nixos-rebuild-ng: fix repl behaving differently on git flakes than bu…#375493
Merged
thiagokokada merged 1 commit intoNixOS:masterfrom Jan 22, 2025
Merged
nixos-rebuild-ng: fix repl behaving differently on git flakes than bu…#375493thiagokokada merged 1 commit intoNixOS:masterfrom
thiagokokada merged 1 commit intoNixOS:masterfrom
Conversation
github-actions
bot
added
the
6.topic: nixos
Member
Author
|
Similar fix for nixos-option: #371835 |
github-actions
bot
added
10.rebuild-darwin: 1
Contributor
thiagokokada
left a comment
thiagokokada
left a comment
There was a problem hiding this comment.
Please run nix-build -A nixos-rebuild-ng.tests.linters and fix the issues.
…ild commands Since we use builtins.getFlake we have behavior differences between normal nix build and the nix repl because builtins.getFlake won't pick up local flakes as git+file but assumes path:// flakes instead. This can have surprising effects such as beeing able to access untracked files that would lead to build failures otherwise or copying large files to the nix store.
Mic92
force-pushed
the
nixos-rebuild-ng
branch
from
2a9b656 to
8e2bc8e
Compare
Member
Author
|
❯ nix-build -A nixos-rebuild-ng.tests.linters |
thiagokokada
approved these changes
Jan 22, 2025
Contributor
thiagokokada
left a comment
thiagokokada
left a comment
There was a problem hiding this comment.
Can't say I completely understand the implications of this change since I don't use things like worktrees, but code-wise it looks good to me and I tested for the basic case and it still works.
3 tasks
13 tasks
thiagokokada
added a commit
to thiagokokada/nixpkgs
that referenced
this pull request
Jun 16, 2025
PR NixOS#375493 was introduced to fix an issue of different behavior between `nixos-rebuild repl` and `nixos-rebuild switch` by forcing usage of `git+file://` protocol when evaluating the Flake. This sadly reintroduced an older issue from the original `nixos-rebuild` that is caused by a pretty nasty bug in `nix`: - NixOS#144811 Let's do the same fix we did for `nixos-rebuild` and just stopping normalizing the Flake (NixOS#153515). This will bring back the original issues this code is supposed to fix, but I argue that a difference between `nixos-rebuild repl` and `nixos-rebuild switch` is better than having a broken system.
13 tasks
thiagokokada
added a commit
to thiagokokada/nixpkgs
that referenced
this pull request
Jun 19, 2025
When `path://` or `git+file://` protocol is used in Flake mode (that is the most common case since we normalize the paths, see PR NixOS#375493) and the current working directory in a symlink pointing base store path to the Nix store (e.g., /run/opengl-driver/lib), there is a nasty bug where Nix resolves the path as the Nix store path of the current derivation instead of the target derivation. Since we blindly activate this path, this can corrupt the installation and break some other activation scripts, like `systemd-boot-builder.py`. While it is possible to recover this situation using `nix-env -p /nix/var/nix/profiles/system --delete-generations old`, this is far from ideal. This commit solves it by validating that the resolved NixOS configuration path includes at least `$out/nixos-version`. I am not sure if this is going to break some cases so there is a escape hatch in the form of the environment variable `NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM`, but in general it looks safe.
nixpkgs-ci bot
pushed a commit
that referenced
this pull request
Jun 22, 2025
When `path://` or `git+file://` protocol is used in Flake mode (that is the most common case since we normalize the paths, see PR #375493) and the current working directory in a symlink pointing base store path to the Nix store (e.g., /run/opengl-driver/lib), there is a nasty bug where Nix resolves the path as the Nix store path of the current derivation instead of the target derivation. Since we blindly activate this path, this can corrupt the installation and break some other activation scripts, like `systemd-boot-builder.py`. While it is possible to recover this situation using `nix-env -p /nix/var/nix/profiles/system --delete-generations old`, this is far from ideal. This commit solves it by validating that the resolved NixOS configuration path includes at least `$out/nixos-version`. I am not sure if this is going to break some cases so there is a escape hatch in the form of the environment variable `NIXOS_REBUILD_I_UNDERSTAND_THE_CONSEQUENCES_PLEASE_BREAK_MY_SYSTEM`, but in general it looks safe. (cherry picked from commit 0dce56f)
3 tasks
13 tasks
thiagokokada
added a commit
to thiagokokada/nixpkgs
that referenced
this pull request
Jul 6, 2025
This code seems to be causing yet another issue related to Git submodules. Considering the amount of issues that this code is causing, I think it is better to remove it. Manual revert of NixOS#375493.
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…ild commands
Since we use builtins.getFlake we have behavior differences between normal nix build and the nix repl because builtins.getFlake won't pick up local flakes as git+file but assumes path:// flakes instead. This can have surprising effects such as beeing able to access untracked files that would lead to build failures otherwise or copying large files to the nix store.
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.