 | Nix Rust | 691 Members |
| Rust | 158 Servers |
| Nix Rust | 691 Members |
| Rust | 158 Servers |
| Sender | Message | Time |
|---|---|---|
| 24 Feb 2025 | ||
 wilfredallyn set a profile picture. | 00:05:17 | |
| 26 Feb 2025 | ||
 samw joined the room. | 09:50:20 | |
| 27 Feb 2025 | ||
 Niklas Korz | Toma: I think I just found out why cargo-about has issues with git-fetched crates in nixpkgs, and wondered if you had any idea how/if fetchCargoVendor could accomodate this use-case. The affected crates for which cargo-about fails to read the LICENSE are from a monorepo, where the LICENSE file is referenced in each crate's Cargo.toml but is located in the parent directory (the root of the repository). For fetchCargoVendor, the parent directory is the vendor directory itself, not the root of the crate's git repository, resulting in this error: | 16:08:10 |
| Niklas Korz | * Toma: I think I just found out why cargo-about has issues with git-fetched crates in nixpkgs, and wondered if you had any idea how/if fetchCargoVendor could accomodate this use-case. The affected crates for which cargo-about fails to read the LICENSE are from a Cargo workspace git repo, where the LICENSE file is referenced in each crate's Cargo.toml but is located in the parent directory (the root of the repository). For fetchCargoVendor, the parent directory is the vendor directory itself, not the root of the crate's git repository, resulting in this error: | 16:08:32 |
| Niklas Korz | Ok minor correction, the LICENSE file is not referenced by the crate's Cargo.toml but by the cargo-about config of the project that depends on them (in this case, zed-editor): | 16:11:18 |
 undltd | Hi everyone. If I add cargo and rustc to system packages and try to run cargo run or cargo build, I'm getting error: linker \`cc\` not found. I do use nix develop with mkShell most of the time, where this problem does not appear. But I am also getting the same error from emacs when trying to use eglot, and I'm not sure how to counter that. | 16:27:11 |
| undltd | Preferably I would not even have cargo and rustc in global $PATH, but I want it to work in emacs when editing rust code with eglot. | 16:28:20 |
 emily | I would suggest using direnv with a Nix-based .envrc | 16:33:30 |
| emily | then you can make your editor inherit your nix develop environment | 16:33:42 |
| emily | (and as a bonus, get it just by cding into a project directory in your shell) | 16:33:50 |
| undltd | I'm a little scared of code executing when I cd into things, though using $PATH from various nix develop in emacs would be interesting | 16:38:19 |
 Charles | direnv requires you to manually allow each .envrc before executing it, so you have a chance to read it before you run it. It re-requests if the file changes too | 16:44:26 |
 Toma | In reply to @niklaskorz:korz.dev There is a PR that tries to fix the issue with symlinks. (Can't send the url atm) Though, if it's in the config file, I doubt it solves that. Would be interesting to see what upstream carg does about this. (fetchCargoTarball or the | 16:50:36 |
| Toma | A change could be made to fetchCargoVendor that doesn't only copy a crate's subtree, but the entire git tree. This would break the expectation of having all crates in the root of cargoDeps. Though this is something we've been considering doing anyways (to allow duplicate packages with the same version). I'm very satisfied with the fact that we can do all these changes without having to worry about breaking the FOD hash. | 18:06:56 |
 @r522:matrix.org | that being said, it doesn't re-request if the file didn't change but the flake did so doing an allow for some project that just uses (though in practice i don't think this is much of an issue if it's a project where you would execute the code of it anyways, the allow is just to stop you getting owned by a direnv you don't expect) | 21:51:12 |
| Charles | oh right shellHook exists | 21:51:52 |
| Charles | i forget about that | 21:51:56 |
| @r522:matrix.org | but yeah ultimately i don't think it's a problem they could also just insert malicious code into the project itself and own a lot more people than just nix users | 21:56:11 |
| @r522:matrix.org | requiring re-validation whenever the environment changes wouldn't be very helpful because there's no way you're actually going to read all the changes every time | 21:57:01 |
| emily | it'd be nice if there was a paranoid mode that based the permission on derivation hash | 23:14:09 |
| @r522:matrix.org | hmmm can you know that without actually running any binaries? (even in the presence of, say, IFD) | 23:25:17 |
| @r522:matrix.org | * hmmm can you know that without actually running any (project-supplied) binaries? (even in the presence of, say, IFD) | 23:25:27 |
| @r522:matrix.org | for the simple case of a git project honestly pinning it to the commit hash would be enough | 23:25:55 |
| @r522:matrix.org | "if the current hash isn't X, bail" | 23:26:01 |
| emily | I assume you mean "absence"? Nix eval should be safe, nominally | 23:36:39 |
| @r522:matrix.org | no i mean if you want to implement a paranoid mode, it would need to work even with IFD being used in the project | 23:38:48 |
| emily | well, it can just pass the Nix flag to disable IFD :) | 23:45:23 |
| emily | but also – that's still in the Nix sandbox | 23:45:33 |
| emily | which is a crummy security boundary admittedly | 23:45:36 |
| 28 Feb 2025 | ||
 niko ⚡️ | my humble opinion is that IFD should be axed and I run all my systems with allow-import-from-derivation = false so I wouldn't mind the paranoid mode not supporting IFD | 09:08:05 |