Skip to content

tzdata: disable network access#341307

Merged
fabianhjr merged 1 commit intoNixOS:stagingfrom
trofi:tzdata-no-network
Sep 13, 2024
Merged

tzdata: disable network access#341307
fabianhjr merged 1 commit intoNixOS:stagingfrom
trofi:tzdata-no-network

Conversation

@trofi
Copy link
Contributor

@trofi trofi commented Sep 12, 2024
edited
Loading

Without the change tests fail on darwin as
https://hydra.nixos.org/build/272249259/nixlog/164/tail:

curl: (77) error setting certificate file: /no-cert-file.crt

Possibly because stdenv has curl there. Upstream suggests disabling networking access with CURL=:. Let's use that.

Description of changes

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@trofi
tzdata: disable network access
eff4e92 
Without the change tests fail on darwin as
https://hydra.nixos.org/build/272249259/nixlog/164/tail:

    curl: (77) error setting certificate file: /no-cert-file.crt

Possibly because `stdenv` has `curl` there. Upstream suggests disabling
networking access with `CURL=:`. Let's use that.
@trofi trofi mentioned this pull request Sep 12, 2024
Merged
13 tasks
@gshpychka
Copy link
Contributor

gshpychka commented Sep 12, 2024
edited
Loading

Build failed on aarch64-darwin - failed test for kyua:
error: builder for '/nix/store/62lizx9y3ra5zxppkwdj8jj97ryp8qy9-kyua-0.13-unstable-2024-01-22.drv' failed with exit code 1;

Failed one test:
utils/signals/timer_test:multiprogram_and_expire_before_activations -> failed: Line 296: exp_items != items ([2, 1, 3] != [1, 2, 3]) [2.199s]

Command: nix build github:NixOS/nixpkgs/pull/341307/merge#tzdata

build.log

@trofi
Copy link
Contributor Author

trofi commented Sep 12, 2024

I don't know much about kyua, but it does not look directly related. Is it a deterministic failure? If you try to build it a few times, dies it fail the same way?

@ofborg ofborg bot added the 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. label Sep 12, 2024
@ofborg ofborg bot requested review from ajs124 and fpletz September 12, 2024 12:04
@ofborg ofborg bot added 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. labels Sep 12, 2024
@gshpychka
Copy link
Contributor

gshpychka commented Sep 12, 2024

I don't know much about kyua, but it does not look directly related. Is it a deterministic failure? If you try to build it a few times, dies it fail the same way?

My bad, seems like a flaky test. Rebuilding went well, but then failed with this:

error: derivation '/nix/store/idrifyhdkms6mxrwgqv489d37b1i0imh-tzdata-2024b.drv' may not be deterministic: output '/nix/store/iaxsrj1wvqz9hfw6362ci36xzzcdf3cm-tzdata-2024b-bin' differs

@emilazy
Copy link
Member

emilazy commented Sep 12, 2024

That’s to be expected; we don’t have great reproducibility on Darwin right now.

@fabianhjr fabianhjr merged commit 8b2b860 into NixOS:staging Sep 13, 2024
@trofi trofi deleted the tzdata-no-network branch September 13, 2024 06:07
@gshpychka gshpychka mentioned this pull request Sep 16, 2024
Merged
13 tasks
@github-actions
Copy link
Contributor

github-actions bot commented Sep 19, 2024

Successfully created backport PR for staging-24.05:

@github-actions github-actions bot mentioned this pull request Sep 19, 2024
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fabianhjr fabianhjr fabianhjr approved these changes

@fpletz fpletz Awaiting requested review from fpletz

@ajs124 ajs124 Awaiting requested review from ajs124

Assignees

No one assigned

Labels

10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin-stdenv This PR causes stdenv to rebuild on Darwin and must target a staging branch. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@trofi @gshpychka @emilazy @fabianhjr @vcunat