Docker build issue - solved

blaggacao · October 15, 2020, 10:28pm

Whenever I try to build a docker image with nix (not nixos), I recently get stuck with this error:

building '/nix/store/ymfhh17bm1n9hsvhgl1ky78qb18d2d1b-registry.quantumops.rocks-ae-dir-web-server-base.json.drv'...
building '/nix/store/280hk9ql82q2n87p8n5j9rhhkn5bg8wf-registry.quantumops.rocks-ae-dir-web-server-bulk-layers.drv'...
building '/nix/store/d6wq607893l6s4v9c6x57mwdfwc1yj5m-closure.drv'...
building '/nix/store/1wlhdi3518fyp92l7w9rnvwqq1wrllr6-registry.quantumops.rocks-ae-dir-web-server-customisation-layer.drv'...
error: moving build output '/nix/store/frbhvc8srsm4jgpah8lfww2pcgw2a5zw-registry.quantumops.rocks-ae-dir-web-server-customisation-layer' from the sandbox to the Nix store: Permission denied

I’m using a pretty recent nixpkgs (12 days ago):
→ https://github.com/nixos/nixpkgs/commit/30e98a4fd67c71277ee95c58c8fd691b69a09183
~~I also use the nix packaged pinned by that version.~~ → it is not respected:

PATH=/home/blaggacao/.nix-profile/bin:/home/blaggacao/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/store/57pilyyns1gvdyw7rxjkpkca1ya667sf-aedir.k8s-env/bin[...]

ll /nix/store/57pilyyns1gvdyw7rxjkpkca1ya667sf-aedir.k8s-env/bin/nix
nix ⇒ /nix/store/jjmar1q8k7l25mdmnhpxs9nwaa38rpnk-nix-2.3.7/bin/nix

# BUT

$ which nix
/home/blaggacao/.nix-profile/bin/nix

# nasty, but crafting the following doesn't seem to fix it
$ which nix
/nix/store/57pilyyns1gvdyw7rxjkpkca1ya667sf-aedir.k8s-env/bin/nix
$ nix --version
nix (Nix) 2.3.7

Bug filed for this occasional discovery during debugging here: nix-shell does also prepend ~/.nix-profile/bin to path -> shadows nix-shell env · Issue #4152 · NixOS/nix · GitHub

I tried with both: sandbox = true and # sandbox = true to no success.

Can anybody help me to fix this? (hopefully upstream)

Things I’ve researched:

Can't build NixOS from source with a chroot store · Issue #2984 · NixOS/nix · GitHub (I think I understand - but is there a work around?)
Fix #2984: attempt to copy if unlinking source directory fails by yorickvP · Pull Request #3321 · NixOS/nix · GitHub (is this relevant?)
registerOutputs(): Don't call canonicalisePathMetaData() twice by edolstra · Pull Request #4054 · NixOS/nix · GitHub (is this a fix?)
[nix-shell] moving build output from the sandbox to the Nix store: Permission denied · Issue #38 · typeclasses/haskell-phrasebook · GitHub (related?)
https://github.com/NixOS/nix/pull/3036 (or is this it?)
Nix-shell and output path

$ nix --version
nix (Nix) 3.0pre19700101_11882d7

works again. That probably means some of those referenced issues can be closed. I’d really like to hint there, but I only understand 10-20% of what’s going on.

blaggacao · October 15, 2020, 11:20pm

When I run as sudo, I’m greeted with:

→ error: the group 'nixbld' specified in 'build-users-group' does not exist

nixinator · October 15, 2020, 11:35pm

single user nix? or multiuser nix?

https://github.com/NixOS/nix/issues/1559

blaggacao · October 16, 2020, 12:26am

I think single user. Since it worked before, might it be a regression?

$ ll /nix
drwxrwxr-x blaggacao blaggacao 2.8 MB Thu Oct 15 18:18:59 2020  store
drwxr-xr-x blaggacao blaggacao   4 KB Fri Jul 17 23:27:05 2020  var

→ I’m running from within a nix shell.

The problem persists with:

$ nix --version
nix (Nix) 3.0pre20200829_f156513

blaggacao · October 16, 2020, 2:24am

$ nix --version
nix (Nix) 3.0pre19700101_11882d7

works again. That probably means some of those referenced issues can be closed. I’d really like to hint there, but I only understand 10-20% of what’s going on.

ldesgoui · November 5, 2020, 2:49pm

I run a single user install on my work machine and upgrading from release-20.03 to release-20.09 has caused the same errors to appear in our use of buildLayeredImage