`nixpkgs`: can not build a QEMU image inside `stdenv`

[igor-ramazanov]

To reproduce:

 nix build \
   --impure \
   --expr \
   "with import <nixpkgs> {};
    runCommandWith {
      name = ''hello-qemu'';
      runLocal = true;
      derivationArgs = { nativeBuildInputs = [ops]; NIX_DEBUG = 7;};
    } ''ops build ${hello}/bin/hello''"

Log:

...
++ ops build /bin/hello
version lookup failed, using local.
No local build found.
+ exitHandler
+ exitCode=1
+ set +e
+ '[' -n '' ']'
+ ((  1 != 0  ))
+ runHook failureHook
...

The reason is apparently because ops tries to access the network which is prohibited in the stdenv.

[eyberg]

there is indeed a version check that occurs when building to ensure you have the latest kernel, and if you are building a pkg it might try to auto-dl the pkg if not present - right now outside of nix it continues to build but logs a warning - we'd be ok accepting a pr to optionally disable this via a cli flag if desired although I'd say a lot of normal operations do presume a network connection (eg: deploying to cloud, uploading/downloading packages, etc.)

[francescolavra]

The 'version lookup failed, using local' message is just a warning due to missing network access, the real error here is 'No local build found', which is due to the fact that Ops cannot find the Nanos build files that it needs in order to create your unikernel image. More specifically, Ops needs to access the ~/.ops/latest.txt file and the ~/.ops/<NANOS_RELEASE> directory (where <NANOS_RELEASE> is the string read from ~/.ops/latest.txt, e.g. '0.1.53'). If there is a way to make the Nix package manager able to access the files and directories at the above paths when building your Nix package, Ops will work just fine even without network access.