| 26 Nov 2025 |
 Mic92 | Jens Petersen: I can answer the question here, but in general the other matrix channel has more nix core dev reading. | 12:36:02 |
| Mic92 | * Jens Petersen: I can answer the question here, but in general the other matrix channel has more nix core dev members reading. | 12:36:15 |
 Jens Petersen | Okay no worries makes sense - let me try that first then, thanks! | 12:37:01 |
| Mic92 | Just ping me there as well. | 12:37:18 |
| Jens Petersen | Mic92: my question was just if/why /nix/var/nix/builds shouldn't be setup - it seems the current upstream nix/nixos installer doesn't but determinant and maybe your new experimental one does perhaps? | 12:39:28 |
| Jens Petersen | * Mic92: my question was just if/why /nix/var/nix/builds shouldn't be setup - it seems the current upstream nix/nixos installer doesn't but determinant and maybe your new experimental one does perhaps? Though I am sure when it is used | 12:40:42 |
| Jens Petersen | (sorry misread "here" for "there") | 12:41:23 |
 hexa | 
Download image.png | 12:41:40 |
| hexa | builds were previously happening below /tmp | 12:42:01 |
| hexa | but nix should be defaulting to /nix/var/nix/builds from 2.30.0 | 12:42:15 |
| hexa | (via https://discourse.nixos.org/t/nix-2-30-0-released/66449) | 12:42:36 |
| Jens Petersen | Ahh I see thank you so it is relatively new | 12:42:39 |
| Mic92 | We strongly recommend this for security because we had several issues related to other processes that might be able to create or take over build temporary directories in /tmp | 12:43:18 |
| Mic92 | * We strongly recommend thew new build dir for security because we had several issues related to other processes that might be able to create or take over build temporary directories in /tmp | 12:43:29 |
| Mic92 | It's like having /run being used for many modern services, except that we don't want to use /run because we would likely have builds that won't fit into memory. | 12:44:27 |
| Jens Petersen | Okay I see thank you! I will try 25.11pre - starting to make sense now - I think I got my answer 🙏 | 12:45:23 |
| Jens Petersen | * Okay I see thank you! I will try 25.11pre - starting to make sense now - I think I got my answer 🙏
(I was looking at 25.05) | 12:46:50 |
| Jens Petersen | * Okay I see thank you! I will try 25.11pre - starting to make sense now - I think I got my answer 🙏
(I was looking at 25.05) -- anyway I will try the other matrix channel next time | 12:47:41 |
| Jens Petersen | So actually then for older nix, /nix/var/nix/builds/ is not needed then I guess, right? | 12:55:50 |
| Jens Petersen | * So actually then for older nix, /nix/var/nix/builds/ is not needed then I guess, right?
(For Fedora EPEL I am targeting < 2.30) | 12:56:28 |
| hexa | it does have security implications, I'll suggest reading through https://lix.systems/blog/2025-06-24-lix-cves/ | 12:58:19 |
| Jens Petersen | (Okay indeed nixos-25.11pre has builds/ dir 👍️) | 12:58:43 |
| Mic92 | Jens Petersen: I would be interested, how it came about that Fedora now started packaging Nix, if you want to tell. | 13:32:05 |
| Mic92 | It seems like you put quite a bit of effort into it following the upstream nix history for it. | 13:32:34 |
| Jens Petersen | Mic92: hahaha - well other distros have nix packaged of course - so I think there was a sense we were missing it and also users seem to want to have it available... I had a user repo for a long time, but the /nix was kind of a blocker - but just recently we got an exception to allow use of /nix by nix in fedora.... Coincidently RPM (C version) just turned 30 years recently 😂 | 13:37:00 |
| Mic92 | Nix is also not much younger than that. | 13:37:34 |
| Jens Petersen | But I am not actually a heavy or experienced nix user - but somehow I stepped because I packaged in a user repo and that was quite popular | 13:37:39 |
| Jens Petersen | * But I am not actually a heavy or experienced nix user - but somehow I stepped up because I packaged in a user repo and that was quite popular | 13:37:49 |
| Jens Petersen | * But I am not actually a heavy or experienced nix user - but somehow I stepped up because I packaged it in a user repo and that was quite popular | 13:38:39 |
| Mic92 | Yeah that's always a bit of a challenge with packaging in other distros. Packagers are often not deeply invested, because otherwise they would likely run NixOS. | 13:39:00 |
