Skip to content

glycin: make /usr optional#469403

Open
max-privatevoid wants to merge 4 commits intoNixOS:masterfrom
max-privatevoid:glycin-no-usr
Open

glycin: make /usr optional#469403
max-privatevoid wants to merge 4 commits intoNixOS:masterfrom
max-privatevoid:glycin-no-usr

Conversation

@max-privatevoid
Copy link
Contributor

@max-privatevoid max-privatevoid commented Dec 9, 2025

I tried to get this through upstream, but it was rejected.

I'm on a mission to get rid of /bin/sh and /usr/bin/env, and the addition of glycin to the GNOME ecosystem is the latest hiccup I've encountered. The sandboxing code wants to bind-mount /usr into the sandbox and straight up crashes when /usr doesn't exist. This PR includes a minimally invasive patch to fix my particular use case by ignoring the absence of /usr.

I've exposed the patch via passthru as was previously done for a different patch, and applied the patch in all the places where the other patch was applied. I've also changed Fractal to also make use of the paths patch instead of prefixing PATH via the wrapper, because I think it's cleaner to call the binary by its absolute path.

Things done

  • Built on platform:
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • Tested, as applicable:
  • Ran nixpkgs-review on this PR. See nixpkgs-review usage.
  • Tested basic functionality of all binary files, usually in ./result/bin/.
  • Nixpkgs Release Notes
    • Package update: when the change is major or breaking.
  • NixOS Release Notes
    • Module addition: when adding a new NixOS module.
    • Module update: when the change is significant.
  • Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

Add a 👍 reaction to pull requests you find important.

@nixpkgs-ci nixpkgs-ci bot requested review from a user, 06kellyjac, bobby285271, dasj19, hedning and jtojnar December 9, 2025 21:21
@nixpkgs-ci nixpkgs-ci bot added 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. labels Dec 9, 2025
06kellyjac
06kellyjac approved these changes Dec 11, 2025
View reviewed changes
Copy link
Member

@06kellyjac 06kellyjac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

--ro-bind-try seems appropriate for nixpkgs/nixos
Shame we're still applying patches like this but for libglycin but LGTM

@nixpkgs-ci nixpkgs-ci bot added 12.approvals: 1 This PR was reviewed and approved by one person. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages. labels Dec 11, 2025
@ghost
Copy link

ghost commented Dec 11, 2025
edited by ghost
Loading

@max-privatevoid

I'm on a mission to get rid of /bin/sh and /usr/bin/env

What is the benefit of removing /usr from your NixOS filesystem? I personally don't have an issue with carrying additional patches for glycin but I'd like to get the full rationale first.

@max-privatevoid
Copy link
Contributor Author

max-privatevoid commented Dec 17, 2025

It's a compatibility hack that we shouldn't have, much like we deliberately don't have a working /lib64/ld-linux-x86-64.so.2. I don't think any software should rely on the implicit existence of /usr/bin/env. For glycin in particular, this path is entirely useless anyway.

@ghost
Copy link

ghost commented Dec 31, 2025

Just an update: there is a legitimate (?) use of /usr/bin/env which is used in many nixpkgs update scripts including maintainer scripts. (see man 1 nix-shell)

Example:

#!/usr/bin/env nix-shell
#!nix-shell -i bash -p coreutils nix nix-update curl jq
# shellcheck shell=bash

But this does seem like a compatibility scheme we can go without as one can just invoke the bash script via nix-shell --run

@nixpkgs-ci nixpkgs-ci bot added the 2.status: merge-bot eligible This PR can be merged by commenting "@NixOS/nixpkgs-merge-bot merge". label Jan 8, 2026
@jtojnar
Copy link
Member

jtojnar commented Jan 18, 2026

I independently encountered the need for this when running glycin-loaders tests it in Nix build sandbox. Incorporated your proposed solution into a larger refactoring effort in #481377

@philiptaron philiptaron reopened this Jan 19, 2026
@collares
Copy link
Member

collares commented Feb 4, 2026
edited
Loading

I guess glycin devs already essentially made the same remark, but just to reiterate: out-of-touch comments like "I'd consider a system without /nix/store to be far more broken than one without /usr" will just make upstream developers (in general, not just glycin's) dislike NixOS maintainers. Please don't.

@nixpkgs-ci nixpkgs-ci bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@06kellyjac 06kellyjac 06kellyjac approved these changes

@bobby285271 bobby285271 Awaiting requested review from bobby285271

@dasj19 dasj19 Awaiting requested review from dasj19

@hedning hedning Awaiting requested review from hedning

@jtojnar jtojnar Awaiting requested review from jtojnar

Assignees

No one assigned

Labels

2.status: merge conflict This PR has merge conflicts with the target branch 2.status: merge-bot eligible This PR can be merged by commenting "@NixOS/nixpkgs-merge-bot merge". 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. 12.approvals: 1 This PR was reviewed and approved by one person. 12.approved-by: package-maintainer This PR was reviewed and approved by a maintainer listed in any of the changed packages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@max-privatevoid @jtojnar @collares @06kellyjac @philiptaron