Remote building with flakes

akiross · June 10, 2022, 9:59am

Hello,
I’m trying to use a remote nix machine to build a flake - ensuring that flake.lock is honored and everything would be the same as if I did this locally. I’m on 22.05 with nix 2.9.0pre20220530_af23d38.

I want to build a container with nix and I have a (private) git repo with a flake similar to the following (and a flake.lock of course):

{
  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";

  outputs = { self, nixpkgs }:
    let
      pkgs = import nixpkgs {
        system = "x86_64-linux";
      };
      python_env = pkgs.python39.withPackages (ps: with ps; [
        numpy
      ]);
    in
    {
      container = pkgs.dockerTools.buildImage {
        name = "cuda_py";
        tag = "latest";
        contents = with pkgs; [ busybox python_env ];
      };
    };
}

I can build this locally with nix build .#container, but since I’ll be building some complex stuff, I want this to be built remotely. So I tried using

sudo nix store ping --store 'ssh://user@remote'

and it worked successfully. I can also run

sudo nix build --impure \
    --expr '(with import <nixpkgs> { system = "x86_64-linux"; }; runCommand "foo" {} "uname > $out")' \
    --builders 'ssh://user@remote x86_64-linux'

but when I try to build with the following command, it doesn’t work:

sudo nix build --builders 'ssh://user@remote x86_64-linux' .#container

it doesn’t work, and the problem is related to git:

warning: Not a git repository. Use --no-index to compare two paths outside a working tree
usage: git diff --no-index [<options>] <path> <path>

Diff output format options
    -p, --patch           generate patch
<cut>
    --output <file>       output to a specific file

error: program 'git' failed with exit code 129
       … while fetching the input 'git+file:///home/user/path/to/project'

which… I don’t understand why is happening. The same thing happens if I try to build the project locally, but with sudo:

$ sudo nix build --show-trace .#container
...
error: program 'git' failed with exit code 129
       … while fetching the input 'git+file:///home/user/path/to/project'

I’m not really understanding what is going on here: my guess is that when running with sudo - as well as when running with the builder - it will try to fetch the repo via file path, which makes sense, but I don’t get why it’s not succeeding, and why is diff involved.
Can someone help me?
Thank you!

ncfavier · June 10, 2022, 10:03am

github.com/NixOS/nix

Building a flake by another uid fails with unclear error message

opened 02:17PM - 09 Jun 22 UTC

edolstra

bug error-messages

**Describe the bug** When I run `nixos-rebuild`, I use a flake in my home dir…ectory, i.e. the flake's Git repo is not owned by root. This has started failing with this error message: ``` # nix build /home/eelco/Misc/eelco-configurations/machine/#nixosConfigurations.machine.config.system.build.toplevel warning: Not a git repository. Use --no-index to compare two paths outside a working tree usage: git diff --no-index [<options>] <path> <path> ... error: program 'git' failed with exit code 129 (use '--show-trace' to show detailed location information) ``` This is because of the new security checks in Git 2.35.2 (which make no sense, BTW). A workaround is to set `safe.directory` in `~/.gitconfig`. **Expected behavior** Ideally this should just work. Alternatively, it should print a better error message.

akiross · June 10, 2022, 11:20am

Thank you, it was indeed that issue. I run as root

git config --global --add safe.directory /home/user/path/to/project

to mark the directory safe for the root user and it worked.