Conversation

Notices

clacke (clacke@social.heldscal.la)'s status on Friday, 25-May-2018 05:29:49 EDT clacke

In the middle of solving a problem with strict Nix builds:

"Hang on, I'm going about this all wrong. I can't just do this little thing here and then expect it to magically Just Work. Anyway, let's run it and see where it breaks."

It magically Just Works.

In conversation Friday, 25-May-2018 05:29:49 EDT from social.heldscal.la permalink
1. clacke (clacke@social.heldscal.la)'s status on Friday, 25-May-2018 05:36:59 EDT clacke
  in reply to
  
  "Alright, ok, I can imagine why that would work. But in this situation over here, will it really ... oh my."
  
  In conversation Friday, 25-May-2018 05:36:59 EDT from social.heldscal.la permalink
  1. clacke (clacke@social.heldscal.la)'s status on Friday, 25-May-2018 05:40:11 EDT clacke
    in reply to
    
    Ok, enough vagueposting.
    
    You generate a .nix and it has a derivation with "src = /nix/store/qweölkrjsf43-blah/foo". Then you get "error: access to path '/nix/store/qweölkrjsf43-blah/foo' is forbidden in restricted mode".
    
    So I just figured, ok I'll take the hash of the directory, and then make a fixed-output derivation with that hash, where the build script actually does nothing, but that's ok because the build script will never run.
    
    And as it turns out, it actually won't. Merely taking the hash of that directory makes it appear in the store with the right filename and all.
    
    In conversation Friday, 25-May-2018 05:40:11 EDT from social.heldscal.la permalink
    1. clacke (clacke@social.heldscal.la)'s status on Friday, 25-May-2018 05:41:44 EDT clacke
      in reply to
      
      So instead of src = path you have src = "...mkDerivation { ... name = "foo"; outputHash = "213ö3lkjasdsdfölkj2ljk"; }" and that's fine because that's reproducible from a certain point of view.
      
      In conversation Friday, 25-May-2018 05:41:44 EDT from social.heldscal.la permalink

Public

Notices