Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nixos/stub-ld: init module #269551

Merged
merged 3 commits into from
Dec 13, 2023
Merged

nixos/stub-ld: init module #269551

merged 3 commits into from
Dec 13, 2023

Conversation

tejing1
Copy link
Contributor

@tejing1 tejing1 commented Nov 24, 2023

Description of changes

Adds a new nixos option, enabled by default, which installs a stub ELF loader in the default FHS location. This stub simply prints out an informative error message when invoked, giving new users better feedback when they attempt to use binaries not compiled for nixos.

Closes #208187.

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 23.11 Release Notes (or backporting 23.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Priorities

Add a 👍 reaction to pull requests you find important.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Nov 24, 2023
@tejing1
Copy link
Contributor Author

tejing1 commented Nov 24, 2023

Should the message be shorter, with a link to a more in-depth discussion online, perhaps in the nixos manual?

Should I mention nix-autobahn and/or nix-alien?

@mkg20001
Copy link
Member

Should I mention nix-autobahn and/or nix-alien?

Not sure, are these common tools one would use? (As in: Is the tool known and used by many or is it just "one of many tools available")

One sentence saying something about these tools being available might be good.

Should the message be shorter, with a link to a more in-depth discussion online, perhaps in the nixos manual?

I would move parts about packaging to the manual and just link to a new section in the manual. And from that section link to the relevant parts of packaging. Since packaging is usually more complicated then "just run this".

2. Write a nix expression for the program to package it
         yourself. Read more in the manual <link>

nixos/modules/config/stub-ld.nix Outdated Show resolved Hide resolved
nixos/modules/config/stub-ld.nix Outdated Show resolved Hide resolved
nixos/modules/config/stub-ld.nix Outdated Show resolved Hide resolved
nixos/modules/config/stub-ld.nix Outdated Show resolved Hide resolved
@h7x4 h7x4 added the 8.has: module (new) This PR adds a module in `nixos/` label Nov 24, 2023
@github-actions github-actions bot added the 6.topic: lib The Nixpkgs function library label Nov 25, 2023
@tejing1
Copy link
Contributor Author

tejing1 commented Nov 25, 2023

Hmm, should I add a new section to the nixpkgs manual? Or perhaps just link to https://nix.dev/tutorials/packaging-existing-software?

@tejing1
Copy link
Contributor Author

tejing1 commented Nov 25, 2023

I honestly don't feel like the manuals are quite the right place for this to exist. It's more introductory content than reference content. It needs to be somewhere, though. Right now, afaik, there just isn't a resource which clearly lays out the options one has when trying to run software on nixos that isn't in nixpkgs.

@NixOS/documentation-team may want to weigh in here.

Where should this live?

@infinisil infinisil added the significant Novel ideas, large API changes, notable refactorings, issues with RFC potential, etc. label Nov 25, 2023
@tejing1
Copy link
Contributor Author

tejing1 commented Nov 25, 2023

@Mic92 As the maintainer of nix-ld, any comments on adding libDir to the platform attrset, how this interacts with nix-ld, or how this is implemented, generally? Should I change the nix-ld module(EDIT: package) to use libDir in this PR as well?

Copy link
Contributor

@fricklerhandwerk fricklerhandwerk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is indeed a good topic for a guide on nix.dev. Probably doesn't need to be much more than that if there is reference documentation one can link to.

It's not really NixOS specific, and only needs a note on NixOS with links to the relevant options.

nixos/modules/config/stub-ld.nix Outdated Show resolved Hide resolved
nixos/modules/config/stub-ld.nix Outdated Show resolved Hide resolved
@Mic92
Copy link
Member

Mic92 commented Nov 25, 2023

@tejing1 we already have a chapter about fhs in the works here: #264433 hopefully merged soon.

@tejing1 tejing1 force-pushed the nixos-stub-ld branch 3 times, most recently from 5ccd10c to f4505b8 Compare November 25, 2023 11:09
brianmcgee added a commit to nix-community/ethereum.nix that referenced this pull request Jan 29, 2024
Create the default overlay manually as NixOS/nixpkgs#269551 seems to have caused some issues with easyOverlay where it's trying to touch an i686 package when that system is not in the listed systems.
brianmcgee added a commit to nix-community/ethereum.nix that referenced this pull request Jan 29, 2024
Create the default overlay manually as NixOS/nixpkgs#269551 seems to have caused some issues with easyOverlay where it's trying to touch an i686 package when that system is not in the listed systems.
@yu-re-ka
Copy link
Contributor

yu-re-ka commented Feb 4, 2024

I must unfortunately say that the assumption that there exists a working 32bit variant of the package set for 64-bit x86 systems is inaccurate.
There should be an option to disable the 32-bit ldso even when running on x86-64 systems.

@tejing1
Copy link
Contributor Author

tejing1 commented Feb 4, 2024

There should be an option to disable the 32-bit ldso even when running on x86-64 systems.

There is. environment.ldso32 = null;

@yu-re-ka
Copy link
Contributor

yu-re-ka commented Feb 5, 2024

There is. environment.ldso32 = null;

That still evaluates pkgsi686Linux via libDir32 in the tmpfiles rules.

@tejing1
Copy link
Contributor Author

tejing1 commented Feb 5, 2024

Ugh. I'm not sure it's feasible to make that option such that the module cleans up after itself when the option is changed.

How about this:

  • Add a pair of options to control the path of ld.so used, which default to /${libDir}/${ldsoBasename} we're currently using.
  • Make those options nullable, and if they are null, produce no tmpfiles rule at all.
  • Make those options hidden, as they should be very rarely used and have the annoying caveat that altering them leaves mess behind, which we can also note in the description.

@tejing1
Copy link
Contributor Author

tejing1 commented Feb 5, 2024

Oh! Here's another idea: switch the module to using systemd.tmpfiles.settings, so you can use lib.mkForce to remove the rules, if desired.

@yu-re-ka
Copy link
Contributor

yu-re-ka commented Feb 5, 2024

Or, generalize the isx86 check into some kind of tryEval magic to figure out if the 32-bit platform is actually supported?

for reference:

$ nix repl --system aarch64-linux
nix-repl> pkgsi686Linux
error:
       … while evaluating the attribute 'pkgsi686Linux'

         at /home/yuka/proj/nixpkgs/pkgs/top-level/stage.nix:222:5:

          221|     # Used by wine, firefox with debugging version of Flash, ...
          222|     pkgsi686Linux = if stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86 then nixpkgsFun {
             |     ^
          223|       overlays = [ (self': super': {

       … while calling the 'throw' builtin

         at /home/yuka/proj/nixpkgs/pkgs/top-level/stage.nix:232:12:

          231|       };
          232|     } else throw "i686 Linux package set can only be used with the x86 family.";
             |            ^
          233|

       error: i686 Linux package set can only be used with the x86 family.

nix-repl> 
$ nix repl --system x86_64-linux
nix-repl> pkgsMusl.pkgsi686Linux 
error:
       … while evaluating the attribute 'pkgsi686Linux'

         at /home/yuka/proj/nixpkgs/pkgs/top-level/stage.nix:222:5:

          221|     # Used by wine, firefox with debugging version of Flash, ...
          222|     pkgsi686Linux = if stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86 then nixpkgsFun {
             |     ^
          223|       overlays = [ (self': super': {

       … while evaluating a branch condition

         at /home/yuka/proj/nixpkgs/pkgs/stdenv/booter.nix:99:7:

           98|     thisStage =
           99|       if args.__raw or false
             |       ^
          100|       then args'

       (stack trace truncated; use '--show-trace' to show the full trace)

       error: unsupported platform for the pure Linux stdenv

nix-repl> 

@zimbatm zimbatm mentioned this pull request Feb 8, 2024
13 tasks
@zimbatm
Copy link
Member

zimbatm commented Feb 8, 2024

It feels like the design is still being fleshed out.

Given how core the change is, that it's blocking many users, and that it has been two months, we should consider reverting. Not permanently, but that way, you have time to figure this out while also not blocking other users.

zimbatm added a commit to zimbatm/nixpkgs that referenced this pull request Feb 13, 2024
Remove the `environment.ldso32` option until it can be better thought
out.

The option creates a new instance of nixpkgs and doesn't work on all
architectures.

Fixes:

    error: i686 Linux package set can only be used with the x86 family.
zimbatm added a commit to nix-community/srvos that referenced this pull request Feb 13, 2024
This feature was introduced in
NixOS/nixpkgs#269551 and is mostly useful for
servers.

Saves around 80MiB of evaluation on x86_64 due to the extra i686 nixpkgs
instance.
zimbatm added a commit to zimbatm/nixpkgs that referenced this pull request Feb 13, 2024
Follow-up to NixOS#269551

Avoid creating a new instance of nixpkgs to access two variables.
`pkgs.pkgsi686Linux` was being accessed whenever the feature is being
used or not.

A second instance of nixpkgs is being created in
`nixos/modules/config/stub-ld.nix` and can be disabled by setting
`environment.ldso32 = null` or `environment.stub-ld.enable = false`.

Both combined fixes this error:

    error: attribute 'i686-linux' missing
zimbatm added a commit to nix-community/srvos that referenced this pull request Feb 13, 2024
This feature was introduced in
NixOS/nixpkgs#269551 and is mostly useful for
servers.

Saves around 80MiB of evaluation on x86_64 due to the extra i686 nixpkgs
instance.
zimbatm added a commit to nix-community/srvos that referenced this pull request Feb 14, 2024
This feature was introduced in
NixOS/nixpkgs#269551 and is mostly useful for
servers.

Saves around 80MiB of evaluation on x86_64 due to the extra i686 nixpkgs
instance.
zimbatm added a commit that referenced this pull request Feb 15, 2024
Follow-up to #269551

Avoid creating a new instance of nixpkgs to access two variables.
`pkgs.pkgsi686Linux` was being accessed whenever the feature is being
used or not.

A second instance of nixpkgs is being created in
`nixos/modules/config/stub-ld.nix` and can be disabled by setting
`environment.ldso32 = null` or `environment.stub-ld.enable = false`.

Both combined fixes this error:

    error: attribute 'i686-linux' missing
zimbatm added a commit to nix-community/srvos that referenced this pull request Feb 15, 2024
This feature was introduced in
NixOS/nixpkgs#269551 and is mostly useful for
servers.

Saves around 80MiB of evaluation on x86_64 due to the extra i686 nixpkgs
instance.
tm-drtina pushed a commit to awakesecurity/nixpkgs that referenced this pull request Oct 30, 2024
Follow-up to NixOS#269551

Avoid creating a new instance of nixpkgs to access two variables.
`pkgs.pkgsi686Linux` was being accessed whenever the feature is being
used or not.

A second instance of nixpkgs is being created in
`nixos/modules/config/stub-ld.nix` and can be disabled by setting
`environment.ldso32 = null` or `environment.stub-ld.enable = false`.

Both combined fixes this error:

    error: attribute 'i686-linux' missing
@vcunat
Copy link
Member

vcunat commented Jan 14, 2025

Honestly I'm not too happy about adding such a huge build-time closure by default in order to just improve a FHS error message.

I believe we should at least remove it from all NixOS tests. Right now they require bootstrapping several different stdenvs, and I think that simply disabling stub-ld will drop one of them (32-bit musl stdenv). This is especially annoying when you bisect a NixOS test regression that happened on staging. (or I guess anytime when you build a NixOS and don't have binaries from someone already)

@Atemu
Copy link
Member

Atemu commented Jan 14, 2025

Given that we only compile a super simple program here, perhaps there could be a simpler way to achieve this that has a much smaller build closure. We don't really need a full-blown stdenv here. The primary difficulty I see is that we need it to be statically linked.

This could perhaps also simply be disabled in the other NixOS tests given that this is only ever intended to help human users understand that what they're doing is outside of what NixOS can support.

@Mic92
Copy link
Member

Mic92 commented Jan 14, 2025

We can use nolibc from the linux kernel to avoid having to use musl. It's just a print syscall after all.

@Atemu
Copy link
Member

Atemu commented Jan 14, 2025

Created #373776

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
6.topic: lib The Nixpkgs function library 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (new) This PR adds a module in `nixos/` 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 significant Novel ideas, large API changes, notable refactorings, issues with RFC potential, etc.
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

Give a more useful error message when running non-nix ELF binaries on NixOS