Skip to content

builders: prep for build dir move in nix 2.30 #764

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

builders: prep for build dir move in nix 2.30 #764

wants to merge 1 commit into from

Conversation

mweinelt
Copy link
Member

@mweinelt mweinelt commented Jul 8, 2025

build-dir no longer defaults to $TMPDIR

The directory in which temporary build directories are created no longer defaults to TMPDIR or /tmp, to avoid builders making their directories world-accessible. This behavior allowed escaping the build sandbox and can cause build impurities even when not used maliciously. We now default to builds in NIX_STATE_DIR (which is /nix/var/nix/builds in the default configuration).

via https://discourse.nixos.org/t/nix-2-30-0-released/66449

@vcunat
Copy link
Member

vcunat commented Jul 9, 2025

Perhaps it's worth keeping /tmp on tmpfs in addition to this? (though it surely doesn't need to be large)

@h0nIg
Copy link

h0nIg commented Aug 12, 2025
edited
Loading

FYI, some of the builds may start failing due to maximum UNIX path length:

       > addr = '/nix/var/nix/builds/nix-build-python3.12-eventlet-0.38.2.drv-108383-1124167291/tmpmeb_8zfzeventlet_test_log_unix_address/socket'
.....
       > >       sock.bind(addr)
       > E       OSError: AF_UNIX path too long

@mweinelt mweinelt mentioned this pull request Aug 12, 2025
Open
@Mic92
Copy link
Member

Mic92 commented Aug 13, 2025

In our nixos infra we could have our own custom build-dir mounted set to /tmp2 if we wanted. But a better upstream default would be still desired for those that want to mass-rebuild on their own machines.

@mweinelt
Copy link
Member Author

A better upstream default with the same intent could be /nix/tmp, no?

Mic92 added a commit to Mic92/nix-1 that referenced this pull request Aug 27, 2025
@Mic92
don't include derivation name in temporary build directories
f15152d 
With the migration to /nix/var/nix/builds we now have failing builds
when the derivation name is too long.
This change removes the derivation name from the temporary build to have
a predictable prefix length:

Also see: NixOS/infra#764
for context.
@Mic92 Mic92 mentioned this pull request Aug 27, 2025
Open
Mic92 added a commit to Mic92/nix-1 that referenced this pull request Aug 27, 2025
@Mic92
don't include derivation name in temporary build directories
74bad14 
With the migration to /nix/var/nix/builds we now have failing builds
when the derivation name is too long.
This change removes the derivation name from the temporary build to have
a predictable prefix length:

Also see: NixOS/infra#764
for context.
Mic92 added a commit to Mic92/nix-1 that referenced this pull request Aug 27, 2025
@Mic92
don't include derivation name in temporary build directories
725a2f3 
With the migration to /nix/var/nix/builds we now have failing builds
when the derivation name is too long.
This change removes the derivation name from the temporary build to have
a predictable prefix length:

Also see: NixOS/infra#764
for context.
Mic92 added a commit to Mic92/nix-1 that referenced this pull request Aug 27, 2025
@Mic92
don't include derivation name in temporary build directories
bb01001 
With the migration to /nix/var/nix/builds we now have failing builds
when the derivation name is too long.
This change removes the derivation name from the temporary build to have
a predictable prefix length:

Also see: NixOS/infra#764
for context.
Mic92 added a commit to Mic92/nix-1 that referenced this pull request Aug 27, 2025
@Mic92
don't include derivation name in temporary build directories
81f60cb 
With the migration to /nix/var/nix/builds we now have failing builds
when the derivation name is too long.
This change removes the derivation name from the temporary build to have
a predictable prefix length:

Also see: NixOS/infra#764
for context.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mweinelt @vcunat @h0nIg @Mic92