Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sbomnix: be able to use inside a derivation #139

Open
bjornfor opened this issue Dec 11, 2024 · 1 comment
Open

sbomnix: be able to use inside a derivation #139

bjornfor opened this issue Dec 11, 2024 · 1 comment

Comments

@bjornfor
Copy link

I'd like to generate SBOMs inside Nix derivations, but that doesn't currently work. I tried both with and without sbomnix --buildtime ... option.

Reproducer:

# file: sbom.nix
let
  nixpkgs = builtins.fetchTarball {
    url = "https://github.com/NixOS/nixpkgs/archive/bc27f0fde01ce4e1bfec1ab122d72b7380278e68.tar.gz"; # nixpkgs-unstable @ 2024-12-09
    sha256 = "0fxl020s1fmxygvi5bj8w30jq1bwynrn2xclwm5ahynw0nv9v6pv";
  };

  pkgs = import nixpkgs { config = { }; overlays = [ ]; };

  sbom = pkgs.runCommand "sbom"
    { nativeBuildInputs = [ pkgs.sbomnix ];
    }
    ''
      mkdir -p "$out"
      (cd "$out" && sbomnix --verbose 3 "${pkgs.bash}")
    '';
in
  sbom
$ nix-build ./sbom.nix
this derivation will be built:
  /nix/store/fbsxwsinyryxr8dk4f0wqqk053pf33xy-sbom.drv
building '/nix/store/fbsxwsinyryxr8dk4f0wqqk053pf33xy-sbom.drv'...
INFO     utils.py:try_resolve_flakeref():182 Evaluating '/nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37'
DEBUG    utils.py:exec_cmd():127 Running: nix eval --raw /nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37 --extra-experimental-features flakes --extra-experimental-features nix-command
DEBUG    utils.py:exec_cmd():135 Error running shell command:
 cmd:   'nix eval --raw /nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37 --extra-experimental-features flakes --extra-experimental-features nix-command'
 stdout: 
 stderr: warning: you don't have Internet access; disabling some network-dependent features
error: creating directory '/nix/var/nix/profiles': Permission denied

DEBUG    utils.py:try_resolve_flakeref():188 not a flakeref: '/nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37'
DEBUG    utils.py:exit_unless_nix_artifact():162 force_realize: True
INFO     utils.py:exit_unless_nix_artifact():164 Try force-realising store-path '/nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37'
DEBUG    utils.py:exec_cmd():127 Running: nix-store -qf /nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37
DEBUG    utils.py:exec_cmd():135 Error running shell command:
 cmd:   'nix-store -qf /nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37'
 stdout: 
 stderr: error: creating directory '/nix/var/nix/profiles': Permission denied

CRITICAL utils.py:exit_unless_nix_artifact():172 Specified target is not a nix artifact: '/nix/store/p6k7xp1lsfmbdd731mlglrdj2d66mr82-bash-5.2p37'
error: builder for '/nix/store/fbsxwsinyryxr8dk4f0wqqk053pf33xy-sbom.drv' failed with exit code 1;
@bjornfor bjornfor changed the title sbomnix: use inside a derivation? sbomnix: be able to use inside a derivation Dec 11, 2024
@henrirosten
Copy link
Collaborator

This is due to the same problem discussed here: #106 (comment), that is:

I believe what you are trying to do cannot be done with sbomnix since it uses nix-store internally, and using nix-store
inside nix-build (in runCommand) will not work due to nix build sandbox.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bjornfor @henrirosten