worldofpeace_ changed the topic of #nixos-dev to: #nixos-dev NixOS Development (#nixos for questions) | NixOS stable: 20.03 ✨ https://discourse.nixos.org/t/nixos-20-03-release/6785 | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | https://r13y.com | 19.09 RMs: disasm, sphalerite; 20.03: worldofpeace, disasm | https://logs.nix.samueldr.com/nixos-dev
abathur has quit [Quit: abathur]
justanotheruser has quit [Ping timeout: 260 seconds]
ixxie has quit [Ping timeout: 260 seconds]
abathur has joined #nixos-dev
justanotheruser has joined #nixos-dev
lassulus has quit [Ping timeout: 244 seconds]
lassulus has joined #nixos-dev
tilpner_ has joined #nixos-dev
tilpner has quit [Ping timeout: 240 seconds]
tilpner_ is now known as tilpner
lassulus_ has joined #nixos-dev
lassulus has quit [Ping timeout: 256 seconds]
lassulus_ is now known as lassulus
bennofs__ has quit [Ping timeout: 264 seconds]
marek has quit [Ping timeout: 256 seconds]
<{^_^}> firing: RootPartitionLowDiskSpace: https://status.nixos.org/prometheus/alerts
cptchaos83 has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
cptchaos83 has joined #nixos-dev
kalbasit has quit [Ping timeout: 256 seconds]
marek has joined #nixos-dev
rajivr has joined #nixos-dev
kalbasit has joined #nixos-dev
alp has quit [Remote host closed the connection]
alp has joined #nixos-dev
alp has quit [Remote host closed the connection]
alp has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
capisce_ has joined #nixos-dev
capisce has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
drakonis has quit [Ping timeout: 272 seconds]
evanjs has quit [Ping timeout: 272 seconds]
evanjs has joined #nixos-dev
cole-h has quit [Quit: Goodbye]
<{^_^}> firing: RootPartitionLowDiskSpace: https://status.nixos.org/prometheus/alerts
harrow has quit [Quit: Leaving]
harrow has joined #nixos-dev
kalbasit has quit [Ping timeout: 240 seconds]
alp has joined #nixos-dev
FRidh has joined #nixos-dev
xwvvvvwx- has joined #nixos-dev
xwvvvvwx has quit [Ping timeout: 272 seconds]
xwvvvvwx- is now known as xwvvvvwx
alp has quit [Ping timeout: 272 seconds]
ixxie has joined #nixos-dev
alp has joined #nixos-dev
ixxie has quit [Ping timeout: 240 seconds]
sphalerite has quit [Quit: WeeChat 2.6]
dmj` has quit [Ping timeout: 244 seconds]
sphalerite has joined #nixos-dev
dmj` has joined #nixos-dev
<rnhmjoj> can we do something about the vulnerability roundup issues? there are hunders of them with absolutely no reply from the maintainers. are there duplicates, false positives? why nobody bothers to solve or ever close them?
<infinisil> rnhmjoj: Unless somebody gets paid to work on them, we can't expect anything
<rnhmjoj> of course, i was just thinking that filling the issue tracker with them may not be the best solution
<infinisil> Hmm maybe, if anything though, it at least brings more visibility to security problems
<rnhmjoj> there are issues about old channels like 19.03, should they be closed?
ckauhaus has joined #nixos-dev
Gaelan has joined #nixos-dev
Gaelan_ has quit [Read error: Connection reset by peer]
georgyo has quit [Ping timeout: 244 seconds]
georgyo has joined #nixos-dev
regnat has quit [Ping timeout: 260 seconds]
regnat has joined #nixos-dev
elvishjerricco has quit [Ping timeout: 244 seconds]
elvishjerricco has joined #nixos-dev
raboof has quit [Ping timeout: 244 seconds]
danderson has quit [Ping timeout: 256 seconds]
globin has quit [Ping timeout: 260 seconds]
danderson has joined #nixos-dev
rnhmjoj has quit [Ping timeout: 260 seconds]
globin has joined #nixos-dev
raboof has joined #nixos-dev
rnhmjoj has joined #nixos-dev
<{^_^}> firing: RootPartitionLowDiskSpace: https://status.nixos.org/prometheus/alerts
alp has quit [Ping timeout: 256 seconds]
alp has joined #nixos-dev
<gchristensen> I'd like to change these lines: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/boot/stage-2-init.sh#L169-L172 and I'd rather not maintain a patch on top of nixpkgs for it. my exact change is probably not appropriate for nixpkgs. any suggestions on how I could do this in a way acceptable to merge?
<FRidh> gchristensen: introduce a @systemdPath@ that when set overrides what's there?
<gchristensen> and add a wrapper script? that sounds promising
<niksnut> make the changes to a local branch of nixpkgs?
<gchristensen> I suppose I could, I'm pretty bad at the rebase workflow and keeping up to date. maybe we should make tools to support that, so it is easier for people to do it
<LnL> I think having some builtin way to apply patch files ontop of a channel/flake would be really nice
<gchristensen> I agree
<LnL> the most common usecase for that is, apply this fix until I get to the point where it was merged
<LnL> so merge conflicts mean you can get rid of the patch in that case
<niksnut> that tool exists, it's called git ;-)
<gchristensen> well, it isn't very good at it: the workflow has me on a different version than anyone else making it incomparable, or having to rebase my patches continuously meaning I lose rollback / version history, or keep a careful log with tags. and, I lose command-not-found and other hydra artifacts that only come from the channel scripts.
<gchristensen> s/hydra //
<niksnut> that would also be true if nix had the ability to apply patches
<niksnut> because you wouldn't have a "rev" anymore
<gchristensen> right
<gchristensen> but maybe there is another way
<LnL> there's reflog, but using git (directly) is way to general IMHO
<niksnut> btw I had to change those lines recently as well (for some container related flags / debugging)
<gchristensen> oh really?
<LnL> what I do in my git hook is tag the revision with the generation, which means git log --tags gives full history even if things are force pushed
<gchristensen> oh cool
<{^_^}> #93110 (by grahamc, 1 minute ago, open): stage-2: parameterized systemd executable
<worldofpeace> Hi, need the help a wonderful hydra admin, I have jobset request
<worldofpeace> https://github.com/NixOS/nixpkgs/pull/93114 I need to run updates for gnome on stable releases. These are soo big
<{^_^}> #93114 (by worldofpeace, 1 minute ago, open): [20.03] Gnome 3.34 updates (the sequel)
<worldofpeace> plus I have to manually it, slightly
<niksnut> gchristensen: my use case was running systemd under strace
<niksnut> and adding some logging flags
<worldofpeace> * manually test it
<worldofpeace> I've made it at a branch in nixpkgs gnome-20.03
<worldofpeace> similar config for https://hydra.nixos.org/jobset/nixpkgs/gnome#tabs-configuration would be nice
<gchristensen> on it, worldofpeace
<worldofpeace> gchristensen: 💓
<worldofpeace> my hero
<worldofpeace> the hero we needed
<worldofpeace> cc Jan Tojnar
alp has quit [Remote host closed the connection]
alp has joined #nixos-dev
jakob38 has joined #nixos-dev
ixxie has joined #nixos-dev
<{^_^}> firing: RootPartitionLowDiskSpace: https://status.nixos.org/prometheus/alerts
<ryantm> rnhmjoj: I think closing any vulnerability roundup issue older than 20.03 is appropriate because we aren't supporting them anymore.
FRidh has quit [Quit: Konversation terminated!]
<rnhmjoj> @ryantm:matrix.org: this should probably be automated: the reports contain a reference to the channel so perhaps a bot could add a "unsupported" tag and close them
<ryantm> Sounds reasonable.
ckauhaus has quit [Quit: WeeChat 2.7.1]
<ryantm> I also wonder about the usefulness of those issues when things like https://repology.org/projects/?inrepo=nix_stable&vulnerable=1 exist.
<gchristensen> omg a replacement for lwn
<gchristensen> this is wonderful
__monty__ has joined #nixos-dev
<rnhmjoj> this is pretty cool, but can i get a notification when one of my packages is vulnerable?
<qyliss> Repology does support per-maintainer feeds
<qyliss> I am subscribed to RSS to a feed of when any of my packages go out of date
<qyliss> I don't know if that can be limited to only vulnerable packages, but I'd suspect so.
<rnhmjoj> it's a great idea, i'll definitely look into this
<qyliss> But not sure you can get RSS for arbitrary searches
<qyliss> would probably be very easy to add (it's open source) if not
<ryantm> The vulnerability feature is new. It hasn't been added to the API (or at least the docs) yet. https://repology.org/api
<ryantm> Keep in mind that our speed of updating to Repology is kind of slow, because it only tracks the channels.
<qyliss> Once it knows a package is vulnerable, though, that should apply to us without it needing to recheck our channels though, right?
<ryantm> Good point.
<gchristensen> and presumably our software doesn't get older, so the common case will be we've fixed something they think is vulnerable
<ryantm> I wonder if we can convince ourselves to publish a master branch package listing, and Repology to accept it as a repo.
kalbasit has joined #nixos-dev
ixxie has quit [Ping timeout: 260 seconds]
ixxie has joined #nixos-dev
nschoe has joined #nixos-dev
jakob38 has quit [Remote host closed the connection]
FRidh has joined #nixos-dev
leungbk has joined #nixos-dev
qyliss has quit [Quit: bye]
qyliss has joined #nixos-dev
justanotheruser has quit [Ping timeout: 260 seconds]
kalbasit has quit [Remote host closed the connection]
<gchristensen> https://github.com/NixOS/nixpkgs/pull/93110 any last words?
<{^_^}> #93110 (by grahamc, 4 hours ago, open): stage-2: parameterized systemd executable
justanotheruser has joined #nixos-dev
cole-h has joined #nixos-dev
<timokau[m]> @ryantm:matrix.org: That's great. Is it possible to tell repology about CVE patches?
<{^_^}> repology/repology-updater#1045 (by AMDmi3, 8 weeks ago, open): False positive CVEs reports for patched packages
<ryantm> Not yet.
<julm> bad news everyone.. apparmor-profiles needs patching: it allows /etc/ld.so.preload but NixOS uses /etc/ld-nix.so.preload, and I think that all <abstractions/base> should be replaced because it allows stuffs using the FHS, like all .so in /{usr/,}lib{,32,64}/ld{,32,64}-*.so, this makes no sense and it does not help for the list of .so in /etc/ld-nix.so.preload ; moreover the ExecStop in services.apparmor
<julm> are missing include paths (-I) and thus fail leaving phantom AppArmor profiles active
<timokau[m]> @ryantm:matrix.org: Good to hear its on the radar.
drakonis has joined #nixos-dev
<{^_^}> firing: RootPartitionLowDiskSpace: https://status.nixos.org/prometheus/alerts
rajivr has quit [Quit: Connection closed for inactivity]
<domenkozar[m]> gchristensen: oh wow, dream come true (the screenshot)
<gchristensen> yup
alp has quit [Ping timeout: 272 seconds]
orivej has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-dev
ixxie has quit [Quit: Lost terminal]
nschoe has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
nschoe has joined #nixos-dev
FRidh has quit [Quit: Konversation terminated!]
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
leungbk has quit [Ping timeout: 260 seconds]
orivej has quit [Ping timeout: 256 seconds]
orivej_ has joined #nixos-dev
<infinisil> adisbladis: Hey, question regarding poetry2nix, I'm not sure why this is implemented like this: https://github.com/nix-community/poetry2nix/blob/78aeb5d8e3460a0d88ddb65e8d54c34d916425ea/lib.nix#L156-L162
<infinisil> Oh wait
<infinisil> Well never mind, I think I understand now, but imo it should default to poetry.masonry.api
<infinisil> Because that's what poetry does too
<infinisil> PR incoming
<infinisil> Well at least I think that's what poetry does, because `poetry build` doesn't fail without a build-backend
orivej has joined #nixos-dev
orivej_ has quit [Ping timeout: 264 seconds]
orivej has quit [Quit: No Ping reply in 180 seconds.]
phreedom has quit [Remote host closed the connection]
phreedom has joined #nixos-dev
orivej has joined #nixos-dev
alp has joined #nixos-dev
nschoe has quit [Ping timeout: 272 seconds]
orivej has quit [Ping timeout: 258 seconds]
orivej has joined #nixos-dev
<ma27[m]> any rust folks available who want to review/test this: https://github.com/NixOS/nixpkgs/pull/93128 ? :)
<{^_^}> #93128 (by Ma27, 5 hours ago, open): rust: Fix build flags
<cole-h> ma27[m]: Building tokei against it rn
<ma27[m]> thx :)
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
<cole-h> ma27[m]: One minor complaint is: I don't like the verbosity of copying to the tmp directory (displaying `olddir/file1 -> tmpdir/file1` for every file).
<cole-h> But maybe that's just me
alp has joined #nixos-dev
<ma27[m]> oh you're right, should've removed that in the first place :)
<cole-h> <3 ma27[m]
<{^_^}> ma27[m]'s karma got increased to 19
<cole-h> tokei works as expected (yaml serialization shows up in help output), thanks ma27[m]!
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 272 seconds]
leungbk has joined #nixos-dev
orivej_ has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
orivej has quit [Quit: No Ping reply in 180 seconds.]
orivej has joined #nixos-dev
__monty__ has quit [Quit: leaving]
<{^_^}> firing: RootPartitionLowDiskSpace: https://status.nixos.org/prometheus/alerts
justanotheruser has quit [Ping timeout: 272 seconds]
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 272 seconds]
orivej_ has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
justanotheruser has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 246 seconds]
orivej has joined #nixos-dev