Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consistent PATH between ctx.actions.run and ctx.actions.run_shell #146389

Merged
merged 7 commits into from
Dec 19, 2021
Merged

Consistent PATH between ctx.actions.run and ctx.actions.run_shell #146389

merged 7 commits into from
Dec 19, 2021

Conversation

ylecornec
Copy link
Contributor

@ylecornec ylecornec commented Nov 17, 2021
edited
Loading

Motivation for this change

This PR addresses issue #94222.
It adds a Bazel patch that sets the PATH variable to defaultShellPath for local actions, when PATH is not set.

The second commit removes the customBash script in order to remove duplicates in PATH when run_shell is used.
(Since the customBash script always appends the defaultShellPath to PATH).

We do not append things to PATH if it is already set anymore.

This is consistent with how other platforms behave (only use the default system environment if PATH is not set).

So it may break builds that explicitly expect a different local environment (by setting PATH to /usr/bin for instance), but is more hermetic as we are less likely to accidentally use the defaultShellPath when developing on nix.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 21.11 Release Notes (or backporting 21.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

@ylecornec ylecornec mentioned this pull request Nov 17, 2021
Open
@ylecornec
bazel_4: add default PATH for local actions if it is not set.
0cff50f 
NixOS#94222
fixup1
@ylecornec
bazel_4: remove customBash script
be9385c 
In order to remove duplicates in PATH when run_shell is called, the customBash script is removed.
This is consistent with how other platform behave: only look in the local environment if PATH is not set, but it may break builds that explicitly expects a different local environment.
@ylecornec ylecornec force-pushed the ylecornec/bazel_bash_fix branch from d624ab2 to be9385c Compare December 13, 2021 07:44
@ofborg ofborg bot requested a review from mboes December 13, 2021 07:56
@ylecornec ylecornec marked this pull request as ready for review December 13, 2021 08:06
@Profpatsch
Copy link
Member

I’m sorry, I haven’t done anything with bazel in a while, should probably remove myself from the maintainers list.

I can refer to other people who’ve been maintaining it: @kalbasit @uri-canva @ethercrow @timothyklim @avdv

@Profpatsch
Copy link
Member

fyi: I created the @NixOS/bazel maintenance group and invited all people mentioned above that are NixOS team members.

uri-canva
uri-canva approved these changes Dec 14, 2021
View reviewed changes
Copy link
Contributor

@uri-canva uri-canva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, much better than the customBash wrapper!

@uri-canva
Copy link
Contributor

The error log is quite hard to read but here's the relevant part:

Error occurred while attempting to use the default Python toolchain (@rules_python//python:autodetecting_toolchain).
Neither 'python3' nor 'python' were found on the target platform's PATH, which is:
/nix/store/pjba17qx8vh7dln8m5vnkqdbbjahvg9b-patchelf-0.13/bin:/nix/store/xiq6j4jsyj351p8q3yw9cg1hdqp9m685-gcc-wrapper-10.3.0/bin:/nix/store/iyssx2arl8bc40pjimyfxyknj06swjdx-gcc-10.3.0/bin:/nix/store/q6prgn66s4achzrrnvcvyjgnm94c1bn3-glibc-2.33-56-bin/bin:/nix/store/l6f4z8mmcnnxba8w004xn28y0vr4gdkf-coreutils-9.0/bin:/nix/store/v7w0pspwq8r2b7k2sndxq3db843z7xm5-binutils-wrapper-2.35.2/bin:/nix/store/lbxfixyw1yk099pjyaiy3xj5dl7kxm1g-binutils-2.35.2/bin:/nix/store/k0z9n599k02hab8qjjp3ljw065iwjcvg-python3-3.9.6/bin:/nix/store/l6f4z8mmcnnxba8w004xn28y0vr4gdkf-coreutils-9.0/bin:/nix/store/v3lvq9hqshyldc4i6f5jy0zs0k5psbws-findutils-4.8.0/bin:/nix/store/gxj3wkwc5m5vb8b3rv6h029ky9nan4bf-diffutils-3.8/bin:/nix/store/vklvyr82ajbz7jm7g8dbkh62k20b0dpr-gnused-4.8/bin:/nix/store/nkwls56wcfwi1r0jnkqkvwx2zk7w3qrz-gnugrep-3.7/bin:/nix/store/21nzalbq7ay1vzanri1dl4845s3cl72i-gawk-5.1.1/bin:/nix/store/wny483nz9q52xq8azwpqna3pq98zcsgy-gnutar-1.34/bin:/nix/store/mp7lwrwr0nl69rznln13j3k4zf69s80i-gzip-1.11/bin:/nix/store/m9jxbbbxfzi6052yw3kgz95wvz76mbb1-bzip2-1.0.6.0.2-bin/bin:/nix/store/315glp1si526x60nhhkbqmip4m7b25a7-gnumake-4.3/bin:/nix/store/a54wrar1jym1d8yvlijq0l2gghmy8szz-bash-5.1-p12/bin:/nix/store/h2xzp4a764hn5n9br63ilh9qglz3baxn-patch-2.7.6/bin:/nix/store/3q4xj02ijqgfxffndvg28nlv741sx6qx-xz-5.2.5-bin/bin

@uri-canva
Copy link
Contributor

The darwin builds have a more straightforward failure:

/nix/store/3npg6a8nc5vpcyw98v085cmlz7f78kgs-bash-5.1-p12/bin/bash: line 1: cat: command not found

@uri-canva uri-canva self-requested a review December 14, 2021 00:53
@uri-canva
Copy link
Contributor

It needs an equivalent patch for darwin, but I see you didn't test on darwin so I assume you don't have access to a darwin machine, I'll post the patch in a moment.

@uri-canva
Copy link
Contributor

Here's the patch to fix the build on darwin (some changes are to help debugging), the tests don't all pass but they're marked as broken on darwin anyway so it's ok:

diff --git a/pkgs/development/tools/build-managers/bazel/bazel_4/actions_path.patch b/pkgs/development/tools/build-managers/bazel/bazel_4/actions_path.patch
index bade7fdb716..1fa1e574833 100644
--- a/pkgs/development/tools/build-managers/bazel/bazel_4/actions_path.patch
+++ b/pkgs/development/tools/build-managers/bazel/bazel_4/actions_path.patch
@@ -1,5 +1,5 @@
 diff --git a/src/main/java/com/google/devtools/build/lib/exec/local/PosixLocalEnvProvider.java b/src/main/java/com/google/devtools/build/lib/exec/local/PosixLocalEnvProvider.java
-index 6fff2af..7e2877e 100755
+index 6fff2af..7e2877e 100644
 --- a/src/main/java/com/google/devtools/build/lib/exec/local/PosixLocalEnvProvider.java
 +++ b/src/main/java/com/google/devtools/build/lib/exec/local/PosixLocalEnvProvider.java
 @@ -47,6 +47,16 @@ public final class PosixLocalEnvProvider implements LocalEnvProvider {
@@ -19,3 +19,23 @@ index 6fff2af..7e2877e 100755
      String p = clientEnv.get("TMPDIR");
      if (Strings.isNullOrEmpty(p)) {
        // Do not use `fallbackTmpDir`, use `/tmp` instead. This way if the user didn't export TMPDIR
+index 95642767c6..39d3c62461 100644
+--- a/src/main/java/com/google/devtools/build/lib/exec/local/XcodeLocalEnvProvider.java
++++ b/src/main/java/com/google/devtools/build/lib/exec/local/XcodeLocalEnvProvider.java
+@@ -74,6 +74,16 @@ public final class XcodeLocalEnvProvider implements LocalEnvProvider {
+
+     ImmutableMap.Builder<String, String> newEnvBuilder = ImmutableMap.builder();
+     newEnvBuilder.putAll(Maps.filterKeys(env, k -> !k.equals("TMPDIR")));
++
++    // In case we are running on NixOS.
++    // If bash is called with an unset PATH on this platform,
++    // it will set it to /no-such-path and default tools will be missings.
++    // See, https://github.com/NixOS/nixpkgs/issues/94222
++    // So we ensure that minimal dependencies are present.
++    if (!env.containsKey("PATH")){
++      newEnvBuilder.put("PATH", "@actionsPathPatch@");
++    }
++
+     String p = clientEnv.get("TMPDIR");
+     if (Strings.isNullOrEmpty(p)) {
+       // Do not use `fallbackTmpDir`, use `/tmp` instead. This way if the user didn't export TMPDIR
diff --git a/pkgs/development/tools/build-managers/bazel/bazel_4/default.nix b/pkgs/development/tools/build-managers/bazel/bazel_4/default.nix
index 64200c58fd8..448464b108b 100644
--- a/pkgs/development/tools/build-managers/bazel/bazel_4/default.nix
+++ b/pkgs/development/tools/build-managers/bazel/bazel_4/default.nix
@@ -103,7 +103,22 @@ let
     #        ],
     #     )
     #
-    [ bash coreutils findutils gawk gnugrep gnutar gnused gzip which unzip file zip python27 python3 ];
+    [
+      bash
+      coreutils
+      file
+      findutils
+      gawk
+      gnugrep
+      gnused
+      gnutar
+      gzip
+      python27
+      python3
+      unzip
+      which
+      zip
+    ];
 
   # Java toolchain used for the build and tests
   javaToolchain = "@bazel_tools//tools/jdk:toolchain_${buildJdkName}";
@@ -475,6 +490,8 @@ stdenv.mkDerivation rec {
       build --host_javabase='@local_jdk//:jdk'
       build --host_java_toolchain='${javaToolchain}'
       build --verbose_failures
+      build --curses=no
+      build --sandbox_debug
       EOF
 
       # add the same environment vars to compile.sh
@@ -487,6 +504,8 @@ stdenv.mkDerivation rec {
           -e "/\$command \\\\$/a --host_javabase='@local_jdk//:jdk' \\\\" \
           -e "/\$command \\\\$/a --host_java_toolchain='${javaToolchain}' \\\\" \
           -e "/\$command \\\\$/a --verbose_failures \\\\" \
+          -e "/\$command \\\\$/a --curses=no \\\\" \
+          -e "/\$command \\\\$/a --sandbox_debug \\\\" \
           -i scripts/bootstrap/compile.sh
 
       # This is necessary to avoid:
@@ -516,12 +535,13 @@ stdenv.mkDerivation rec {
   # when a command can’t be found in a bazel build, you might also
   # need to add it to `defaultShellPath`.
   nativeBuildInputs = [
+    coreutils
     installShellFiles
-    zip
+    makeWrapper
     python3
     unzip
-    makeWrapper
     which
+    zip
   ] ++ lib.optionals (stdenv.isDarwin) [ cctools libcxx CoreFoundation CoreServices Foundation ];
 
   # Bazel makes extensive use of symlinks in the WORKSPACE.
diff --git a/pkgs/development/tools/build-managers/bazel/cpp-test.nix b/pkgs/development/tools/build-managers/bazel/cpp-test.nix
index f4e03abdbc9..3f3faae25e2 100644
--- a/pkgs/development/tools/build-managers/bazel/cpp-test.nix
+++ b/pkgs/development/tools/build-managers/bazel/cpp-test.nix
@@ -44,6 +44,8 @@ let
       ${bazel}/bin/bazel \
         build --verbose_failures \
         --distdir=${distDir} \
+        --curses=no \
+        --sandbox_debug \
           //...
     '';
   };
diff --git a/pkgs/development/tools/build-managers/bazel/java-test.nix b/pkgs/development/tools/build-managers/bazel/java-test.nix
index 11931a197c0..9641a95c33b 100644
--- a/pkgs/development/tools/build-managers/bazel/java-test.nix
+++ b/pkgs/development/tools/build-managers/bazel/java-test.nix
@@ -50,6 +50,8 @@ let
           --java_toolchain='@bazel_tools//tools/jdk:toolchain_hostjdk8' \
           --javabase='@local_jdk//:jdk' \
           --verbose_failures \
+          --curses=no \
+          --sandbox_debug \
           //:ProjectRunner
     '';
   };
diff --git a/pkgs/development/tools/build-managers/bazel/protobuf-test.nix b/pkgs/development/tools/build-managers/bazel/protobuf-test.nix
index 3858a681659..d01e1888724 100644
--- a/pkgs/development/tools/build-managers/bazel/protobuf-test.nix
+++ b/pkgs/development/tools/build-managers/bazel/protobuf-test.nix
@@ -169,6 +169,8 @@ let
           --java_toolchain='@bazel_tools//tools/jdk:toolchain_hostjdk8' \
           --javabase='@local_jdk//:jdk' \
           --verbose_failures \
+          --curses=no \
+          --sandbox_debug \
           //...
     '';
   };

@uri-canva
Copy link
Contributor

I'll let you apply the patch to your branch.

ylecornec and others added 3 commits December 15, 2021 15:53
@ylecornec ylecornec force-pushed the ylecornec/bazel_bash_fix branch from 4df477f to 932cfca Compare December 16, 2021 08:57
@ylecornec
bazel_4: add default tools to buildInputs (to be accessible from repo…
ee62812 
…sitory rules)

Previously the customBash wrapper added the default tools to the PATH of commands from repository rules (which are run in the same environment as Bazel).
@ylecornec ylecornec force-pushed the ylecornec/bazel_bash_fix branch from 932cfca to ee62812 Compare December 16, 2021 09:25
@ylecornec
Copy link
Contributor Author

Thanks a lot for your help, indeed I do not have access to a darwin machine.

The tests seem to pass now (apart from the aarch64-darwin one).
It seems that the customBash wrapper was also used for commands from repository_rules, which are executed in the same environment as Bazel itself.

Without it, the python test failed because it was now missing the which binary in its environment, so I added it.

I also added the rest of the default tools to the buildInput of the bazel package itself, so that repository rules will have access to them.

uri-canva
uri-canva approved these changes Dec 17, 2021
View reviewed changes
Copy link
Contributor

@uri-canva uri-canva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

pkgs/development/tools/build-managers/bazel/bazel_4/default.nix Outdated
@@ -667,7 +664,7 @@ stdenv.mkDerivation rec {
# Save paths to hardcoded dependencies so Nix can detect them.
postFixup = ''
mkdir -p $out/nix-support
echo "${customBash} ${defaultShellPath}" >> $out/nix-support/depends
echo "${defaultShellPath}" >> $out/nix-support/depends
# The templates get tar’d up into a .jar,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Specifying python27 and python3 isn't necessary anymore since they're part of defaultShellPath.

@uri-canva
Copy link
Contributor

Will leave it a bit so others have a chance to review, and merge it tomorrow or in the next days if no further issues are raised.

@ofborg ofborg bot added the 11.by: package-maintainer This PR was created by the maintainer of the package it changes label Dec 17, 2021
@uri-canva uri-canva merged commit d2a93c1 into NixOS:master Dec 19, 2021
@ylecornec ylecornec mentioned this pull request Jun 13, 2022
Merged
13 tasks
@Janik-Haag Janik-Haag added the 12. first-time contribution This PR is the author's first one; please be gentle! label Jun 12, 2023
@Strum355 Strum355 mentioned this pull request Jan 5, 2024
Merged
25 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uri-canva uri-canva uri-canva approved these changes

@mboes mboes Awaiting requested review from mboes

@Profpatsch Profpatsch Awaiting requested review from Profpatsch

@marsam marsam Awaiting requested review from marsam

@olebedev olebedev Awaiting requested review from olebedev

@avdv avdv Awaiting requested review from avdv

@aherrmann aherrmann Awaiting requested review from aherrmann

@groodt groodt Awaiting requested review from groodt

Assignees
No one assigned
Labels
10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10 10.rebuild-linux: 1 11.by: package-maintainer This PR was created by the maintainer of the package it changes 12. first-time contribution This PR is the author's first one; please be gentle!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ylecornec @Profpatsch @uri-canva @jake-arkinstall @Janik-Haag