| 26 Jul 2025 |
| *  piegames is confused as well | 17:46:33 |
 aloisw | This should be the function that applies overlays: https://github.com/NixOS/nixpkgs/blob/1733b682f2b4bf9e389a757e81e09fe3b51ddbc4/lib/fixed-points.nix#L319-L328 . So basically you should think of the package set as a function (that can be altered by overlays) and prev is the package set function prior to your overlay called with the fixed point. | 18:25:19 |
| aloisw | Actually that's not just basically but literally how it works: https://github.com/NixOS/nixpkgs/blob/2b37f8f2d88df8c2a5e67cc11ae15ff8372315af/pkgs/top-level/stage.nix#L337-L354 | 19:16:55 |
| aloisw | The entire nixpkgs package set is just overlays all the way down. | 19:17:20 |
 raitobezarius | emily i reworked the whole thing to take into account Darwin | 21:01:40 |
| raitobezarius | https://gerrit.lix.systems/c/lix/+/3765 | 21:01:42 |
| raitobezarius | I'm going to have dinner and let CI see if Darwin tests works | 21:02:07 |
| raitobezarius | I confirmed that Linux functionality did not regress as I have enough build capacity for that, but Darwin is not the optimal thing for me to test | 21:02:24 |
| raitobezarius | I decided to optimize Linux for free in the context of cacert disappearing someday | 21:02:42 |
| raitobezarius | I bind the CA certificate if possible rather than copying it | 21:02:50 |
| raitobezarius | I kept the warning and ensured it appears only if caFile and $NIX_SSL_CERT_FILE disagrees | 21:03:06 |
| raitobezarius | which can happen if you do | 21:03:08 |
| raitobezarius | NIX_SSL_CERT_FILE=a nix-build -A ... --option ssl-cert-file b | 21:03:21 |
| raitobezarius | and is to me a problem I believe? | 21:03:29 |
 emily | this means that it can change mid-build on Linux yes? | 21:03:33 |
| emily | I don't know if that's an issue per se but it unnerves me a bit | 21:03:49 |
| raitobezarius | correct | 21:03:53 |
| raitobezarius | I feel like, it should not be a problem | 21:04:01 |
| raitobezarius | if your system is going through changes of that style | 21:04:08 |
| raitobezarius | failures should happen outside of Nix as well | 21:04:17 |
| emily | perhaps, yeah | 21:04:32 |
| raitobezarius | realistically, how often CA certificates changes mid-builds? | 21:04:35 |
| emily | what if you… replace it with a Unix socket | 21:04:38 |
| emily | it's just the bind mount that scares me | 21:04:43 |
| raitobezarius | In reply to @emilazy:matrix.org
what if you… replace it with a Unix socket <insert meme of person unhappy> | 21:04:51 |
| emily | no I mean like | 21:04:56 |
| emily | what if something switches out the cert store for a Unix socket | 21:05:04 |
| emily | I dunno | 21:05:10 |
| raitobezarius | can it change inode type? | 21:05:20 |
| emily | well you could do it between builds even (maybe? if that's not checked for) | 21:05:31 |
