gchristensen changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | 18.09 release managers: vcunat and samueldr | https://logs.nix.samueldr.com/nixos-dev
Cale has quit [Remote host closed the connection]
Cale has joined #nixos-dev
Cale has quit [Remote host closed the connection]
Cale has joined #nixos-dev
lassulus_ has joined #nixos-dev
lassulus has quit [Ping timeout: 252 seconds]
lassulus_ is now known as lassulus
sir_guy_carleton has quit [Quit: WeeChat 2.0]
orivej has quit [Ping timeout: 252 seconds]
sir_guy_carleton has joined #nixos-dev
sir_guy_carleton has quit [Quit: WeeChat 2.0]
sir_guy_carleton has joined #nixos-dev
sphalerite has joined #nixos-dev
goibhniu has joined #nixos-dev
ckauhaus[afk] is now known as ckauhaus
sir_guy_carleton has quit [Quit: WeeChat 2.0]
srhb has quit [Killed (Sigyn (Spam is off topic on freenode.))]
sphalerite has quit [Ping timeout: 252 seconds]
sphalerite has joined #nixos-dev
init_6 has joined #nixos-dev
phreedom has quit [Remote host closed the connection]
phreedom has joined #nixos-dev
orivej has joined #nixos-dev
<ekleog> (from triage) looks ready to me :) https://github.com/NixOS/nixpkgs/pull/46668
<{^_^}> #46668 (by mbode, 1 week ago, open): doitlive: 3.0.3 -> 4.0.1
srhb has joined #nixos-dev
shreyansh_k has joined #nixos-dev
init_6 has quit []
orivej has quit [Ping timeout: 252 seconds]
<ekleog> Mic92: thanks! :)
ckauhaus has quit [Quit: WeeChat 2.0]
<ekleog> maintainer-ping for merge of https://github.com/NixOS/nixpkgs/pull/47273 :) (btw, samueldr, it'd be great if in your guidelines for backporting you included a section about whether updates to software where upstream supports only the latest version and said latest version has a major bump once a month should be backported or not, and if (likely?) not, how to deal with backporting security fixes when
<{^_^}> #47273 (by pacien, 1 hour ago, open): matrix-synapse: 0.33.3.1 -> 0.33.5
<ekleog> manpower is just not present to actually backport the patch -- same problem as with other software, but much more present, as about all security fixes become need-to-backport security fixes with this release model)
<samueldr> yeah, there's definitely a blurriness along those lines; it probably will need some arbitrary rules; something like a points-based system where points are attributed depending on misc. arbitrary but specific and unarguable(?) criterias
<samueldr> e.g. services (like spotify) where a client update is required to access the third-party servers get X points
<samueldr> no good source of security updates
<samueldr> I guess a whole book could be written on the subject :)
<samueldr> one of the criteia I had in mind (minutes ago) was: handles third-party content (security concerns with badly formatted content), but who am I kidding? a good chunk of software these days is made to "open stuff", so they'd all match
<ekleog> for security point attribution, you can use the CVSS score (just have to define whether to take v2, v3 or a combination of both)
<samueldr> and backporting means more than simply thinking about "security"; e.g. the spotify example, where the software requires an update to use the service: even if security is fine, the software could be useless :/
<samueldr> it's more of a "if we don't backport, what kind of inconveniences would an end-user face?"
<ekleog> indeed, usability is another factor that could make points increase
<samueldr> which is a balancing act, if a number of smaller updates are skipped due to there being no security issues, do we make the large jump at the first security issue?
<ekleog> I guess the problem is also along the lines of “how much points should it take to make a patch/minor/major update?”, then (as well as whether Y in 0.Y.Z should be considered as major or minor)
<samueldr> ^ and that is only about right if the software follows semver properly :/
<ekleog> well, yeah, but I think we can assume that because otherwise it'd become impossible to write guidelines, wouldn't it? ^^
<samueldr> or that we need to take it into consideration and write it without any versioning consideration to reduce rules lawyering
<ekleog> hmm so it would need to count negative points for changelog items?
<ekleog> I mean, having a clear system to know whether or not to backport something would be a good thing IMO, even if it ends up in a somehow rigid system at least the “the rules say X” would be uncontroversial -- and the rules could be adjusted later on :)
<ekleog> what happened in practice with synapse was no update, and then a big update when a security issue came in
<samueldr> (I'm thinking about one specific thing I maintain which increments their version number hapazardly, so version number shouldn't be part of the rules, but could be used as an initial flag)
<samueldr> ^ [12:19:06] <samueldr> which is a balancing act, if a number of smaller updates are skipped due to there being no security issues, do we make the large jump at the first security issue?
<samueldr> mirroring my thoughts :)
<ekleog> hmm, so counting negative points for changelog items indeed? :) something like “a user-facing change makes -X points, an API-facing change for rarely-used stuff -Y, and an API-facing change for often-used stuff -Z”?
<samueldr> "software is a dependency / isn't a dependency" comes in like a dog in a bowling game :/
<ekleog> yeah indeed
<ekleog> and then whether bugfixes should be positive or negative points is hard too
<ekleog> multiply Y and Z by (1 + number of dependencies in nixpkgs)? :°
haslersn has joined #nixos-dev
* ekleog tossing things into a cauldron and seeing what sticks
<ekleog> … anyway, more than time to sleep here, thank you for the discussion, and good night!
<samueldr> 'night
<{^_^}> Night!
<haslersn> Hi. If I have this in my directory, executing `nix-shell` works, but executing `nix-shell -E 'code'` does not. Why is that? https://gist.github.com/haslersn/a5bd6b82b9bbd943ffb4d917ac60bb25
worldofpeace has joined #nixos-dev
worldofpeace has left #nixos-dev [#nixos-dev]
<samueldr> haslersn: I'm assuming "./default.nix" is in the CWD when you're running nix-shell -E, right?
<samueldr> anyway, `nix-shell -E 'with import <nixpkgs> {}; mkShell { buildInputs = [ hello]; }'` works, so it doesn't intiially looks like -E itself doesn't (with nix 2.0.4)
<haslersn> samueldr: yes
<samueldr> can you produce a minimal default.nix showing the issue?
<haslersn> samueldr: It worked after I removed the name attribute
<haslersn> (And used mkShell)
<samueldr> mkShell in the end calls mkDerivation, but adds name and other attributes for you
<haslersn> samueldr: Ah I found my initial mistake. I had the name empty which apparently isn't allowed
<samueldr> :)
<haslersn> Thanks for your help. The error message was: "error: illegal name: '.drv'". It would be nice if it's something like "error: derivations mustn't have an empty name". Where is the right place to suggest such a minor change
shreyansh_k has left #nixos-dev ["Konversation terminated!"]
<gchristensen> oops wrong linkx
<samueldr> :)
aszlig has quit [Quit: Kerneling down for reboot NOW.]
aszlig has joined #nixos-dev
haslersn has quit [Ping timeout: 256 seconds]
<gchristensen> `nix build`'s low amount of output feels so much more boring :)
<domenkozar> I always stare at it, having fun decyphering glyphs
<gchristensen> thaht is another thing, I'm not entirely sure what all the numbers mean
<domenkozar> I feel like I'm looking at 10 dimentional graph without labels
<gchristensen> the download progress part -- really really good
<sphalerite> lol
<sphalerite> it's one of those binumeratorial fractions, never heard of those? ;)
<sphalerite> in progress/done/total to do
<LnL> isn't it building/done/total
<domenkozar> lol
<LnL> or is that what you mean with progress
<sphalerite> yes
<sphalerite> well the thing is there are two of those fractions often
<sphalerite> [building/done building/total to build, copying/done copying/total to copy "copied"]
<LnL> oh, you also get that when copying stuff?
<sphalerite> nix build --argstr system i686-linux nixpkgs.rocksndiamonds
<sphalerite> it'll build some bits and copy some bits from cache.nixos.org, displaying two fractionoids
<sphalerite> (still don't know what to call them :D )
orivej has joined #nixos-dev
lopsided98 has quit [Quit: Disconnected]
sir_guy_carleton has joined #nixos-dev
lopsided98 has joined #nixos-dev
lopsided98 has quit [Quit: Disconnected]
lopsided98 has joined #nixos-dev
orivej has quit [Ping timeout: 252 seconds]
worldofpeace has joined #nixos-dev
worldofpeace has left #nixos-dev [#nixos-dev]
sir_guy_carleton has quit [Quit: WeeChat 2.0]
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nixos-dev
jtojnar has quit [Read error: Connection reset by peer]
ma27 has quit [Quit: WeeChat 2.2]
sir_guy_carleton has joined #nixos-dev
ma27 has joined #nixos-dev
goibhniu has quit [Ping timeout: 264 seconds]
page_ has joined #nixos-dev
page has quit [*.net *.split]
WilliButz has quit [*.net *.split]
LnL has quit [*.net *.split]
LnL has joined #nixos-dev
phreedom has quit [Remote host closed the connection]
phreedom has joined #nixos-dev
<samueldr> it is surprising to me that symlink resolution is done locally, when nix-copy-closure --from $someotherhost
<samueldr> nix-copy-closure --from bart.local /run/current-system # error: path '/nix/store/...-nixos-system-localhost-... is not valid'
<gchristensen> I really wish I hadn't mucked up the aarch64 builder :')
<samueldr> still having issues?
jtojnar has joined #nixos-dev
<gchristensen> yeah. I locked myself out by breaking the networking, and not having an account with a password ... plus a lack of inventory at Packet to replace it and a bug in the reinstall process.
<gchristensen> in other words, a great confluence of things adding up to ... this
<samueldr> though, is it still up? or is hydra still a mystery to me?
<samueldr> I don't see jobs piling up, and in /machines packet-t2a-1 is idle?
<samueldr> what I'm thinking of is https://hydra.nixos.org/jobset/nixos/release-18.09-aarch64 <- only 1480621 has jobs waiting
<gchristensen> "only"
* samueldr hasn't checked for probably timed out jobs
<gchristensen> it is down
<gchristensen> I can see it and poke the login system, but not SSH in.
<samueldr> right, and aborted jobs
<samueldr> time to find a zero-day exploit
<gchristensen> lol
<gchristensen> I have one more idea if they'll force a reboot of it, but not sure they're able to
<samueldr> not being able to force a reboot? weird
<gchristensen> their backend thinks it is provisioning
<gchristensen> so the state machine prohibits a lot of actions
<samueldr> oh, *that* kind of fun
<samueldr> and no timeout in their state machine?
<samueldr> (he aks rhetorically)
<samueldr> asks*
<gchristensen> wellllllll yes