Using dfx on NixOS?

nomeata · September 15, 2021, 11:48am

Is anyone here working with dfx on NixOS?

Until dfx is open sourced we have to live with the binary that’s shipped in https://sdk.dfinity.org/downloads/dfx/0.8.1/x86_64-linux/dfx-0.8.1.tar.gz. The problem is that it’s not a static binary, and has /lib64/ld-linux-x86-64.so.2 hard-coded as the ELF interpreter.

I can create a nix derivation that fixes that for dfx, so I can run dfx. But dfx has this odd habit of unpacking further such binaries to ~/.cache/dfinity/versions/0.8.1/, and that happens at runtime, so I cannot patch it.

I created a nix derivation that, at build time, extracts these binaries, fixes their ELF interpreter, and then uses DFX_CONFIG_ROOT to make dfx use these, but that environment variable doesn’t just affect where dfx looks for the path, but also where it stores the identity, so letting that point to /nix/store doesn’t work well either. Too bad there is no way to set just the cache directory.

I guess waiting for dfx to be open source will be easiest.

@jwiegley, how do you do that?

nomeata · November 28, 2021, 4:15pm

Now that the sdk repo is open source I had another look, but the whole way how dfx handles assets (tar-ballling them, then embedding the tarball in the code, and at runtime extracting the members) is quite … opaque.

Am I really the only on in the intersection of people who may want to use dfx and who may want to use nix?

nomeata · November 28, 2021, 5:10pm

I created a repository with a rudimentary work-around, which could also be a place for a better solution:

paulyoung · March 25, 2022, 6:13am

I’m pretty confused about the current state of things here.

I thought @ericswanson fixed this in test: make sure shipped binaries don't reference /nix/store by ericswanson-dfinity · Pull Request #1868 · dfinity/sdk · GitHub (released in 0.8.3 according to the release notes)

However, I spent quite a while trying to get dfx working on Linux for CI via GitHub Actions and haven’t had much success.

My attempts can be seen on this branch although the CI runs are in another repo. GitHub - paulyoung/nixpkgs-dfinity-sdk at patchelf

What I can recollect is:

On 0.8.4, I was getting the “no such file or directory error” when trying to run ./dfx cache install, which was supposedly already fixed.
Patching the dfx binary with patchelf in the same way that the SDK does it allowed me to get past that but I ran into the same error for the binaries installed in the cache directory.
Patching the other binaries in the same way that the SDK does it only got me so far; I kept getting the same error for icx-proxy
On 0.9.2 I ran into some similar symptoms but it seemed like some of the binaries were now statically linked and patching wouldn’t apply so I wasn’t sure what to do.

I can probably do a better job of recreating all of this and investigating using ldd by getting a NixOS VM up and running again.

I don’t understand why patching would be necessary when it’s apparently already been done.

I also noticed the following, so maybe these are known issues?

github.com

dfinity/sdk/blob/c8b8c9ac8801d6b5caa82d60756783deb48d87f9/e2e/utils/_.bash#L65-L67

      
        
            dfx_patchelf() {
                # Don't run this function during github actions
                [ "$GITHUB_ACTIONS" ] && return 0

paulyoung · March 25, 2022, 6:14am

To clarify, the macOS build works fine and I can run tests against canisters and a replica with ic-repl.

nomeata · March 25, 2022, 12:12pm

Dfinity patches the released binaries to replace the /nix path to the linker (which would not work elsewhere) with /lib64/ld-linux-x86-64.so.2 (which works elsewhere, but not on NixOS). So to use them on NixOS, you have to patch that back.

That’s easy enough for dfx itself, using some nix hook (patchElf or so), but tricky for the binaries that are embedded into dfx.

paulyoung · March 25, 2022, 3:51pm

I thought I was taking all of that into account.

github.com

paulyoung/nixpkgs-dfinity-sdk/blob/d0fbef8c37979923cef954307fbea7cc34fde8fe/default.nix#L51-L78

      
        
            installPhase = ''
              export HOME=$TMP
            
            
  ${self.lib.optionalString self.stdenv.isLinux ''
              local LD_LINUX_SO=$(ldd $(which iconv)|grep ld-linux-x86|cut -d' ' -f3)
              chmod +rw ./dfx
              patchelf --set-interpreter "$LD_LINUX_SO" ./dfx
              ''}
            
            
  ./dfx cache install
            
            
  mkdir -p $out/cache
              cp --preserve=mode,timestamps -R $(./dfx cache show)/. $out/cache
            
            
  mkdir -p $out/bin
            
            
  for binary in dfx ic-ref ic-starter icx-proxy mo-doc mo-ide moc replica; do
                ${self.lib.optionalString self.stdenv.isLinux ''
                local BINARY="$out/cache/''${binary}"
                test -f "$BINARY" || continue

This file has been truncated. show original

nomeata · March 25, 2022, 4:01pm

Hmm, ok, this extracts and patches these binaries, and puts them in the path. But wouldn’t dfx build or dfx start still extract and then call the unpatched binaries? What’s telling dfx to use these?

(I found no nice way of letting dfx use them, e.g. via an environment variable or such, and stopped short of patching dfx to allow that. Then it should work nicely, I believe.)

paulyoung · March 26, 2022, 5:09am

I’m pretty sure I know what to do. Will try and get things working this weekend.

paulyoung · March 26, 2022, 7:33am

@nomeata I believe I’ve fixed this with Patch binaries and add CI by paulyoung · Pull Request #3 · paulyoung/nixpkgs-dfinity-sdk · GitHub

paulyoung · March 26, 2022, 7:35am

Actually, no. If you try to do dfx deploy (for example) it fails because the config directory is now set to a path in the nix store.

I think what we need is a separate environment variable for the cache directory, i.e. DFX_CACHE_ROOT.

paulyoung · March 26, 2022, 7:47am

I’ve created an issue to track this and plan to propose a change to dfx to address it, unless some enthusiastic Nix user beats me to it.

paulyoung · March 26, 2022, 8:10am

Blocked by dfx development depending on a private repo

I created an issue instead.

github.com/dfinity/sdk

Introduce `DFX_CACHE_ROOT` instead of using `DFX_CONFIG_ROOT` for the cache directory

opened 08:09AM - 26 Mar 22 UTC

paulyoung

Introducing a new `DFX_CACHE_ROOT` environment variable would address the issue …I describe in https://github.com/paulyoung/nixpkgs-dfinity-sdk/issues/4. I imagine the change involves changing the following code, falling back to `DFX_CONFIG_ROOT` for `DFX_CACHE_ROOT ` for backwards compatibility, and adding some new tests. https://github.com/dfinity/sdk/blob/d10f20b18790718a07af9dbc8c5a9833ccb2b83e/src/dfx/src/config/cache.rs#L69-L70 *** I'd like to make a PR but can't because of https://github.com/dfinity/sdk/issues/1955: ``` $ nix-shell --show-trace ~/projects/dfinity/sdk/main ERROR: Repository not found. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. error: program 'git' failed with exit code 128 … while fetching the input 'git+ssh://git@github.com/dfinity-lab/common?ref=refs%2fheads%2fmaster&rev=da56c3d8094a0f2e18533b529ecb4eb8804927d1' ```

nomeata · March 26, 2022, 1:06pm

Beh, yes, that’s also what I ran into. Patching dfx to be more friendly is probably the best way. Maybe even a envvar for each binary to override what to use? Might be useful to others as well.

ericswanson · March 30, 2022, 4:09pm

Here’s a github workflow that runs dfx both on linux and macos: sdk/e2e.yml at master · dfinity/sdk · GitHub

Starting with the next dfx release, we will start releasing dfx as built from a github workflow (sdk/publish.yml at master · dfinity/sdk · GitHub), rather than built using nix.

paulyoung · April 1, 2022, 1:21am

This is looking promising!

github.com/dfinity/sdk

feat: Introduce DFX_CACHE_ROOT environment variable

dfinity:master ← paulyoung:paulyoung/dfx-cache-root

opened 08:34AM - 31 Mar 22 UTC

paulyoung

+26 -13

# Description A new environment variable, `DFX_CACHE_ROOT`, has been introduc…ed to allow setting the cache root directory to a different location than the configuration root directory. Previously `DFX_CONFIG_ROOT` was repurposed for this which only allowed one location to be set for both the cache and configuration root directories. The motivation for this is described in https://github.com/paulyoung/nixpkgs-dfinity-sdk/issues/4, where the cache root directory is necessarily set to a read-only directory. This means that the configuration root directory is also read-only, resulting in the error `Cannot create config directory` when trying to write `.config/dfx` Fixes #2106 and https://github.com/paulyoung/nixpkgs-dfinity-sdk/issues/4 # How Has This Been Tested? Only tested with `cargo test` locally. Unable to run end-to-end tests locally due to https://github.com/dfinity/sdk/issues/1955. # Checklist: - [x] The title of this PR complies with [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). - [x] I have edited the CHANGELOG accordingly. - [ ] I have made corresponding changes to the documentation.

Topic		Replies	Views
External contributions to the SDK are blocked by private dependencies Command Line Tools	17	920	April 21, 2022
How to build dfx from source? Developers	12	610	September 29, 2021
Nix overlay for the SDK Developers	1	472	January 23, 2022
Dfx 0.23.0-beta.0 is released Developers	4	128	August 7, 2024
Issue with dfx binary and airgapped/Tails machine Developers	1	596	May 11, 2021

Using dfx on NixOS?

Related topics