<aszlig>
as in the systemd tests i added with that commit
<aszlig>
fortunately i can reproduce the keymap test failures
xeji has joined #nixos-dev
xeji has quit [Quit: WeeChat 2.0]
pxc has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 256 seconds]
pxc has joined #nixos-dev
pxc has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
pxc has joined #nixos-dev
pxc1 has joined #nixos-dev
pxc1 has quit [Ping timeout: 252 seconds]
pxc1 has joined #nixos-dev
pxc1 has quit [Ping timeout: 248 seconds]
<aszlig>
dtz: regarding the TSS: this is a bit more complicated as the virtualbox code is layouted a bit "all over the place", so it's only a guess that the location is wrong here, need to investigate kernel memory dumps and compare it against the values found by virtualbox in order to confirm
<dtz>
zomg eep
<dtz>
yeah I've never had a good time exploring that codebase
<dtz>
you're a hero <3
<aszlig>
the check however results in a guru meditation, but after some time digging i found out that the check correctly fails, because the memory dump of that clearly doesn't look like the TSS
<aszlig>
at least like in the intel arch software dev manual
<aszlig>
(and the more i read in these manuals the more i want to switch over to something like RISC-V)
<aszlig>
dtz: well, the codebase is basically callback hell
pxc has quit [Ping timeout: 256 seconds]
<clever>
is there a --option to disable remote build slaves?
<aszlig>
clever: for nix 1.x or 2.x?
<clever>
2
<samueldr>
thanks Mic92!
<aszlig>
clever: there is --builders, but how did you set up remote building?
<clever>
aszlig: normal /etc/nix/machines via nixos config
<clever>
trying to opt-out without needing root
<clever>
my old trick has just been `rm /etc/nix/machines`, nixos will repair that automatically
<aszlig>
clever: ah, okay, that is basically populating the "builders" setting
<clever>
so maybe nix-store --builders /dev/null or similar, but not sure if a normal user can modify that, i'll play with it later
<aszlig>
nah
<aszlig>
or maybe...
<aszlig>
lemme check
pxc has joined #nixos-dev
jtojnar has joined #nixos-dev
<aszlig>
clever: okay, it's only possible if the user is in trusted-users
<clever>
part of an obsolete src/download-via-ssh/download-via-ssh.cc i think
<aszlig>
clever: this allowed to pass SSH_AUTH_SOCK to the old SSH substituter, not sure if it's still working
<clever>
aszlig: the code right above your link, just causes it to silently ignore that config option, and git history says all other code is toast
<clever>
aszlig: however, i have been wanting to implement a very similar thing, that will proxy the SSH_AUTH_SOCK session into the build sandbox, even over the remote-builder links
<aszlig>
clever: you mean for something like fetchgit?
<clever>
yeah
<clever>
so the fetchgit can connect to the $SSH_AUTH_SOCK of the nix-build process, even if git is running on a remote machine
<aszlig>
couldn't you use impureEnvVars for that?
<clever>
that only works if the sandbox shares /tmp and isnt remote
<clever>
and needs ugly socat hacks
<aszlig>
mhm
<clever>
because ssh-agent knows the uid is wrong, and actively rejects the git process
<clever>
the connection must come from the right user, so nix-build has to initiate it
<aszlig>
ah, that should still work, IIRC ssh-agent and gpg-agent have an option for that
<clever>
then nix can route the bytes around
<aszlig>
(to ignore the uid that is)
<clever>
i didnt see an option for it in ssh-agent, and you still have the remote builder problems
<aszlig>
ah, right... only gpg-agent has that
<aszlig>
(just checked)
<clever>
you could also add a more restricted mode, where nix-build will ask on stdio for ever host, so you know exactly when its happening and cant leak things
<aszlig>
what do you mean by "ask on stdio"?
<clever>
print a prompt on stderr, and wait for a yes/no on stdin
<aszlig>
but yeah, i know these weird workarounds, (ab)using something like this by myself
<aszlig>
clever: yah, but you don't need that anymore with Nix 2.x, because you can simply use ssh:// and/or ssh-ng:// store-uris
<aszlig>
so basically passing the fd would be on the client and it would be just part of the nix store protocol
<clever>
aszlig: one issue though, is that the ssh agent forwarding, connects from the ssh client end, which is still running as root on the client side
<clever>
aszlig: and you cant pass it an fd, because it has to connect() a new one for each query
<aszlig>
hm, right
<clever>
and rather then rely on ssh features, id choose to just mux things into the existing nix protocol
<clever>
we already mix stdout/stderr and stuff in there
<aszlig>
like adding something like -L/R for ssh?
<aszlig>
s/for/in/
<clever>
adding -R like options to nix itself
pie___ has joined #nixos-dev
pie__ has quit [Ping timeout: 256 seconds]
mbrgm has quit [Ping timeout: 240 seconds]
mbrgm has joined #nixos-dev
pxc has quit [Quit: WeeChat 2.0]
orivej has quit [Ping timeout: 256 seconds]
pxc1 has joined #nixos-dev
pxc1 has quit [Ping timeout: 256 seconds]
jtojnar has quit [Ping timeout: 256 seconds]
ma27 has joined #nixos-dev
ma27 has quit [Ping timeout: 245 seconds]
orivej has joined #nixos-dev
pie___ has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 255 seconds]
pie___ has joined #nixos-dev
mbrgm_ has joined #nixos-dev
mbrgm has quit [Read error: Connection reset by peer]
<risci>
@aminechikhaoui i see the slides 4 and 5 are conflicting? is it yes or no? Regardless i don't see any references to how these conclusions were reached. Sorry if i sound rude, i just want to injest this information quickly.
sphalerite has quit [Ping timeout: 276 seconds]
sphalerite_ has joined #nixos-dev
Lisanna_ has quit [Quit: Lisanna_]
pie_ has quit [Ping timeout: 255 seconds]
risci has left #nixos-dev [#nixos-dev]
romildo has joined #nixos-dev
orivej has joined #nixos-dev
Lisanna has joined #nixos-dev
Lisanna has quit [Ping timeout: 240 seconds]
<globin>
__Sander__: I'm having an issue with node2nix where it replaces a dependency that requires ^3.2.1 with a version of 2.x, have you seen that before? it seems it's already wrong node-packages.nix although 3.2.1 is in there too
Lisanna has joined #nixos-dev
Lisanna has quit [Remote host closed the connection]
Lisanna has joined #nixos-dev
Lisanna has quit [Ping timeout: 268 seconds]
pie_ has joined #nixos-dev
<__Sander__>
globin: hmm, that is not supposed to happen
stqism has quit [Quit: Like 3 fire emojis lit rn 🔥🔥🔥]
stqism has joined #nixos-dev
sonarpulse has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 256 seconds]
sonarpulse has joined #nixos-dev
Lisanna has joined #nixos-dev
<Dezgeg>
there's a rather large merge conflict in pkgs/os-specific/linux/systemd/default.nix when merging master to staging, could somebody take a closer look who knows better?
__Sander__ has quit [Quit: Konversation terminated!]
jtojnar_ has joined #nixos-dev
jtojnar has quit [Ping timeout: 260 seconds]
jtojnar_ is now known as jtojnar
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
<dtz>
looks like the worst of it is the reindent commit
<dtz>
which makes everything impossible xD
<shlevy>
the sin of plain text
sonarpulse has quit [Remote host closed the connection]
sonarpulse has joined #nixos-dev
Lisanna has quit [Remote host closed the connection]
<sonarpulse>
we can add back the echoing in each hardening bash file
<sonarpulse>
and also make unknown ones a hard error
<sonarpulse>
as the nix should be checking it
romildo has joined #nixos-dev
<shlevy>
Sonarpulse: I'm good with reverting isCross by the way
<sonarpulse>
shlevy: cool thanks
<sonarpulse>
and sorry for the inconvenience
<shlevy>
Nah, you're right, I was wrong :D
<shlevy>
Sonarpulse: Do you know when you might get started on the better mkDerivation?
<shlevy>
I want to make sure I have my proposal ready before then
<sonarpulse>
shlevy: no rush
<sonarpulse>
for me there's lots of low hanging fruit
<shlevy>
OK
<shlevy>
Cool
<sonarpulse>
like fix the meta
<shlevy>
Yeah
<sonarpulse>
remove the cross adapter
<sonarpulse>
do optionalDep
<sonarpulse>
etc
<shlevy>
Yeah
<shlevy>
By the way
<shlevy>
gccCrossStageStatic
<shlevy>
Is so annoying
<sonarpulse>
yes
<sonarpulse>
really want to fix gcc
<shlevy>
Just let me build libgcc_s and libstdc++ separately
<sonarpulse>
to do that
<sonarpulse>
see, rebuilds suck :)
<shlevy>
Oh, I didn't run into it due to rebuilds
<sonarpulse>
well, it's conceptually a rebuild
<sonarpulse>
of gcc itself
<sonarpulse>
v annoying
<shlevy>
Right
<shlevy>
I mean
<shlevy>
I'm kind of tempted to just do make gcc or whatever
<shlevy>
Then save the build and source dirs in $screwyougcc output
<sonarpulse>
hahaha yeah
<shlevy>
And then do a full make after glibc
<shlevy>
But yeah, this should be doable in gcc itself
<sonarpulse>
cding into the library directory first
<sonarpulse>
like i did with the lib bfd derivation
<shlevy>
Also... What's the point of building multitarget binutils if we can't build gas separately?
<sonarpulse>
ought to work
<shlevy>
Seems like pointlessly big builds if we're not going to actually share between targets
<sonarpulse>
shlevy: basically be a TODO
<sonarpulse>
/ easter egg for anyone doing bianary analysis
<shlevy>
Ah :)
<sonarpulse>
/ found some bugs we would have hit
<sonarpulse>
that orivej kindly fixed
<shlevy>
Why is bfd a separate derivation by the way?
<sonarpulse>
some libraries needed it
<sonarpulse>
and screwy stuff with the outputs
<shlevy>
I mean why not just build it with binutils?
<shlevy>
Ah
<sonarpulse>
ah and also platform specific stuff
<sonarpulse>
easier if binutils is just binaries
<sonarpulse>
and binutils mashup on darwin is also just binaries
<shlevy>
Mm
<shlevy>
dtz: By the way, have you tried targeting darwin with the musl stuff?
<dtz>
no, don't think it supports non-darwin :(. I did poke at cross-darwin from linux previously, though. Got lost and saved it all in a branch of debugging madness somewhere :D
<dtz>
*non-linux
<dtz>
hehe
<shlevy>
It = the support in nixpkgs, or musl itself?
MichaelRaskin has joined #nixos-dev
xeji has joined #nixos-dev
<dtz>
musl itself
<shlevy>
Damn
<shlevy>
For some reason I was under the impression it worked for darwin :'(
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
jtojnar_ has joined #nixos-dev
romildo has quit [Quit: Leaving]
jtojnar has quit [Ping timeout: 252 seconds]
jtojnar_ is now known as jtojnar
<sonarpulse>
shlevy: I'm making some guile fixes btw
<sonarpulse>
like I mentioned above
<sonarpulse>
to get rid of last build input
<shlevy>
OK
<sonarpulse>
shlevy: does guile have meaningful target platform?
<sonarpulse>
or is it interpreter-y enough that it is always current platform