Failed to copy container. Digest did not match

[kvz]

Describe the bug
I'm trying to copy my container to AWS ECR from my Linux X64 CI server, but hitting the following issue. Failed to copy container. Digest did not match.

To reproduce

  # also tried with `--system x86_64-linux`, does not make a difference
  devenv container build processes

  # ecr login
  aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123123123123.dkr.ecr.us-east-1.amazonaws.com
  # ecr create repository
  if ! aws ecr describe-repositories --repository-names processes --region us-east-1; then
    aws ecr create-repository --repository-name processes --region us-east-1
  fi
  # ecr push. also tried with `--copy-args="--preserve-digests"`. does not make a difference
  devenv container \
    --registry docker://123123123123.dkr.ecr.us-east-1.amazonaws.com/ \
  copy processes

Output:

• Building processes container ...
• Using Cachix: devenv

/nix/store/31g4rq1p6spmihc95qm3qc2iy8w7hm5b-image-processes.json
✔ Building processes container in 2.2s.
• Copying processes container ...• Running /nix/store/g96s72rwnk3vdkqnvd5wmkmnrmk0z9sk-copy-container /nix/store/31g4rq1p6spmihc95qm3qc2iy8w7hm5b-image-processes.json docker://123123123123.dkr.ecr.us-east-1.amazonaws.com/ --preserve-digests

Copying container /nix/store/31g4rq1p6spmihc95qm3qc2iy8w7hm5b-image-processes.json to docker://123123123123.dkr.ecr.us-east-1.amazonaws.com/processes:latest

Getting image source signatures
Copying blob sha256:67eb02cf19ceef2d35b6a7373359a5f7ede6f478e59ef55ef0688be70b03[97](https://github.com/transloadit/api2/actions/runs/8615325344/job/23610670898#step:6:98)d2
Copying blob sha256:2ac708344cd9024282848c53dbd92614463d4ce574312949cd43f09ff92e8e85
time="2024-04-09T12:10:47Z" level=fatal msg="writing blob: Patch \"https://123123123123.dkr.ecr.us-east-1.amazonaws.com/v2/processes/blobs/uploads/27a9a11e-ad6e-46cb-92fe-56617689e652\": happened during read: Digest did not match, expected sha256:67eb02cf19ceef2d35b6a7373359a5f7ede6f478e59ef55ef0688be70b0397d2, got sha256:8b155f8b3b4bca1f56a387a409238782eb8578fa86fe57df5a9d4961cb13a6d2"

✔ Copying processes container in 70.3s.
Error:   × Failed to copy container

Version

• While developing (locally): devenv 1.0.3 (aarch64-darwin)
• While building (CI): devenv 1.0.3 (x86_64-linux)

Not sure what to do next 🤔 any idea?

[kvz]

Extra datapoint, I just tried to push the container locally (on linux ARM for linux ARM, as opposed to X64 earlier), and pushing to the GitHub Container Registry (as opposed to ECR earlier), and the error is the same. So I guess that puts the suspicion on non-architecture/registry things.

[kvz]

It also happens just when running, not just copying:

vagrant at vbox@local-vagrantisp in /srv/current/crm on api2/vbox#00000 
$ devenv container run processes
• Building processes container ...
• Using Cachix: devenv
warning: Ignoring setting 'auto-allocate-uids' because experimental feature 'auto-allocate-uids' is not enabled
warning: Ignoring setting 'impure-env' because experimental feature 'configurable-impure-env' is not enabled
/nix/store/x2pavkjn8n0c3jqmdiizldyd399i9gdc-image-processes.json
✔ Building processes container in 35.4s.
• Running /nix/store/wr98nrk2xwqln5lgg5qln83zagk15006-copy-container /nix/store/x2pavkjn8n0c3jqmdiizldyd399i9gdc-image-processes.json docker-daemon: 

Copying container /nix/store/x2pavkjn8n0c3jqmdiizldyd399i9gdc-image-processes.json to docker-daemon:processes:latest

Getting image source signatures
Copying blob 3e07a34a1ca1 done   | 
Copying blob 0fb47a54c2cb [=====================================>] 1.6GiB / 1.6GiB | 643.9 MiB/s
FATA[0003] writing blob: writing to temporary on-disk layer: happened during read: Digest did not match, expected sha256:0fb47a54c2cb3ce900976003c42db74ebb24fbf9bfefd458c0a7d2cd5f15a1f3, got sha256:d2e783b2eeb88149765f06c6dff4dfc85b84db7b335484c7d73b519ff748cf2c 
✔ Copying processes container in 17.0s.
Error:   × Failed to copy container

My devenv.nix

# - https://shyim.me/blog/devenv-compose-developer-environment-for-php-with-nix/
# - https://github.com/cachix/devenv/blob/main/src/modules/languages/php.nix
{ pkgs, config, lib, ... }:

let
  domain = "localhost";
  app = "webapi";
  dataDir = "/srv/current/crm/webroot";

  crmEnv = {
    MYSQL_GLOBAL_DBNM = "transloadit";
    MYSQL_GLOBAL_HOST = "localhost";
    MYSQL_GLOBAL_PORT = "3306";
    MYSQL_GLOBAL_USER = "root";
    MYSQL_GLOBAL_PASSWORD = "root";
    APP_NAME="crm";
  };
in {
  # https://devenv.sh/basics/
  env.GREET = "devenv";

  # https://devenv.sh/packages/
  packages = [
    pkgs.htop
  ];

  # https://devenv.sh/scripts/
  scripts.hello.exec = "echo hello from $GREET";

  # https://devenv.sh/services/
  services.mysql.enable = true;
  services.mysql.package = pkgs.mysql80;
  services.mysql.initialDatabases = [{ name = crmEnv.MYSQL_GLOBAL_DBNM; }];
  services.mysql.ensureUsers = [
    {
      name = crmEnv.MYSQL_GLOBAL_USER;
      password = crmEnv.MYSQL_GLOBAL_PASSWORD;
      ensurePermissions = { "${crmEnv.MYSQL_GLOBAL_DBNM}.*" = "ALL PRIVILEGES"; };
    }
  ];

  # https://devenv.sh/languages/
  languages.typescript.enable = true;
  languages.php = {
    enable = true;
    version = "7.4";
    ini = ''
      memory_limit = 256M
    '';

    fpm.pools.${app} = {
      settings = {
        "pm" = "dynamic";
        "pm.max_children" = 5;
        "pm.start_servers" = 2;
        "pm.min_spare_servers" = 1;
        "pm.max_spare_servers" = 5;
        "php_admin_value[error_log]" = "stderr";
        "php_admin_flag[log_errors]" = true;
        "catch_workers_output" = true;
        "env[MYSQL_GLOBAL_DBNM]" = crmEnv.MYSQL_GLOBAL_DBNM;
        "env[MYSQL_GLOBAL_HOST]" = crmEnv.MYSQL_GLOBAL_HOST;
        "env[MYSQL_GLOBAL_PORT]" = crmEnv.MYSQL_GLOBAL_PORT;
        "env[MYSQL_GLOBAL_USER]" = crmEnv.MYSQL_GLOBAL_USER;
        "env[MYSQL_GLOBAL_PASSWORD]" = crmEnv.MYSQL_GLOBAL_PASSWORD;
        "env[APP_NAME]" = crmEnv.APP_NAME;
      };
    };
  };

  services.nginx = {
    enable = true;
    httpConfig = ''
      server {
        listen 1113;
        server_name ${domain};
        root ${dataDir};
        index index.php index.html index.htm;
        location / {
          try_files $uri $uri/ /index.php?$query_string;
        }
        location ~ \.php$ {
          include ${pkgs.nginx}/conf/fastcgi_params;
          fastcgi_pass unix:${config.languages.php.fpm.pools.${app}.socket};
          fastcgi_index index.php;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        }
      }
    '';
  };
}

[ento]

There's a similar issue about mismatched digest in the context of devenv reported in nix2container's repo: nlewo/nix2container#127

[domenkozar]

The fix has hit Nix, now we're verifying if it fixes the issue in nlewo/nix2container#127 (comment)

[domenkozar]

Does this now work with Nix 2.22.1?

[sandydoo]

@domenkozar, bumped nix-daemon from ~2.20 to 2.22.1. No more digest errors on aarch64-linux.

[dominicf2001]

@domenkozar

I am having this issue on nix version 2.21.2

My client and store versions are the same. And I tried doing garbage collection in case my store was still messed up from when I was trying on nix version 2.18.

My devenv.nix:

{ pkgs, ... }:

{
  packages = [ pkgs.nodejs pkgs.libuuid ];

  env = { LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath [ pkgs.libuuid ]; };

  services.postgres = {
    enable = true;
    package = pkgs.postgresql_16;
    initialDatabases = [{ name = "merchant"; }];
  };

  languages.typescript.enable = true;
}

Output:

[dominicf@desktop:~/Development/merchant]$ sudo devenv container run shell
[sudo] password for dominicf:
• Building shell container ...
• Using Cachix: devenv
warning: Ignoring setting 'auto-allocate-uids' because experimental feature 'auto-allocate-uids' is not enabled
warning: Ignoring setting 'impure-env' because experimental feature 'configurable-impure-env' is not enabled
/nix/store/diqax8qdjkwi2aklfrk8bmljmycrdaj8-image-shell.json
✔ Building shell container in 3.1s.
• Running /nix/store/vpphrbqh2ailvjngf26f5cmv0rfjp67a-copy-container /nix/store/diqax8qdjkwi2aklfrk8bmljmycrdaj8-image-shell.json docker-daemon:

Copying container /nix/store/diqax8qdjkwi2aklfrk8bmljmycrdaj8-image-shell.json to docker-daemon:shell:latest

Getting image source signatures
Copying blob 5c2cdcb584de done   |
Copying blob 7e0b1b8a6909 [=====================================>] 860.1MiB / 860.1MiB | 59.8 MiB/s
FATA[0001] writing blob: writing to temporary on-disk layer: happened during read: Digest did not match, expected sha256:7e0b1b8a69090ef6b8ccf75e6e0b801b0c9778e8558d2d8beb7ea08e053197ac, got sha256:6c644d20a79e336af09d65a1b50f10df408946d81a04b02a82fe1c20b37ec1bf
✔ Copying shell container in 2.1s.
Error:   × Failed to copy container

[icetan]

Using @dominicf2001's devenv.nix with:

$ nix --version
nix (Nix) 2.22.1
$ nix store info
Store URL: local
Version: 2.22.1
Trusted: 1
$ devenv version
devenv 1.0.6 (x86_64-linux)

I get:

$ devenv container run shell
• Building shell container ...
• Using Cachix: devenv
warning: Ignoring setting 'auto-allocate-uids' because experimental feature 'auto-allocate-uids' is not enabled
warning: Ignoring setting 'impure-env' because experimental feature 'configurable-impure-env' is not enabled
/nix/store/yhxsdirmgzrj06vm6m3y6np66vs8yk5h-image-shell.json
✔ Building shell container in 10.6s.
• Running /nix/store/vpphrbqh2ailvjngf26f5cmv0rfjp67a-copy-container /nix/store/yhxsdirmgzrj06vm6m3y6np66vs8yk5h-image-shell.json docker-daemon:

Copying container /nix/store/yhxsdirmgzrj06vm6m3y6np66vs8yk5h-image-shell.json to docker-daemon:shell:latest

Getting image source signatures
Copying blob dda0861ac936 done   |
Copying blob 06503120c792 [=====================================>] 858.2MiB / 858.2MiB | 31.7 MiB/s
FATA[0001] writing blob: writing to temporary on-disk layer: happened during read: Digest did not match, expected sha256:06503120c7925471ff9286b081e377d74fd5711811077ae02536af092c4239f2, got sha256:d12f14ddd6675f51425c3108181aca65514a79287acee16b4e65e9b3c8cfd4e7
✔ Copying shell container in 2.3s.
Error:   × Failed to copy container

If you want to look at my devenv.lock.

[domenkozar]

The question is if the existing store paths were built with an older version of nixpkgs.

Maybe you can set github:NixOS/nixpkgs as nixpkgs input and see if it happens again?

[icetan]

Maybe you can set github:NixOS/nixpkgs as nixpkgs input and see if it happens again?

@domenkozar I updated my devenv.yaml and ran devenv update, is that what you mean?

inputs:
  nix2container:
    url: github:nlewo/nix2container
    inputs:
      nixpkgs:
        follows: nixpkgs
  mk-shell-bin:
    url: github:rrbutani/nix-mk-shell-bin
  nixpkgs:
    url: github:NixOS/nixpkgs
    # url: github:cachix/devenv-nixpkgs/rolling

I still get:

$ devenv container run shell
• Building shell container ...
• Using Cachix: devenv
/nix/store/sqxr5ds2av7d8dbffwai5rzcv4h69b9h-image-shell.json
✔ Building shell container in 4.8s.
• Running /nix/store/xi7ya5sw6ijcpxssccawahwl4bah973h-copy-container /nix/store/sqxr5ds2av7d8dbffwai5rzcv4h69b9h-image-shell.json docker-daemon:

Copying container /nix/store/sqxr5ds2av7d8dbffwai5rzcv4h69b9h-image-shell.json to docker-daemon:shell:latest

Getting image source signatures
Copying blob 1c8d5976f3d3 done   |
Copying blob 5396b876febe [=====================================>] 513.9MiB / 514.0MiB | 24.8 MiB/s
FATA[0001] writing blob: writing to temporary on-disk layer: happened during read: Digest did not match, expected sha256:5396b876febe506f54a7f34ac7e3260d7333e14c464bc5db9ea9daac6fdf5935, got sha256:e7dc799704e892a9fec42ae09ec0768c0a3d77b7a01cd8bb1307b2195bc01d1c
✔ Copying shell container in 1.8s.
Error:   × Failed to copy container

The new devenv.lock.

[dominicf2001]

I also attempted what @icetan did. I had the same output

[sandydoo]

I am having this issue on nix version 2.21.2

@dominicf2001, you need to be on 2.22.1+.

@icetan, could you try nix-store --delete /nix/store/sqxr5ds2av7d8dbffwai5rzcv4h69b9h-image-shell.json and then a devenv gc? Maybe delete the .devenv folder beforehand as well.

Running the above example on 2.21.2 and then on 2.22.2:

sandydoo in 🌐 nixos in cachix/scratch/de-1114
➜ nix store info
Store URL: daemon
Version: 2.21.2
Trusted: 1

sandydoo in 🌐 nixos in cachix/scratch/de-1114 took 21s
➜ devenv container run shell
• Building shell container ...
• Using Cachix: devenv
/nix/store/bcxzzj2s4adk7a4wazb53vbsk9f4fgv0-image-shell.json
✔ Building shell container in 50.2s.
• Running /nix/store/b3wcrsxn7r38jvhld65qns16jrhfr1cg-copy-container /nix/store/bcxzzj2s4adk7a4wazb53vbsk9f4fgv0-image-shell.json docker-daemon:

Copying container /nix/store/bcxzzj2s4adk7a4wazb53vbsk9f4fgv0-image-shell.json to docker-daemon:shell:latest

Getting image source signatures
Copying blob 1c5b29214fef done   |
Copying blob e09578c894e5 [=================================>] 705.4MiB / 705.4MiB | 40.0 MiB/s
FATA[0003] writing blob: writing to temporary on-disk layer: happened during read: Digest did not match, expected sha256:e09578c894e5badbfa100c0ac1ff7fd8655a57dac6f18d0c3b2fa3f56861181c, got sha256:86f04dde08dfa4e9c7bf0a342036baa913e2f1330af55b5aa22b20184703e5ec
✔ Copying shell container in 47.3s.
Error:   × Failed to copy container

sandydoo in 🌐 nixos in cachix/scratch/de-1114 took 1m37s
❯ nix store info
Store URL: daemon
Version: 2.22.1
Trusted: 1

sandydoo in 🌐 nixos in cachix/scratch/de-1114
➜ devenv container run shell
• Building shell container ...
• Using Cachix: devenv
/nix/store/igqhic4x61wl9sc4yw89w426qc315ra0-image-shell.json
✔ Building shell container in 16.9s.
• Running /nix/store/b3wcrsxn7r38jvhld65qns16jrhfr1cg-copy-container /nix/store/igqhic4x61wl9sc4yw89w426qc315ra0-image-shell.json docker-daemon:

Copying container /nix/store/igqhic4x61wl9sc4yw89w426qc315ra0-image-shell.json to docker-daemon:shell:latest

Getting image source signatures
Copying blob 1c5b29214fef done   |
Copying blob 698d3977751c done   |
Copying config 79c26a21e4 done   |
Writing manifest to image destination
✔ Copying shell container in 13.2s.
✨ devenv 1.0.6 is newer than devenv input in devenv.lock. Run `devenv update` to sync.
hello from devenv
git version 2.44.1
bash-5.2$

[icetan]

@icetan, could you try nix-store --delete /nix/store/sqxr5ds2av7d8dbffwai5rzcv4h69b9h-image-shell.json and then a devenv gc? Maybe delete the .devenv folder beforehand as well.

@sandydoo Thanks, but I already tried this and I get same result every time :(. I even deleted all .devenv I could find and did a nix-collect-garbage -d.

I've installed nix with --no-daemon on archlinux, not sure if that could make a difference?

[sandydoo]

devenv also stores roots in $HOME/.devenv/gc. Could try nuking that as well.

[icetan]

devenv also stores roots in $HOME/.devenv/gc. Could try nuking that as well.

I don't have ~/.devenv :/

[sandydoo]

Maybe ~/.local/share/devenv?

[icetan]

Maybe ~/.local/share/devenv?

Tried that too. Could it be my docker version or something?

$ docker version
Client:
 Version:           26.1.4
 API version:       1.45
 Go version:        go1.22.3
 Git commit:        5650f9b102
 Built:             Thu Jun  6 18:42:55 2024
 OS/Arch:           linux/amd64
 Context:           default

Server:
 Engine:
  Version:          26.1.4
  API version:      1.45 (minimum version 1.24)
  Go version:       go1.22.3
  Git commit:       de5c9cf0b9
  Built:            Thu Jun  6 18:42:55 2024
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.7.18
  GitCommit:        ae71819c4f5e67bb4d5ae76a6b735f29cc25774e.m
 runc:
  Version:          1.1.12
  GitCommit:
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

[icetan]

An update, I have some progress using nix-user-chroot:

$ nix-user-chroot ./nix sh
sh-5.2$ sh <(curl -L https://nixos.org/nix/install) --no-daemon
...
sh-5.2$ nix --version
nix (Nix) 2.23.0
sh-5.2$ nix run nixpkgs#devenv -- container run shell
• Building shell container ...
• Using Cachix: devenv
/nix/store/rgyzbqa8zbbp64hfdjxssjgppl2ycx8r-image-shell.json
✔ Building shell container in 45.6s.
• Running /nix/store/p8gzwjhc59g0f9qkg9lrka99awa03p75-copy-container /nix/store/rgyzbqa8zbbp64hfdjxssjgppl2ycx8r-image-shell.json docker-daemon:

Copying container /nix/store/rgyzbqa8zbbp64hfdjxssjgppl2ycx8r-image-shell.json to docker-daemon:shell:latest

Getting image source signatures
Copying blob 4662b570e3c2 done   |
Copying blob 6bf9cbf2175a done   |
Copying config cc2d7b6dba done   |
Writing manifest to image destination
✔ Copying shell container in 80.3s.
✨ devenv 1.0.6 is newer than devenv input in devenv.lock. Run `devenv update` to sync.

Maybe nuking my /nix/store is my only option :/

[icetan]

Ok, so nuked the nix store and reinstalled nix... still nope :( I must be missing something fundamental?

$ sudo rm -rf /nix
$ sh <(curl -L https://nixos.org/nix/install) --no-daemon
$ nix profile install nixpkgs#devenv
$ devenv version
devenv 1.0.6 (x86_64-linux)
$ nix --version
nix (Nix) 2.23.0
$ nix store info
Store URL: local
Version: 2.23.0
Trusted: 1
$ devenv container run shell
• Building shell container ...
• Using Cachix: devenv
/nix/store/zka38c0ii3pz2yxfd5y49znrki9naqgl-image-shell.json
✔ Building shell container in 5.4s.
• Running /nix/store/vpphrbqh2ailvjngf26f5cmv0rfjp67a-copy-container /nix/store/zka38c0ii3pz2yxfd5y49znrki9naqgl-image-shell.json docker-daemon:

Copying container /nix/store/zka38c0ii3pz2yxfd5y49znrki9naqgl-image-shell.json to docker-daemon:shell:latest

Getting image source signatures
Copying blob e3f06d1393b0 done   |
Copying blob 42c07c59370a [=====================================>] 824.0MiB / 824.0MiB | 54.5 MiB/s
FATA[0001] writing blob: writing to temporary on-disk layer: happened during read: Digest did not match, expected sha256:42c07c59370ad36d9accf69108110516c75a7d509413ac33097e6b138b26e0f1, got sha256:03ee86ae59686891562156a7ee8f7696a613e1b01d4e0046d87353cfca0c41c8
✔ Copying shell container in 2.3s.
Error:   × Failed to copy container

[sandydoo]

Huh! Well, the only thing that stands out from all of this is Nix running in single-user mode. But that would seem an unlikely culprit...

[icetan]

Huh! Well, the only thing that stands out from all of this is Nix running in single-user mode. But that would seem an unlikely culprit...

Was thinking about that too, but it worked in single-user mode when in nix-user-chroot so don't know what to think now :/

[icetan]

Following the Getting started for nix2container works fine. Looking at my devenv.lock and the flake.lock for my nix2container test project, the version of nix2container in them is the same.

{
  inputs.nix2container.url = "github:nlewo/nix2container";

  outputs = { self, nixpkgs, nix2container }: let
    pkgs = import nixpkgs { system = "x86_64-linux"; };
    nix2containerPkgs = nix2container.packages.x86_64-linux;
  in {
    packages.x86_64-linux.hello = nix2containerPkgs.nix2container.buildImage {
      name = "hello";
      config = {
        entrypoint = ["${pkgs.hello}/bin/hello"];
      };
    };
  };
}

Then:

$ nix run .#hello.copyToDockerDaemon
Copy to Docker daemon image hello:2rzisqzpc632xnx1s9wh0drmspc9q14s
Getting image source signatures
Copying blob f67eda9b2edf done   |
Copying config 5c010777e9 done   |
Writing manifest to image destination
$ docker run hello:2rzisqzpc632xnx1s9wh0drmspc9q14s
Hello, world!

[icetan]

I inspected the devenv source for the container command and ran the nix commands manually:

$ devenv build containers.shell.derivation
• Using Cachix: devenv
$ readlink ./result
/nix/store/v321n79a397nbhpz48saq2yi5fy6fd02-image-shell.json
$ devenv build containers.shell.copyScript
• Using Cachix: devenv
$ bash -c 'set -x; source ./result /nix/store/v321n79a397nbhpz48saq2yi5fy6fd02-image-shell.json false'
+ source ./result /nix/store/v321n79a397nbhpz48saq2yi5fy6fd02-image-shell.json false
++ set -e -o pipefail
++ container=/nix/store/v321n79a397nbhpz48saq2yi5fy6fd02-image-shell.json
++ shift
++ [[ false == false ]]
++ registry=docker-daemon:
++ shift
++ dest=docker-daemon:shell:latest
++ [[ 0 == 0 ]]
++ args=()
++ echo

++ echo 'Copying container /nix/store/v321n79a397nbhpz48saq2yi5fy6fd02-image-shell.json to docker-daemon:shell:latest'
Copying container /nix/store/v321n79a397nbhpz48saq2yi5fy6fd02-image-shell.json to docker-daemon:shell:latest
++ echo

++ /nix/store/gbawqyvbf0iq8wzca36mkh51vmxwhay2-skopeo-1.15.0/bin/skopeo --insecure-policy copy nix:/nix/store/v321n79a397nbhpz48saq2yi5fy6fd02-image-shell.json docker-daemon:shell:latest
Getting image source signatures
Copying blob 41d29428daaa done   |
Copying blob f434668d7c45 [=====================================>] 511.4MiB / 511.4MiB | 20.7 MiB/s
FATA[0002] writing blob: writing to temporary on-disk layer: happened during read: Digest did not match, expected sha256:f434668d7c45b286ca676ec1c3a8f4e6796c7b3342f52efc76e954e65c5f3ab0, got sha256:f1e19fd8af0f240b40a5cfb22b89d6504e81e818cf2df4dd334f7d2c10c84b96

[icetan]

Also got this error at some point:

Error:   × Command `/nix/store/v29lakrmjm66797m9pb1s96pqmz9dkaz-nix-devenv-2.21.0pre20240412_b24a931/bin/nix --show-trace --extra-experimental-
  │ features nix-command --extra-experimental-features flakes --option warn-dirty false --option eval-cache false --keep-going --max-jobs 8 build
  │ #.devenv.containers.processes.derivation.reproducable --option extra-substituters https://devenv.cachix.org --option extra-trusted-public-keys
  │ devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=` failed with with exit code 1

devenv is using a patched nix version 2.21.0 under the hood. Maybe because I'm using nix in single-user mode and I don't have a nix-daemon running with an updated version I'm running in to problems.

Is it possible to bump the nix-devenv version? I tried exporting DEVENV_NIX but it didn't take.

[domenkozar]

Ah, single mode! I'm going to bump Nix to also fix #1137, so hang tight!

[icetan]

@domenkozar Thanks!
I made a PR domenkozar/nix#1 with this fix NixOS/nix#10456 to backport the fix to devenv-nix 2.21.

It fixed the issue for me, so at least we know what the issue is now :)

[icetan]

@dominicf2001 If you want to try out the fix you can install devenv with:

nix profile install github:cachix/devenv --override-input nix github:icetan/nix/devenv-2.21

[dominicf2001]

@dominicf2001 If you want to try out the fix you can install devenv with:

nix profile install github:cachix/devenv --override-input nix github:icetan/nix/devenv-2.21

Thanks a bunch! It works!