sphalerite changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | NixOS 19.03 released! https://discourse.nixos.org/t/nixos-19-03-release/2652 | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html https://r13y.com | 19.03 RMs: samueldr,sphalerite | https://logs.nix.samueldr.com/nixos-dev
<worldofpeace> zimbatm: I'd be happy to differentiate a description from https://discourse.nixos.org/t/about-the-announcements-category/16 to avoid confusion and how to structure a post.
<worldofpeace> I see how it could be seen as too similar because currently announcements has "can be followed to discover what is happening in the community" where this would be generally for nix contributors that want to keep up with the happenings in development internally
drakonis_ has joined #nixos-dev
Drakonis has quit [Ping timeout: 252 seconds]
cjpbirkbeck has quit [Quit: Quitting now.]
alp has quit [Ping timeout: 252 seconds]
phreedom has quit [Quit: No Ping reply in 180 seconds.]
phreedom has joined #nixos-dev
Drakonis has joined #nixos-dev
drakonis_ has quit [Ping timeout: 252 seconds]
drakonis_ has joined #nixos-dev
Drakonis has quit [Ping timeout: 252 seconds]
alp has joined #nixos-dev
alp has quit [Ping timeout: 264 seconds]
<ekleog> timokau[m]: FWIW, setuid doesn't work for scripts -- among other reasons, because it keeps the environment on and would thus be most likely to be a complete security hole (hello $IFS and the like)
<clever> ekleog: there have also been exploits from tools being ran under setuid when they wherent meant to be
<clever> for example, fusermount is a fuse util to mount an FS, its supposed to open a /dev/fuse handle and pass it back to the parent
<clever> but if /dev/fuse is missing, it will `modprobe fuse` for you
<clever> via ulimit, you can cause it to run out of open file handles, and fail to access /dev/fuse, so it will modprobe fuse for you
<clever> and oh, modprobe accepts an env var to configure itself, so it can run a command instead of loading fuse!
alp has joined #nixos-dev
Jackneill has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
alp has quit [Ping timeout: 264 seconds]
alp has joined #nixos-dev
phreedom has quit [Ping timeout: 260 seconds]
psyanticy has joined #nixos-dev
phreedom has joined #nixos-dev
init_6 has joined #nixos-dev
orivej has joined #nixos-dev
Jackneill has quit [Ping timeout: 244 seconds]
Jackneill has joined #nixos-dev
<gchristensen> anyone in the mood to review a docbookbuild change https://github.com/NixOS/nixpkgs/pull/64301
<{^_^}> #64301 (by grahamc, 1 minute ago, open): Docs/clean build
init_6 has quit []
ma27 has joined #nixos-dev
<gchristensen> samueldr: I don't suppose you have today of
<gchristensen> f
<samueldr> no, extremely on
<gchristensen> bummer
<gchristensen> I don't suppose I could steal 5min of your time to get an idea of what my next step should be on searchable docs
<samueldr> gchristensen: just ask, will look at it
Jackneill has quit [Ping timeout: 245 seconds]
<gchristensen> cool
<gchristensen> samueldr: for the purposes of a nice sidebar, I'm assuming the full ToC should be present on every page? not just the "local" ToC as in http://gsc.io/search-docs/package-specific-user-notes.html ?
<samueldr> if possible, I think so too
<samueldr> (make it possible, if possible :))
<gchristensen> and then from there use JS or whatever to collapse?
<samueldr> I would even go as far as pre-collapsing through appropriate use of css classes, so non-JS browsers would see the other main chapters, but not the firehose ToC
<gchristensen> oh cool
<gchristensen> ok, well I don't know how fancy we can get, but that sounds really smart
Jackneill has joined #nixos-dev
<gchristensen> if nothing else, I could postprocess the XML with XSLT
ma27 has quit [Quit: WeeChat 2.4]
orivej has quit [Ping timeout: 245 seconds]
puck has quit [Ping timeout: 248 seconds]
puck has joined #nixos-dev
ciil has quit [Quit: Lost terminal]
ciil has joined #nixos-dev
phreedom has quit [Ping timeout: 260 seconds]
phreedom has joined #nixos-dev
Drakonis has joined #nixos-dev
orivej has joined #nixos-dev
drakonis_ has quit [Ping timeout: 258 seconds]
Drakonis has quit [Ping timeout: 252 seconds]
bgamari has quit [Ping timeout: 252 seconds]
bgamari has joined #nixos-dev
bgamari has quit [Ping timeout: 258 seconds]
bgamari has joined #nixos-dev
Jackneill has quit [Remote host closed the connection]
alp has quit [Ping timeout: 252 seconds]
bgamari has quit [Quit: ZNC 1.7.2 - https://znc.in]
bgamari_ has joined #nixos-dev
bgamari_ has quit [Remote host closed the connection]
bgamari has joined #nixos-dev
alp has joined #nixos-dev
psyanticy has quit [Quit: Connection closed for inactivity]
zimbatm_ has joined #nixos-dev
zimbatm has left #nixos-dev ["Kicked by @appservice-irc:matrix.org : issued !quit command"]
zimbatm_ is now known as zimbatm
<timokau[m]> ekleog: Elevating security for scripts sounds like a bad idea to me anyway. There's just too many things that could leak. setuid binaries have to be built with setuid in mind. But as I said in the github thread, what I think people should be doing won't stop anyone from doing it so we might as well increase their security
<clever> timokau[m]: the fuse thing i mentioned above, is what happens when binaries not meant for setuid access (modprobe) get ran by a setuid proc
<timokau[m]> clever: Yeah that's what I meant. setuid binaries should be as small and self-contained as possible, which scripts inherently aren't
<clever> yeah
WilliButz has quit [Quit: WeeChat 2.4]
WilliButz has joined #nixos-dev
WilliButz has quit [Client Quit]
WilliButz has joined #nixos-dev
Drakonis has joined #nixos-dev
drakonis1 has joined #nixos-dev
phreedom_ has joined #nixos-dev
phreedom has quit [Ping timeout: 260 seconds]
WilliButz has quit [Quit: WeeChat 2.5]
WilliButz has joined #nixos-dev
Willi_Butz has joined #nixos-dev
Willi_Butz has quit [Quit: WeeChat 2.5]
<clever> [2328949.401531] systemd[1]: tgtd.service: Processes still around after final SIGKILL. Entering failed mode.
<clever> hmmm, need to increase the timeout more, this service really shouldnt get -9'd
v0|d has joined #nixos-dev
phreedom_ has quit [Ping timeout: 260 seconds]