drakonis2 has quit [Read error: Connection reset by peer]
drakonis2 has joined #nixos-dev
drakonis has quit [Ping timeout: 256 seconds]
justanotheruser has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
justanotheruser has quit [Ping timeout: 272 seconds]
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 260 seconds]
justanotheruser has joined #nixos-dev
orivej_ has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
orivej_ has quit [Ping timeout: 264 seconds]
Guest76318 has quit [Remote host closed the connection]
orivej has joined #nixos-dev
zowoq[m] has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
orivej_ has joined #nixos-dev
orivej has joined #nixos-dev
orivej_ has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
orivej_ has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
justanotheruser has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
justanotheruser has joined #nixos-dev
drakonis1 has quit [Quit: WeeChat 2.8]
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
bhipple has quit [Ping timeout: 256 seconds]
bhipple has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
bhipple has quit [Remote host closed the connection]
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej_ has joined #nixos-dev
orivej has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
orivej_ has quit [Read error: Connection reset by peer]
nschoe has quit [Ping timeout: 272 seconds]
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
orivej_ has quit [Read error: Connection reset by peer]
orivej has quit [Ping timeout: 265 seconds]
orivej has joined #nixos-dev
alp has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
cole-h has quit [Quit: Goodbye]
FRidh has joined #nixos-dev
orivej has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
orivej has quit [Read error: Connection reset by peer]
orivej_ has joined #nixos-dev
orivej_ has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
orivej_ has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
alp has quit [Remote host closed the connection]
alp has joined #nixos-dev
justanotheruser has quit [Quit: WeeChat 2.7.1]
justanotheruser has joined #nixos-dev
ris has quit [Ping timeout: 246 seconds]
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
<garbas>
niksnut: to avoid having to bump things manually I would suggest we just "read" them from `released-nixpkgs` input. Am I missing any downside when doing this? https://github.com/NixOS/nixos-homepage/pull/464
<{^_^}>
nixos-homepage#464 (by garbas, 15 hours ago, open): Use nix and nixos version from released-nixpkgs input
alp has quit [Ping timeout: 272 seconds]
orivej has quit [Ping timeout: 260 seconds]
orivej_ has joined #nixos-dev
orivej_ has quit [Ping timeout: 258 seconds]
orivej has joined #nixos-dev
alp has joined #nixos-dev
<niksnut>
garbas: there's one problem, it means a new nix release doesn't become visible until nixpkgs has updated
<niksnut>
which could take days
<garbas>
niksnut: that is correct. once nix repo supports flake we can also follow nix repo. or we can already follow it with flake = false; option
<niksnut>
garbas: then maybe it's better to keep things as is until then?
<garbas>
niksnut: currently we also look up the released-nixpkgs input to show correct manual for nix. which happened that manual was lagging behind the release. the PR also follows the version bumping.
<Dandellion>
thanks graham!
<garbas>
I'm 0 on what we should do here since situation is not good either way. it might be less confusing to just be late with announcing the release to later and not having different version of manual. this is until we can use flake
<garbas>
oh we will still need to bump the redirect in netlify.toml until we managed to publish nix release to channels.nixos.org or somewhere else
<garbas>
maybe i should work first on this part. is there a script which uploads stuff to releases.nixos.org? or is this done manually for now?
<LnL>
if the idea looks good I'd like to take a stab at it so it could be used by ofborg for evaluation checks of old releases
garbas has joined #nixos-dev
garbas has quit [Remote host closed the connection]
garbas has joined #nixos-dev
garbas has quit [Client Quit]
garbas has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
alp has joined #nixos-dev
orivej_ has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
orivej has quit [Ping timeout: 256 seconds]
luc65r has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
alp has joined #nixos-dev
orivej has quit [Ping timeout: 260 seconds]
orivej_ has joined #nixos-dev
<adisbladis>
domenkozar[m]: Do you have something to render NixOS options with ReST/Sphinx?
<domenkozar[m]>
nope, but we do have it for asciidoc and it should be easy to add that
alp has quit [Ping timeout: 246 seconds]
alp has joined #nixos-dev
<gchristensen>
it might be interesting to have a second type of string context for run-time string contexts, like "${pkgs.bash} -c '${runtime(/run/wrappers/foo)}'" -> that string has the context of bash and /run/wrappers/foo, in a way that the evaluator can do things with it
<gchristensen>
to then take that string and write out, say, an SELinux/apparmor policy
<manveru>
that'd be awesome :)
<manveru>
ideally context would just be an attrset itself...
<manveru>
but i guess it's a bit late for changing that
<gchristensen>
:)
<manveru>
i just built an auto-sandboxing for executables using systemd-run using context :)
<gchristensen>
yeah
<gchristensen>
nice!
<gchristensen>
do wont :P
<gchristensen>
do want*
<manveru>
but as you say... it just doesn't work for anything not in the nix store, so you have to add additional permissions
<manveru>
hehe
<manveru>
it's part of my nomadix project, but haven't released it yet
<ajs124>
how is it different from the systemd service confinement we already have?
Valodim has quit [Ping timeout: 256 seconds]
<gchristensen>
what I'm talking about would be default-closed, and the service confinement is default-open
orivej_ has quit [Ping timeout: 258 seconds]
<gchristensen>
and that requires running everything in a systemd service
<manveru>
atm my idea is that i write a nomad job, use `nix copy` to get the paths on all machines, and then `nomad job run` to actually run it...
<ajs124>
gchristensen: It does really seem like that. We actually do that for most the services we run, with apparmor. I think I've talked about it, it's pretty similar to the systemd confinement. It also only works for services right now and sadly isn't really in any shape that's fit for nixpkgs, right now.
<gchristensen>
manveru: so cool
<gchristensen>
ajs124: :o I am excited to hear you already do this
<manveru>
even nicer would be if it could fetch its closure itself, but that gets complicated... would be cool if there was a nix command that produces a nix file that describes the whole closure so you can just copy it over :P
<LnL>
my thing doesn't handle strings tho, just packages
<manveru>
anw, i like it for just a weekend hack :)
<ajs124>
gchristensen: we mostly do this, because it makes us sleep better at night ^^
<ajs124>
This also tangentially relates to #87661, which might turn into an RFC someday, but I wasn't really involved in the discussions around that.
<{^_^}>
rfcs#41 (by e-user, 1 year ago, closed): [RFC 0041] SELinux Support
<ajs124>
right. I remember that. SELinux has other problems (technologically) though, when it comes to nix, right?
<gchristensen>
they seem to think it'd be okay
<ajs124>
I'm actually even subscribed to it… my memory really isn't what it used to be, otherwise I'd have referenced it in that PR.
alp has quit [Remote host closed the connection]
<gchristensen>
there is too much in the ol' noggin to remember every rfc :)
alp has joined #nixos-dev
<infinisil>
gchristensen: Crazy idea: What if built binaries were wrapped with a script that does `nix-build <derivation that runs the binary in its build> --option extra-sandbox-paths <paths it is allowed to access>`
orivej has quit [Read error: Connection reset by peer]
<gchristensen>
that IS a crazy idea and I like it :D
<infinisil>
Along with some stdin/stdout mapping to make it work
<manveru>
infinisil: and no I/O or networking?
orivej has joined #nixos-dev
<infinisil>
manveru: Networking can work with --option allowed-uris
<gchristensen>
maybe that, but with automatic firejail'ing or something
<ajs124>
AFAIR firejail isn't to be trusted
* gchristensen
moves the emphasis on to "or something"
<infinisil>
Oh, what if the nix-build idea was flipped around: We change Nix to rely on <some flexible sandboxing tool> to do its build sandbox, which then allows us to easily configure it for runtime-use as well
<adisbladis>
infinisil: I got you ;)
Valodim has joined #nixos-dev
<gchristensen>
hehe
<adisbladis>
I was experimenting with OCI for "nix builds" the other week http://ix.io/2obv/python
<infinisil>
:o
<ajs124>
how does the nix build sandbox work? directly controlling cgroups?
<adisbladis>
ajs124: Yep
<gchristensen>
w.r.t. selinux though, they call it a labeling system -- to patch up the holes in the other labeling system (user,group)-based permissions. not sure adding more labels is the problem/solution :P
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
<domenkozar[m]>
anyone knows if there's a way to check if stdenv is final or bootstrapping on linux?
<domenkozar[m]>
ah could check the name
<Ericson2314>
niksnut: So for IPFS address in the narinfo file, where the narinfo file is gotten from https (which does help that scale a lot better for the time being), where you thinking that would mean getting a narinfo from one store object and then looking up the underlying data in another store object?
<Ericson2314>
That is a non-trivial change that excites me, but I want to double check that is something you had in mind before I got on another refactoring spree 🙂
<manveru>
guess it'll still segfault on electron-debug, but can't have everything :)
<Ericson2314>
does cache.nixos.org ever include the "CA" field in its narinfo files?
<domenkozar[m]>
would be great if that's not an abbreviation since it's an overloaded one
<domenkozar[m]>
I first thought it's in context of certificates
luc65r has quit [Ping timeout: 272 seconds]
<Ericson2314>
oh haha
<Ericson2314>
yeah it is the content address
luc65r has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
<FRidh>
domenkozar[m]: the work on nix errors printing, would that help with issues when people want to build a derivation but a dependency throws an error, to see what package is having that failing dependency? Or should we improve the traces for this in nixpkgs?
<domenkozar[m]>
the work so far was just to provide infrastructure for better errors, fixing the errors to be better is a whole new package of work :)
<domenkozar[m]>
but it depends on the error you have in mind
drakonis has joined #nixos-dev
drakonis2 has quit [Ping timeout: 246 seconds]
drakonis_ has joined #nixos-dev
drakonis1 has joined #nixos-dev
_e has quit [Quit: WeeChat 2.7.1]
drakonis has quit [Ping timeout: 256 seconds]
<kloenk>
What editors are common to use for hacking on nix? I'm trying to find one, which gives me at least a little bit of autocompletion and go to definition funtcionality
drakonis_ has quit [Ping timeout: 258 seconds]
<infinisil>
kloenk: Well common are vim and emacs, but none offer auto-completion or go-to-definition
<infinisil>
Still an open problem :)
<alexarice[m]>
infinisil: kloenk I get a little autocompletion on emacs, but I agree it isn't full autocompletion
<kloenk>
alexarice[m]: emacs has the problem of having to learn it :)
<alexarice[m]>
kloenk: I guess, I use it for everything so it feels like if I can use emacs for something, that's one less thing to learn
<alexarice[m]>
I think I miss go-to-definition the most, I spend so much time grepping nixpkgs
<kloenk>
alexarice[m]: yeah. I thought of learning it. But I think it's still missing wayland support. so a no go at the moment
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
<alexarice[m]>
kloenk: that is true, I have to run it through xwayland
<alexarice[m]>
no one seems to care enough at the moment
<kloenk>
alexarice[m]: are you using it for nix or for nixpkgs?
<alexarice[m]>
kloenk: nixpkgs, I haven't messed with the nix codebase at all
<alexarice[m]>
I assumed you were talking about hacking nix code, not hacking the nix program, sorry if I got confused
<LnL>
oh you mean the c++ codebase?
<LnL>
I use clangd which should work with any LSP compatible editor
orivej_ has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
orivej has quit [Ping timeout: 264 seconds]
<kloenk>
LnL: ok, will see how to get clangd. just installed vscode and it takes ages for go to definition
drakonis has joined #nixos-dev
drakonis1 has quit [Ping timeout: 256 seconds]
justanotheruser has quit [Ping timeout: 260 seconds]
drakonis1 has joined #nixos-dev
alp has joined #nixos-dev
calbrech` has quit [Ping timeout: 272 seconds]
ris has joined #nixos-dev
cole-h has joined #nixos-dev
justanotheruser has joined #nixos-dev
<kloenk>
LnL: I'm not able to set up a compile_commands.json. I tried compiledb and bear, but It stops working at all if I have something in there
<LnL>
kloenk: weird, worked pretty well for me last time I tried
<kloenk>
LnL: could you send me a file to diff them? maybe there is the error? I'm working on the flakes branch, so also could come from there
ruuda has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
<LnL>
kloenk: hmm, perhaps because I use nix-shell --arg useClang true?
nschoe has joined #nixos-dev
<kloenk>
LnL: will try that (if its still there) how are you generating the db? or what are you using?
<LnL>
on linux also bear
alp has joined #nixos-dev
<LnL>
for darwin I use something weird because there's no nice alternative that works there
<kloenk>
LnL: yeah, useClang seems to bee removed.
<LnL>
I just ran that
<kloenk>
LnL: just working on nixos, so linux
<kloenk>
LnL: the useClang is removed on the flakes branch because of the use of an flake.nix. so not available on the part I'm trying to work on
<LnL>
ah flakes, then you'll have to add it there
<LnL>
or something like devShellClang
ruuda has quit [Quit: ruuda]
<LnL>
stdenv -> clangStdenv is the only difference afaik
<kloenk>
ok, thanks. will see to play around a little
mdlayher has joined #nixos-dev
<mdlayher>
TIL this channel! Should have joined way sooner. I'm looking for a review on https://github.com/NixOS/nixpkgs/pull/89810 and am happy to trade a review from me! Specifically I'm most familiar with Go packages.
<{^_^}>
#89810 (by mdlayher, 1 day ago, open): prometheus-keylight-exporter: init at 0.1.1
alp has quit [Ping timeout: 246 seconds]
ris has quit []
ris has joined #nixos-dev
alp has joined #nixos-dev
luc65r has quit [Quit: Quit]
nschoe has quit [Ping timeout: 272 seconds]
cstrahan has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
sorear has quit [Ping timeout: 246 seconds]
jared-w has quit [Read error: Connection reset by peer]
jared-w has joined #nixos-dev
sorear has joined #nixos-dev
__monty__ has quit [Quit: leaving]
justanotheruser has quit [Ping timeout: 264 seconds]