<{^_^}>
getting status of '/run/systemd/units/ca3347662ee642379f6604a8b66fff45': No such file or directory
<aszlig>
niksnut: ^ is there any reason why EvalState::checkSourcePath should resolve symlinks in canonPath?
<aszlig>
s/\<in\>/using/
<samueldr>
(this must be the weirdest way to file the bug report)
sir_guy_carleton has quit [Quit: WeeChat 2.0]
sir_guy_carleton has joined #nixos-dev
pie_ has joined #nixos-dev
pie__ has quit [Remote host closed the connection]
<ekleog>
aszlig: maybe stupid guess: to avoid that a derivation could write a symlink towards /etc/passwd in the store and then access it with IFD? not sure that's possible in restricted-eval mode, though
<aszlig>
ekleog: well, that's maybe because of channel links or something
<aszlig>
ekleog: i'm on my way to fixing this by canonicalizing the path first without resolving symlinks and process symlinks afterwards
<aszlig>
that way you can't leak information using ../../...
<aszlig>
at least in theory
* ekleog
would still re-check after symlink resolution just in case
<ekleog>
the threat model of restrict-eval is a malicious derivation trying to attack a user at build-time, right?
<aszlig>
ekleog: i think the thread model is that a malicious nix expression is trying to access paths or urls that are not explicitly allowed
<vcunat>
I don't know how Hydra's mail works on the inside. (e.g. if it will try to re-send those mails or something)
<vcunat>
niksnut: ^^
<niksnut>
yeah it's disabled
<vcunat>
and expected not to cause trouble if simply re-enabled?
<vcunat>
My guess would be that the problem was that the *first* evaluation happenned with the feature on. On subsequent evaluations I'd expect only status changes would be e-mailed, but I might easily be wrong.
<niksnut>
IMHO email notification is not really worth it
<niksnut>
it causes more problems than it's worth, and most users don't care for it
<LnL>
oh, meta.maintainers is broken on hyra Maintainer(s):not given
<LnL>
niksnut: ^
<vcunat>
EPYC: if one's buying the HW, the 16-core ryzens seem more economical than any epycs. At least for usual Hydra-like farm.
<vcunat>
s/16-core/16-thread/
<thoughtpolice>
vcunat: Threadripper is pretty good too and the prices are dropping ahead of the Zen refresh. But a lot of the cost is tied up in supporting gear though, so traditional Ryzens may be a better bet, yeah.
<thoughtpolice>
More economical mobo options, etc. And if the hardware is physical, power should probably also be taken into account, considering Hydra will keep that sucker loaded....
<vcunat>
Well, I didn't really look at power-efficiency, but I don't expect any drastic differences in there, if you go for similar GHz.
<vcunat>
The electricity price at my home is only a fraction what you (apparently) pay for hiring the machine.
<gchristensen>
an interesting thing is the epyc vs. the xeon saves ~100W
<vcunat>
The zens certainly made high CPU performance much more affordable, finally.
<gchristensen>
yeah, I mean, Packet.net isn't the cheapest way to get hw
<gchristensen>
but that 20Gbps network isn't cheap to get :P
<timokau[m]>
vcunat: niksnut: I think email notifications are very much worth it. How else are maintainers supposed to notice that their packages break? I think it is a very important step in minimizing hydra failures.
<gchristensen>
and getting it at an hourly rate w/ no setup is nothing to sneeze at either.... and the spot market for super cheap prices ... haha ok maybe I'm a fanboy ;)
<vcunat>
timokau[m]: yes, I don't know a better way ATM.
<vcunat>
Most maintainers didn't react to the e-mails apparently, but if working reasonably reliably, the feature would seem a nice to have.
<timokau[m]>
Yes and it was working reliably until the spam. If that is still a concern, maybe some stupid rate limiting would reduce the risk. Or worst case we could at least make it possible to opt-in.
<vcunat>
I occasionally did get some weird messages for it for builds that were months old.
<vcunat>
s/for it/from it/
<aminechikhaoui>
vcunat: I saw that also in our private hydra, I think it has to do with the attempted fix here but not sure https://github.com/NixOS/hydra/pull/566
<aminechikhaoui>
but it basically happens every time we restart the queue runner
<vcunat>
well first we need to fix filling the maintainer colon, as without that data there won't be anyone to send to
<vcunat>
(except for those messages: "your commit may have broken this build")
<vcunat>
Eh, not "colon", but I guess you know what I mean :-)
<timokau[m]>
In my opinion a few false-positives would be better than no positives at all :)
<timokau[m]>
I didn't know there was also that kind of message. Aren't that usually a lot of commits?
{^_^} has joined #nixos-dev
{^_^} has joined #nixos-dev
{^_^} has quit [Changing host]
<vcunat>
It certainly happened commonly that there were many.
<vcunat>
> This may be due to 640 commits by ... (long list of authors)
<{^_^}>
error: syntax error, unexpected ELLIPSIS, expecting ')', at (string):164:35
<gchristensen>
infinisil: it would be neat if the eval bot noticed most of the tokens were words and didn't post an error if it fails to evaluate
<gchristensen>
also I'd love a pony please
<infinisil>
Yeah I could probably do that
<infinisil>
Not the pony thing though :)
<vcunat>
🐎
<timokau[m]>
Those messages should probably be disabled. Or even better only sent if up to X commits might be responsible.
<gchristensen>
thanks vcunat <3 :)
<timokau[m]>
Unicode is amazing
<vcunat>
my client doesn't display it though
<timokau[m]>
What, you're using a terminal without emoji support? How are you even functioning?
<vcunat>
It's Pidgin :-)
<vcunat>
(i.e. fully graphical)
<timokau[m]>
I didn't know that was still alive (or ever supported irc)
<timokau[m]>
Anyways, is there an appropriate place to file an issue for the email thing? That would probably benefit from more permanent discussion.
<vcunat>
but I'm not sure if some other than Eelco watches it anyway :-)
<timokau[m]>
I guess I can just file an issue against that repo (nixos-org-configurations)
<timokau[m]>
And the problem with maintainers is that the parsing was just never adapted to the new maintainers format?
Sonarpulse has joined #nixos-dev
xeji has joined #nixos-dev
<vcunat>
It's possible. I don't know if anything was attempted.
sir_guy_carleton has joined #nixos-dev
__Sander__ has quit [Quit: Konversation terminated!]
orivej has quit [Ping timeout: 265 seconds]
drakonis has joined #nixos-dev
vcunat has quit [Ping timeout: 240 seconds]
shlevy has quit [Ping timeout: 255 seconds]
shlevy has joined #nixos-dev
phreedom_ has joined #nixos-dev
phreedom has quit [Ping timeout: 250 seconds]
primeos_ has quit [Quit: WeeChat 1.4]
orivej has joined #nixos-dev
<LnL>
dtz[m]: around?
drakonis has quit [Remote host closed the connection]
<Mic92>
globin: fpletz https://github.com/NixOS/systemd/pull/21 is ready for merging. I try to also get the nixpkgs pull request sorted out this weekend so we have enough time for testing before the release.