| 24 Jan 2022 |
 tomberek | but practically, there are probably easier ways to hijack what nix build does... i think there is a bit more we can do in verifying the contents. | 22:45:09 |
| tomberek | perhaps signing eval cache entries with the signing-key? That makes them more distributable as well! | 22:47:23 |
 moritz.hedtke | But it's not affecting the daemon? It's just affecting client side stuff? | 22:50:34 |
| 25 Jan 2022 |
| tomberek | i'm not very familiar with the eval cache system wrt when it kicks it, daemon usage, etc. But i'll start focusing on it, because i think it'll start to matter soon. (interestingly nix eval doesn't seem to use the eval cache?!) | 00:04:11 |
 Théophane | tomberek: I don’t think it’s a security issue since it requires shell access anyways. And at that point you’re pretty much screwed-up | 06:46:19 |
| Théophane | In reply to @tomberek:matrix.org
perhaps signing eval cache entries with the signing-key? That makes them more distributable as well! The thing though is that the cache entries only make sense if you have the drv file available, otherwise they have to be discarded. So that limits the distribuability a lot | 06:47:06 |
| Théophane | In reply to @tomberek:matrix.org
i'm not very familiar with the eval cache system wrt when it kicks it, daemon usage, etc. But i'll start focusing on it, because i think it'll start to matter soon. (interestingly nix eval doesn't seem to use the eval cache?!) I take it you’re already aware of https://github.com/NixOS/nix/pull/4511 . Feel free to take it from here if you want to 🙂 | 06:48:05 |
| tomberek | Théophane: yes, i took a look at it, but think it may be worth a discussion first. | 06:50:34 |
| Théophane | Yes, probably | 07:01:02 |
| Théophane | (And actually I’d be very careful if I had to rewrite or continue it, because I lost an awful lot of time tracking some performance regressions until I finally give up) | 07:01:51 |
| moritz.hedtke | In reply to @theophane:hufschmitt.net
tomberek: I don’t think it’s a security issue since it requires shell access anyways. And at that point you’re pretty much screwed-up As we allow package installation for unprivileged users it could on theory be a security issue. But I think eval is done on the client side | 09:03:50 |
| tomberek | Could use a review and thoughts on: https://github.com/NixOS/nix/pull/5456 | 09:17:49 |
| Théophane | moritz.hedtke: Yes, eval is done on the client side anyways. So all you can do is screw-up your evaluation results, which is something you could do by changing the Nix interpreter anyways | 09:23:08 |
|  Buckley joined the room. | 16:36:25 |
| Buckley | if i have myflake -> flakeB -> flakeC, how can I make flakeC follow my nixpkgs rev? tried inputs.flakeB.inputs.flakeC.inputs.nixpkgs.follows, but seems to have no effect | 16:39:16 |
| Buckley | hmmm, so by defining the flakeC dependency in my flake, and adding inputs.flakeB.inputs.flakeC.follows i can get it to work | 16:53:22 |
| Buckley | im trying to pull down the latest colmena without pulling down two versions of nixpkgs.
inputs.nix-eval-jobs = {
url = "github:zhaofengli/nix-eval-jobs/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs.colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nix-eval-jobs.follows = "nix-eval-jobs";
};
| 16:56:02 |
| Buckley | * im pulling down the latest colmena without pulling down two versions of nixpkgs.
inputs.nix-eval-jobs = {
url = "github:zhaofengli/nix-eval-jobs/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs.colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nix-eval-jobs.follows = "nix-eval-jobs";
};
| 16:56:34 |
| 28 Jan 2022 |
 edrex | where is defaultPackage documented? Not finding it in https://nixos.org/manual/nix/unstable/ | 18:41:03 |
 bew | In reply to @edrex:matrix.org
where is defaultPackage documented? Not finding it in https://nixos.org/manual/nix/unstable/ You can find it mentioned here, as the default 'installable' : https://nixos.org/manual/nix/stable/command-ref/new-cli/nix.html?highlight=defaultPackage#installables | 18:44:36 |
 flyx | can I make the fish prompt line show when I'm in a nix develop shell? | 18:49:23 |
| edrex | In reply to @bew:matrix.org
You can find it mentioned here, as the default 'installable' : https://nixos.org/manual/nix/stable/command-ref/new-cli/nix.html?highlight=defaultPackage#installables thanks bew, i overlooked that in search results | 19:54:23 |
| * edrex wishes there were a "thank you" emoji. ❤️ and 👍️ don't really work | 19:55:07 |
| edrex | i want to contrib a flake.nix to a rust program, https://github.com/Mange/tydra (I think it could be cool to make nix run menus for flakes). i don't want to introduce too much extra maintenance overhead tho. | 19:58:58 |
| edrex | ideally, updating flake.lock from crate should be automatic. Is https://www.srid.ca/rust-nix up to date? | 20:01:34 |
| bew | In reply to @flyx:flyx.org
can I make the fish prompt line show when I'm in a nix develop shell? Try to look at https://github.com/NixOS/nix/issues/3862 | 22:09:11 |
| bew | In reply to @edrex:matrix.org
wishes there were a "thank you" emoji. ❤️ and 👍️ don't really work `thank you` works well (; | 22:09:50 |
| 30 Jan 2022 |
| edrex | I'm trying to install the default package from a flake in my home.nix, and having some trouble figuring out how to deal with system. I guess the nature of flakes requires threading system through everything? | 20:53:00 |
| edrex | Trying to replicate https://github.com/srid/nixos-config/blob/915a3f80eeca3d7dcf423be637bc961bc800acba/home.nix#L6 | 20:53:08 |
| edrex | any examples of how to install a package from a flake in an included file (rather than in /etc/nixos/flake.nix itself)? | 20:54:05 |
