lix-project/lix
23
74
Fork 48
Code Issues 496 Code Review (Gerrit) Projects 7 Releases Packages Wiki Activity

Darwin FODs have spurious mismatches on recent Lixes #904

New issue
Open
opened 2025-07-07 04:47:56 +00:00 by mio-19 · 21 comments
mio-19 commented 2025-07-07 04:47:56 +00:00
Copy link

Describe the bug

A specific package wrangler produced checksum mismatch only on lix not on upstream nix

Steps To Reproduce

  1. nix-shell -p wrangler

Expected behavior

same as nix

log


Done in 3m 11.9s using pnpm v9.15.9
installPhase completed in 3 minutes 14 seconds
Running phase: fixupPhase
error: hash mismatch in fixed-output derivation '/nix/store/jfz5yk8wr39z3fxa82s5xrfk8ih53hi7-wrangler-pnpm-deps.drv':
        likely URL: (unknown)
         specified: sha256-r3QswmqP6CNufnsFM0KeKojm/HjHogrfYO/TdL3SrmA=
            got:    sha256-/+MdmCSOzeA0HW924bH+27qj4KecIjAte3w8LlVythc=

nix --version output

nix (Lix, like Nix) 2.93.2
System type: aarch64-darwin
Additional system types:
Features: gc, signed-caches
System configuration file: /etc/nix/nix.conf
User configuration files: /Users/user/.config/nix/nix.conf:/Users/user/.nix-profile/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf
Store directory: /nix/store
State directory: /nix/var/nix
Data directory: /nix/store/cfns45lw4nm4b4yfrsy8mskw06wyy33b-lix-2.93.2/share

Additional context

originally reported at https://github.com/NixOS/nixpkgs/issues/423082

## Describe the bug A specific package wrangler produced checksum mismatch only on lix not on upstream nix ## Steps To Reproduce 1. nix-shell -p wrangler ## Expected behavior same as nix ## log ``` Done in 3m 11.9s using pnpm v9.15.9 installPhase completed in 3 minutes 14 seconds Running phase: fixupPhase error: hash mismatch in fixed-output derivation '/nix/store/jfz5yk8wr39z3fxa82s5xrfk8ih53hi7-wrangler-pnpm-deps.drv': likely URL: (unknown) specified: sha256-r3QswmqP6CNufnsFM0KeKojm/HjHogrfYO/TdL3SrmA= got: sha256-/+MdmCSOzeA0HW924bH+27qj4KecIjAte3w8LlVythc= ``` ## `nix --version` output nix (Lix, like Nix) 2.93.2 System type: aarch64-darwin Additional system types: Features: gc, signed-caches System configuration file: /etc/nix/nix.conf User configuration files: /Users/user/.config/nix/nix.conf:/Users/user/.nix-profile/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf Store directory: /nix/store State directory: /nix/var/nix Data directory: /nix/store/cfns45lw4nm4b4yfrsy8mskw06wyy33b-lix-2.93.2/share ## Additional context originally reported at https://github.com/NixOS/nixpkgs/issues/423082
pennae commented 2025-07-07 11:00:59 +00:00
Owner
Copy link

does not reproduce on linux, neither with 2.93 nor with current main. this must be a darwin-specific problem of some sort.

does not reproduce on linux, neither with 2.93 nor with current main. this must be a darwin-specific problem of some sort.
pennae commented 2025-07-07 11:26:32 +00:00
Owner
Copy link

also doesn't reproduce on linux with case hacking enabled. since we neither have access to darwin machines we can use to test this any further nor any spoons to actually do it somefew else will have to continue from here

also doesn't reproduce on linux with case hacking enabled. since we neither have access to darwin machines we can use to test this any further nor any spoons to actually do it somefew else will have to continue from here
jade commented 2025-07-07 19:28:15 +00:00
Owner
Copy link

I can repro this problem. However, because of #907 I can't actually debug it.

I can repro this problem. However, because of #907 I can't actually debug it.
pennae commented 2025-07-07 23:59:12 +00:00
Owner
Copy link

are the store paths different at all with the "incorrect" hash changed?

are the store paths different at all with the "incorrect" hash changed?
jade commented 2025-07-08 05:48:22 +00:00
Owner
Copy link

I guess I could hack the FOD so it succeeds with the other hash so I could diff it?

There's no eval difference. It's entirely build issues.

I guess I could hack the FOD so it succeeds with the other hash so I could diff it? There's no eval difference. It's entirely build issues.
pennae commented 2025-07-08 12:40:56 +00:00
Owner
Copy link

checked again because this bugged us. the difference is in file modes set by pnpm:

# linux
-r--r--r-- 2 root root 3592 Jan  1  1970 /nix/store/fm61042nhj9y91wdbmyiqhvrw76fcfns-wrangler-pnpm-deps/v3/files/de/60c0b09cd45a8c303b8db7ecca2ab66d990457553546365599f0257970d99dcdff3b2c1eeb9daddadc246bdf1d28cf9cedd6a1d466756cc11898be986ca897

# darwin
-r-xr-xr-x  1 root      nixbld  3592 Dec 31  1969 /nix/store/jsf3ris8hmspp2zm8440786ppx3v5w2m-wrangler-pnpm-deps/v3/files/de/60c0b09cd45a8c303b8db7ecca2ab66d990457553546365599f0257970d99dcdff3b2c1eeb9daddadc246bdf1d28cf9cedd6a1d466756cc11898be986ca897

this makes its way into the nars, which determine the hash:

--- broken.ls   2025-07-08 13:57:26.164110469 +0200
+++ good.ls     2025-07-08 13:58:07.435439499 +0200
@@ -29519,1013 +29519,1012 @@
                   "type": "regular"
                 },
                 "4ae1968bfb88ec5907e724ca9749b9ad3cfe40a98cfcc259023812b1ffcb2cc3609305676fc2709b1330dc8673a33bbe6a042521d76bd8e74727ac3660334d": {
-                  "executable": true,
-                  "narOffset": 342344624,
+                  "narOffset": 342344592,
                   "size": 289,
                   "type": "regular"
                 },

in cppnix 2.24 the files in $out don't have +x set, in lix they do. regardless of this we've had successful builds of the deps derivation on lix 2.91, so something really funky is going on. going to assume this a pure darwin problem though and not dig any further

checked again because this bugged us. the difference is in file modes set by pnpm: ``` # linux -r--r--r-- 2 root root 3592 Jan 1 1970 /nix/store/fm61042nhj9y91wdbmyiqhvrw76fcfns-wrangler-pnpm-deps/v3/files/de/60c0b09cd45a8c303b8db7ecca2ab66d990457553546365599f0257970d99dcdff3b2c1eeb9daddadc246bdf1d28cf9cedd6a1d466756cc11898be986ca897 # darwin -r-xr-xr-x 1 root nixbld 3592 Dec 31 1969 /nix/store/jsf3ris8hmspp2zm8440786ppx3v5w2m-wrangler-pnpm-deps/v3/files/de/60c0b09cd45a8c303b8db7ecca2ab66d990457553546365599f0257970d99dcdff3b2c1eeb9daddadc246bdf1d28cf9cedd6a1d466756cc11898be986ca897 ``` this makes its way into the nars, which determine the hash: ``` --- broken.ls 2025-07-08 13:57:26.164110469 +0200 +++ good.ls 2025-07-08 13:58:07.435439499 +0200 @@ -29519,1013 +29519,1012 @@ "type": "regular" }, "4ae1968bfb88ec5907e724ca9749b9ad3cfe40a98cfcc259023812b1ffcb2cc3609305676fc2709b1330dc8673a33bbe6a042521d76bd8e74727ac3660334d": { - "executable": true, - "narOffset": 342344624, + "narOffset": 342344592, "size": 289, "type": "regular" }, ``` in cppnix 2.24 the files in $out don't have +x set, in lix they do. regardless of this we've had successful builds of the deps derivation on lix 2.91, so something really funky is going on. going to assume this a pure darwin problem though and not dig any further
jade commented 2025-07-08 17:07:00 +00:00
Owner
Copy link

To be honest I'm willing to just say this is some kind of thing pnpm simply shouldn't be doing, but I don't understand how it's doing the thing it shouldn't, and it's almost certainly some ridiculous artifact of some minutiae that it should never be taking account of.

I'm not sure how we would diff the execution environment sufficiently to understand how pnpm arrived at producing the wrong result.

To be honest I'm willing to just say this is some kind of thing pnpm simply shouldn't be doing, but I don't understand how it's doing the thing it shouldn't, and it's almost certainly some ridiculous artifact of some minutiae that it should never be taking account of. I'm not sure how we would diff the execution environment sufficiently to understand how pnpm arrived at producing the wrong result.
raito commented 2025-07-08 17:40:46 +00:00
Owner
Copy link

if cppnix 2.24 is not having this problem and lix 2.91 is not having this problem, surely the blame lies in the darwin specific code possibly?

if cppnix 2.24 is not having this problem and lix 2.91 is not having this problem, surely the blame lies in the darwin specific code possibly?
jade commented 2025-07-08 20:08:06 +00:00
Owner
Copy link

This issue makes me want daemon managed automatic bisect tooling.

I'm going to file a ticket about that. #909

This issue makes me want daemon managed automatic bisect tooling. I'm going to file a ticket about that. https://git.lix.systems/lix-project/lix/issues/909
dibenzepin commented 2025-07-15 19:48:19 +00:00
Copy link

i don't think this is pnpm-exclusive, i noticed the mochi package is also bringing up a different hash on my M1 running Lix main:

$ nix --version
nix (Lix, like Nix) 2.94.0-dev-pre20250713-2090853
System type: aarch64-darwin
Additional system types: x86_64-darwin
Features: gc, signed-caches
System configuration file: /etc/nix/nix.conf
User configuration files: /Users/fum/.config/nix/nix.conf:/Users/fum/.nix-profile/etc/xdg/nix/nix.conf:/etc/profiles/per-user/fum/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf
Store directory: /nix/store
State directory: /nix/var/nix
Data directory: /nix/store/n2qadbzhlqi5j4mflvqpcr89l6z4xj7a-lix-2.94.0-dev-pre20250713-2090853/share

$ nix-build -E 'with import <nixpkgs> {}; fetchzip {url = "https://mochi.cards/releases/Mochi-1.18.11.dmg"; hash = ""; stripRoot = false; nativeBuildInputs = [ _7zz ]; }'
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
  /nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv
building '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv'...

trying https://mochi.cards/releases/Mochi-1.18.11.dmg
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  100M  100  100M    0     0   574k      0  0:02:59  0:02:59 --:--:--  374k
unpacking source archive /nix/var/nix/builds/nix-build-source.drv-0/Mochi-1.18.11.dmg

7-Zip (z) 24.09 (arm64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-11-29
 64-bit arm_v:8-A locale=en_US.UTF-8 Threads:8 OPEN_MAX:1048576, ASM

Scanning the drive for archives:
1 file, 105796388 bytes (101 MiB)

Extracting archive: /nix/var/nix/builds/nix-build-source.drv-0/Mochi-1.18.11.dmg

4.apfs
WARNINGS:
There are data after the end of archive

--
Path = /nix/var/nix/builds/nix-build-source.drv-0/Mochi-1.18.11.dmg
Type = Dmg
Physical Size = 105796388
Method = Copy Zero2 ZLIB CRC
Blocks = 271
Cluster Size = 1048576
Comment =
{
unpack-size: 341315072
ID: 759e3451cd4d4ec59cd048863dcfc796
master-checksum: CRC: 72622539
pack-checksum: CRC: 9B5435D0
pack-offset: 0
pack-length: 105772342
xml-offset: 105772342
xml-length: 23534
}
----
Path = 4.apfs
Size = 341276160
Packed Size = 105771933
Comment = disk image (Apple_APFS : 4)
Method = Copy Zero2 ZLIB CRC
Blocks = 264
Cluster Size = 1048576
Checksum = DC42A179
ID = 4
--
Path = 4.apfs
Type = APFS
WARNINGS:
There are data after the end of archive
Physical Size = 341274624
Tail Size = 1536
Name = Mochi 1.18.11.apfs
ID = 0b53922d08f146e4be476dc8167d8fff
Cluster Size = 4096
Created = 2025-04-29 06:17:18.878745958
Modified = 2025-04-29 06:17:29.441250541
Comment =
{
block_size: 4096
fs_index: 0
volume_name: Mochi 1.18.11
vol_uuid: 506e4b9947784cb49c2a914cceeae647
incompatible_features: CASE_INSENSITIVE
fs_alloc_count: 66412
num_files: 180
num_directories: 178
num_symlinks: 15
num_other_fsobjects: 0
Num_Attr_Streams: 316
num_snapshots: 0
total_blocks_alloced: 66355
total_blocks_freed: 0
unmounted: 2025-04-29 06:17:29.441251791
last_modified: 2025-04-29 06:17:29.436637916
formatted_by: newfs_apfs (2236.141.1)
  timestamp: 2025-04-29 06:17:18.878745958
  last_xid: 2
modified_by[0]: apfs_kext (2236.141.1)
  timestamp: 2025-04-29 06:17:29.441250541
  last_xid: 7
}

Everything is Ok

Archives with Warnings: 1

Warnings: 1
Folders: 178
Files: 180
Alternate Streams: 316
Alternate Streams Size: 636539
Size:       270564654
Compressed: 105796388
error: hash mismatch in fixed-output derivation '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv':
           likely URL: https://mochi.cards/releases/Mochi-1.18.11.dmg
            specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
                  got: sha256-eTdSCkc7SNJmgrzvxmiixnzlwmIeMyIB6W1O25DInzI=
        expected path: /nix/store/bqfq4db6nwycmkdrql9igsbrayqsw3g2-source
             got path: /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source

If i take out Lix (by removing lix-module):

$ nix --version
nix (Nix) 2.28.4

$ nix-build -E 'with import <nixpkgs> {}; fetchzip {url = "https://mochi.cards/releases/Mochi-1.18.11.dmg"; hash = ""; stripRoot = false; nativeBuildInputs = [ _7zz ]; }'
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
  /nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv
building '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv'...

trying https://mochi.cards/releases/Mochi-1.18.11.dmg
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  100M  100  100M    0     0   760k      0  0:02:15  0:02:15 --:--:-- 1039k
unpacking source archive /private/tmp/nix-build-source.drv-0/Mochi-1.18.11.dmg

7-Zip (z) 24.09 (arm64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-11-29
 64-bit arm_v:8-A locale=en_US.UTF-8 Threads:8 OPEN_MAX:1048576, ASM

Scanning the drive for archives:
1 file, 105796388 bytes (101 MiB)

Extracting archive: /private/tmp/nix-build-source.drv-0/Mochi-1.18.11.dmg

4.apfs
WARNINGS:
There are data after the end of archive

--
Path = /private/tmp/nix-build-source.drv-0/Mochi-1.18.11.dmg
Type = Dmg
Physical Size = 105796388
Method = Copy Zero2 ZLIB CRC
Blocks = 271
Cluster Size = 1048576
Comment =
{
unpack-size: 341315072
ID: 759e3451cd4d4ec59cd048863dcfc796
master-checksum: CRC: 72622539
pack-checksum: CRC: 9B5435D0
pack-offset: 0
pack-length: 105772342
xml-offset: 105772342
xml-length: 23534
}
----
Path = 4.apfs
Size = 341276160
Packed Size = 105771933
Comment = disk image (Apple_APFS : 4)
Method = Copy Zero2 ZLIB CRC
Blocks = 264
Cluster Size = 1048576
Checksum = DC42A179
ID = 4
--
Path = 4.apfs
Type = APFS
WARNINGS:
There are data after the end of archive
Physical Size = 341274624
Tail Size = 1536
Name = Mochi 1.18.11.apfs
ID = 0b53922d08f146e4be476dc8167d8fff
Cluster Size = 4096
Created = 2025-04-29 06:17:18.878745958
Modified = 2025-04-29 06:17:29.441250541
Comment =
{
block_size: 4096
fs_index: 0
volume_name: Mochi 1.18.11
vol_uuid: 506e4b9947784cb49c2a914cceeae647
incompatible_features: CASE_INSENSITIVE
fs_alloc_count: 66412
num_files: 180
num_directories: 178
num_symlinks: 15
num_other_fsobjects: 0
Num_Attr_Streams: 316
num_snapshots: 0
total_blocks_alloced: 66355
total_blocks_freed: 0
unmounted: 2025-04-29 06:17:29.441251791
last_modified: 2025-04-29 06:17:29.436637916
formatted_by: newfs_apfs (2236.141.1)
  timestamp: 2025-04-29 06:17:18.878745958
  last_xid: 2
modified_by[0]: apfs_kext (2236.141.1)
  timestamp: 2025-04-29 06:17:29.441250541
  last_xid: 7
}

Everything is Ok

Archives with Warnings: 1

Warnings: 1
Folders: 178
Files: 180
Alternate Streams: 316
Alternate Streams Size: 636539
Size:       270564654
Compressed: 105796388
error: hash mismatch in fixed-output derivation '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv':
         specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
            got:    sha256-5RM4eqHQoYfO5JiUH9ol+3XxOk4VX4ocE3Yia82sovI=

This results in others being able to nix run nixpkgs#mochi (well, not really, i need to make $out/bin/mochi point to $out/Applications/Mochi.app/Contents/MacOS/mochi...but if that was correct then they'd be able to run it), while i get a hash mismatch

i don't think this is pnpm-exclusive, i noticed the mochi package is also bringing up a different hash on my M1 running Lix main: ```nix $ nix --version nix (Lix, like Nix) 2.94.0-dev-pre20250713-2090853 System type: aarch64-darwin Additional system types: x86_64-darwin Features: gc, signed-caches System configuration file: /etc/nix/nix.conf User configuration files: /Users/fum/.config/nix/nix.conf:/Users/fum/.nix-profile/etc/xdg/nix/nix.conf:/etc/profiles/per-user/fum/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf Store directory: /nix/store State directory: /nix/var/nix Data directory: /nix/store/n2qadbzhlqi5j4mflvqpcr89l6z4xj7a-lix-2.94.0-dev-pre20250713-2090853/share $ nix-build -E 'with import <nixpkgs> {}; fetchzip {url = "https://mochi.cards/releases/Mochi-1.18.11.dmg"; hash = ""; stripRoot = false; nativeBuildInputs = [ _7zz ]; }' warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=' this derivation will be built: /nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv building '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv'... trying https://mochi.cards/releases/Mochi-1.18.11.dmg % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 100M 100 100M 0 0 574k 0 0:02:59 0:02:59 --:--:-- 374k unpacking source archive /nix/var/nix/builds/nix-build-source.drv-0/Mochi-1.18.11.dmg 7-Zip (z) 24.09 (arm64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-11-29 64-bit arm_v:8-A locale=en_US.UTF-8 Threads:8 OPEN_MAX:1048576, ASM Scanning the drive for archives: 1 file, 105796388 bytes (101 MiB) Extracting archive: /nix/var/nix/builds/nix-build-source.drv-0/Mochi-1.18.11.dmg 4.apfs WARNINGS: There are data after the end of archive -- Path = /nix/var/nix/builds/nix-build-source.drv-0/Mochi-1.18.11.dmg Type = Dmg Physical Size = 105796388 Method = Copy Zero2 ZLIB CRC Blocks = 271 Cluster Size = 1048576 Comment = { unpack-size: 341315072 ID: 759e3451cd4d4ec59cd048863dcfc796 master-checksum: CRC: 72622539 pack-checksum: CRC: 9B5435D0 pack-offset: 0 pack-length: 105772342 xml-offset: 105772342 xml-length: 23534 } ---- Path = 4.apfs Size = 341276160 Packed Size = 105771933 Comment = disk image (Apple_APFS : 4) Method = Copy Zero2 ZLIB CRC Blocks = 264 Cluster Size = 1048576 Checksum = DC42A179 ID = 4 -- Path = 4.apfs Type = APFS WARNINGS: There are data after the end of archive Physical Size = 341274624 Tail Size = 1536 Name = Mochi 1.18.11.apfs ID = 0b53922d08f146e4be476dc8167d8fff Cluster Size = 4096 Created = 2025-04-29 06:17:18.878745958 Modified = 2025-04-29 06:17:29.441250541 Comment = { block_size: 4096 fs_index: 0 volume_name: Mochi 1.18.11 vol_uuid: 506e4b9947784cb49c2a914cceeae647 incompatible_features: CASE_INSENSITIVE fs_alloc_count: 66412 num_files: 180 num_directories: 178 num_symlinks: 15 num_other_fsobjects: 0 Num_Attr_Streams: 316 num_snapshots: 0 total_blocks_alloced: 66355 total_blocks_freed: 0 unmounted: 2025-04-29 06:17:29.441251791 last_modified: 2025-04-29 06:17:29.436637916 formatted_by: newfs_apfs (2236.141.1) timestamp: 2025-04-29 06:17:18.878745958 last_xid: 2 modified_by[0]: apfs_kext (2236.141.1) timestamp: 2025-04-29 06:17:29.441250541 last_xid: 7 } Everything is Ok Archives with Warnings: 1 Warnings: 1 Folders: 178 Files: 180 Alternate Streams: 316 Alternate Streams Size: 636539 Size: 270564654 Compressed: 105796388 error: hash mismatch in fixed-output derivation '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv': likely URL: https://mochi.cards/releases/Mochi-1.18.11.dmg specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= got: sha256-eTdSCkc7SNJmgrzvxmiixnzlwmIeMyIB6W1O25DInzI= expected path: /nix/store/bqfq4db6nwycmkdrql9igsbrayqsw3g2-source got path: /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source ``` If i take out Lix (by removing `lix-module`): ```nix $ nix --version nix (Nix) 2.28.4 $ nix-build -E 'with import <nixpkgs> {}; fetchzip {url = "https://mochi.cards/releases/Mochi-1.18.11.dmg"; hash = ""; stripRoot = false; nativeBuildInputs = [ _7zz ]; }' warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=' this derivation will be built: /nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv building '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv'... trying https://mochi.cards/releases/Mochi-1.18.11.dmg % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 100M 100 100M 0 0 760k 0 0:02:15 0:02:15 --:--:-- 1039k unpacking source archive /private/tmp/nix-build-source.drv-0/Mochi-1.18.11.dmg 7-Zip (z) 24.09 (arm64) : Copyright (c) 1999-2024 Igor Pavlov : 2024-11-29 64-bit arm_v:8-A locale=en_US.UTF-8 Threads:8 OPEN_MAX:1048576, ASM Scanning the drive for archives: 1 file, 105796388 bytes (101 MiB) Extracting archive: /private/tmp/nix-build-source.drv-0/Mochi-1.18.11.dmg 4.apfs WARNINGS: There are data after the end of archive -- Path = /private/tmp/nix-build-source.drv-0/Mochi-1.18.11.dmg Type = Dmg Physical Size = 105796388 Method = Copy Zero2 ZLIB CRC Blocks = 271 Cluster Size = 1048576 Comment = { unpack-size: 341315072 ID: 759e3451cd4d4ec59cd048863dcfc796 master-checksum: CRC: 72622539 pack-checksum: CRC: 9B5435D0 pack-offset: 0 pack-length: 105772342 xml-offset: 105772342 xml-length: 23534 } ---- Path = 4.apfs Size = 341276160 Packed Size = 105771933 Comment = disk image (Apple_APFS : 4) Method = Copy Zero2 ZLIB CRC Blocks = 264 Cluster Size = 1048576 Checksum = DC42A179 ID = 4 -- Path = 4.apfs Type = APFS WARNINGS: There are data after the end of archive Physical Size = 341274624 Tail Size = 1536 Name = Mochi 1.18.11.apfs ID = 0b53922d08f146e4be476dc8167d8fff Cluster Size = 4096 Created = 2025-04-29 06:17:18.878745958 Modified = 2025-04-29 06:17:29.441250541 Comment = { block_size: 4096 fs_index: 0 volume_name: Mochi 1.18.11 vol_uuid: 506e4b9947784cb49c2a914cceeae647 incompatible_features: CASE_INSENSITIVE fs_alloc_count: 66412 num_files: 180 num_directories: 178 num_symlinks: 15 num_other_fsobjects: 0 Num_Attr_Streams: 316 num_snapshots: 0 total_blocks_alloced: 66355 total_blocks_freed: 0 unmounted: 2025-04-29 06:17:29.441251791 last_modified: 2025-04-29 06:17:29.436637916 formatted_by: newfs_apfs (2236.141.1) timestamp: 2025-04-29 06:17:18.878745958 last_xid: 2 modified_by[0]: apfs_kext (2236.141.1) timestamp: 2025-04-29 06:17:29.441250541 last_xid: 7 } Everything is Ok Archives with Warnings: 1 Warnings: 1 Folders: 178 Files: 180 Alternate Streams: 316 Alternate Streams Size: 636539 Size: 270564654 Compressed: 105796388 error: hash mismatch in fixed-output derivation '/nix/store/yv6h06xkch16cc7xqyqrni5ska99fs67-source.drv': specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= got: sha256-5RM4eqHQoYfO5JiUH9ol+3XxOk4VX4ocE3Yia82sovI= ``` This results in others being able to `nix run nixpkgs#mochi` (well, not really, i need to make `$out/bin/mochi` point to `$out/Applications/Mochi.app/Contents/MacOS/mochi`...but if that was correct then they'd be able to run it), while i get a hash mismatch
👍 1
dibenzepin commented 2025-07-16 00:52:23 +00:00
Copy link

going for a very crude "bisect" because i don't really know what else to do:

  • setting lix-module and lix to 2.93.0.tar.gz gives the correct hash
  • setting lix-module to main.tar.gz and lix to 2.93.0.tar.gz also is correct (this was just to make sure it wasn't lix-module broken and so i could focus on just only recompiling lix)
  • setting lix-module to 2.93.0.tar.gz and lix to main.tar.gz doesn't (sanity check for previous, so it's likely from lix)
  • lix at 2.93.1.tar.gz (from now on module is main) doesn't

at this point i got the git repo:

$ z lix
$ git bisect start
status: waiting for both good and bad commits
$ git bisect bad 2.93.1
status: waiting for good commit(s), bad commit known
$ git bisect good 2.93.0
Bisecting: 10 revisions left to test after this (roughly 4 steps)
[77daadb029e7a58fbc0f85147a009b45674afa18] libutil: writeFile variant for file descriptors
$ git bisect good 77daadb029e7a58fbc0f85147a009b45674afa18
Bisecting: 5 revisions left to test after this (roughly 3 steps)
[201be7976bb8d7cad5ad94c7164bd283e7a70922] libutil: add capability support to runProgram2
$ git bisect good 201be7976bb8d7cad5ad94c7164bd283e7a70922
Bisecting: 2 revisions left to test after this (roughly 2 steps)
[60d50ea31b789de887fb97d57ab6b39f6d191dbb] libstore/build: automatic clean up of unsuccessfully built scratch outputs
$ git bisect bad 60d50ea31b789de887fb97d57ab6b39f6d191dbb
Bisecting: 0 revisions left to test after this (roughly 1 step)
[4f0c59b30712430480f5043aa3d032c519060c56] libstore: don't default build-dir to temp-dir
$ git bisect bad 4f0c59b30712430480f5043aa3d032c519060c56
Bisecting: 0 revisions left to test after this (roughly 0 steps)
[46e2bb4ca670c62c856900ef43c000c83b160c92] libstore: use pasta for FODs if available
$ git bisect good 46e2bb4ca670c62c856900ef43c000c83b160c92
4f0c59b30712430480f5043aa3d032c519060c56 is the first bad commit
commit 4f0c59b30712430480f5043aa3d032c519060c56
Author: eldritch horrors <pennae@lix.systems>
Date:   Sun Mar 30 16:45:34 2025 +0200

    libstore: don't default build-dir to temp-dir

    if a build directory is accessible to other users it is possible to
    smuggle data in and out of build directories. usually this ins only
    a build purity problem, but in combination with other issues it can
    be used to break out of a build sandbox. to prevent this we default
    to using a subdirectory of nixStateDir (which is more restrictive).

    Change-Id: Iacfc9b50534de158618c815f9fb99d7dae1be4d0

 doc/manual/rl-next/build-dir-mandatory.md                | 12 ++++++++++++
 lix/libstore/build/local-derivation-goal.cc              |  4 +++-
 lix/libstore/settings/build-dir.md                       | 18 ++++++++++++++----
 misc/systemd/nix-daemon.conf.in                          |  3 ++-
 tests/functional/build-remote-trustless-should-fail-0.sh |  1 -
 tests/functional/build-remote-trustless.sh               |  1 -
 tests/functional/build-remote.sh                         |  1 -
 tests/functional/check.sh                                | 21 ---------------------
 tests/functional/supplementary-groups.sh                 |  1 -
 9 files changed, 31 insertions(+), 31 deletions(-)
 create mode 100644 doc/manual/rl-next/build-dir-mandatory.md

i'm not sure if this is 100% correct (it's 2am) but it kinda tracks with 2.93.0 working and 2.93.1 not?

as for why it happens, i'm not sure...the Nix Store APFS volume on macOS is separate from the regular data volume (and i assume the $TMPDIR on macOS is on the data one...perhaps there's some differences in how they work?)

going for a very crude "bisect" because i don't really know what else to do: - setting lix-module and lix to `2.93.0.tar.gz` gives the correct hash - setting lix-module to `main.tar.gz` and lix to `2.93.0.tar.gz` also is correct (this was just to make sure it wasn't lix-module broken and so i could focus on just only recompiling lix) - setting lix-module to `2.93.0.tar.gz` and lix to `main.tar.gz` doesn't (sanity check for previous, so it's likely from lix) - lix at `2.93.1.tar.gz` (from now on module is main) doesn't at this point i got the git repo: ```sh $ z lix $ git bisect start status: waiting for both good and bad commits $ git bisect bad 2.93.1 status: waiting for good commit(s), bad commit known $ git bisect good 2.93.0 Bisecting: 10 revisions left to test after this (roughly 4 steps) [77daadb029e7a58fbc0f85147a009b45674afa18] libutil: writeFile variant for file descriptors $ git bisect good 77daadb029e7a58fbc0f85147a009b45674afa18 Bisecting: 5 revisions left to test after this (roughly 3 steps) [201be7976bb8d7cad5ad94c7164bd283e7a70922] libutil: add capability support to runProgram2 $ git bisect good 201be7976bb8d7cad5ad94c7164bd283e7a70922 Bisecting: 2 revisions left to test after this (roughly 2 steps) [60d50ea31b789de887fb97d57ab6b39f6d191dbb] libstore/build: automatic clean up of unsuccessfully built scratch outputs $ git bisect bad 60d50ea31b789de887fb97d57ab6b39f6d191dbb Bisecting: 0 revisions left to test after this (roughly 1 step) [4f0c59b30712430480f5043aa3d032c519060c56] libstore: don't default build-dir to temp-dir $ git bisect bad 4f0c59b30712430480f5043aa3d032c519060c56 Bisecting: 0 revisions left to test after this (roughly 0 steps) [46e2bb4ca670c62c856900ef43c000c83b160c92] libstore: use pasta for FODs if available $ git bisect good 46e2bb4ca670c62c856900ef43c000c83b160c92 4f0c59b30712430480f5043aa3d032c519060c56 is the first bad commit commit 4f0c59b30712430480f5043aa3d032c519060c56 Author: eldritch horrors <pennae@lix.systems> Date: Sun Mar 30 16:45:34 2025 +0200 libstore: don't default build-dir to temp-dir if a build directory is accessible to other users it is possible to smuggle data in and out of build directories. usually this ins only a build purity problem, but in combination with other issues it can be used to break out of a build sandbox. to prevent this we default to using a subdirectory of nixStateDir (which is more restrictive). Change-Id: Iacfc9b50534de158618c815f9fb99d7dae1be4d0 doc/manual/rl-next/build-dir-mandatory.md | 12 ++++++++++++ lix/libstore/build/local-derivation-goal.cc | 4 +++- lix/libstore/settings/build-dir.md | 18 ++++++++++++++---- misc/systemd/nix-daemon.conf.in | 3 ++- tests/functional/build-remote-trustless-should-fail-0.sh | 1 - tests/functional/build-remote-trustless.sh | 1 - tests/functional/build-remote.sh | 1 - tests/functional/check.sh | 21 --------------------- tests/functional/supplementary-groups.sh | 1 - 9 files changed, 31 insertions(+), 31 deletions(-) create mode 100644 doc/manual/rl-next/build-dir-mandatory.md ``` i'm not sure if this is 100% correct (it's 2am) but it kinda tracks with 2.93.0 working and 2.93.1 not? as for why it happens, i'm not sure...the Nix Store APFS volume on macOS is separate from the regular data volume (and i assume the `$TMPDIR` on macOS is on the data one...perhaps there's some differences in how they work?)
raito commented 2025-07-16 00:55:07 +00:00
Owner
Copy link

In order to confirm this theory, can you try to change the build-dir manually back to $TMPDIR or /tmp and rebuild the offending derivation? If so, this is confirmed and this is… oh well.

In order to confirm this theory, can you try to change the build-dir manually back to `$TMPDIR` or `/tmp` and rebuild the offending derivation? If so, this is confirmed and this is… oh well.
jade commented 2025-07-16 01:18:05 +00:00
Owner
Copy link

Yeah, if temp dir location is the real problem then I think we can just say it's a package bug and move on. Thanks so much for diagnosing this by the way!

Yeah, if temp dir location is the real problem then I think we can just say it's a package bug and move on. Thanks so much for diagnosing this by the way!
dibenzepin commented 2025-07-16 11:20:25 +00:00
Copy link

okay so trying <bad> normally: wrong hash (sha256-eTdSCkc7SNJmgrzvxmiixnzlwmIeMyIB6W1O25DInzI=)

<bad> with build-dir set to /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/ (which i get by echoing $TMPDIR) gives a permissions error:

$ nix-build -E 'with import <nixpkgs> {}; fetchzip {url = "https://mochi.cards/releases/Mochi-1.18.11.dmg"; hash = ""; stripRoot = false; nativeBuildInputs = [ _7zz ]; }'
warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='
this derivation will be built:
  /nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv
building '/nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv'...
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
error: builder for '/nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv' failed with exit code 1;
       last 1 log lines:
       > shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
       For full logs, run 'nix log /nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv'.

(i had to then edit /etc/nix/nix.conf and sudo launchctl kickstart -k system/org.nixos.nix-daemon to get things working again)

i made a dir inside it manually:

$ mkdir /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix
$ stat /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix
16777230 38199432 drwxr-xr-x 2 fum staff 0 64 "Jul 16 11:45:39 2025" "Jul 16 11:45:39 2025" "Jul 16 11:45:39 2025" "Jul 16 11:45:39 2025" 4096 0 0 /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix

i set build-dir to that with <bad> and it still gives the permission error.

so chmod a+rwx /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix, try again...which gives the same bad hash (sha256-eTdSCkc7SNJmgrzvxmiixnzlwmIeMyIB6W1O25DInzI=)

<good> (the commit before <bad>) gives the right hash (sha256-5RM4eqHQoYfO5JiUH9ol+3XxOk4VX4ocE3Yia82sovI=)

<good> with build-dir on our 777 temp dir: permission error

so, i'm not sure what build-dir is actually being set to...the (old) docs say it uses $TMPDIR but i keep getting perms errors...

<bad> is 4f0c59b307
<good> is 46e2bb4ca6

okay so trying `<bad>` normally: wrong hash (`sha256-eTdSCkc7SNJmgrzvxmiixnzlwmIeMyIB6W1O25DInzI=`) `<bad>` with build-dir set to `/var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/` (which i get by echoing `$TMPDIR`) gives a permissions error: ```sh $ nix-build -E 'with import <nixpkgs> {}; fetchzip {url = "https://mochi.cards/releases/Mochi-1.18.11.dmg"; hash = ""; stripRoot = false; nativeBuildInputs = [ _7zz ]; }' warning: found empty hash, assuming 'sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=' this derivation will be built: /nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv building '/nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv'... shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied error: builder for '/nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv' failed with exit code 1; last 1 log lines: > shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied For full logs, run 'nix log /nix/store/h3xnr5l6j89vz2gqrq7fwlmk0n0vyxq9-source.drv'. ``` (i had to then edit `/etc/nix/nix.conf` and `sudo launchctl kickstart -k system/org.nixos.nix-daemon` to get things working again) i made a dir inside it manually: ```sh $ mkdir /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix $ stat /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix 16777230 38199432 drwxr-xr-x 2 fum staff 0 64 "Jul 16 11:45:39 2025" "Jul 16 11:45:39 2025" "Jul 16 11:45:39 2025" "Jul 16 11:45:39 2025" 4096 0 0 /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix ``` i set build-dir to that with `<bad>` and it still gives the permission error. so `chmod a+rwx /var/folders/tg/vj6fwkdn20zfwc2nbmc0t00w0000gn/T/nix`, try again...which gives the same bad hash (`sha256-eTdSCkc7SNJmgrzvxmiixnzlwmIeMyIB6W1O25DInzI=`) --- `<good>` (the commit before `<bad>`) gives the right hash (`sha256-5RM4eqHQoYfO5JiUH9ol+3XxOk4VX4ocE3Yia82sovI=`) `<good>` with build-dir on our 777 temp dir: permission error so, i'm not sure what `build-dir` is actually being set to...the (old) docs say it uses `$TMPDIR` but i keep getting perms errors... `<bad>` is 4f0c59b30712430480f5043aa3d032c519060c56 `<good>` is 46e2bb4ca670c62c856900ef43c000c83b160c92
dibenzepin commented 2025-07-16 12:03:31 +00:00
Copy link

sigh i might be doing something wrong, because as i was trying to diffoscope the hash in <good> changed...i'll go sleep and try again later, i guess take everything i've written with a grain of salt?

sigh i might be doing something wrong, because as i was trying to `diffoscope` the hash in `<good>` changed...i'll go sleep and try again later, i guess take everything i've written with a grain of salt?
raito commented 2025-07-16 22:09:56 +00:00
Owner
Copy link

@dibenzepin fwiw, you are using a per-user temporary directory on Darwin, you should probably just use /tmp for the tests, this was the previous default value.

@dibenzepin fwiw, you are using a per-user temporary directory on Darwin, you should probably just use `/tmp` for the tests, this was the previous default value.
raito changed title from checksum different to Darwin FODs have spurious mismatches on recent Lixes 2025-07-16 22:10:32 +00:00
raito commented 2025-07-17 00:00:12 +00:00
Owner
Copy link

w.r.t to pnpm fetchers:

https://github.com/NixOS/nixpkgs/pull/350063
https://github.com/NixOS/nixpkgs/pull/422975
https://github.com/NixOS/nixpkgs/pull/422975#pullrequestreview-3016025813

This seems to point to a non-Lix issue.

(thanks to @emilazy for the pointers.)

w.r.t to pnpm fetchers: https://github.com/NixOS/nixpkgs/pull/350063 https://github.com/NixOS/nixpkgs/pull/422975 https://github.com/NixOS/nixpkgs/pull/422975#pullrequestreview-3016025813 This seems to point to a non-Lix issue. (thanks to @emilazy for the pointers.)
dibenzepin commented 2025-07-17 15:57:06 +00:00
Copy link

ahh @raito, i thought it was $TMPDIR, my bad

do i open a new issue and continue there? (since the pnpm one is non-lix)

ahh @raito, i thought it was `$TMPDIR`, my bad do i open a new issue and continue there? (since the pnpm one is non-lix)
raito commented 2025-07-17 20:54:05 +00:00
Owner
Copy link

@dibenzepin wrote in #904 (comment):

ahh @raito, i thought it was $TMPDIR, my bad

do i open a new issue and continue there? (since the pnpm one is non-lix)

the .dmg is certainly the most fascinating one at the moment, so feel free to continue analyzing it here, while we deem the pnpm one probably out of scope for Lix.

@dibenzepin wrote in https://git.lix.systems/lix-project/lix/issues/904#issuecomment-13316: > ahh @raito, i thought it was `$TMPDIR`, my bad > > do i open a new issue and continue there? (since the pnpm one is non-lix) the .dmg is certainly the most fascinating one at the moment, so feel free to continue analyzing it here, while we deem the pnpm one probably out of scope for Lix.
dibenzepin commented 2025-07-19 11:28:00 +00:00
Copy link

okay so trying again today...using 4f0c59b307 with build-dir set to /tmp gives the correct hash of sha256-5RM4eqHQoYfO5JiUH9ol+3XxOk4VX4ocE3Yia82sovI=.

diffoscoping the output from good and bad (with build-dir left as default):

# first is good, second is bad
$ nix run nixpkgs\#diffoscope  /nix/store/30xqd8m1j5fkvgnlvh1cy1i8dikk2ad1-source /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source
--- /nix/store/30xqd8m1j5fkvgnlvh1cy1i8dikk2ad1-source
+++ /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source
│   --- /nix/store/30xqd8m1j5fkvgnlvh1cy1i8dikk2ad1-source/Applications
├── +++ /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source/Applications
│┄ symlink
│ @@ -1 +1 @@
│ -destination: /private/tmp/nix-build-source.drv-0/unpack/Applications
│ +destination: /nix/var/nix/builds/nix-build-source.drv-0/unpack/Applications
│ ├── stat {}
│ │ @@ -1,7 +1,7 @@
│ │
│ │ -  Size: 55         Blocks: 0          IO Block: 4096   symbolic link
│ │ +  Size: 62         Blocks: 0          IO Block: 4096   symbolic link
│ │  Device: 1,16       Access: (0755/lrwxr-xr-x)  Uid: (    0/    root)   Gid: (  350/  nixbld)
│ │
│ │  Modify: 1970-01-01 00:00:01.000000000 +0000

hm so 7z is encoding the symlink in the result instead of like, "properly" following(?) it?
(and because the runners on gh have build-dir set to /tmp too, it works fine for them as well?)

okay so trying again today...using https://git.lix.systems/lix-project/lix/commit/4f0c59b30712430480f5043aa3d032c519060c56 with `build-dir` set to `/tmp` gives the correct hash of `sha256-5RM4eqHQoYfO5JiUH9ol+3XxOk4VX4ocE3Yia82sovI=`. diffoscoping the output from good and bad (with `build-dir` left as default): ```sh # first is good, second is bad $ nix run nixpkgs\#diffoscope /nix/store/30xqd8m1j5fkvgnlvh1cy1i8dikk2ad1-source /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source --- /nix/store/30xqd8m1j5fkvgnlvh1cy1i8dikk2ad1-source +++ /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source │ --- /nix/store/30xqd8m1j5fkvgnlvh1cy1i8dikk2ad1-source/Applications ├── +++ /nix/store/dlqxlwmys6mllchsxwmp121pfwp33dj1-source/Applications │┄ symlink │ @@ -1 +1 @@ │ -destination: /private/tmp/nix-build-source.drv-0/unpack/Applications │ +destination: /nix/var/nix/builds/nix-build-source.drv-0/unpack/Applications │ ├── stat {} │ │ @@ -1,7 +1,7 @@ │ │ │ │ - Size: 55 Blocks: 0 IO Block: 4096 symbolic link │ │ + Size: 62 Blocks: 0 IO Block: 4096 symbolic link │ │ Device: 1,16 Access: (0755/lrwxr-xr-x) Uid: ( 0/ root) Gid: ( 350/ nixbld) │ │ │ │ Modify: 1970-01-01 00:00:01.000000000 +0000 ``` hm so 7z is encoding the symlink in the result instead of like, "properly" following(?) it? (and because the runners on gh have build-dir set to `/tmp` too, it works fine for them as well?)
raito commented 2025-07-19 11:32:35 +00:00
Owner
Copy link

Yep sounds like FOD instability again, the symlinks should be rewritten to be relative instead of absolute like this.

Yep sounds like FOD instability again, the symlinks should be rewritten to be relative instead of absolute like this.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
release-2.92
release-2.93
release-2.91
sb/raito/darwin-kqueue-disablement
sb/raito/hydra-merge
ci-config
sb/pennae/ci-config
sb/raito/phantom-referrers-gc
repl-overlay-example
reuse-compliance
release-2.90
sb/pennae/io-rewrite
git-series/activity-cleanup
sb/tom-hubrecht/primops.cc-v2
sb/bacchanalia/cache-strlen%topic=substr-perf
sb/qyriad/beta-1
sb/qyriad/2.90-beta.0
sb/rbt/test-branch
sb/rbt/justfile
sb/rbt/repl-overlays
sb/qyriad/maint-meson
sb/qyriad/maint/meson
sb/puck/meson-c-api
sb/jade/burn-it-all
dependabot/github_actions/zeebe-io/backport-action-2.4.1
dependabot/github_actions/cachix/install-nix-action-25
dependabot/github_actions/actions/labeler-5
dependabot/github_actions/cachix/cachix-action-14
2.92.3
2.93.2
2.91.3
2.92.2
2.91.2
2.93.1
2.93.0
2.92.0
2.91.1
2.91.0
2.90.0
2.90.0-rc1
2.90-beta.1
2.90-beta.0
Labels
Clear labels   
Affects/CppNix

Probably affects CppNix. This is a best-effort tag for troubles in old code; it exists to inform the CppNix team about problems they might care about also.

  
Affects/Nightly

Found in Lix nightly.

  
Affects/Only nightly

Tag for regressions in Lix nightly. We intend to fix all of these prior to releases.

  
Affects/Stable

Affects the stable release of Lix. Usually such issues affect nightly too but there is no guarantee.

  
Area/build-packaging

regarding the building or packaging of Lix itself

  
Area/cli

The command line interface of Lix

  
Area/evaluator

libexpr and anything else related to the evaluation of Nix expressions

  
Area/fetching

Fetching sources or other materials from the World Wide Web in Lix

  
Area/flakes

   
Area/language

language design, features, extensions, etc

  
Area/lix ci

Lix's own CI and deployment pipeline

  
Area/nix-eval-jobs

nix-eval-jobs for Lix

  
Area/profiles

profiles: nix-env, nix profile, and installer flavors all alike

  
Area/protocol

The protocol, used for communicating between the client and the daemon

  
Area/releng

Release engineering

  
Area/remote-builds

remote builds

  
Area/repl

nix repl

  
Area/repl/debugger

The --debugger that brings up a Lix repl

  
Area/store

libstore and anything else relating to the Nix store

  
bug

it's a bug

  
Context
contributors
This issue might require some context that isn't written down. It might be possible to handle as a person who already worked on this area.

  
Context
drive-by
This issue contains all the necessary information to do a drive-by contribution: that is, you don't have to talk with anyone at all to successfully solve it!

  
Context
maintainers
This issue requires a lot of know-how. Attention from maintainers is needed to proceed.

  
Context
RFD
This issue needs discussion from multiple maintainers and interested parties: it's a Request For Discussion.

  
crash 💥

Lix crashes (possibly bad error handling)

  
Cross Compilation

   
devx

development experience issues

  
docs

requires or is about documentation changes

  
Downstream Dependents

regarding an external tool's usage with Lix (e.g. nix-eval-jobs)

  
E/easy

bug is relatively simple and could simply be fixed with some minor effort

  
E/hard

this issue should probably be solved with close involvement of an expert

  
E/help wanted

maintainers may not get to this soon, but we want it fixed

  
E/reproducible

This bug is reproducible and obvious.

  
E/requires rearchitecture

this bug cannot be fixed properly without fixing a known architectural flaw

  
imported

Issue imported from upstream nix (please do not remove this label, it will cause dupes if import is rerun)

  
Language/Bash

   
Language/C++

   
Language/NixLang

   
Language/Python

   
Language/Rust

   
Needs Langver

We can't get to this until we implement language versioning

  
OS/Linux

Affects specifically Lix on Linux

  
OS/macOS

Affects specifically Lix on macOS

  
performance

make lix go faster

  
regression

This is a regression since some previous version of Lix

  
release-blocker

Blocks public release

  
stability

Fixing this makes the software more stable

  
Status
blocked
Blocked on something

  
Status
invalid
not our bug, duplicate, similar

  
Status
postponed
closed but should maybe look at later (generally with S-wontfix)

  
Status
wontfix
We chose not to change this (see issue comments for more detail).

  
testing

Tests that should be added

  
testing/flakey

Tests that are unreliable/flakey (not to be confused with flakes that test)

  
Topic/Large Scale Installations

Large scale installations of Lix, e.g. NixOS Hydra, Lix CI, big corporate installations etc.

  
ux

makes the user experience better :)

No labels
Affects/CppNix
Affects/Nightly
Affects/Only nightly
Affects/Stable
Area/build-packaging
Area/cli
Area/evaluator
Area/fetching
Area/flakes
Area/language
Area/lix ci
Area/nix-eval-jobs
Area/profiles
Area/protocol
Area/releng
Area/remote-builds
Area/repl
Area/repl/debugger
Area/store
bug
Context
contributors
Context
drive-by
Context
maintainers
Context
RFD
crash 💥
Cross Compilation
devx
docs
Downstream Dependents
E/easy
E/hard
E/help wanted
E/reproducible
E/requires rearchitecture
imported
Language/Bash
Language/C++
Language/NixLang
Language/Python
Language/Rust
Needs Langver
OS/Linux
OS/macOS
performance
regression
release-blocker
stability
Status
blocked
Status
invalid
Status
postponed
Status
wontfix
testing
testing/flakey
Topic/Large Scale Installations
ux
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
5 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: lix-project/lix#904
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?