<{^_^}>
Mic92/sops-nix#19 (by Mic92, 8 minutes ago, open): Macos ci
<Mic92>
*context
<arianvp>
I lead the Creative Pro Partnership Management team in Apple Worldwide Developer Relations. We manage the relationship with developers who create photography, music, 2D/3D design, Mac gaming, and production-focused apps and hardware. I personally cover developer tools.
<arianvp>
I’m sure you have heard about the Mac transition to Apple silicon. Specific to the Nix project, I wanted to point out a couple of resources for the project to get access to the Developer Transition Kit (DTK) which is necessary to test a build of Nix on Apple silicon. (You can build Apple silicon binaries on Intel Macs with Big Sur but obviously you can’t run them without a DTK.)
<arianvp>
Firstly, the most expedient way of obtaining a DTK would be for companies who have Nix maintainers and are registered as Apple developers can learn about the Universal Quick Start Program and apply for a DTK here:
<arianvp>
If this is the way your maintainers want to go, I would be happy to approve the applications to purchase the program. Someone noted on the thread they had applied and not been approved. I have approved then. Please let me know if there are any others.
<arianvp>
Secondly, we have a relationship with MacStadium where qualified open source projects can simply get access to a DTK in the cloud. The maintainers of Nix should email opensource@macstadium.com.
<arianvp>
The process for qualified OSS developers will be:
<arianvp>
Developer signs up for a general MacStadium account so the MSA can be accepted.
<arianvp>
MacStadium will manually add the DTK asset to their account at no cost.
<arianvp>
Developer will have access to screen sharing on a DTK and can log in right away.
<arianvp>
I know this is a lot for an introductory email, but I wanted to make sure you had this information as you start thinking about moving your projects to Apple silicon.
<arianvp>
Feel free to let me know if you have any questions, I’m happy to schedule a WebEx or conf call to talk in real time. Looking forward to hearing from you.
<arianvp>
Best Regards,
<arianvp>
Michael
<arianvp>
That's the entire mail. thought I'd share it here too
<Mic92>
LnL: not sure if you have need for secret management in darwin-nix but with some adjustments my tool could be extended to macOS as well.
<Mic92>
The only thing not portable right now is a ramfs mount where secrets are stored.
<Mic92>
Not sure if macOS has something aquivalent.
<arianvp>
Is this your nix-sops thing?
<LnL>
you can but it's a bit weird
<Mic92>
arianvp: yes
<Mic92>
Still need to do some bits documentation wise and than I will announce it.
<Mic92>
LnL: how is it called or where do I put files that are not supposed to be swapped out
<{^_^}>
nix#3156 (by angerman, 39 weeks ago, closed): daemon user fails to install on macOS
<__monty__>
Sops is an editor of encrypted files? How does that fit in with secrets management, i.e., why an editor of encrypted files, rather than just encrypted files?
<infinisil>
angerman reported there that "note the nosuid, noowners; this will cause nix to fail. mounting with -o suid will make nix install."
<infinisil>
Is there a way to easily change the installation script to do this?
<LnL>
Mic92: I don't think theres a tmpfs on macos, what you essentially have to do is create a ram backed block device and make a volume using that
<LnL>
hdiutil attach -nomount ram://<size>
<Mic92>
__monty__: the file format is optimized for use in git. Having an editor wrapper reduces the risk of accidential leakage.
<Mic92>
LnL: seems a bit less convinient. I would have to basically estimate how big it has to be in the first place.
<LnL>
yeah, it's awkward and probably not great for this
<Mic92>
LnL: also it's not clear if those disk can be swapped out.
<Mic92>
If that was the case there would be no point
<LnL>
indeed
<Mic92>
LnL: maybe they have some support for posix shared memory + mlock?