Need help on passing eval checks with ftp in fetchTarball

Here’s my PR: emacs: integrate macport into generic drv by Atemu · Pull Request #155360 · NixOS/nixpkgs · GitHub

The package evals, builds and runs just fine and the same ftp server is used with fetchTarball inside the derivation aswell.

It’s utterly confusing and I have no idea how I could debug this further.

fetchTarball and other builtin fetchres are not allowed in restricted-eval mode (or rather only specific URLs are allowed for them, which may be empty). In nixpkgs using derivation based fetchers is necessary, like pkgs.fetchzip, pkgs.fetchurl etc.

Derivation based fetchers have the advantage that they’ll be executed at build time, wheras builtin fetchers will fetch at evaluation time. This would be detrimental for nixpkgs, since just planning a build would require downloading all sources which would slow down things on Hydra a lot (especially since evaluation is single threaded).


Yeah but why does it work when I declare the same fetcher inside generic.nix?

Also, I tried using fetchurl and it didn’t make a difference.

fetchurl wouldn’t work as you’d need an extracted tarball in this case, so fetchzip?

The error I can see definitely points to fetchTarball, so I can’t help you further unless you have an error message for the drv fetcher case.

Presumably eval didn’t hit it then, maybe due to laziness?

I just unpacked it manually in the drv. This was for testing anyways and doesn’t need to actually build; eval is the issue.

I’m currently not near the machine where I made those changes but you can just swap out builtins.fetchTarball with fetchurl: fetchurl and call the macport patches with fetchurl in the drv.

Yeah but I don’t see why it shouldn’t just be lazy about fetchTarball too?

What do you mean by fetchurl, builtins.fetchurl or pkgs.fetchurl?


(“Post must be at least 20 characters”)

Surely the eval error must be different then? You are not giving me much to go on here.

Alright, I got the basic eval checks to realise on aarch64-darwin so that I can test.

Here’s the error now but it’s still as cryptic and unhelpful as before, just with a different stack because the place it’s evaluated at has changed.

Slight change to use pkgs.fetchurl: test using fetchurl · Atemu/nixpkgs@0c8011a · GitHub

error: creating directory '/homeless-shelter': Read-only file system

       … while evaluating 'optionalString'

       at /nix/store/bj5x5234nnh8khp2vg51alvdcws6a4xi-source/lib/strings.nix:202:5:

          201|     # String to return if condition is true
          202|     string: if cond then string else "";
             |     ^

       … from call site

       at /nix/store/bj5x5234nnh8khp2vg51alvdcws6a4xi-source/pkgs/applications/editors/emacs/generic.nix:124:6:

          124|     (lib.optionalString (withMacport && !srcRepo) ''
             |      ^
          125|       cp -r ${macportPatches fetchurl}/. .

       … while evaluating the attribute 'postPatch' of the derivation 'emacs-27.2'

       at /nix/store/bj5x5234nnh8khp2vg51alvdcws6a4xi-source/pkgs/stdenv/generic/make-derivation.nix:205:7:

          204|     // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
          205|       name =
             |       ^
          206|         let

       … while querying the derivation named 'emacs-27.2'