While Build Nix-project Getting sqlite execution error

Hi, I am trying to build Nix Project. But getting bellow error.

error: executing SQLite statement ‘pragma synchronous = normal’: unable to open database file, unable to open database file (in ‘/nix/var/nix/db/db.sqlite’)
[5/9 built, 908 copied (7958.5/7962.0 MiB), 621.9 MiB DL] nix: src/libutil/serialise.cc:384: nix::Error nix::readError(nix::Source&): Assertion `havePos == 0’ failed.

• I tried to clean up storage.

nix-collect-garbage -d

• Reinstall Nix.

• Remove the db.sqlite file

sudo systemctl stop nix-daemon
sudo rm /nix/var/nix/db/db.sqlite
sudo nix-store --init
sudo systemctl start nix-daemon

But Nothing works. Still getting above error.

Are you using NixOS or is this a multi-user nix install on another distro? How did you install nix?

I don’t know too much about how nix works on other distros, but you seem to be using nix as a user, perhaps the mechanism to elevate nix’ permissions to edit the nix store isn’t working.

Using the multi-user nix.
install by this :

sh <(curl https://nixos.org/releases/nix/nix-2.13.1/install) --daemon

permissions to edit the nix store isn’t working.

If this is the issue how to resolve this?

Re-installing Nix in system resolve this issue.

To uninstall NIx :

sudo systemctl stop nix-daemon.socket
sudo systemctl stop nix-daemon.service
sudo systemctl disable nix-daemon.socket
sudo systemctl disable nix-daemon.service
sudo systemctl daemon-reload
sudo mv /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
sudo rm -rf “/etc/nix” “/nix” “/root/.nix-profile” “/root/.nix-defexpr” “/root/.nix-channels” “/root/.local/state/nix” “/root/.cache/nix” “/home/ayush/.nix-profile” “/home/ayush/.nix-defexpr” “/home/ayush/.nix-channels” “/home/ayush/.local/state/nix” “/home/ayush/.cache/nix”

To install back

sh <(curl https://nixos.org/releases/nix/nix-2.13.1/install) --daemon

But want to understand why this issue occurs?

@TLATER can you know any specific reason for this kind of behavior of Nix (Permission issue). Rather then re-installing nix is we have any other solution also for above issue?

Usually such things shouldn’t happen.

Though depending on the host system some system wide events require a re-installation of nix for various reasons. Though I fail to see why there ever should be permission issues with the nix-db.

Permission problems that deep below /nix usually are a hint for some kind of corrupted internals or a user error.

It is sad that you haven’t shown the DBs file details, like ownership and/or permissions, nor the exact command that caused the error.

That makes debugging this issue postmortem more gueswork than actual deduction.

Permission of the file

ls -l /nix/var/nix/db/
total 16784
-rw------- 1 root nixbld       0 Jun  5 15:58 big-lock
-rwxr-xr-x 1 root nixbld 8790016 Jun  7 15:42 db.sqlite
-rw------- 1 root nixbld 8388608 Jun  5 15:58 reserved
-rw-r--r-- 1 root nixbld       2 Jun  5 15:58 schema

Command that cause this error :

nix develop --extra-experimental-features nix-command --extra-experimental-features flakes

And when I run this with sudo its working fine.

You have this issue right now again?

Or is this from the affected ssytems logs prior to reinstallation?

If this is indeed a system that is affected right now, please check the permissions and ownerships of the daemon socket (/nix/var/nix/daemon-socket/socket)

Issue is still there.
Permissions for socket file

srwxrwxrwx 1 root nixbld 0 Jun 5 15:58 /nix/var/nix/daemon-socket/socket

This is not quite what I would expect. Especially the x is weird (and that its group is nixbld).

On my NixOS its owned by root:root, on the MacOS it is root:wheel. In both cases perms are (socket)666.

Besides of that, is your nix deamon running? What is it logging?

$ nix-daemon

error: cannot bind to socket ‘/nix/var/nix/daemon-socket/socket’: Address already in use

With “is it running” I meant to check systemctl status nix-daemon.service or whatever is appropriate for your system.

$ sudo systemctl status nix-daemon

● nix-daemon.service - Nix Daemon
     Loaded: loaded (/etc/systemd/system/nix-daemon.service; linked; vendor preset: enabled)
     Active: active (running) since Wed 2023-06-07 16:55:06 IST; 13min ago
TriggeredBy: ● nix-daemon.socket
       Docs: man:nix-daemon
             https://nixos.org/manual
   Main PID: 591903 (nix-daemon)
      Tasks: 2 (limit: 76800)
     Memory: 3.7M
        CPU: 162ms
     CGroup: /system.slice/nix-daemon.service
             └─591903 nix-daemon --daemon

Jun 07 16:55:06 ayushg systemd[1]: Started Nix Daemon.
Jun 07 16:55:16 ayushg nix-daemon[591903]: accepted connection from pid 591913, user ayush (trusted)

Looks correct so far.

The only 2 things that keep me confused across all your outputs:

1. Your socket and the nix-db are “executable”, I do not have this on my Mac nor NixOS machine
2. The files groups are nixbld rather than root or wheel as on my NixOS and Mac.

Whether or not this is acceptable or because of the version differences (I use 2.17pre on all of my machines) or specific to the host OS you use or even the reason for your problems, I have no clue…

Therefore one last question out of desperation: Is your host system using some security thing like Apparmor or SELinux? Noth whether you have actively configured it, just if it is enabled/installed in general?

$ dpkg -l | grep apparmor

ii  apparmor                                   3.0.4-2ubuntu2.2                        amd64        user-space parser utility for AppArmor
ii  libapparmor1:amd64                         3.0.4-2ubuntu2.2                        amd64        changehat AppArmor library

$ dpkg -l | grep SELinux

ii  libselinux1:amd64                          3.3-1build2                             amd64        SELinux runtime shared libraries
ii  libsemanage-common                         3.3-1build2                             all          Common files for SELinux policy management libraries
ii  libsemanage2:amd64                         3.3-1build2                             amd64        SELinux policy management library
ii  libsepol2:amd64                            3.3-1build1                             amd64        SELinux library for manipulating binary security policies

I haven’t used debian based systems for 5 years, what does this mean?

The command dpkg -l | grep apparmor is used to list installed packages on a Debian-based system and filter the results to show only the packages containing the term “apparmor” in their names or descriptions. Here’s a breakdown of the command:

• dpkg -l : The dpkg command is a package manager used in Debian-based systems to manage installed packages. The -l option lists all installed packages along with their details.
• | : The pipe symbol ( | ) is used to redirect the output of the preceding command to the next command as input.
• grep apparmor : The grep command is a text search tool that filters the input based on a specified pattern. In this case, it searches for the term “apparmor” in the input obtained from the dpkg -l command.

By running dpkg -l | grep apparmor , you will get a list of installed packages that include “apparmor” in their names or descriptions. This can help you determine if the AppArmor security framework is installed on your system and which specific packages related to AppArmor are present.

Name                                       Version                                 Architecture Description
+++-==========================================-=======================================-============-================================================================================
ii  apparmor                            3.0.4-2ubuntu2.2                      amd64        user-space parser utility for AppArmor

But is it activated and doing something or are just some random files lingering in your filesystem that belong to that package?

This seems to be ubuntu, which has it enabled by default. No idea how you’re supposed to make nix work with apparmor enabled, though, at best I might be able to handle selinux permissions.