nox icon indicating copy to clipboard operation
nox copied to clipboard

Published 20 hours ago verified publisher icon madjar

Unable to use nox after NixOS 17.03 update 17.03.1316.412b0a17aa (Gorilla)

Open sjagoe opened this issue 7 years ago • 8 comments

With grsecurity testing patches no longer being public, nixpkgs has disabled support for grsec patches by making kernelPatches.grsecurity_testing throw:

  grsecurity_testing = throw ''
    Upstream has ceased free support for grsecurity/PaX.

    See https://grsecurity.net/passing_the_baton.php
    and https://grsecurity.net/passing_the_baton_faq.php
    for more information.
  '';

It seems that this has caused nox to abort evaluation, and is now unable to install any packages.

Note: I am not using the grsec patches.

sjagoe@simon-x1:~$ nox some-package
Refreshing cache
error: while evaluating ‘versionAtLeast’ at /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/lib/strings.nix:363:24, called from /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/pkgs/os-specific/linux/evdi/default.nix:30:15:
while evaluating ‘versionOlder’ at /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/lib/strings.nix:351:22, called from /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/lib/strings.nix:363:29:
while evaluating the attribute ‘grsecurity_testing’ at /nix/store/y51qw7abc5gr8w4iwbrflx7djqv2n5zx-nixos-17.03.1316.412b0a17aa/nixos/pkgs/os-specific/linux/kernel/patches.nix:102:3:
Upstream has ceased free support for grsecurity/PaX.

See https://grsecurity.net/passing_the_baton.php
and https://grsecurity.net/passing_the_baton_faq.php
for more information.

Error: An error occured while running nix (displayed above). Maybe the nixpkgs eval is broken.
sjagoe@simon-x1:~$ nixos-version
17.03.1316.412b0a17aa (Gorilla)
sjagoe@simon-x1:~$ uname -a
Linux simon-x1 4.11.4 #1-NixOS SMP Wed Jun 7 10:10:31 UTC 2017 x86_64 GNU/Linux

sjagoe avatar Jun 17 '17 11:06 sjagoe

I get the following output from a local checkout:

$ nox some-package
Refreshing cache
error: while evaluating ‘versionAtLeast’ at /home/calvertvl/repos/nixpkgs/lib/strings.nix:363:24, called from /home/calvertvl/repos/nixpkgs/pkgs/os-specific/linux/evdi/default.nix:30:15:
while evaluating ‘versionOlder’ at /home/calvertvl/repos/nixpkgs/lib/strings.nix:351:22, called from /home/calvertvl/repos/nixpkgs/lib/strings.nix:363:29:
while evaluating the attribute ‘grsecurity_testing’ at /home/calvertvl/repos/nixpkgs/pkgs/os-specific/linux/kernel/patches.nix:82:3:
Upstream has ceased free support for grsecurity/PaX.

See https://grsecurity.net/passing_the_baton.php
and https://grsecurity.net/passing_the_baton_faq.php
for more information.

Error: An error occured while running nix (displayed above). Maybe the nixpkgs eval is broken.

Doing a git bisect on NixOS/nixpkgs@master, it looks like the breaking commit is NixOS/nixpkgs@b1f0af7ef67260724c914a823e87ea2b4516b7e9

From what I can tell, this breaks the command run to cache packages: nix-env -qa --json --show-trace, so this is technically not a bug in nox (especially as nix-env -qa works fine).

calvertvl avatar Jun 18 '17 01:06 calvertvl

It seems that while nix-env -qa --json does display the issue (process exits 1 and the error is printed to stderr), the full JSON content is still returned on stdout.

EDIT: As @praduca notes below, nix-env -qa --json succeeds without error when run as root and only fails when run as my regular user.

sjagoe avatar Jun 29 '17 10:06 sjagoe

on my system, nox doesn't work for the user environment, but for root it does... I have no idea why :) EDIT: The same when using nix-env: Woks for root, doesn't for normal user.

praduca avatar Jun 29 '17 13:06 praduca

my nox is still broken, anyone knows how to fix it? I have the same error message like the OP

nico202 avatar Oct 17 '17 11:10 nico202

I never put much effort into making it work. However, after updating to nixos 17.09, it mysteriously started working again. I guess grsecurity was removed entirely in 17.09, so it no longer throws.

sjagoe avatar Oct 17 '17 12:10 sjagoe

I'm on 18.03pre and still have it. Tried to solve deleting .nix-defexpr and now it does not work at all .-. (no results). Ops

nico202 avatar Oct 17 '17 12:10 nico202

When I have time, I might have a go at fixing this. I do think nox shouldn't fail if there is a throw in nixpkgs, and as I noted before, when I encountered this issue, while nix-env -qa --json would exit 1 (causing the nox failure), the full json output is still printed to stdout. So nox could handle this more elegantly with a warning while still allowing the user to install packages.

sjagoe avatar Oct 17 '17 12:10 sjagoe

@sjagoe ok deleting this folder and nix-channel, re-adding the channels, nix-channel --update, and nix-env -u solved it

nico202 avatar Oct 17 '17 12:10 nico202