Hacker News new | past | comments | ask | show | jobs | submit login

For those pesky random executables there's a couple of escape hatches -- buildFHSenv and nix-ld. This is also predicated on good provenance of the executables in question. One should probably not even ldd sketchy binaries:

https://jmmv.dev/2023/07/ldd-untrusted-binaries.html






Even proper packaging is far easier compared to other package managers. Typical distros push users away from packaging their own software, so users end up relying on ad-hoc solutions instead. Nix instead makes packaging easier by having proper tools to abstract away the nitty gritty details.

For random binaries, autoPatchelfHook works miracles.


It wasn’t that bad creating some new derivations my first week with Nixos, I was so used to Arch where I had maybe a handful modified pkgbuilds over a decade.

For better or worse it was a positive experience, especially when you usually already have a pkgbuild to go off of.


Every time I see a linux installation with a mess in /opt because it's faster than making a package, I get annoyed.

steam-run seems to be able to run everything. It uses bubble wrap to keep the OS isolated and add /usr/bin stuff most exes want.

*it won't be in the future because it is no longer the grabbag for everything.

Also linking things to /usr/bin is done by the fhs which uses bubblewrap, not steam-run.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: