jonringer has quit [Remote host closed the connection]
bennofs has quit [Remote host closed the connection]
bennofs has joined #nixos-dev
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-dev
m15k has joined #nixos-dev
mkaito has quit [Quit: WeeChat 3.0]
srk has quit [Ping timeout: 268 seconds]
srk has joined #nixos-dev
<supersandro2000>
I am currently running the script I hacked together to check for commits in fetchFromGitHub which do not belong to the repository given
<gchristensen>
nice! I hope you don't find anything :')
<supersandro2000>
and there are already multiple matches. I am going to take a look at them later and if there is anything suspicious.
<supersandro2000>
so far it looks like they are only garbage collected commits
<supersandro2000>
or maybe someone force pushed master? I am not sure
rajivr has joined #nixos-dev
<siraben>
supersandro2000: is the script you're running public?
<supersandro2000>
Not yet. I plan to make it public and somehow integrate it into the review process to catch such mistakes or worst case attacks early on.
<supersandro2000>
Btw we could use this to do other cool things with fetch urls. I am not what exactly yet but we probably come up with something.
<supersandro2000>
*not sure what exactly
<siraben>
supersandro2000: i see, how fast is it checking?
<supersandro2000>
siraben: I pre generated the URL list and piped that a bit. That part is probably limited by GitHub rate limiting. I did not check how fast the URL list generation was but it took probably 5 to 10 minutes or so.
<supersandro2000>
It basically evaluated all fetchers and gave back their download urls
cole-h has quit [Ping timeout: 246 seconds]
<siraben>
Profpatsch, infinisil: a Nix language profiling tool would be interesting to have
<supersandro2000>
we have 22 repos which fetch commits not from any branch on that repo
<supersandro2000>
not sure how we go from here. I did not look through every project but most look like there where PRs tracked which got merged or master force pushed. Do we want to upgrade them to the latest version?
<siraben>
supersandro2000: that sounds good
<siraben>
upgrading to latest version
<siraben>
Profpatsch: I see
cole-h has quit [Ping timeout: 244 seconds]
AlwaysLivid has joined #nixos-dev
teto has quit [Ping timeout: 264 seconds]
__monty__ has joined #nixos-dev
teto has joined #nixos-dev
AlwaysLivid has quit [Remote host closed the connection]
<NinjaTrappeur>
Looking at perf, most of the Nix time spends on evaluating things is spent on forcing thunks. I personally think generating a thunk callgraph is the way to go on that front.
<siraben>
So more things need to be evaluated strictly?
<NinjaTrappeur>
<3 gchristensen for having written this flamegraph profiler btw! It's incredibly useful.
<{^_^}>
gchristensen's karma got increased to 418
WilliButz has joined #nixos-dev
<NinjaTrappeur>
Hard to tell without more data, we should check whether these thunk make sense or not and improve nixpkgs with this hypotetical data.
<NinjaTrappeur>
I tried to write this tool in 2019 but ended up burned with it. Building the thunk tree is not as trivial as I thought.
<supersandro2000>
gchristensen: I don't think that is necessary. So far I only found commits which where force pushed in some way or a PR was fetched instead of applying it as a patch
<bennofs>
What happened to `pkgs.apt`? It seems that the package file (pkgs/tools/package-management/apt/default.nix) still exists, but somehow it got removed from all-packages.nix?
<supersandro2000>
the parent commits where almost always in the repo and the changes where nothing to worry about
<supersandro2000>
some repos I could not find any commit that is similar and I marked them with a comment
<supersandro2000>
I am currently doing a PR which fixes all the finding or adds comments. Linking it later.
<siraben>
it might be good to see a "dead file" (like dead code) analysis where we list all files that are unreached by Nix expressions
<supersandro2000>
for that we need to recurse into all plugins first
<supersandro2000>
Would it be feasible to exit when fetchFromGitHub tries to download a commit which does not belong to the repo it was fetched from?
<bennofs>
has anyone thought about ways to includes changelogs with nix expressions? I know there is meta.changelog, but that is only for upstream changelogs, not for changes to the way it is packaged in nixpkgs
<supersandro2000>
Whats wrong about the git history?
<bennofs>
i was thinking about building a tool to show it during nixos-rebuild, but git history might work, that's a good idea actually
<gchristensen>
supersandro2000: please do so anyway
<gchristensen>
it will be good to have a record of it
<supersandro2000>
aren't you a member of the security team?
<gchristensen>
yes :)
<supersandro2000>
you know I am young. young people do not write (e)mails.
<gchristensen>
I am confident you will find a way :)
<supersandro2000>
I wrote you a mail.
<gchristensen>
thank you :D I'll forward it to the rest of the team
<supersandro2000>
I need someone which does such horrible tasks for me
<gchristensen>
I agree, I hate sending and receiving mail
<V>
disagree re: young people not writing e-mails
<V>
I know several people who are I think your age & are e-mail fanatics :p
<gchristensen>
the distaste of email spans generations I think
cole-h has joined #nixos-dev
<V>
really goes to show how long people will put up with subpar tooling
<V>
somehow there are still no good gui mail clients for power users, even after all this time
<bennofs>
at least there are native clients for mail. most of the alternatives don't have that
<V>
yeah but they all suck
<bennofs>
right
<supersandro2000>
V: most of my friend communicate almost solely over short messengers of any kind
<V>
supersandro2000: sure, we have IM clients for more ephemeral stuff
<V>
IRC :p
jonringer has joined #nixos-dev
<supersandro2000>
IRC can't even do multi line messages
<supersandro2000>
or pics
<__monty__>
That's a plus for large communities though.
hexa- has quit [Ping timeout: 240 seconds]
hexa- has joined #nixos-dev
kalbasit has joined #nixos-dev
<siraben>
supersandro2000: oof #110687 did end up breakign some packages after all
<edef>
gchristensen: any specific commits you especially want eyeballs on?
<gchristensen>
uhhh
<gchristensen>
it isn't such a big PR, is it rude to say all of them? :P
<gchristensen>
I guess not #1 and #2
<edef>
fair, i should just pull this out of GitHub so i can sanely browse through
<gchristensen>
ah cool
<edef>
nb i don't think i've looked at any hydra code since … last nixcon
<gchristensen>
yeah
<gchristensen>
I'm afraid to say it but I'm learning some perl
<edef>
perl was one of my first languages, and while i'm not necessarily convinced it's the right language for a lot of use cases these days, i've definitely found myself thankful for Nix having decently pleasant Perl bindings
<gchristensen>
:D
<edef>
i'm simultaneously bisecting a perl build failure to get my system updated :p
<edef>
"reference" is tempting but perhaps a touch generic in C++ code
<edef>
key thing being, it does fully identify a jobset (or the lack of one), but it's a reference, not the referent
<gchristensen>
right
rajivr has quit [Quit: Connection closed for inactivity]
<edef>
just reading the patches without necessarily gathering full context, that's basically all that jumps out to me, the changes themselves don't seem questionable
<gchristensen>
cool
<gchristensen>
to me it feels there isn't much needed context
<gchristensen>
but maybe I'm too steeped in it :)
<edef>
yeah, overall seems like a fairly normal change to form of reference
<gchristensen>
cool, thanks!
<gchristensen>
can somebody check on the sudo update, and if needed update sudo and PR it to master?
<qyliss>
gchristensen: taking a look
<gchristensen>
w00t
<gchristensen>
thank you, qyliss :)
<gchristensen>
I dropped an index on `builds` and am suffering deep regret as I try to recreate it
<gchristensen>
the Y axis is just "what channel" the X axis is unix timestamp
<gchristensen>
(I did say it isn't a very good graph ... )
<artemist>
that's... a decision one could make
<gchristensen>
it would be ideal to not look at it like a graph
<gchristensen>
and more like a convenient hacky way to get a visual timeline
<artemist>
Yeah, that makes sense
<gchristensen>
I dropped some indexes on `builds` (on my local copy of the db) and thought for sure it'd take longer to recreate the indexes than for fedex to deliver the faster drives I'm going to use ... and I'm regretting it significantly less than I thought
kalbasit_ has joined #nixos-dev
mkaito has joined #nixos-dev
mkaito has joined #nixos-dev
__Sander__ has joined #nixos-dev
<qyliss>
the autoconf-2.70 Hydra jobset can be deleted now
jared-w has quit [Ping timeout: 272 seconds]
vdemeester has quit [Ping timeout: 272 seconds]
vdemeester has joined #nixos-dev
jared-w has joined #nixos-dev
kalbasit_ has quit [Quit: WeeChat 2.9]
tilpner has quit [Remote host closed the connection]