<abathur>
speculative question for anyone with a handle on nix-daemon internals; is it feasible to book-end the entire set of builds triggered by a single user invocation of nix with commands run as root in order to disable and re-enable an overzealous macOS security feature? :)
red[evilred] has joined #nixos-dev
<red[evilred]>
You know what? Perl gave me 15 years of good honest work
<red[evilred]>
so I'll never say a bad word about it
justanotheruser has joined #nixos-dev
justan0theruser has quit [Ping timeout: 244 seconds]
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
alp has quit [Remote host closed the connection]
orivej has quit [Ping timeout: 256 seconds]
drakonis has quit [Quit: WeeChat 2.8]
<cole-h>
abathur: Something I thought of regarding your earlier question... would `pre-build-hook` and `post-build-hook` be acceptable?
<abathur>
ugh this bug label making me look like a noob :(
<cole-h>
It would only be able to disable the syspolicyd stuff when using a daemon install ("When using the nix-daemon, the daemon executes the hook as root. If the nix-daemon is not involved, the hook runs as the user executing the nix-build.")
<abathur>
hmm
<abathur>
maybe, assuming it's not significant that it's under post-build-hook but not pre
<cole-h>
It looks like it only executes a program, so you'd probably have to make a shell script for it and pass that
<abathur>
oh, it's each build though
<abathur>
each build might be better than nothing--not sure
<abathur>
it looks like it's taking 15-30ms an invocation on my system to enable/disable it
<cole-h>
F
kalbasit has quit [Ping timeout: 256 seconds]
<abathur>
which could add up, but may still be better than the time the assessments take
<abathur>
dunno, good note though, I definitely wasn't aware of the hooks
<abathur>
<3 cole-h
<{^_^}>
cole-h's karma got increased to 78
<cole-h>
abathur: Is there any reason one wouldn't want to disable syspolicyd and get rid of the problem altogether?
<cole-h>
I haven't read anything about it, so I don't know if it's net-good or net-bad or neutral.
<abathur>
yeah, I I don't really know how much "security" it provides
<abathur>
fwiw I'm not certain it can be auto-durably-disabled by a normal user
<abathur>
I think maybe mdm profiles can
<abathur>
but I've seen references to it re-enabling
<abathur>
dunno if on a schedule or on reboot or what
<cole-h>
Sounds really annoying... lol
<abathur>
I haven't really tried that out, though, it might be as simple as a bashrc/profile thing
red[evilred] has quit [Quit: Idle timeout reached: 10800s]
<abathur>
hmm, dunno; I think I set it up right but the hook isn't running; out of energy for debugging this late; will poke at it again tomorrow
cole-h has quit [Quit: Goodbye]
FRidh has joined #nixos-dev
FRidh has quit [Ping timeout: 240 seconds]
FRidh has joined #nixos-dev
orivej has joined #nixos-dev
alp has joined #nixos-dev
orivej has quit [Ping timeout: 272 seconds]
orivej has joined #nixos-dev
alp has quit [Ping timeout: 244 seconds]
ckauhaus has joined #nixos-dev
alp has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
alp has quit [Remote host closed the connection]
alp_ has joined #nixos-dev
alp_ is now known as alp
ixxie has joined #nixos-dev
alp has quit [Ping timeout: 246 seconds]
alp has joined #nixos-dev
__monty__ has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
bennofs_ has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
bennofs has quit [Ping timeout: 246 seconds]
orivej has quit [Ping timeout: 272 seconds]
orivej_ has joined #nixos-dev
orivej_ has quit [Ping timeout: 265 seconds]
orivej has joined #nixos-dev
ixxie has quit [Quit: Lost terminal]
FRidh has quit [Ping timeout: 258 seconds]
FRidh has joined #nixos-dev
dongcarl has quit [Read error: Connection reset by peer]
dongcarl has joined #nixos-dev
alp has joined #nixos-dev
<gchristensen>
domenkozar[m]: I think I've found a bug in the new Nix error handling code, but I'm super novice with gdb. I don't suppose you could help me?
<domenkozar[m]>
best to ping Ben I think
<domenkozar[m]>
he doesn't hang around IRC
<gchristensen>
dang
<worldofpeace>
hmm, noticing a weird thing with the cachix nix install action in a repo
<worldofpeace>
domenkozar: awesome, automate all the things. Did that
<gchristensen>
anyone seen this in nixUnstable? "terminate called after throwing an instance of 'boost::wrapexcept<boost::io::too_few_args>' what(): boost::too_few_args: format-string referred to more arguments than were passed" I'm having a bear of a time figuring out where it is coming from.
<gchristensen>
nix-2.4pre7805_984e5213
<LnL>
that's one of the boost fmt things
<gchristensen>
yeah
<LnL>
maybe there's a warning in the build log?
<gchristensen>
I don't see any warnings or anything in the nix-build log output