Package Details: nix 2.3.1-2

Git Clone URL: https://aur.archlinux.org/nix.git (read-only, click to copy)
Package Base: nix
Description: A purely functional package manager
Upstream URL: https://nixos.org/nix
Licenses: LGPL
Submitter: None
Maintainer: asppsa (shaugh)
Last Packager: asppsa
Votes: 66
Popularity: 0.33
First Submitted: 2008-04-12 18:35
Last Updated: 2019-11-21 13:40

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 ... Next › Last »

immae commented on 2019-05-06 08:06

Linking this discussion from #nixos: https://logs.nix.samueldr.com/nixos/2019-02-06#1938291

In summary, compiling nix from "outside" of nix hardcodes some paths like /usr/bin/bash, /usr/bin/mkdir, ... in the compiled binary. So in theory it could fail anywhere (however I only ever had the problem with nix-channel), and not much can be done against it apart from compiling all those tools statically and adding them to the sandbox path.

It’s quite sad actually...

immae commented on 2019-05-06 07:55

@asppsa: Ok, sorry I missed that part of the discussion.

nix-channel --update doesn’t work either for me (I don’t use nix-channels), but I think it’s a global nix problem, not a packaging one: nix-channel is getting abandoned little by little and replaced with other mechanisms (I know, it’s still too present in configurations, I’m not the one making the changes :p ).

A workaround to make nix-channel work is to set sandbox = false in /etc/nix/nix.conf (and restart nix-daemon.service) while using this command, although I would recommend using that setting only for that command (and set it to true, the default since nix 2.1, for the rest of the time)

The proposed change with dash-static is for the rest of the nix commands (nix-build in particular). It is not used if you have sandbox = false. Any static sh-like could do the job but Archlinux doesn’t package any, so I had to package it myself

asppsa commented on 2019-05-06 04:40

@immae, ok I've added editline. I'm still finding however that dash-static doesn't fix the issues with nix-channel --update.

asppsa commented on 2019-05-06 03:30

@janat08 could you elaborate on what the issue you are seeing is? Is it the nix-channel error, or something else?

janat08 commented on 2019-05-06 00:45

The install is unusable, and prevents a proper install with sh script. beautiful.

immae commented on 2019-05-05 16:07

(Note: I’m very sorry too about the editline versus readline dependency, since readline is better built and better features than editline. But nix needs to be fixed to be usable with readline)

immae commented on 2019-05-05 15:56

@asppsa: Only a /bin/sh is ever absolutely required in the sandbox, everything in nix is done for that. In my opinion, anything else should not be here and be compiled directly via nix derivations (I’m building full featured nixos-systems with only that, so I’m confident about this opinion). In any case, I think it’s not your job as a packager to provide with more than a /bin/sh by default (note that the compile-time option is overridable in /etc/nix/nix.conf, so it can be overriden if someones wants to)

The problem with readline is only apparent when you use "nix repl" (the interactive nix): the "tab" (completion) doesn’t work at all and provokes crashes, which makes the whole repl useless

asppsa commented on 2019-05-05 14:31

@immae, is editline better than readline somehow? I hesitate to add this as a dependency, as it means an additional package for people to compile when readline is already available.

Concerning dash, I didn't quite grasp the significance of that before, but I'll look into it now. Do you have any thoughts on the other binaries that are apparently required in the sandbox (tar, xz, coreutils)?

immae commented on 2019-05-05 12:00

@asppsa: I proposed a solution below to (fix readline and) use static dash for sandboxing (because busybox is not a good solution, for the reasons your gave, and it needs to be static because it will end in a sandboxed path), you may want to have a look:

https://aur.archlinux.org/packages/nix/#comment-682267

asppsa commented on 2019-05-05 11:54

Ok, so I am wrong my busybox solution doesn't work because busybox doesn't provide bash. A solution is to add something like /usr/bin/bash=/nix/store/..../bin/bash to the build-sandbox-paths line.

Even once this is set though, the command will still fail due to "mv", "mkdir", "tar" and "xz" all being required as well ... these can also be gotten from busybox, or from the nix "coreutils", "gnutar" and "xz" packages.