| 26 May 2021 |
 mjlbach | I had to use the latest nix master (not nixUnstable) in order to avoid many sandboxing issues on catalina | 19:39:53 |
 ris_ | completely separate topic - openvpn is failing to build for me on catalina, configure: error: route utility is required but missing - where would i get this from? | 19:46:03 |
| ris_ | clearly hydra is managing to build it, which is fun | 19:46:35 |
 Sandro | In reply to @r_i_s:matrix.org
i've been surprised at how many packages have built for me actually since i switched it on In my experience it works good enough if you are building leaf packages. If you are doing more core work things tend to break | 19:46:38 |
 LnL | unixtools.route would be the generic attribute to use | 19:46:51 |
| LnL | I think this is once of those things that comes from different places depending on the platform | 19:47:28 |
 Finn Behrens | In reply to @daiderd:matrix.org
if you're up for it I'd definitively recommend enabling it, means that sandboxing issues get some visibility and you can always --option sandbox false if something's broken that you can't or don't want to fix Is it just sandbox = true, or do I have something else? | 19:47:38 |
| ris_ | In reply to @daiderd:matrix.org
unixtools.route would be the generic attribute to use of course this gives me Package ‘openssl-1.0.2u’ in ... is marked as insecure, refusing to evaluate. on master | 19:49:06 |
| LnL | I do have these extra things in my config | 19:49:14 |
| LnL | extra-sandbox-paths = /private/tmp /private/var/tmp /usr/bin/env | 19:49:17 |
| LnL | those are a few edgecases that occur more often but could be fixed so they're not in the default sandbox | 19:50:05 |
| Finn Behrens | Will try after my next exam. Still have to learn a bit more about Dylib and stuff though, as I’m from Linux. :-) | 19:51:02 |
| LnL | for older versions of nix you need a few extra paths but I'm pretty sure all of that is released already | 19:51:06 |
| LnL | check if there's /System stuff in nix show-config | grep sandbox | 19:51:22 |
| Finn Behrens | I’m using nix master from a few hours ago xD | 19:51:42 |
| LnL | In reply to @r_i_s:matrix.org
of course this gives me Package ‘openssl-1.0.2u’ in ... is marked as insecure, refusing to evaluate. on master sounds like it's probably coming from darwin.network_cmds then which does indeed not build anymore | 19:52:16 |
| ris_ | pretty sad state of affairs 😿 | 19:52:47 |
| LnL | yeah, the latest release from opensource.apple.com I a while back didn't work with a newer openssl either :/ | 19:54:01 |
| LnL | but maybe there was new stuff released since then | 19:54:26 |
 abathur | oh, I saw a PR today that roughly touches on that openssl issue, it at least asserts that #101229 will fix | 19:54:46 |
| Finn Behrens | I applied at Apple. Sadly the did not answer yet. But hopefully in the future I can help making nix better from apples side 😎 | 19:55:16 |
| abathur | https://github.com/NixOS/nixpkgs/pull/109003 | 19:55:18 |
| LnL | network_cmds isn't really tied to the sdk update | 19:57:38 |
| abathur | I wasn't sure about the assertion, just remembered seeing it :) | 19:58:09 |
| Sandro | ris_ it should also tell you how to ignore broken/insecure packages | 19:58:38 |
| abathur | different topic: I don't expect anyone here to have an opinion, but just in case it's something that's caused trouble for anyone here, I've opened a draft PR making the top-level sudo attr useful on macOS | 19:59:11 |
| ris_ | Sandro: oh it does, it's just i don't feel i can suggest adding this as an input to a packa | 19:59:23 |
| ris_ | * Sandro: oh it does, it's just i don't feel i can suggest adding this as an input to a package when i know it'll do that | 19:59:31 |
| LnL | In reply to @abathur:matrix.org
different topic: I don't expect anyone here to have an opinion, but just in case it's something that's caused trouble for anyone here, I've opened a draft PR making the top-level sudo attr useful on macOS what's the usecase for that? it's the same as using the one PATH at runtime and builds can't use sudo | 20:02:22 |
| abathur | the PR addresses my use-case | 20:06:00 |
