Skip to content

fix(nix): make nix run build reliably on macOS#554

Merged
Dimillian merged 2 commits intoDimillian:mainfrom
0xcaff:fix/nix-run-flake
Mar 15, 2026
Merged

fix(nix): make nix run build reliably on macOS#554
Dimillian merged 2 commits intoDimillian:mainfrom
0xcaff:fix/nix-run-flake

Conversation

@0xcaff
Copy link
Contributor

@0xcaff 0xcaff commented Mar 14, 2026

No description provided.

xkonjin
xkonjin suggested changes Mar 14, 2026
View reviewed changes
Copy link

@xkonjin xkonjin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

Summary: Fix for Nix build reliability on macOS by making libclang and perl available on all platforms and unconditionally setting LIBCLANG_PATH.

Strengths

  • Addresses a legitimate cross-platform build issue
  • The change is minimal and focused
  • Good use of pkgs.lib.optionalals for Linux-specific dependencies

Issues & Suggestions

  1. Missing documentation: The PR title and description don't explain why this change is needed or what the symptoms were. Add details about:

    • What error occurred before the fix
    • Why macOS needs these dependencies now
    • Any relevant issues this resolves

  2. perl dependency unexplained: Adding perl to nativeBuildInputs is not mentioned in the PR. What is it used for? If it's required by cargo-tauri, document this dependency.

  3. LIBCLANG_PATH now unconditional: The change removes the Linux-only conditional, setting LIBCLANG_PATH unconditionally. This might cause issues if the path doesn't exist on some systems. Consider:

    LIBCLANG_PATH = pkgs.lib.optionalString (pkgs.llvmPackages.libclang != null)
  "${pkgs.llvmPackages.libclang.lib}/lib";

    Or document why this is safe.

  4. npmDepsHash update: The npmDepsHash changed from sha256-GWBewwZD6Q3wstZCvVYToiRHRPvrVQcPBJGJPvook6o= to sha256-YbHVvsYijeCw0FlTWx4yhvfNH+yHRAm7fcfYKG/SkU0=. This indicates a dependency change. What changed in package.json or lockfile? This should be mentioned in the PR description.

  5. No tests: There's no way to verify this fix works across different macOS versions or Nix configurations. Consider adding a CI check or at least manual testing notes.

Security

  • ✅ No security concerns

Minor

  • The new apps.default definition is a nice quality-of-life improvement but wasn't mentioned in the PR description.

Recommendation: Request changes - Add documentation explaining the dependency changes, symptoms, and testing notes.

@0xcaff
Copy link
Contributor Author

0xcaff commented Mar 14, 2026

Thanks for the detailed review — agreed on the missing context.

  • What failed before this fix (from Nix build logs):

    • OpenSSL vendored build failed:
      • cargo:warning=configuring OpenSSL build: Command 'perl' not found. Is perl installed?
      • Error configuring OpenSSL build: Command 'perl' not found. Is perl installed?
      • This occurred while openssl-sys invoked perl ./Configure ... darwin64-arm64-cc.
    • Bindgen/libclang failure on macOS:
      • coreaudio-sys build panicked with Unable to find libclang and requested LIBCLANG_PATH.

  • Why perl was added:

    • It is a build-time dependency required by vendored OpenSSL (openssl-src uses Perl scripts during configure/build).
    • This is not a runtime dependency of CodexMonitor.

  • Why libclang and LIBCLANG_PATH were made available for macOS too:

    • The libclang failure happened on aarch64-darwin, so Linux-only scoping was insufficient.
    • libclang is needed at build time by bindgen consumers (e.g., coreaudio-sys).

  • npmDepsHash update:

    • No dependency intent change in this PR; the previous hash was stale for the current lockfile inputs.
    • Updated to the correct hash so buildNpmPackage evaluates/builds reproducibly.

  • Testing/verification performed:

    • nix build .#packages.aarch64-darwin.default --no-link --print-build-logs
    • nix build . --no-link
    • nix run . resolves/launches the GUI app on macOS arm64.

  • Scope cleanup:

    • I removed the earlier apps.default addition to keep this PR strictly focused on build reliability fixes.

If useful, I can open a follow-up CI PR to add a Darwin Nix build check so regressions are caught automatically.

@0xcaff 0xcaff requested a review from xkonjin March 14, 2026 21:34
@Dimillian
Copy link
Owner

Dimillian commented Mar 15, 2026

@codex review

@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 15, 2026

Codex Review: Didn't find any major issues. Delightful!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@Dimillian Dimillian merged commit 1fc3044 into Dimillian:main Mar 15, 2026
6 checks passed
@0xcaff 0xcaff deleted the fix/nix-run-flake branch March 15, 2026 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xkonjin xkonjin Awaiting requested review from xkonjin

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@0xcaff @Dimillian @xkonjin