| 26 May 2021 |
 LnL | depends on what went wrong | 16:05:57 |
 Finn Behrens | If I look into the nix-daemon.plist (I don't have a clue how launchtl works), I see that NIX_SSL_CERT_FILE is set to /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt. But as this is the nix install itself, the path does not exists, as nix does not include this path | 16:09:30 |
| LnL | the installer installs both nix and cacert in the profile by default with nix-env -i | 16:10:12 |
| Finn Behrens | I'm installing nix via nix upgrade-nix --nix-store-path-urls <nix-store> seems like this is broken in nix master? | 16:11:20 |
| LnL | upgrade-nix only works when used exactly right in my experience | 16:12:09 |
| Finn Behrens | ok, maybe that is the issue. How would you suggest me to update the nix version, if I have a nix store path of a nix master build | 16:12:47 |
| LnL | depending on the type of install you'll need to run it as the local user or sudo -i | 16:13:26 |
| Finn Behrens | system, so I have a daemon, and a seperate apfs volume for /nix | 16:13:48 |
| LnL | and it doesn't have any logic for services so won't restart the daemon, etc. | 16:13:44 |
| LnL | regardless of the update if you don't have cacert installed in the default profile you'll probably want to recover that first | 16:15:37 |
| LnL | hopefully there's still one laying around in the store that you can nix-env -i <path> otherwise run nix-env as root with NIX_SSL_CERT_FILE set to some random cert bundle to bypass the daemon | 16:17:19 |
| Finn Behrens | I would like to not use nix-env, but nix profile. Will try around a bit, thanks for the starting points | 16:18:02 |
| LnL | same with that, unless you can't pass direct store paths as installables anymore | 16:20:13 |
| Finn Behrens | In reply to @daiderd:matrix.org
same with that, unless you can't pass direct store paths as installables anymore It's a bit more tricky, but last time I checked it worked as well | 16:20:37 |
| Finn Behrens | Worked very well. Now have a dirty nix, and a ssl cert without remounting the store rw :-). | 16:31:19 |
| Finn Behrens | LnL: ++ (we need a bot xD) | 16:31:26 |
 ris_ | is the darwin sandbox enabled on hydra? | 19:23:27 |
 Sandro | Don't think so | 19:23:52 |
| ris_ | that would explain a few things | 19:24:02 |
| LnL | no it's not, nixpkgs still needs some cleanup for that to work properly and I'm aware of at least one thing that's missing in the profile that breaks lots of rust builds | 19:26:56 |
| Sandro | ris_: nixpkgs-review does not turn on the darwin sandbox anymore since https://github.com/Mic92/nixpkgs-review/commit/aa9cc2f5e9199736af5167f8c3f406018b6a14e7 | 19:36:34 |
| ris_ | i've been surprised at how many packages have built for me actually since i switched it on | 19:37:37 |
| LnL | if you're up for it I'd definitively recommend enabling it, means that sandboxing issues get some visibility and you can always --option sandbox false if something's broken that you can't or don't want to fix | 19:39:20 |
 mjlbach | I had to use the latest nix master (not nixUnstable) in order to avoid many sandboxing issues on catalina | 19:39:53 |
| ris_ | completely separate topic - openvpn is failing to build for me on catalina, configure: error: route utility is required but missing - where would i get this from? | 19:46:03 |
| ris_ | clearly hydra is managing to build it, which is fun | 19:46:35 |
| Sandro | In reply to @r_i_s:matrix.org
i've been surprised at how many packages have built for me actually since i switched it on In my experience it works good enough if you are building leaf packages. If you are doing more core work things tend to break | 19:46:38 |
| LnL | unixtools.route would be the generic attribute to use | 19:46:51 |
| LnL | I think this is once of those things that comes from different places depending on the platform | 19:47:28 |
| Finn Behrens | In reply to @daiderd:matrix.org
if you're up for it I'd definitively recommend enabling it, means that sandboxing issues get some visibility and you can always --option sandbox false if something's broken that you can't or don't want to fix Is it just sandbox = true, or do I have something else? | 19:47:38 |
