<andi->
just talked to samueldr about `interpreter` patching. There are a bunch of hardcoded references to things like "${glibc.out}/lib/ld-linux-*.so.2" which will break for example on aarch64. It would probably make sense to replace that treewide with an "$(cat $NIX_CC/nix-support/dynamic-linker)". Would that make sense?
<globin>
Sonarpulse: ^
la_putin has joined #nixos-dev
<Sonarpulse>
andi- globin: NIX_BINTOOLS/nix-support/dynamic-linker is my perfered slight variation
el_putin has quit [Read error: Connection reset by peer]
<Sonarpulse>
but both will work
<Sonarpulse>
should probably add pass-through on libc to avoid the need for bash, however
<Sonarpulse>
${stdenv.cc.libc.dynamicLinker}
<Sonarpulse>
that would be great
<samueldr>
the tree seems to prefer `NIX_CC` :)
ma27 has quit [Ping timeout: 276 seconds]
ckauhaus1 has joined #nixos-dev
ckauhaus has quit [Ping timeout: 255 seconds]
<globin>
samueldr: NIX_BINTOOLS is rather new
<globin>
samueldr: the NIX_CC is a pass through for compatibility
taktoa has quit [Remote host closed the connection]
mbrgm has quit [Ping timeout: 240 seconds]
mbrgm has joined #nixos-dev
Sonarpulse has quit [Ping timeout: 265 seconds]
phreedom has joined #nixos-dev
contrapumpkin has joined #nixos-dev
yegortimoshenko has joined #nixos-dev
contrapumpkin has quit [Quit: My MacBook Pro has gone to sleep. ZZZzzz…]
pie__ has joined #nixos-dev
pie_ has quit [Ping timeout: 248 seconds]
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 268 seconds]
orivej has joined #nixos-dev
ma27 has joined #nixos-dev
ma27 has quit [Ping timeout: 276 seconds]
orivej has quit [Ping timeout: 256 seconds]
FRidh has quit [Quit: Konversation terminated!]
FRidh has joined #nixos-dev
orivej has joined #nixos-dev
<la_putin>
how does Nix OS execute files, like for example, how is a shell executed
<simpson>
la_putin: A terminal emulator? Or bash itself? (ji'a xu do tavla?)
<la_putin>
both
<simpson>
Well, NixOS uses the same standard kind of libc and dynamically-loaded ELF as other Linux distros. What are you trying to build and what have you tried so far?
<la_putin>
for a file to be executed it itself would first needed to be copied into memory right?
<simpson>
More or less?
<simpson>
I think the typical strategy on Linux is to mmap() the read-only code segments.
<la_putin>
the entire file isnt copied to memory?
<simpson>
I dunno, I haven't messed with this stuff in a while. I bet that the glibc docs and/or Linux userspace ABI docs cover this.
<simpson>
Why do you think that NixOS does different things here compared to other distros?
<la_putin>
cus it non standard?
<la_putin>
i am trying to execute a file from within an executable (in this case, a statically compiled version of bash executable)
<simpson>
Okay. How is it failing?
<la_putin>
idk how to do it
<MichaelRaskin>
We still use upstream kernel and upstream glibc with very minor patches; configuration options and paths are slightly different, but not enough to change the fundamental logic of loading
<la_putin>
so fer the exacutables start, end, and size are kept in the variables [_binary__bin_bash_start] [_binary__bin_bash_size] and [_binary__bin_bash_end]
<la_putin>
executables*
orivej has quit [Ping timeout: 248 seconds]
<la_putin>
wich are ralative to its position inside the executable
<la_putin>
relative*
<la_putin>
wich is
<la_putin>
0000000000787420 D _binary__bin_bash_end
<la_putin>
00000000000cb380 A _binary__bin_bash_size
<la_putin>
00000000006bc0a0 D _binary__bin_bash_start
<la_putin>
i can write it to a physical file but idk how to write it to memory
<simpson>
You can use TMPDIR from the environment, probably, although it might not be executable. What are you building?
<la_putin>
an executable archive
<simpson>
And you want people to use bash to run it?
<simpson>
You can either tell them to call bash, or use a shebang which calls /usr/bin/env (which does exist on NixOS!) or nix-shell.
<la_putin>
no
<la_putin>
i want the archive itself to execute bash upon running
<la_putin>
possible via an argument to it
<MichaelRaskin>
Maybe read upx source code?
<la_putin>
to specify wether it shoul extract it or attempt to run it internally without extracting
<simpson>
Then you'd need to either put a shebang or an ELF header on it, right?
<simpson>
But yeah, I think that there are tools that can do this for you already...
jtojnar has quit [Read error: Connection reset by peer]
jtojnar has joined #nixos-dev
orivej has quit [Ping timeout: 252 seconds]
goibhniu has joined #nixos-dev
<adisbladis>
I have made a little irc bot that uses vulnix to scan master for new CVEs hourly. Would it be of interest to have it print out the CVEs in here?
<adisbladis>
It should be fairly low traffic
<adisbladis>
ckauhaus1: ^
<ckauhaus1>
why not?
<ckauhaus1>
just try it
<ckauhaus1>
if it gives too much false positives or is too noisy, we can change ist
orivej has joined #nixos-dev
<adisbladis>
I figred why not too :) Want to at least give a heads up
<ckauhaus1>
there seems currently to be an unresolved issue with autodetection of cve patches
<ckauhaus1>
I didn't get to it right now
<ckauhaus1>
but this should not be a show-stoper
<ckauhaus1>
+p
<adisbladis>
ckauhaus1: Whats the issue?
<ckauhaus1>
they seem to slip through in some yet unidentified cases
<ckauhaus1>
maybe I just broke it on the last release
<adisbladis>
A false positive or two is still better than the other way around
<ckauhaus1>
I hope I'll get to it by the end of the week
<ckauhaus1>
probably it needs just an hour or two of concentrated debugging/refactoring
FRidh has quit [Quit: Konversation terminated!]
ckauhaus1 has quit [Quit: Leaving.]
ckauhaus has joined #nixos-dev
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
ma27 has joined #nixos-dev
ma27 has quit [Client Quit]
ma27 has joined #nixos-dev
FRidh has joined #nixos-dev
<adisbladis>
Now its running hourly and will join and report any findings here
pie__ has quit [Remote host closed the connection]
pie__ has joined #nixos-dev
orivej has quit [Ping timeout: 248 seconds]
JosW has joined #nixos-dev
orivej has joined #nixos-dev
__Sander__ has joined #nixos-dev
ma27 has quit [Ping timeout: 248 seconds]
taktoa has joined #nixos-dev
pie__ has quit [Remote host closed the connection]
pie__ has joined #nixos-dev
jtojnar has quit [Ping timeout: 264 seconds]
lezed1 has quit [Quit: Connection closed for inactivity]
<fpletz>
adisbladis: please use the #nixos-security channel for that
vcunat has joined #nixos-dev
<gchristensen>
+1
<vcunat>
gchristensen: can you restart packet-t2-4 ? (Perhaps its nix daemon.) There's a couple jobs stuck in there, for about a day, in the phase of "sending inputs", which makes them unrestartable from the web gui. These block the nixos-unstable channel currently.