Trying NixOS out in order to see if it is something for me or not, and if I should go for NixOS rather than e.g. Debian.
In my job I sometimes have to use python scripts made by others, and every now and then some of the scripts require python to be run with e.g. sudo due communication with a serial device or whatever. Most of these projects come with a requirements.txt file and for now I’ve always dealt with this by just making a venv for that specific project and installing the required packages with pip. However, sometimes I also have to install various system packages for things to work, and that is one of the things that tempts me with NixOS, e.g. not having to install all sorts of packages system wide just because one project depends on them.
I’ve made a shell.nix for one of these projects that I’m trying to make work, but I keep running into issues with missing libraries and whatnot, and it seems like I can’t find out the correct way to do this to make the project work under NixOS:
Some of the python packages from the requirements.txt:
- libusb1
- pyserial
- pycrypto
- pycryptodome
- fusepy
My shell.nix looks like the following:
{ pkgs ? import <nixpkgs> { } };
with pkgs:
nativeBildInputs = [
pkg-config
];
buildInputs = [
openssl_1_1
libusb1
hidapi #not sure if I need this, but doesn't matter for now
fuse3
python311Packages.fusepy
];
shellHook = ''
export LD_LIBRARY_PATH=${pkgs.openssl}/lib:${pkgs.libusb1}/lib:${pkgs.stdevn.cc.cc.lib}/lib:${pkgs.fuse3}/lib:$LD_LIBRARY_PATH
'';
}
Due to the dependency on the old version of openssl for this exact project have already run export NIXPKGS_INSECURE=1
Now, this is where it get’s annoying. If I do it this way,
nix-shell shell.nix
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
python3 somescript.py
Script runs, but only until I reach the point where uid of the current user is checked, and then it fails, because I need to run the script with sudo privileges.
However, if I run sudo venv/bin/python3 somescript.py, I get the following error OSError: libusb-1.0.so: cannot open shared object file: No such file or directory
Trying to bypass this by running nix-shell with sudo privileges (sudo NIXPKGS_INSECURE=1 nix-shell shell.nix ... etc) results in pip not being able to build scrypt due to not finding openssl, so basically the LD_LIBRARY_PATH that is exported with the shellHook in the shell.nix is missing, so just a new set of issues.
I also assume this is not the right way to do this, thus I wonder what’s the correct thing to do in order to be able to run a python venv with elevated privileges inside a nix-shell?