Nixpkgs Stdenv - Public Room Timeline

	Nixpkgs Stdenv	218 Members
		69 Servers

You have reached the beginning of time (for this room).

Sender	Message	Time
27 Jun 2025
Randy Eckenrode	I’ll probably start splitting things up and cleaning it up again this weekend. I’m going to let Linux Swift be broken for a while because I need to get some of this stuff out for Darwin.	01:58:48
Tristan Ross	In reply to @reckenrode:matrix.org I created an issue to track Darwin stuff that mentions it, but I’m pretty sure it references Tristan Ross’s existing PR. Oh yeah, I think I remember that issue	01:58:50
Randy Eckenrode	The only issue I know with using the system libc++ is the WASI stuff in Rust doesn’t like it.	01:59:03
Randy Eckenrode	But I have no idea how/why it works currently if it does.	01:59:19
Tristan Ross	Been working on GCC NG and cross has 1 issue left: hello> In file included from /nix/store/51pba7q0zhhrzy7ia5yq273r49fa4hz2-glibc-riscv64-unknown-linux-gnu-2.40-66-dev/include/stdlib.h:1159, hello> from lib/stdlib.h:51, hello> from src/system.h:25, hello> from src/hello.c:25: hello> /nix/store/51pba7q0zhhrzy7ia5yq273r49fa4hz2-glibc-riscv64-unknown-linux-gnu-2.40-66-dev/include/bits/stdlib.h: In function 'wctomb': hello> /nix/store/51pba7q0zhhrzy7ia5yq273r49fa4hz2-glibc-riscv64-unknown-linux-gnu-2.40-66-dev/include/bits/stdlib.h:98:3: error: #error "Assumed value of MB_LEN_MAX wrong" hello> 98 \| # error "Assumed value of MB_LEN_MAX wrong" hello> \| ^~~~~	02:11:23
Tristan Ross	I have cross compilation working	03:27:53
Tristan Ross	Ig I could mark the PR for GCC NG as ready then	03:29:09
emily	In reply to @reckenrode:matrix.org I want to see how badly things break actually doing builds on case-sensitive APFS. you'll need to set temp-dir to be in the partition too	09:33:47
emily	otherwise it should just work I think	09:33:54
Randy Eckenrode	In reply to @emilazy:matrix.org you'll need to set temp-dir to be in the partition too https://lix.systems/blog/2025-06-24-lix-cves/ Hardening the build directory As mentioned earlier, Lix used to rely on a shared temp directory to stage builds before copying them to the Nix store. A better approach is to move the build directory into a location that’s under the exclusive control of the Nix daemon. That’s what we’ve done: Lix now stages builds in `/nix/var/nix/builds`, a secure area controlled by the daemon.	10:31:01
Randy Eckenrode	In reply to @emilazy:matrix.org you'll need to set temp-dir to be in the partition too * According to the blog post about the recent CVEs, they moved it in the fixed daemon. https://lix.systems/blog/2025-06-24-lix-cves/ Hardening the build directory As mentioned earlier, Lix used to rely on a shared temp directory to stage builds before copying them to the Nix store. A better approach is to move the build directory into a location that’s under the exclusive control of the Nix daemon. That’s what we’ve done: Lix now stages builds in `/nix/var/nix/builds`, a secure area controlled by the daemon.	10:32:11
emily	I know	10:33:49
emily	`temp-dir` is different	10:33:51
emily	e.g., builtin fetchers go into `temp-dir`	10:33:56
emily	because they aren't builds	10:33:59
emily	you need case-sensitivity for those too, so you need `temp-dir = /nix/tmp` and to ensure that `/nix/tmp` exists with usual tempdir permissions	10:34:15
emily	for `nix(1)` to use	10:34:19
emily	(this is a Lix thing, I'm not sure Nix has `temp-dir`)	10:34:47
emily	(I think they might have backported it but not sure. but it's why `build-dir` by itself is not sufficient)	10:35:00
Randy Eckenrode	Does anything in nixpkgs use builtin fetchers?	10:35:19
emily	`nix.settings = { use-case-hack = false; temp-dir = "/nix/tmp"; }; system.activationScripts.preActivation.text = '' mkdir -p /nix/tmp chmod 1777 /nix/tmp '';`	10:35:25

Show newer messages

Back to Room ListRoom Version: 9