Sender | Message | Time |
---|---|---|
27 Apr 2024 | ||
pxc removed their profile picture. | 00:48:06 | |
nadir joined the room. | 18:23:12 | |
29 Apr 2024 | ||
NixOS Moderation Botchanged room power levels. | 15:29:21 | |
1 May 2024 | ||
NixOS Moderation Botchanged room power levels. | 15:06:27 | |
2 May 2024 | ||
@nick_kadutskyi:matrix.org joined the room. | 17:16:44 | |
@nick_kadutskyi:matrix.org set a profile picture. | 21:19:10 | |
6 May 2024 | ||
@nick_kadutskyi:matrix.org changed their display name from nick_kadutskyi to nickkadutskyi. | 17:33:25 | |
@nick_kadutskyi:matrix.org left the room. | 17:35:38 | |
8 May 2024 | ||
abathur | Matthew Kenigsberg & cole-h: given the events that were unfolding week before last I have not tried to pester the infra team or made other noteworthy progress on open issues--so I'm thinking we can skip this session unless either of you have something specific? | 02:02:24 |
cole-h | I'm fine with eitherĀ | 02:03:02 |
mkenigs | I did https://github.com/NixOS/experimental-nix-installer/pull/15 today - looks like we may need to tweak the actions so I could use input on those | 02:05:43 |
mkenigs | I also wasn't 100% sure on the tarball stuff | 02:06:24 |
abathur | ok, sounds like we'll have stuff to look at | 04:00:19 |
pxc | how nutty would it be to have a Nix installer attempt to get Fish users who are Nix novices (and maybe also Unix novices) have struggled getting their shell to 'nixify' properly forever. I've tried to work on it, and helped get something usable going for NixOS which is now also used in Nix-Darwin. But people still struggle, many years later, and other fun new shells (Elvish, Nushell, PowerShell, Xonsh, idk) face similar problems with Nix's POSIX initialization scripts I think we could easily have the Nix stuff happen before the user session starts with systemd on Linux and launchd on macOS | 06:37:25 |
pxc | * how nutty would it be to have a Nix installer attempt to get Fish users who are Nix novices (and maybe also Unix novices) have struggled getting their shell to 'nixify' properly forever. I've tried to work on it, and helped get something usable going for NixOS which is now also used in Nix-Darwin. But people still struggle, many years later, on foreign Linux and macOS. Other fun new shells (Elvish, Nushell, PowerShell, Xonsh, idk) face similar problems with Nix's POSIX initialization scripts I think we could easily have the Nix stuff happen before the user session starts with systemd on Linux and launchd on macOS | 06:38:13 |
pxc | The experimental new installer is already willing to get creative with this kind of stuff to avoid breakage on macOS, and I think it was a good choice. | 06:39:06 |
abathur | Have you tried setting this up with launchctl (and on what macOS version?) It sounds like (thanks to cole-h for finding my own past comments about this :)) we are hemmed in on the global environment point by macOS these days, see for example:
| 14:38:41 |
abathur | but if you've got it working on a newer macOS, perhaps they caused trouble for someone important and had to back off from the change? | 14:39:37 |
pxc | In reply to @abathur:matrix.org I do, but I don't think that's quite it, since I actually do get that error on my system (macOS 14.4.1) This works:
but this doesn't work:
| 15:46:35 |
pxc | I was assuming the restriction of launchctl setenv was limited this way from the start, but now that I think of it, maybe it was totally removed, then only partially backed off | 15:48:15 |
abathur | I'm less sure if anyone who encountered/reported the problem would've been doing it through the indirection of a launchagent/daemon | 15:49:44 |
abathur | though I'm also less confident that it isn't a bug/loophole apple will notice and close | 15:50:32 |
pxc | agreed, although Apple is basically inscrutable and liable to break anything at any time | 15:51:57 |
abathur | can you confirm whether doing it interactively as non-root outside of a launchagent works? | 15:53:53 |
abathur | I see someone asserting on the apple dev forum that it works w/o sudo | 15:54:10 |
pxc | yep, I've observed that as well | 15:54:32 |
abathur | but it seems a little strange to me that they'd restrict this for root but let normal users do it (unless maybe it's only actually affecting user processes and not root ones?) | 15:54:49 |
pxc | based on my testing I might venture a guess that what the SIP protection protects against is one user using elevated privileges to change the environment variable of another user's session in real-time, because those global LaunchAgents only affect new sessions but I'm not totally convinced of my own guess | 15:55:39 |
pxc | maybe there's some way to make the global LaunchAgent take effect immediately, like the per-user ones do | 15:56:03 |
pxc | I've been having Nix-Darwin generate the LaunchAgents I've been using to test. Here's what they look like, this example being the per-user one:
| 15:57:58 |