Nix-store --import does not prevent build?

Help
1

Hi all,

I create a simple setup with two machines.

A fast builder one, and a slower one.
Both machine have the same nix store, in particular: /cvmfs/packages.redeardlab.com/nix
Having a custom store path, everything is build from scratch, I am ok with that.

I build bash on the fast machine, it took a while, it builds GCC, etc, but eventually it worked.

Now I would like to install the package bash into the slower machine.

I exported the closure from the fast machine:

$ nix-store -qR  /cvmfs/packages.redbeardlab.com/nix/store/4rsxigbrnrcjlvkrwags4w8vn4l0p957-bash-5.0-p17
/cvmfs/packages.redbeardlab.com/nix/store/ch9axn8z538896ky2dh835lm54zf9whn-libunistring-0.9.10
/cvmfs/packages.redbeardlab.com/nix/store/ifxlq9j8hmj5303252q6cgb8wb5gccz3-libidn2-2.3.0
/cvmfs/packages.redbeardlab.com/nix/store/45j96ybrkc8b4dyn73k1h2wnlbfrglir-glibc-2.31
/cvmfs/packages.redbeardlab.com/nix/store/4rsxigbrnrcjlvkrwags4w8vn4l0p957-bash-5.0-p17

$ nix-store --export $(nix-store -qR  /cvmfs/packages.redbeardlab.com/nix/store/4rsxigbrnrcjlvkrwags4w8vn4l0p957-bash-5.0-p17) > bash.closure

I moved the bash.closure in the slow machine using scp.
And finally I imported the closure back.

nix-store --import < bash.closure

Everything worked correctly, and indeed in the slow machine I now see the store populated with the directory I would expect.

$ ll /cvmfs/packages.redbeardlab.com/nix/store/
total 32
drwxr-xr-x 7 redbeardlab redbeardlab 4096 Nov 30 23:42 ./
drwxr-xr-x 3 redbeardlab redbeardlab 4096 Nov 30 23:42 ../
drwxr-xr-x 2 redbeardlab redbeardlab 4096 Nov 30 23:42 .links/
dr-xr-xr-x 6 redbeardlab redbeardlab 4096 Jan  1  1970 45j96ybrkc8b4dyn73k1h2wnlbfrglir-glibc-2.31/
dr-xr-xr-x 4 redbeardlab redbeardlab 4096 Jan  1  1970 4rsxigbrnrcjlvkrwags4w8vn4l0p957-bash-5.0-p17/
dr-xr-xr-x 3 redbeardlab redbeardlab 4096 Jan  1  1970 ch9axn8z538896ky2dh835lm54zf9whn-libunistring-0.9.10/
dr-xr-xr-x 4 redbeardlab redbeardlab 4096 Jan  1  1970 ifxlq9j8hmj5303252q6cgb8wb5gccz3-libidn2-2.3.0/

However, if in the slow machine I try to install bash nix-env -i bash, it tries to compile everything from scratch.

$ nix-env -i bash                                                      
installing 'bash-5.0-p17'                                                                                                                                                                                   
these derivations will be built:                                                                                                                                                                            
  /cvmfs/packages.redbeardlab.com/nix/store/0gyslks2avwcbrqhw3ddf6j2d0fadm48-gcc-9.3.0.tar.xz.drv 
  /cvmfs/packages.redbeardlab.com/nix/store/f45vl1q70h56xjpc8ii088r8fl6i2wvy-bootstrap-tools.tar.xz.drv
  /cvmfs/packages.redbeardlab.com/nix/store/l4m4rrrbqmxayy9awj1m8z3mhhcxy517-busybox.drv                                                                                                                    
  ...
  /cvmfs/packages.redbeardlab.com/nix/store/s18ms93xrbnkcl3mnwcga40g74n96qqd-bash50-012.drv
  /cvmfs/packages.redbeardlab.com/nix/store/vsi0mjq1q12a9c1xkix75fvbbmxiich5-bash50-010.drv
  /cvmfs/packages.redbeardlab.com/nix/store/279scdvfprpxh3yaki28cn1ir91crmp3-bash-5.0-p17.drv

Why this happens?

I was hoping that the slow machine would just create the necessary symlinks without building any software.

How can this be checked?

2

most likely, the two machines are at two different points on their nix-channel. So nix-env -i bash is resolving to a different .drv . You’ll want to look at FAQ/Pinning Nixpkgs - NixOS Wiki if you’re trying to pin two machines to the same point in time.

1 Like
3

This is helping! Thanks!

However, both machines are using the 20.09 release.

$ nix-channel --list
nixpkgs https://nixos.org/channels/nixos-20.09

Can this still happening? How do I check that the .drv are indeed different?

On the slow machine I can see that nix is trying to build /cvmfs/packages.redbeardlab.com/nix/store/279scdvfprpxh3yaki28cn1ir91crmp3-bash-5.0-p17.drv which is also present in the store of the fast machine /cvmfs/packages.redbeardlab.com/nix/store/279scdvfprpxh3yaki28cn1ir91crmp3-bash-5.0-p17.drv and it is also the only bash-5.0 in the whole store.

4

Or wait, in order to build I had to disable the sandbox, setting sandbox = false in the config.

Can this be the culprit?

5

Being on the same channel does not mean that they are on the same point in time in that channel.
Try this command and compare the output to see which git commits they are currently booting into:

$ nixos-version
20.09.2063.f900be57309 (Nightingale)

However that is not the version used to install programs. Assuming you have a pretty standard install, try this command:

$ cat /nix/var/nix/profiles/per-user/root/channels/nixos/.version*
20.09
.2124.2fe8f337544

Then compare the output.
If you need them to be on the exact same version, use pinning as mention by jonringer above.
If you just want to use one system to build the configuration for both systems, that’s possible as well, either manually or automatic.
Be aware that cross compiling is another challenge and may be more complicated, so if you got two x86_64 systems that’s fine, but if one of them is e.g. a Raspberry Pi or an Apple Mac, that’s a different story.

6

Unfortunately I am not on NixOs, and nixos-version does not seems installed.

The channels are on the same suffix, they were NOT, I update both and now they are.

$ cat /cvmfs/packages.redbeardlab.com/.internal/nix/state/nix/profiles/per-user/redbeardlab/channels/nixpkgs/.version-suffix 
.2122.2fbcd0b9df9

I recreate the closure but they are identical.

And the outcome is exactly the same, the closures are imported, but when I got to install nix-env -i bash it tries to build everything from scratch.