| 26 Jul 2025 |
 aloisw | Might have something to do with the fact that prev is not quite the same as the package set without the overlay. | 17:33:55 |
 raitobezarius | In reply to @piegames:flausch.social
nooo we need you i feel like there's enough brains on the topic ;P | 17:36:34 |
| raitobezarius | but tbh, I think the package set usage could be simply as lix.packageSet = pkgs.lixPackageSets.lix_2_93; | 17:36:56 |
| raitobezarius | kernel style | 17:36:57 |
| raitobezarius | and then the nixos module can abstract the various overlays we want to do | 17:37:06 |
 emily | do you know how it differs? | 17:43:05 |
| emily | apparently I don't understand overlays | 17:43:08 |
| *  piegames is confused as well | 17:46:33 |
| aloisw | This should be the function that applies overlays: https://github.com/NixOS/nixpkgs/blob/1733b682f2b4bf9e389a757e81e09fe3b51ddbc4/lib/fixed-points.nix#L319-L328 . So basically you should think of the package set as a function (that can be altered by overlays) and prev is the package set function prior to your overlay called with the fixed point. | 18:25:19 |
| aloisw | Actually that's not just basically but literally how it works: https://github.com/NixOS/nixpkgs/blob/2b37f8f2d88df8c2a5e67cc11ae15ff8372315af/pkgs/top-level/stage.nix#L337-L354 | 19:16:55 |
| aloisw | The entire nixpkgs package set is just overlays all the way down. | 19:17:20 |
| raitobezarius | emily i reworked the whole thing to take into account Darwin | 21:01:40 |
| raitobezarius | https://gerrit.lix.systems/c/lix/+/3765 | 21:01:42 |
| raitobezarius | I'm going to have dinner and let CI see if Darwin tests works | 21:02:07 |
| raitobezarius | I confirmed that Linux functionality did not regress as I have enough build capacity for that, but Darwin is not the optimal thing for me to test | 21:02:24 |
| raitobezarius | I decided to optimize Linux for free in the context of cacert disappearing someday | 21:02:42 |
| raitobezarius | I bind the CA certificate if possible rather than copying it | 21:02:50 |
| raitobezarius | I kept the warning and ensured it appears only if caFile and $NIX_SSL_CERT_FILE disagrees | 21:03:06 |
| raitobezarius | which can happen if you do | 21:03:08 |
| raitobezarius | NIX_SSL_CERT_FILE=a nix-build -A ... --option ssl-cert-file b | 21:03:21 |
| raitobezarius | and is to me a problem I believe? | 21:03:29 |
| emily | this means that it can change mid-build on Linux yes? | 21:03:33 |
| emily | I don't know if that's an issue per se but it unnerves me a bit | 21:03:49 |
| raitobezarius | correct | 21:03:53 |
| raitobezarius | I feel like, it should not be a problem | 21:04:01 |
| raitobezarius | if your system is going through changes of that style | 21:04:08 |
| raitobezarius | failures should happen outside of Nix as well | 21:04:17 |
| emily | perhaps, yeah | 21:04:32 |
| raitobezarius | realistically, how often CA certificates changes mid-builds? | 21:04:35 |
| emily | what if you… replace it with a Unix socket | 21:04:38 |
