| 26 Oct 2024 |
 gluonix | thanks | 00:43:07 |
| gluonix | I am trying to figure out how to obtain the same bit-for-bit builds inside a docker container, compared to outside, just with nix build | 00:43:55 |
| gluonix | from running diffoscope, one thing that stands out is the different build paths | 00:44:30 |
| gluonix | For instance, without docker:
/build/cargo-vendor-dir/...`
versus, with docker:
/tmp/nix-build-teleport.drv-0/cargo-vendor-dir/...
| 00:46:27 |
| gluonix | * For instance, without docker:
/build/cargo-vendor-dir/...
versus, with docker:
/tmp/nix-build-teleport.drv-0/cargo-vendor-dir/...
| 00:46:40 |
 Artturin | https://github.com/NixOS/nix/blob/3db75b00602a7a937c1e983e01c071100102c18c/src/libstore/unix/build/local-derivation-goal.cc#L1167 | 00:48:07 |
| Artturin | Definition is a few lines up | 00:48:25 |
| Artturin | You can enable sandboxing https://hub.docker.com/r/nixos/nix shows how | 00:49:33 |
| gluonix | yes, ok, I was reading about this | 00:49:51 |
| gluonix | This applies to the docker-nixpkgs images as well right? I am using nix flakes so the image nix-flakes or cachix-flakes is convenient. | 00:50:34 |
| Artturin | In reply to @switch3flip:matrix.org
This applies to the docker-nixpkgs images as well right? I am using nix flakes so the image nix-flakes or cachix-flakes is convenient. Should work in any docker with nix | 00:51:06 |
| gluonix | Does this also mean that we cannot use docker build to build nix packages, but instead we must create the build environment with docker and use docker run --privileged ... ro tun a container in which we build the nix package? | 00:52:39 |
| gluonix | * Does this also mean that we cannot use docker build to build sandboxed nix packages, but instead we must create the build environment with docker and use docker run --privileged ... ro tun a container in which we build the nix package? | 00:53:00 |
| Artturin | I don't know what docker build does | 00:53:25 |
| Artturin | https://stackoverflow.com/questions/48098671/build-with-docker-and-privileged | 00:54:44 |
| gluonix | whoa, thanks, that was exactly what I was asking about | 00:55:47 |
| Artturin | You could just build the image with nix instead of docker build | 00:56:59 |
| Artturin | * You could just build the image with nix instead of docker build
There's builders for that in nixpkgs. | 00:59:53 |
| gluonix | ah yes, good idea, the reason I wish to use docker right now is for integration purposes as we have a larger system that uses docker to build "stuff" and we only nix for a specific component as it has higher requirements with respect to reproducible builds | 01:02:26 |
| gluonix | as you may know, nix has a steep learning curve, hence most dev teams prefer docker, unless they have no choice 😆 | 01:03:01 |
