worldofpeace changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | NixOS 20.09 Nightingale ✨ https://discourse.nixos.org/t/nixos-20-09-release/9668 | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | https://r13y.com | 20.09 RMs: worldofpeace, jonringer | https://logs.nix.samueldr.com/nixos-dev
teto has quit [Ping timeout: 264 seconds]
kalbasit has quit [Ping timeout: 264 seconds]
kalbasit has joined #nixos-dev
jonringer has quit [Remote host closed the connection]
bennofs has quit [Remote host closed the connection]
bennofs has joined #nixos-dev
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-dev
m15k has joined #nixos-dev
mkaito has quit [Quit: WeeChat 3.0]
srk has quit [Ping timeout: 268 seconds]
srk has joined #nixos-dev
<supersandro2000> I am currently running the script I hacked together to check for commits in fetchFromGitHub which do not belong to the repository given
<gchristensen> nice! I hope you don't find anything :')
<supersandro2000> and there are already multiple matches. I am going to take a look at them later and if there is anything suspicious.
<supersandro2000> so far it looks like they are only garbage collected commits
<supersandro2000> or bugs on githubs side: https://github.com/bronze1man/yaml2json/commit/ee8196e587313e98831c040c26262693d48c1a0c is this PR https://github.com/bronze1man/yaml2json/pull/5 merged but still shown as not being part of the repo
<{^_^}> bronze1man/yaml2json#5 (by chocolateboy, 3 years ago, merged): Add installation instructions + copyedit
<supersandro2000> or maybe someone force pushed master? I am not sure
rajivr has joined #nixos-dev
<siraben> supersandro2000: is the script you're running public?
<supersandro2000> Not yet. I plan to make it public and somehow integrate it into the review process to catch such mistakes or worst case attacks early on.
<supersandro2000> Btw we could use this to do other cool things with fetch urls. I am not what exactly yet but we probably come up with something.
<supersandro2000> *not sure what exactly
<siraben> supersandro2000: i see, how fast is it checking?
<supersandro2000> siraben: I pre generated the URL list and piped that a bit. That part is probably limited by GitHub rate limiting. I did not check how fast the URL list generation was but it took probably 5 to 10 minutes or so.
<supersandro2000> It basically evaluated all fetchers and gave back their download urls
cole-h has quit [Ping timeout: 246 seconds]
<siraben> Profpatsch, infinisil: a Nix language profiling tool would be interesting to have
<gchristensen> --trace-function-calls
<gchristensen> though it is a bit limited :)
m15k has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-dev
jonringer has joined #nixos-dev
krkini is now known as kini
Gaelan has quit [Quit: ZNC 1.8.1 - https://znc.in]
Gaelan has joined #nixos-dev
kalbasit_ has joined #nixos-dev
mmlb7 has joined #nixos-dev
mmlb has quit [Ping timeout: 264 seconds]
mmlb7 is now known as mmlb
mikroskeem has joined #nixos-dev
<Profpatsch> siraben: nix can output some stats, e.g. to sort by the functions that were called the most often:
<Profpatsch> env NIX_COUNT_CALLS=1 NIX_SHOW_STATS=1 nix-instantiate --quiet -Q -A hello ~/nixpkgs 2>&1 | tail -n+3| jq -C '.functions' | less -R
<Profpatsch> Which is a good hint where the low-hanging fruit is
cole-h has joined #nixos-dev
saschagrunert has joined #nixos-dev
kalbasit_ has quit [Ping timeout: 265 seconds]
orivej has quit [Ping timeout: 260 seconds]
jonringer has quit [Ping timeout: 264 seconds]
teto has joined #nixos-dev
<supersandro2000> we have 22 repos which fetch commits not from any branch on that repo
<supersandro2000> not sure how we go from here. I did not look through every project but most look like there where PRs tracked which got merged or master force pushed. Do we want to upgrade them to the latest version?
<siraben> supersandro2000: that sounds good
<siraben> upgrading to latest version
<siraben> Profpatsch: I see
cole-h has quit [Ping timeout: 244 seconds]
AlwaysLivid has joined #nixos-dev
teto has quit [Ping timeout: 264 seconds]
__monty__ has joined #nixos-dev
teto has joined #nixos-dev
AlwaysLivid has quit [Remote host closed the connection]
supersandro2000 has quit [Quit: The Lounge - https://thelounge.chat]
supersandro2000 has joined #nixos-dev
evils has quit [Ping timeout: 265 seconds]
hexa- has quit [Ping timeout: 265 seconds]
hexa- has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 258 seconds]
orivej has joined #nixos-dev
evils has joined #nixos-dev
kalbasit has quit [Ping timeout: 264 seconds]
Jackneilll has quit [Ping timeout: 256 seconds]
Ox4A6F has quit [Quit: Bridge terminating on SIGTERM]
domenkozar[m] has quit [Quit: Bridge terminating on SIGTERM]
maralorn has quit [Quit: Bridge terminating on SIGTERM]
Valodim[m] has quit [Quit: Bridge terminating on SIGTERM]
Ericson2314 has quit [Quit: Bridge terminating on SIGTERM]
ryantm has quit [Quit: Bridge terminating on SIGTERM]
kraem has quit [Quit: Bridge terminating on SIGTERM]
jtojnar has quit [Quit: Bridge terminating on SIGTERM]
timokau[m] has quit [Quit: Bridge terminating on SIGTERM]
symphorien[m] has quit [Quit: Bridge terminating on SIGTERM]
jonge[m] has quit [Quit: Bridge terminating on SIGTERM]
Dandellion has quit [Quit: Bridge terminating on SIGTERM]
Irenes[m] has quit [Quit: Bridge terminating on SIGTERM]
JJJollyjim has quit [Quit: Bridge terminating on SIGTERM]
emily has quit [Quit: Bridge terminating on SIGTERM]
siraben has quit [Quit: Bridge terminating on SIGTERM]
dtz has quit [Quit: Bridge terminating on SIGTERM]
danielrf[m] has quit [Quit: Bridge terminating on SIGTERM]
immae has quit [Quit: Bridge terminating on SIGTERM]
ma27[m] has quit [Quit: Bridge terminating on SIGTERM]
roberth has quit [Quit: Bridge terminating on SIGTERM]
worldofpeace has quit [Quit: Bridge terminating on SIGTERM]
colemickens has quit [Quit: Bridge terminating on SIGTERM]
alexarice[m] has quit [Quit: Bridge terminating on SIGTERM]
thefloweringash has quit [Quit: Bridge terminating on SIGTERM]
garbas[m] has quit [Quit: Bridge terminating on SIGTERM]
aanderse has quit [Quit: Bridge terminating on SIGTERM]
DamienCassou has quit [Quit: Bridge terminating on SIGTERM]
michaelpj has quit [Quit: Bridge terminating on SIGTERM]
rnhmjoj has quit [Quit: Bridge terminating on SIGTERM]
chvp has quit [Quit: Bridge terminating on SIGTERM]
codyopel has quit [Quit: Bridge terminating on SIGTERM]
mjlbach has quit [Quit: Bridge terminating on SIGTERM]
released has quit [Quit: Bridge terminating on SIGTERM]
regnat has quit [Quit: Bridge terminating on SIGTERM]
rycee has quit [Quit: Bridge terminating on SIGTERM]
nh2[m] has quit [Quit: Bridge terminating on SIGTERM]
bbigras has quit [Quit: Bridge terminating on SIGTERM]
regnat[m] has quit [Quit: Bridge terminating on SIGTERM]
philipp[m] has quit [Quit: Bridge terminating on SIGTERM]
zowoq[m] has quit [Quit: Bridge terminating on SIGTERM]
puzzlewolf has quit [Quit: Bridge terminating on SIGTERM]
lopsided98 has quit [Ping timeout: 260 seconds]
Jackneilll has joined #nixos-dev
lopsided98 has joined #nixos-dev
dtz has joined #nixos-dev
saschagrunert has quit [Remote host closed the connection]
saschagrunert has joined #nixos-dev
<sterni> supersandro2000: maybe contact the maintainers / the people who introduced the changes?
<sterni> email 22 people shouldn't be too bad
siraben has joined #nixos-dev
mjlbach has joined #nixos-dev
Ericson2314 has joined #nixos-dev
colemickens has joined #nixos-dev
timokau[m] has joined #nixos-dev
ryantm has joined #nixos-dev
DamienCassou has joined #nixos-dev
symphorien[m] has joined #nixos-dev
jonge[m] has joined #nixos-dev
bbigras has joined #nixos-dev
Ox4A6F has joined #nixos-dev
emily has joined #nixos-dev
puzzlewolf has joined #nixos-dev
chvp has joined #nixos-dev
immae has joined #nixos-dev
regnat[m] has joined #nixos-dev
garbas[m] has joined #nixos-dev
domenkozar[m] has joined #nixos-dev
danielrf[m] has joined #nixos-dev
Dandellion has joined #nixos-dev
Irenes[m] has joined #nixos-dev
nh2[m] has joined #nixos-dev
jtojnar has joined #nixos-dev
ma27[m] has joined #nixos-dev
roberth has joined #nixos-dev
Valodim[m] has joined #nixos-dev
JJJollyjim has joined #nixos-dev
maralorn has joined #nixos-dev
michaelpj has joined #nixos-dev
thefloweringash has joined #nixos-dev
worldofpeace has joined #nixos-dev
kraem has joined #nixos-dev
philipp[m]1 has joined #nixos-dev
aanderse has joined #nixos-dev
rnhmjoj has joined #nixos-dev
alexarice[m] has joined #nixos-dev
zowoq[m] has joined #nixos-dev
regnat has joined #nixos-dev
<manveru> so... are there any plans to make more packages in nixpkgs `nix run`able?
<manveru> i think ideally we could generate `apps` from yet another attr in meta and run a survey of drvs where /bin/${name} doesn't exist
janneke has quit [Quit: janneke quits Mes'sing]
janneke has joined #nixos-dev
lopsided98 has quit [Ping timeout: 260 seconds]
lopsided98 has joined #nixos-dev
<supersandro2000> sterni: I am not going to write 22 people a mail. I'd rather just mark them as insecure or broken or update them.
<supersandro2000> also the vgo2nix comes from my overlay
<siraben> I think updating them is the best option
WilliButz has quit [Ping timeout: 240 seconds]
<gchristensen> supersandro2000: can you mail the security team with your findings? https://nixos.org/teams/security.html
<NinjaTrappeur> siraben: 100% agree. You also have a time-based function flamegraph tool: https://github.com/NixOS/nix/commit/ee9c988a1b2e3c511b8613e698a0f9632ab1538f
<NinjaTrappeur> Looking at perf, most of the Nix time spends on evaluating things is spent on forcing thunks. I personally think generating a thunk callgraph is the way to go on that front.
<siraben> So more things need to be evaluated strictly?
<NinjaTrappeur> <3 gchristensen for having written this flamegraph profiler btw! It's incredibly useful.
<{^_^}> gchristensen's karma got increased to 418
WilliButz has joined #nixos-dev
<NinjaTrappeur> Hard to tell without more data, we should check whether these thunk make sense or not and improve nixpkgs with this hypotetical data.
<NinjaTrappeur> I tried to write this tool in 2019 but ended up burned with it. Building the thunk tree is not as trivial as I thought.
<supersandro2000> gchristensen: I don't think that is necessary. So far I only found commits which where force pushed in some way or a PR was fetched instead of applying it as a patch
<bennofs> What happened to `pkgs.apt`? It seems that the package file (pkgs/tools/package-management/apt/default.nix) still exists, but somehow it got removed from all-packages.nix?
<supersandro2000> the parent commits where almost always in the repo and the changes where nothing to worry about
<supersandro2000> some repos I could not find any commit that is similar and I marked them with a comment
<supersandro2000> I am currently doing a PR which fixes all the finding or adds comments. Linking it later.
<siraben> it might be good to see a "dead file" (like dead code) analysis where we list all files that are unreached by Nix expressions
<supersandro2000> for that we need to recurse into all plugins first
<supersandro2000> Would it be feasible to exit when fetchFromGitHub tries to download a commit which does not belong to the repo it was fetched from?
<bennofs> has anyone thought about ways to includes changelogs with nix expressions? I know there is meta.changelog, but that is only for upstream changelogs, not for changes to the way it is packaged in nixpkgs
<supersandro2000> Whats wrong about the git history?
<bennofs> i was thinking about building a tool to show it during nixos-rebuild, but git history might work, that's a good idea actually
<gchristensen> supersandro2000: please do so anyway
<gchristensen> it will be good to have a record of it
<supersandro2000> aren't you a member of the security team?
<gchristensen> yes :)
<supersandro2000> you know I am young. young people do not write (e)mails.
<gchristensen> I am confident you will find a way :)
<supersandro2000> I wrote you a mail.
<gchristensen> thank you :D I'll forward it to the rest of the team
<supersandro2000> I need someone which does such horrible tasks for me
<gchristensen> I agree, I hate sending and receiving mail
<V> disagree re: young people not writing e-mails
<V> I know several people who are I think your age & are e-mail fanatics :p
<gchristensen> the distaste of email spans generations I think
cole-h has joined #nixos-dev
<V> really goes to show how long people will put up with subpar tooling
<V> somehow there are still no good gui mail clients for power users, even after all this time
<bennofs> at least there are native clients for mail. most of the alternatives don't have that
<V> yeah but they all suck
<bennofs> right
<supersandro2000> V: most of my friend communicate almost solely over short messengers of any kind
<V> supersandro2000: sure, we have IM clients for more ephemeral stuff
<V> IRC :p
jonringer has joined #nixos-dev
<supersandro2000> IRC can't even do multi line messages
<supersandro2000> or pics
<__monty__> That's a plus for large communities though.
hexa- has quit [Ping timeout: 240 seconds]
hexa- has joined #nixos-dev
kalbasit has joined #nixos-dev
<siraben> supersandro2000: oof #110687 did end up breakign some packages after all
<{^_^}> https://github.com/NixOS/nixpkgs/pull/110687 (by prusnak, 2 days ago, merged): treewide: remove stdenv where not needed
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 265 seconds]
<rnhmjoj> <supersandro2000 "I need someone which does such h"> looks like you need a good email client...
<cole-h> If one ever exists
<supersandro2000> siraben: yeah, like I said
<supersandro2000> rnhmjoj: email client does not matter if you don't want to write it
<rnhmjoj> and that's probably the reason why
<rnhmjoj> i used to think the same until i spent some time working on an email setup i liked
<gchristensen> it turns out my brain just doesn't work well with email
saschagrunert has quit [Remote host closed the connection]
evils has quit [Remote host closed the connection]
evils has joined #nixos-dev
das_j has quit [Quit: killed]
Scriptkiddi has quit [Quit: killed]
ajs124 has quit [Quit: killed]
Scriptkiddi has joined #nixos-dev
ajs124 has joined #nixos-dev
das_j has joined #nixos-dev
spacekookie_ is now known as spacekookie
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixos-dev
<gchristensen> any C++ &&/|| Perl folks mind taking a look-see? https://github.com/NixOS/hydra/pull/850
<{^_^}> hydra#850 (by grahamc, 1 minute ago, open): Jobset -> JobsetEvals by JobsetEvals.jobset_id
<edef> :eyes:
<edef> gchristensen: any specific commits you especially want eyeballs on?
<gchristensen> uhhh
<gchristensen> it isn't such a big PR, is it rude to say all of them? :P
<gchristensen> I guess not #1 and #2
<edef> fair, i should just pull this out of GitHub so i can sanely browse through
<gchristensen> ah cool
<edef> nb i don't think i've looked at any hydra code since … last nixcon
<gchristensen> yeah
<gchristensen> I'm afraid to say it but I'm learning some perl
<edef> perl was one of my first languages, and while i'm not necessarily convinced it's the right language for a lot of use cases these days, i've definitely found myself thankful for Nix having decently pleasant Perl bindings
<gchristensen> :D
<edef> i'm simultaneously bisecting a perl build failure to get my system updated :p
<gchristensen> joy :)
<edef> gchristensen: "partial identity" → "symbolic identity", maybe?
<gchristensen> sounds pretty good
<edef> "reference" is tempting but perhaps a touch generic in C++ code
<edef> key thing being, it does fully identify a jobset (or the lack of one), but it's a reference, not the referent
<gchristensen> right
rajivr has quit [Quit: Connection closed for inactivity]
<edef> just reading the patches without necessarily gathering full context, that's basically all that jumps out to me, the changes themselves don't seem questionable
<gchristensen> cool
<gchristensen> to me it feels there isn't much needed context
<gchristensen> but maybe I'm too steeped in it :)
<edef> yeah, overall seems like a fairly normal change to form of reference
<gchristensen> cool, thanks!
<gchristensen> can somebody check on the sudo update, and if needed update sudo and PR it to master?
<qyliss> gchristensen: taking a look
<gchristensen> w00t
<gchristensen> thank you, qyliss :)
<gchristensen> I dropped an index on `builds` and am suffering deep regret as I try to recreate it
<qyliss> damn this is quite the bug
<gchristensen> yeah it really is
<V> whew
artemist has joined #nixos-dev
<qyliss> artemist++ for opening the PR so quickly
<{^_^}> artemist's karma got increased to 0o1
<artemist> mow
<artemist> I'm running nixpkgs-review right now
<artemist> For some reason the test didn't generate a log.html but it didn't error out and all the output in my terminal looked good
<artemist> oh wait, of course, I forgot that nixpkgs-review will fail things because there's no suid rapper
<artemist> *wrapper
<qyliss> yeah
<qyliss> I think if it builds and the test passes we're good
<gchristensen> (I'm sure you've got it, but just want to mention backporting to 20.09 as well)
<qyliss> ofc
<qyliss> builds fine here
<artemist> tbh I keep forgetting there's things that aren't unstable
<artemist> I should probably get back to work, if anyone wants to cherry-pick then be my guest
<gchristensen> thanks artemist
<qyliss> merged
<qyliss> oh, I should have put the CVE in the commit description
<gchristensen> I'm queueing an evaluation on hydra
<qyliss> too late now
<qyliss> I'll put it in for the backport
<V> >For example, even account ‘nobody’ can exploit the issue.
<artemist> ooops, I kind of forgot that putting in CVEs was a thing
<qyliss> I should have remembered too
<artemist> Don't worry, i'll forget next time too
<qyliss> running the test for the backport
tdeo has quit [Read error: Connection reset by peer]
tdeo has joined #nixos-dev
<qyliss> test passed
<qyliss> gchristensen: want to eval 20.09 too?
<gchristensen> thanks, on it
<gchristensen> it would be nice if there was a button of "ignore the rest of the rules, do nothing but this evaluation until it is done."
<artemist> How often do unstable and unstable-small update?
<gchristensen> here is a not very good graph https://channels.nix.gsc.io/graph.html
<artemist> What's the scale in? hours?
<gchristensen> the Y axis is just "what channel" the X axis is unix timestamp
<gchristensen> (I did say it isn't a very good graph ... )
<artemist> that's... a decision one could make
<gchristensen> it would be ideal to not look at it like a graph
<gchristensen> and more like a convenient hacky way to get a visual timeline
<artemist> Yeah, that makes sense
<gchristensen> I dropped some indexes on `builds` (on my local copy of the db) and thought for sure it'd take longer to recreate the indexes than for fedex to deliver the faster drives I'm going to use ... and I'm regretting it significantly less than I thought
kalbasit_ has joined #nixos-dev
mkaito has joined #nixos-dev
mkaito has joined #nixos-dev
__Sander__ has joined #nixos-dev
<qyliss> the autoconf-2.70 Hydra jobset can be deleted now
jared-w has quit [Ping timeout: 272 seconds]
vdemeester has quit [Ping timeout: 272 seconds]
vdemeester has joined #nixos-dev
jared-w has joined #nixos-dev
kalbasit_ has quit [Quit: WeeChat 2.9]
tilpner has quit [Remote host closed the connection]
tilpner has joined #nixos-dev
pmy has quit [Ping timeout: 272 seconds]
pmy has joined #nixos-dev
kalbasit_ has joined #nixos-dev
<cole-h> btw gchristensen: filed an issue on Hydra about an "emergency" queue, just to get the idea out there: https://github.com/NixOS/hydra/issues/851
<{^_^}> hydra#851 (by cole-h, 7 seconds ago, open): "Emergency" queue to force all resources on a specific evaluation(s)
<gchristensen> neat!
<gchristensen> thanks!
mmlb has quit [Ping timeout: 256 seconds]
__Sander__ has quit [Read error: Connection reset by peer]
ivan has quit [Quit: lp0 on fire]
harrow has quit [Quit: Leaving]
harrow has joined #nixos-dev
kalbasit_ has quit [Ping timeout: 265 seconds]
justanotheruser has quit [Ping timeout: 260 seconds]
ivan has joined #nixos-dev
__monty__ has quit [Quit: leaving]
mikroskeem has quit [Quit: WeeChat 3.0]