New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
buildGoModule: support impure modules #76532
Conversation
When modSha256 is null, disable the nix sandbox instead of using a fixed-output derivation. This requires the nix-daemon to have `sandbox = relaxed` set in their config to work properly. Because the output is (hopefully) deterministic based on the inputs, this should give a reproducible output. This is useful for development outside of nixpkgs where re-generating the modSha256 on each mod.sum changes is cumbersome. Don't use this in nixpkgs! This is why null is not the default value.
I'm not sure if I like this being in nixpkgs in at, but I see there might be usecases. If this gets merged, we should at least print a big warning with |
I'm on with this change, but I agree that we should at least warn so the user knows that is happening behind the scenes. |
Can we also document this in the manual? |
Ok, I wanted to see what you think of the solution. I will document this more thoroughly then. I would rather add the warning in the documentation than adding noise to the output with |
doc added |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should explain why this shouldn't be used for Nixpkgs, and is discouraged except for development.
Co-Authored-By: Florian Klink <flokli@flokli.de>
Co-Authored-By: Wael Nasreddine <wael.nasreddine@gmail.com>
Co-Authored-By: Wael Nasreddine <wael.nasreddine@gmail.com>
all good now? |
When modSha256 is null, disable the nix sandbox instead of using a fixed-output derivation. This requires the nix-daemon to have `sandbox = relaxed` set in their config to work properly. Because the output is (hopefully) deterministic based on the inputs, this should give a reproducible output. This is useful for development outside of nixpkgs where re-generating the modSha256 on each mod.sum changes is cumbersome. Don't use this in nixpkgs! This is why null is not the default value. (cherry picked from commit f373ece)
When modSha256 is null, disable the nix sandbox instead of using a
fixed-output derivation. This requires the nix-daemon to have
sandbox = relaxed
set in their config to work properly.Because the output is (hopefully) deterministic based on the inputs,
this should give a reproducible output. This is useful for development
outside of nixpkgs where re-generating the modSha256 on each mod.sum
changes is cumbersome.
Don't use this in nixpkgs! This is why null is not the default value.
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)Notify maintainers
cc @