Hi everyone!
Story!
A while ago I put together some code, that you can be found in Nix Effect Pod, to be able to isolate software in containers. In this way I can use the NixOS, and home-manager, configurations inside the container. I am using it for everyday tasks, and even though it’s a bit hacky, it works. However, I am facing an issue while running
${nixos.config.system.build.etcActivationCommands}
where you can find in here. I expect this command activate the /etc
directory, by symlinking what’s needed in there, but it causes below problem. By the way, I run it to solve the firefox’s cacert issue, but it caused this problem.
The problem
if you ran
${nixos.config.system.build.etcActivationCommands}
in the image building phase of a container, then run nix-shell
inside the container, it will raise
'daemon': error: unexpected end-of-file
error.
Reproduce the problem.
The guide to launch a firefox container is in its README file, but I would just navigate to the firefox
directory and load the image by(BE AWARE IT MAY TAKE A LOT OF TIME TO RUN THIS COMMAND)
firefox$ nix-build pod.nix && podman load < result
then run it
$ podman run -td --rm \
--user $(id -u):$(id -g) --userns keep-id:uid=$(id -u),gid=$(id -g)\
--name=test firefox-test-machine:latest
and execute
podman exec -it test bash -c 'nix-shell -p zsh'
error: creating directory '/nix/store/.links': Permission denied
However, it’s not the main issue, because in the other containers that are not running etcActivationCommands
, like what you can find here I solve this problem by running nix-daemon --daemon &
as a root user and it fixes the permission denied one, but in this container if I run
$ podman exec -it --user root test bash
# nix-daemon --daemon &
and in another terminal try the nix-shell
$ podman exec -it test bash
$ nix-shell -p zsh
error:
… <borked>
at «none»:0: (source not available)
… while evaluating a branch condition
at /nix/store/1v2csf9xir348c89b35idw5svczxln2k-zg8yil5hm8rwk3658p9kncc0fb7mvlby-source/pkgs/stdenv/booter.nix:99:7:
98| thisStage =
99| if args.__raw or false
| ^
100| then args'
(stack trace truncated; use '--show-trace' to show the full trace)
error: cannot open connection to remote store 'daemon': error: unexpected end-of-file
you can find a similar error in the root terminal now! Btw, if you run something like nix-store --verify --check-contents --repair
you get a similar error message.
Expectation
My question is why running etcActivationCommands
fixes cacerts, but broke the nix-daemon, and how can I fix that? Thank you for your time.
Feel free to correct me, give me feedback, create issue or PR. Thanks.