!lheuhImcToQZYTQTuI:nixos.org

Nix on macOS

1163 Members
“There are still many issues with the Darwin platform but most of it is quite usable.” — http://yves.gnu-darwin.org188 Servers

Load older messages

SenderMessageTime
19 Nov 2025
@toonn:matrix.orgtoonn Since it's the common case it shouldn't be broken more than is unavoidable, no? 10:42:34
@weethet:catgirl.cloudWeetHet

Setting SSL_CERT_FILE to a non-existent file doesn't fix anything, there are 2 options:

  1. The build would randomly break with an error which is difficult to trace to SSL_CERT_FILE being /no-cert-file.crt
  2. The program would see that the file doesn't exist and ignore the variable entirely and still continue to access whatever it would if it was unset
10:45:01
@weethet:catgirl.cloudWeetHetNeither behaviour is very nice honestly10:45:14
@weethet:catgirl.cloudWeetHet Setting it to /no-cert-file.crt does nothing in 99% of the cases and breaks the remaining 1% which is using native macOS keychain in FODs 10:46:32
@weethet:catgirl.cloudWeetHet If you really want to set it to something set it to NIX_SSL_CERT_FILE but this is also incorrect since now the program that expects that it would use native keychain now starts using the .crt file 10:47:33
@supertrond:matrix.orgTrond joined the room.10:48:09
@weethet:catgirl.cloudWeetHetThis is still better than having a non-existent file since it wouldn't break immediately and for nixpkgs you can't rely on some certificates being installed locally 10:48:28
@weethet:catgirl.cloudWeetHetSo maybe this is the correct way for nixpkgs10:48:45
@weethet:catgirl.cloudWeetHetBut the current behaviour is objectively incorrect10:49:00
@toonn:matrix.orgtoonn I don't see how using the native keychain is right during builds. There's no way to manage that from Nix so it'd mean builds could never be pure. 10:53:10
@7karni:matrix.org7karni joined the room.10:55:52
@weethet:catgirl.cloudWeetHetI'm still talking about FODs 10:55:56
@weethet:catgirl.cloudWeetHetThey can use whatever certs they want as long as the output hash matches10:56:22
@weethet:catgirl.cloudWeetHet

The other option still is

# Prevent SSL libraries from using certificates in /etc/ssl, unless set explicitly.
# Leave it in impure shells for convenience.
if [[ -z "${NIX_SSL_CERT_FILE:-}" && "${IN_NIX_SHELL:-}" != "impure" ]]; then
  export NIX_SSL_CERT_FILE=/no-cert-file.crt
fi
# Another variant left for compatibility.
if [[ -z "${SSL_CERT_FILE:-}" && "${IN_NIX_SHELL:-}" != "impure" ]]; then
  export SSL_CERT_FILE=$NIX_SSL_CERT_FILE
fi
11:00:46
@weethet:catgirl.cloudWeetHetWhich is still better than the current one11:00:55
@toonn:matrix.orgtoonn For FODs I agree, if the hash matches there's no purity problem. But that shell excerpt has nothing to do with FODs, no? 11:31:28
@reckenrode:matrix.orgRandy Eckenrode How would that break using Keychain? Do some libraries not try to use it if you set SSL_CERT_FILE? 11:34:06
@reckenrode:matrix.orgRandy Eckenrode(Even if it doesn’t exist.)11:35:09
@weethet:catgirl.cloudWeetHetAs far as I can tell this just uses the bundle of the variable is set11:35:19
@weethet:catgirl.cloudWeetHet Given that unseting it fixes there run 11:35:50
@weethet:catgirl.cloudWeetHet * 11:35:59
@weethet:catgirl.cloudWeetHet * 11:41:35
@weethet:catgirl.cloudWeetHet * 11:41:52
@thbltp:matrix.orgthbltdarwin-rebuild fails with "error: permission denied when trying to update apps, aborting activation. home-manager requires permission to update your apps, please accept the notification and grant the permission for your terminal emulator in System Settings. If you did not get a notification, you can navigate to System Settings > Privacy & Security > App Management.". I didn’t get a notification so I tried adding both wezterm and terminal to "app management", but as soon as I restart the darwin-rebuild they get removed from the list16:04:58
@thbltp:matrix.orgthbltFound the issue https://github.com/nix-community/home-manager/issues/817416:10:30
@samasaur:matrix.orgsamasaur yeah it seems like a 26.1–specific bug that only affects home-manager and not nix-darwin, which implies that sudo avoids the issue 16:18:26
@samasaur:matrix.orgsamasaurdid removing the directory work for you?16:18:34
@samasaur:matrix.orgsamasauralso are you actually in 26.1 or is this wider-spread than I thought16:18:48
@samasaur:matrix.orgsamasaur* also are you actually on 26.1 or is this wider-spread than I thought16:18:54
@reckenrode:matrix.orgRandy Eckenrode 

/private/var/folders/yf/1c0ncp6s14n1sb_87_640lsm0000gn/T/nix-shell.WPcGoT/source/build/src/compiler/clc/mesa_clc -o src/kosmickrisp/vulkan/kkcl.spv --depfile src/kosmickrisp/vulkan/libkk_shaders.h.d ../src/kosmickrisp/vulkan/cl/kk_query.cl ../src/kosmickrisp/vulkan/cl/kk_triangle_fan.cl -- -I/private/var/folders/yf/1c0ncp6s14n1sb_87_640lsm0000gn/T/nix-shell.WPcGoT/source/src/compiler/libcl -I/private/var/folders/yf/1c0ncp6s14n1sb_87_640lsm0000gn/T/nix-shell.WPcGoT/source/src/kosmickrisp/vulkan/. -I/private/var/folders/yf/1c0ncp6s14n1sb_87_640lsm0000gn/T/nix-shell.WPcGoT/source/src -fmacro-prefix-map=../= -fmacro-prefix-map=/private/var/folders/yf/1c0ncp6s14n1sb_87_640lsm0000gn/T/nix-shell.WPcGoT/source/= -fmacro-prefix-map=/private/var/folders/yf/1c0ncp6s14n1sb_87_640lsm0000gn/T/nix-shell.WPcGoT/source/build/= -cl-std=cl2.0 -D__OPENCL_VERSION__=200 -DHAVE___BUILTIN_FFS -DHAVE___BUILTIN_CLZ
LLVM ERROR: Option 'greedy' already exists!
18:43:18

Show newer messages

Back to Room ListRoom Version: 6