Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error: access to absolute path '/nix/store/secrets' is forbidden in pure evaluation mode #99

Open
stratosgear opened this issue May 27, 2024 · 8 comments
Open

error: access to absolute path '/nix/store/secrets' is forbidden in pure evaluation mode #99

stratosgear opened this issue May 27, 2024 · 8 comments

Comments

@stratosgear
Copy link

After upgrading my flake recently I started getting errors like:

       … while evaluating the option `system.build.toplevel':

       … while evaluating definitions from `/nix/store/z71lmgd0ydfnax1b13zbrls5idf1y7ak-source/nixos/modules/system/activation/top-level.nix':

       (stack trace truncated; use '--show-trace' to show the full, detailed trace)

       error: access to absolute path '/nix/store/secrets' is forbidden in pure evaluation mode (use '--impure' to override)

After reading a previous issue here (#98) and trying a debug session with the graceful help of a fellow snowfall user, that is summarized in a completely different repo (Mic92/sops-nix#569) I am still facing issues not being able to make the suggested fix work, as I keep getting the same error while using lib.snowfall.fs.get-file or not.

My pushed changes that keep failing are in: https://gitlab.com/stratosgear/ultragear/-/tree/snowfall-get-file-error?ref_type=heads

Would you have any suggestions on how to proceed from here...?

Thanks!
@stratosgear
Copy link
Author

Something additional that might help or not.

Everything was working correctly, until I performed a nix flake update, that upgraded the following repos:

o  Executing: nix flake update
warning: updating lock file '/home/stratos/ultragear/flake.lock':
• Updated input 'agenix':
    'github:ryantm/agenix/8d37c5bdeade12b6479c85acd133063ab53187a0?narHash=sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw%3D' (2024-05-09)
  → 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9?narHash=sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I%3D' (2024-05-24)
• Updated input 'disko':
    'github:nix-community/disko/476eef8d85aa09389ae7baf6e6b60357f6a01432?narHash=sha256-Z4ZoyK8jYRmBZwMaEZLEmAilrfdpekwwwohliqC14/E%3D' (2024-05-16)
  → 'github:nix-community/disko/10986091e47fb1180620b78438512b294b7e8f67?narHash=sha256-rskkGmWlvYFb%2BCXedBiL8eWEuED0Es0XR4CkJ11RQKY%3D' (2024-05-27)
• Updated input 'disko/nixpkgs':
    'github:NixOS/nixpkgs/b3fcfcfabd01b947a1e4f36622bbffa3985bdac6?narHash=sha256-iJYnKMtLi5u6hZhJm94cRNSDG5Rz6ZzIkGbhPFtDRm0%3D' (2024-05-15)
  → 'github:NixOS/nixpkgs/e2dd4e18cc1c7314e24154331bae07df76eb582f?narHash=sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c%3D' (2024-05-26)
• Updated input 'flake-checker':
    'github:DeterminateSystems/flake-checker/358b3de4d41c7ddee4f5f2b3d841c68d08e107f3?narHash=sha256-Oln56WMkIFEuKe/q/pkD0IvdM28Y2Igtcye2wdYxe%2BY%3D' (2024-04-29)
  → 'github:DeterminateSystems/flake-checker/5bd70d4ff60180b7798d30f9d81385b1ab50c35f?narHash=sha256-iAtldNrFQR%2BjbXk5lH941HFBRTJyqwx/UU6thVkofM0%3D' (2024-05-23)
• Updated input 'hardware':
    'github:nixos/nixos-hardware/a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a?narHash=sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE%3D' (2024-05-08)
  → 'github:nixos/nixos-hardware/9a20e17a73b052d6be912adcee220cb483477094?narHash=sha256-s8%2BOhT1WSPMoqbTawT30hj4NVMg%2Bw03/a%2B2HVqcNhY0%3D' (2024-05-27)
• Updated input 'home-manager':
    'github:nix-community/home-manager/44677a1c96810a8e8c4ffaeaad10c842402647c1?narHash=sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4%3D' (2024-05-12)
  → 'github:nix-community/home-manager/5d151429e1e79107acf6d06dcc5ace4e642ec239?narHash=sha256-h3RmnNknKYtVA%2BEvUSra6QAwfZjC2q1G8YA7W0gat8Y%3D' (2024-05-26)
• Updated input 'nixos-generators':
    'github:nix-community/nixos-generators/722b512eb7e6915882f39fff0e4c9dd44f42b77e?narHash=sha256-3yh0nqI1avYUmmtqqTW3EVfwaLE%2B9ytRWxsA5aWtmyI%3D' (2024-04-22)
  → 'github:nix-community/nixos-generators/d14b286322c7f4f897ca4b1726ce38cb68596c94?narHash=sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J%2Bve1w%3D' (2024-05-20)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/33d1e753c82ffc557b4a585c77de43d4c922ebb5?narHash=sha256-cYApT0NXJfqBkKcci7D9Kr4CBYZKOQKDYA23q8XNuWg%3D' (2024-05-15)
  → 'github:nixos/nixpkgs/bfb7a882678e518398ce9a31a881538679f6f092?narHash=sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8%3D' (2024-05-24)
• Updated input 'snowfall-docs':
    'github:snowfallorg/docs/15e651c7bc8bc01893972ec5f985c0861c1ce210?narHash=sha256-VDavwMxb5uIDbHEHx33Q3qoU8YHNS%2BA0f7ZDEaxxN4c%3D' (2024-03-04)
  → 'github:snowfallorg/docs/f4abf0d6f2795daba4ddd26bea85dea6532c9355?narHash=sha256-0L3Q2ALYJ%2BoKpXJxSCWQD4tXTYwdHBzMYJAeD%2BQ7Jrw%3D' (2024-05-25)
• Updated input 'snowfall-docs/snowfall-lib':
    'github:snowfallorg/lib/92803a029b5314d4436a8d9311d8707b71d9f0b6?narHash=sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb%2Bxjc%3D' (2023-10-04)
  → 'github:snowfallorg/lib/5d6e9f235735393c28e1145bec919610b172a20f?narHash=sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo%3D' (2024-05-25)
• Updated input 'snowfall-docs/snowfall-lib/flake-utils-plus':
    'github:gytis-ivaskevicius/flake-utils-plus/bfc53579db89de750b25b0c5e7af299e0c06d7d3?narHash=sha256-YkbRa/1wQWdWkVJ01JvV%2B75KIdM37UErqKgTf0L54Fk%3D' (2023-10-03)
  → 'github:gytis-ivaskevicius/flake-utils-plus/3542fe9126dc492e53ddd252bb0260fe035f2c0f?narHash=sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH%2BXtK09jQWihk%3D' (2024-05-12)
• Updated input 'snowfall-lib':
    'github:snowfallorg/lib/299b24861ebfa98a5b586dfa9ec8138ab6a4c626?narHash=sha256-Lq38yoHyY8t%2BzkVdpYlr2Fonb89Id4o5zgIfz8KCB8Y%3D' (2024-05-07)
  → 'github:snowfallorg/lib/5d6e9f235735393c28e1145bec919610b172a20f?narHash=sha256-7TFvVE4HR/b65/0AAhewYHEJzUXxIEJn82ow5bCkrDo%3D' (2024-05-25)
• Updated input 'snowfall-lib/flake-utils-plus':
    'github:gytis-ivaskevicius/flake-utils-plus/bfc53579db89de750b25b0c5e7af299e0c06d7d3?narHash=sha256-YkbRa/1wQWdWkVJ01JvV%2B75KIdM37UErqKgTf0L54Fk%3D' (2023-10-03)
  → 'github:gytis-ivaskevicius/flake-utils-plus/3542fe9126dc492e53ddd252bb0260fe035f2c0f?narHash=sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH%2BXtK09jQWihk%3D' (2024-05-12)
• Updated input 'sops-nix':
    'github:mic92/sops-nix/b6cb5de2ce57acb10ecdaaf9bbd62a5ff24fa02e?narHash=sha256-y1uMzXNlrVOWYj1YNcsGYLm4TOC2aJrwoUY1NjQs9fM%3D' (2024-05-12)
  → 'github:mic92/sops-nix/962797a8d7f15ed7033031731d0bb77244839960?narHash=sha256-sALodaA7Zkp/JD6ehgwc0UCBrSBfB4cX66uFGTsqeFU%3D' (2024-05-26)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/8e47858badee5594292921c2668c11004c3b0142?narHash=sha256-q0OFeZqKQaik2U8wwGDsELEkgoZMK7gvfF6tTXkpsqE%3D' (2024-05-11)
  → 'github:NixOS/nixpkgs/59a450646ec8ee0397f5fa54a08573e8240eb91f?narHash=sha256-kQ25DAiCGigsNR/Quxm3v%2BJGXAEXZ8I7RAF4U94bGzE%3D' (2024-05-25)

From that point on, regardless if I am using lib.snowfall.fs.get-file or straight strings for paths, I keep getting the error from above.

I even tried to switch to the use of lib.snowfall.fs.get-file from even before doing the flake update, and even though the lib.snowfall.fs.get-file changes are working correctly BEFORE the flake update, once I update it starts failing again!

Hopefully, not confusing you here, but I thought it was worth mentioning this too!

@jakehamilton
Copy link
Member

I think I am going to revert the pathing changes and go back to strings based on src and root. This new behavior has too many footguns.

Thanks for bringing this up.

@stratosgear
Copy link
Author

It does indeed feel weird that you would need a special library to access some files. I'm saying this without knowing what were the reasons for doing so in the first place, or if there are any other benefits using it, since the docs do not mention anything in particular.

But I bet you know better...! Looking forward for a fix, so I can upgrade my system. Thanks!

@stratosgear
Copy link
Author

Are you still considering reverting the changes? Slight tinkering trying to work around the issue is still a no-go for my usecase. :(

Just wondering!

@jakehamilton
Copy link
Member

Hey! I've been preoccupied with other things, but I think I am going to revert the path type change. It should happen within the next week, but please ping me again if I forget!

@jakehamilton
Copy link
Member

@stratosgear I have pushed an update to the dev branch. Can you try that and let me know if it resolves your issues?

@stratosgear
Copy link
Author

Well I had:

    snowfall-lib = {
      url = "github:snowfallorg/lib?ref=v2.1.1";
      inputs.nixpkgs.follows = "nixpkgs";
    };

in my flake.nix and it was working.

I switched to:

    snowfall-lib = {
      url = "github:snowfallorg/lib?ref=dev";
      inputs.nixpkgs.follows = "nixpkgs";
    };

and it still works!

So I guess it resolves this issue!

@PerchunPak
Copy link
Contributor

For me dev branch also works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stratosgear @jakehamilton @PerchunPak