Hi! Oleg Pykhalov <[email protected]> skribis:
> Ludovic Courtès <[email protected]> writes: > >> Hi, >> >> (+Cc: Oleg, who worked on the Nix service.) >> >> Zhu Zihao via web <[email protected]> skribis: >> >>> I found that if I put "sandbox = false" to /etc/nix/nix.conf. Nix can >>> update channel. Maybe nix's sandbox forget to import some guix binary path? >> >> Yes, probably. There’s probably an option similar to the >> ‘--chroot-directory’ of ‘guix-daemon’ to specify additional directories >> that must be in the “sandbox”. >> >> If you find that option, then we can arrange and add all the >> dependencies of /gnu/store/…/bin/bash there (similar to what >> ‘qemu-binfmt-service-type’ does). > > /gnu/store/…/bin/bash (we need a static-bash) is not enough, we also > should handle all packages (and closures in case binaries are not > static) listed in: > > $(guix build --no-grafts nix)/share/nix/corepkgs/config.nix > > let > fromEnv = var: def: > let val = builtins.getEnv var; in > if val != "" then val else def; > in rec { > shell = > "/gnu/store/pwcp239kjf7lnj5i4lkdzcfcxwcfyk72-bash-minimal-5.0.16/bin/bash"; > coreutils = > "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin"; > bzip2 = "/gnu/store/a9f7wmc75hbpg520phw9z4l9asm3qvsw-bzip2-1.0.8/bin/bzip2"; > gzip = "/gnu/store/ncydgq2znms5n1d2k5yqshhf58nsixwv-gzip-1.10/bin/gzip"; > xz = "/gnu/store/r7k859hmcnkazf492fasqvk25jflnfk6-xz-5.2.4/bin/xz"; > tar = "/gnu/store/v6f44zccwh9z5zk3pjlywjybbi8n2hjh-tar-1.32/bin/tar"; > tarFlags = "--warning=no-timestamp"; > tr = "/gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32/bin/tr"; > nixBinDir = fromEnv "NIX_BIN_DIR" > "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/bin"; > nixPrefix = "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6"; > nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" > "/gnu/store/2x4qyarbmhi3dqcqhkkia6l491yjnf11-nix-2.3.6/libexec"; > nixLocalstateDir = "/nix/var"; > nixSysconfDir = "/etc"; > nixStoreDir = fromEnv "NIX_STORE_DIR" "/nix/store"; > > # If Nix is installed in the Nix store, then automatically add it as > # a dependency to the core packages. This ensures that they work > # properly in a chroot. > chrootDeps = > if dirOf nixPrefix == builtins.storeDir then > [ (builtins.storePath nixPrefix) ] > else > [ ]; > } > > Currently I don't see a way to mount > /gnu/store/57xj5gcy1jbl9ai2lnrqnpr0dald9i65-coreutils-8.32 > dependencies (and other packages) inside the Nix sandbox. In ‘chrootDeps’ above (IIUC), you could add the closure of all these things. To do that, you need to pass #:references-graphs. Then, on the build side, you can use ‘read-reference-graph’ to parse the graph file, get the closures, and add it to ‘chrootDeps’ instead of the empty list. Does that make sense? HTH, Ludo’.
