Nix on Darwin – History, challenges, and where it's going

Video thumbnail (Frame 0) Video thumbnail (Frame 3339) Video thumbnail (Frame 4620) Video thumbnail (Frame 6302) Video thumbnail (Frame 8844) Video thumbnail (Frame 11882) Video thumbnail (Frame 16446) Video thumbnail (Frame 19116) Video thumbnail (Frame 20160) Video thumbnail (Frame 21922) Video thumbnail (Frame 27941) Video thumbnail (Frame 29368) Video thumbnail (Frame 35969) Video thumbnail (Frame 37360) Video thumbnail (Frame 38943) Video thumbnail (Frame 41747) Video thumbnail (Frame 43278) Video thumbnail (Frame 44603) Video thumbnail (Frame 46138) Video thumbnail (Frame 47893) Video thumbnail (Frame 50003) Video thumbnail (Frame 51107) Video thumbnail (Frame 52340) Video thumbnail (Frame 59915) Video thumbnail (Frame 61935) Video thumbnail (Frame 62999)
Video in TIB AV-Portal: Nix on Darwin – History, challenges, and where it's going

Formal Metadata

Nix on Darwin – History, challenges, and where it's going
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date
Production Year

Content Metadata

Subject Area
For the past couple of years, Darwin has been a first-class "pure" platform on Nix. In this talk I'll describe the many hurdles we've had to overcome to get from an impure poorly supported platform to where we are today. I'll also cover ongoing pain points and where we see the platform going, and why I think it should take over the Mac packaging ecosystem. When I first encountered Nix, I was simultaneously impressed by the purity of its Linux environment with virtually no untracked external dependencies, and disappointed with the situation on macOS. On macOS, some of my first experiences with Nix involved some painful surprises of impurities breaking my Nix builds, and my early attempts to fix them largely failed. As I tinkered with Nix and spoke to experts online, a clearer picture emerged for how to move from the impure situation to a pure one, and a few of us banded together on IRC over the following few months to bootstrap a pure compiler toolchain and OS-appropriate SDK from scratch. It's a grueling story of mass rebuilds multiple times a day, repeatedly waiting for three hours just to find stupid typos, and hunting down undesired dependency chains, but in the end it came together and actually worked, much to everyone's surprise. Although the situation is now far better than it was, there is still much work to do, and I'll go over some of the root causes of much of the remaining pain and how I propose to tackle it. I'll also go over some exciting recent developments in the macOS Nix space and what I think the project and platform will look like in the longer term.
Adventure game Demon Programmer (hardware) Process (computing) Multiplication sign Mixed reality Software developer Electronic mailing list Bit Quicksort Software maintenance Freeware
Module (mathematics) Software developer Order (biology) Sheaf (mathematics) Configuration space Declarative programming Computing platform
Execution unit Data management Software developer 1 (number) Website Table (information)
Randomization Thread (computing) Multiplication sign Control flow Quicksort Mereology Error message Number
Web page Greatest element Open source Multiplication sign Connectivity (graph theory) Patch (Unix) Source code Mathematics Linker (computing) Core dump Utility software Exception handling Physical system Installation art Source code Distribution (mathematics) Email Inheritance (object-oriented programming) Information Software developer Projective plane Content (media) Code Maxima and minima Bit Line (geometry) Software maintenance Thread (computing) Compiler Type theory Message passing Root Process (computing) Bootstrap aggregating Kernel (computing) Software Quicksort Table (information)
Standard deviation Direction (geometry) Source code Binary file Public key certificate Compiler Neuroinformatik Process (computing) Bootstrap aggregating Intrusion detection system Compiler IRIS-T Quicksort Information security Information security
Email Direction (geometry) Multiplication sign Civil engineering Branch (computer science) Average Binary file Compiler Web 2.0 Inclusion map CAN bus Derivation (linguistics) Software development kit Mechanism design Password Normed vector space Configuration space Quicksort Fiber bundle
Computer file Modal logic Direction (geometry) Control flow Function (mathematics) Mereology Binary file Thomas Kuhn Derivation (linguistics) Mixture model Mathematics Uniformer Raum Root Linker (computing) File system Energy level Circle Execution unit Standard deviation Software developer Forcing (mathematics) Variable (mathematics) Compiler Hand fan Bootstrap aggregating Right angle Fiber bundle
Point (geometry) Email Greatest element Building Randomization Open source Computer file Connectivity (graph theory) Multiplication sign Source code Collaborationism 1 (number) Virtual machine Branch (computer science) Water vapor Mereology Damping Software testing Scripting language Collaborationism Email Standard deviation Multiplication Touchscreen File format Compiler Bootstrap aggregating Kernel (computing) Voting File archiver Iteration Quicksort Figurate number Library (computing)
Point (geometry) Email Standard deviation Thread (computing) Run time (program lifecycle phase) Computer file Real number Multiplication sign Point (geometry) Branch (computer science) Parallel port Branch (computer science) Bootstrap aggregating Integrated development environment Algebraic closure Different (Kate Ryan album) Revision control Energy level Quicksort Object (grammar)
Standard deviation Computer file Patch (Unix) Multiplication sign Electronic mailing list Attribute grammar Revision control Derivation (linguistics) Bootstrap aggregating Process (computing) Quicksort Physical system Window
Rule of inference Building Personal digital assistant Lemma (mathematics) File system Code File viewer Quicksort Disk read-and-write head
Bytecode Demon Mobile app Regulärer Ausdruck <Textverarbeitung> Computer file Code Multiplication sign Numbering scheme Computer programming Front and back ends Neuroinformatik Profil (magazine) File system Process (computing) Compilation album Default (computer science) Service (economics) Standard deviation Debugger Data storage device Client (computing) Maxima and minima Kernel (computing) Process (computing) Interface (computing) Interpreter (computing) Compilation album Hill differential equation Quicksort Escape character Figurate number Remote procedure call Physical system Library (computing)
Mechanism design Standard deviation Process (computing) Namespace View (database) output Parallel port Principal ideal domain Function (mathematics) Quicksort Figurate number
Point (geometry) Reading (process) Default (computer science) Group action Standard deviation Installation art System administrator Branch (computer science) Subject indexing Different (Kate Ryan album) Atomic number Quicksort Summierbarkeit
Standard deviation Divisor Bus (computing) Divisor Quicksort
Default (computer science) Standard deviation Mathematics Computer configuration Software developer Core dump 1 (number) Configuration space Bit Line (geometry) Mereology Default (computer science)
Randomization Building State of matter Interior (topology) Multiplication sign Source code Thermal expansion Set (mathematics) Mereology Computer programming Software bug Power (physics) Revision control Mathematics Latent heat Mechanism design Graphical user interface Average Software testing Lie group Booting Physical system Source code Standard deviation Wrapper (data mining) Interface (computing) Software developer Consistency Software maintenance System call Kernel (computing) Process (computing) Website Quicksort Remote procedure call Library (computing)
Component-based software engineering Derivation (linguistics) Building Regulärer Ausdruck <Textverarbeitung> Open source Core dump Process (computing) Software maintenance System call
Building Standard deviation Open source Dreizehn Patch (Unix) Software developer Multiplication sign Design by contract Mereology Revision control Degree (graph theory) Derivation (linguistics) Data management Kernel (computing) Different (Kate Ryan album) Core dump Touch typing Musical ensemble Computing platform Fundamental theorem of algebra
all right next talk is by Dan Peebles he's been addicted to next for the past couple of years and is now the maintainer snakes on Darwin and when he's not trying to wrangle the Mac OS into behaving properly he works as the programmer and an efficient internal next adventure list at Bridgewater associates also has skilled and actor recovering okay so this is actually yes yeah so I am Dan also known as Co pumpkin online it sounds weird to pronounce that so I try to avoid it and yeah so I I'm gonna talk a bit about Nixon Darwin that's the Darwin mascot if you don't recognize it also known as hexley hexley is a corruption of Huxley who was actually one of Darwin as in the person Darwin's strong advocates but then people miss remember his name and called him hexley and made him into a pathetic a platypus demon the demon stuff is from BSD the platypus is from anyway that's where that comes from the other the other logo you should recognize so yes as as as you know said I am developer at Bridgewater I do a lot of Nick's at work I do a lot of mix at home it kind of ate up all my hassle free time that I used to use it for so if you know me from the household community that's Nyx's fault that I don't participate anymore but anyway I think it's working out okay I also open a lot of issues that's my my greatest pride and I'm from yesterday's stats that's that's my main job okay so so anyway i'm nixon darwin is love or maybe not but usually possibly it's a it's sort of up in the air but I'm gonna go over a bit of what I'm
gonna talk about and then I'm gonna talk about it and maybe I'll talk about what I talked about so motivation why I actually want to do this why I care why maybe you should care many of you probably don't but because you're Linux heads I also use Linux but I also like Mac OS some history purity sandbox not in any particular order those are going to get kind of mixed up and then a section at the end about where I think we should go and what the current issues are notably not talking about next are one you should talk to die tard if you want to talk to talk about that it's awesome it's it gives you next to us like module support and configuration declarative configuration on Mac OS but I will not be talking about that because I know pretty very little about it okay so the
motivation packaging purity is not like specific or it shouldn't be it is or was until until we did this work purity is is great we love purely functional designs and and it it should be available to more and more platforms than it were that it used to be I obviously enjoy using Mac OS you can see I've got a Mac here and a lot of other developers do too you can see this is a
fairly common site at least on college campuses but also hackathons conferences you will see a ton of glowing apples they've they've stopped glowing as much nowadays but they still are present but yes a lot of developers like using Mac's and I would like us to get it taken more seriously in developer community so I want the Mac experience to be good there's a lot of them are like really passionate about a table unclear they will they will go so far as to insult Linux and various things that's not what I do but but don't do it back so there's
also another motivation which is there there is a package manager or there's a couple of package managers on Mac OS one of the main ones is called homebrew and it's a huge community it's it's very popular but it suffers from not being Nicks and what I mean by that is what I mean by that is you'll see that the ticket it's a Mac OS 10 13 is the latest release of
Mac OS and this was a ticket of like trying to collect issues that came from from the latest release and this is these are some snapshots but like this is the actual full ticket as at the time I collected this snapshot which was this morning which with a hundred 22 comments and this just tons and tons of build errors because Apple shuffled a few things around and decided to break everyone and because homebrew is impure effectively and and sort of depends on random stuff from Apple all the time and it's like not deterministic and in that sense they they need to deal with it and they need to scramble to deal with it they can't sort of upgrade on their own time it's like oh well Apple switched out everything from underneath us and now we need to deal with it and so luckily they have a huge community so so that's great like they have I don't know 50 contributors like just posting on this thread alone and their other threads about that about this upgrade as well this is just the first one but it is it's not really a very sustainable workflow and definitely not something that would work for us because we have a much smaller number of people working on it so purity helps us there and I'll talk more about that later but but anyway this is a this is one of my motivations because like this purity Adel the lack of purity makes makes this kind of stuff much more common and harder to deal with another motivation is I use it at work a
lot of my colleagues use Mac's at work and I want them to use next as we said earlier I am trying to evangelize this at work it's mostly kind of working which is a which is another story but part of that is they are able to use Nix on on their Mac's and transport their packages to Linux then have it work exactly the same way and probably one of the final motivations before I before I
go there is this just offends me which is the way you get developer tools on Mac OS the endorsed way and you need this for homebrew you need this for pretty much anything out there is you install a package an official Mac package called the line SDK and the command line SDK basically you if you type get on the command line on a brand new Mac it will pop up a GUI panel saying would you like to install the command line SDK and you press yes and it downloads one hundred fifty megabytes of stuff and then installs for a while and then you type get again on the command line and what it prompts you is a message much like that saying before you can use it you must agree to the license of the Apple SDK and this is for open-source software so there example there is GCC and before you can ever use it you actually need to agree to this to this license which means rerunning the exact same command as sudo and it will prompt you with a page of text or like a pager of text many pages inside a pager of text at the bottom it will say yes or no and you accept it and then it remembers that under Super User and will never prompt you again but anyway that has always been a huge annoyance and that is basically my reaction to that is rather famous Italian politician there but anyway so so that's that's why I care many of you will probably say well screw that I'm just gonna use Linux or Nix OS I understand that I have been tempted too many times myself but yeah keep that coming back to this so moving on to a
few credits before the actual the core content this is there are there are tons of people involved in this these are these are some of the the names that that really popped out off the top there kike Jude Jude Taylor on github was instrumental to and much of the early work and I will be referencing him a lot throughout the the rest of the history of this gritty phobe john wiggly who's also guilty of getting me into nicks in the first place and and you'll see down there at the bottom is el ml7 who's in the back of the room and who who is more recently a sort of become a major maintainer of the thing and has been doing a kind of really good work here so one more little piece of background is before actually launched into this I'm just going to explain how Linux works and how a lot of the bootstrapping works because with any luck most of you haven't had to deal with it so standard am most of us have seen that most of us I hope haven't actually had to deal with how it is constructed but it is it is a bootstrap process starting from a very small table all of the minimal amount of stuff that we could think of to to put in there that would actually construct a valuable system on top of it and so in the bootstrap you'll find a compiler linker a few core utils and stuff like that and then everything else is built on top and a bunch of headers but everything else is built on top of it that is true on Linux and it is also true on Mac OS now but wasn't true before we started this product and so the the bootstrap process is like a very carefully groomed process of having in multiple stages you build one thing or build us a handful of things and then in that those those become the standard em of the next stage and then you're trying carefully to maneuver to avoid depending on things that you don't want to depend on and it's it's difficult and painful and but is something that sort of once you get it working generally kind of stays working unless people majorly change dependencies of core utils or things like that another sort of cute little piece of background information is you may not know this maybe you do Apple publishes a lot of the source to two core components of Mac OS on open source at Apple comm calling it actually open source is a bit of a optimistic the Apple was variant open source when they first released Mac OS and early 2000s and actually had an open source distribution called open darwin they could run x and is running on the Mac kernel and all that stuff and they lost interest a few years later and that died they regain interest and then it died again and like it's anyway they publish source right now and they will not accept patches you're not you're not going to be able to do any sort to the golden sorce things except for a handful of projects like Swift or whatever on github but generally they're their stance on open source is very variable so that actually lets me start on the
main on the main topic that's sort of like how this came to be the the standard M that I'm describing is actually in today everyone on a Mac uses it and this is sort of how it came to be so in in the third quarter of 2014 was when I pretty much when I started started NYX thanks to John Wiggly who who was walking around a Haskell conference that happened to be at offering to install make some people's computers and I I said okay sure yeah you can stall next on my computer and I looked into it and got addicted and stopped using Haskell and all that stuff but uh yes is you can blame him for my for all those tickets that I put in and so next packages on Darwin was very impaired and what I mean by that is that bootstrap process I just described wasn't there at all there was a standard am the standard on basically said my compiler is a user bin cc that's a simplification but effectively that and if user bin CC doesn't work then then you know Nix doesn't work if if you haven't installed that SDK thing that I was talking about earlier and the next doesn't work all that stuff like you needed to go and do it yourself beforehand and if someone installed an update to that SDK and it changed the way the compiler work and Nix wasn't aware of it then next we're great and next with great glob basically and so it wasn't very fun and and I when I first when I first started using Nick's I made a few little pull requests here and there but like what what and it became very obvious to me very early was pure purity mb i i saw it saw the lens people it was very pure is very nice it was very deterministic and then everything was always breaking on mac OS and so i was i was getting more and more envious of how it worked and so started started doing a few little pull requests here
and there security tool is a random random tool that apple provides the source - we used to depend have a haskell package i think an x.509 a certificate package depend on security tool but it was depending on it implicitly and just using user bin security this was my first ever sort of step in this direction and compiled it from source still compiled in purely from source but compile it from source because apple releases the source of that particular tool and you can see that i i was starting to to move in that
general direction there's a branch called mac purity up but this was in in sort of three quarters through 2014 I sort Lee after added the command-line
tools which is basically on SDK I was talking about before it's it's still this big bundle of stuff there's like compiler and headers and all sorts of stuff like that in there and I I made a full request basically adding that that SDK so instead of just depending on and user bin we might eventually be able to depend on it like just to use a derivation reference and and have it appear in in our things automatically and have have Nix download it for us and when I say next download it for us there's a very ugly thing some of you may have seen there but there's password because Apple distributes this thing or at the time distributed it behind a an authenticated web endpoint and and the actual henna keishon mechanism was ugly too we had a special downloader for it called fetch ADC it was horrible but basically you needed to put in your config dot next to use this stuff at all you need to put a username and password from an Apple account that wasn't great and at the same time a Jew tailor who I mentioned earlier was working on on getting clang to work as a proper
standard em in in Darwin because one other thing that I didn't mention earlier is Apple's a big big fan of LVM a lot of the public LLVM the development actually comes from them and they they used to employ the the Creator LVM who then left I think for Tesla or something like that but but they they are fans of LVM in part because it's not GPL and and apples and apples not a fan of the GPL and so they they use GCC up until like I don't know 10 years ago but as soon as they LVM became remotely viable they started throwing a ton of money behind it and and so what happened is 10.10 that he's referring to there is they used to provide a shim a compatibility shim that pretend that allowed LLVM to pretend to be GCC but they stopped they stopped shipping that in ten 1:10 and so our impure references to GCC would have all broken when 10.10 was released and so his goal in doing this was not only to get clang-clang based a standard ad working but also to to you know have not all of Nyx break when 10.10 was released now things to note here are you can see just even in the defect circles right there Nixon force purity is septa - nothing that that is a magic environment variable that gets set all over the like super low level and inside the standard M and tells the tells the wrappers around around the linker and the compiler to to not complain if you see a path outside of the next door because that was necessity in the impure days and the other the other big thing is there's a very sad user bin right right low down there kind of everything comes out of there it's still super impure but this was a step in the right direction and allowed us to start to start moving in the direction of apples apples own tools the the next big step here was was effectively adding a fake bootstrap and what I mean by that is you'll see there's a trivial bootstrap dot SH right there that trivial bootstrap and I'm just gonna show a little little a little clip of that trivial bootstrap now SH its instead of just making references directly to to the paths on the filesystem which was which was particularly impure instead I add one level in direction because that's always the right answer and sticking inside a derivation and so the Builder of this derivation was just calling Ln against the against the impure paths and what with that allowed me to do was plummet plummet through a little better and so instead of depending directly on on Vanessa or I guess everything else still depends on the Bennis age but bin CP you can now depend on like the the actual derivation path which happened to then point to bin bin CP but then someday maybe I would be able to change that so so this was the very beginning of the whole effort was with this this file basically and then that allowed us to start plugging around a few things like this so so this is possibly not the best example but but you can see I should there's like build tools like instead of actually making a reference to to the root filesystem now I'm actually making references to two derivation outputs this one act happens to be common commented out that was a I missed it but anyway and it wasn't always gone Fidel and so so what happened next was this make bootstrap tools because because like so now we got a we got a fake bootstrap now I want a real bootstrap and so I wanted to want to start getting towards what what Linux has Linux hasn't makes bootstrap tools done next under under their Linux standard and but obviously that doesn't work on us on Darwin so we needed one of our own and so I basically like I was still pretty clueless about Nix III didn't really know a lot of a lot at the time and so I basically just copied the Linux one and made a few changes what
happened to my so yes so make boostrap tools I I was clueless I copied effectively the Linux mixture of bootstrap tools which which
sort of indicates that I that this basically didn't work when I first committed it you can see there's Darwin up there but I actually refer to busybox down the bottom there which doesn't work at all in Garland so like this just would've failed but it was it was a start and and we the this this was basically the beginning of the collaboration between me and Jude on IRC to to really like work work together on on hacking together the very basic bootstrap tools that would allow us to choose ER to become pure and so so those bootstrap tools there's there's a few different components as I mentioned like the compiler itself and then there's the headers and headers is actually where the meat of the work went so I'm just gonna like here's I guess evidence of
the collaboration there's Jude you see at the top there me down at the bottom there that there there's a water it's most Muslim throw away and most of them have really shitty commit messages but and this can all be found on my ancient branch on my my github port the headers there were tons of commits like this this was basically started in in early early October and went for basically a month of basically harvesting random packages from open source at Apple comm and effectively looking through the Apple SDK and they published and trying to figure out where the headers came from because they usually came from a package that Apple released but wasn't always obvious where it came from and so I needed to go effectively had like a script where I listed all the files in there header hold her and tried to map it to a to a package from an apple and and then tried to figure out how to package that in nix and then harvested the headers from there and like we can reconstituted them into something that looks vaguely like apples official one this is all just to avoid licensing restrictions because Apple releases their SDK with a different license from the from the constituent parts of it and so that's that's how you end up with that weird licensing agreement there even though all the headers and stuff are released under the eight ESL which is Apple public source license which is pretty permissive the the SDK itself is is rather unpleasant and and is much more nebulous about actual packaging are so so effectively it's it's figuring out how Apple builds that SDK from from all the packages which to release anyway and so there's there's a lot of annoyance there around things like like if you're just going to buy a header name it's a lot of the headers have like there's multiple headers with the same name which means that if you have a like the the kernel that they released the source code to the kernel the kernel has because it has no dependencies has a bunch of headers of its own and has like a sudo standard library and various things like that those headers are not ones you want to use outside of the kernel but if you're not careful you accidentally pull them in from the wrong place and it gets very messy so so that was a pretty painful point and a lot of experimentation around around how to constitute those bootstrap tools and and as far as how I was actually testing this when I was when I was going around it was it was pretty cocky you can see here I have the standard amp again with enforced purity equals one unlike before and this was my might basically the the bootstrap tarball so we have the CPI owed up easy to see PIOs obscure archive format that is easier to unpack I guess than tar that's I was just copying what Linux was doing at the time you'll see that I was actually pretty clueless about next because I actually had this this path in quotes and and that was just basically relying on impurity to work at all but it worked and I was it was a because we didn't have a sandbox or anything at the time so anyway I was able to do coffee and extract extract the bootstrap tools properly not my kind of stuff and so so this was effectively how that I was testing it I would run Nix build I'll make bootstrap tools see if it worked if it did work I'd leave it in that path and then have had this other thing consume it and try to actually build stuff from scratch and it would not work and then I'd have to amend the bootstrap tools and rerun it and all that kind of stuff it wasn't very fun especially since even like them the way I had the standard I'm working at the time required three different LLVM builds and clang builds which are I if anyone's tried them are very slow it takes the least an hour probably each for an LLVM and clang build depending on how powerful your machine is and so the iteration time on this was extremely slow and painful but I since figured out how to make it work with just one which is much nicer it's still pretty slow and so what this led to was was effectively a bunch more badly named commits and then we actually you'll see there there's Darwin bootstrap tools and this looks much darker here than I did on my on my original screen but this was creating the original bootstrap tools that actually were somewhat viable and this was kind of the end of one branch and then I I actually fed those into a
different branch and you can see this is the very first time in November about a month after I started this whole thing actually using the new bootstrap tools in an another random branch that is now lost referred to anywhere and and so that was effectively the beginning of like a real actual pure environment in in Darwin it was it was miserable getting there it was pretty nice after that although there was still a lot of very slow durations because it took me a long time to figure out that the three clangs were unnecessary so this is where I'm gonna start sort of breaking up the sort of the path of history because a few different things started happening at this point like a lot of these that the header wrangling was basically just me working alone on that and sort of obsessively and then and then we we had a few different parallel threads happening after this effectively there
there was a on one level there's there's the we want to refine the standard out so it was the one other thing I mentioned earlier about Linux was it's it's very careful about the dependencies it has because one of the one of the objectives is to not depend on the bootstrap tools and like you want no runtime dependencies on them because I guess it's like a cleanliness thing almost like you don't want to feel like like you wanna be able to garbage-collected it's not as if they're actually pretty large but but it feels wrong to sort of retain a run time dependency on them and you want to sort of be a completely independent and be able to ship around the standard AM closure without them and unfortunately my synonym at the time had thousands or housings but um the references to to the bootstrap tools all throughout it and today it does not and so this is effectively what it looks like it's a little snapshot of the dot file that the next door spits out for run kind dependencies so you'll see there's no
bootstrap tools in there and that was an extremely painful process again because of the 300 VMs and sort of the key thing you end up doing here is is something
like that you put in allowed requisites if there's anyone actually seen that or very few I mean I know Hugh you have that attribute before is it's a derivation attribute is kind of special Nix Nix will consume it and and treat it as effectively if you have a transitive dependency on any anything outside of that list it will it'll barf and reject your derivation there's a few variants on it you can have just there's the non-transitive version for allowed references there's you can have a blacklist instead of whitelist I think anyway this is this is our final standard am this was a about a month later I think we we were sort of able to reduce this down to down to only having a few dependencies and none of them are the are the bootstrap tools but that was another extremely sort of painful process that I think if anyone wanted to start another standard mm like FreeBSD or some BSD or Windows they would also have to figure out this kind of stuff and it's Nix why depends would be extremely would have been extremely nice in this in this whole process but at the time it was pretty much get next-door graph out and then run grep looking for for why the which files and their depend on it depend on on the undesired package and then figure out how to get rid of it but it's a anyway we got there and and the the the standard am still includes these in fact I probably went overboard every stage of the standard em includes these because it might make so much easier at every stage to be able to figure out where the dependencies are so
I mentioned the sandbox earlier we we started fairly early on before having an official NICs sandbox I'm using some sandboxing tooling inside Mac OS to do
all the same stuff there's uh this was the very first commit that I was able to find using it you see there's a sort of purification for running in sandbox and this was very early and what I mean by that is is basically the what what makes used to call the troop builds effectively and and you you wanna you want to stop your package build from seeing random stuff around the file system because your build tools Auto Kampf loves to look all over the file system or in many cases does see make is even worse at it will we'll go find things that you never knew you had and use them and and so at least for purity and possibly security if you're if you if you care about that you you want these things to be pure and or to be isolated and so Apple has the sandbox and machinery called a sandbox also
known as seatbelt and it's it's almost completely undocumented except for like a front-end that we can't really use that they shipped with the App Store and so there's this tool called sandbox exec which which will take a a scheme program and yeah so Apple actually actually built in a scheme interpreter into their into their OS it's not in the kernel there's there's a user using LAN library and then they ship bytecode the kernel and the kernel runs bytecode but it's tiny scheme and if you can if you actually look around one of the libraries on your file system on a Mac you'll find the tiny scheme Prelude and standard library and all that kind of stuff but it's you can if you come across a set comp on Linux it's it's a very similar idea except it actually has a decent front-end so and and the front end looks something
like this so so this is uh this is the NTP daemon on Mac OS I just grabbed it off my computer before this this talk and it pretty much every daemon running on Mac OS runs in some minimal permission sandbox like this so if someone were to find some sort of remote remote code execution in my NTP daemon they would not be able to do very much other than maybe change my time at least on without coupling it with some sort of sandbox escape I think and so this is these are files that you can find on your Mac but but are basically completely undocumented and so like the the various capabilities you can grant process Forks signal same sandbox all that kind of stuff it's quite readable so you can sort of figure out what they mean by that but is not documented at all other than people reverse engineering so we decided to to standardize on on doing this we were using a sort of ad hoc sandbox profiles for our Nix builds and and so submitted a PR against against Nix this again is
much darker than I hoped but you can see that and very vaguely you can see me submitting a PR against Nix in the very beginning of 2015 that actually added support for using this automatically to Nix under build use troop which we then renamed to build we used sandbox because it wasn't very accurate anymore and and it works in exactly the same way we're almost exactly the same way as the as the next one or the mechanism is completely differently but it basically asks and Nick's figures out the complete transitive dependencies of a of a build on our from the derivation and and then it makes those all available as read-only inputs to to the builder and then the only writable thing is the output and it turns off network access it turns off viewing of pids of other processes all the nice stuff that we're sort of getting in Linux with namespaces we get from not all of it most of it we get from the sandbox machinery and Mac OS so that was a pull request it went into Nix it was very nice and then it kind of died so we're gonna revive that in hackathon this year or today tomorrow but so there's also just sort of general
cleanup this was a this was another sort of parallel effort that happening after we got the initial standard out a ton of packages were sort of broken in many
ways so what we what we ended up doing was we were afraid of breaking the the five Nix Darwin users that existed on main index packages I'm being a little little caesars there but there were there were there weren't very many next Darwin users at the time and we're afraid of breaking it so we didn't just want to merge the new standard em because it was at that point probably worse than me than the amperior standard and a lot of stuff was broken so what we did was basically just made my fork into a long long live fork and we had a branch on there called pure Darwin and I actually opened up the issue tracker on the fork which isn't usually available by default and github so there's this is from my Forks issue tracker of all sorts of things that that did not work with the new standard admins like Python 3 didn't work Ruby all sorts of stuff and we had to go through and this was a massive effort from a bunch of bunch of different people and they and the Darwin Nix group basically just fixing everything that we could find and just trying to build random packages see what broke fixing them going on like that and so that was quite an effort over the next few months and the reason as I said
we were wary of merging yeah the four started languish and I was losing my
motivation its it was a pain in the ass
to to maintain the long live pork as is generally true the merges were painful Linux was always breaking our stuff because nobody knew about it which and and I I was sort of the the bus factor of one for a lot of the standard em stuff so anytime anything was broken there I needed to go fix it myself and I had other other things going on so so it was it sort of looked like it was gonna die or at least seemed seemed to me like it was gonna die but Pikachu
dude saves the day and actually went and put in all the effort to actually upstream it which was great so that is
his pull request in mid-2015 a few months later basically merging the the the standard and and hundreds of packaged fixes fixes and stuff like that well this is um those 871 lines were just the ones the dependencies from the standard down but but then many more subsequent changes back to master you can see me being enthusiastic about it because I was like oh it's not gonna die after all and and it wasn't the default standard am so so it was still it was still just an option you could flip in in config dot next you could say which standard him you wanted and we still defaulted to the other one and then a few months later he made a
pull request switching over the default to the to the pure Darwin one after we after we ironed out the kinks and that's effectively I mean there have been changes but that's effectively the the core part that's still alive today so that's been going for about two years now the more recent developments I'm gonna go into a little bit of stuff
that's happened since then in much less detail short on time L&L seven stepped up I became a effectively maintainer of this this stuff and has has done a ton of a ton of really cool things we had a long-standing bug for basically the two years up until about him a month maybe two months ago where random stuff would crash because of weird pure impure inconsistencies because one thing that I didn't mention earlier is the standard I'm vice I call it pure there there's it's slightly less pure than the Lumix inner dome fundamentally because Apple doesn't want to commit to a syscall ABI her for making sis calls to the kernel and so they actually changed the mechanism occasionally of how that works and so unlike on Linux which which is pretty stable about that Apple says do not write static executables and and go suffers from this because they do anyway and instead make all your sis calls through through what's called Lib system which is effectively part of the kernel in many ways on Mac OS and so that they actually have a tech note on their developer website saying please do not write your own syscall wrappers because we will break them and and so what that effectively means is either we need to we need to be very flexible and how we make sis calls and like have search almost sort of a bunch of switches inside our inside our pure interface to the kernel or we need to just be impure and use the live system like they tell us to and so what we're doing is is the latter so so effectively everything depends on user live live system to make sis calls and that's that's the the Lib C of Mac OS and so what that means is there's the that's an example of the other things so there's a couple of other impurities and then there's there's this whole sort of set of other kinds of libraries that that are proprietary libraries that come with Mac OS 4 that are called frameworks and they're they're used for a whole bunch of gooey stuff a whole bunch of like mac OS specific things that are all closed source none of the public hitters are publicly available all that kind of stuff and we had an incompatibility between one which is it's sort of hard to go into but but but effectively we had we had a pure version of one of those libraries an impure version of one of those libraries and they both maintain global state and they would clobber each other and and so this bug basically plagued a bunch of random programs in them in Mac OS Nix packages for the past the past year and a half or ever since this pure pure Darwin thing went in and and LML just fixed it couple months ago so that was that was a great change because that means they're random go packages no longer crash and random a whole bunch of other things no longer crash which is nice we've we've had countless improvements to the actual set of packages and a lot more things compile and it's very nice seeing random pull requests saying make X so something work on on mac OS this is another very cool development recently is Matthew power packaged a program called XC build that is I'll go into that in another slide but but it's it's a it's a it's actually a big deal the one of the things I mentioned the the homebrew changes for the Mac OS releases we've I won't lie we actually have had to make some changes for every major Mac of Mac OS release but they tend to be very restricted like we make a small change to the standard and everything it works again as opposed to like having to whack-a-mole and fix up a whole bunch packages all in place as I mentioned earlier the Mac both sandbox did actually fall into disrepair we're gonna fix it but it is currently not on by default and if you turn it on it breaks everything so ongoing challenges I guess Linux users still break great caller stuff it's it's not their fault because we really have no way for them to test it I mean it can submit something - yeah - hydrea they have their own jobs but nobody ever does that and so I'll talk possibly about ways to ways to improve that Apple is very unpredictable about how they release their source and and Apple users seem less willing to go tinker with this kind of stuff than on average at least that's my experience so what might be coming
next I think we can actually we actually have a credible story now for for avoiding homebrew which has sort of been a staple of Mac developer for her years now I think I think Nick's OS on Darwin the connects packages on Darwin is actually pretty good now and I basically never use homebrew anymore I think most people might will find that their stuff will just work without homebrew puffin fresh Brian McKenna has done some awesome stuff on a background with Linux VM that sort of just worked transparently the remote builder for Mac OS I for a remote Linux builder on Mac OS so it allows us to build containers and things like that the one other thing we've been looking is I'm going the other way and creating a effectively a tiny Darwin bootable dart Darwin Colonel her Linux users in a VM that's also been great we haven't gotten there yet that the goal is possibly cheaper Hydra workers or or a Linux VM for people to actually test stuff on Linux without without having to buy their own Mac obviously Borg is as a reference to grams pop which will also improve the story there next are one as I mentioned is great there's there's a few other things I'm very short on time so just real quick on yxc build is a big
deal the the standard atom is a is a pain in the ass to maintain like some of the derivation or the builders like look like that and that's because Apple has this proprietary build tool called Xcode build that it ships with Xcode which is very proprietary and and a lot of their open source releases or use it to build their stuff and so what we have to do is sort of expand the build ourselves and translate it into something like this which is horrible and this could just be translated now to a call taxi build which is great and so we're gonna look to integrate that into our into our standard m and and kill a lot of this kind of junk maintainability that's just
like general standard am annoyances and
that's all I got I don't think I have time for fresh lemon contractions there probably no Mac users ears that's it really depends on its it's hard for us to predict what we're going to do so so the issue is is we do have a compatibility shim effectively in the standard out that that papers over some of the differences in the impure and the like we have the fundamental impurity and that things changing out for underneath us and we we wrap it in something that makes it look the same each time and so the short answer is no I don't think so other than if you keep up to date we generally try stuff on the betas and and we'll like we fixed some stuff in the in the standard and a couple months before the actual release we couldn't have predicted the latest screw-up which was Apple breaking the kernel which is still broken that's something I haven't mentioned that yes don't use Nix on on ten thirteen but effectively I don't think there's any better consider and well I mean you don't have to wipe the entire the entire store because if you if you get to a new version as long as Nix itself hasn't broken then you can always get to a newer version and not have to worry about it but your if you use Nicks and a lot and the nicks and Vince the installed things might break also you can brew cask and stored Nick's you can't yeah it's a great talk thank you I was wondering like while I agree that the ultimate goal would certainly be to get rid of home row and have everyone here's Nicks I wonder to what degree can you actually benefit from from whatever the homebrew community has to do when they fix stuff like is it I mean is it are there in their own dark corner with all the impurity or is there is there anything that you can actually benefit from and what's there also what's this sorry vice versa like a Ken day and actually benefit from anything that you have to do to fix stuff so the I wouldn't say I've benefited too much from homebrew what I have benefited from is macports which is another one that I didn't mention it's a much less flashy package manager' and is more traditionally BSD flavored which has the advantage of having an apple developer who actively contributes to it who's also part of the the core apple team and so they he tends to know have and have useful packages are useful patches for a lot of these packages that that have saved us because anyone building these things open source is going to run into the same issues on Mac OS and so we will often steal their patents privately vice versa the approach they used is just so different like it's it's just so impure I I don't really know how I how I'd pay for those differences last question [Music] no question all right thank you have you looked into making Swift work on Nikolas this really interests me because I come from make us and have used Swift lot mm-hmm I personally haven't looked at Swift on like someone made a swift derivation William Catherine I think JB 55 made an X Swift build I don't know whether it went anywhere I haven't actually used Swift myself so I kind of looked too carefully that I'd imagine if we can get a good build working it'll just work on both platforms fairly well thank you thank you [Applause]