Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dockerTools.buildImageWithNixDb fails when also using runAsRoot #34779

Closed
samueldr opened this issue Feb 9, 2018 · 0 comments · Fixed by #40947
Closed

dockerTools.buildImageWithNixDb fails when also using runAsRoot #34779

samueldr opened this issue Feb 9, 2018 · 0 comments · Fixed by #40947

Comments

@samueldr
Copy link
Member

samueldr commented Feb 9, 2018
edited

Issue description

When using runAsRoot with buildImageWithNixDb using a recent-enough nixpkgs checkout, it is failing with:

/nix/store/...-stdenv/setup: eval: line ____: syntax error near unexpected token `('

The exact line changes depending on the script built by dockerTools, which depends on what is added to runAsRoot.

Steps to reproduce

Use cb6fc52 (or later up to today) and try producing an image using both runAsRoot and buildImageWithNixDb.

repro.nix

let
  hostPkgs = import <nixpkgs> {};
  pinnedPkgs = hostPkgs.fetchFromGitHub {
    owner = "NixOS";
    repo = "nixpkgs-channels";
    # First revision failing.
    #rev = "cb6fc52f998f8f3106a1506c052cffae752e8b7c";
    #sha256 = "0fv25qj85qn9rhrlh7kbgddjy99dh96jrdw0vk08l09g3qk0x8fi";
    # Last revision working.
    rev = "df589a438e01c06a6661cbd18bfe8f568d8b7f83";
    sha256 = "1y75nw9n2rjz925hd21bs91azaggm4ry2h886hnd0pjkrq07h8gg";
  };
  pkgs = import pinnedPkgs { config = {}; };
in
  with pkgs;
  dockerTools.buildImageWithNixDb {
    name = "nix";
    contents = [
      coreutils
      nix
    ];
    runAsRoot = ''
      #!${pkgs.stdenv.shell}
      echo "everything is working fine"
    '';
    config = {
      Env = [ "NIX_PAGER=cat" ];
    };
  }

Technical details

Please run nix-shell -p nix-info --run "nix-info -m" and paste the
results.

Here they are, but should be irrelevant AFAIK since it's using a pinned nixpkgs checkout.

 - system: `"x86_64-linux"`
 - host os: `Linux 4.14.15, NixOS, 17.09.git.c1d9aff (Hummingbird)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 1.11.16`
 - channels(root): `"nixos-17.09.2955.76614894f34"`
 - nixpkgs: `/etc/nixos/nixpkgs`

The issue, while being present from that commit onward, is possibly not caused by that commit. As far as I understand it from a shallow inspection, it seems to come from the way the scripts are ran with dockerTools, it is an eval of variables. Something spooky is possibly happening when the script is ???? into the qemu vm for use with runAsRoot. The failure, in some tests I did, comes also(?) from this line of comments:

        echo "Copying everything to /nix/store (will take a while)..."

It would be the parenthesis present in that line which is causing an issue.
@samueldr samueldr mentioned this issue May 23, 2018
Merged
samueldr added a commit to samueldr/nixpkgs that referenced this issue May 24, 2018
@samueldr
dockerTools: fixes extraCommands for mkRootLayer.
60737bd 
The extraCommands was, previously, simply put in the body of the script
using nix expansion `${extraCommands}` (which looks exactly like bash
expansion!).

This causes issues like in NixOS#34779 where scripts will eventually create
invalid bash.

The solution is to use a script like `run-as-root`.

 * * *

Fixes NixOS#34779
samueldr added a commit to samueldr/nixpkgs that referenced this issue May 24, 2018
@samueldr
tests/docker-tools: Adds regression test for NixOS#34779
902b059
globin pushed a commit to mayflower/nixpkgs that referenced this issue May 26, 2018
@samueldr @globin
dockerTools: fixes extraCommands for mkRootLayer.
ac35333 
The extraCommands was, previously, simply put in the body of the script
using nix expansion `${extraCommands}` (which looks exactly like bash
expansion!).

This causes issues like in NixOS#34779 where scripts will eventually create
invalid bash.

The solution is to use a script like `run-as-root`.

 * * *

Fixes NixOS#34779

(cherry picked from commit 60737bd)
globin pushed a commit to mayflower/nixpkgs that referenced this issue May 26, 2018
@samueldr @globin
tests/docker-tools: Adds regression test for NixOS#34779
dc2ac5f 
(cherry picked from commit 902b059)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

dockerTools: fixes extraCommands for mkRootLayer. samueldr/nixpkgs
1 participant
@samueldr