Glad to here you switched to NixOS! For your hydra checksum concerns see https://github.com/NixOS/hydra/pull/277 --- in short it would be nice if we had "non-deterministic derivations" for this, but in the Eelco has just added a `fetchGit` builtin in the meantime.
I hope NixOS can somebody impose no policy and the user other than using Nix, but rather just provide support code for every conceivable setup, so please I hope you continue using it rather than rolling your own with Nix! Interesting use-cases are exactly needed to pull NixOS in this direction. On Wed, May 4, 2016 at 8:23 AM, Nahum Shalman <[email protected]> wrote: > On Wed, May 4, 2016 at 10:25 AM, <[email protected]> wrote: > >> On Tuesday, May 03, 2016 11:31:37 Nahum Shalman wrote: >> >> > I think the two most critical areas for us to work on next are: >> >> > 1. Shipping a kernel that enables selinux rather than apparmor. Any >> >> > suggestions about how to do this? >> >> >> >> I'm the person who effectively made the choice in favor of apparmor. >> "Enabling selinux" is trivial in the sense of turning on the feature in the >> kernel. >> > > Sadly that's proving tricky to me and making me feel rather clumsy... My > cerana-test5 branch attempts to do that but fails. I can't yet figure out > why it's remaining disabled in spite of my changes. > > >> Shipping a working and useful policy would be hard. >> > > For the Cerana project it's not so bad as the Nix store will be very small > and limited in how much it's doing so the policy for the core system will > be very limited in scope. For the rest of the software running on the > system we will have tools automatically generating the appropriate policies > for sotware that will be living in the ZFS pool rather than in the Nix > store. > > >> A relevant discussion: >> >> http://lists.science.uu.nl/pipermail/nix-dev/2013-May/011091.html >> > > I am by no means suggesting that NixOS should switch to selinux. Just that > I want my downstream project to be able to use it. > > Thanks! > -Nahum > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev > >
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
