Why are some derivations blocked from being GC'ed?

hgl · November 26, 2022, 5:07pm

The result from nix-store --gc --print-roots contains some entries like

{censored} -> /nix/store/<hash>-foo-1.0.0

Where I’m sure I don’t need the foo package anymore.

I have a few questions:

What is this {censored} flag?
I previously added foo in my configuration.nix, but later I removed it, why it was in the root?
How do I make foo be GC’ed by nix?
I actually have a bunch of {censored} root entries that I’d like to be GC’ed. Is there a quick way to batch that?

Thanks in advance.

hgl · November 26, 2022, 5:09pm

Forgot to mention:

nix-store -q --referers-closure /nix/store/<hash>-foo-1.0.0

Only lists itself. So that should prove nothing really depends on foo?

sternenseemann · November 26, 2022, 5:59pm

Some “sensitive information found in /proc” is censored if you are not a trusted-user in nix.conf. Usually /proc related gcroots are processes using store paths which prevents Nix from deleting stuff still required by running processes.

You should be able to view the information by executing the command as root or adding yourself to trusted-users.

hgl · November 26, 2022, 7:44pm

Ah, using sudo showed what were behind those {censored}. I use nix on darwin. Nix was smart enough to keep open files.

Thanks a lot!