Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nix flake check fails on Ghaf mainline #296

Closed
juliuskoskela opened this issue Oct 2, 2023 · 5 comments
Closed

Nix flake check fails on Ghaf mainline #296

juliuskoskela opened this issue Oct 2, 2023 · 5 comments

Comments

@juliuskoskela
Copy link
Contributor

juliuskoskela commented Oct 2, 2023
edited
Loading

When checking the ghaf flake with nix flake check --all-systems I get the following:

ghaf git:(main) nix flake check --all-systems
error:
       … while checking flake output 'hydraJobs'

         at «none»:0: (source not available)

       … while checking the Hydra jobset 'hydraJobs'

         at «none»:0: (source not available)

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: cannot build '/nix/store/qlzv68cp8ks2plr60wqwzhrg5bwvl8gs-waypipe-ssh.dr
v' during evaluation because the option 'allow-import-from-derivation' is disabled

Background: In Nix, the act of "importing from a derivation" allows for the dynamic generation of Nix expressions during the build process. By default, the allow-import-from-derivation option is disabled because IFD can have potential complications when used with Hydra, Nix's CI server.

Maybe we could also add the flake check into Github Actions CI maybe as part of #293
@henrirosten
Copy link
Collaborator

#293 is merged already, but I agree we should start introducing checks such as this to GitHub actions.

@henrirosten
Copy link
Collaborator

Currently (ghaf HEAD at b0bfc8f), nix flake check can not be added as pre-merge check because nix flake check for the ghaf flake fails as described by @juliuskoskela above.

One can ignore the IFD error with the option --allow-import-from-derivation, but then other problems emerge:

$ nix flake check --accept-flake-config --allow-import-from-derivation
error:
       … while checking flake output 'packages'

         at «none»:0: (source not available)

       … while checking the derivation 'packages.x86_64-linux.nvidia-jetson-orin-agx-release-flash-script'

         at «none»:0: (source not available)

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: a 'aarch64-linux' with features {} is required to build '/nix/store/ln2b7352yi371ghgcadgq9sw7qsl2bwn-boot.json.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, kvm, nixos-test, uid-range}

The above issue was supposed to be fixed with NixOS/nix#7759. However, the issue still remains valid for IFD flakes: NixOS/nix#4265.

For now, this issue is blocking the usage of nix flake check as a pre-merge check for PRs.

One possible solution would be to get rid of the IFD in ghaf flake. At least one source of IFD is the packaging of ssh keys in waypipe-ssh, but there might be others too.

@mikatammi
Copy link
Contributor

I'm wondering could it be possible to improve by getting rid of all IFDs and implementing stuff in a different way?

@brianmcgillion
Copy link
Collaborator

brianmcgillion commented Nov 28, 2023
edited
Loading

Technically, it can be run with nix flake check --allow-import-from-derivation. I would close this issue and track the progress of erasing IFD specifically in the issue #372

@mikatammi
Copy link
Contributor

nix flake check now works, even without --allow-import-from-derivation !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mikatammi @brianmcgillion @henrirosten @juliuskoskela