-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix store path copying in Google Compute Engine image build #24264
Conversation
In `nixos/modules/virtualisation/google-compute-image.nix`, copy store paths with `rsync -a` rather than `cp -prd`, because `rsync` seems better able to handle the hard-links that may be present in the store, whereas `cp` may fail to copy them. I have tested that the Google Compute Engine image builds successfully for me with this patch, whereas it did not without this patch. This is the same fix applied for Azure images in commit 097ef6e. Fixes NixOS#23973.
Having fixed the Google Compute Engine image build process's copying of store paths in PR NixOS#24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me.
Having fixed the Google Compute Engine image build process's copying of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me.
Given @clefru's comment here —
— it seems my patch here was only fixing a symptom without addressing the underlying problem? |
@8573: I'd also suspect that rsync just works around the 9p corruption bug. When applying the 9p client fixes, cp doesn't complain anymore, so that's proof enough for me that there are on actual hard-links. I am not sure on whether I'd keep rsync over cp. Eventually it doesn't matter that much. What I hoped to do was to unify all the image building scripts for GCE/Azure/AWS as they all look very similar to each other. But that's the matter of a different PR. |
Having fixed the Google Compute Engine image build process's copying of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me. (cherry picked from commit a4ac550)
Having fixed the Google Compute Engine image build process's copying of store paths in PR NixOS#24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me. (cherry picked from commit a4ac550)
In
nixos/modules/virtualisation/google-compute-image.nix
, copy storepaths with
rsync -a
rather thancp -prd
, becausersync
seemsbetter able to handle the hard-links that may be present in the store,
whereas
cp
may fail to copy them.I have tested that the Google Compute Engine image builds successfully
for me with this patch, whereas it did not without this patch.
This is the same fix applied for Azure images in commit
097ef6e.
Fixes #23973.