Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

home: Add buildEnvWithNoChroot to help avoid darwin sandbox failures #3729

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

home: Add buildEnvWithNoChroot to help avoid darwin sandbox failures #3729

wants to merge 1 commit into from

Conversation

amarshall
Copy link
Contributor

Description

Sets __noChroot = true on select buildEnv derivations that assemble
large numbers of paths. This may be used to avoid sandbox failures on
darwin, see NixOS/nix#4119 and the sandbox
option in man nix.conf.

I wish there was a way to do something akin to overlays for config, alas
there is not afaik, so the only way is to add an option. Since this is
opt-in, anyone enabling it thus understands the “risks” of disabling the
sandbox, however the risk for these derivations should be fairly low,
and this allows enabling the sandbox more generally on Darwin, which is
beneficial.

I have only added to the derivations that started giving me problems,
others may suffer from others but these are definitely likely to have
huge dependency lists therefore exposing the problem.

I’m open to a different name for the option, hard to come up with something representative but concise. I have not added any tests since it’s a rather cumbersome scenario to test, and may also be flaky. The default path (option disabled) is I expect already well-covered.

Checklist

  • Change is backwards compatible.

  • Code formatted with ./format.

  • Code tested through nix-shell --pure tests -A run.all.

  • Test cases updated/added. See example.

  • Commit messages are formatted like

    {component}: {description}

{long description}

    See CONTRIBUTING for more information and recent commit messages for examples.

  • If this PR adds a new module

    • Added myself as module maintainer. See example.

    • Added myself and the module files to .github/CODEOWNERS.

@amarshall amarshall requested a review from rycee as a code owner March 2, 2023 04:03
@stale
Copy link

stale bot commented May 31, 2023

Thank you for your contribution! I marked this pull request as stale due to inactivity. Please read the relevant sections below before commenting.

If you are the original author of the PR

  • GitHub sometimes doesn't notify people who commented / reviewed a PR previously when you (force) push commits. If you have addressed the reviews you can officially ask for a review from those who commented to you or anyone else.
  • If it is unfinished but you plan to finish it, please mark it as a draft.
  • If you don't expect to work on it any time soon, please consider closing it with a short comment encouraging someone else to pick up your work.
  • To get things rolling again, rebase the PR against the target branch and address valid comments.

If you are not the original author of the PR

  • If you want to pick up the work on this PR, please create a new PR and indicate that it supercedes and closes this PR.

@stale stale bot added the status: stale label May 31, 2023
@stale stale bot removed the status: stale label Jul 11, 2023
@n8henrie n8henrie mentioned this pull request Oct 2, 2023
Open
@stale
Copy link

stale bot commented Oct 11, 2023

Thank you for your contribution! I marked this pull request as stale due to inactivity. Please read the relevant sections below before commenting.

If you are the original author of the PR

  • GitHub sometimes doesn't notify people who commented / reviewed a PR previously when you (force) push commits. If you have addressed the reviews you can officially ask for a review from those who commented to you or anyone else.
  • If it is unfinished but you plan to finish it, please mark it as a draft.
  • If you don't expect to work on it any time soon, please consider closing it with a short comment encouraging someone else to pick up your work.
  • To get things rolling again, rebase the PR against the target branch and address valid comments.

If you are not the original author of the PR

  • If you want to pick up the work on this PR, please create a new PR and indicate that it supercedes and closes this PR.

@stale stale bot added the status: stale label Oct 11, 2023
@stale stale bot removed the status: stale label Oct 11, 2023
@stale Stale
Copy link

stale bot commented Jan 9, 2024

Thank you for your contribution! I marked this pull request as stale due to inactivity. Please read the relevant sections below before commenting.

If you are the original author of the PR

  • GitHub sometimes doesn't notify people who commented / reviewed a PR previously when you (force) push commits. If you have addressed the reviews you can officially ask for a review from those who commented to you or anyone else.
  • If it is unfinished but you plan to finish it, please mark it as a draft.
  • If you don't expect to work on it any time soon, please consider closing it with a short comment encouraging someone else to pick up your work.
  • To get things rolling again, rebase the PR against the target branch and address valid comments.

If you are not the original author of the PR

  • If you want to pick up the work on this PR, please create a new PR and indicate that it supercedes and closes this PR.

@stale stale bot added the status: stale label Jan 9, 2024
@stale stale bot removed the status: stale label Jan 9, 2024
@rycee rycee added the pinned Prevent marking as stale label Apr 8, 2024
@amarshall
home: Add buildEnvWithNoChroot to help avoid darwin sandbox failures
d7319b7 
Allows setting `__noChroot = true` on select derivations that assemble
large numbers of paths. This may be used to avoid sandbox failures on
darwin, see NixOS/nix#4119 and the `sandbox`
option in `man nix.conf`.

I wish there was a way to do something akin to overlays for config, alas
there is not afaik, so the only way is to add an option. Since this is
opt-in, anyone enabling it thus understands the “risks” of disabling the
sandbox, however the risk for these derivations should be fairly low,
and this allows enabling the sandbox more generally on Darwin, which is
beneficial.

I have only added to the derivations that started giving me problems,
others may suffer from others but these are definitely likely to have
huge dependency lists therefore exposing the problem.

Despite this being intended only for use on Darwin, it is left somewhat
generic and thus up to the user to do set it to e.g.
`stdenv.hostPlatform.isDarwin`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rycee rycee Awaiting requested review from rycee

Assignees
No one assigned
Labels
pinned Prevent marking as stale
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@amarshall @rycee