#nix-darwin on 2019-01-03

01:53 philr has quit [Ping timeout: 246 seconds]

03:22 abathur has quit [Ping timeout: 246 seconds]

04:10 philr has joined #nix-darwin

05:05 trcc has joined #nix-darwin

05:05 trcc has quit [Read error: Connection reset by peer]

05:06 trcc has joined #nix-darwin

05:07 trcc has quit [Remote host closed the connection]

05:07 trcc has joined #nix-darwin

05:20 trcc has quit [Ping timeout: 250 seconds]

07:08 trcc has joined #nix-darwin

07:14 trcc has quit []

10:02 periklis has joined #nix-darwin

12:40 philr has quit [Ping timeout: 250 seconds]

12:46 jacereda has joined #nix-darwin

12:47 <jacereda> hi... looks like ruby is linking against Foundation from /System, is that right?

12:50 <jacereda> this is what I get for `otool -L /nix/store/p1csyn7pmzga2kyrcl1yjli3b9hyl67d-ruby-2.5.3/bin/ruby`: `/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation (compatibility version 300.0.0, current version 1454.90.0)`

13:18 trcc has joined #nix-darwin

14:06 trcc has quit [Remote host closed the connection]

14:07 trcc has joined #nix-darwin

14:10 <LnL> yeah, most frameworks are not opensource so we have to use the system versions

14:11 trcc has quit [Ping timeout: 246 seconds]

14:54 <jacereda> LnL: ok, thanks... so, shouldn't the sandbox system whitelist those?

14:54 <jacereda> or just have fake packages with links to the system frameworks...

14:55 <LnL> that's exactly what we do

14:56 <LnL> the sandbox gets opened up for specific paths if a framework is included as a dependency, however currently that's not transitive

14:56 <jacereda> oh, then I don't know what happened... I had a system with useSandbox=true and got errors when using ruby as a build dependency, it was complaning about Foundation...

14:57 <jacereda> so, should packages that use ruby as a buildDependency list Foundation as a buildDependency as well?

14:57 <jacereda> sounds bad...

14:58 <LnL> so for build time dependencies it works since nix tracks those, but if a binary links against it nix looses the dependency because it points to /System/Library instead of darwin.apple_sdk.frameworks.Foundation

14:58 <jacereda> s/buildDependency/nativeBuildInputs

14:58 <LnL> causing issues when it's loaded during a build that doesn't pull in the frameworks for some other reason

14:59 <jacereda> this happened while building a package that isn't supported on darwin, I'll try to isolate the issue

15:00 <LnL> this is one of the 2 main issues that have to be solved to fix sandboxing

15:03 <jacereda> Lnl: I opened https://github.com/NixOS/nixpkgs/pull/52705 a couple of weeks ago and it's standing there without any rewiever... do you know what the process is to get it merged?

15:03 <{^_^}> #52705 (by jacereda, 1 week ago, open): Fix sfml build on Darwin

15:04 <LnL> ping somebody with commit access :)

15:04 <jacereda> is that you by any chance? :)

15:05 <LnL> I should look into fixing CF so we can get rid of those workarounds again, but it's fine in the meantime

15:05 <jacereda> right

15:06 <LnL> could you pass in cf-private as an input instead of referencing it indirectly, and a comment with the missing symbol like I've been doing would also be nice

15:06 <jacereda> sure

15:07 <LnL> eg. https://github.com/NixOS/nixpkgs/commit/942d90b282bf5aa7034238aba16fa0dc6e50daa8

15:08 <LnL> I was a bit afk the last week, but I'll try to test and merge after work

15:14 <jacereda> ok thanks. It should be ready now.

17:17 periklis has quit [Ping timeout: 244 seconds]

19:49 philr has joined #nix-darwin

20:14 trcc has joined #nix-darwin

21:01 jacereda has quit [Ping timeout: 245 seconds]

22:28 trcc has quit [Remote host closed the connection]

22:29 trcc has joined #nix-darwin

22:33 trcc has quit [Ping timeout: 246 seconds]

23:39 philr has quit [Ping timeout: 258 seconds]