supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-dev
teto has quit [Ping timeout: 244 seconds]
ris has quit [Ping timeout: 246 seconds]
rajivr has joined #nixos-dev
<siraben>
Have malicious packages ever been submitted/merged into nixpkgs?
<gchristensen>
not that I know of
<siraben>
I've noticed that maintainers will often build and run packages in PR, isn't that risky?
<ivan>
it would help if we had a tool that would automatically compare the upstream source
<ivan>
diffoscope already exists and could be wired up to github
<samueldr>
hmm, this is a good reason for what Debian does; have a fork of many of the projects they package... though I think they mostly do it to shove the build instructions in the repo
<samueldr>
they keep the commits from upstream as is, even... patches are supplied provided with the build instructions
<siraben>
Even with diffing upstream source, what if the source itself is malicious?
<siraben>
I suppose the blame can't be placed on nixpkgs then but with upstream
<samueldr>
yeah, I would assume the question implied "not from upstream", if upstream ends up with malicious stuff in it, it's kind of out of our hands
<ivan>
it is worth worrying about, but security bugs are much more common than vendors shipping malware
<ivan>
the user has some responsibility for choosing less-dodgy software as well
<Ericson2314>
yeah it's too hard to be practical for now
supersandro2000 has joined #nixos-dev
<siraben>
What's the criteria for cross targets being tested on hydra?
kalbasit has quit [Remote host closed the connection]
<Ericson2314>
siraben: unclear what it is
<siraben>
Ericson2314: looks like armv7l, darwin and linux x86_linux are tested on hydra
<siraben>
x86_64*
<samueldr>
are they _tested_ or are they incidentally built?
<samueldr>
I know I incidentally build armv7l-linux and aarch64-linux for Mobile NixOS
<samueldr>
so you end up with some of it cached, but that particular use doesn't really _test_ it
<siraben>
I mean built, yeah.
<samueldr>
it all ends up being a property of how Nix works :) a happy little accident [by design]
<samueldr>
speaking of: GAH! new cross-compilation regression :(
<siraben>
If I wanted to test cross-compilation across thousands of packages, is there a practical way to do it?
<siraben>
Or would it have to be a hydra job
<samueldr>
I can't say if there is a way the foundation can help you
<samueldr>
(as in, I don't know)
<samueldr>
though you could, yes, run a hydra instance to run the builds, or use nix-build... though that latter option is not great for tracking what is going on
alp has joined #nixos-dev
<siraben>
samueldr: i see. I currently use cachix + GH actions, so being able to add cross overlays are pretty important
<siraben>
Hm, even busybox failed to build.
<siraben>
Ah, if I do `ag '{ stdenv, fetchurl }:'` in nixpkgs that gives me all the packages that have basically no dependencies
<siraben>
beyond stdenv
alp has quit [Ping timeout: 272 seconds]
bgamari_ has quit [Ping timeout: 268 seconds]
cole-h has quit [Ping timeout: 240 seconds]
saschagrunert has joined #nixos-dev
alp has joined #nixos-dev
teto has joined #nixos-dev
__monty__ has joined #nixos-dev
FRidh has joined #nixos-dev
bgamari has joined #nixos-dev
orivej has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
alp has joined #nixos-dev
chrisaw has quit [Quit: Connection closed for inactivity]
alp has quit [Ping timeout: 246 seconds]
alp has joined #nixos-dev
FRidh has quit [Ping timeout: 260 seconds]
FRidh has joined #nixos-dev
bgamari_ has joined #nixos-dev
bgamari has quit [Ping timeout: 246 seconds]
orivej has quit [Ping timeout: 260 seconds]
* sphalerite
notices conspicuous absence of a nixos rfc steering committee meeting ping from Mic92
<hexa->
very sus
<sphalerite>
niksnut: spacekookie: ping though :D
<Mic92>
sphalerite: good point
orivej has joined #nixos-dev
<niksnut>
sphalerite: +1
<niksnut>
sphalerite: Mic92: sorry, am having sound issues
<Mic92>
niksnut: different browser maybe?
<niksnut>
chromium works even worse
<Mic92>
spacekookie: are you coming?
<Mic92>
niksnut: android?
<Mic92>
That's what I am using.
<niksnut>
maybe go on without me
<Mic92>
niksnut: we are not enough people
<niksnut>
we could try hangouts
__monty__ has quit [Quit: leaving]
<Mic92>
To join the meeting on Google Meet, click this link:
<Ericson2314>
niksnut: are you saying you support making the daemon it's own executable? :)
<Ericson2314>
I made a rfc because i thought it was controversial
<Mic92>
Ericson2314: he said its not controversial
<Ericson2314>
Mic92: i thought before that Eelco was against it, and a smattering of people were for it, so i figured the RFC process was a chance to work that.
<Ericson2314>
I'd feel most confortable closing the RFC if I didn't think the issue would be caught in limbo
<niksnut>
I mean, it's not really different from most feature requests
<niksnut>
it can still end up not being implemented for not being worth it, or not having time to implement it, or some other reason
<Ericson2314>
well to me an RFC is a chance to decide whether something is a good idea independent of who implements it, so if one person does think it's worth it, even if others think it's fine but not something they'd bother persuing themselves, it can still happen
alp has quit [Ping timeout: 260 seconds]
<Profpatsch>
sphalerite: I haven’t shepherded an RFC before, and I’m a bit worried I might not be up to it at the moment :)
<Profpatsch>
remind me, do I have to comment on the technical implementation?
<Profpatsch>
or just do meta-tasks as a shepherd
<Profpatsch>
cause I don’t know if I have the headspace for reviewing this
<eyJhb>
jonringer: Perfect, lets hope they fix it at some point
<FRidh>
that's a good page gchristensen. I started thinking maybe the rfc on having a repo collecting all these kind of things actually isn't such a bad idea. Its understandable to have it documented on this repo, as hydra is part of the configuration, but from a nixpkgs contributors point of view, its not easy to find. Or maybe we actually need to separate infra from CI process
<gchristensen>
thanks, I've been trying to document what I do when I do it
rajivr has quit [Quit: Connection closed for inactivity]
justan0theruser has joined #nixos-dev
justanotheruser has quit [Ping timeout: 244 seconds]
justan0theruser has quit [Ping timeout: 272 seconds]
saschagrunert has quit [Remote host closed the connection]
alp has quit [Ping timeout: 272 seconds]
<infinisil>
Proposal: Add a `builtins.args` for getting arguments passed with --arg/--argstr explicitly
orivej has quit [Ping timeout: 240 seconds]
alp has joined #nixos-dev
orivej has joined #nixos-dev
justanotheruser has joined #nixos-dev
<worldofpeace>
I thought of doing similar for the release documentation, with just a github wiki, but then I wasn't crazy about github wiki's, so then I decided to do https://nixos.github.io/release-wiki/
<endocrimes>
I'm sometimes a bit confused by some nix contributions that go straight to master in nix. Seems a bit worrying that stuff like kernel bumps don't go through PRs ~ever
<samueldr>
there's sometimes not much value to get from going through PRs for mostly automated updates like those