| 19 Sep 2025 |
 raitobezarius | I wonder how that meshes with pasta-path and what is the replacement here but it doesn't feel strange to me; is the use case completely self contained mono binary Lix? | 00:16:22 |
 aloisw | Maybe just disable the option then and make pasta unconditional? | 06:01:29 |
 Yureka (she/her) | Basically yes | 07:54:23 |
| Yureka (she/her) | Lix for remote building on a host where I am not privileged to create /nix/store/ | 07:54:57 |
| Yureka (she/her) | With the lix static bin/ added to path, and store = /home/.../store set in ~/.config/nix/nix.conf | 07:55:54 |
| Yureka (she/her) | I guess I can also set pasta_path = /path/to/pasta but it feels like a regression from the previous experience | 07:56:39 |
| raitobezarius | pasta unconditional seems a bit dangerous to me because of the bugs we saw | 09:45:10 |
| raitobezarius | sometimes not even under our control (e.g. kernel bug) | 09:45:16 |
| Yureka (she/her) | for the sandbox shell, isn't the option to embed it just on top of the ability to change it at run-time later? | 09:46:23 |
| raitobezarius | #if HAVE_EMBEDDED_SANDBOX_SHELL
if (i.second.source == "__embedded_sandbox_shell__") {
static unsigned char sh[] = {
#include "embedded-sandbox-shell.gen.hh"
};
auto dst = chrootRootDir + i.first;
createDirs(dirOf(dst));
writeFile(dst, std::string_view((const char *) sh, sizeof(sh)));
chmodPath(dst, 0555);
} else
#endif
bindPath(i.second.source, chrootRootDir + i.first, i.second.optional);
| 09:47:05 |
| raitobezarius | #if defined(__linux__) && defined(SANDBOX_SHELL)
sandboxPaths.setDefault(tokenizeString<StringSet>("/bin/sh=" SANDBOX_SHELL));
#endif
| 09:47:33 |
| raitobezarius | correct | 09:47:34 |
| raitobezarius | there's a runtime composition | 09:47:39 |
| raitobezarius | sounds like we could do mostly the same | 09:47:47 |
| raitobezarius | except that this time, this is not about writing a binary in the sandbox | 09:47:53 |
| raitobezarius | but executing a binary which is mapped in our memory | 09:48:02 |
| Yureka (she/her) | sounds good | 09:48:16 |
| * raitobezarius nods | 09:48:20 |
| Yureka (she/her) | I can take on this task and create a patch | 09:49:04 |
| raitobezarius | thanks! | 09:53:02 |
| Yureka (she/her) | summarized the thing here https://git.lix.systems/lix-project/lix/issues/996 | 09:56:04 |
| Yureka (she/her) | and assigned myself | 09:56:16 |
| aloisw | It would only be unconditional for static builds with built-in pasta. But given that the sandbox shell also has a runtime option after all we could support (and default to) pasta-path = __embedded_pasta__ similarly in this case. | 11:44:38 |
|  bl1nk changed their profile picture. | 15:22:59 |
| bl1nk changed their profile picture. | 15:25:08 |
| 21 Sep 2025 |
 K900 | Can someone remind me why the flake is pinned to an old capnproto? | 16:39:22 |
| K900 | OK I don't think the old is intentional | 16:52:29 |
| raitobezarius | not intentional but we have patches on capnp | 16:53:40 |
