Fix store path copying in Google Compute Engine image build #24264
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In `nixos/modules/virtualisation/google-compute-image.nix`, copy store paths with `rsync -a` rather than `cp -prd`, because `rsync` seems better able to handle the hard-links that may be present in the store, whereas `cp` may fail to copy them. I have tested that the Google Compute Engine image builds successfully for me with this patch, whereas it did not without this patch. This is the same fix applied for Azure images in commit 097ef6e. Fixes NixOS#23973.
8573
changed the title
8573
added a commit
to 8573/nixpkgs
that referenced
this pull request
Mar 24, 2017
Having fixed the Google Compute Engine image build process's copying of store paths in PR NixOS#24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me.
fpletz
pushed a commit
that referenced
this pull request
Mar 26, 2017
Having fixed the Google Compute Engine image build process's copying of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me.
|
Given @clefru's comment here —
— it seems my patch here was only fixing a symptom without addressing the underlying problem? |
|
@8573: I'd also suspect that rsync just works around the 9p corruption bug. When applying the 9p client fixes, cp doesn't complain anymore, so that's proof enough for me that there are on actual hard-links. I am not sure on whether I'd keep rsync over cp. Eventually it doesn't matter that much. What I hoped to do was to unify all the image building scripts for GCE/Azure/AWS as they all look very similar to each other. But that's the matter of a different PR. |
globin
pushed a commit
that referenced
this pull request
Mar 27, 2017
Having fixed the Google Compute Engine image build process's copying of store paths in PR #24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me. (cherry picked from commit a4ac550)
adrianpk
added a commit
to adrianpk/nixpkgs
that referenced
this pull request
May 31, 2024
Having fixed the Google Compute Engine image build process's copying of store paths in PR NixOS#24264, I ran `nixos-rebuild --upgrade switch`... and the GCE image broke again, because it sets the NixOS configuration option for the sysctl variable `kernel.yama.ptrace_scope` to `mkDefault "1"`, i.e., with override priority 1000, and now the `sysctl` module sets the same option to `mkDefault "0"` (this was changed in commit 86721a5). This patch raises the override priority of the Google Compute Engine image configuration's definition of the Yama sysctl option to 500 (still lower than the priority of an unmodified option definition). I have tested that this patch allows the Google Compute Engine image to again build successfully for me. (cherry picked from commit a4ac550)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In
nixos/modules/virtualisation/google-compute-image.nix, copy storepaths with
rsync -arather thancp -prd, becausersyncseemsbetter able to handle the hard-links that may be present in the store,
whereas
cpmay fail to copy them.I have tested that the Google Compute Engine image builds successfully
for me with this patch, whereas it did not without this patch.
This is the same fix applied for Azure images in commit
097ef6e.
Fixes #23973.