Good practice to make not-for-install packages available in the binary cache

I’m working on the Apptainer / Singularity packaging and NixOS module.

Since it provides integration to SUID-enabled components through build options, it is therefore sensible to override the package with the NixOS module before installing, and it would be a plus to the UX to be able to download the overridden package from the binary cache when related options in the NixOS module remains default.

My current solution is the add two extra packages, _apptainer-nixos-overriden-default and _singularity-nixos-overriden-default into all-packages.nix aside from apptainer and singularity with the pkgs.nixos function. The problem is that they will occupy the top two results when trying to do nix search . singularity. It would be even more confusing if the meta.description remains the same.

The workaround I could think of is to override the meta.description with "" or something like (Not for install). I wonder which practice would be better, or if there would be some other less-confusing solutions.

1 Like

Could you use a wrapper?

The build option, defaultPath, and configuration directory are all required at compile time, preventing any changes without a rebuild.

The upstream said that the decision is made out of security consideration.

How about we patch that out and replace it with a config file or env? It is rather wasteful to recompile an entire program just to change those strings.