nix-helpers: ca56331fa3e22739fc27c1dc46353752ac45cce1
1: # Augment the environment for a derivation by allowing Nix commands to be
2: # called inside the build process
3:
4: { isBroken, lib, nix
5: , nix-daemon-tunnel-socket ? "/var/lib/nix-daemon-tunnel/socket", runCommand }:
6:
7: with builtins;
8: with lib;
9: with import ./util.nix { inherit lib; };
10: with rec {
11: # Our Nix 2.x workaround won't work unless the user creates the needed socket,
12: # either manually or by enabling a service, so we warn them in two ways:
13: # - We check, during evaluation, whether the socket exists. If not, we write
14: # this warning to stderr using 'trace'.
15: # - We also add this warning to the environment variables we return, so that
16: # it's likely to be found by users debugging a broken build.
17: warn = with rec {
18: default = "/nix/var/nix/daemon-socket/socket";
19: warning = evalTime: ''
20: WARNING: Nix 2.x disabled recursive Nix, so we're using a hacky
21: workaround where recursive connections to nix-daemon (i.e. those coming
22: from nixbld users) are sent to a different socket instead, and an SSH
23: tunnel passes them on to the real nix-daemon socket as a different user.
24:
25: This tunnel socket should be at the path '${nix-daemon-tunnel-socket}',
26: which can be overridden by defining 'nix-daemon-tunnel-socket' in your
27: Nix config (overlays, packageOverrides, etc.). You are seeing this
28: message because ${
29: if evalTime then ''
30: the 'withNix' Nix expression checked for the existence of this
31: socket during evaluation and it didn't exist.
32: '' else ''
33: this build environment was defined using 'withNix', and hence may
34: need this socket to be created in order for the build to succeed.
35: ''
36: }
37:
38: There are two ways you can make this extra socket. To just make a
39: one-off socket you can run a command like the following from your normal
40: user account (assuming that nix-daemon is using a socket at ${default}):
41:
42: ssh -nNT -L "${nix-daemon-tunnel-socket}":${default} "$USER"@localhost
43: chmod 0666 "${nix-daemon-tunnel-socket}"
44:
45: You may need to use 'sudo' to create and chmod this file. Keep this
46: tunnel running while you perform Nix commands that need 'withNix'. Note
47: that it's using SSH to log in as yourself, so it assumes that (a) your
48: system/user can initiate SSH connections and (b) your user is able to
49: log in via SSH.
50:
51: The alternative, which is more automated but potentially more invasive,
52: is to provide this socket via a NixOS system service. The nix-config
53: project at http://chriswarbo.net/git/nix-config provides such a service
54: in its nixos/modules/nix-daemon-tunnel.nix file (if it's no longer
55: there, try looking in the project's git history; it may be that the
56: workaround is no longer needed, and Nix versions which require it are
57: now obsolete).
58:
59: If you use the system service, note that the tunnel won't be available
60: the first time you use 'nixos-rebuild' to evaluate and build the new
61: system configuration. If your configuration relies on 'withNix', e.g.
62: for building a system package, you can use the "manual" commands above
63: to make the rebuild work then kill those commands in favour of the
64: system service.
65: '';
66: }; {
67: WITH_NIX_WARNING = if pathExists nix-daemon-tunnel-socket then
68: warning false
69: else
70: trace (warning true) warning false;
71: };
72:
73: # Calculate what value to use for the NIX_REMOTE env var, and also add the
74: # above warning to the environment if needed.
75: remote = with rec {
76: daemon = elem (getEnv "NIX_REMOTE") [ "" "daemon" ];
77: tunnel = daemon && needWorkaround;
78: };
79: (if tunnel then warn else { }) // {
80: NIX_REMOTE = if tunnel then
81: "unix://${nix-daemon-tunnel-socket}"
82: else if daemon then
83: "daemon"
84: else
85: getEnv "NIX_REMOTE";
86: };
87:
88: vars = remote // {
89: NIX_PATH = if getEnv "NIX_PATH" == "" then
90: "nixpkgs=${<nixpkgs>}"
91: else
92: getEnv "NIX_PATH";
93: };
94: };
95: attrs:
96: vars // attrs // {
97: buildInputs = (attrs.buildInputs or [ ]) ++ [ (nix.out or nix) ];
98:
99: # We need to access the tunnel file
100: __noChroot = true;
101: }
Generated by git2html.