<samueldr>
I still need to check whether 18.03 had the same underlying issue
sir_guy_carleton has joined #nixos-dev
<clever>
samueldr: i helped a friend debug that a couple of months ago
<clever>
samueldr: if you have any conflicting qt version in your .nix-profile, plasma fails to even start
sir_guy_carleton has quit [Disconnected by services]
sir_guy_carleton has joined #nixos-dev
goibhniu has joined #nixos-dev
goibhniu has quit [Ping timeout: 272 seconds]
goibhniu has joined #nixos-dev
norfumpit has joined #nixos-dev
goibhniu has quit [Read error: Connection reset by peer]
init_6 has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 268 seconds]
sir_guy_carleton has joined #nixos-dev
goibhniu has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 268 seconds]
sir_guy_carleton has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 252 seconds]
sir_guy_carleton has joined #nixos-dev
<ekleog>
wild idea: integrate NUR into nixpkgs, with a config parameter to nixpkgs to restrict access to NUR repositories to ones that have been explicitly trusted, ie. be able to do (import <nixpkgs> { allowNur = [ "someone" ]; }).nur.someone.somepackage
* ekleog
not sure whether that's a good idea, but…?
orivej has joined #nixos-dev
phreedom_ has joined #nixos-dev
phreedom has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 244 seconds]
<infinisil>
ekleog: Can get the same by just doing `inherit (nur.repos) someone;`
<infinisil>
Oh, I guess if you have NUR imported from somewhere else
<infinisil>
But eh, doesn't seem all that useful
<gchristensen>
yeah I'm not excited to cross that boundary at all
<infinisil>
If somebody intends to use some users NUR repo, that would implicitly mean I'm trusting them
<infinisil>
ekleog: We did talk about integrating NUR into nixpkgs before though, in #nixos-nur
<andi->
I would not want to see it as default. If we provided a sane (secure?) Way to add specific overlays from within configuration.nix it would be fine. I would want it to be channel like tho.. Not requiring network in every nixos-rebuild invocation.
<andi->
Yet another channel /o
<gchristensen>
you can already add NUR as a channel, and an overlay :)
<andi->
Mhm, then the barrier there is to using NUR is helpful to force people to read about it instead of just jumping on it.
<andi->
My grammar is off
<andi->
Pretty much like Arch doesn't ship an AUR helper by default :)
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 268 seconds]
<ekleog>
requiring the `allowNur` configuration parameter (maybe more ominously named, like `trustNurUser`) would play the role of requiring users to learn about NUR, all the while making its discovery and usage easy… wouldn't it?
<ekleog>
(basically, more like gentoo's layman than AUR)
<gchristensen>
not when "just copy-paste `allowNur = [ "mallory" ];` which looks no different from "allowTcpPort = [ 22 ];" whereas "add thing thing which downloads stuff from a different place" is clearly a different bondary
<ekleog>
TBH, I don't really know whether I think that's a good thing or not either, I just think NUR is not discoverable enough
<gchristensen>
if that is the problem, maybe the solution is to promote NUR from nix-community to nixos-official and put it on the website and stuff
<ekleog>
gchristensen: would yesIKnowWhatIAmDoingIWantToTrustThisNurUser = [ "mallory" ]; fit the bill?
<ekleog>
good point
<gchristensen>
ekleog: no, because now it is a vague warning and the user still doesn't know what they're getting in to
<ekleog>
(and then nur.mallory.pkg would throw a message like “what you're trying to do is dangerous, please read [page on the manual] to know how to actually do it”, with the manual pointing to the `yesIKnow[…]` config parameter at the end of the page)
<gchristensen>
my chief complaint is automatically bridging the gap from nix expressions which are trustworthy (nixpkgs) to ones that aren't checked by anyone at all, without understanding very explicitly that this is what is happening, seems not good
<gchristensen>
also, automatically doing it in the module system precludes the ability to use NUR modules
* ekleog
was thinking of a nixpkgs config parameter, so I think that'd allow using NUR modules (maybe? didn't check how they actually worked)
<ekleog>
but yeah, your point about bridging the gap between nixpkgs and NUR not being a good idea is right
<ekleog>
I just wish I had a way to (push packages on NUR and) tell people “just use nur.ekleog.[somepackage]” in a simple way and have them get all the relevant details about NUR off-band, but I guess that's hard to do while keeping the “untrusted” warning ominous enough for the copy-paste case
<gchristensen>
I don't think it is so bad to ask someone to add a channel + an import, on an import + fetchrl
<gchristensen>
or an*
<ekleog>
indeed :)
sir_guy_carleton has quit [Ping timeout: 252 seconds]
sir_guy_carleton has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 252 seconds]
goibhniu has quit [Ping timeout: 268 seconds]
sir_guy_carleton has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 272 seconds]
sir_guy_carleton has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 272 seconds]
jtojnar has joined #nixos-dev
sir_guy_carleton has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 252 seconds]
sir_guy_carleton has joined #nixos-dev
sir_guy_carleton has quit [Ping timeout: 268 seconds]
<samueldr>
clever: did you read the issue? this is exactly the reproduction I created, so it can be tested while attempting to fix
<samueldr>
clever: do you remember if this was an upgrade between different channels, or was it simply a channel update?
goibhniu has joined #nixos-dev
goibhniu has quit [Ping timeout: 252 seconds]
init_6 has quit [Ping timeout: 252 seconds]
goibhniu has joined #nixos-dev
sir_guy_carleton has joined #nixos-dev
<clever>
samueldr: i believe it was a channel update, that changed the major version of qt, and made plasma incompatible with the old qt in .nix-profile
<clever>
but thats more about 2 qt things within a single .nix-profile breaking eachother
sir_guy_carleton has quit [Quit: WeeChat 2.0]
<samueldr>
clever: thanks, good to know it's not *only* between channels, but also inside one channel (though I was pretty sure it would also fail in that case)
<samueldr>
(since there's nothing magical between channels)
orivej has joined #nixos-dev
niksnut_ is now known as niksnut
catern has quit [Excess Flood]
<Mic92>
Now I really think I should have a promotion slide in my nixcon talk
<gchristensen>
what is your talk on, Mic92?
<Mic92>
promotion slide for NUR, the actual talk is about the nix sandbox and breakpoints (#42371)