Building a statically linked nix for hpc environments

danielbarter · January 7, 2021, 5:02pm

After being chewed out by my sysadmin over slack for asking whether we can enable user namespaces on the compute cluster, I am interested in building a statically linked nix executable with custom /nix/store and /nix/var locations that I can transfer over to the cluster with a copy of nixpkgs and rebuild everything I need from scratch.

Here is what I have so far:

with (import <nixpkgs> {});

pkgsStatic.nix.overrideAttrs (oldAttrs: rec {
  configureFlags = [ "--with-store-dir=/foo/.nix/store"
                     "--localstatedir=/foo/.nix/var"
                     "--sysconfdir=/foo/.nix/etc"
                     "--enable-gc"
                     "--disable-shared"
                     "--build=x86_64-unknown-linux-gnu"
                     "--host=x86_64-unknown-linux-musl" ];
    })

but the resulting executable keeps trying to lstat /nix when doing anything non trivial which is undesirable.

Is what I am trying to do even possible? If so, it would be super useful for people who want to use nix on large shared computer systems, and I would be more than happy to put in the work to get it done.

symphorien · January 7, 2021, 9:11pm

Maybe try using these environment variables at runtime:

github.com

NixOS/nix/blob/0df69d96e02ce4c9e17bd33333c5d78313341dd3/tests/common.sh.in#L5-L14


      
          if ! NIX_STORE_DIR=$(readlink -f $TEST_ROOT/store 2> /dev/null); then
              # Maybe the build directory is symlinked.
              export NIX_IGNORE_SYMLINK_STORE=1
              NIX_STORE_DIR=$TEST_ROOT/store
          fi
          export NIX_LOCALSTATE_DIR=$TEST_ROOT/var
          export NIX_LOG_DIR=$TEST_ROOT/var/log/nix
          export NIX_STATE_DIR=$TEST_ROOT/var/nix
          export NIX_CONF_DIR=$TEST_ROOT/etc
          export NIX_DAEMON_SOCKET_PATH=$TEST_ROOT/daemon-socket

nix uses these to run its test so they should work

danielbarter · January 8, 2021, 10:35pm

good idea @symphorien, but unfortunately setting those env variables doesn’t fix the problem. Infact, i just notice that if you search for strings in the static executable generated by the above nix expression, it still has strings like /nix/store and /nix/var ect floating around, so im guessing that I am just missing some configure flags or something like that

knedlsepp · January 8, 2021, 10:49pm

I remember doing this a couple of years ago. I think this can be compared to bootstrapping a compiler toolchain on a new target. The point being that the nix that you built is only half way. It will “live” in /nix/store but know how to build for /foo. You will need to build a third nix using that second nix that will live in /foo and build for /foo.

danielbarter · January 9, 2021, 1:43am

@knedlsepp: that makes so much sense! So i built the nix which lives in /nix/store but targets /foo/.nix/store using the above derivation. When I try and use this new nix to build the derivation again i get the following error:

error: attribute 'unsafeDiscardStringContext' missing, at /home/danielbarter/nixpkgs/lib/strings.nix:429:13

which is very strange since unsafeDiscardStringContext appears to be a builtin function

hmenke · January 9, 2021, 10:54am

If you can’t use user namespaces, maybe the PRoot variant works for you: Nix Installation Guide - NixOS Wiki

Since you’re in an HPC environment your home directory is probably on NFS, so you need to build Nix with two extra patches, namely the attribute patch and the SQLite patch.

See also this blog post: Local Nix without Root :: Rohit Goswami — Reflections

danielbarter · January 9, 2021, 5:40pm

I tried using proot, but I couldn’t get a static version building on either nixpkgs master or nixpkgs stable (nix trying to lstat "/nix" when built with --with-store-dir=foo --localstatedir=bar · Issue #4432 · NixOS/nix · GitHub).

Regardless, i don’t particularly like the proot solution: using qemu to implement a user chroot just feels kind of clunky to me. I would much prefer to build a static version of nix on my local machine and transfer it over.

The home dir is indeed nfs, so i will keep those patches in mind.

I’ve actually tried the approach from Rohit’s blog post before (building nix from source on the foreign machine). I ended up getting stuck because I couldn’t for the life of me get their compiler to detect my downloaded version of libeditline. Avoiding this type of problem is why I like nix so much in the first place!

I am hopeful that I can get @knedlsepp’s double build static nix working. At the very least it is a cool trick!

knedlsepp · January 9, 2021, 10:29pm

I guess you could try to get the “normal” dynamic build working first. That one is better supported. And then work your way to building statically. (I think for your application the “static” part isn’t as important as the custom prefix anyway)

danielbarter · January 10, 2021, 12:46am

@knedlsepp: seems like a good idea, then you can just transfer the store you build over (possibly with some fiddling to get the symlinks to stick).

Here is where I got: GitHub - danielbarter/hpc-nix

but this is giving me the following error:

configure flags: --disable-dependency-tracking --prefix=/global/home/users/dbarter/nix/store/z899n47cy9m793wr4832h1kc85zwjz73-gnum4-1.4.18 --with-syscmd-shell=/global/home/users/dbarter/nix/store/ahvz416s9795rszckcicvghzpd1mkhrw-bootstrap-tools/bin/bash
/global/home/users/dbarter/nix/store/0c1090hab3yb9xzihna7rf7cxhs1ix5i-bootstrap-stage1-stdenv-linux/setup: ./configure: /bin/sh: bad interpreter: No such file or directory
builder for '/global/home/users/dbarter/nix/store/pg6p7xl4dpl86adn0r3r2q7hf3r24lna-gnum4-1.4.18.drv' failed with exit code 126

Not sure what exactly is going wrong here. I’ll try some more tomorrow.

hmenke · January 10, 2021, 3:50pm

If your home is on NFS you definitely need those patches. Without the attribute patch you won’t even be able to install Nix, but instead receive

error: removing extended attribute ‘system.nfs4_acl‘

and without the SQLite patch, the Nix database will either deadlock or become corrupted sooner or later.

danielbarter · January 10, 2021, 5:18pm

@hmenke: Yah, i added the patches.

knedlsepp · January 10, 2021, 7:22pm

I added a PR that I think should fix your problem: Make use of existing nix parameters by knedlsepp · Pull Request #1 · danielbarter/hpc-nix · GitHub

danielbarter · January 10, 2021, 10:00pm

thanks @knedlsepp: building it now. Seems to be working. Was there some sort of aliasing issue which gets fixed by using nix, nix-intermediate and nix-final?

knedlsepp · January 10, 2021, 10:25pm

I think it was mostly using overrideAttrs instead of override which did change more than you actually aimed for.
The build.sh Change was just because nix complained that it won’t override existing “result” symlinks.

danielbarter · January 11, 2021, 3:45am

Yep it works perfectly. Thanks for the help everyone. Here is the repo once again for anyone that is trying to figure this out again in the future: GitHub - danielbarter/hpc-nix

edolstra · January 13, 2021, 2:36pm

Note that there is a single-file statically linked Nix distribution now. You can get it as follows:

# curl -L https://hydra.nixos.org/job/nix/master/buildStatic.x86_64-linux/latest/download-by-type/file/binary-dist > nix
# chmod +x ./nix

and use it with a non-standard Nix store as follows:

# NIX_REMOTE='local?store=/home/eelco/nix/store&state=/home/eelco/nix/var/nix&log=/home/eelco/nix/var/log/nix' /path/to/nix \
  --experimental-features 'nix-command flakes' \
  build nixpkgs#hello

tomberek · January 13, 2021, 6:36pm

path '/nix/store/k7053q8cbnyplysc319n1n1fgbkxidzd-flake-registry.json' is not in the Nix store

Not quite sure the right way to add that in manually. Attemped store add-file and store add-path, but the paths end up wrong. Also tried manually placing it where it needs to be, but the db.sqlite probably needs the entry before that will work.

Or I’m missing something simple.

edolstra · January 14, 2021, 10:49am

Try rm -rf ~/.cache/nix. It probably has files like ~/.cache/nix/flake-registry.json that point to the wrong store.

DavHau · February 28, 2021, 2:46pm

In case it helps, I just released nix-portable, which is static and uses bubblewrap/proot under the hood. It should work on all kinds of restricted systems and you can still use the cache.

pimiddy · March 23, 2021, 6:54am

I tried this exact command line and it didn’t work:

[0/78 built, 0/43 copied] error: error: executing '/nix/store/2bw77pxjzs7yj09vlchnw96lk0dkxwx6-nix-2.4pre20210319_3e0e443-x86_64-unknown-linux-musl/libexec/nix/build-remote': No such file or directory