phreedom has joined #nixos-dev
zarel has quit [Quit: Leaving]
ma27 has quit [Ping timeout: 240 seconds]
el_putin has quit [Read error: Connection reset by peer]
la_putin has joined #nixos-dev
mbrgm has quit [Ping timeout: 264 seconds]
mbrgm has joined #nixos-dev
contrapumpkin has joined #nixos-dev
orivej_ has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
jtojnar has joined #nixos-dev
jtojnar has quit [Ping timeout: 260 seconds]
contrapumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #nixos-dev
phreedom has quit [Ping timeout: 260 seconds]
phreedom has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
phreedom has quit [Ping timeout: 264 seconds]
phreedom has joined #nixos-dev
phreedom has quit [Ping timeout: 260 seconds]
capisce has quit [Ping timeout: 248 seconds]
capisce has joined #nixos-dev
FRidh2 has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 252 seconds]
pie__ has quit [Ping timeout: 255 seconds]
pie_ has quit [Ping timeout: 255 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 265 seconds]
la_putin has quit [Ping timeout: 240 seconds]
ma27 has joined #nixos-dev
vcunat has joined #nixos-dev
zarel has joined #nixos-dev
orivej has joined #nixos-dev
ma27 has quit [Ping timeout: 265 seconds]
orivej has quit [Ping timeout: 265 seconds]
orivej has joined #nixos-dev
ma27 has joined #nixos-dev
FRidh2 has quit [Quit: Konversation terminated!]
orivej has quit [Ping timeout: 265 seconds]
michaelpj_ has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 248 seconds]
michaelpj_ has quit [Read error: Connection reset by peer]
michaelpj_ has joined #nixos-dev
michaelpj_ has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
michaelpj_ has joined #nixos-dev
orivej has quit [Ping timeout: 240 seconds]
ma27 has quit [Ping timeout: 255 seconds]
ma27 has joined #nixos-dev
phreedom has joined #nixos-dev
michaelpj_ has quit [Read error: Connection reset by peer]
michaelpj_ has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 276 seconds]
jtojnar has joined #nixos-dev
page has quit [Quit: leaving]
page has joined #nixos-dev
michaelpj_ has quit [Ping timeout: 248 seconds]
yegortimoshenko has quit [Quit: WeeChat 2.0]
orivej has joined #nixos-dev
<Mic92> gchristensen: I also ordered arm64 hardware for pull requests :)
<gchristensen> oh nice!
<andi-> Mic92: what did you order?
<gchristensen> Mic92: you may want access to https://github.com/nix-community/aarch64-build-box :D
<vcunat> too late to cancel the order, I suspect :-)
<Mic92> andi-: rock64, somebody also gave me a pine64 - I have some spare SD-Cards to test images
<andi-> nice
<Mic92> vcunat: to tests images/kernels this is not a bad investment I suppose
<gchristensen> vcunat: maybe I should send mail about this...
<vcunat> It was mainly communicated via IRC, I guess?
<gchristensen> I suspect so
<vcunat> hard to say how many people watch nix-devel, but it shouldn't hurt to post one sentence with a link
hiberno has quit [Quit: WeeChat 1.6]
<gchristensen> I need to write something up about how to use it safely
<gchristensen> right now I think ~everyone with access understands the risks
pie_ has joined #nixos-dev
pie__ has joined #nixos-dev
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-dev
hiberno has joined #nixos-dev
<gchristensen> andi-, vcunat: would you both mind reading something about safety + this builder?
<andi-> gchristensen: sure, reading can't harm ;-)
<globin> gchristensen: +1
<andi-> yep, reads good, gchristensen
<gchristensen> thanks!
<gchristensen> not to make sure everyone who has access sees it :)
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #nixos-dev
<Mic92> gchristensen: what needs to be done, to have a arm64 install image download on the website?
<Mic92> we should also have at least for one board an installation guide in the manual.
<gchristensen> a very good question, I was talking to Dezgeg about that yesterday. I agree
<gchristensen> I think we need to add something to release.nix for that, to build the disk image
contrapumpkin has joined #nixos-dev
<gchristensen> nixos/modules/installer/cd-dvd/sd-image-aarch64.nix nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix look promising, and we probably should focus on rpi as the board, given its prominence
<gchristensen> nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
orivej has quit [Ping timeout: 256 seconds]
pie__ has quit [Ping timeout: 265 seconds]
pie_ has quit [Ping timeout: 265 seconds]
<gchristensen> If I run a remote build, the evaluation happens all locally, then the drvs are sent to the remote builder. if the remote builder has tainted one of the builds, obviously I'll get the tainted build back. however: is it possible that they taint a build and have it depend on another store path that I wasn't expecting?
<gchristensen> in other words, if I do a remote build for aarch64-linux, is it possible they somehow inject a tainted drv which is for x86_64-linux that my host system could actually eventually want?
<gchristensen> I suspect that in order to test this properly, I have to go do the malicious testing myself :P
michaelpj_ has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 240 seconds]
contrapumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
pie__ has joined #nixos-dev
pie_ has joined #nixos-dev
michaelpj_ has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
michaelpj_ has joined #nixos-dev
<LnL> hmm, maybe depends if copyStorePaths resolves dependencies on the remote host
<LnL> I’d have to look at the build-remote hook again
orivej has quit [Ping timeout: 264 seconds]
tilpner has quit [Read error: Connection reset by peer]
tilpner has joined #nixos-dev
<vcunat> gchristensen: +1 on the text
<gchristensen> thanks!
<vcunat> likewise
pie_ has quit [Ping timeout: 265 seconds]
pie__ has quit [Ping timeout: 265 seconds]
<LnL> gchristensen: wait, build-remote needs a trusted user on the builder side?
<gchristensen> yes
<LnL> oh right, it copies stuff from the local machine first
<LnL> does anybody how that works for ./. is that allowed?
<vcunat> I'm not sure nix has an option forbidding copying from local store before build.
<LnL> things with an output hash can be verified so that shouldn’t require a trusted user
<vcunat> ./. is a fixed-output derivation, I assumed.
<LnL> yeah
<vcunat> even if you forbade this, you can just have shell-in-nix that creates whatever output
<vcunat> (when you build the derivation)
<vcunat> it would only be a bit harder, but you know e.g. those self-extracting shell scripts...
<LnL> I think it would be possible to make the hook work with an unprivileged user then
<LnL> with a cost of possibility rebuilding more then needed
zarel has quit [Quit: Leaving]
<vcunat> right, I assume it wouldn't be too hard
<LnL> Sonarpulse: envHooks doesn’t exist anymore?
phreedom has quit [Ping timeout: 248 seconds]
<bgamari> LnL, you want addEnvHooks
<LnL> ah it was just renamed, thanks!
<LnL> bgamari: euh, that gets called ~30 times
pie_ has joined #nixos-dev
pie__ has joined #nixos-dev
<bgamari> LnL, is that problematic?
<LnL> not in my case, but some hooks extend variables
<LnL> just seems odd
regnat[m] has quit [*.net *.split]
grahamc has quit [*.net *.split]
vcunat has quit [Quit: Leaving.]
grahamc has joined #nixos-dev
regnat[m] has joined #nixos-dev
layus has quit [Ping timeout: 240 seconds]
layus has joined #nixos-dev
phreedom has joined #nixos-dev
michaelpj_ has quit [Ping timeout: 265 seconds]