gchristensen changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | 18.03 release managers: fpletz and vcunat
coconnor has quit [Remote host closed the connection]
<Profpatsch> Mic92: rebuilding with -Ddefault-hierarchy=legacy
<Profpatsch> Let’s see what happens.
<Mic92> Profpatsch: you know about systemd.package option in configuration.nix?
<Mic92> which means, you don't have to rebuild all packages depending on systemd to get a running system
<Profpatsch> Mic92: Nice, thanks.
<Mic92> I also have some systemd stuff still left open
<Mic92> fixing unprivileged nspawn containers upstream
<Mic92> and our networkd setup goofs up the default network units for nspawn containers.
Lisanna has quit [Quit: Lisanna]
<Sonarpulse> elvishjerricco: hey you pinged me at a good time
<Sonarpulse> with the android issue
<elvishjerricco> Yea?
<Sonarpulse> kmicklas and I are staying late to do iOS
<Sonarpulse> about to start in a few
<Sonarpulse> yeah pitty CI breaks on the google ndk
<elvishjerricco> Sonarpulse: No kidding. I was just about to give iOS another shot :P
<Sonarpulse> wooo
<Sonarpulse> maybe you wanna work on that android one
<Sonarpulse> at least until we push something?
<Sonarpulse> i editted OP
<Sonarpulse> to avoid importing nixpkgs twice
<Sonarpulse> this is also an android example in lib.systems.examples now too
<elvishjerricco> TIL maintainers can edit issue texts :P
<Sonarpulse> just like Jira! :P
<elvishjerricco> I can give that issue a shot but i have no clue where to start :P
<Sonarpulse> elvishjerricco: I'll get you the file
<elvishjerricco> edited the example to use the lib.systems.examples one
<Sonarpulse> we can video chat or something if you like too
<Sonarpulse> nice
<elvishjerricco> you'll get me what file?
<Sonarpulse> editted to use localSystem :p
<elvishjerricco> Sonarpulse: It doesn't look like the ndk contains a dynamic linker
<Sonarpulse> the old nixpkgs fork of that
<Sonarpulse> had something else there
<Sonarpulse> g2g for a sec
<elvishjerricco> Too bad qemu doesn't provide that dynamic linker
<Sonarpulse> elvishjerricco: thanks for finding it!
<Sonarpulse> well, we should package bionic libc :D
<elvishjerricco> Sonarpulse: Is that open source?
<Sonarpulse> for non-prebuilt android stdenv :D
obadz has quit [Ping timeout: 256 seconds]
<Sonarpulse> elvishjerricco: yeah!
<elvishjerricco> TIL
<elvishjerricco> Sonarpulse: What can I do to test this with qemu?
<Sonarpulse> elvishjerricco: bionic libc includes the dynamic linker
<elvishjerricco> Sonarpulse: Without going through the trouble of packaging non-prebuilt android right now :P
<Sonarpulse> so I suppose we need to package taht
<Sonarpulse> elvishjerricco: uh it's the best i got, sorry
obadz has joined #nixos-dev
<Sonarpulse> you don't need to build compiler
<Sonarpulse> or even all of bionic
<Sonarpulse> you can build bionic with pre-built gcc
<elvishjerricco> Sonarpulse: Theoretically, we'd rather have `bionic` packaged in with android non-prebuilt, and that would work?
<Sonarpulse> elvishjerricco: I'd hope!
<elvishjerricco> Sonarpulse: Interesting. What happens right now if you try to use `aarch64-unknown-linux-android` without `useAndroidPrebuilt`? Does it just fail?
mbrgm has quit [Ping timeout: 256 seconds]
<Sonarpulse> elvishjerricco: it will built libc
<elvishjerricco> Sonarpulse: Like glibc? Does glibc work on android?
<Sonarpulse> elvishjerricco: sorry i meant it will built gcc
<Sonarpulse> and then probably fail with glibc
mbrgm has joined #nixos-dev
<elvishjerricco> Ah
<Sonarpulse> i mean it might build glibc
<Sonarpulse> but i wouldn't use that on android
<elvishjerricco> ... wait :P So it will try to build GCC, then might try to build glibc?
obadz has quit [Ping timeout: 240 seconds]
obadz has joined #nixos-dev
<Sonarpulse> elvishjerricco: oh it will try
<Sonarpulse> the question is does it succeed
<Sonarpulse> ("might build" as in "might succeed")
<elvishjerricco> Sonarpulse: Heh fair enough. Is everything in the ndk open source?
<Sonarpulse> elvishjerricco: the C bits I think
<Sonarpulse> but I don't know
<elvishjerricco> Sonarpulse: Alright. PR opened. Hopefully it helps someone :P
<Sonarpulse> elvishjerricco: :)
<Sonarpulse> LGTM!
contrapumpkin has joined #nixos-dev
orivej has joined #nixos-dev
coconnor has joined #nixos-dev
Lisanna has joined #nixos-dev
JosW has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
MichaelRaskin has quit [Quit: MichaelRaskin]
davidlt has joined #nixos-dev
goibhniu has joined #nixos-dev
taktoa has joined #nixos-dev
Lisanna has quit [Quit: Lisanna]
__Sander__ has joined #nixos-dev
davidlt has quit [Ping timeout: 240 seconds]
domenkozar has quit [Ping timeout: 265 seconds]
davidlt has joined #nixos-dev
Synthetica has joined #nixos-dev
andi- has quit [Ping timeout: 276 seconds]
orivej has joined #nixos-dev
taktoa has quit [Read error: Connection reset by peer]
<gchristensen> niksnut: would you be opposed to importing nixos when evaluating the nixpkgs manual, in order to cross-link the nixpkgs to nixos manual? I'm not sure this is a good idea, but it could let the two manuals to exchange olink DBs
<gchristensen> another thought is the crosslinks could be one-way to start, just nixos -> nixpkgs
andi- has joined #nixos-dev
Jackneilll has quit [Quit: Leaving]
<michaelpj> crosslinks between the manuals would be *really* great
<gchristensen> would one-way be a tolerable start?
Jackneill has joined #nixos-dev
Jackneill has quit [Remote host closed the connection]
<michaelpj> oh yes
<michaelpj> it would be super nice if we could link to the nix manual too, but obviously that's harder since it's in another repo
Jackneill has joined #nixos-dev
<gchristensen> I figure before I forget the xsltproc flags I've learned, I should make hay while the sun is shining
<michaelpj> I think two way links would also be desirable, partly just because people (e.g. newbie version of myself) frequently end up with the wrong manual, and it would be friendly to at least have a block at the top linking to the other manuals
<gchristensen> yeah
<michaelpj> and e.g. it makes sense to link the sections on overlays to each other nixos->nixpkgs "This exposes the mechanism described here", nixpkgs->nixos "This can be used in nixos like so"
<shlevy> Sonarpulse: ping
taktoa has joined #nixos-dev
<shlevy> Eehhh why are there 22k builds on trunk?
<shlevy> Ah, openssl bump :|
<gchristensen> yeah, hooray CVEs
<shlevy> gchristensen: is straight-to-master the recommended workflow for this kind of thing?
<gchristensen> yeah
<shlevy> OK
<gchristensen> too important to delay
<gchristensen> so I think adding daemon support to the linux installer is pretty trivial ... the hardest part would be properly detecting it is supported maybe
ma27 has quit [Ping timeout: 246 seconds]
<shlevy> And we were so close to staging be mergable :'(
<gchristensen> so perhaps, then, the solution is to have two separate installers which can be selected, single-user and multi-user
<gchristensen> well, there is a MR anyway ... why not merge it?
<gchristensen> cancel the 22k, merge, reschedule
<shlevy> systemd is broken on aarch64
<gchristensen> check out the chat with abbradar in #nixos
<gchristensen> and Dezge\g
zybell_ has quit [Ping timeout: 264 seconds]
zybell_ has joined #nixos-dev
<gchristensen> a WIP staging PR to add multi-user support to the nix installer for centos 7: https://github.com/grahamc/nix/pull/1
<aminechikhaoui> \o/
<shlevy> \o/
<shlevy> aminechikhaoui: hey :P
<aminechikhaoui> hehe, some people are still excited about centos *hides*
<shlevy> aminechikhaoui: The idea is systemd-generic I think... But yeah this will be great for my team :)
<aminechikhaoui> me too, something like that would be useful for our crappy on premise deployment server at work
<gchristensen> it should work on pretty much anything with systemd
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
abbradar has joined #nixos-dev
<gchristensen> but it is much easier to have a teeny tiny scope and expand from there
<gchristensen> actually, I think it pretty much is cross-distro supportive already, since I'm not linking anything anywhere, just calling `systemctl link` / `systemctl enable`
<shlevy> gchristensen: does systemctl link/enable work on NixOS?
<gchristensen> lol no
<shlevy> It should be possible in principle with /etc/systemd-mutable
<gchristensen> nixos is definitely out of scope for this installer :P
<shlevy> Oh, that's not part of the installer
<shlevy> I'm just thinking in general we could make that working for systemctl
<shlevy> not sure if we want to of course
<gchristensen> ah right on
<shlevy> gchristensen: Is your script worth careful code review before you dedup it?
<shlevy> Lots of this looks familiar ;)
<gchristensen> no it isn't worth review
jtojnar_ has joined #nixos-dev
<gchristensen> just a place to write notes between commits
domenkozar has joined #nixos-dev
<shlevy> Cool thanks
<niksnut> gchristensen: no strong feelings on that, but I guess cross-links are already possible by referencing http://nixos.org/nixos/manual#id-bla?
jtojnar has quit [Ping timeout: 252 seconds]
jtojnar_ is now known as jtojnar
<shlevy> Damn... hydra back to 120k. All andi-'s fault :P
<gchristensen> thats true, and may be better. if we go with olinks, though, their validity is automatically checked
<gchristensen> which may not be worth the effort. I'll maybe find out
<andi-> shlevy: the higher the better? :P
<gchristensen> shlevy: you do get performance perks at 120k... so it isn't all bad
domenkozar is now known as dkozar
phreedom has quit [Quit: No Ping reply in 180 seconds.]
<Sonarpulse> shlevy: pong
phreedom has joined #nixos-dev
<shlevy> Sonarpulse: config.allowBroken makes enableIfAvailable change behavior :'(
<shlevy> We have way overloaded the meta checks... I'm not sure how we can untangle this :|
<Sonarpulse> shlevy: ah....shiit
<shlevy> I know this would require significant changes... but I'mkind of tempted to say config.allowBroken is, well, broken
<Sonarpulse> shlevy: hehe yeah that's a thing
<Sonarpulse> also
<shlevy> We should just have more permissive meta fields if it turns out that a lot of people need it
<Sonarpulse> config.wouldBeAllowed
<Sonarpulse> *meta.wouldBeAllowed
<shlevy> and if you're actively hacking, then you should just mark unrboken locally
<shlevy> Sonarpulse: That's in principle doable
<Sonarpulse> yeah I say a) see if anyone complains b) do that
<shlevy> Sonarpulse: But note that it means you have to run all the checks and merge them :D
<Sonarpulse> well do people do allowBrokwn just for the eval time?
<Sonarpulse> I see meta.wouldBeBroken not super changing things
<Sonarpulse> hell we could do it just based off the platform not other things
<shlevy> Grmp
<shlevy> This is gonna be a process
phreedom has quit [Ping timeout: 268 seconds]
<Sonarpulse> shlevy: well waiting for somebody else to complain can be a proxy for "does allowBroken correctness matter?"
<shlevy> Someone di complain
<shlevy> that's how I know :D
<Sonarpulse> haha ok
<Sonarpulse> oxij made meta.allowed
<Sonarpulse> I wonder if they have an opinion
<shlevy> I think this is an ML question
<shlevy> Bah
<Sonarpulse> sure
phreedom has joined #nixos-dev
phreedom has quit [Quit: No Ping reply in 180 seconds.]
<Sonarpulse> shlevy: ah I see commit
phreedom has joined #nixos-dev
<shlevy> bgamari: Thoughts on how to work around https://github.com/NixOS/nixpkgs/pull/37867#issuecomment-376932429 ?
<shlevy> It's a bit of a pain to include patches in-tree if we don't have to...
<bgamari> ugh
<bgamari> Ideally we would just fix and merge the patch
<bgamari> until then not really
<shlevy> OK.
<shlevy> niksnut: OK to upload a patch to tarballs.nixos.org?
<niksnut> shlevy: sure (via maintainers/scripts/copy-tarballs.pl please)
<shlevy> niksnut: Thanks, will do!
<shlevy> niksnut: So if I use copy-tarballs I don't need to change the actual fetchurl call right?
<Sonarpulse> shlevy: is this a proper fix, or hacking around a cabal bug?
<shlevy> Sonarpulse: Ask thoughtpolice :)
<Sonarpulse> hehe fair
<shlevy> IIUC it's a proper but not yet complete fix
<shlevy> The not-yet-complete part isn't relevnt to Nix though, since we don't use multiple package dbs
<thoughtpolice> Right, it doesn't handle sets of package DBs, only a single one. But previously it couldn't handle either case when this bug cropped up.
Synthetica has quit [Quit: Connection closed for inactivity]
<Sonarpulse> thoughtpolice: ok cool. but just out of curiosity, is it *right* for cabal to compute this wrong?
<Sonarpulse> should we even store it if both tools can compute on the fly?
__Sander__ has quit [Quit: Konversation terminated!]
<shlevy> niksnut: I got "uploading ./D4159.diff to sha512/6bfed3352cdf0e0a088ecd72b068d63d26f23d10b6a9ec145a75cef3b4062e81f5fa9e898e7041b0147126348c23702b07ebd49d2ff6796815f61bcb7ecefcac...
<shlevy> "
<shlevy> But when I try that URL I get a 403
<shlevy> and when I try to upload again I get told it's already mirrored
goibhniu has quit [Ping timeout: 248 seconds]
<thoughtpolice> Sonarpulse: Well, that's what this patch fixes. Essentially. In short, abi-depends was kind of a misdesign, it depends on the tool registering the package to fill it out for a given package. Well, you can work yourself into situations where Cabal will use a cached abi-depends field for some package in the dependency set, rather than recomputing it. This results in a hash mismatch. The patch basically says "ghc-pkg will never look
<thoughtpolice> at abi-depends written by Cabal, instead, if it needs the ABI hash for a dependent package, it will just go back and look it up in the package database itself"
<thoughtpolice> IIRC
<thoughtpolice> So in short, no it is not 'correct' that it's wrong of course, but yes, it should compute it on the fly instead, and that's what this makes it do.
<shlevy> niksnut: Looks like copy-tarballs.pl doesn't set the object ACL right... trying it manually
<shlevy> OK got it
<gchristensen> hmm I think that is only the second thing in nixpkgs which doesn't have a "real" canonical URL
<gchristensen> a shame, really
<shlevy> gchristensen: Hm?
<gchristensen> dear phabricator, plz host stable patches
<shlevy> Ah
<shlevy> A bunch more without the "sha256"
<gchristensen> ahh gotcha
<shlevy> I guess predating niksnut asking people to use copy-tarballs :D
orivej has quit [Ping timeout: 256 seconds]
<Sonarpulse> thoughtpolice: thanks
<Dezgeg> why did this appear on staging again? https://hydra.nixos.org/build/72154512
<Sonarpulse> I'm just always trying to piece out how things ought to be with cabal and ghc
<Sonarpulse> cause there's so much old random technical debt clouding the situation
<pbogdan> Dezgeg: seems like because of 4270c5c7be22576b37b6a6411e0f294ebfdbcb82 getting merged into staging at some point?
<pbogdan> perhaps the pattern conflicts with the fix in perl's generic builder
<pbogdan> (which IIRC is still only in staging but I could be wrong)
<gchristensen> I suspect it'll be harder to find nix-on-linux users than it was nix-on-darwin users to test :)
<Sonarpulse> the ocaml situation in nixpkgs is wack, haha
jtojnar_ has joined #nixos-dev
<LnL> what I hear from ocaml people it's crazy in general
<Sonarpulse> LnL: yeah i get a sense of that too
<Sonarpulse> I do like the opam jbuild/dune division of labor
jtojnar has quit [Ping timeout: 264 seconds]
jtojnar_ is now known as jtojnar
dkozar has quit [Quit: WeeChat 2.0]
domenkozar has joined #nixos-dev
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
jtojnar has quit [Quit: jtojnar]
davidlt has quit [Ping timeout: 268 seconds]
davidlt has joined #nixos-dev
jtojnar has joined #nixos-dev
jtojnar has quit [Ping timeout: 256 seconds]
shlevy has quit [Quit: Quit]
<gchristensen> ok shl.... where'd he go
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-dev
<gchristensen> anyone available to do a pre-review on some installer work I'm doing?
<Dezgeg> pbogdan: yeah makes sense, bisect landed on some master -> staging merge
shlevy has joined #nixos-dev
<Dezgeg> so I just drop the postPatch?
<Dezgeg> that does make it build, so I guess I do that
JosW has quit [Quit: Konversation terminated!]
* Dezgeg has no idea what he is doing *shrug*
<gchristensen> shlevy: https://github.com/grahamc/nix/pull/1 ready for a more thorough look-over
<gchristensen> I've not tested it on a mac yet, but works nicely and reliably on centos7
* dtz gives gchristensen all the golden stars
<gchristensen> =)
<shlevy> gchristensen: #!/bin/bash? Sorry, I'm going to have to revoke your nixpkgs commit bit
<gchristensen> lol
<LnL> lol
<LnL> gchristensen: while you're at it, it would be nice if the installer has a flag to disable multi-user for people that don't want it
<LnL> that's currently not possible without changing the script first
<shlevy> gchristensen: Is there anything CentOS 7 specific other than that you check for CentOS 7?
<gchristensen> shlevy: only in that I've tested centos7 and am keeping my promises limited until I've tested more :)
<shlevy> :)
<shlevy> Fair
<Dezgeg> wasn't there some PR for building RPMs and DEBs? maybe it'd make sense to have multi-user only there by default
<Dezgeg> frankly the thought of running some shell scripts as root doing user and service management on all those random linux distros terrifies me :P
<shlevy> It's not like we configure much
<gchristensen> so ... I _think_ what I have already universally supports systemd systems
<shlevy> Just give the init system an entry point
<gchristensen> and I don't think we should work too hard to branch out yet
<shlevy> Agreed
<shlevy> Hopefully Nix 4.0 with "service" derivation types will be out before we have to care ;)
<dtz> yeah, and I was also wondering re:the installer PR
<dtz> lots of effort put into that, hopefully we can take advantage of it ^_^
<Dezgeg> it's not the init system stuff that I worry but rather things like NIX_BUILD_GROUP_ID="30000"
jtojnar has joined #nixos-dev
<shlevy> :'( github lack of rename detection
<shlevy> Oh
<shlevy> we should just switch to dynamic uids
<gchristensen> Dezgeg: fwiw it is pretty careful around those UIDs
<Dezgeg> I doubt Centos 7 supports such new things from systemd
<shlevy> The core concept doesn't require systemd
* gchristensen stops listening while he still has his sanity lol
<shlevy> We *already* chown everything after the build anyway
<shlevy> So the Nix version would be much simpler
<Dezgeg> is there actually a need for the build users anymore with user namespaces?
<Dezgeg> (probably would need code changes though)
<shlevy> Hmm fair question
<shlevy> Anyway at this pointI just throw up my hands and complain about lack of proper capabilities
<shlevy> But I think niksnut was already looking at dynamic users...
<shlevy> So the only problem with dynamic users on arbitrary POSIX is builds reading /etc/passwd
<Dezgeg> you mean in non-sandboxed builds?
<shlevy> Yeah
<shlevy> Well, I guess on arbitrary POSIX if multiple things do the dynamic user dance you need some way to globally lock them... Ugh
<shlevy> I wish systemd were less monolithic... a system daemon for allocating dynamic users would be great, and completely non-Linux specific except for the nss stuff
<gchristensen> "warning: unable to download 'https://cache.nixos.org/pq7b5mwxqp3mfppf17lgga25kzym6kxd.narinfo': SSL peer certificate or SSH remote key was not OK (51); retrying in 293 ms" hrm. instead of scuttling the build on this, it should probably just decide to build it locally
<zybell_> I had this great IDEA(tm):Hooks. That are directorys in which every user can drop scripts, which are called with 'su $(dropping user)'(no extra privs) in case of all possible events. I thought even about an sudo entry to run hooks to which root can suscribe. For updates,reboot ...
<zybell_> One dir per event!
<shlevy> Bah. This is why I hate plain-text. gchristensen going to have to wait until tomorrow to review your installer stuff, sorry!
<gchristensen> no worries, it is a doozy
<gchristensen> it just about drove me mad writing it
abbradar has quit [Remote host closed the connection]
MichaelRaskin has joined #nixos-dev
<zybell_> I had this great IDEA(tm):Hooks. That are directorys in which every user can drop scripts, which are called with 'su $(dropping user)'(no extra privs) in case of all possible events. I thought even about an sudo entry to run hooks to which root can suscribe. For updates,reboot ...
<zybell_> One dir per event!
<gchristensen> we should be good now! thank you for your patience!
<dtz> globin_: saw you posting about having a prototype for rust-musl w/Nix? Is that still around? :D
<simpson> zybell_: Your security model needs work. Here's a recent sketch of a similar system using capabilities: http://www.lothar.com/blog/58-The-Spellserver/
zybell_ has quit [Ping timeout: 240 seconds]
zybell_ has joined #nixos-dev
<zybell_> simpson: Which security model did you derive from my (short) description and in which way is it lacking?
<simpson> zybell_: It sounds like a way to have confused deputies. You may want to read this short story: http://www.cap-lore.com/CapTheory/ConfusedDeputy.html
ma27 has joined #nixos-dev
<zybell_> I know;-) Therefore only correct perms will be ever executed. And that perms can't be set other than owner.
<zybell_> All other is garbage.
<MichaelRaskin> A typical failure mode for such a system is to forget symlinks exist
<MichaelRaskin> (stat vs lstat)
<simpson> zybell_: Okay then. Best of luck; I'll be happy to review your PR when it's ready.
goibhniu has joined #nixos-dev
<zybell_> Symlinks caNt setuid.
<dtz> lol not sure what is causing it but apparently lack of sandbox (?!) is causing error resulting in attempts to use dpkg-architecture?? lol o_O
<dtz> I hope that's user error haha
<MichaelRaskin> zybell_: why would I want to setuid?
<zybell_> Only setuid proves owner correct.
<gchristensen> this sounds fairly off topic for #nixos-dev
<simpson> gchristensen: I figured that this was Yet Another User/Home Management Tool, and those are on-topic, right?
<gchristensen> I think #nixos-dev's "mission" is to be a lower-volume channel about longer term nix ecosystem issues
<gchristensen> I could be wrong about it being off-topic
<MichaelRaskin> I never got the «longer-term» impression
davidlt_ has joined #nixos-dev
<gchristensen> ah :) sorry
<MichaelRaskin> In practice I had an impression that the distinction is more that everyone who speaks is expected to have experience writing nix expressions, and the questions are supposed to be about developing/extending Nix code or code for working with Nix.
<zybell_> And I thought that a general mechanism of distributing events(going online/offline, changing config...) and asking for action (running update,changing runlevel/packages...)would be a long term development.
davidlt has quit [Ping timeout: 260 seconds]
<MichaelRaskin> But I could also be wrong.
orivej has joined #nixos-dev
<MichaelRaskin> zybell_: I think /run/user/ structure of a directory per user (writeable only for that user) should already be simpler to secure.
davidlt_ is now known as davidlt
<zybell_> The idea is to let everybody interested in an event to subscribe to it. And that as early as possible in the boot process. Or as late in shutdown.
<MichaelRaskin> Note that delaying shutdown might be a security risk
<simpson> zybell_: systemd already advertises everything on dbus, doesn't it?
<simpson> Not that dbus isn't a gaping security hole, but at least it's documented as such~
<zybell_> Which may necessitate firing the events in background. But who is fast enough to catch them before the killall, who am I to deny the chance?
<MichaelRaskin> Well, we all know how to hide from killall.
<MichaelRaskin> FUSE forkbombs are nice
<zybell_> DBus: I would target shell-scripts, but I can think of a 'dbus-started' event;-)
<zybell_> Fuse doesn't work after rmmod fuse
<simpson> zybell_: Well, what does your prototype do right now? Do you have code working with your local systemd yet?
<zybell_> I try to pb sth
Jackneill has quit [Read error: Connection reset by peer]
Jackneill has joined #nixos-dev
<zybell_> https://pastebin.com/BzwzuF6G should give you an impression.
<zybell_> And it is not by accident that it is even then secure if you try shortcuts,to many of which it gives opportunities.
orivej has quit [Ping timeout: 264 seconds]
<zybell_> The -xc Flags in the line that reads '... while read ...' are for debugging and can be replaced with -c.
<zybell_> AfK
<simpson> zybell_: This doesn't look like it'd work on NixOS. If you're new to our concepts, I encourage you to experience NixOS for a bit.
jtojnar_ has joined #nixos-dev
jtojnar has quit [Quit: jtojnar]
jtojnar_ has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
jtojnar has quit [Ping timeout: 260 seconds]
goibhniu has quit [Ping timeout: 246 seconds]
Sonarpulse has quit [Ping timeout: 276 seconds]
<niksnut> shlevy: regarding dynamic uid allocation, there is https://github.com/NixOS/nix/commit/ad1c827c0d7c96075e8e820fc66be5ea849497c9
jtojnar has joined #nixos-dev
jtojnar has quit [Ping timeout: 264 seconds]
jtojnar has joined #nixos-dev
xeji has joined #nixos-dev
davidlt_ has joined #nixos-dev
jtojnar_ has joined #nixos-dev
jtojnar has quit [Ping timeout: 256 seconds]
jtojnar_ has quit [Remote host closed the connection]
davidlt has quit [Ping timeout: 246 seconds]
jtojnar has joined #nixos-dev
jtojnar has quit [Ping timeout: 240 seconds]
davidlt_ has quit [Ping timeout: 248 seconds]
jtojnar has joined #nixos-dev
<shlevy> niksnut: Ah, nice!
<dtz> is ubuntu 14.04 laughably too old for Nix?
<dtz> the kernel is 4.2 which had me optimistic, but I'm encountering some error-- "permission denied" when trying to mount /proc -- which is not something I've seen before. Anyone know? :)
<dtz> I see the release.nix has attributes for 1710 haha is that what's needed?
<thoughtpolice> 16.04 should work fine fwiw, we use it at $WORK.
<shlevy> I should get an SVR4 port going
<dtz> okay, ty thoughtpolice
coconnor has quit [Ping timeout: 276 seconds]
coconnor has joined #nixos-dev
coconnor has quit [Remote host closed the connection]
zybell_ has quit [Ping timeout: 248 seconds]
zybell_ has joined #nixos-dev