Skip to content

nix store delete: Show why deletion fails #13421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

nix store delete: Show why deletion fails #13421

wants to merge 7 commits into from
+57 −36

Conversation

edolstra
Copy link
Member

@edolstra edolstra commented Jul 4, 2025
edited by roberth
Loading

Motivation

This replaces the unhelpful error Cannot delete path '...' since it is still alive. To find out why, use: nix-store --query --roots and nix-store --query --referrers .

Examples:

error: Cannot delete path '/nix/store/6fcrjgfjip2ww3sx51rrmmghfsf60jvi-patchelf-0.14.3' 
  because it's referenced by the GC root '/home/eelco/Dev/nix-master/build/result'.
    
error: Cannot delete path '/nix/store/rn0qyn3kmky26xgpr2n10vr787g57lff-cowsay-3.8.4' 
  because it's referenced by the GC root '/proc/3600568/environ'.

error: Cannot delete path '/nix/store/klyng5rpdkwi5kbxkncy4gjwb490dlhb-foo.drv' 
  because it's in use by '{nix-process:3605324}'.

Context

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

@edolstra edolstra requested a review from Ericson2314 as a code owner July 4, 2025 15:34
@github-actions github-actions bot added the with-tests Issues related to testing. PRs with tests have some priority label Jul 4, 2025
roberth
roberth reviewed Jul 7, 2025
View reviewed changes
src/libstore/gc.cc
@@ -208,7 +208,7 @@ void LocalStore::findTempRoots(Roots & tempRoots, bool censor)
while ((end = contents.find((char) 0, pos)) != std::string::npos) {
Path root(contents, pos, end - pos);
debug("got temporary root '%s'", root);
tempRoots[parseStorePath(root)].emplace(censor ? censored : fmt("{temp:%d}", pid));
tempRoots[parseStorePath(root)].emplace(censor ? censored : fmt("{nix-process:%d}", pid));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The censoring is probably a good thing, but my imagination is lacking this morning. Did you have a threat in mind for this?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can reveal information about other user's processes (i.e. pid X has store path Y open).

However, since the Nix store is world-readable, I wouldn't mind getting rid of censoring altogether. It might make sense if we have store ACLs but right now it seems pointless.

src/libstore/daemon.cc
@@ -730,6 +730,7 @@ static void performOp(TunnelLogger * logger, ref<Store> store,
options.action = (GCOptions::GCAction) readInt(conn.from);
options.pathsToDelete = WorkerProto::Serialise<StorePathSet>::read(*store, rconn);
conn.from >> options.ignoreLiveness >> options.maxFreed;
options.censor = !trusted;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unlike binary allow/deny authorization, this kind of use of the trusted flag is not consistent with the removal of trust by an intermediate nix daemon (untrusted cli -> daemon connection in untrusted mode -> trusted daemon connection -> root).
The intermediate daemon can deny unauthorized operations, but it can not feasibly censor messages that are returned to the untrusted cli.

For this to work correctly, the intermediate daemon needs to be able to request a demotion, so that the trusted daemon can censor as needed.

@roberth roberth added store Issues and pull requests concerning the Nix store gc Store garbage collection and deletion labels Jul 7, 2025
@edolstra edolstra closed this Jul 7, 2025
@edolstra edolstra reopened this Jul 7, 2025
edolstra added 5 commits July 7, 2025 11:32
@edolstra
nix store delete: Give a more specific error message
1929d84
@edolstra
nix store delete: Show the first root that prevents deletion
59700c0 
Examples:

  error: Cannot delete path '/nix/store/6fcrjgfjip2ww3sx51rrmmghfsf60jvi-patchelf-0.14.3' because it's referenced by the GC root '/home/eelco/Dev/nix-master/build/result'.

  error: Cannot delete path '/nix/store/rn0qyn3kmky26xgpr2n10vr787g57lff-cowsay-3.8.4' because it's referenced by the GC root '/proc/3600568/environ'.
@edolstra
Don't censor root info for trusted users
774c4ba
@edolstra
Show which PID is causing a temp root
5b23885 
Example:

  error: Cannot delete path '/nix/store/klyng5rpdkwi5kbxkncy4gjwb490dlhb-foo.drv' because it's in use by Nix process '{nix-process:3605324}'.
@edolstra
Fix test
2059f72
@edolstra edolstra force-pushed the improve-nix-store-delete-errors branch from e541f5a to 2059f72 Compare July 7, 2025 09:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roberth roberth roberth left review comments

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314 Ericson2314 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
gc Store garbage collection and deletion store Issues and pull requests concerning the Nix store with-tests Issues related to testing. PRs with tests have some priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@edolstra @roberth