nixos / docker Goto Github PK
View Code? Open in Web Editor NEWDEPRECATED! Dockerfiles to package Nix in a minimal docker container
Home Page: https://hub.docker.com/r/nixos/nix/
License: GNU Lesser General Public License v2.1
DEPRECATED! Dockerfiles to package Nix in a minimal docker container
Home Page: https://hub.docker.com/r/nixos/nix/
License: GNU Lesser General Public License v2.1
2.3.10 doesn't include git in the image, seem odd given the nix-build might assume it's ready to use.
$ docker run -i -t nixos/nix /bin/sh -c "du -sh /nix/store/*nixpkgs*"
4.0K /nix/store/735n9x9w78d97l8y77f71xch3g05iaak-nixpkgs-20.09pre224255.e23f5308583.drv
282.2M /nix/store/d0zmpyvyhjrq3h2zigjlvcq73x361jdi-nixpkgs-20.09pre224255.e23f5308583
I personally use the image to create the latest stable (20.03) environment, so I find it surprising that the base image already contains nixpkgs-unstable.
This makes the image around 4 times bigger than necessary (the image is around ~90 MB without the channel, adding the channel increases it to ~390 MB).
Is this the original intention?
The line
Line 7 in e88fd1a
/etc/hosts
file. That this file is missing in the first place seems to be a shortcoming of the alpine
base image itself.
The ubuntu
image contains this file, but with the hosts: files dns
line instead of the other way round, which is what I'd expect as default as well. In our case the different order led to some names being resolved to "wrong" IP addresses.
See also https://gitlab.com/gitlab-org/gitlab/-/issues/215471, where the external lookup via DNS with higher priority led to localhost
being resolved to something other than 127.0.0.1
.
I'd simply open a PR for this but would like to get some feedback first as I'm not 100% sure of the consequences to existing pipelines.
I am not able to install any jdk using nix-env inside the docker container, other packages works.
FROM nixos/nix
RUN nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
RUN nix-channel --update
RUN nix-env --install jdk8
I also posted a more detailed description here:
NixOS/nixpkgs#133786
Example, installing vim works, jdk8 does not work:
+ nix-env -i vim
installing 'vim-8.2.2567'
these paths will be fetched (7.61 MiB download, 35.88 MiB unpacked):
/nix/store/0dcf13hhk1kl9i0gcq7yjp8p9cp166n4-vim-8.2.2567
/nix/store/1838raw4b33pbry9m3c4mwrfigzbkf6r-gawk-5.1.0
copying path '/nix/store/1838raw4b33pbry9m3c4mwrfigzbkf6r-gawk-5.1.0' from 'https://cache.nixos.org'...
copying path '/nix/store/0dcf13hhk1kl9i0gcq7yjp8p9cp166n4-vim-8.2.2567' from 'https://cache.nixos.org'...
building '/nix/store/ra3vm69w7x99a3mzi0phpag8ib2877xd-user-environment.drv'...
created 430 symlinks in user environment
+ nix-env -i jdk8
error: selector 'jdk8' matches no derivations
FATAL: While performing build: while running engine: exit status 1
Newb to NixOS here - is there supposed to be a default configuration.nix
file somewhere ? If so, I can't find it.
I'm trying to run nix-shell
for a project that's setup for nix, and need to add configurations for binaryCaches
and binaryCachePublicKeys
, like so:
nix = {
binaryCaches = [ "..." "..." ];
binaryCachePublicKeys = [ "..." "...." ];
};
Any pointes to where I should add this ? Using this Docker image, I can't seem to find the recommended configuration.nix
file. Should I add it to the project's shell.nix
file ? Appreciate any and all help 🙏
See NixOS/nix#2636
Hi, It seems there is a problem with the SSL config of the new image:
error: unable to download 'https://github.com/NixOS/nixpkgs/archive/0e0df31.tar.gz': Problem with the SSL CA cert (path? access rights?) (77)
(see this gitlab-ci pipeline: https://gitlab.com/juliendehos/nixpkgs-tests/-/jobs/587075339)
I noticed that nixos/nix:2.5.0 was added a day ago (15th December) and it seems there are some breaking changes (i.e /bin/sh is missing). Reading the Dockerfile
in this repository, it appears that it doesn't correspond to the one built and uploaded to Docker Hub.
Hi!
I get the error in the title when using nix-build
, but I'm already root and the file belongs to me.
Any ideas?
Hi, I'm using this nix docker to build other dockers in gitlab CI, but it's failing to run the servant test suite because of errors like the following:
(ConnectionFailure Network.Socket.getAddrInfo (called with preferred socket type/protocol:
AddrInfo {addrFlags = [AI_ADDRCONFIG], addrFamily = AF_UNSPEC, addrSocketType = Stream,
addrProtocol = 0, addrAddress = <assumed to be undefined>, addrCanonName = <assumed to be undefined>},
host name: Just "localhost", service name: Just "34263"): does not exist (Name or service not known)))
Here is the full log: https://gitlab.com/zenhaskell/infra-dockers/-/jobs/173325822
/etc/hosts looks fine to me but here it is in full
$ cat /etc/hostname
runner-ed2dce3a-project-7321855-concurrent-0
$ cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 docker 41ed789b04a5 runner-ed2dce3a-project-7321855-concurrent-0-docker-0
172.17.0.4 runner-ed2dce3a-project-7321855-concurrent-0
With the latest update to Nix 2.5, Nix channel updates fail.
See the following case:
leon@artiq-mblab:~$ docker run -i -t nixos/nix:latest
bash-4.4# nix-channel --list
nixpkgs https://nixos.org/channels/nixpkgs-unstable
bash-4.4# nix-channel --update
unexpected error in download thread: error: unsharing filesystem state in download thread: Operation not permitted
error: download of 'https://nixos.org/channels/nixpkgs-unstable' was interrupted
This problem does not occur when using the older Nix 2.3.x image using docker run -i -t nixos/nix:2.3.12
Am I overseeing something with the change to Nix 2.5, or is this an actual bug? @garbas
There's no 21.11 image yet.
In the latest update of hub.docker.com/r/nixos/nix (Updated 13 hours ago
as of 2021-12-15 12:29:01 UTC
) the Nix version changed from 2.3.x
to 2.5
. This is a breaking change for some deployments.
docker pull nixos/nix
docker run nixos/nix nix --version
# nix (Nix) 2.5.0
There doesn't seem to be a corresponding commit in this repo, so what has caused this change?
It looks like only amd64 flavor of images is available on Docker hub. It would be nice to have an arm64 equivalent as well.
I understand Alpine is a great base image due to its size, but could you provide a glibc variant?
There are a lot of native applications that rely on glibc and don't work on musl that could benefit from it. I can say for example the rust compiler, that has as lot of limitations when running on alpine.
Good day everyone,
I use the nixos/nix
image in my ci pipeline and am currently trying to build a derivation which was created by node2nix. The derivation works fine on my machine and any other I could try, but stops working when used inside the nixos/nix
docker image. The derivation "succeeds" and creates an output both locally and inside the docker, but all of my unittests are failing in the docker container as all binary dependencies are missing from the environment.
After a long session of trial and error, I created a graph of the dependencies of the derivation both locally and in the docker, using nix-store -q --graph ... | dot
.
A comparison of these graphs can be found below. The graph generated inside docker is missing most of the dependencies:
Graph created inside the docker image:
Things I have tried to locate the source of the problem:
nix-build
. The derivation works.nix-build
. The derivation works.nix-build -vvvvv
on my machine and in the docker, and git diff
ed the ouput. They are equal (except for the paths of the mountpoint and runner ids).printenv
in the build step and, again, git diff
ed the output. Same results as above.2.3.7
(the same version I use locally). Same results.I have created a small repository containing the necessary code to reproduce my problem. This repository is missing my failing unit-tests, but the store graph is reproducible this way.
I have to admit that I am totally at loss here, as this behaviour goes against my understanding of how nix works. If I have made any noobie mistakes, please feel free to point them out.
Best regards:
Sebastian
the latest nix version is 2.3.15. it was also updated in df2cbd1 but is not available at https://hub.docker.com/r/nixos/nix/tags?page=1&ordering=last_updated
I'm trying to build an application that uses the nix-env
during the buildPhase
. The build process is being executed from the user nixbld1
who does not have permission to write to the directory /nix/var/nix/profiles/
, thus every call to thenix-env
during the buildPhase
returns the following error:
error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted
The default container ships busybox shell instead of bash, which is quite annoying. Since bash is already installed in the closure, it would be no change in size to use it.
For reproducibility I'm using tagged versions of the nixos/nix image in my CI setup. The latest tagged version that's available on Docker Hub is 2.3.6. Since the Dockerfile has already been updated to 2.3.10, could you please push a tagged version of that to Docker Hub?
Hi,
I would like to use nix-emacs-ci but my CI environment only has arm/v7 slaves. Would you mind adding support for arm/v7 builds?
Hi, I use the nixos/nix docker image in a gitlab-ci pipeline but the latest image does not work anymore.
$ nix-build
/bin/sh: eval: line 59: nix-build: not found
ERROR: Job failed: exit code 127
image: nixos/nix
build:
script:
- nix-build
only:
- master
Any idea ?
Hello,
The nix image seems a bit broken, any idea?
~$ docker run -it --rm nixos/nix
29aa83922fc7:/# nix verify
error: opening file '/default.nix': No such file or directory
This also happens with a Dockerfile that does FROM nixos/nix
.
nix verify
is just one of other commands that fails using the same pattern (e.g nix copy
)
The recent nixos/nix:2.3.4 removed the postgres
user that was present on nixos/nix:2.3.
Is that intentional?
I am not too familiar with Docker but from what I understand, the nixos/nix:2.3 dockerfile does not contain any reference to postgres
. So I imagine that it has to do with the base image alpine. Is that right?
I'm using this image for executing Docker-based CI flows [in my particular case using Drone Cloud, but I think this applies to all Docker-based CIs]. I have my nixpkgs pinned for the project in the following way:
let
nixpkgs = builtins.fetchGit {
name = "...";
url = "https://github.com/nixos/nixpkgs-channels/";
ref = "refs/heads/nixos-unstable";
rev = "...";
};
However when I try to execute any command via nix-shell --run ...
it fails due to missing git. I've clumsily added git on top of this image as a hotfix. Not happy about this solution and I'd much rather just use the official images and not maintain my "fork".
Would it be sensible to accommodate this use case in the official images? From what I see you're big on the image size [pun intended], but I think that making nix interoperable with existing tooling is important for adoption. I'd happily provide a PR.
I haven't tried the fetchTarball
method, it's less preferable as it requires getting the hash on every version change, will have a swing at it if extending the image is a no-go.
Hello,
An image with a 2.5.0 tag has been published to Docker Hub 8 hours ago but the sources does not seem to be present in this repository.
Is the image generated from another repository?
cc @garbas since it looks like the new images has been pushed with your account on the Docker Hub.
I am experiencing this error on circleci:
#!/bin/sh -eo pipefail
nix-channel --add https://nixos.org/channels/nixpkgs-unstable
nix-channel --update
Fatal error: glibc detected an invalid stdio handle
Aborted (core dumped)
Exited with code 134
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.