I recently changed our ARTIQ hardware config which added a zotino. And I would like to build my ARTIQ firmware to let my Kasli-SoC adapting to this change. But when I ran the command, with a local ARTIQ git repository and ARTIQ_Zynq git repository, which was:

nix build --print-build-logs --impure --expr 'let fl = builtins.getFlake "/home/ybarray/ARTIQ_repo/artiq-zynq"; in (fl.makeArtiqZynqPackage {target="kasli_soc"; variant="standalone"; json=./target.json;}).kasli_soc-standalone-sd'

We met a problem, the log showed:

kasli_soc-standalone-gateware> Sampler (EEM0) starting at RTIO channel 0x000000
kasli_soc-standalone-gateware> Urukul (EEM2) starting at RTIO channel 0x000003
kasli_soc-standalone-gateware> Urukul (EEM4) starting at RTIO channel 0x000009
kasli_soc-standalone-gateware> DIO (EEM6) starting at RTIO channel 0x00000f
kasli_soc-standalone-gateware> Zotino (EEM7) starting at RTIO channel 0x000017
kasli_soc-standalone-gateware> USER LED at RTIO channel 0x00001a
kasli_soc-standalone-gateware> USER LED at RTIO channel 0x00001b
kasli_soc-standalone-gateware> bwrap: setting up uid map: Permission denied
kasli_soc-standalone-gateware> Traceback (most recent call last):
kasli_soc-standalone-gateware>   File "/nix/store/3n7icqgb0rifw3xv988flx8wsiwzhz8b-gateware/kasli_soc.py", line 672, in <module>
kasli_soc-standalone-gateware>     main()
kasli_soc-standalone-gateware>   File "/nix/store/3n7icqgb0rifw3xv988flx8wsiwzhz8b-gateware/kasli_soc.py", line 668, in main
kasli_soc-standalone-gateware>     soc.build(build_dir=args.g)
kasli_soc-standalone-gateware>   File "/nix/store/in7qym9lxkmpdy16l15v13rq3ps1xnc7-python3-3.12.8-env/lib/python3.12/site-packages/migen_axi/integration/soc_core.py", line 169, in build
kasli_soc-standalone-gateware>     self.platform.build(self, *args, **kwargs)
kasli_soc-standalone-gateware>   File "/nix/store/in7qym9lxkmpdy16l15v13rq3ps1xnc7-python3-3.12.8-env/lib/python3.12/site-packages/migen/build/xilinx/platform.py", line 59, in build
kasli_soc-standalone-gateware>     return self.toolchain.build(self, *args, **kwargs)
kasli_soc-standalone-gateware>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
kasli_soc-standalone-gateware>   File "/nix/store/in7qym9lxkmpdy16l15v13rq3ps1xnc7-python3-3.12.8-env/lib/python3.12/site-packages/migen/build/xilinx/vivado.py", line 249, in build
kasli_soc-standalone-gateware>     _run_vivado(build_name)
kasli_soc-standalone-gateware>   File "/nix/store/in7qym9lxkmpdy16l15v13rq3ps1xnc7-python3-3.12.8-env/lib/python3.12/site-packages/migen/build/xilinx/vivado.py", line 70, in _run_vivado
kasli_soc-standalone-gateware>     raise OSError("Subprocess failed")
kasli_soc-standalone-gateware> OSError: Subprocess failed
kasli_soc-standalone-gateware> 
error: builder for '/nix/store/sgknfl4zfw76zvhlsgzgspxsxrxg9nbf-kasli_soc-standalone-gateware.drv' failed with exit code 1
error: 1 dependencies of derivation '/nix/store/rbb064psgmd9fbvn8f5b22ld69s1gibn-kasli_soc-standalone-sd.drv' failed to build

We currently use ARTIQ and ARTIQ_Zynq release 8 and Vivado 2024.2, so how may I solve this problem to build my firmware.

Thank you for your help in advance.

    fsagbuya Thank you for your reply but it seems don't work, and I added the followed line to nix.conf :

    experimental-features = nix-command flakes
    sandbox-paths = /opt /opt/Xilinx/Vivado/2022.2
    substituters = https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store https://cache.nixos.org/

    I removed the Vivado 2024.2 and re-installed Vivado 2022.2, and I ran the "bulid" command again and it showed again:

    ybarray@ybarray-Virtual-Machine:~/ARTIQ_repo$ nix build --print-build-logs --impure --expr 'let fl = builtins.getFlake "/home/ybarray/ARTIQ_repo/artiq-zynq"; in (fl.makeArtiqZynqPackage {target="kasli_soc"; variant="standalone"; json=./target.json;}).kasli_soc-standalone-sd'
    kasli_soc-standalone-gateware> Sampler (EEM0) starting at RTIO channel 0x000000
    kasli_soc-standalone-gateware> Urukul (EEM2) starting at RTIO channel 0x000003
    kasli_soc-standalone-gateware> Urukul (EEM4) starting at RTIO channel 0x000009
    kasli_soc-standalone-gateware> DIO (EEM6) starting at RTIO channel 0x00000f
    kasli_soc-standalone-gateware> Zotino (EEM7) starting at RTIO channel 0x000017
    kasli_soc-standalone-gateware> USER LED at RTIO channel 0x00001a
    kasli_soc-standalone-gateware> USER LED at RTIO channel 0x00001b
    kasli_soc-standalone-gateware> bwrap: setting up uid map: Permission denied
    kasli_soc-standalone-gateware> Traceback (most recent call last):
    kasli_soc-standalone-gateware>   File "/nix/store/3n7icqgb0rifw3xv988flx8wsiwzhz8b-gateware/kasli_soc.py", line 672, in <module>
    kasli_soc-standalone-gateware>     main()
    kasli_soc-standalone-gateware>   File "/nix/store/3n7icqgb0rifw3xv988flx8wsiwzhz8b-gateware/kasli_soc.py", line 668, in main
    kasli_soc-standalone-gateware>     soc.build(build_dir=args.g)
    kasli_soc-standalone-gateware>   File "/nix/store/kvwh1lwqadrzjzjf8kdqbnpn6jm3kgls-python3-3.12.8-env/lib/python3.12/site-packages/migen_axi/integration/soc_core.py", line 169, in build
    kasli_soc-standalone-gateware>     self.platform.build(self, *args, **kwargs)
    kasli_soc-standalone-gateware>   File "/nix/store/kvwh1lwqadrzjzjf8kdqbnpn6jm3kgls-python3-3.12.8-env/lib/python3.12/site-packages/migen/build/xilinx/platform.py", line 59, in build
    kasli_soc-standalone-gateware>     return self.toolchain.build(self, *args, **kwargs)
    kasli_soc-standalone-gateware>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    kasli_soc-standalone-gateware>   File "/nix/store/kvwh1lwqadrzjzjf8kdqbnpn6jm3kgls-python3-3.12.8-env/lib/python3.12/site-packages/migen/build/xilinx/vivado.py", line 249, in build
    kasli_soc-standalone-gateware>     _run_vivado(build_name)
    kasli_soc-standalone-gateware>   File "/nix/store/kvwh1lwqadrzjzjf8kdqbnpn6jm3kgls-python3-3.12.8-env/lib/python3.12/site-packages/migen/build/xilinx/vivado.py", line 70, in _run_vivado
    kasli_soc-standalone-gateware>     raise OSError("Subprocess failed")
    kasli_soc-standalone-gateware> OSError: Subprocess failed
    kasli_soc-standalone-gateware> 
    error: builder for '/nix/store/9phc2r1f8w7brrw2rgc1lkh64h5zbmps-kasli_soc-standalone-gateware.drv' failed with exit code 1
    error: 1 dependencies of derivation '/nix/store/acqd5difafc1810r6kyy2kvcrxkxf1jq-kasli_soc-standalone-sd.drv' failed to build

    It is really confusing

      FENIX Can you run nix config show and check the sandbox and sandbox-paths fields? Also, do you have the trusted-settings.json file set up as mentioned in the previous reference?

        fsagbuya Yes, I can run nix config show command in terminal and it reported the followed text:

        ybarray@ybarray-Virtual-Machine:~/ARTIQ_repo$ nix config show
        abort-on-warn = false
        accept-flake-config = false
        access-tokens = 
        allow-dirty = true
        allow-dirty-locks = false
        allow-import-from-derivation = true
        allow-new-privileges = false
        allow-symlinked-store = false
        allow-unsafe-native-code-during-evaluation = false
        allowed-impure-host-deps = 
        allowed-uris = 
        allowed-users = *
        always-allow-substitutes = false
        auto-optimise-store = false
        bash-prompt = 
        bash-prompt-prefix = 
        bash-prompt-suffix = 
        build-dir = 
        build-hook = /nix/store/ni2gvlli2qliadpdinvqvarf89jyi291-nix-2.26.2/bin/nix __build-remote
        build-poll-interval = 5
        build-users-group = 
        builders = @/etc/nix/machines
        builders-use-substitutes = false
        commit-lock-file-summary = 
        compress-build-log = true
        connect-timeout = 0
        cores = 14
        debugger-on-trace = false
        debugger-on-warn = false
        diff-hook = 
        download-attempts = 5
        download-buffer-size = 67108864
        download-speed = 0
        eval-cache = true
        eval-system = 
        experimental-features = fetch-tree flakes nix-command
        extra-platforms = i686-linux x86_64-v1-linux x86_64-v2-linux x86_64-v3-linux
        fallback = false
        filter-syscalls = true
        flake-registry = https://channels.nixos.org/flake-registry.json
        fsync-metadata = true
        fsync-store-paths = false
        gc-reserved-space = 8388608
        hashed-mirrors = 
        http-connections = 25
        http2 = true
        id-count = 8388608
        ignore-try = false
        ignored-acls = security.csm security.selinux system.nfs4_acl
        impersonate-linux-26 = false
        keep-build-log = true
        keep-derivations = true
        keep-env-derivations = false
        keep-failed = false
        keep-going = false
        keep-outputs = false
        log-lines = 25
        max-build-log-size = 0
        max-call-depth = 10000
        max-free = 9223372036854775807
        max-jobs = 1
        max-silent-time = 0
        max-substitution-jobs = 16
        min-free = 0
        min-free-check-interval = 5
        nar-buffer-size = 33554432
        narinfo-cache-negative-ttl = 3600
        narinfo-cache-positive-ttl = 2592000
        netrc-file = /etc/nix/netrc
        nix-path = 
        nix-shell-always-looks-for-shell-nix = true
        nix-shell-shebang-arguments-relative-to-script = true
        plugin-files = 
        post-build-hook = 
        pre-build-hook = 
        preallocate-contents = false
        print-missing = true
        pure-eval = true
        require-drop-supplementary-groups = false
        require-sigs = true
        restrict-eval = false
        run-diff-hook = false
        sandbox = true
        sandbox-build-dir = /build
        sandbox-dev-shm-size = 50%
        sandbox-fallback = true
        sandbox-paths = /opt /opt/Xilinx/Vivado/2022.2
        secret-key-files = 
        show-trace = false
        ssl-cert-file = /etc/ssl/certs/ca-certificates.crt
        stalled-download-timeout = 300
        start-id = 872415232
        store = auto
        substitute = true
        substituters = https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store https://cache.nixos.org/
        sync-before-registering = false
        system = x86_64-linux
        system-features = benchmark big-parallel nixos-test uid-range
        tarball-ttl = 3600
        timeout = 0
        trace-function-calls = false
        trace-verbose = false
        trust-tarballs-from-git-forges = true
        trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
        trusted-substituters = 
        trusted-users = root
        upgrade-nix-store-path-url = https://github.com/NixOS/nixpkgs/raw/master/nixos/modules/installer/tools/nix-fallback-paths.nix
        use-case-hack = false
        use-cgroups = false
        use-registries = true
        use-sqlite-wal = true
        use-xdg-base-directories = false
        user-agent-suffix = 
        warn-dirty = true
        warn-large-path-threshold = 0

        and trusted-settings.json is followed:

        {"extra-sandbox-paths":{"/opt":true},"extra-substituters":{"https://nixbld.m-labs.hk":true},"extra-trusted-public-keys":{"nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc=":true}}

        Should I add /opt/Xilinx/Vivado/2022.2 to "extra-sandbox-paths":{"/opt":true}," and save trusted-settings.json with:

        {"extra-sandbox-paths":{"/opt":true,"/opt/Xilinx/Vivado/2022.2":true},"extra-substituters":{"https://nixbld.m-labs.hk":true},"extra-trusted-public-keys":{"nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc=":true}}

        fsagbuya Thank you for the information you have provided. I tried to disable the apparmor by using command sudo systemctl disable apparmor and restarting my ubuntu. Yet it did not works. It reported the same error and the same error report

        What's the output of systemctl status apparmor? If it's still active, try to run sudo systemctl stop apparmor.

          fsagbuya it reports :

          ybarray@ybarray-Virtual-Machine:~/ARTIQ_repo$ systemctl status apparmor
          ○ apparmor.service - Load AppArmor profiles
               Loaded: loaded (/usr/lib/systemd/system/apparmor.service; disabled; preset>
               Active: inactive (dead)
                 Docs: man:apparmor(7)
                       https://gitlab.com/apparmor/apparmor/wikis/home/
          lines 1-5/5 (END)

          I guess it is already disabled

          • Edited

          fsagbuya Well, I think I have found the way out. The key point is that I have to totally remove apparmor using command sudo apt purge apparmor instead of disabling it partly for Nix or for the whole system.

          I use the tutorial of this link

          Thank you for your help