Hacker News new | ask | show | jobs
by soraminazuki 217 days ago
> nixpkgs maintainers are hardline purists

On the contrary, Nixpkgs is generally made by the most pragmatic people and takes a flexible approach to a lot of issues. For instance, very few package managers have packages for proprietary software like 1Password in their official repositories. Nixpkgs also doesn't insist on building everything from source when it's hard to do so. As a result, Nixpkgs contains many packages for NPM or Maven projects. Other package managers insist on packaging all its dependencies from source, which is why they're struggling to package software written in modern programming languages.

As for 1Password, it works fine on NixOS. When installing proprietary GUI apps like 1Password on macOS, I just use Casks. I suspect many people do the same, which might lead to the 1Password package not working as well on macOS because fewer people bother with it.
2 comments
pxc 217 days ago
The Nixpkgs community is internally diverse, but broadly values both "purity" and pragmatism. You can see debates and compromises play out in PRs all the time, or read traces of such careful weighing in the source code of Nixpkgs itself.

For the record, the Nix community's largest public cache doesn't cache binaries of proprietary software because doing so would be illegal— the public doesn't generally have the rights to redistribute proprietary software.

The phenomenon of having to compile free software from source via Nix typically happens when free software depends on proprietary software (which is common on macOS). Maybe this could be ameliorated on a technical level, but I think it's mostly historical accident and ease of implementation that got us to the current situation, where the whole dependency tree has to have a free license for something to make it into the binary cache.

link
devkit1 216 days ago
The 1Password cask will almost certainly continue to work. 1Password distributes a signed installer.
link
SOLAR_FIELDS 215 days ago
Yes the cask is fine. The problem with 1pass installed via nix is that it doesn’t put it in applications folder because that defeats the hermeticity of the solution. However the 1Password devs designed the binary on Mac to only boot out of applications folder, presumably for security reasons. Most other apps you can get around this by setting up trampoline links to the nix store versions, but if the app straight up refuses to boot anywhere else besides applications folder, you can’t use the typical nix installation path
link
pxc 215 days ago
IIRC there are some macOS APIs that you can only access if your app runs out of /Applications. There are some features of an app called "Secretive" (an SSH agent that stores keys in the Secure Enclave) that only work if you have the app installed under /Applications (whereas I'd normally install it under ~/Applications).

1pass probably does this to ensure that people can't accidentally install the app the "wrong way" and break some features.

link
SOLAR_FIELDS 215 days ago
Yep. It goes back to “some things nix does are straight up exclusive to the way macOS needs things to be”, as long as that dichotomy exists nix-Darwin will always have hacky idiosyncrasies like this. It’s not an easily solved problem, and it’s not necessarily Nix’s or Apple’s problem to fix. It’s just two antithetical design philosophies. I would love to see Apple support that kind of sandboxing Nix offers here for these apps though
link