xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
xcmw has joined #nix-darwin
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
__monty__ has joined #nix-darwin
hmpffff has joined #nix-darwin
hmpffff has quit [Quit: nchrrrr…]
hmpffff has joined #nix-darwin
__monty__ has quit [Quit: leaving]
<abathur>
re-summarizing where the flag issue seems to stand and adding a new idea; flag in my PR: --darwin-create-unencrypted-nix-store-volume, flag upstream: --create-volume
<abathur>
Ideas for rephrasing around filevault: --darwin-create-non-filevault-nix-store-volume, --darwin-create-nix-store-volume-without-filevault
<abathur>
other idea, rephrase as flag with argument, i.e., --darwin-create-nix-store-volume=<something_about_filevault_or_encryption>
<abathur>
and finally, if it's an impasse, we could find some way to poll the macOS users, most of whom are involved in or subscribed to the gh issue, about what they think clearly communicates what the installer does and the implication/tradeoff
<abathur>
not that the users subscribed will be representative
<abathur>
of the entire potential macOS userbase
<abathur>
but, there's at least some chance it trades a few more days of stasis for a little more confidence in the name
<abathur>
LnL gchristensen poking on flag naming again, since it seems like the last thing dangling
xcmw has joined #nix-darwin
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
darr has joined #nix-darwin
<LnL>
so, I'm not really liking the other options so maybe just keep it as is?
<abathur>
LnL: as it is in my PR, or would you like me to change --darwin-create-unencrypted-nix-store-volume -> --create-volume?
darr has quit [Remote host closed the connection]
<LnL>
unencrypted
<abathur>
?
<LnL>
I mean the flag from your pr
<LnL>
except perhaps create -> use?
<abathur>
k; I'll make that edit real quick
<LnL>
do the docs also mention encryption at rest?
<LnL>
yeah, so people concerned about the flag can read the install section and it's explained briefly there
<abathur>
yes; it's in the paragraph starting on line 174: "If you're using a recent Mac with a <link xlink:href="...">T2 chip</link>, your drive will still be encrypted at rest (in which case "unencrypted" is a bit of a misnomer). To use this approach, just install Nix with:"
philr_ has quit [Ping timeout: 246 seconds]
<abathur>
LnL force-pushed an edit changing "-create-" -> "-use-"
<LnL>
yeah that's fine
<abathur>
agh, I lied
<abathur>
I keep doing the flag wrong
<abathur>
I always get distracted trying to avoid putting an extra m in amend and forget to add an -a flag :[
<abathur>
ok, now it's actually up ;)
eraserhd2 has joined #nix-darwin
eraserhd has quit [Ping timeout: 265 seconds]
johnw has joined #nix-darwin
eraserhd3 has joined #nix-darwin
<LnL>
hmm how did I build the manual again...
eraserhd2 has quit [Ping timeout: 256 seconds]
<abathur>
looks like I was using `make doc/manual/manual.html` inside a nix-shell started with: `nix-shell --command 'autoreconf --install && ./configure --enable-doc-gen'`
xcmw has joined #nix-darwin
<abathur>
oops, sorry
<abathur>
I ran the nix-shell first, but then just entered a simple `nix-shell` to run the make
<abathur>
looks good; read over all of the parts I touched
<abathur>
aside from re-testing the install, I guess the other asterisk is whether "we" think it should hold for additional instruction/guide on any of the "other" approaches we feel comfortable supporting or if those can be backfilled
<abathur>
gchristensen: thoughts, and did you hear anything else from RosaCtrl? If not I can DM her on Twitter to check.
<gchristensen>
I didn't :(
<abathur>
k, assumed not; I'll ping on Twitter. Want to make an effort not to leave her work dangling if she got traction.
<abathur>
Otherwise, do you think LnL's PR should hold for documentation on that process?
<gchristensen>
yeah, cool, up to y'all :)
<gchristensen>
it would be ideal if y'all decided it was good and ready and said we think it is good and ready. is that too hands off?
<abathur>
shrug, once it's tested *I* think it's good and ready
<abathur>
but I'm also fine with leaving my store unencrypted
<LnL>
I think it's fine
<abathur>
or ~encrypted at rest~
xcmw has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<abathur>
LnL I still get socket path too long errors trying to use the nix-build release.nix process you and matthewbauer outlined in the gh issue; was hoping to give the full installer a test, but will either need to fix/work-around that problem, or get a hosted patched installer to curl, or use the normal installer and curl create-darwin-volume from your branch...
<abathur>
I've got a 2018 catalina MBA and a 2013 mojave MBA that I can test clean installs on without disrupting anything, so I guess I can at least do runs with and without FV on each
<LnL>
I already did a basic test, but that would be great :)
<abathur>
which configs have you covered?
<LnL>
unintentionally, the bad case
<LnL>
enabled filevault in a previous and haven't reinstalled it yet
<abathur>
bad being Catalina + T2 + FV, or bad being one we weren't worried about? :)
<LnL>
without t2
<LnL>
don't really want to reinstall my work machine :)
<abathur>
nod, ditto
<gchristensen>
I'd love to be able to virtualise the t2
<LnL>
you mean for testing?
<gchristensen>
yea
<LnL>
we don't really rely in it for anything so the command could be mocked
<abathur>
sounds like a project that could catch a case, or at least a cease-and-desist? :]
<abathur>
I got through unencrypted cases on both devices okay
<abathur>
I manually rmed nix on both and turned FV on. Waiting for the 2013 to encrypt; not sure how long it'll take since it's told me everything from 7 minutes to 16 hours remaining so far :D
hmpffff has quit [Quit: Bye…]
<abathur>
meh, I botched the list of cases in my commit message :[
<abathur>
ok, catalina-T2 and mojave-without-T2 cleared the FV case as well, not that I expected any issue on mojave
<abathur>
LnL you tested Catalina + FV without T2 and it objected as expected, yeah?
<LnL>
yep, had to manually create it to proceed
<abathur>
ok, so we've covered the obvious cases on hw/OS versions then; I'll skip updating my mojave to catalina :)
<abathur>
not sure if anyone ever reported in on some of those older cases you asked about like fusion and 10.13 etc.
<LnL>
yeah, but that was more of a concern for enabling the flag by default
<LnL>
from what I recall automatic apfs migration was only a thing for ssd
<LnL>
so I'm not sure at what point hfs+ support was dropped
<cransom>
it was around 10.12 that i think they automatically steered you onto apfs.been a little while.