Fetchgit suddenly can't clone a local repository

I have a variety of local repositories (not stored on github, but strictly on my own machine) that I address through file:/// links. I also have a Cargo.nix file, generated with crate2nix, which includes this stanza:

        src = pkgs.fetchgit {
          url = "file:///home/savanni/src/fluent-ergonomics/";
          rev = "d6adea30d2edfb8c7049459ff1e640f0c4def487";
          sha256 = "17vdf91caivz5afg51azk1lg7fgph3mjm6kbvszvkgvjxb4gw0pa";
        };

I generated this file a month ago and installed the application that uses this file. No problems until the last couple of days.

Now, suddenly, nixbld seems unable to clone the above repository.

git/
fatal: '/home/savanni/src/fluent-ergonomics/' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: '/home/savanni/src/fluent-ergonomics/' does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
Unable to checkout d6adea30d2edfb8c7049459ff1e640f0c4def487 from file:///home/savanni/src/fluent-ergonomics/.
error: builder for '/nix/store/c5icfznbamr36z9chq4s5dcrws0c9671-fluent-ergonomics-d6adea3.drv' failed with exit code 1;
       last 10 log lines:
       > fatal: Could not read from remote repository.
       >
       > Please make sure you have the correct access rights
       > and the repository exists.
       > fatal: '/home/savanni/src/fluent-ergonomics/' does not appear to be a git repository
       > fatal: Could not read from remote repository.
       >
       > Please make sure you have the correct access rights
       > and the repository exists.
       > Unable to checkout d6adea30d2edfb8c7049459ff1e640f0c4def487 from file:///home/savanni/src/fluent-ergonomics/.
       For full logs, run 'nix log /nix/store/c5icfznbamr36z9chq4s5dcrws0c9671-fluent-ergonomics-d6adea3.drv'.

I’ve verified that it’s not a permissions issue by becoming the nixbld1 user and moving to that directory above.

So, where do I go next to diagnose it? Would something have changed recently to make fetchgit not accept file:/// links? This is something I use frequently when developing updates to my software, so I depend on it to be able to install my software without needing to publish it.

Don’t you need to point to the .git folder? Or is the repository bare?

No, this is the full repository. I’ve never needed to point to the .git folder before. I’d prefer to point to the bare repository, but that’s never worked before, though I couldn’t tell you why.

I have a local copy of nixpkgs and have put some debugging lines into the nix-fetch-git script. Plus I’ve also put in a forced failure assertion in my copy of fetchgit. Since the assertion is not being hit, and since my debugging lines aren’t appearing, then clearly I’m not getting the fetchgit function that I expect.

When I use trace on pkgs.fetchgit, all I get is

trace: { __functionArgs = <CODE>; __functor = <CODE>; override = <CODE>; }

How can I track down exactly which derivation of pkgs.fetchgit is being used?

I have been able to build a minimal example that demonstrates this problem. You’ll need to provide your own repository in your home directory to run the example, but it’s pretty straightforward:

In this example, I’ve determined that apparently nix-fetch-git is now running within a sandbox that hides my home directory, which is rather the opposite of what should be happening with pkgs.fetchgit.

Did you ever figure out a way around this? Running into the same problem.

I suspect the actual issue at hand is simply that the builder is not allowed to access your home directory. While the sandbox is indeed relaxed in FODs, plain old POSIX permissions still apply.

IIRC builtins.fetchGit runs at eval time and therefore might run as your user? I’d give that a try.

Yeah that did the trick, thanks!