| 26 Nov 2025 |
 hexa | https://github.com/NixOS/nix/commits/2.24-maintenance/
https://github.com/NixOS/nix/commit/b0fab9f90b397a2b02f41df5f467ae3cf8b91c3c | 13:09:48 |
 Jens Petersen | Hmm interesting so in nixos seems only /nix/store has "special treatment" eg is owned by nixbld and has sticky bit | 13:10:11 |
 dramforever | yes | 13:10:45 |
| dramforever | i ... don't see the backporting of /nix/var/nix/build in 2.24 | 13:11:09 |
| dramforever | i don't think it was backported | 13:11:53 |
| hexa | I don't think that was ever backported | 13:12:06 |
| dramforever | so the answer is no | 13:12:19 |
| hexa | but what I linked is the remainder of the security fixes | 13:12:28 |
| dramforever | it's 2.30+ only | 13:12:23 |
| hexa | * but what I linked is the remainder of the security fixes that were | 13:12:32 |
| dramforever | but yeah i don't really understand what the deal with having to touch the internal structure of /nix/var/nix is | 13:12:58 |
| dramforever | well, there's tmpfiles | 13:13:08 |
| dramforever | but i don't get the "installation issue" | 13:13:19 |
| dramforever | does fedora need to manually approve every directory under /nix/var/nix? | 13:14:35 |
| Jens Petersen | dramforever: well either fedora provides /nix/var/nix/build or it doesn't - that is all (along with db/ gc.lock gcroots/ profiles/ temproots/) | 13:14:52 |
| dramforever | okay but why does it need to provide those | 13:15:28 |
| Jens Petersen | nixos does too, no? | 13:15:47 |
| dramforever | the nix daemon will happily make one by itself if one doesn't exist | 13:16:06 |
| dramforever | and also along with current-load, cgroups, profiles, userpool, just to name a few that apparently exists on my system | 13:16:31 |
| Jens Petersen | I see | 13:16:45 |
| Jens Petersen | Okay maybe it is needed without nix-daemon then | 13:17:03 |
| dramforever | no, same with nix not-daemon | 13:17:24 |
| Jens Petersen | Hmm I see | 13:17:35 |
| dramforever | nix is generally happy to start working with absolutely nothing | 13:17:45 |
| dramforever | see: the "diverted store" --store /path/to/some/local/dir | 13:18:03 |
| Jens Petersen | okay maybe I will experiment more later then, thanks | 13:18:12 |
| dramforever | if you ship some store paths to begin with then you should ship the corresponding db | 13:18:19 |
| dramforever | either as a file or some exported textual format | 13:18:32 |
| dramforever | * either as a sqlite db file or ~~some exported textual format~~ nix-store --dump-db | 13:18:59 |
| dramforever | * either as a sqlite db file or some exported textual format nix-store --dump-db | 13:19:07 |
