systemd-tmpfiles-setup-dev.service: Failed to set up credentials: Protocol error

[GuillaumeDesforges]

Bug description

Rebuilding my configuration does not fail, but systemd is not happy.

$ sudo nixos-rebuild switch --flake path:.
building the system configuration...
activating the configuration...
Copying /usr/share/applications
Copying /usr/share/icons
setting up /etc...
setting up /bin...
reloading user units for gdforj...
setting up tmpfiles
warning: the following units failed: systemd-sysctl.service, systemd-tmpfiles-setup-dev.service

× systemd-sysctl.service - Apply Kernel Variables
     Loaded: loaded (/etc/systemd/system/systemd-sysctl.service; enabled; preset: enabled)
    Drop-In: /nix/store/6kph7z01rwc96sxnl0a5w3n5xzl3syq6-system-units/systemd-sysctl.service.d
             └─overrides.conf
     Active: failed (Result: exit-code) since Mon 2022-12-19 18:27:43 CET; 309ms ago
   Duration: 3min 23.960s
       Docs: man:systemd-sysctl.service(8)
             man:sysctl.d(5)
    Process: 27705 ExecStart=/nix/store/9rjdvhq7hnzwwhib8na2gmllsrh671xg-systemd-252.1/lib/systemd/systemd-sysctl (code=exited, status=243/CREDENTIALS)
   Main PID: 27705 (code=exited, status=243/CREDENTIALS)
         IP: 0B in, 0B out

Dec 19 18:27:43 kaguya systemd[1]: Starting Apply Kernel Variables...
Dec 19 18:27:43 kaguya systemd[27705]: systemd-sysctl.service: Failed to set up credentials: Protocol error
Dec 19 18:27:43 kaguya systemd[27705]: systemd-sysctl.service: Failed at step CREDENTIALS spawning /nix/store/9rjdvhq7hnzwwhib8na2gmllsrh671xg-systemd-252.1/lib/systemd/systemd-sysctl: Protocol error
Dec 19 18:27:43 kaguya systemd[1]: systemd-sysctl.service: Main process exited, code=exited, status=243/CREDENTIALS
Dec 19 18:27:43 kaguya systemd[1]: systemd-sysctl.service: Failed with result 'exit-code'.
Dec 19 18:27:43 kaguya systemd[1]: Failed to start Apply Kernel Variables.

× systemd-tmpfiles-setup-dev.service - Create Static Device Nodes in /dev
     Loaded: loaded (/etc/systemd/system/systemd-tmpfiles-setup-dev.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Mon 2022-12-19 18:27:43 CET; 310ms ago
   Duration: 3min 23.961s
       Docs: man:tmpfiles.d(5)
             man:systemd-tmpfiles(8)
    Process: 27707 ExecStart=systemd-tmpfiles --prefix=/dev --create --boot (code=exited, status=243/CREDENTIALS)
   Main PID: 27707 (code=exited, status=243/CREDENTIALS)
         IP: 0B in, 0B out

Dec 19 18:27:43 kaguya systemd[1]: Starting Create Static Device Nodes in /dev...
Dec 19 18:27:43 kaguya systemd[27707]: systemd-tmpfiles-setup-dev.service: Failed to set up credentials: Protocol error
Dec 19 18:27:43 kaguya systemd[27707]: systemd-tmpfiles-setup-dev.service: Failed at step CREDENTIALS spawning systemd-tmpfiles: Protocol error
Dec 19 18:27:43 kaguya systemd[1]: systemd-tmpfiles-setup-dev.service: Main process exited, code=exited, status=243/CREDENTIALS
Dec 19 18:27:43 kaguya systemd[1]: systemd-tmpfiles-setup-dev.service: Failed with result 'exit-code'.
Dec 19 18:27:43 kaguya systemd[1]: Failed to start Create Static Device Nodes in /dev.
warning: error(s) occurred while switching to the new configuration

To Reproduce

I used this configuration:

{ inputs, config, pkgs, ... }:

{
  imports = [
    inputs.nixos-wsl.nixosModules.wsl
    inputs.home-manager.nixosModules.home-manager
    ../../users/gdforj/configuration.nix
  ];

  # hostname
  networking.hostName = "kaguya";

  # WSL
  wsl = {
    enable = true;
    wslConf.automount.root = "/mnt";
    defaultUser = "gdforj";
    startMenuLaunchers = true;

    # Enable integration with Docker Desktop (needs to be installed)
    docker-desktop.enable = true;
  };

  # set Nix config
  nix = {
    registry.nixpkgs.flake = inputs.nixpkgs;
    package = pkgs.nixUnstable;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
    settings.trusted-users = ["gdforj"];
  };
  nixpkgs.config = {
    allowUnfree = true;
    cudaSupport = true;
  };

  # lang/region/keymap
  console = {
    font = "Lat2-Terminus16";
    keyMap = "fr";
  };
  i18n = {
    defaultLocale = "en_US.UTF-8";
  };
  time.timeZone = "Europe/Paris";

  # TODO refactor
  home-manager.users.gdforj.home.sessionVariables = {
    DISPLAY=":0";
    GDK_DPI_SCALE="1.5";
  };

  system.stateVersion = "22.11";
}

with inputs:

Inputs:
├───agenix: github:ryantm/agenix/a630400067c6d03c9b3e0455347dc8559db14288
│   └───nixpkgs: github:NixOS/nixpkgs/4428e23312933a196724da2df7ab78eb5e67a88e
├───flake-utils: github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f
├───home-manager: github:rycee/home-manager/e7eba9cc46547ae86642ad3c6a9a4fb22c07bc26
│   ├───nixpkgs follows input 'nixpkgs'
│   └───utils: github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f
├───nixos-wsl: github:nix-community/NixOS-WSL/fab2833c091e059fd75e0c2cd570279500e76351
│   ├───flake-compat: github:edolstra/flake-compat/009399224d5e398d03b22badca40a37ac85412a1
│   ├───flake-utils: github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f
│   └───nixpkgs follows input 'nixpkgs'
└───nixpkgs: github:nixos/nixpkgs/3ff39f984faa5f528f7ac5e548110d4e20327aa1

[GuillaumeDesforges]

Seems related to microsoft/WSL#9158

[GuillaumeDesforges]

This seems to be the main issue: microsoft/WSL#9158 (comment)

/tmp/.X11-unix is now read-only

[GuillaumeDesforges]

I'm getting even more errors now

warning: the following units failed: systemd-sysctl.service, systemd-tmpfiles-setup-dev.service, systemd-tmpfiles-setup.service

× systemd-sysctl.service - Apply Kernel Variables
     Loaded: loaded (/etc/systemd/system/systemd-sysctl.service; enabled; preset: enabled)
    Drop-In: /nix/store/xhm370kb6avj18160b3a81ssg78chwha-system-units/systemd-sysctl.service.d
             └─overrides.conf
     Active: failed (Result: exit-code) since Tue 2022-12-20 22:04:15 CET; 546ms ago
       Docs: man:systemd-sysctl.service(8)
             man:sysctl.d(5)
    Process: 19732 ExecStart=/nix/store/9rjdvhq7hnzwwhib8na2gmllsrh671xg-systemd-252.1/lib/systemd/systemd-sysctl (code=exited, status=243/CREDENTIALS)
   Main PID: 19732 (code=exited, status=243/CREDENTIALS)
         IP: 0B in, 0B out

Dec 20 22:04:15 kaguya systemd[1]: Starting Apply Kernel Variables...
Dec 20 22:04:15 kaguya systemd[19732]: systemd-sysctl.service: Failed to set up credentials: Protocol error
Dec 20 22:04:15 kaguya systemd[19732]: systemd-sysctl.service: Failed at step CREDENTIALS spawning /nix/store/9rjdvhq7hnzwwhib8na2gmllsrh671xg-systemd-252.1/lib/systemd/systemd-sysctl: Protocol error
Dec 20 22:04:15 kaguya systemd[1]: systemd-sysctl.service: Main process exited, code=exited, status=243/CREDENTIALS
Dec 20 22:04:15 kaguya systemd[1]: systemd-sysctl.service: Failed with result 'exit-code'.
Dec 20 22:04:15 kaguya systemd[1]: Failed to start Apply Kernel Variables.

× systemd-tmpfiles-setup-dev.service - Create Static Device Nodes in /dev
     Loaded: loaded (/etc/systemd/system/systemd-tmpfiles-setup-dev.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2022-12-20 22:04:15 CET; 548ms ago
       Docs: man:tmpfiles.d(5)
             man:systemd-tmpfiles(8)
    Process: 19735 ExecStart=systemd-tmpfiles --prefix=/dev --create --boot (code=exited, status=243/CREDENTIALS)
   Main PID: 19735 (code=exited, status=243/CREDENTIALS)
         IP: 0B in, 0B out

Dec 20 22:04:15 kaguya systemd[1]: Starting Create Static Device Nodes in /dev...
Dec 20 22:04:15 kaguya systemd[19735]: systemd-tmpfiles-setup-dev.service: Failed to set up credentials: Protocol error
Dec 20 22:04:15 kaguya systemd[19735]: systemd-tmpfiles-setup-dev.service: Failed at step CREDENTIALS spawning systemd-tmpfiles: Protocol error
Dec 20 22:04:15 kaguya systemd[1]: systemd-tmpfiles-setup-dev.service: Main process exited, code=exited, status=243/CREDENTIALS
Dec 20 22:04:15 kaguya systemd[1]: systemd-tmpfiles-setup-dev.service: Failed with result 'exit-code'.
Dec 20 22:04:15 kaguya systemd[1]: Failed to start Create Static Device Nodes in /dev.

× systemd-tmpfiles-setup.service - Create Volatile Files and Directories
     Loaded: loaded (/etc/systemd/system/systemd-tmpfiles-setup.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Tue 2022-12-20 22:04:15 CET; 549ms ago
       Docs: man:tmpfiles.d(5)
             man:systemd-tmpfiles(8)
    Process: 19737 ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=243/CREDENTIALS)
   Main PID: 19737 (code=exited, status=243/CREDENTIALS)
         IP: 0B in, 0B out

Dec 20 22:04:15 kaguya systemd[1]: Starting Create Volatile Files and Directories...
Dec 20 22:04:15 kaguya systemd[19737]: systemd-tmpfiles-setup.service: Failed to set up credentials: Protocol error
Dec 20 22:04:15 kaguya systemd[19737]: systemd-tmpfiles-setup.service: Failed at step CREDENTIALS spawning systemd-tmpfiles: Protocol error
Dec 20 22:04:15 kaguya systemd[1]: systemd-tmpfiles-setup.service: Main process exited, code=exited, status=243/CREDENTIALS
Dec 20 22:04:15 kaguya systemd[1]: systemd-tmpfiles-setup.service: Failed with result 'exit-code'.
Dec 20 22:04:15 kaguya systemd[1]: Failed to start Create Volatile Files and Directories.
warning: error(s) occurred while switching to the new configuration

[GuillaumeDesforges]

I fixed it using the fix from microsoft/WSL#8996 (comment)

In my configuration module, I inserted

  systemd.services.nixs-wsl-systemd-fix = {
    description = "Fix the /dev/shm symlink to be a mount";
    unitConfig = {
      DefaultDependencies = "no";
      Before = [ "sysinit.target" "systemd-tmpfiles-setup-dev.service" "systemd-tmpfiles-setup.service" "systemd-sysctl.service" ];
      ConditionPathExists = "/dev/shm";
      ConditionPathIsSymbolicLink = "/dev/shm";
      ConditionPathIsMountPoint = "/run/shm";
    };
    serviceConfig = {
      Type = "oneshot";
      ExecStart = [
        "${pkgs.coreutils-full}/bin/rm /dev/shm"
        "/run/wrappers/bin/mount --bind -o X-mount.mkdir /run/shm /dev/shm"
      ];
    };
    wantedBy = [ "sysinit.target" ];
  };

EDIT: applied this fix #185 (comment)

[GuillaumeDesforges]

... or we could keep it open and see if we need to make a PR?

[SuperSandro2000]

#178 fixed this for native systemd.

@K900

[K900]

We may want to do the same thing in syschdemd, but honestly I'd prefer we just throw it out and tell people to run native at this point. AFAIK the only remaining issue that affects native and not syschdemd is the environment variable thing.

[GuillaumeDesforges]

Sorry I lack context, do I need to use some other options to avoid this issue?

[K900]

You may want to try wsl.nativeSystemd = true; if you're on a recent enough WSL version.

[wrvsrx]

I fixed it using the fix from microsoft/WSL#8996 (comment)

In my configuration module, I inserted

  systemd.services.nixs-wsl-systemd-fix = {
    description = "Fix the /dev/shm symlink to be a mount";
    unitConfig = {
      DefaultDependencies = "no";
      Before = "sysinit.target";
      ConditionPathExists = "/dev/shm";
      ConditionPathIsSymbolicLink = "/dev/shm";
      ConditionPathIsMountPoint = "/run/shm";
    };
    serviceConfig = {
      Type = "oneshot";
      ExecStart = [
        "${pkgs.coreutils-full}/bin/rm /dev/shm"
        "/run/wrappers/bin/mount --bind -o X-mount.mkdir /run/shm /dev/shm"
      ];
    };
    wantedBy = [ "sysinit.target" ];
  };

Before = "sysinit.targets"; should be changed to Before = [ "sysinit.target" "systemd-tmpfiles-setup-dev.service" "systemd-tmpfiles-setup.service" "systemd-sysctl.service" ];, otherwise this service might run after those services in before, which causes them fail to start.

[KoviRobi]

You may want to try wsl.nativeSystemd = true; if you're on a recent enough WSL version.

I'm having this problem with native systemd too:

❯ nixos-wsl-version --json
{
  "release": "DEV_BUILD",
  "rev": "9c0955ffd9501688bf9a5ca94e8405e5de59608f",
  "systemd": "native"
}

(Note 9c0955 is https://github.com/KoviRobi/NixOS-WSL/tree/rob)

❯ wsl.exe --version
WSL version: 1.0.3.0
Kernel version: 5.15.79.1
WSLg version: 1.0.47
MSRDC version: 1.2.3575
Direct3D version: 1.606.4
DXCore version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
Windows version: 10.0.19044.2486

The problem seems to be that for me /dev/shm is a directory when WSL2 starts up, I think it's because I haven't got the update that #199 talks about, so I had to run wsl.exe --update --pre-release, as the 1.1.0 from #179 (comment) seemed to be a pre-release https://github.com/microsoft/WSL/releases/tag/1.1.0

[K900]

The current nixos-wsl master should do the right thing on both the stable release of WSL and the preview one.

[KoviRobi]

For me this condition was preventing the shim from working:

NixOS-WSL/scripts/native-systemd-shim/src/main.rs

Lines 46 to 53 in 14273c1

	if metadata("/dev/shm")
	.context("When checking /dev/shm")?
	.is_symlink()
	{
	unscrew_dev_shm()?;
	} else {
	log::trace!("/dev/shm is not a symlink, leaving as-is...");
	};

because /dev/shim was a directory not a symlink. But I guess there is no easy way to tell if something is a directory that is a mount, or is not a mount? But WSL 1.0.3 worked when I added || medatada.is_directory()

Also above this never gets called with a directory, as it is:

NixOS-WSL/scripts/native-systemd-shim/src/main.rs

Lines 18 to 22 in 14273c1

	if dev_shm.is_symlink() {
	remove_file(dev_shm).context("When removing /dev/shm symlink")?;
	} else if dev_shm.is_dir() {
	remove_dir_all(dev_shm).context("When removing old /dev/shm")?;
	}

[K900]

I guess the check needs to be flipped somehow, to check if /dev/shm is a mount or not. Would you be interested in trying to fix this? If not, I'll probably get to it tomorrow-ish.

[KoviRobi]

Yeah I will give it a try, but not sure how to check if something is a mount or not, the nix::mount crate only seems to have a command for mounting, not for checking if something is a mount. From a quick google, I haven't seen a wrapper around https://docs.rs/libc/latest/libc/fn.getmntent.html so I might have to try making an iterator using the *mntent functions (and contribute it back 💚)

[K900]

You can use https://doc.rust-lang.org/std/os/unix/fs/trait.MetadataExt.html#tymethod.dev - compare it between the directory itself and a temporary file created in it.

[KoviRobi]

I've had success with main...KoviRobi:native-systemd-shim-check-mounts which uses nix-rust/nix@master...KoviRobi:nix-rust:add-linux-mntent-libc-0.2.133

I'll work on getting that properly merged into nix-rust/nix tomorrow

[K900]

Should be fixed in recent WSL releases.