| 17 Nov 2025 |
 raitobezarius | Thanks! | 18:50:41 |
 WeetHet | Working on it | 18:50:42 |
| WeetHet | Tangentially there's also /usr/share/icu | 18:51:25 |
| WeetHet | Which is the biggest offender for sandboxProfile in nixpkgs | 18:51:49 |
 Randy Eckenrode | Is that because of system frameworks? | 18:56:28 |
 spewdins | Thanks for letting me know about this | 18:56:38 |
| WeetHet | Might be | 18:56:50 |
| Randy Eckenrode | Because otherwise they should be using darwin.ICU for data. | 18:56:57 |
| WeetHet | Redacted or Malformed Event | 18:57:03 |
| WeetHet | Oh, it's about /usr/share/icu | 18:57:19 |
| spewdins | I know / communicated with Torrekie! In like 2018 or something | 18:57:27 |
| WeetHet | Redacted or Malformed Event | 18:57:43 |
 Alyssa Ross | realistically this work needs to go upstream | 18:57:58 |
| spewdins | Well, in any case I’m building a compositor and needed wayland running so here we go | 18:58:05 |
| Alyssa Ross | it's the only way it's going to keep working | 18:58:05 |
| WeetHet | It's dotnet stuff I prefer to not touch that | 18:58:07 |
| WeetHet | They also need
(allow file-read* (subpath "/private/var/db/mds/system"))
(allow mach-lookup (global-name "com.apple.SecurityServer")
(global-name "com.apple.system.opendirectoryd.membership"))
| 18:59:29 |
| WeetHet | For some reason | 18:59:32 |
| Randy Eckenrode | The .NET stuff should be using darwin.ICU. That’s one of the reasons why it exists. Packages can use DYLD_LIBRARY_PATH. I don’t think we should be weakening the sandbox for convenience. | 19:01:12 |
| WeetHet | https://gerrit.lix.systems/c/lix/+/4572 | 19:35:37 |
| raitobezarius | WeetHet how much urgent is this? | 19:36:34 |
| raitobezarius | we are literally doing 2.94.0 release engineering right now | 19:36:43 |
| WeetHet | Not very urgent but I would prefer if it was in 2.94 | 19:37:01 |
| WeetHet | * Not very urgent but I would prefer if it was in 2.94.something | 19:37:08 |
| WeetHet | For now people (me) can use a patch or add extra sandbox configuration to config.nix | 19:37:32 |
| WeetHet | * For now people (me) can use a patch or add extra sandbox configuration to nix.conf | 19:37:37 |
| raitobezarius | this is merged | 19:38:04 |
| raitobezarius | this bypassed normal process due to the situation | 19:38:13 |
| WeetHet | I've built with the patch and it worked fine seemingly | 19:38:48 |
| WeetHet | Shouldn't affect more than a couple psychos like me who run with full sandbox on darwin even if it's bugged somehow | 19:39:34 |
