| 24 Oct 2024 |
|  Julian Zboril set a profile picture. | 21:52:55 |
| 25 Oct 2024 |
|  gluonix joined the room. | 05:23:17 |
| gluonix | Hi, trying to understand why building a flake in a docker container yields a different binary than when building with nix on host machine. | 05:24:33 |
| gluonix | https://discourse.nixos.org/t/building-flake-inside-docker-differs-from-outside/54899/3 | 05:37:02 |
|  @aniketd:matrix.org left the room. | 06:21:41 |
| 26 Oct 2024 |
| gluonix | What variable controls the build directory when using nix build? | 00:01:57 |
 Artturin | In reply to @switch3flip:matrix.org
What variable controls the build directory when using nix build? https://nix.dev/manual/nix/2.24/language/derivations.html#builder-execution | 00:42:05 |
| Artturin | And source is unpacked to sourceRoot and then cd to it for the rest of the build https://github.com/NixOS/nixpkgs/blob/54830391487253422f0ccab55fc557b2e725ace0/pkgs/stdenv/generic/setup.sh#L1712 | 00:42:37 |
| Artturin | * And src is unpacked to sourceRoot and then cd to it for the rest of the build https://github.com/NixOS/nixpkgs/blob/54830391487253422f0ccab55fc557b2e725ace0/pkgs/stdenv/generic/setup.sh#L1712 | 00:42:46 |
| gluonix | thanks | 00:43:07 |
| gluonix | I am trying to figure out how to obtain the same bit-for-bit builds inside a docker container, compared to outside, just with nix build | 00:43:55 |
| gluonix | from running diffoscope, one thing that stands out is the different build paths | 00:44:30 |
| gluonix | For instance, without docker:
/build/cargo-vendor-dir/...`
versus, with docker:
/tmp/nix-build-teleport.drv-0/cargo-vendor-dir/...
| 00:46:27 |
| gluonix | * For instance, without docker:
/build/cargo-vendor-dir/...
versus, with docker:
/tmp/nix-build-teleport.drv-0/cargo-vendor-dir/...
| 00:46:40 |
| Artturin | https://github.com/NixOS/nix/blob/3db75b00602a7a937c1e983e01c071100102c18c/src/libstore/unix/build/local-derivation-goal.cc#L1167 | 00:48:07 |
| Artturin | Definition is a few lines up | 00:48:25 |
| Artturin | You can enable sandboxing https://hub.docker.com/r/nixos/nix shows how | 00:49:33 |
| gluonix | yes, ok, I was reading about this | 00:49:51 |
| gluonix | This applies to the docker-nixpkgs images as well right? I am using nix flakes so the image nix-flakes or cachix-flakes is convenient. | 00:50:34 |
| Artturin | In reply to @switch3flip:matrix.org
This applies to the docker-nixpkgs images as well right? I am using nix flakes so the image nix-flakes or cachix-flakes is convenient. Should work in any docker with nix | 00:51:06 |
| gluonix | Does this also mean that we cannot use docker build to build nix packages, but instead we must create the build environment with docker and use docker run --privileged ... ro tun a container in which we build the nix package? | 00:52:39 |
| gluonix | * Does this also mean that we cannot use docker build to build sandboxed nix packages, but instead we must create the build environment with docker and use docker run --privileged ... ro tun a container in which we build the nix package? | 00:53:00 |
| Artturin | I don't know what docker build does | 00:53:25 |
| Artturin | https://stackoverflow.com/questions/48098671/build-with-docker-and-privileged | 00:54:44 |
| gluonix | whoa, thanks, that was exactly what I was asking about | 00:55:47 |
| Artturin | You could just build the image with nix instead of docker build | 00:56:59 |
| Artturin | * You could just build the image with nix instead of docker build
There's builders for that in nixpkgs. | 00:59:53 |
| gluonix | ah yes, good idea, the reason I wish to use docker right now is for integration purposes as we have a larger system that uses docker to build "stuff" and we only nix for a specific component as it has higher requirements with respect to reproducible builds | 01:02:26 |
| gluonix | as you may know, nix has a steep learning curve, hence most dev teams prefer docker, unless they have no choice 😆 | 01:03:01 |
| 29 Oct 2024 |
| Julian Zboril changed their profile picture. | 17:10:18 |
