| 26 Jul 2025 |
 raitobezarius | which can happen if you do | 21:03:08 |
| raitobezarius | NIX_SSL_CERT_FILE=a nix-build -A ... --option ssl-cert-file b | 21:03:21 |
| raitobezarius | and is to me a problem I believe? | 21:03:29 |
 emily | this means that it can change mid-build on Linux yes? | 21:03:33 |
| emily | I don't know if that's an issue per se but it unnerves me a bit | 21:03:49 |
| raitobezarius | correct | 21:03:53 |
| raitobezarius | I feel like, it should not be a problem | 21:04:01 |
| raitobezarius | if your system is going through changes of that style | 21:04:08 |
| raitobezarius | failures should happen outside of Nix as well | 21:04:17 |
| emily | perhaps, yeah | 21:04:32 |
| raitobezarius | realistically, how often CA certificates changes mid-builds? | 21:04:35 |
| emily | what if you… replace it with a Unix socket | 21:04:38 |
| emily | it's just the bind mount that scares me | 21:04:43 |
| raitobezarius | In reply to @emilazy:matrix.org
what if you… replace it with a Unix socket <insert meme of person unhappy> | 21:04:51 |
| emily | no I mean like | 21:04:56 |
| emily | what if something switches out the cert store for a Unix socket | 21:05:04 |
| emily | I dunno | 21:05:10 |
| raitobezarius | can it change inode type? | 21:05:20 |
| emily | well you could do it between builds even (maybe? if that's not checked for) | 21:05:31 |
| raitobezarius | the setup happens at each build | 21:05:43 |
| emily | not having to think about all of this, and making it faster for Darwin, is why I landed on the store path solution 😅 – esp. since on Darwin the path already canonicalizes to something in the store already, so zero copying needed | 21:05:46 |
| raitobezarius | so if it becomes a socket after build 1 | 21:05:49 |
| emily | (though you do have to canonicalize again, in that case) | 21:05:54 |
| raitobezarius | it gets rejected | 21:05:58 |
| raitobezarius | i paged pennae on this question | 21:06:26 |
| emily | fwiw, not sure about this | 21:06:26 |
| raitobezarius | i'm slowlycrashing | 21:06:36 |
| emily | anyway, ideally there'd be some Darwin benchmark numbers but … that's hard | 21:06:38 |
| emily | I don't oppose this path | 21:06:44 |
| emily | I like the store thing the most still, but I'm not the one implementing it | 21:06:53 |
