nix icon indicating copy to clipboard operation
nix copied to clipboard

Published 20 hours ago verified publisher icon NixOS

Cannot delete a store path when sudo-ing nix-store --delete $storePath

Open picnoir opened this issue 2 years ago • 0 comments

Describe the bug

It is currently impossible to use nix-store --delete $storePath when running nix through sudo.

@thufschmitt investigated a bit the issue and realized sudo adds the sudo cmd in a SUDO_COMMAND env variable. See https://manpage.me/index.cgi?apropos=0&q=sudo&sektion=0&manpath=Debian+8.1.0&arch=default&format=html#ENVIRONMENT

Nix is looking at the live processes env variables and creates GC roots for the store paths it'll find. See https://github.com/NixOS/nix/blob/master/src/libstore/gc.cc#L392. It'll find the store path we're trying to delete in the SUDO_COMMAND env variable and will create a temporary GC-Root for it, preventing us to delete the store path.

Steps To Reproduce

~ » hello=$(nix-build -E '(import <nixpkgs> {}).hello' --no-out-link)

~ » sudo nix-store --delete $hello
finding garbage collector roots...
0 store paths deleted, 0.00 MiB freed
error: Cannot delete path '/nix/store/y4mxrg8c6l09lb2szl69vwl4f6441i5k-hello-2.12.1' since it is still alive. To find out why, use: nix-store --query --roots

~ » sudo nix-store --query --roots $hello                                     
/proc/10017/environ -> /nix/store/y4mxrg8c6l09lb2szl69vwl4f6441i5k-hello-2.12.1
/proc/10034/environ -> /nix/store/y4mxrg8c6l09lb2szl69vwl4f6441i5k-hello-2.12.1

~ » sudo nix-store --query --roots $hello                                     
/proc/9985/environ -> /nix/store/y4mxrg8c6l09lb2szl69vwl4f6441i5k-hello-2.12.1
/proc/10002/environ -> /nix/store/y4mxrg8c6l09lb2szl69vwl4f6441i5k-hello-2.12.1

# Looks like nix is creating some temp gc roots each times it's called
# as root, making effectively impossible to GC a path.

# No issue when run as a user
~ » nix-store --delete $hello
finding garbage collector roots...
deleting '/nix/store/y4mxrg8c6l09lb2szl69vwl4f6441i5k-hello-2.12.1'
deleting unused links...
note: currently hard linking saves 5662.99 MiB
1 store paths deleted, 0.19 MiB freed

Expected behavior

sudo nix-store --delete $hello should delete the store path as expected

nix-env --version output

~ » nix-store --version
(Nix) 2.11.0

picnoir avatar Sep 16 '22 09:09 picnoir