| 30 Nov 2025 |
 Jules Lamur | mhh I think that's because /nix/store is root:nogroup in the new user ns | 21:55:10 |
 raitobezarius | That's very weird to have EINVAL on chown? Do you have a clean mount namespace? | 21:55:12 |
| raitobezarius | In reply to @jlamur:matrix.org
mhh I think that's because /nix/store is root:nogroup in the new user ns So subuid delegation | 21:55:24 |
 WeetHet | WYM? | 21:56:57 |
| raitobezarius | In reply to @weethet:catgirl.cloud
WYM? The surface of API calls used for nix-doc is extremely low and trivial | 21:57:48 |
| raitobezarius | It's absolutely not representative of general purpose FFI for CLI alas | 21:58:05 |
| WeetHet | Autocxx doesn't support exceptions 😞 | 21:59:46 |
| WeetHet | * Autocxx doesn't support exceptions | 21:59:53 |
| WeetHet | But there's a PR: https://github.com/google/autocxx/pull/1426 | 22:00:05 |
| raitobezarius | Seems too old :p | 22:31:42 |
| raitobezarius | Even if C++ exceptions were tackled, not sure how to interpp C++ coroutines and Rust async coroutine transformations | 22:32:39 |
|  @anouk:kif.rocks left the room. | 23:28:51 |
 niko ⚡️ | and this is even more unexpected: nix-building a file like this { __functor = self: <derivation>; }, which obviously isn't "valid" nix code (technically valid, but for the sake of brevity let's just say it's invalid), actually builds the derivation... what? Surely this is not expected, that's not how functors work | 23:51:11 |
| niko ⚡️ | Some more cursed observations. Given file:
# foo.nix
{
foo = "hi from outside";
__functor = _: {
foo = "hi from inside";
};
}
We can observe:
$ nix-instantiate --eval foo.nix
{ __functor = <CODE>; foo = "hi from outside"; }
$ nix-instantiate --eval foo.nix -A foo
"hi from inside"
| 23:57:39 |
| 1 Dec 2025 |
| niko ⚡️ | I guess this is kinda expected given how nix-build works, but still. I don't like this. And better yet:
# foo.nix
{
__functor = _: {
foo = "hi from inside";
};
}
# bar.nix
{
__functor = _: {}: {
foo = "hi from inside";
};
}
# baz.nix
{
__functor = _: _: {
foo = "hi from inside";
};
}
$ nix-instantiate --eval foo.nix -A foo
"hi from inside"
$ nix-instantiate --eval bar.nix -A foo
"hi from inside"
$ nix-instantiate --eval baz.nix -A foo
error: the value being indexed in the selection path 'foo' at '' should be a set but is a function: «lambda __functor @ baz.nix:2:18»
| 00:02:11 |
| raitobezarius | In reply to @niko:nrab.lol
and this is even more unexpected: nix-building a file like this { __functor = self: <derivation>; }, which obviously isn't "valid" nix code (technically valid, but for the sake of brevity let's just say it's invalid), actually builds the derivation... what? Surely this is not expected, that's not how functors work Auto call semantics mindfucking again? | 00:21:20 |
| raitobezarius | (yes all my homies hate *deep* auto calls.) | 00:21:36 |
| niko ⚡️ | Like, how does that even work in the first place? __functor has to always at least be a function which returns a function? At least in normal nix code, then how the hell does nix-instantiate apply that | 00:23:12 |
| raitobezarius | Where does it say that functors has to return a function? | 00:46:48 |
| raitobezarius | IIRC, functors have definitely been abused to make attrsets callables returning new non functional results | 00:47:12 |
| niko ⚡️ | Well, trying to call { __functor = x: 1; } will always error in normal nix code with integer is not a function | 00:51:39 |
| niko ⚡️ | So while not strictly invalid nix code, since you can still do { __functor = x: 1; }.__functor {} and get a valid result, it's not a valid functor per se | 00:52:54 |
|  @georgyo:nycr.chat left the room. | 02:57:38 |
| WeetHet | For CLI I think a blocking API should be enough? On that note, it could also be noexcept as well I guess | 06:29:31 |
|  @acidbong:envs.net left the room. | 06:43:48 |
 aloisw | You don't need delegation for the sandbox to work, just working user, PID and mount namespaces. | 06:44:30 |
| aloisw | (Yes working mount namespaces includes that you can actually mount things, Ubuntu.) | 06:44:43 |
| aloisw | root:nogroup is very weird, are you sure you have the UID and GID mapping set up properly? | 06:46:13 |
| aloisw | I think it should work if the store is owned by your user and your current UID and GID are identity-mapped. | 06:46:42 |
 piegames | In reply to @niko:nrab.lol
Like, how does that even work in the first place? __functor has to always at least be a function which returns a function? At least in normal nix code, then how the hell does nix-instantiate apply that This is a good question, could just be that the autocaller simply is ass here | 07:35:04 |
