Ubuntu and debian troubleshooting brain dump

in the process of getting nix-shell working inside docker and ubuntu docker environments i stumbled across a few “gotchas” that are worth documenting somewhere

reference PR - debian and ubuntu docker builds and tests by thedavidmeister · Pull Request #63 · holochain/holonix · GitHub

i thought i’d braindump here for visibility to be ported somewhere more useful later

IMPORTANT docker is a totally fresh environment and adds restrictions/assumptions that usually do not apply to a “real” work machine which is why this doesn’t appear in the “quick start” guide (e.g. it’s normally pretty weird for someone to be using the root account…)

if it turns out that any of these steps are commonly tripping people up we should update those guides :slight_smile:

you must run the command printed at the end of the installation script

after the installer runs it will print out a command to run

if you don’t run it then you will get “not found” errors when you try to run nix-shell

if you forget then it will take effect next time you restart your computer, but can be confusing in the meantime


the debian and ubuntu dockers don’t even ship with basics commands like sudo, downloading and unzipping files

most people will have these installed if they have been using their machine longer than about 20 minutes, but here is the minimal apt-get for the dependencies nix-shell needs to install:

apt-get update && apt-get install -y curl sudo xz-utils

there is no harm in rerunning this if you already have these installed, so feel free to do so “just in case”

root is not supported

nix-shell does not support being installed as the root user on linux distros other than the official NixOS distro.

nobody should be using their machine as root for day to day tasks but it is worth making this clear (the installer will show errors if you try to install nix-shell as root).

this comes up for docker as there are no users other than root installed in a fresh docker box.

the ubuntu/debian dockerfiles in the linked PRs create and use a new user called docker to avoid installing under root.

to see what user you are currently logged in as run:

id -u -n

anything other than root is fine

the user installing nix-shell needs to be the one using it

there is an installation process for “multi user” nix-shell but all our instructions point towards the “single user” setup.

we expect that you are using the same user to install/run nix-shell.

the user installing nix-shell needs to be able to sudo

nix will sometimes need things done that require sudo access, i.e. the ability to temporarily act as though the user is root.

after installing the sudo command (see above) you can try running anything under sudo to see if that works for your user

sudo echo foo

should ask for your password then print foo to the terminal if you can use sudo

do NOT use sudo to run the nix-shell commands or the install script

nix-shell will automatically sudo if/when it needs to.

if you run sudo except when explicitly stated you can totally screw up the file permissions on your system and break things in ways that are difficult to undo.

this is the same for other package managers such as npm (e.g. running sudo npm install .. is very bad).

nix-shell is trying to create and manage fresh shell sessions for your user account so nothing should be happening that needs admin permissions.

(note that NixOS commands might need sudo but this is not relevant to ubuntu/debian)

you might need to setup the /nix folder manually with sudo

there are inconsistent installation instructions for nix-shell.

the “getting nix” page simply says to run the 1-liner - https://nixos.org/nix/download.html

curl https://nixos.org/nix/install | sh

the wiki has an extra step - Nix Installation Guide - NixOS Wiki

sudo install -d -m755 -o $(id -u) -g $(id -g) /nix
curl https://nixos.org/nix/install | sh

docker seems to need the extra step, but i’ve personally never seen anybody need it on a “real” machine

there would be no harm in running it “just in case” as far as i know

you might need to run nix-channel --update

the nix-shell for holonix will pin nixpkgs to a specific commit but nix might throw some warnings about wanting a $NIX_PATH set before it gets to that point

if you want to clean up the warning set the $NIX_PATH to something sensible like an official channel nixpkgs=channel:nixos-19.03 then run nix-channel --update

this also fixes any complaints about missing channels

export NIX_PATH=nixpkgs=nixpkgs=channel:nixos-19.03
nix-channel --update

as far as i know, not having this won’t break anything, it only throws a few warnings that trip up the circle CI pipelines (that are very sensitive to exit codes)

you might need to disable "sandbox"

if you start seeing cryptic errors about $srcs or missing files or “env” problems when nix-shell is building then you might need to disable sandbox

this is not necessarily needed for “real” ubuntu/debian (i have seen ubuntu working fine without it) but is required for the official docker builds to work

nix has a global configuration file at /etc/nix/nix.conf that will be automatically used if it exists

to disable sandbox for your machine:

mkdir -p /etc/nix && echo 'sandbox = false' > /etc/nix/nix.conf

you might need to add yourself to the nixbld group

i’m not so sure about this one… i did see errors/warnings about it at one point but it also could have been a symptom of an unrelated problem that i fixed elsewhere

i’ve never seen this issue outside of docker builds.

if you do see complaints from nix-shell about not being in the nixbld group during the initial install then create the group and add yourself to it

sudo addgroup --system nixbld
sudo adduser $(id -u -n) nixbld

you might need to manually set the $USER environment variable

normally this should be set automatically for you by the system

for some reason it is not set inside the official debian/ubuntu docker boxes

you can check the current value like:

echo $USER

which should be the same as:

id -u -n

we are manually adding it inside the Dockerfile but you might need to export it like:

export USER=$(id -u -n)

note that this only exports it for the current shell session so you might need to research a more permanent solution, e.g. add the above export command to your ~/.bash_profile file, or figure out why your system is failing to set it in the first place


CC: @dhtnetwork @artbrock @zippy

1 Like

Appreciate your proactive nature and keeping the community informed. These brain dumps are helpful and then perhaps we can repurpose it for other things. Thank you

Could any of these things explain this error:

/nix/store/hdgwgmgls2q0nccxnjpc81b3hwmmdzww-sim2h_server/bin/sim2h_server: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

Which happens when you try to run sim2h_server from holonix.
Building the server from source works but not the one from holonix. Even if you run it outside of nix-shell.
This is showing up from a few threads on this forum:

Happy to open an issue on holonix if it’s a bug.

@freesig i can’t reproduce the sim2h_server issue on develop

pretty sure i fixed all the above in https://github.com/holochain/holonix/commit/04a6f1a3818a69fbff3814ecd4fe766b96713d74

perhaps we need to do a new blessing to bring the fixes across

i tested both nix-shell --run sim2h_server and nix-env -f . -iA holochain.sim2h_server

Should “nix-shell https://holochain.love” work on Debian and Ubuntu now? I still get “hc 0.0.38-alpha14” on both operating systems.

@tggraner yes we haven’t blessed a newer release yet Holochain release "blessing"

1 Like

Thank you for a quick answer! Then I will return to this project when the new version has been blessed :slight_smile:

@tggraner i just posted an update over on the other thread, and linked to docs on how to get at newer versions if you want to try it out :+1:

1 Like