00:05
la_putin has joined #nixos-dev
00:28
pbogdan has joined #nixos-dev
00:50
<
copumpkin >
is there a good command to go from a .drv to a list of output paths?
00:50
<
copumpkin >
nix parse-derivation and then jq'ing could be one of them
00:51
<
simpson >
Wow, low bar for "good" today~
00:51
<
simpson >
But honestly, that sounds like a better idea than anything I've got. I didn't know about parse-derivation.
00:52
<
copumpkin >
yeah, I'm hoping there's something better :)
00:59
orivej has quit [Ping timeout: 276 seconds]
02:00
el_putin has joined #nixos-dev
02:00
la_putin has quit [Read error: Connection reset by peer]
02:09
mbrgm has quit [Ping timeout: 248 seconds]
02:10
mbrgm has joined #nixos-dev
04:05
yegortimoshenko has quit [Ping timeout: 272 seconds]
04:43
yegortimoshenko has joined #nixos-dev
06:04
ma27 has joined #nixos-dev
06:12
ma27 has quit [Quit: WeeChat 2.0]
07:23
pie_ has quit [Ping timeout: 256 seconds]
07:33
<
MichaelRaskin >
copumpkin: simpson: nix-store -q --outputs
07:34
<
MichaelRaskin >
Or is it not yet ported to new single-command nix?
07:49
pie_ has joined #nixos-dev
08:07
simpson has quit [Ping timeout: 255 seconds]
08:13
pie_ has quit [Ping timeout: 268 seconds]
08:41
MichaelRaskin has quit [Quit: MichaelRaskin]
08:51
ma27 has joined #nixos-dev
08:52
ma27 has quit [Client Quit]
08:52
ma27 has joined #nixos-dev
08:57
orivej has joined #nixos-dev
09:26
yegortimoshenko has quit [Quit: WeeChat 2.0]
09:27
yegortimoshenko has joined #nixos-dev
09:41
ma27 has quit [Ping timeout: 248 seconds]
10:38
pie_ has joined #nixos-dev
11:02
pie_ has quit [Quit: Leaving]
11:41
pie_ has joined #nixos-dev
12:07
pbogdan has joined #nixos-dev
13:05
ckauhaus has joined #nixos-dev
13:08
yegortimoshenko has quit [Remote host closed the connection]
13:11
yegortimoshenko has joined #nixos-dev
13:27
pie_ has quit [Ping timeout: 240 seconds]
13:30
ckauhaus has quit [Remote host closed the connection]
13:52
ckauhaus has joined #nixos-dev
13:57
ckauhaus has quit [Remote host closed the connection]
13:57
ckauhaus has joined #nixos-dev
14:05
<
copumpkin >
MichaelRaskin: awesome, that works
14:22
ma27 has joined #nixos-dev
14:28
orivej has quit [Ping timeout: 255 seconds]
14:43
ckauhaus has quit []
15:07
orivej has joined #nixos-dev
15:29
<
Profpatsch >
Does anybody here have experience with post-build-hooks on Hydra?
15:29
<
Profpatsch >
Or have any info whether such hooks exist?
15:29
<
Profpatsch >
Or could be made to work?
15:30
<
Profpatsch >
Or any way to push some info from Hydra after a build, instead of having to poll? e.g. via webhooks?
15:37
ckauhaus has joined #nixos-dev
15:49
JosW has joined #nixos-dev
16:01
simpson has joined #nixos-dev
16:03
ckauhaus has quit [Ping timeout: 276 seconds]
16:06
yegortimoshenko has quit [Ping timeout: 272 seconds]
16:08
ckauhaus has joined #nixos-dev
16:08
yegortimoshenko has joined #nixos-dev
16:14
ckauhaus has quit [Remote host closed the connection]
16:15
yegortimoshenko has quit [Remote host closed the connection]
16:16
ma27 has quit [Ping timeout: 276 seconds]
16:16
yegortimoshenko has joined #nixos-dev
16:21
yegortimoshenko has quit [Remote host closed the connection]
16:22
yegortimoshenko has joined #nixos-dev
16:25
ckauhaus has joined #nixos-dev
16:30
ckauhaus has quit [Ping timeout: 265 seconds]
16:43
jtojnar has quit [Remote host closed the connection]
17:27
<
srhb >
Profpatsch: Hmm, buildFinished looks relevant, but I'm not sure how to use it.
17:36
<
Profpatsch >
srhb: There seems to be a plugin system, yeah.
17:37
<
Profpatsch >
There’s also plugins for some systems, like CircleCI
17:37
<
Profpatsch >
Nothing general though, I’m afraid.
17:38
<
srhb >
Right, I'm guessing you have to actually add a plugin.
17:39
<
Profpatsch >
There’s a few magic files possible in /nix-support/ which build-result.cc reads.
17:40
<
Profpatsch >
For example a metrics file that is used to fill a simple BuildMetrics struct.
18:23
<
Profpatsch >
cc globin
18:30
ma27 has joined #nixos-dev
19:06
<
gchristensen >
copumpkin, may I request this get fixed in time for 18.03?
19:06
<
copumpkin >
is cutoff soon for that? I'm swamped for next couple of weeks
19:11
<
copumpkin >
niksnut: noticing an interesting bug (I think) with --check and concurrent jobs
19:11
<
copumpkin >
I think I have 9 build users on this machine, but it complains even with -j4 that my build users are all in use
19:11
<
copumpkin >
during a bunch of hash rewriting
19:53
ma27 has quit [Quit: WeeChat 2.0]
19:53
ma27 has joined #nixos-dev
20:04
JosW has quit [Quit: Konversation terminated!]
20:22
<
copumpkin >
going to file another related issue soon as soon as I have a consistent repro
20:42
zarel has joined #nixos-dev
20:49
pie_ has joined #nixos-dev
20:54
pie_ has quit [Ping timeout: 255 seconds]
20:55
zarel has quit [Quit: Leaving]
21:02
MichaelRaskin has joined #nixos-dev
21:24
<
Mic92 >
Profpatsch: but we without authentication
21:25
pie_ has joined #nixos-dev
21:30
<
Sonarpulse >
peti: how does the right llvmPackages get routed to haskell builds today?
21:43
<
Profpatsch >
Mic92: You mean there is no authentication when there should be?
21:43
<
Profpatsch >
Haven’t thought about that, might be.
21:44
<
Profpatsch >
I like the database query in that endpoint.
21:44
<
Mic92 >
Profpatsch: you can set a secret on the github page
21:44
<
Profpatsch >
„like“
21:44
<
Profpatsch >
Ah, you mean there is no support for that?
21:45
<
Mic92 >
Profpatsch: github supports that, but hydra just accept any put requests
21:45
<
Profpatsch >
Yeah, smells like a security issue.
21:45
<
niksnut >
iirc, the only thing you can do is trigger an eval check
21:46
<
Profpatsch >
Sure, it’s a minor issue.
21:46
<
Profpatsch >
niksnut: Do you have any plans on implementing more push-based stuff in Hydra?
21:47
<
Profpatsch >
I’d like to push stuff after the build.
21:49
<
Profpatsch >
What I could do right now is init the build from Gitlab once a commit is pushed (so I skip the pull time) and then reintroduce that pull time with a Gitlab scheduler that pulls for the latest evaluation.
21:50
<
Profpatsch >
Mic92: That means a non-logged-in user can init a rebuild, yeah.
21:50
<
Profpatsch >
Or reeval
21:50
<
Profpatsch >
Definitely the possibility of an easy DDOS.
21:51
yegortimoshenko has quit [Ping timeout: 272 seconds]
21:52
yegortimoshenko has joined #nixos-dev
21:52
<
Profpatsch >
Mic92: Not POST?
21:52
<
Mic92 >
Profpatsch: post triggers different code
21:53
<
Profpatsch >
Mic92: Huh, where is that implemented?
21:53
<
Profpatsch >
I can’t see any mention of HTTP parameters in the code.
21:54
<
Mic92 >
Profpatsch: I don't know the web framework. This was trial and error. And I saw the `die` statement, when I used PUT instead
21:54
<
Profpatsch >
Could be that any verbs work.
21:55
<
Profpatsch >
The frontend does a GET
21:56
<
Mic92 >
GET works too, but GET has no body
21:56
<
Mic92 >
at leas in the framework
21:57
<
Profpatsch >
Hm, does the api/push endpoint need a valid session id?
21:57
<
niksnut >
to DoS hydra, you just do
*any* HTTP request rapidly ;-)
21:59
<
Profpatsch >
niksnut: It looks like the push endpoint doesn’t check user credentials as well?
22:00
<
Profpatsch >
I can remove the session Cookie from the request (devtools copy as curl) and it still starts an evaluation.
22:00
<
Profpatsch >
But yeah, that’s probably not an attack vector.
22:01
<
Profpatsch >
As long as nix properly sandboxes stuff and hydra doesn’t execute anything that is not input by authorized users.
22:02
<
Mic92 >
otherwise there is an http header one can test with Digest::HMAC
22:03
<
Profpatsch >
Mic92: Which one? Apart from the session cookie?
22:04
<
Mic92 >
Profpatsch: X-Hub-Signature
22:04
<
Profpatsch >
Mic92: Ah, you mean the webhook request coming from GH
22:10
<
shlevy >
Anyone know if abbradar goes by some other name on here?
22:31
ma27 has quit [Ping timeout: 256 seconds]
22:32
orivej has quit [Ping timeout: 268 seconds]
22:33
<
Sonarpulse >
shlevy: good question
22:36
<
gchristensen >
they go by abbradar but I haven't seen them on IRC since 2017-10-30 18:59:20
22:41
<
Mic92 >
gchristensen: he was not in good health condition
22:57
pie_ has quit [Read error: Connection reset by peer]
22:57
pie_ has joined #nixos-dev
23:01
pie__ has joined #nixos-dev
23:02
pie_ has quit [Ping timeout: 240 seconds]
23:03
<
copumpkin >
shlevy: do you have a good sense for how --check does its job?
23:04
<
copumpkin >
build.cc is quite hard to follow
23:12
<
shlevy >
copumpkin: haven't looked in a while, sorry
23:12
<
copumpkin >
ah okay
23:12
pie__ has quit [Ping timeout: 256 seconds]
23:15
ckauhaus has joined #nixos-dev
23:17
<
copumpkin >
niksnut: you're not still up are you?
23:17
pie_ has joined #nixos-dev
23:18
<
LnL >
it's pretty late here
23:19
<
LnL >
are those check issues on nixos?
23:19
ckauhaus has quit [Ping timeout: 256 seconds]
23:20
<
copumpkin >
yeah, but I think on macOS too
23:21
<
LnL >
yes, thought only noticed it there
23:22
<
copumpkin >
hmm, part of my issue might be that buildMode is either bmCheck or bmHash
23:22
<
copumpkin >
whereas I'm doing both, hmm
23:27
<
copumpkin >
oh I see, bmHash isn't what I want
23:28
yegortimoshenko has quit [Remote host closed the connection]
23:29
yegortimoshenko has joined #nixos-dev
23:54
<
copumpkin >
LnL: got it to fail on darwin too :P
23:54
<
copumpkin >
so it's builtin:fetchurl
23:54
<
copumpkin >
now sorting out how that works in build.cc is proving to be a bit of a pain
23:55
<
LnL >
yeah, it's a ... large file
23:55
jtojnar has joined #nixos-dev