| 26 Nov 2025 |
 Jens Petersen | (sorry misread "here" for "there") | 12:41:23 |
 hexa | 
Download image.png | 12:41:40 |
| hexa | builds were previously happening below /tmp | 12:42:01 |
| hexa | but nix should be defaulting to /nix/var/nix/builds from 2.30.0 | 12:42:15 |
| hexa | (via https://discourse.nixos.org/t/nix-2-30-0-released/66449) | 12:42:36 |
| Jens Petersen | Ahh I see thank you so it is relatively new | 12:42:39 |
 Mic92 | We strongly recommend this for security because we had several issues related to other processes that might be able to create or take over build temporary directories in /tmp | 12:43:18 |
| Mic92 | * We strongly recommend thew new build dir for security because we had several issues related to other processes that might be able to create or take over build temporary directories in /tmp | 12:43:29 |
| Mic92 | It's like having /run being used for many modern services, except that we don't want to use /run because we would likely have builds that won't fit into memory. | 12:44:27 |
| Jens Petersen | Okay I see thank you! I will try 25.11pre - starting to make sense now - I think I got my answer 🙏 | 12:45:23 |
| Jens Petersen | * Okay I see thank you! I will try 25.11pre - starting to make sense now - I think I got my answer 🙏
(I was looking at 25.05) | 12:46:50 |
| Jens Petersen | * Okay I see thank you! I will try 25.11pre - starting to make sense now - I think I got my answer 🙏
(I was looking at 25.05) -- anyway I will try the other matrix channel next time | 12:47:41 |
| Jens Petersen | So actually then for older nix, /nix/var/nix/builds/ is not needed then I guess, right? | 12:55:50 |
| Jens Petersen | * So actually then for older nix, /nix/var/nix/builds/ is not needed then I guess, right?
(For Fedora EPEL I am targeting < 2.30) | 12:56:28 |
| hexa | it does have security implications, I'll suggest reading through https://lix.systems/blog/2025-06-24-lix-cves/ | 12:58:19 |
| Jens Petersen | (Okay indeed nixos-25.11pre has builds/ dir 👍️) | 12:58:43 |
| Mic92 | Jens Petersen: I would be interested, how it came about that Fedora now started packaging Nix, if you want to tell. | 13:32:05 |
| Mic92 | It seems like you put quite a bit of effort into it following the upstream nix history for it. | 13:32:34 |
| Jens Petersen | Mic92: hahaha - well other distros have nix packaged of course - so I think there was a sense we were missing it and also users seem to want to have it available... I had a user repo for a long time, but the /nix was kind of a blocker - but just recently we got an exception to allow use of /nix by nix in fedora.... Coincidently RPM (C version) just turned 30 years recently 😂 | 13:37:00 |
| Mic92 | Nix is also not much younger than that. | 13:37:34 |
| Jens Petersen | But I am not actually a heavy or experienced nix user - but somehow I stepped because I packaged in a user repo and that was quite popular | 13:37:39 |
| Jens Petersen | * But I am not actually a heavy or experienced nix user - but somehow I stepped up because I packaged in a user repo and that was quite popular | 13:37:49 |
| Jens Petersen | * But I am not actually a heavy or experienced nix user - but somehow I stepped up because I packaged it in a user repo and that was quite popular | 13:38:39 |
| Mic92 | Yeah that's always a bit of a challenge with packaging in other distros. Packagers are often not deeply invested, because otherwise they would likely run NixOS. | 13:39:00 |
| Mic92 | * Yeah that's always a bit of a challenge with packaging in other distros. Packagers are often not deeply in the Nix ecosystem, because otherwise they would likely run NixOS. | 13:39:16 |
| Jens Petersen | I hope it settles down because it has been plenty of work both upstream and downstream | 13:39:18 |
| Jens Petersen | Indeed | 13:39:33 |
| Jens Petersen | At least I think we have better manpages than upstream now haha | 13:40:11 |
| Mic92 | I can potentially also include in security announcements in the future. What is the normal fedora workflow for this? | 13:40:14 |
| Mic92 | * I can potentially also include you in security announcements in the future. What is the normal fedora workflow for this? | 13:41:18 |
