<colemickens>
if someone were just trying to hack and see how quickly things break...
<gchristensen>
it is a configuration at compilation time
<gchristensen>
but that is just the beginning
<gchristensen>
but I don't see changing it being a real thing
<colemickens>
it's like meta-DK. I know there's a bunch I don't know, but I don't know just how much I don't know.
<cole-h>
storedir=/dir/store and localstatedir=/dir/var are the most obvious ones
<cole-h>
(See Makefile.config{,.in})
<colemickens>
gchristensen: is there some other path that will allow me to evangelize nix, in good faith, to mac users?
<colemickens>
or is the workaround not as bad as its made out to be?
<colemickens>
thanks cole-h!
<cole-h>
Step 1) Get hired at Apple. Step 2) Undo that pain-causing change. Step 3) Evangelize to Mac users.
<gchristensen>
colemickens: the installer works on macos now, so not sure there needs to be anything bad faith
leungbk has quit [Ping timeout: 240 seconds]
<gchristensen>
that said, macos as an attractive development platform seems to be waning
<gchristensen>
I am anxious to see what happens with macos on arm. they declined(?) our request for a transition/development kit
ris has quit [Ping timeout: 272 seconds]
leungbk has joined #nixos-dev
<colemickens>
I should've booted a VM to TIAS before making the comment I made. I sort of have a threshold and it had been triggered by seeing too many posts in various places complaining Mac+nix, and then that Discourse thread, but it seems like many (all?) of these types of posts pre-dated the fixed Nix version.
<gchristensen>
yeah
<gchristensen>
quite likely
<infinisil>
How does the macos installer work now?
<gchristensen>
it creates a volume automatically and adds it to the synthetic.conf file for mounting
<gchristensen>
if filevault is enabled on any partition, it errors and asks the user to do that part
<colemickens>
And there's a good point there about acomodating a platform that seems to have bigger, (arguably more hostile) changes coming. Thanks for the info re the installer working ok.
<cole-h>
"ok" being the operative descriptor, there :P
<infinisil>
gchristensen: Neat
<gchristensen>
yeah :) abathur and LnL did really great work on that
<infinisil>
Soo, looks like macos is working fine then? Or is there a problem with that installation?
<gchristensen>
macos should be fine afaik
phreedom has joined #nixos-dev
<cole-h>
I'd argue that manual intervention isn't ideal (e.g. needing to deal with filevault). But it's as good as it'll get, I believe.
<gchristensen>
it is pretty complicated to get that right for all users in a bash script
<gchristensen>
(a lot of things we could change about that sentence, but not on short notice)
<abathur>
I think the status could be further improved if someone could find the time/energy to take up burke libbey's ruby script which had a better keychain implementation than we were using AFAIK
<abathur>
my knowledge about this is all 2nd hand, I haven't tried an encrypted install yet
<abathur>
but the initial flow we were trying with keychain wasn't decrypting until keychain was available, but it was possible for restored apps to already be loading by then and failing if they referenced /nix
<abathur>
their implementation puts the credential down in the system keychain, though, which is (apparently? it sounds like?) available early enough to avoid the problem we had with this that made it hard to make it a default option
<abathur>
I'm also leaving out a political part; I assume, because I can't imagine why someone would really care what the credential for their store is, that it's OK for us to generate a credential and silently stick it in the system keychain
<gchristensen>
if you're installing multi-user, it seems to come with the territory. if you're not.... it is less clear.
<abathur>
but it isn't clear to me whether I am so thoroughly normal here that it's genuinely an acceptable default to opt *everyone* with fv enabled into
<abathur>
true
orivej has quit [Ping timeout: 256 seconds]
<gchristensen>
it would be a good level of complexity to introduce a .pkg GUI installer
orivej_ has joined #nixos-dev
<infinisil>
Not really related to that: I wish we could turn on sandbox by default on darwin
<gchristensen>
it does have some sandboxing by default
<gchristensen>
but, yeah,
<infinisil>
Or maybe set it to relaxed mode and add __noChroot to the darwin derivations that don't work with the sandbox yet
<abathur>
I may half-fix that problem if I do establish a clear-enough performance issue on catalina+ to merit working around it in Nix (not that I'm sure there is such a threshold)
<abathur>
since it seems like the only vaguely viable workaround would entail multi-user installs anyways
<cole-h>
Why are single-user installs a thing? Is it for when the user wants to install Nix but doesn't have root privileges?
orivej_ has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 272 seconds]
orivej has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]