| 26 May 2021 |
 LnL | In reply to @r_i_s:matrix.org
of course this gives me Package ‘openssl-1.0.2u’ in ... is marked as insecure, refusing to evaluate. on master sounds like it's probably coming from darwin.network_cmds then which does indeed not build anymore | 19:52:16 |
 ris_ | pretty sad state of affairs 😿 | 19:52:47 |
| LnL | yeah, the latest release from opensource.apple.com I a while back didn't work with a newer openssl either :/ | 19:54:01 |
| LnL | but maybe there was new stuff released since then | 19:54:26 |
 abathur | oh, I saw a PR today that roughly touches on that openssl issue, it at least asserts that #101229 will fix | 19:54:46 |
 Finn Behrens | I applied at Apple. Sadly the did not answer yet. But hopefully in the future I can help making nix better from apples side 😎 | 19:55:16 |
| abathur | https://github.com/NixOS/nixpkgs/pull/109003 | 19:55:18 |
| LnL | network_cmds isn't really tied to the sdk update | 19:57:38 |
| abathur | I wasn't sure about the assertion, just remembered seeing it :) | 19:58:09 |
 Sandro | ris_ it should also tell you how to ignore broken/insecure packages | 19:58:38 |
| abathur | different topic: I don't expect anyone here to have an opinion, but just in case it's something that's caused trouble for anyone here, I've opened a draft PR making the top-level sudo attr useful on macOS | 19:59:11 |
| ris_ | Sandro: oh it does, it's just i don't feel i can suggest adding this as an input to a packa | 19:59:23 |
| ris_ | * Sandro: oh it does, it's just i don't feel i can suggest adding this as an input to a package when i know it'll do that | 19:59:31 |
| LnL | In reply to @abathur:matrix.org
different topic: I don't expect anyone here to have an opinion, but just in case it's something that's caused trouble for anyone here, I've opened a draft PR making the top-level sudo attr useful on macOS what's the usecase for that? it's the same as using the one PATH at runtime and builds can't use sudo | 20:02:22 |
| abathur | the PR addresses my use-case | 20:06:00 |
| LnL | but it's not a __impureHostDep, it's a runtime dependency so I don't get why you need this | 20:07:39 |
| LnL | it's the same on linux, you can't use pkgs.sudo at runtime you need the setuid wrapper which is available through PATH | 20:09:11 |
| abathur | hmm, that may sink it | 20:11:36 |
| abathur | I noticed that it works on Linux, though I haven't looked into how | 20:12:00 |
| abathur | anyways; resholve's point/goal is nailing everything down at build time (and blocking if it can't), so the problem/need is unaffected by the suitability of the solution | 20:14:08 |
| LnL | sudo is a tricky one for that, since even on linux it can be either /run/wrappers/bin/sudo or /usr/bin/sudo | 20:16:09 |
| LnL | unless nix gets some kind of native support for setuid binaries | 20:16:35 |
| LnL | same with eg. ping by the way | 20:18:18 |
| abathur | edited the post to reframe it around what resholve needs wrt to the broader problem I guess | 21:18:04 |
| ris_ | one thing about the sandbox on darwin - i don't find i can disable it case by case on the command line even though i've set nix.trustedUsers = [ "*" ]; | 22:58:52 |
|  aaronjanse joined the room. | 23:13:30 |
| 27 May 2021 |
| abathur | LnL: is there an authoritative list? is it fair to take /run/wrappers/bin on NixOS as such? | 00:02:24 |
 emily | there's no reason nix-darwin couldn't support /run/wrappers for compatibility right? | 00:22:07 |
| emily | it already shoves /run into the hierarchy, might as well make use of it | 00:22:20 |
| abathur | it could, and that'd be an improvement, but I suspect it won't fix my core issue; the paths would still be invalid on macOS without nix-darwin, and probably on all other non-nixOS linuxes? | 00:26:25 |
