Encrypt darwin volume fix mount #3
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Eelco Dolstra <[email protected]>
Allow Flake inputs to accept boolean and integer attributes
This resolves NixOS#3810 by changing the behavior of `max-jobs = 0`, so that specifying the option also avoids local building of derivations with the attribute `preferLocalBuild = true`.
By default, once you enter x86_64 Rosetta 2, macOS will try to run everything in x86_64. So an x86_64 Nix will still try to use x86_64 even when system = aarch64-darwin. To avoid this we can set kern.curproc_arch_affinity sysctl. With kern.curproc_arch_affinity=0, we ignore this preference. This is based on how https://opensource.apple.com/source/system_cmds/system_cmds-880.40.5/arch.tproj/arch.c.auto.html works. Completely undocumented, but seems to work! Note, you can verify this works with this impure Nix expression: ``` { a = derivation { name = "a"; system = "aarch64-darwin"; builder = "/bin/sh"; args = [ "-e" (builtins.toFile "builder" '' [ "$(/usr/bin/arch)" = arm64 ] [ "$(/usr/bin/arch -arch x86_64 /bin/sh -c /usr/bin/arch)" = i386 ] [ "$(/usr/bin/arch -arch arm64 /bin/sh -c /usr/bin/arch)" = arm64 ] /usr/bin/touch $out '') ]; }; b = derivation { name = "b"; system = "x86_64-darwin"; builder = "/bin/sh"; args = [ "-e" (builtins.toFile "builder" '' [ "$(/usr/bin/arch)" = i386 ] [ "$(/usr/bin/arch -arch x86_64 /bin/sh -c /usr/bin/arch)" = i386 ] [ "$(/usr/bin/arch -arch arm64 /bin/sh -c /usr/bin/arch)" = arm64 ] /usr/bin/touch $out '') ]; }; } ```
Replaces 'nix-env --list-generations'. Similar to 'nix profile diff-closures' but shows only the changes in top-level packages.
…ct-zero-max-jobs Don't let 'preferLocalBuild' override 'max-jobs=0'
…finity Set kern.curproc_arch_affinity=0 to escape Rosetta
Thanks @regnat and @edolstra for catching this and comming up with the solution. They way I had generalized those is wrong, because local settings for non-local stores is confusing default. And due to the nature of C++ inheritance, fixing the defaults is more annoying than it should be. Additionally, I thought we might just drop the check in the substitution logic since `Store::addToStore` is now streaming, but @regnat rightfully pointed out that as it downloads dependencies first, that would still be too late, and also waste effort on possibly unneeded/unwanted dependencies. The simple and correct thing to do is just make a store method for the boolean logic, keeping all the setting and key stuff the way it was before. That new method is both used by `LocalStore::addToStore` and the substitution goal check. Perhaps we might eventually make it fancier, e.g. sending the ValidPathInfo to remote stores for them to validate, but this is good enough for now.
2259 error message - "auto-call" error
While interpreting the output is fairly intuitive it would be better to explicitly specify what a good invocation looks like. That this isn't completely obvious (or at least causes folks to second-guess themselves) can be seen in a couple user threads: - https://discourse.nixos.org/t/nixos-cache-fetching-issue/3575/11 - https://discourse.nixos.org/t/newbie-question-cant-get-trivial-example-of-nixops-to-work-on-my-mac/1125/8
Document expected output of 'nix store ping'.
A few versioning mistakes were corrected: - In 27b5747, Daemon protocol had some version `>= 0xc` that should have been `>= 0x1c`, or `28` since the other conditions used decimal. - In a2b6966, legacy SSH gated new CAS info on version 6, but version 5 in the server. It is now 6 everywhere. Additionally, legacy ssh was sending over more metadata than the daemon one was. The daemon now sends that data too. CC @regnat Co-authored-by: Cole Helbling <[email protected]>
…alling-cleanup-lighter Clean up serialization for `BuildResult`
…alling-cleanup-lighter Fix typos in the last PR NixOS#4656
Fix Nix to properly work with stores using a scoped IPv6 address
…p-builders improve man page for nix.conf (builders)
Added Debian-based OS's profiles
Use the appropriate config dir for the registry
fix nixbld user name/uid for macOS/darwin
Thanks for your time and attention *again* here. I know they're scarce resources!
Also thanks to jtojnar and samueldr for clarifying discussion.
I didn't realize shellcheck would object; don't see my reason as sufficient for disabling the rule.
- the presence of an encrypted volume triggered reminders instead of a hard failure for vestigial reasons (at one point the WIP script did not support using an existing volume at all, so these were just reminders shown alongside *that* hard failure). - fixed a pretty 😊 bug with `password_confirm` that caused it to return true even if the user answered "n" to the initial prompt.
much thanks to the eagle-eyed @lilyball for spotting this
Should close NixOS#4488
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
just cheating