Atemu

it wasn't which, but rather env, I had those mixed up. The "issue" is described here: https://github.com/NixOS/nixpkgs/issues/6227

The problem there isn't that env isn't available (it is, we have coreutils in stdenv) but rather that /usr/bin/env (that specific path) does not exist in the sandbox.

What created more problems was that patchShebangs wouldn't work here because it appeared in a configure script that was created and run during the actual build process (I think the build process is horrible, but here it is in case you're inclined: https://github.com/BSI-Bund/TaSK/tree/master/tlstesttool the stuff in the 3rdparty directory gets downloaded, configured and linked against in the main program's build phase

Yikes, you don't want that.

so you have no opportunity to actually follow the solution in that issue

I didn't read the issue in full but, since everything is pre-downloaded, you can always fix these scripts.

For the auto-generated configure script for example, you'd have to patch the build step which generates the configure script to put in ${coreutils}/bin/env rather than /usr/bin/env. Simple as that.

3rd party repositories can be patched during their respective fetches. You have to inject them anyways since there's no way to download 3rd party repos during a build.

https://pastebin.com/0GwLk1wP if you want to see an example of my level of nix-fu. I have programming basics but the nix language can be confusing sometimes. I'd say I have a basic understanding of things but as said before the more intricate stuff still escapes me.

You have to differentiate between the Nix expression language and using Nixpkgs' frameworks to define packages here. These are two entirely different skillsets with only a slight dependence on the former by the latter.

If you take a look at your expression, it only required fairly basic Nix syntax: Simple function calls, declaring recursive attrsets, string interpolation and attribute access. Most packages are like this.
Figuring out which attributes need to be set how and what that means is an entirely different skillset. Defining patchPhase in that attrset is trivial syntax-wise but figuring out what needs to be substituted using which stdenv "library" function is something else entirely.

Looks pretty good btw. I'd look into whether the build could be coerced to link against Nixpkgs' versions of those libraries though instead of vendoring dependencies. Especially security-critical stuff like openssl. That'd probably also save you the trouble with the interpreter.
If you take a look at the build definition, there's this handy dandy USE_3RDPARTYBUILD option.

I'd wager if you did cmakeFlags = [ ... "-DUSE_3RDPARTYBUILD=OFF" ]; and buildInputs = [ asio zlib openssl ... ]; (from pkgs, not your fetched sources) it'd just work. (Might need pkg-config in nativeBuildInputs but I don't think it uses that and will instead discover those deps via cmake.)

If you can get rid of the vendoring, feel free to submit that to Nixpkgs ;)

My only complaint is it's a bit verbose. I'd rather have it as an option inside the .service file. The .timer requires some boilerplate like [Unit].description (it... uh... triggers a service. that's the description), and WantedBy=timers.target.

This can be solved through abstraction and automation.

In NixOS for example, you can declare a service that runs an arbitrary script every day like this:

{
  systemd.services.your-service-here = {
    script = "echo 'Hello, world!'";
    startAt = "daily";
  };
}

This automatically creates a service file with the script in its ExecStart and an accompanying timer which runs daily and is part of the timers.target.

Haha, knew it was related to portals. Apps taking 20-30s to open while the system is not under stress is almost always a portals misconfiguration.

The same I thought of the last UFO sightings before those.

Not really. Looking at genAttrs, it says that it's genAttrs :: [ String ] -> (String -> Any) -> AttrSet, and the example code is

genAttrs [ "foo" "bar" ] (name: "x_" + name)
=> { foo = "x_foo"; bar = "x_bar"; }

So I'd expect a list of strings and the mapping function. However, from my first naive glance at the code you posted, there's no list of strings there, and rather directly a function definition

That's my bad. I didn't actually look at how the function works, so I got the arguments flipped. This is just a rough outline of how I'd imagine it to work; pseudo-code. 100% untested. Only there for the sake of argument.

packageNamesToModify is the list of strings you're looking for here. As I said though, I can't know which packages are supposed to be changed. That's a piece of info you'd need to research and define yourself. This is just how you'd apply that knowledge through a mechanism.

that makes use of overrideAttrs, for which for me the documentation is unclear if it can only set attributes, create attributes or what else

A function cannot "set" or "create" attributes. For better of for worse, there's no real meta-programming in Nix.

A function can only ever return a value. That value may be any of the primitive types such as booleans, strings, numbers, lists, attrsets etc. or even another function but it's always a value.

In the case of overrideAttrs { ... }, the return value is a derivation. In the case of genAttrs, it's an attrset.

buildInputs at first naive glance isn't an attribute of the packages, but rather of stdenv (sorry if all of this is wrong)

That is correct. However note how I said that overrideAttrs is about overriding arguments to mkDerivation? The canonical path to mkDerivation is stdenv.mkDerivation ;)

mkDerivation is the way you set arguments for the stdenv. .overrideAttrs is how you "modify" the arguments to the stdenv of an existing package.

all of which isn't exactly intuitive if you've only worked with imperative languages.

I can absolutely see that. You'll get used to it though. When I was new to Nix, it took me quite a while to realise how you'd even do something like creating loops (spoiler: you don't).

I'd highly recommend familiarising yourself with basic functional programming concepts such as immutability, everything being a value (including functions, see lambdas), recursion, basic functional list comprehension (head/tail, map, filter, reduce) and perhaps even currying.

Nix is a great learning ground for the basics of functional programming as it's a pure expression language which is quite a bit more limited than an actual functional programming language.

I tripped over some stuff back then when I found out that which is not part of the sandbox.

That's what buildInputs are for. Add which to buildInputs and it's available inside the sandbox. The stdenv takes care of putting its binaries into $PATH and making its libraries discoverable.

In the case of which, you'd probably need it in order to execute its binary during the build process though, so nativeBuildInputs is more appropriate but that only truly matters for cross-compilation.

Stell dir vor du bist zu arm um gerettet zu werden. Das sind ja schon fast Amerikanische Verhältnisse.

Thanks. I didn't know that worked, however I'd say this is rather advanced nix.

Sorry, I assumed you were an advanced user/the code was easier to understand. It's easy to get caught up in the imposter syndrome.

I know genAttrs "generate[s] an attribute set by mapping a function over a list of attribute names", however for this piece of code I'd have trouble locating the list of attribute names.

You mean packageNamesToModify? You have to provide those. I don't know which packages could be built with my-proprietary-codec and it's not feasible to figure that out automatically.

But I guess this is because I don't understand overrideAttrs fully / correctly. In my defense, locating the documentation for that one isn't trivial – I think this requires having some more experience with the language and the needed libraries.

Yes, certainly. overrideAttrs allows you to "modify" the argument originally passed to mkDerivation such as src, pname, version, buildInputs and many more. To understand overrideAttrs, you must know what these common mkDerivation arguments mean. From then on, overrideAttrs is trivial to understand.
It's like writing a derivation but "updating" an existing derivation to be slightly different.

While I know that genAttrs is defined and explained in nixpkgs/lib/attrsets.nix, I'm not so sure about overrideAttrs– I'd guess it's in nixpkgs/pkgs/stdenv/generic/make-derivation.nix? Even https://ryantm.github.io/nixpkgs/using/overrides/#sec-pkg-overrideAttrs is not very verbose.

Please don't take this as criticism, I know nix is a full language and I'm not trying to bash anyone here, however there's quite the learning curve.

Oh absolutely. There's quite the learning curve, almost everyone knows that. It's just not an easy thing to fix and you don't tend to think about learning things you already know, so it's not constantly in people's minds.

What you’re actually looking for here is a Gentoo USE-flags like system. We have a precursor of that in i.e. config.cudaSupport but it’s not widely used.

In my uneducated opinion, full use of USE-flags are rather complicated with package managers providing binaries, no? It would require a big number of builds for all possible options and their combinations.

I'ma let you in on a little secret: We're not actually a binary distribution. We're source-based.

It's integral to the functional approach. Every artefact is a more-or-less direct result of a realisation which is the direct result of an evaluation of Nix expressions. The latter is pure and the former we strive to make as pure as possible via sandboxing.
This allows us to treat artefacts as replaceable objects which means that instead of building locally, we can substitute the (theoretically) same artefact from somewhere else and that's the binary cache.

You’d do that upstream because that’s something that every instance of ffmpeg should be able to do. And also ping me because I maintain ffmpeg ;)

Thanks for your work, I don't really need jpeg-xl in ffmpeg, I played around with it when I was still using Arch (i.e. take screenshots in the format in mpv) but it wasn't urgent enough for me to file an issue on Github.

If you're at all interested, go ahead and do so. That'd make for a great first PR. JXL support is something you'd expect of ffmpeg in the near future (if not already), so this will happen anyways.

I haven't switched yet but I'm about to.

Proton seems to have a pretty powerful filtering system that you can program using a DSL: https://proton.me/support/sieve-advanced-custom-filters

From what I've gathered, you can simulate unlimited addresses for your domain by setting up a catch-all. To reply from a certain catch-all'd address, you need to create an address for that name.
I wonder if you could do that via API; creating and deleting the address just for the moment where you're sending the reply.

It's strange to me that they don't offer unlimited domains. I guess it's to discourage business users from using the cheap email plan intended for individuals? That one doesn't have user management, so that doesn't really make sense either.

Almost looks like they were swapped.

🤡

The issue with how OP stated it though is that it basically means adding a dependency to a multitude of packages

How would I be able to change a dependency so that each package dependent on it automatically picked it?

how would you add my-proprietary-codec to all packages supporting it?

Gather the list of attribute names and then define an overlay like this:

final: prev: lib.genAttrs (n: prev."${n}".overrideAttrs (old: {
  buildInputs = old.buildInputs or [ ] ++ [ my-proprietary-codec ];
})) packageNamesToModify

It should be said that packages usually don't work like this however (they usually depend on one central thing which then depends on some proprietary thing) and if they do, there's usually an override setting for the package in question with the dep already wired up.

What you're actually looking for here is a Gentoo USE-flags like system. We have a precursor of that in i.e. config.cudaSupport but it's not widely used.

how would you add JPEG-XL to ffmpeg

You'd do that upstream because that's something that every instance of ffmpeg should be able to do. And also ping me because I maintain ffmpeg ;)

and other packages that make use of it independently (e.g. so that Gwenview supports JPEG-XL)?

I'd expect most packages to make use of such a feature dependently. I don't know how gwenview or QT stuff works but from a quick Google I gather that KDE stuff has the kimageformats library which then in turn depends on jxl. Gwenview should depend on that but only depends on qtimageformats currently? I'd give adding kimageformats to its buildInputs a spin if you're curious. If it works, make sure to submit a patch against Nixpkgs.

This isn't the sort of thing you should solve in an overlay (better just do it upstream) but you certainly could.

Are there any 3rd party repos for NixOS?

Define "repository". For most definitions of a repository the answer would technically be "yes" but yours might differ.

Would it be possible, for propietary software compiled directly for NixOS, to have a binary-only (as opposed to source, or binary+patched) repository?

No. For a "native" Nix output path, you must have the full build definitions; Nix expressions.

In the case of most proprietary software in Nixpkgs, the BLOB of the actual thing is a FOD (fixed-output-derivation) which obfuscates everything behind it; meaning it can't depend on other Nix output paths. Only the the dependency DAG for the wrapping around it is known.

Let’s say I want to add some extra, propietary codecs unavailable to NixOS. How would I be able to change a dependency so that each package dependent on it automatically picked it?

This is what overlays are for. They allow you to change the meaning of some package name in the context of an entire package set in which other packages may depend on the meaning of that package name. Those packages will have the change in meaning propagated to them.

Note that changing a low-level package with many dependants such as i.e. mesa will cause a change in those dependants derivations; a change that is not present in the expression used for the central binary cache and therefore requires you to build the packages yourself. With a decently fast computer, building a typical desktop closure from such a low point onwards will take at least half a day.