build-support: fix nix-prefetch-* on macOS #358685
Conversation
| @@ -121,7 +121,7 @@ fi | |||
|
|
|||
| sourceUrl="docker://$imageName@$imageDigest" | |||
|
|
|||
| tmpPath="$(mktemp -d "${TMPDIR:-/tmp}/skopeo-copy-tmp-XXXXXXXX")" | |||
| tmpPath="$(mktemp -d "$(realpath "${TMPDIR:-/tmp}/skopeo-copy-tmp-XXXXXXXX")")" | |||
There was a problem hiding this comment.
How about:
| tmpPath="$(mktemp -d "$(realpath "${TMPDIR:-/tmp}/skopeo-copy-tmp-XXXXXXXX")")" | |
| tmpPath="$(realpath "$(mktemp -d --tmpdir skopeo-copy-tmp-XXXXXXXX)")" |
and analoguously for all the others?
There was a problem hiding this comment.
This actually used to use --tmpdir over 10 years ago, but was changed to use TMPDIR in 5e7a1cf.
It does look like my /usr/bin/mktemp does support --tmpdir on macOS 15.1.1, but I'm not sure how far back that goes. I could add coreutils to all the prefetch scripts to try & make sure we've always got a usable mktemp --tempdir ..?
There was a problem hiding this comment.
Ah, I knew I kept my trusty 10.12 VM around for something:
So this would be fine as‐is for 25.05 I think but not for 24.11. However, yes, we probably ought to just add coreutils to the list of common dependencies in pkgs/tools/package-management/nix-prefetch-scripts/default.nix; all our other Bash scripts assume GNU coreutils anyway.
OK, will try and get the nix devs to confirm whether it's a bug or feature so at least we have something concrete to link to. |
ofborg
bot
added
6.topic: darwin
Since nix 2.20, `nix-store --add-fixed` doesn't accept paths where the parent directory is a symlink. On macOS, /tmp is a symlink to /private/tmp, which causes a "'/tmp' is a symlink" error: ``` $ nix run github:nixos/nixpkgs/24.11-beta#nix-prefetch-git -- --url https://github.com/IFTTT/polo.git --rev 316aa2ac210a45a7fc400ab921831493d5dd21b8 --hash sha256 Initialized empty Git repository in /private/tmp/git-checkout-tmp-1Bf9bIv7/polo-316aa2a/.git/ remote: Enumerating objects: 51, done. remote: Counting objects: 100% (51/51), done. remote: Compressing objects: 100% (42/42), done. remote: Total 51 (delta 8), reused 19 (delta 5), pack-reused 0 (from 0) Unpacking objects: 100% (51/51), 19.57 KiB | 541.00 KiB/s, done. From https://github.com/IFTTT/polo * branch HEAD -> FETCH_HEAD Switched to a new branch 'fetchgit' removing `.git'... error: path '/tmp' is a symlink ``` Avoid this by resolving /tmp to a real directory in all the prefetch scripts
jdelStrother
force-pushed
the
prefetch-symlink-errors
branch
from
b5af7fc to
b81ee0e
Compare
macOS 10.12 doesn't have a usable --tmpdir flag on the builtin mktemp, but we can make use of coreutil's mktemp instead.
jdelStrother
force-pushed
the
prefetch-symlink-errors
branch
from
b81ee0e to
6cb8c5e
Compare
|
I think this is an intentional change rather than bug, judging by NixOS/nix@83c067c. Shall I just update the comments to point to that commit, rather than the issue at NixOS/nix#11941 ? |
|
I think that rather that’s just an API change that they didn’t properly update all the callers of. I still think it is a Nix bug. |
|
I agree with emilazy. This breaks something that previously worked. And adding something that is behind a symlink (but not necessarily the symlink itself!) seems a valid usecase to me. |
|
I think this PR would fix what is currently breaking It starts doing its work, then gets |
|
Yeah, sounds like the same issue. |
|
Tested those prefetchers and they seem to work. Will bring up the bug in Nix again in the next meeting. |
|
Successfully created backport PR for |
|
Thanks! |
|
Work in progress pull request in nix that attempts to fix this: NixOS/nix#12046 |
Since nix 2.20,
nix-store --add-fixeddoesn't accept paths where the parent directory is a symlink. On macOS, /tmp is a symlink to /private/tmp, which causes a'/tmp' is a symlinkerror:Avoid this by resolving /tmp to a real directory in all the prefetch scripts
Fixes #358113
I don't see mention of the symlink-change in the nix 2.20 release notes, but I tested with this to narrow down the point where things started breaking:
Substitute nix_2_20 with nix_2_19 to see the old behavior which happily accepted symlinked directories.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.