| 29 Jul 2025 |
 emily | oh wait | 16:38:49 |
| emily | /btar | 16:38:51 |
| emily | lol | 16:38:52 |
| emily | so | 16:39:02 |
| emily | $TMPDIR ends with a / normally on macOS | 16:39:08 |
| emily | e.g. /var/folders/1v/jtp_4pzx7xq371f8j_xdnrvm0000gn/T/ | 16:39:15 |
| emily | /nix/var/nix/builds/nix-build-libarchive-3.8.1.drv-6/b does not | 16:39:28 |
| emily | do we want to work around that when things concatenate without the slash or just say it's an upstream bug? | 16:39:41 |
| emily | (I mean it is an upstream bug) | 16:39:45 |
| emily | ok, I just fixed it upstream | 16:59:47 |
| emily | previously the $TMPDIR would have been /private/tmp/nix-build-libarchive-3.8.1.drv-6 | 16:59:58 |
| emily | which would result in libarchive creating a file like /private/tmp/nix-build-libarchive-3.8.1.drv-6tar.md.CvYd75, which is fine because the permissions are less locked down. comedy | 17:00:17 |
 raitobezarius | In reply to @emilazy:matrix.org
(I mean it is an upstream bug) what is upstream here | 17:04:45 |
| emily | libarchive | 17:04:53 |
| raitobezarius | ah ok | 17:04:56 |
| emily | and maybe anything else similarly dumb | 17:04:59 |
| emily | it's not worth worrying about I think | 17:05:06 |
| emily | given it would cause issues on Linux too (it was in a macOS-only code path in this case), and was already behaving wrong pre-CVE-fixes | 17:05:29 |
| emily | FWIW something seems screwy about Unix sockets in /tmp in the Darwin sandbox even after fixes: https://github.com/NixOS/nixpkgs/pull/429415 | 17:30:12 |
| emily | but I'm not sure exactly what/how | 17:30:21 |
| emily | and it may be an okay regression because we should really be closing that off anyway… | 17:30:32 |
| raitobezarius | i cannot understand what is screwy | 17:31:21 |
| raitobezarius | what behavior do you see | 17:31:27 |
| raitobezarius | ah you're not exactly sure neither | 17:31:38 |
| emily | bind fails on /tmp/blah | 17:34:40 |
| emily | I don't know, libuv regularly breaks in the Darwin sandbox, so maybe it wasn't related to the CVE stuff | 17:35:07 |
| emily | but it seems suspicious (but I can't figure out why it'd have become screwier) | 17:35:18 |
| emily | Redacted or Malformed Event | 19:02:32 |
| emily | Redacted or Malformed Event | 19:02:45 |
| emily | Redacted or Malformed Event | 19:03:03 |
