake repo, but cannot do this with sudo nix build .#container, nor when using remotes.

@nixos-discourse
Copy link

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/remote-building-with-flakes/19656/2

@Ma27
Copy link
Member

Ma27 commented Jun 10, 2022

@ncfavier do you mind filing a patch? otherwise I'll do it on Sunday :)

@ncfavier ncfavier mentioned this issue Jun 10, 2022
Merged
@ncfavier
Copy link
Member

Opened #6643

@ncfavier
Copy link
Member

Also I'd like to mention here that a workaround for the original issue is to use nixos-rebuild --use-remote-sudo instead of sudo nixos-rebuild, which avoids building the flake as root.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug error-messages Confusing messages and better diagnostics
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

libfetchers/git: add missing --git-dir flags ncfavier/nix
6 participants
@akiross @edolstra @ncfavier @Ma27 @nixos-discourse @Artturin