Is this related to #371242?

I don’t think so. I’m not aware of this issue, but it seems to mention that builds fail on Hydra and IIRC macOS builders do not use sandbox (though things could have changed since the last time I’ve checked).

Forcing mmap implementation instead of POSIX/SysV shared memory might help as discussed here, but I don’t have time to test that.

If it's not about that, what is it about then? What kind of error are you getting that is solved by doing this?

Well, postgresqlTestHook does not work when sandbox = true in Nix config on macOS because default sandbox profile does not allow shared memory syscalls.

running bootstrap script ... 2025-02-19 14:07:08.362 UTC [98344] FATAL:  could not create shared memory segment: Operation not permitted
2025-02-19 14:07:08.362 UTC [98344] DETAIL:  Failed system call was shmget(key=80109247, size=56, 03600).

(note Operation not permitted at the end of first line)

I’ve just tried running initdb with various combinations of -c shared_memory_type=VALUE and -c dynamic_shared_memory_type=VALUE and none worked, so I’ll remove this TODO comment.

Unfortunately, I can't reproduce FATAL: could not create shared memory segment: Operation not permitted at all.

Can you give me exact instructions, i.e. which branch, which attribute to build?

• aarch64-darwin host
• sandbox = true set in /etc/nix/nix.conf
• sudo launchctl kickstart -k system/org.nixos.nix-daemon
  to restart Nix daemon if sandbox = true was not there before
• Nix 2.18.1
• I’ve doubled-checked with Nix version 2.24.12 and this seems to be fixed darwin: allow ipc-sysv* in sandbox nix#10878, but older Nix version still require an explicit sandbox profile.

nix build --print-build-logs --no-link --impure --expr 'with import ./. { };
stdenv.mkDerivation {
  name = "postgresql-test-hook-repro";
  dontUnpack = true;
  doCheck = true;
  nativeCheckInputs = [
    postgresqlTestHook
    postgresql
  ];
  installPhase = ''
    runHook preInstall
    mkdir -p "$out"
    runHook postInstall
  '';
}'

Thanks for those details. Unfortunately, I can't test with older nix versions, because I only have non-root access to the nix-community darwin builder. But your explanation sounds sensible.

Not being able to reproduce this makes it harder for me to come up with fixes for other cases where we need the same - and I know there are some.

One major case that we surely need to address in this PR already: postgresql itself. It also runs initdb during the check phase and since we have enabled the check phase on darwin a while ago, you would hit the same. It would be kind of pointless to fix the test hook, but not being able to build postgresql itself before even getting there.

I assume you just didn't rebuild postgresql locally, yet, but have always pulled it from the cache. You should be able to reproduce it with nix-build --check -A postgresql easily.

Could you please also extend the comment to mention the version this has been fixed in and that we need to keep it around for older versions, which we still support?

I’ve doubled-checked with Nix version 2.24.12 and this seems to be fixed

Also, lix did not backport that change (yet), so running lix on MacOS will lead to the same problems.

I am curious: Did you hit a case where that was necessary to fix a build? Or is this another kind of performance improvement?