| 9 May 2026 |
 emily | well, not partial substitution necessarily | 16:44:17 |
| emily | cards on the table, I genuinely thought the partial outputs thing would be a total red herring and I'm still suspicious of just-so stories around substitution failures | 16:44:30 |
| emily | but partial output presence at least seems plausible | 16:44:49 |
 Randy Eckenrode | I’ve had codesigning break during local builds. I’m skeptical that it’s Hydra causing the issue. | 16:46:41 |
| Randy Eckenrode | The most common one in local builds is xmllint getting broken. | 16:46:53 |
| emily | I gave a reproducer for the FFmpeg case | 16:47:00 |
| emily | pretty sure you could go from scratch to the same result with zero Hydra | 16:47:08 |
| emily | the log for FFmpeg shows that there was path rewriting going on and that does indeed break the build | 16:47:25 |
| emily | for fish, though, I don't know | 16:47:30 |
| Randy Eckenrode | If I’m understanding correctly, then should this be reproducible for any multi-output derivation if you install one output from the cache then build another with substituters disabled? | 16:58:06 |
| Randy Eckenrode | Or build something then delete the alternate paths. Hmm. | 17:00:12 |
| Randy Eckenrode | * | 17:00:25 |
| Randy Eckenrode | That reproduced it. | 17:00:41 |
| emily | okay it does explain fish too: https://github.com/NixOS/nix/pull/15638#issuecomment-4413076030 (but not the difference in logs between the two) | 17:08:31 |
| emily | libxml2 has multiple outputs and probably the vast majority of things pull in the library and not the bin output, so if the bin output gets GC'd then libxml2 gets rebuilt and xmllint gets mangled, say? | 17:09:45 |
 K900 | Honestly why the fuck are fallback paths real | 17:15:45 |
| K900 | Can we not somehow sandbox them away | 17:15:57 |
| emily | because no FS namespaces on macOS | 17:16:02 |
| K900 | So is the answer just literally no? | 17:16:20 |
| emily | you would have to ban builds when any outputs are present | 17:16:25 |
| emily | which might be okay in practice | 17:16:29 |
| emily | would also likely mean not GCing outputs separately probably | 17:16:45 |
| K900 | For Hydra it's probably fine to just kill the outputs in a prebuild hook or something | 17:16:57 |
| emily | well no since other things could depend on them | 17:17:03 |
| emily | but they should just get substituted | 17:17:07 |
| Randy Eckenrode | Yeah. Found a leaf package that can be used to reproduce.
$ nix build --no-link -f . darwin.dyld
$ nix store delete $(nix eval --raw -f . darwin.dyld.out)
1 store paths deleted, 2.92 MiB freed
$ nix build --no-link -f . darwin.dyld
$ result/bin/dsc_extractor
fish: Job 1, 'result/bin/dsc_extractor' terminated by signal SIGKILL (Forced quit)
| 17:17:09 |
| emily | the question is why that's not happening. it could be an upload-side issue | 17:17:12 |
| emily | I've asked about it in #infra:nixos.org | 17:17:16 |
| Randy Eckenrode | * Yeah. Found a leaf package that can be used to reproduce.
$ nix build --no-link -f . darwin.dyld
$ nix store delete $(nix eval --raw -f . darwin.dyld.out)
1 store paths deleted, 2.92 MiB freed
$ nix build -f . darwin.dyld
$ result/bin/dsc_extractor
fish: Job 1, 'result/bin/dsc_extractor' terminated by signal SIGKILL (Forced quit)
| 17:17:18 |
| emily | because I don't know Hydra well enough to guess at the likely causes | 17:17:22 |
