| 7 Feb 2025 |
|  Niklas Korz joined the room. | 12:15:46 |
| 10 Feb 2025 |
 Bot_wxt1221 | https://github.com/NixOS/nixpkgs/pull/380265 | 01:13:07 |
| Bot_wxt1221 | The github actions fail because of this stupid reason for many times | 01:13:26 |
 adamcstephens | What stupid reason? Seems like all the gha jobs passed | 02:02:09 |
| Bot_wxt1221 | Someone has fixed it. Thanks | 02:37:07 |
| 13 Feb 2025 |
| adamcstephens | In reply to @hexa:lossy.network
Cannot nix-instantiate `python313Packages.django-apscheduler.passthru.tests` because:
error: access to absolute path '/private' is forbidden in restricted mode
Cannot nix-instantiate `python313Packages.django_5` because:
error: access to absolute path '/private' is forbidden in restricted mode
Cannot nix-instantiate `python313Packages.django_5.passthru.tests` because:
error: access to absolute path '/private' is forbidden in restricted mode
can anyone provide any insight into this error? seems to be affecting all darwin jobs | 16:53:48 |
 emily | /var is a symlink to /private/var. hmm, there was a recent bug with Nix pure/--impure evaluation and symlinsk,I think | 16:56:08 |
| emily | * /var is a symlink to /private/var. hmm, there was a recent bug with Nix pure/--impure evaluation and symlinks, I think | 16:56:26 |
| emily | https://github.com/NixOS/nix/issues/12449 | 16:56:28 |
| emily | probably not this I guess | 16:56:35 |
| emily | (also /tmp → /private/tmp, /etc → /private/etc) | 16:56:53 |
| adamcstephens | someone on discord reported:
I can replicate this locally on my mac by building the package with --option restrict-eval true, but I'm lost for what is going on.
| 16:57:02 |
| emily | is it every single build or just some of them? | 16:59:21 |
| adamcstephens | my spot checking earlier it was affecting all | 16:59:41 |
| adamcstephens | e.g. here's a curl job https://github.com/NixOS/nixpkgs/pull/381673/checks?check_run_id=37148473245 | 17:00:02 |
| emily | what changed? :) | 17:00:07 |
| emily | Nix upgrade? OS upgrade? | 17:00:11 |
| adamcstephens | 🤷♂️ | 17:00:19 |
| adamcstephens | on the positive side, maybe we've caught the queue up? :) | 17:00:40 |
 Lily Foster | (i mean something is trying to read /private during eval (readDir fuckery?) but not clear if anything changed in nixpkgs or in cppnix or in ofborg builder config for macs) | 17:12:43 |
| emily | my guess is that the checkout is in /var/lib/nixpkgs or something. | 17:13:11 |
| emily | and then the second part of my guess is Nix was upgraded and caught some version of this bug | 17:13:27 |
| emily | but just a guess. | 17:13:32 |
| Lily Foster | i mean that issue is that it stopped resolving symlinks on import, so wouldn't that make it less likely to trigger a bug like this?
also iirc (unless something's changed on the cppnix side), if it only says /private is forbidden in the error, then that was the full path that was attempted to be accessed (but /private could be a path after symlink resolution and if it's a line in nixpkgs then e.g. the actual import/readFile/etc call causing it may be to a symlink -- but cppnix bugs does smell likely given i can't come up with a reasonable scenario that /private would ever attempt to be imported/read)
| 17:21:27 |
| emily | seems like figuring out what changes were made to ofborg's deployment between it working and breaking is the step 1 really | 17:22:05 |
| Lily Foster | (update: i guess this isn't true at least for recent cppnix -- it does actually just show first path segment in certain scenarios) | 17:27:50 |
| adamcstephens | a user's tmpdir is also in /private on mac | 17:28:23 |
| adamcstephens | ➜ readlink -f $TMPDIR
/private/var/folders/y7/n0y6ndf91tn7q95rs70q2_9c0000gn/T
| 17:28:56 |
| Lily Foster | (i doubt that's relevant for determining cause) | 17:39:19 |
