2023-07-24 Nix team meeting minutes #74

Attendees: @Ericson2314 @edolstra @regnat @roberth @tomberek


Approved on the principle, assigned to @Ericso2314

ionice to idle during GC by kvtb · Pull Request #5235 · NixOS/nix · GitHub

  • Neat idea, but no one is too familiar with this

  • @edolstra: Be wary of priority inversion, if a deprioritized GC thread holds some locks we might get into trouble.

    • GC is no longer takes a big global locks so this is less of a problem
    • But other code like SQLite just takes locks
    • “Idle” seems too low
  • @edolstra: Also be aware of auto-GC where other non-GC things are happening in the same process

    • @edolstra: It appears it can be set per-thread, but this is setting it per-process
  • @thufschmitt: Let’s close this and instead suggest running something like sudo ionice -c Idle nix-collect-garbage -d

nix-daemon: deprecate trusted substituters by georgyo · Pull Request #4528 · NixOS/nix · GitHub

  • Signing is indeed sufficient to make sure we don’t trust data we shouldn’t.

  • The fundamental issue here is actually separate from signing. When using a daemon, we don’t want the user to specify to the daemon substituter which lead it to make publically accessible information which would not otherwise be.

    • @thufschmitt left a good comment on this elsewhere, but we are having trouble finding it.
  • Might want to rename and tweak this feature to make it more flexible.

add input scheme for forgejo by getchoo · Pull Request #7970 · NixOS/nix · GitHub

  • Don’t really want to support more git fetchers now or for the foreseeable future. There are surprisingly hard to maintain.

  • Some way to make fetching extensible by users would be better.

Refactor `Store` hierarchy with a new `IndirectRootStore` interface by Ericson2314 · Pull Request #8243 · NixOS/nix · GitHub

feat: add always-allow-substitutes by lovesegfault · Pull Request #8047 · NixOS/nix · GitHub

  • Agreement that the underlying allowsSubstitutes = false is not good

  • @thufschmitt Good to consider documentation and naming tricks. E.g. we can phrase this as enabling rather than disabling allowsSubstitutes = false.

Handle use-xdg-base-directories for profile link by balsoft · Pull Request #7929 · NixOS/nix · GitHub

  • Not that urgent since another fix for the original issue landed
    • That one is more principled, though
    • But involves calling Nix in the shell startup script, which is meh
    • @regnat: Also uses xp features in the init script, which is a no-go
    • @ericson2314: We could make the usage of XDG dirs dependant on whether the corresponding files exist or not, which would make the current (master) solution totally correct, and would sidestep the problem altogether
      • @ericson2314 will try doing that
      • Will also make sure the default value indicates this.
    • Will close that PR in the meantime

nix shell: set MANPATH for installables that have a man dir by sternenseemann · Pull Request #4702 · NixOS/nix · GitHub

  • Suggestion: Since Sterni already started sketching out a more principled proposal, we could try to sneak him into expanding it into something more concrete
  • @tomberek: That’s expanding the scope of the discussion quite a lot, shouldn’t we first focus on the small-scope problem at hand?
    • @regnat: I’d rather know where we’re going before expanding it in any way. Possibly we can allow MANPATH once we know we have an escape route