| 27 Sep 2024 |
 Mic92 | So it looks like the installer itself ensures, there is a certificate: https://github.com/NixOS/nix/blob/f8bd7e7e5c9686b2fed42c2ee9735fc61a28233c/scripts/install-multi-user.sh#L943 | 10:37:50 |
|  loudgolem changed their display name from phanirithvij to loudgolem. | 14:38:09 |
| loudgolem changed their profile picture. | 14:38:32 |
|  elikoga set a profile picture. | 16:27:18 |
 puck | Mic92 https://github.com/NixOS/nix/pull/11603 is not quite the right solution to the problem i described
nix successfully finds a CA bundle (the cacert one); but trying to use it inside builtin:fetchurl fails because the sandbox doesn't allow access to the CA certificate file | 16:31:26 |
| puck | you can replicate this on nixos by e.g. doing NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }' | 16:33:33 |
| puck | i was just using openSUSE as an example of it being broken out of the box on some systems now | 16:36:26 |
|  @artemis:arty.chat left the room. | 17:53:52 |
| 28 Sep 2024 |
| Mic92 | Redacted or Malformed Event | 07:36:35 |
| puck | are you on linux? | 07:38:45 |
| puck | on macOS, builtin:fetchurl isn't sandboxed | 07:38:55 |
| loudgolem | I am facing this issue in a git worktree (not a shallow clone)
$ nix --version
nix (Nix) 2.18.7
$ git worktree list
/shed/Projects/nixhome/nixpkgs 30439d93eb8b [nixos-unstable]
/shed/Projects/nixpkgs-worktrees/master fba54e879763 [bump-pagefind-1725329421]
$ pwd
/shed/Projects/nixpkgs-worktrees/master
$ nix build .#pagefind
error:
… while fetching the input 'git+file:///shed/Projects/nixpkgs-worktrees/master'
error: '/shed/Projects/nixpkgs-worktrees/master' is a shallow Git repository, but shallow repositories are only allowed when `shallow = true;` is specified.
it is working with nix build .?shallow=1#pagefind
| 11:10:01 |
| loudgolem | while in a real shallow clone, it works fine
[nix-shell:~/work/debug-action/debug-action/nixpkgs]$ git log
commit fba54e87976345a608a772635aae47c2c303d049 (grafted, HEAD -> bump-pagefind-1725329421, origin/bump-pagefind-1725329421)
Author: phanirithvij <phanirithvij2000@gmail.com>
Date: Sat Sep 28 16:25:48 2024 +0530
pagefind: nixfmt-rfc-style
[nix-shell:~/work/debug-action/debug-action/nixpkgs]$ nix build .#pagefind --print-out-paths
/nix/store/jmph2i2wjmxh5aglxg2ywmg4glv0p6h8-pagefind-1.1.1
| 11:23:10 |
| Mic92 | loudgolem: are you sure shallow clones work with nix 2.18? I think you need a newer nix version. | 14:27:14 |
| loudgolem | yeah my bad, in the second one using detsys nix | 14:27:51 |
| loudgolem | so with nix 2.18 worktrees are working as intended? | 14:28:44 |
| loudgolem | * so with nix 2.18 with git worktrees it is working as intended? | 14:29:06 |
| Mic92 | I don't know | 14:31:15 |
| Mic92 | https://github.com/NixOS/nix/pull/11610 | 15:10:58 |
| Mic92 | I didn't had the certificate verification patch in my fork. After that I was able to reproduce the tls error | 15:11:57 |
| 29 Sep 2024 |
|  LinearArray changed their profile picture. | 05:04:25 |
|  mrdev023 left the room. | 14:06:26 |
| mrdev023 joined the room. | 14:07:23 |
 trofi | In reply to @trofi:matrix.org
Specifically I see a SIGSEGV on a nix testsuite in the same function: https://bpa.st/raw/6YWTW Ended up being a compiler bug: https://gcc.gnu.org/PR116880 | 18:23:20 |
| 30 Sep 2024 |
| puck | Mic92 btw you may want to remove the n-o-m output on https://github.com/NixOS/nix/pull/11610/commits/c1ecf0bee973e620c9282bd71ddf1a5710968249 (and point directly to 37b22dae04f2da214e6b9bef3427e134280642ca instead of the merge commit?) | 22:57:37 |
| 1 Oct 2024 |
| Mic92 | I don't know what a n-o-m is | 01:31:13 |
| Mic92 | Need more characters | 01:31:30 |
| Mic92 | Ah nix-output-monitor | 01:35:00 |
| Mic92 | I will change it directly to the commit, but having the command that reproduces the error still seems useful to me. | 01:46:00 |
| puck | In reply to @joerg:thalheim.io
I will change it directly to the commit, but having the command that reproduces the error still seems useful to me. right, i just meant the spurious nix-output-monitor output, as it's caused by running with a non-standard store path | 02:18:18 |
