!OqhvaDMJdKYUicLDiE:nixos.org

Nixpkgs Stdenv

187 Members
59 Servers

Load older messages

SenderMessageTime
27 Jun 2025
@reckenrode:matrix.orgRandy EckenrodeI’ll probably start splitting things up and cleaning it up again this weekend. I’m going to let Linux Swift be broken for a while because I need to get some of this stuff out for Darwin.01:58:48
@rosscomputerguy:matrix.orgTristan Ross
In reply to @reckenrode:matrix.org
I created an issue to track Darwin stuff that mentions it, but I’m pretty sure it references Tristan Ross’s existing PR.
Oh yeah, I think I remember that issue 		01:58:50
@reckenrode:matrix.orgRandy EckenrodeThe only issue I know with using the system libc++ is the WASI stuff in Rust doesn’t like it.01:59:03
@reckenrode:matrix.orgRandy EckenrodeBut I have no idea how/why it works currently if it does.01:59:19
@rosscomputerguy:matrix.orgTristan Ross

Been working on GCC NG and cross has 1 issue left:

hello> In file included from /nix/store/51pba7q0zhhrzy7ia5yq273r49fa4hz2-glibc-riscv64-unknown-linux-gnu-2.40-66-dev/include/stdlib.h:1159,
hello>                  from lib/stdlib.h:51,
hello>                  from src/system.h:25,
hello>                  from src/hello.c:25:
hello> /nix/store/51pba7q0zhhrzy7ia5yq273r49fa4hz2-glibc-riscv64-unknown-linux-gnu-2.40-66-dev/include/bits/stdlib.h: In function 'wctomb':
hello> /nix/store/51pba7q0zhhrzy7ia5yq273r49fa4hz2-glibc-riscv64-unknown-linux-gnu-2.40-66-dev/include/bits/stdlib.h:98:3: error: #error "Assumed value of MB_LEN_MAX wrong"
hello>    98 | # error "Assumed value of MB_LEN_MAX wrong"
hello>       |   ^~~~~
02:11:23
@rosscomputerguy:matrix.orgTristan RossI have cross compilation working03:27:53
@rosscomputerguy:matrix.orgTristan RossIg I could mark the PR for GCC NG as ready then03:29:09
@emilazy:matrix.orgemily
In reply to @reckenrode:matrix.org
I want to see how badly things break actually doing builds on case-sensitive APFS.
you'll need to set temp-dir to be in the partition too 		09:33:47
@emilazy:matrix.orgemilyotherwise it should just work I think09:33:54
@reckenrode:matrix.orgRandy Eckenrode
In reply to @emilazy:matrix.org
you'll need to set temp-dir to be in the partition too

https://lix.systems/blog/2025-06-24-lix-cves/

Hardening the build directory

As mentioned earlier, Lix used to rely on a shared temp directory to stage builds before copying them to the Nix store.

A better approach is to move the build directory into a location that’s under the exclusive control of the Nix daemon.

That’s what we’ve done: Lix now stages builds in /nix/var/nix/builds, a secure area controlled by the daemon.

10:31:01
@reckenrode:matrix.orgRandy Eckenrode
In reply to @emilazy:matrix.org
you'll need to set temp-dir to be in the partition too
*

According to the blog post about the recent CVEs, they moved it in the fixed daemon.

https://lix.systems/blog/2025-06-24-lix-cves/

Hardening the build directory

As mentioned earlier, Lix used to rely on a shared temp directory to stage builds before copying them to the Nix store.

A better approach is to move the build directory into a location that’s under the exclusive control of the Nix daemon.

That’s what we’ve done: Lix now stages builds in /nix/var/nix/builds, a secure area controlled by the daemon.

10:32:11
@emilazy:matrix.orgemilyI know10:33:49
@emilazy:matrix.orgemily temp-dir is different 10:33:51
@emilazy:matrix.orgemily e.g., builtin fetchers go into temp-dir 10:33:56
@emilazy:matrix.orgemilybecause they aren't builds10:33:59
@emilazy:matrix.orgemily you need case-sensitivity for those too, so you need temp-dir = /nix/tmp and to ensure that /nix/tmp exists with usual tempdir permissions 10:34:15
@emilazy:matrix.orgemily for nix(1) to use 10:34:19
@emilazy:matrix.orgemily (this is a Lix thing, I'm not sure Nix has temp-dir) 10:34:47
@emilazy:matrix.orgemily (I think they might have backported it but not sure. but it's why build-dir by itself is not sufficient) 10:35:00
@reckenrode:matrix.orgRandy EckenrodeDoes anything in nixpkgs use builtin fetchers?10:35:19
@emilazy:matrix.orgemily 
  nix.settings = {
    use-case-hack = false;
    temp-dir = "/nix/tmp";
  };

  system.activationScripts.preActivation.text = ''
    mkdir -p /nix/tmp
    chmod 1777 /nix/tmp
  '';
10:35:25
@emilazy:matrix.orgemilyflakes use them, for instance10:35:30
@emilazy:matrix.orgemily I think there's other random things where temp-dir matters, I forget 10:35:46
@emilazy:matrix.orgemilythis should be sufficient though and could presumably be upstreamed10:36:02
@emilazy:matrix.orgemilyoh hmmm10:39:21
@emilazy:matrix.orgemily okay it looks like Lix actually uses $XDG_CACHE_HOME 10:39:33
@emilazy:matrix.orgemily so I don't know if temp-dir helps for that, it might just be broken 10:39:39
@emilazy:matrix.orgemily I think you need temp-dir for nix develop to work with case-sensitivity though? 10:41:05
@emilazy:matrix.orgemilynot sure.10:41:08
@emilazy:matrix.orgemily but that's for Git repo stuff which should be safe to store case-insensitively and tarballs go directly into the store or something? I don't know. I declare myself unqualified to have an opinion without further digging but I know that temp-dir was added to Lix specifically for case-sensitive store reasons 10:43:22

Show newer messages

Back to Room ListRoom Version: 9