Build docker image fails on mac

[geonnave]

I tried to build the docker image on a mac m1 and got the following:

$ docker build -f .docker/Dockerfile . -t hacspec-v2
 => [2/6] COPY . /circus-sources
 => [3/6] RUN cd /circus-sources && git init && git add .
 => ERROR [4/6] RUN nix-env -iA cachix -f https://cachix.org/api/v1/install
------
 > [4/6] RUN nix-env -iA cachix -f https://cachix.org/api/v1/install:
#8 1.244 installing 'cachix-1.3.3'
#8 1.479 copying path '/nix/store/6yjms3wa9f2hrpmbzk7ivm1s9jz2m0sw-busybox-static-x86_64-unknown-linux-musl-1.36.0' from 'https://cache.nixos.org'...

(... truncated ...)

#8 12.65 copying path '/nix/store/aly587hv5cyjsbl0fy4ps3lyy7r8cr8n-cachix-1.3.3' from 'https://cache.nixos.org'...
#8 14.67 error: unable to load seccomp BPF program: Invalid argument
#8 14.67 (use '--show-trace' to show detailed location information)
------
executor failed running [/bin/sh -c nix-env -iA cachix -f https://cachix.org/api/v1/install]: exit code: 1

Possible solution

In this issue I learned that it could be fixed by adding filter-syscalls = false to nix.conf (which indeed makes the build work).

A possible solution is to modify the Dockerfile as follows (although it does not seem super safe to disable filter-syscalls).

diff --git a/.docker/Dockerfile b/.docker/Dockerfile
index 0a46de5..e960589 100644
--- a/.docker/Dockerfile
+++ b/.docker/Dockerfile
@@ -3,6 +3,8 @@

 FROM nixpkgs/nix-flakes

+RUN [ "$(uname)" = Darwin ] && echo "filter-syscalls = false" >> /etc/nix/nix.conf
+
 # Prepare the sources
 COPY . /circus-sources
 RUN cd /circus-sources && git init && git add .

Versions

• Mac M1, MacOS Ventura 13.2.1 (22D68)
• Docker version 20.10.24, build 297e128

[W95Psp]

Hi @geonnave, sorry I forgot about that issue!
I think the fix with filter-syscalls is completely fine; we're in a docker image, so if we mess with the Nix sandbox that is not too important.
Made PR #133!