I have some code that does
def internet_connected?
return @internet_connected if defined?(@internet_connected)
require "resolv"
begin
Resolv::DNS.open do |dns|
dns.timeouts = 2
dns.getaddress("api.github.com")
end
@internet_connected = true
rescue Resolv::ResolvError
@internet_connected = false
end
end
This code seems to think it has network access after which it fails to then do the network calls and the nix build fails.
I’m trying to understand how it might succeed in DNS
let pkgs = import <nixpkgs> {};
in
with pkgs; stdenv.mkDerivation {
name = "test-dns";
# We'll need something like 'bind' for the 'dig' tool (bindUtils in newer Nixpkgs).
nativeBuildInputs = [ dig curl];
# There's no real "source" here, so just override buildPhase
phases = [ "buildPhase" ];
buildPhase = ''
echo "Attempting DNS lookup..."
dig +short google.com
curl https://google.com
'';
}
Interestingly, the dig succeeds on MacOS even with sadnbox enabld
> nix-build test.nix --option sadbox true
this derivation will be built:
/nix/store/xvga8v3a26m63dra3pnw1c46b3caz11c-test-dns.drv
building '/nix/store/xvga8v3a26m63dra3pnw1c46b3caz11c-test-dns.drv'...
Running phase: buildPhase
Attempting DNS lookup...
142.251.40.46
curl: (77) error setting certificate file: /no-cert-file.crt
error: builder for '/nix/store/xvga8v3a26m63dra3pnw1c46b3caz11c-test-dns.drv' failed with exit code 77;
last 4 log lines:
> Running phase: buildPhase
> Attempting DNS lookup...
> 142.251.40.46
> curl: (77) error setting certificate file: /no-cert-file.crt
For full logs, run 'nix log /nix/store/xvga8v3a26m63dra3pnw1c46b3caz11c-test-dns.drv'.
This is on MacOS but the sandbox doesn’t allow DNS on Linux …