pjan_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<LnL>
I suspect that's some kind of os version impurity
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
zzamboni has joined #nix-darwin
pjan_ has joined #nix-darwin
pjan_ has quit [Client Quit]
pjan_ has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
zzamboni has joined #nix-darwin
zzamboni has quit [Client Quit]
pjan_ has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
<dhess>
LnL: weird. I'm seeing it on multiple Macs
<dhess>
LnL: johnw and I were talking about macOS sandboxing the other day. In your lnl.nix example in the nix-darwin repo, it is enabled. Are you using that on your actual machine?
<LnL>
yes
<dhess>
does the nix.nixUnstable = true bit also install nix-1.12 then?
<LnL>
that and enabling the nix-daemon service
<dhess>
ok cool. I will try that today. I'm getting some weird behavior on 1 out of 3 Macs that seems to be some kind of local impurity (separate from that qtwebkit issue)
<dhess>
I'm using the same nixpkgs and same overlay on all 3, and on 2 of them everything is identical; but on the 3rd, it's not.
<LnL>
you don't need the systemPackages bit anymore for the client with my recent changes
<LnL>
are they all running the same version of osx?
<dhess>
yes
<dhess>
the only difference as far as I can tell is that, when I did the initial nix-darwin install on each, the nix-darwin on the 3rd was a later channel update than the other 2
<dhess>
but now that they're all running the same nix-darwin channel version, they're still producing different results.
<dhess>
huh... only for qtwebkit now that you mention it!
<dhess>
whoa
<LnL>
that invalid instruction error or other stuff?
<dhess>
I *think* it's a different error in this case
<dhess>
oh nice, you have a module for making users now?
<dhess>
that's awesome. I need to create more builders anyway
zzamboni has joined #nix-darwin
<dhess>
does that work with 10.13.2?
<LnL>
yep, it doesn't touch stuff that already exists like updating the homedir of a user etc.
<dhess>
that is sweet
<dhess>
so re: this qtwebkit thing and the possible impurity, any ideas on how to go about debugging that?
<LnL>
is the hardware the same?
<LnL>
could be that some dependency was built on a machine with newer instructions or something
<dhess>
no.
<dhess>
that's an interesting thought. However I don't think it applies here because the 2 machines that are sharing a config are an iMac Pro and a 13" MacBook Pro 2017. And then the one that keeps breaking on the illegal instruction issue is the one building the packages, a Mac Pro Late 2013.
<dhess>
and the one that is trying to build qtwebkit rather than hitting the binary cache is a 2017 iMac 27"
<dhess>
so the 3 machines that evaluate to the same derivations (iMac Pro, MacBook Pro, Mac Pro 2013) are quite different.
<dhess>
when you turn on sandboxing in macOS, is there anything that still comes from the host OS?
<LnL>
yes, a bunch of stuff
zzamboni has quit [Quit: Leaving.]
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
zzamboni has joined #nix-darwin
<johnw>
LnL: hi
<johnw>
LnL: I wasn't able to get sandboxing to work
<johnw>
I run into a SIGABRT
<johnw>
let me get a pastie for you
<johnw>
LnL: well, first I get this: error: derivation '/nix/store/7qvxgsvgwg0bz645hhcd7a60kgj57hnm-user-environment.drv' specifies a sandbox profile, but this is only allowed when 'sandbox' is 'relaxed'
<johnw>
then I set nix.useSandbox = "relaxed";
<LnL>
when do you get that?
<johnw>
the rebuild of darwin to switch to sandbox = true works
<johnw>
the rebuild of home-manager does not work
<LnL>
ah, yes nix-env doesn't work yet
<johnw>
so how do you install things?
zzamboni has quit [Quit: Leaving.]
<LnL>
nix-shell? :p
<johnw>
huh?
<johnw>
your user-environment is empty?
<LnL>
yep, until I get annoyed an fix it :)
<johnw>
wow, ok
<LnL>
well and nix-darwin ofcorse
zzamboni has joined #nix-darwin
<LnL>
I wonder how home-manager manages profiles then
<dhess>
that is what I was trying to accomplish with this fresh install. I didn't realize that nix-darwin master required an existing nix install, I thought it would just use it if it was already there
<dhess>
LnL: so build that and then just `sh installer` on the target machine?
<LnL>
yes, or use nix-shell that will start it automatically
<dhess>
well the idea here is that the target machine will not have Nix already
<dhess>
just a fresh macOS re-install
<LnL>
oh, don't have anything for that at the moment
<dhess>
oh I see.
<dhess>
well then I will just inevitably run into the same issue, where I'm trying to use nixpkgs-17.09-darwin but the Nix installer sets up with nixpkgs-unstable
<dhess>
it seems to me the Nix Darwin installer should probably be using nixpkgs-17.09-darwin in the first place
<dhess>
LnL: so it seems I've run into some kind of bug then, no? Where the "admin user" sets a channel from which nixpkgs expressions come, and that is different than the one the actual root user is using, and then when the "admin user" runs `darwin-rebuild switch`, it is seeing expressions from the root user's channel rather than the admin user's?
<dhess>
if that is in fact what was happening with this brotli issue
<LnL>
what the installer does is closest to the nixos behaviour
<LnL>
user channels don't do anything there either
<dhess>
yeah I understand that. But I was under the impression that with nix-darwin, it would always use the channels (or paths etc) chosen by the user who runs it.
<LnL>
yeah, not saying you're wrong
<dhess>
LnL: ok, just wanted to clarify what was the expected behavior.
<LnL>
another problem with root channels is that they will disappear after an os upgrade
<dhess>
frankly I am worried about all kinds of system/multi-user/nix-darwin Nix-y things disappearing after an OS upgrade
<dhess>
that's one of the reasons I opened that issue about installing nix-darwin somewhere other than /etc
<dhess>
it makes me really uncomfortable. I don't like touching anything outside of /Applications or my home dir on Maccs.
<dhess>
Macs.
<dhess>
I don't get the impression that Apple is going to go out of their way to avoid clobbering things that you've put in /etc
<dhess>
however I do like the fact that you're using /run/current-system in nix-darwin, so I think that is an improvement over what the vanilla multi-user Nix installer does.
<dhess>
and not touching /etc/profile etc.
<dhess>
LnL: anyway I'm a moron, and I'm pretty sure this is not a bug in nix-darwin but a problem with my config, which I just identified.
<dhess>
so ... never mind, at least for now until I can test this with the new install
<gchristensen>
I'm pretty sure you're not a moron
<dhess>
in fact, I was able to rescue my existing install after fixing that
<dhess>
oh you would be surprised :)
<dhess>
ok let me try this brotli thing again
<dhess>
yay! fixed!
<dhess>
now this box is doing sandboxed builds
<dhess>
LnL: so to confirm -- false alarm, darwin-rebuild *does* use the channels that the user has defined
<LnL>
well yes, but only if there are no conflicts
<LnL>
or am I missing something
<dhess>
I am now using 17.09-darwin with mine and it looks good. And I am running sandboxed builds
<dhess>
so now let me see if this helps with the qtwebkit issue
<dhess>
haha
<dhess>
well it actually got *worse* :)
<dhess>
dyld: Library not loaded: /usr/lib/system/libcache.dylib
<dhess>
johnw had a similar issue when he tried to enable sandboxed builds on one of his Macs
<dhess>
he rolled back and was able to recover
<LnL>
try nixos-rebuild switch --rollback
<dhess>
yeah cool, all set
<dhess>
thanks
<LnL>
oh wait, the sandboxing stuff isn't backported yet
<dhess>
but even if I switch this remote builder's channel to nixpkgs-unstable, I will run into that ld issue when trying to use it as a remote builder, correct?
<LnL>
yeah
<dhess>
ok I'll just keep it on the stable branch for now then
<dhess>
this thing doesn't need to be bleeding edge, it just needs to be reliable
<dhess>
until the sandboxing stuff is ready anywya
<LnL>
yeah wouldn't worry about sandboxing for now
<johnw>
grr
<johnw>
every time I run load-env-anything now, it runs home-manager switch for some bizarre reason
<LnL>
the myEnvFun things?
<johnw>
dhess: ping
<johnw>
LnL: I logged a bug
<LnL>
what did I break?
<johnw>
it wasn't you
<LnL>
oh not me :)
<johnw>
it was a long-standing bug in nixpkgs that apparently no one noticed
<johnw>
actually, now that I think about it, I've been seeing the warnings for a LONG time
<johnw>
i just ignored them
<johnw>
warnings sayings that 'u' isn't a command
<johnw>
uh oh
<johnw>
when I nix build A B C I get "should be a set but is a function", but nix build A C B works
<johnw>
hmm.. it now appears it happens with A B C D, but not if I delete any one of them