Skip to content

darwin: add impure-cmds #109626

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 3, 2021
Merged

darwin: add impure-cmds #109626

merged 1 commit into from
Feb 3, 2021
+38 −2

Conversation

holymonson
Copy link
Contributor

Motivation for this change

On darwin, there are some commands neither opensource nor able to build in nixpkgs.
We have no choice but to use those system-shipped impure ones.

cc @matthewbauer @veprbl

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Sorry, something went wrong.

@ofborg ofborg bot added 6.topic: darwin Running or building packages on Darwin 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux labels Jan 17, 2021
@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review which does not build all packages (e.g. lumo, tensorflow or pytorch)
If you find some bugs or got suggestions for further things to search or run please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109626 run on x86_64-darwin 1

2 packages marked as broken and skipped:
  • interlock
  • passExtensions.pass-tomb
2 packages failed to build and are new build failures:
  • darwin.ditto: log was empty
  • darwin.sudo: log was empty

derivation '/nix/store/s7nlycb2cf17dgw9w2rc5gzbh27jxx89-ditto-impure-darwin.drv' requested impure path '/usr/bin/ditto', but it was not in allowed-impure-host-deps

@holymonson
darwin: add impure-cmds

Verified

This commit was signed with the committer’s verified signature.
holymonson Monson Shao
GPG key ID: 163271C707982C65
Verified
Learn about vigilant mode
5f1d105 
On darwin, there are some commands neither opensource nor able to build in nixpkgs.
We have no choice but to use those system-shipped impure ones.
veprbl
veprbl approved these changes Jan 20, 2021
View reviewed changes
Copy link
Member

@veprbl veprbl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@holymonson holymonson mentioned this pull request Jan 22, 2021
Closed
10 tasks
@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review with nixpkgs-review-checks extension. It is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch).
If you have any questions or problems please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109626 run on x86_64-darwin 1

2 packages marked as broken and skipped:
  • interlock
  • passExtensions.pass-tomb
2 packages built:
  • darwin.ditto
  • darwin.sudo

@SuperSandro2000 SuperSandro2000 merged commit 0829a51 into NixOS:master Feb 3, 2021
@rb2k
Copy link
Contributor

rb2k commented Feb 4, 2021
edited
Loading

Hmmm... I understand that from a bootstrap perspective, "sudo" would need to be owned by uid 0 and have the setuid bit set to do anything useful.

Would people be opposed to add a 2nd alias to all-packages.nix that still makes it available for darwin?
(Just to make sure it still compiles, or if people want to manually set the right permissions or other horrible things)

Not sure if there's any precedence for that.

@veprbl
Copy link
Member

veprbl commented Feb 5, 2021

IMO we should just revert the change to pkgs/top-level/all-packages.nix and keep impure stuff in darwin.sudo

@holymonson holymonson mentioned this pull request Feb 5, 2021
Merged
10 tasks
@grahamc
Copy link
Member

grahamc commented Feb 5, 2021

I'm not sure about this, overall. Packages in Nixpksg for NixOS and Linux don't get any setuid, why would we have impure packages for this on darwin?

@veprbl
Copy link
Member

veprbl commented Feb 5, 2021

@grahamc Well, to be fair, this doesn't (and can't) create any suid files in the store, only a symlink. We could consider this as a fine-grained alternative to export PATH=/usr/bin.

@abathur abathur mentioned this pull request May 26, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000

@veprbl veprbl

Assignees
No one assigned
Labels
6.topic: darwin Running or building packages on Darwin 8.has: package (new) This PR adds a new package 10.rebuild-darwin: 1-10 10.rebuild-linux: 0 This PR does not cause any packages to rebuild on Linux
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@holymonson @SuperSandro2000 @rb2k @veprbl @grahamc