diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index 9d556d3..d3e853e 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -287,6 +287,7 @@ in boot.kernel.sysctl."kernel.dmesg_restrict" = true; services.udev.packages = [ pkgs.sane-backends ]; + nix.package = pkgs.nix_2_4; nix.distributedBuilds = true; nix.nrBuildUsers = 64; nix.trustedUsers = ["sb"]; @@ -450,10 +451,10 @@ in }; nixpkgs.config.packageOverrides = super: let self = super.pkgs; in { - nix = super.nix.overrideAttrs(oa: { - patches = oa.patches or [] ++ [ ./nix-networked-derivations.diff ]; + nix_2_4 = super.nix_2_4.overrideAttrs(oa: { + patches = oa.patches or [] ++ [ ./nix-3-networked-derivations.patch ]; }); - nixFlakes = super.nixFlakes.overrideAttrs(oa: { + nixUnstable = super.nixUnstable.overrideAttrs(oa: { patches = oa.patches or [] ++ [ ./nix-3-networked-derivations.patch ]; }); hydra-unstable = super.hydra-unstable.overrideAttrs(oa: { diff --git a/nixbld-etc-nixos/nix-networked-derivations.diff b/nixbld-etc-nixos/nix-networked-derivations.diff deleted file mode 100644 index 10d9c49..0000000 --- a/nixbld-etc-nixos/nix-networked-derivations.diff +++ /dev/null @@ -1,83 +0,0 @@ -diff -Naur nix-2.3.10.orig/src/libstore/build.cc nix-2.3.10/src/libstore/build.cc ---- nix-2.3.10.orig/src/libstore/build.cc 1970-01-01 08:00:01.000000000 +0800 -+++ nix-2.3.10/src/libstore/build.cc 2021-04-24 16:17:08.778875340 +0800 -@@ -840,9 +840,16 @@ - /* Whether this is a fixed-output derivation. */ - bool fixedOutput; - -+ bool networked; -+ - /* Whether to run the build in a private network namespace. */ - bool privateNetwork = false; - -+ bool allowNetwork() -+ { -+ return fixedOutput || networked; -+ } -+ - typedef void (DerivationGoal::*GoalState)(); - GoalState state; - -@@ -1181,6 +1188,8 @@ - { - trace("have derivation"); - -+ fixedOutput = drv->isFixedOutput(); -+ - retrySubstitution = false; - - for (auto & i : drv->outputs) -@@ -1197,6 +1206,8 @@ - - parsedDrv = std::make_unique(drvPath, *drv); - -+ networked = parsedDrv->getBoolAttr("__networked"); -+ - /* We are first going to try to create the invalid output paths - through substitutes. If that doesn't work, we'll build - them. */ -@@ -1932,7 +1943,7 @@ - else if (settings.sandboxMode == smDisabled) - useChroot = false; - else if (settings.sandboxMode == smRelaxed) -- useChroot = !fixedOutput && !noChroot; -+ useChroot = !allowNetwork() && !noChroot; - } - - if (worker.store.storeDir != worker.store.realStoreDir) { -@@ -2109,7 +2120,7 @@ - "nogroup:x:65534:\n") % sandboxGid).str()); - - /* Create /etc/hosts with localhost entry. */ -- if (!fixedOutput) -+ if (!allowNetwork()) - writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n::1 localhost\n"); - - /* Make the closure of the inputs available in the chroot, -@@ -2323,7 +2334,7 @@ - us. - */ - -- if (!fixedOutput) -+ if (!allowNetwork()) - privateNetwork = true; - - userNamespaceSync.create(); -@@ -2534,7 +2545,7 @@ - to the builder is generally impure, but the output of - fixed-output derivations is by definition pure (since we - already know the cryptographic hash of the output). */ -- if (fixedOutput) { -+ if (allowNetwork()) { - for (auto & i : parsedDrv->getStringsAttr("impureEnvVars").value_or(Strings())) - env[i] = getEnv(i); - } -@@ -2823,7 +2834,7 @@ - /* Fixed-output derivations typically need to access the - network, so give them access to /etc/resolv.conf and so - on. */ -- if (fixedOutput) { -+ if (allowNetwork()) { - ss.push_back("/etc/resolv.conf"); - - // Only use nss functions to resolve hosts and