| 19 Jun 2025 |
 rosssmyth | * So far I've found building for mingwW64 to be pretty easy. I have a Rust DLL I ship to customers I build with Nix. | 15:44:26 |
| rosssmyth | And my setup is basically this https://github.com/RossSmyth/rustNixExample/blob/rustTemplate/flake.nix | 15:45:02 |
| 20 Jun 2025 |
 aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | Not sure if here is the place to ask it, but why don't we set __darwinAllowLocalNetworking = true in darwin stdenv? | 16:08:32 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | This is causing problems for contributors, just because the situation on darwin platform is different from Linux, and people without a machine don't know how to properly fix it. | 16:10:23 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | And it's even undocumented | 16:14:50 |
 emily | it's a purity hole | 17:23:53 |
| emily | Darwin doesn't have network namespaces, Linux does | 17:23:57 |
| emily | in particular you can puncture the sandbox with it somewhat, although the Darwin sandbox is moderately porous to begin with | 17:24:28 |
| emily | see e.g. https://github.com/NixOS/nix/pull/11270#issue-2456432178 | 17:25:03 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
see e.g. https://github.com/NixOS/nix/pull/11270#issue-2456432178 That's pretty unfortunate | 17:49:09 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | But what we are mostly doing now is just enabling it for derivations needing it | 17:50:07 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | instead of e.g. skipping related tests | 17:50:37 |
| emily | right. well I don't think it's a problem to set when needed | 17:53:44 |
| emily | it might not be the end of the world to just allow the networking stuff unconditionally. but conversely I don't think it's that bad to have to add one line for packages that require it either | 17:54:02 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
it might not be the end of the world to just allow the networking stuff unconditionally. but conversely I don't think it's that bad to have to add one line for packages that require it either The problem is, we haven't documented it, and a lot of people just don't know it exists | 17:54:52 |
| emily | we should certainly add it to the Nix/Nixpkgs manuals, yeah | 17:55:20 |
| emily | there's a lot of Darwin stuff people aren't necessarily expected to know though, that's why we have the @NixOS/darwin-maintainers ping :) | 17:55:46 |
| emily | (and he understanding that it's okay to leave stuff broken on Darwin if nobody responds quickly to the ping) | 17:56:00 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
there's a lot of Darwin stuff people aren't necessarily expected to know though, that's why we have the @NixOS/darwin-maintainers ping :) Considering that many people do not have macOS devices, when a change can be built directly on foreign platforms instead of needing some manual attempt to confirm whether it can be built, the impression of contributors will be much better | 17:57:24 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | Just like we now don't have to set darwin sdks explicitly | 17:57:54 |
| emily | there's always going to be platform differences that make things build on one platform but another | 17:58:14 |
| emily | I do agree that making things "just work" as much as possible is good, but it trades off against other values | 17:58:28 |
| emily | (and I think Darwin is much closer to that than it used to be – FWIW there's some 500 instances of __darwinAllowLocalNetworking in the tree, which is a lot but not that many compared to how many packages we have to begin with) | 17:58:51 |
| emily | (you do still have to specify the SDK version explicitly in some cases… and sometimes dependencies should be omitted for Darwin) | 17:59:37 |
| emily | it's good when stuf fis portable as much as possible though | 17:59:44 |
| emily | but tbh most packages do not run loopback servers during tests | 17:59:52 |
| emily | I haven't thought that much about how much value we get out of needing to make it explicit, but generally I'd say derivations being able to talk over the network is a pretty bad default | 18:00:23 |
| aleksana 🏳️⚧️ (force me to bed after 18:00 UTC) | In reply to @emilazy:matrix.org
I haven't thought that much about how much value we get out of needing to make it explicit, but generally I'd say derivations being able to talk over the network is a pretty bad default Why don't we disable it for Linux as well so we get some consistency | 18:00:52 |
| emily | btw, it is not needed on Hydra at all, since Hydra does not use the sandbox | 18:01:03 |
| emily | for better or worse | 18:01:11 |
