martinklepsch has quit [Read error: Connection reset by peer]
martinklepsch has joined #nix-darwin
hamishmack has quit [Quit: hamishmack]
hamishmack has joined #nix-darwin
hamishmack has quit [Quit: hamishmack]
hamishmack has joined #nix-darwin
<LnL>
johnw: I found what was missing preferLocalBuild
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
periklis has joined #nix-darwin
zarel has joined #nix-darwin
zzamboni has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
zarel has quit [Quit: Leaving]
periklis has quit [Ping timeout: 246 seconds]
zzamboni has joined #nix-darwin
{^_^} has quit [Remote host closed the connection]
{^_^} has joined #nix-darwin
zzamboni has quit [Quit: Leaving.]
<gchristensen>
LnL: what is the status of sandboxing, still no-go for ofborg for "a while"?
<LnL>
yeah, I've been pretty distracted with other stuff
<gchristensen>
sure
<gchristensen>
I think I/we should brainstorm ways to go around that requirement, then
<gchristensen>
like a builder-in-a-vm or something like that
<LnL>
and I understand the issue with nix-env / build-remote and mostly know how to fix those
<LnL>
but the propagation of impure stuff is a bit harder
<gchristensen>
hmm makes sense
<gchristensen>
another option would be to have "tiers" of callers where "anon" -> linux only, trusted -> darwin too
<LnL>
yeah
<LnL>
it's also possible to disable on a per build basis
<gchristensen>
oh?
<LnL>
if the ofborg builder is running as a trusted user it could pass --option build-use-sandbox false
<gchristensen>
another option is to drop darwin from ofborg for now
<LnL>
trusted users seems fine to me
<gchristensen>
run it on darwin w/out the sandbox if the requestor is trusted?
<gchristensen>
otherwise, skip darwin?
<LnL>
yeah
<gchristensen>
yeah
<gchristensen>
ok, that requires a slight restructuring in the job-creation end, but not a big deal
<gchristensen>
right now it spews jobs to an exchange that get automatically copied to each architecture. this will require directing explicitly to archs