| 15 Dec 2023 |
 @joepie91:pixie.town | hm | 02:04:45 |
| * @joepie91:pixie.town probably doesn't have the energy to debug further tonight tbh | 02:07:51 |
| *  avocadoom will go to bed now, but is hopeful that someone maybe has an answer or at least an idea where this error comes from | 02:09:45 |
| avocadoom | But I'm really happy with the help so far, thx ♥️ | 02:10:21 |
| * avocadoom * will go to bed now, but is hopeful that someone maybe has an answer or an idea where this error comes from | 02:10:44 |
| avocadoom | I guess this is some hugo specific problem with how they handle npm stuff | 02:11:23 |
 Lily Foster | In reply to @avocadoom:avocadoom.de
I guess this is some hugo specific problem with how they handle npm stuff Yeah I'm poking at it now. It works fine when using a buildNpmPackage-based environment, so I'm trying to root out what it's doing differently without it that gets all spooked | 02:13:25 |
| Lily Foster | i'm pretty sure it's something with npx trying to write to places it shouldn't though | 02:17:03 |
| Lily Foster | since hugo just does an npx --no-install babel ... internally unconditionally afaict | 02:17:30 |
| Lily Foster | wait | 02:19:40 |
| Lily Foster | you are setting export HOME=./ | 02:19:46 |
| Lily Foster | that, uh, won't work | 02:19:49 |
| Lily Foster | you need export HOME="$PWD" or something | 02:20:11 |
| Lily Foster | (fwiw, since i have to run this without sandbox, i get a completely different error on my system) | 02:21:10 |
| Lily Foster | (as well. btw) | 02:21:17 |
| Lily Foster | * (like different than yours with the same derivation, btw) | 02:21:30 |
| Lily Foster | oh, the /var/empty is the home dir in /etc/passwd for the nixbld users (which I'm using auto-allocate-uids so i don't use) | 02:24:30 |
| Lily Foster | * oh, the /var/empty is the home dir in /etc/passwd for the nixbld users (which I'm using auto-allocate-uids so i don't have) | 02:24:34 |
| Lily Foster | this means for some reason the HOME var is gone by that point? | 02:34:10 |
| Lily Foster | for libuv to fall back to getpwuid_r for determining home dir | 02:34:24 |
| Lily Foster | ah. hugo strips the var before execing stuff... | 02:36:12 |
| Lily Foster | if it's not explicitly specified in config.toml | 02:36:37 |
| Lily Foster | naturally | 02:36:39 |
| Lily Foster | so back to why buildNpmPackage works out of the box with this. it looks like nix sets up a /etc/passwd in the sandbox when you use one, and because npmHooks.npmConfigHook sets up npm with directories to do stuff in, npx will find the npm config via home dir in /etc/passwd and then know where to go from there for cache dir. but given this derivation is intended to run with no sandbox, the reliance on /etc/passwd obviously no longer holds | 02:41:46 |
| Lily Foster | as for what to do about it if you don't want to use a builder, you can probably just set osEnv = ['HOME'] in security.exec in your config.toml | 02:43:43 |
| Lily Foster | * as for what to do about it if you don't want to use a builder, you can probably just set osEnv = ['HOME', 'PATH'] in security.exec in your config.toml | 02:45:16 |
| Lily Foster | yeah that seems to work in some testing with your derivation above avocadoom | 02:45:32 |
 Wanja Hentze | oh no is this $HOME vs. getpwuid again | 02:47:18 |
| Lily Foster | In reply to @whentze:matrix.org
oh no is this $HOME vs. getpwuid again with a hugo curveball since it allows you to execute a program that could still read arbitrary files (including /proc/*/environ for current uid!) but scrubs the environment of even useful variables by default for "security" | 02:48:19 |
 raitobezarius | very secure | 02:48:54 |
