spider: init at 2.33.11

[KSJ2000]

Resolves #388120

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[ethancedwards8]

LGTM. Thanks.

[GaetanLepage]

Please, sort the inputs in the order of apparition in the derivation (except lib which should remain at the top).

[KSJ2000]

Is this written somewhere? because I think alphabetical order is easy to read/find and to add new as needed, so pretty logical.
Probably only chinese people would not agree.

[GaetanLepage]

No, I don't think it is written in an official document.
It is just significantly more consensual within the code base.
Now, if you prefer having it this way, I will not block this PR for this reason.

[GaetanLepage]

Suggested change

stdenv,

unused.

[KSJ2000]

most of the package is taken from nix-init

[GaetanLepage]

nix-init does not put lib at the top?

[KSJ2000]

the alphabetical order around the package was my doing when I removed some deprecated darwin features and added a some for checks
nix-init added stdenv which I did not see it's not used
definitely needs an update

[GaetanLepage]

Ok understood. nix-init would need to be updated indeed.
The "apparition ordering" is way more common across the nixpkgs code base. This is why I asked you to adopt it.

[GaetanLepage]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 389848

---

x86_64-linux

✅ 1 package built:

• spider

---

aarch64-linux

✅ 1 package built:

• spider

---

x86_64-darwin

❌ 1 package failed to build:

• spider

---

aarch64-darwin

❌ 1 package failed to build:

• spider

[KSJ2000]

That is quite weird to fail on darwin because I built it fine on aarch64-darwin.

nixpkgs-review result

Generated using nixpkgs-review-gha

Command: nixpkgs-review pr 389848

Logs: https://github.com/KSJ2000/nixpkgs-review-gha/actions/runs/13893515914

---

x86_64-linux

✅ 1 package built:

• spider

---

aarch64-linux

✅ 1 package built:

• spider

---

x86_64-darwin

✅ 1 package built:

• spider

---

aarch64-darwin

✅ 1 package built:

• spider

[GaetanLepage]

I keep getting those failures on the darwin community builders:

test website::test_link_duplicates ... FAILED
test website::test_crawl_subscription ... FAILED
test website::test_crawl_budget ... FAILED
test website::not_crawl_blacklist ... FAILED

failures:

---- website::test_link_duplicates stdout ----

thread 'website::test_link_duplicates' panicked at /private/tmp/nix-build-spider-2.33.11.drv-0/spider-2.33.11-vendor/system-configuration-0.6.1/src/dynamic_store.rs:154:1:
Attempted to create a NULL object.

---- website::test_crawl_subscription stdout ----

thread 'website::test_crawl_subscription' panicked at /private/tmp/nix-build-spider-2.33.11.drv-0/spider-2.33.11-vendor/system-configuration-0.6.1/src/dynamic_store.rs:154:1:
Attempted to create a NULL object.
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

---- website::test_crawl_budget stdout ----

thread 'website::test_crawl_budget' panicked at /private/tmp/nix-build-spider-2.33.11.drv-0/spider-2.33.11-vendor/system-configuration-0.6.1/src/dynamic_store.rs:154:1:
Attempted to create a NULL object.

---- website::not_crawl_blacklist stdout ----

thread 'website::not_crawl_blacklist' panicked at /private/tmp/nix-build-spider-2.33.11.drv-0/spider-2.33.11-vendor/system-configuration-0.6.1/src/dynamic_store.rs:154:1:
Attempted to create a NULL object.


failures:
    website::not_crawl_blacklist
    website::test_crawl_budget
    website::test_crawl_subscription
    website::test_link_duplicates

test result: FAILED. 21 passed; 4 failed; 0 ignored; 0 measured; 8 filtered out; finished in 0.01s

I tried to add __darwinAllowLocalNetworking = true; but it doesn't seem to help. Are you building it with the sandbox disabled?

[KSJ2000]

That seems to be the case.
I haven't changed anything since installing nix, but nix-info -m shows sandbox: no

I tried enabling it with the following:

1. export NIX_SANDBOX=1
2. add sandbox = true to /etc/nix/nix.conf

Neither have changed sandbox to true
Last thing I found was adding --option sandbox true to nix-build, but it gives an error:

warning: Ignoring the client-specified setting 'sandbox', because it is a restricted setting and you are not a trusted user

I'm guessing I should add those failing tests to checkFlags list.
Is there a way to enable sandbox on darwin? I don't understand why it's not enabled by default.

EDIT: Need to reboot system for changes to /etc/nix/nix.conf to take effect!

[ethancedwards8]

Add your user to trusted-users in nix.conf. For example, mine is:

trusted-users = root ece @wheel @admin

The @ means a group.

[GaetanLepage]

Suggested change

	# Network and io_uring not available in sandbox
	checkFlags = [
	"--skip=website::crawl"
	checkFlags = [
	# Network and io_uring not available in sandbox
	"--skip=website::crawl"

nit

[GaetanLepage]

Suggested change

	];
	] ++ lib.optionals stdenv.isDarwin [
	# Fail in the darwin sandbox with:
	# Attempted to create a NULL object.
	"--skip=website::not_crawl_blacklist"
	"--skip=website::test_crawl_budget"
	"--skip=website::test_crawl_subscription"
	"--skip=website::test_link_duplicates"
	];

[GaetanLepage]

Why did you add more tests than the one listed in my comment? Were they failing too?
Also, I think that it is relevant to mention that it is a sandbox limitation. You have only written the error message.

[KSJ2000]

Yes, they were failing. I added everything until the package built.
I thought it was obvious those were fails in the darwin sandbox because of the ++ lib.optionals stdenv.isDarwin
Sandbox limitation: Attempted to create a NULL object
would probably be a better message, right? just like io_uring which is available outside the sandbox

[GaetanLepage]

Sandbox limitation: Attempted to create a NULL object

This would be clearer indeed.

[KSJ2000]

It is not enough to add trusted-users to /etc/nix/nix.conf which is what I also tried. You need to reboot the system too, for it to take effect.

The weird thing is that even ofborg doesn't have the sandbox enabled since it built the package just fine:
https://logs.ofborg.org/?attempt_id=e8be082e-62ad-4f9d-967e-685b7981679f&key=nixos%2Fnixpkgs.389848
https://logs.ofborg.org/?attempt_id=0713a389-e2b8-443b-9467-3360a302d548&key=nixos%2Fnixpkgs.389848

[GaetanLepage]

The weird thing is that even ofborg doesn't have the sandbox enabled since it built the package just fine:

No, ofborg does not enable the darwin sandbow indeed. So many things would be broken otherwise...

[GaetanLepage]

nixpkgs-review result

Generated using nixpkgs-review.

Command: nixpkgs-review pr 389848

---

x86_64-linux

✅ 1 package built:

• spider

---

aarch64-linux

✅ 1 package built:

• spider

---

x86_64-darwin

✅ 1 package built:

• spider

---

aarch64-darwin

✅ 1 package built:

• spider

[GaetanLepage]

LGTM, thanks