Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

darwin: add impure-cmds #109626

Merged
merged 1 commit into from Feb 3, 2021
Merged

darwin: add impure-cmds #109626

merged 1 commit into from Feb 3, 2021

Conversation

holymonson
Copy link
Contributor

Motivation for this change

On darwin, there are some commands neither opensource nor able to build in nixpkgs.
We have no choice but to use those system-shipped impure ones.

cc @matthewbauer @veprbl

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review which does not build all packages (e.g. lumo, tensorflow or pytorch)
If you find some bugs or got suggestions for further things to search or run please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109626 run on x86_64-darwin 1

2 packages marked as broken and skipped:
  • interlock
  • passExtensions.pass-tomb
2 packages failed to build and are new build failures:
  • darwin.ditto: log was empty
  • darwin.sudo: log was empty

derivation '/nix/store/s7nlycb2cf17dgw9w2rc5gzbh27jxx89-ditto-impure-darwin.drv' requested impure path '/usr/bin/ditto', but it was not in allowed-impure-host-deps

@holymonson
darwin: add impure-cmds
5f1d105 
On darwin, there are some commands neither opensource nor able to build in nixpkgs.
We have no choice but to use those system-shipped impure ones.
veprbl
veprbl approved these changes Jan 20, 2021
View reviewed changes
Copy link
Member

@veprbl veprbl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@holymonson holymonson mentioned this pull request Jan 22, 2021
Closed
10 tasks
@SuperSandro2000
Copy link
Member

This is a semi-automatic executed nixpkgs-review with nixpkgs-review-checks extension. It is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch).
If you have any questions or problems please reach out to SuperSandro2000 on IRC.

Result of nixpkgs-review pr 109626 run on x86_64-darwin 1

2 packages marked as broken and skipped:
  • interlock
  • passExtensions.pass-tomb
2 packages built:
  • darwin.ditto
  • darwin.sudo

@SuperSandro2000 SuperSandro2000 merged commit 0829a51 into NixOS:master Feb 3, 2021
@rb2k
Copy link
Contributor

rb2k commented Feb 4, 2021
edited

Hmmm... I understand that from a bootstrap perspective, "sudo" would need to be owned by uid 0 and have the setuid bit set to do anything useful.

Would people be opposed to add a 2nd alias to all-packages.nix that still makes it available for darwin?
(Just to make sure it still compiles, or if people want to manually set the right permissions or other horrible things)

Not sure if there's any precedence for that.

@veprbl
Copy link
Member

veprbl commented Feb 5, 2021

IMO we should just revert the change to pkgs/top-level/all-packages.nix and keep impure stuff in darwin.sudo

@holymonson holymonson mentioned this pull request Feb 5, 2021
Merged
10 tasks
@grahamc
Copy link
Member

grahamc commented Feb 5, 2021

I'm not sure about this, overall. Packages in Nixpksg for NixOS and Linux don't get any setuid, why would we have impure packages for this on darwin?

@veprbl
Copy link
Member

veprbl commented Feb 5, 2021

@grahamc Well, to be fair, this doesn't (and can't) create any suid files in the store, only a symlink. We could consider this as a fine-grained alternative to export PATH=/usr/bin.

@abathur abathur mentioned this pull request May 26, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SuperSandro2000 SuperSandro2000 SuperSandro2000 left review comments

@veprbl veprbl veprbl approved these changes

Assignees
No one assigned
Labels
6.topic: darwin Running or building packages on Darwin 8.has: package (new) 10.rebuild-darwin: 1-10 10.rebuild-linux: 0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@holymonson @SuperSandro2000 @rb2k @veprbl @grahamc