fix: distinguish build failures from store failures #416
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"nix-store --verify-path" exits with status 1 in various situations, including when the path does not exist (due to having failed to build) or when the checksum doesn't match the Nix database. Since nixpkgs-review tries to report build failures specifically, use "nix store verify" instead with its "--no-contents" flag. This avoids classifying checksum mismatches as build failures, which can be misleading to nixpkgs-review users. Though still an abnormal situation that might be useful to report, we now ignore store path errors; these are generally an abnormal situation, and detecting them is out-of-scope for nixpkgs-review. Should it become clearer that it would be useful to report them, it could be done by removing --no-contents and checking "nix store verify"'s exit status, which indicates the nature of the problem.
|
I tested the two approaches with this script: #!/usr/bin/env bash
set -eEuo pipefail
expr='
let
name = builtins.getEnv "name"; # https://github.com/NixOS/nix/issues/2678
pkgs = import <nixpkgs> {};
pkg = pkgs.stdenv.mkDerivation {
inherit name;
dontUnpack = true;
buildCommand = if name == "failed" then "false" else "mkdir $out";
};
in {
path = "${pkgs.lib.getOutput "out" pkg}";
inherit pkg;
}
'
for f in good corrupted failed ; do
name="$f" \
nix-build \
-A pkg \
--expr "$expr" || true
path=$(
name="$f" \
nix \
--extra-experimental-features nix-command \
eval \
--expr "$expr" \
path \
--impure \
--raw
)
if [[ "$f" == corrupted ]] ; then
sudo touch "$path"/oops.txt
sudo chmod 666 "$path"/oops.txt
fi
status=0
# old method:
# nix-store --verify-path "$path" || status=$?
# new method:
nix --extra-experimental-features nix-command store verify --no-contents --no-trust "$path" || status=$?
echo "$f: $status"
doneThe "old method" fails on |
|
@mergify queue |
✅ The pull request has been merged automaticallyThe pull request has been merged automatically at 1097624 |
|
Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
"nix-store --verify-path" exits with status 1 in various situations, including when the path does not exist (due to having failed to build) or when the checksum doesn't match the Nix database.
Since nixpkgs-review tries to report build failures specifically, use "nix store verify" instead with its "--no-contents" flag. This avoids classifying checksum mismatches as build failures, which can be misleading to nixpkgs-review users.
Though still an abnormal situation that might be useful to report, we now ignore store path errors; these are generally an abnormal situation, and detecting them is out-of-scope for nixpkgs-review. Should it become clearer that it would be useful to report them, it could be done by removing --no-contents and checking "nix store verify"'s exit status, which indicates the nature of the problem.
Fixes #415