Devenv errors following update
tsvallender opened this issue · comments
I had a working devenv environment, which has broken following devenv update
. When I run devenv shell
, I now get the below errors.
My devenv.nix (and other files in the repo can be seen at https://git.tsvallender.co.uk/tsv/foxplan/src/branch/main/devenv.nix
error:
at «github:cachix/devenv/4f08665cdcde7e44a40edb39bdbfe8fc0b750932»/src/modules/mkNakedShell.nix:63:12:
62| derivationArg = {
63| inherit name;
| ^
64| inherit (stdenv) system;
… while evaluating the attribute 'args' of the derivation 'devenv-shell'
at «github:NixOS/nixpkgs/3d8a93602bc54ece7a4e689d9aea1a574e2bbc24»/pkgs/stdenv/generic/make-derivation.nix:303:7:
302| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
303| name =
| ^
304| let
… while evaluating the attribute 'passAsFile' of the derivation 'devenv-profile'
at «github:NixOS/nixpkgs/3d8a93602bc54ece7a4e689d9aea1a574e2bbc24»/pkgs/build-support/buildenv/default.nix:77:5:
76| # XXX: The size is somewhat arbitrary
77| passAsFile = if builtins.stringLength pkgs >= 128*1024 then [ "pkgs" ] else [ ];
| ^
78| }
… while evaluating the attribute 'passAsFile'
at «github:NixOS/nixpkgs/54644f409ab471e87014bb305eac8c50190bcf48»/pkgs/stdenv/generic/make-derivation.nix:270:7:
269| // (lib.optionalAttrs (attrs ? name || (attrs ? pname && attrs ? version)) {
270| name =
| ^
271| let
… while evaluating the attribute 'env' of the derivation 'bundler-2.4.13'
at «github:NixOS/nixpkgs/3d8a93602bc54ece7a4e689d9aea1a574e2bbc24»/pkgs/development/ruby-modules/gem/default.nix:139:3:
138| # Introduced in https://github.com/ruby/ruby/commit/0958e19ffb047781fe1506760c7cbd8d7fe74e57
139| env.NIX_CFLAGS_COMPILE = toString (lib.optionals (ruby.rubyEngine == "ruby" && stdenv.cc.isClang && lib.versionA
r "3") [
| ^
140| "-fdeclspec"
error: cannot coerce a set to a string
Still getting this issue—is there any more information I can provide to help work this out? I'm getting the same error on other projects, so I'm either doing something odd or I assume this will affect other people?
It seems to work for me, could you try devenv update
and devenv shell
?
That's exactly what I'm doing to get this error (and have just tried again).
I have devenv 0.6.3.
You can see the devenv files in this repo: https://git.tsvallender.co.uk/tsv/foxplan
What OS?
I'm on NixOS
I can reproduce using your repo.
Well at least Nix is delivering on the reproducibility front I guess 😅
Confirmed seeing on macOS (intel, Ventura) with devenvs
Looks like it might be related to a change in nixpkgs
since this flake was last updated on Tue Jan 10 2023
.
What changed? I'm not 100% sure. This PR NixOS/nixpkgs#230666 was committed sort of recently, but I don't see how it could affect it. I traced through some of the bundlerEnv codepaths, but again, nothing is screaming at me: "I'm what broke!"
Ran under the debugger for a bit and I can't isolate or find out what is a set that shouldn't be.
Changing the devenv.yaml to:
inputs:
nixpkgs:
url: github:NixOS/nixpkgs/nixpkgs-unstable
nixpkgs-ruby:
url: github:bobvanderlinden/nixpkgs-ruby
inputs:
nixpkgs:
follows: nixpkgs
does seem to resolve the problem for me.
Can confirm that adding the follow
fixes the issue (and would be interested in an explanation of why, if anyone can supply one—does this mean the two were previously pointing at different instances of nixpkgs?)
nixpkgs-ruby comes with it's own set of nixpkgs, so that you're able to get cached binaries via cachix.
If you choose to use one instance, you'll have to compile Ruby yourself and cache it.
@bobvanderlinden can you bump nixpkgs here?
Yes, I held off hoping for OpenSSL 3 patches in the Ruby landscape, but apparently that will not happen.
Upgrading to nixpkgs-unstable will fail the builds because openssl 1.1 is not supported anymore.
Known issues:
- OpenSSL 1.1 is reaching its end of life on 2023/09/11 and cannot be supported through the NixOS 23.05 release cycle. https://www.openssl.org/blog/blog/2023/03/28/1.1.1-EOL/
You can install it anyway by allowing this package, using the
following methods:
a) To temporarily allow all insecure packages, you can use an environment
variable for a single invocation of the nix tools:
$ export NIXPKGS_ALLOW_INSECURE=1
Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
(Flake) command, `--impure` must be passed in order to read this
environment variable.
b) for `nixos-rebuild` you can add ‘openssl-1.1.1u’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1u"
];
}
c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘openssl-1.1.1u’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"openssl-1.1.1u"
];
}
I was thinking this wasn't a good workflow, as people will need to make changes in files or envvars that not always work.
Using openssl 3 for these versions of Ruby will unfortunately also not work. The bug report says people should just install the openssl
gem instead. This is also the workaround mentioned in https://gist.github.com/yob/08d53a003181aa0fcce9812b1b533870 says.
For now I'll still build the ruby versions against OpenSSL 1.1, but will look into embedding the openssl gem so that it's still possible to import openssl as-is.
See #77
nixpkgs in nixpkgs-ruby has been updated to 23.05. It should be able to use this without follow
Could you confirm whether this works for you as well?
Yep this seems to be working for me now, thank you 🙏
Might have spoken too soon—starting Puma I get the error SSL_ERROR_RX_RECORD_TOO_LONG
in FIrefox and HTTP parse error, malformed request: #<Puma::HttpParserError: Invalid HTTP format, parsing fails. Are you trying to open an SSL connection to a non-SSL Puma?>
and Puma compiled without SSL support
output on the CLI 😞
Are others not getting this issue? I'm lost as to why it would be just me. I really want to be using devenv but I can't get past this stuff currently :(
Did you try putting pkgs.openssl
to your packages
? How can we test quickly if puma has openssl?
@tsvallender how do you start puma? I'd like to write a test so we can make sure it works.
@domenkozar Apologies for the delay, I've been away. Yes, tried adding openssl
to packages to no avail.
This is a Rails project, I've been starting Puma with rails s
, Starting it directly with simply puma
has the same effect.
Happy to help and provide any further info I can.
@tsvallender I'm happy to debug this further if you can provide a minimal example to reproduce it, when I copied over devenv.nix
it just worked, so there's something else going on?