worldofpeace changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | NixOS 20.09 Nightingale ✨ https://discourse.nixos.org/t/nixos-20-09-release/9668 | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | https://r13y.com | 20.09 RMs: worldofpeace, jonringer | https://logs.nix.samueldr.com/nixos-dev
bennofs_ has joined #nixos-dev
bennofs__ has quit [Ping timeout: 256 seconds]
Cale has quit [Ping timeout: 256 seconds]
<ris> yeah i was just hoping to use them to do the whole "what is the latest stable release?" query
Cale has joined #nixos-dev
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
danderson has joined #nixos-dev
rajivr has joined #nixos-dev
cole-h has quit [Ping timeout: 272 seconds]
jonringer has quit [Remote host closed the connection]
mkaito has quit [Quit: WeeChat 3.0]
hexa- has quit [Quit: WeeChat 2.9]
hexa- has joined #nixos-dev
justanotheruser has joined #nixos-dev
<gchristensen> ofborg's log viewer is working again... sorry for it being broken, I had no idea. thanks to hexa- for pointing it out last night. https://logs.nix.ci/?attempt_id=61fa0dba-f374-4f99-bdd9-04bf1d136317&key=nixos%2Fnixpkgs.112606
<abathur> I just assumed I was holding it wrong
<gchristensen> ;_;
<abathur> in my defense, software is a never-ending https://en.wikipedia.org/wiki/syntax_quest
<gchristensen> hehe
<abathur> especially when gh code search isn't working...
<hexa-> abathur: so did I!
zimbatm has quit [Ping timeout: 246 seconds]
<abathur> like alexa, but for "am I holding X wrong?"
LnL has quit [Ping timeout: 272 seconds]
LnL has joined #nixos-dev
LnL has quit [Changing host]
LnL has joined #nixos-dev
vdemeester has quit [Read error: Connection reset by peer]
sorear has quit [Read error: Connection reset by peer]
s1341 has quit [Read error: Connection reset by peer]
vdemeester has joined #nixos-dev
s1341_ has joined #nixos-dev
sorear has joined #nixos-dev
janneke has quit [Ping timeout: 258 seconds]
mkaito has joined #nixos-dev
janneke has joined #nixos-dev
mkaito has quit [Quit: WeeChat 3.0]
s1341_ has quit [*.net *.split]
hexa- has quit [*.net *.split]
Taneb has quit [*.net *.split]
das_j has quit [*.net *.split]
NinjaTrappeur has quit [*.net *.split]
bgamari has quit [*.net *.split]
tokudan has quit [*.net *.split]
energizer has quit [*.net *.split]
Taneb has joined #nixos-dev
hexa- has joined #nixos-dev
s1341_ has joined #nixos-dev
das_j has joined #nixos-dev
energizer has joined #nixos-dev
tokudan has joined #nixos-dev
bgamari has joined #nixos-dev
NinjaTrappeur has joined #nixos-dev
hexa- has quit [Max SendQ exceeded]
hexa- has joined #nixos-dev
jtojnar has quit [Ping timeout: 246 seconds]
Ericson2314 has quit [Ping timeout: 246 seconds]
michaelpj has quit [Ping timeout: 246 seconds]
Irenes[m] has quit [Ping timeout: 260 seconds]
bbigras has quit [Ping timeout: 260 seconds]
puzzlewolf has quit [Ping timeout: 260 seconds]
domenkozar[m] has quit [Ping timeout: 260 seconds]
ma27[m] has quit [Ping timeout: 246 seconds]
garbas[m] has quit [Ping timeout: 240 seconds]
kalbasit[m] has quit [Ping timeout: 240 seconds]
worldofpeace has quit [Ping timeout: 260 seconds]
rnhmjoj has quit [Ping timeout: 260 seconds]
roberth has quit [Ping timeout: 260 seconds]
thefloweringash has quit [Ping timeout: 244 seconds]
kraem[m] has quit [Ping timeout: 265 seconds]
symphorien[m] has quit [Ping timeout: 246 seconds]
mjlbach has quit [Ping timeout: 240 seconds]
ryantm has quit [Ping timeout: 240 seconds]
ili has quit [Ping timeout: 240 seconds]
timokau[m] has quit [Ping timeout: 260 seconds]
Valodim[m] has quit [Ping timeout: 260 seconds]
danielrf[m] has quit [Ping timeout: 260 seconds]
maralorn has quit [Ping timeout: 260 seconds]
jonge[m] has quit [Ping timeout: 260 seconds]
colemickens has quit [Ping timeout: 260 seconds]
zuh0 has quit [Ping timeout: 260 seconds]
dtz has quit [Ping timeout: 265 seconds]
regnat has quit [Ping timeout: 246 seconds]
chvp has quit [Ping timeout: 246 seconds]
aanderse has quit [Ping timeout: 240 seconds]
immae has quit [Ping timeout: 240 seconds]
philipp[m]1 has quit [Ping timeout: 268 seconds]
siraben has quit [Ping timeout: 268 seconds]
DamienCassou has quit [Ping timeout: 268 seconds]
Dandellion has quit [Ping timeout: 268 seconds]
emily has quit [Ping timeout: 268 seconds]
Ox4A6F has quit [Ping timeout: 268 seconds]
nh2[m] has quit [Ping timeout: 240 seconds]
alexarice[m] has quit [Ping timeout: 240 seconds]
regnat[m] has quit [Ping timeout: 268 seconds]
bbigras has joined #nixos-dev
worldofpeace has joined #nixos-dev
maralorn has joined #nixos-dev
Irenes[m] has joined #nixos-dev
puzzlewolf has joined #nixos-dev
danielrf[m] has joined #nixos-dev
Valodim[m] has joined #nixos-dev
colemickens has joined #nixos-dev
timokau[m] has joined #nixos-dev
rnhmjoj has joined #nixos-dev
domenkozar[m] has joined #nixos-dev
jonge[m] has joined #nixos-dev
roberth has joined #nixos-dev
michaelpj has joined #nixos-dev
garbas[m] has joined #nixos-dev
kraem[m] has joined #nixos-dev
thefloweringash has joined #nixos-dev
kalbasit[m] has joined #nixos-dev
jtojnar has joined #nixos-dev
ili has joined #nixos-dev
symphorien[m] has joined #nixos-dev
ma27[m] has joined #nixos-dev
mjlbach has joined #nixos-dev
DamienCassou has joined #nixos-dev
ryantm has joined #nixos-dev
Dandellion has joined #nixos-dev
siraben has joined #nixos-dev
zuh0 has joined #nixos-dev
dtz has joined #nixos-dev
aanderse has joined #nixos-dev
immae has joined #nixos-dev
emily has joined #nixos-dev
philipp[m]1 has joined #nixos-dev
Ox4A6F has joined #nixos-dev
regnat has joined #nixos-dev
chvp has joined #nixos-dev
nh2[m] has joined #nixos-dev
alexarice[m] has joined #nixos-dev
regnat[m] has joined #nixos-dev
orivej has joined #nixos-dev
bgamari has quit [Ping timeout: 258 seconds]
bgamari has joined #nixos-dev
orivej has quit [Ping timeout: 272 seconds]
danderson has quit [Remote host closed the connection]
danderson has joined #nixos-dev
cole-h has joined #nixos-dev
<V> abathur: same
<V> I assumed something about my browser setup broke it
saschagrunert has joined #nixos-dev
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 272 seconds]
cole-h has quit [Ping timeout: 256 seconds]
__monty__ has joined #nixos-dev
simonpe^^ has joined #nixos-dev
<simonpe^^> Hey! I wrote a recursive version of the `enableDebugging` function for work that I think would be useful upstream, I'm not a maintainer so I'm not sure what's the right forum to discuss it
<simonpe^^> I also have an issue with the upstream enableDebugging function that it doesn't set the `-ffile-prefix-map` flag to tell gdb where to find the source files
<simonpe^^> I've overridden it for our project to do that but I don't know if there is a reason it's not there or if it's just something whoever wrote that missed
<siraben> (probably best to curl the ix.io link because of terminal colors)
<gchristensen> also did you happen to catch the test error?
<siraben> gchristensen: yeah I saw it, will resolve
<siraben> pushed
orivej has joined #nixos-dev
Jackneill has quit [Ping timeout: 240 seconds]
Jackneill has joined #nixos-dev
AlwaysLivid has joined #nixos-dev
AlwaysLivid has quit [Remote host closed the connection]
AlwaysLivid has joined #nixos-dev
AlwaysLivid has quit [Ping timeout: 268 seconds]
NinjaTrappeur has quit [Quit: WeeChat 3.0]
NinjaTrappeur has joined #nixos-dev
mkaito has joined #nixos-dev
mkaito has joined #nixos-dev
mkaito has quit [Changing host]
mkaito has quit [Client Quit]
mkaito has joined #nixos-dev
mkaito has joined #nixos-dev
mkaito has quit [Changing host]
jonringer has joined #nixos-dev
lassulus has quit [Quit: WeeChat 2.9]
lassulus has joined #nixos-dev
<gchristensen> I wonder if we should make switch-to-configuration reject unsafe transitions
<gchristensen> example: upgrading the ZFS userland tools to 2.0.x while the kernel module stayed at 0.8.x caused my backups to stop working
<eyJhb> gchristensen: Isn't the range of unsafe transitions too big to manage?
<gchristensen> maybe yeah
<Taneb> I see no problem with rejecting some known unsafe transitions
<eyJhb> No it would be nice, but it seems hard to manage it. E.g. even the stateVersion sometimes have issues :) But maybe the major ones
<siraben> What can Nix and Nixpkgs do to help defend against this kind of attack? https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
<siraben> The issue seems to be precisely as what Eelco outlined in the thesis, that is the problem of nominal dependencies (e.g. a dependency is "hello" but which version under which compiler is unspecified)
<gchristensen> good question, siraben
<gchristensen> one element of security is knowing what you have, which Nix does better than anything. this makes it easy to detect or audit for existing problems. prevention can be harder
<siraben> Someone in the HN comments brought up the problem of how lax we accept packages in Nixpkgs
<eyJhb> We are not that prone to that in the same way, only on "updates" and I am unsure if that would even fault us.
<siraben> but it seems to be that being able to query the entire build time dependencies makes a complete audit possible
<siraben> s/be/me/
<gchristensen> not sure what lax has to do with it
<gchristensen> sounds like FUD without specifics
saschagrunert has quit [Remote host closed the connection]
<eyJhb> But, we can't really do anything, can we? As, the only time when this could actually happen for Nix, is during a update
<gchristensen> right, whatever is in the expr is whatever it is
<eyJhb> As all current packages, that is packaged in Nix, will use the derivaton given for them, and would not all of the suddenly ping npm, etc. for "is this here"
<gchristensen> so for a name confusion attack it'd have to be changing the source URL to a different repository, or the initial packaging is bad
<eyJhb> ^ yeah
<eyJhb> That is also my initial thought
<eyJhb> So we are vulnerable to it in the same way, that if you misspell a package name etc.
<gchristensen> *or* the npm / whatever lockfile generation is compromisid in exactly the way they suggested
<eyJhb> But is there anything to do about that? ie. "Are you sure you want this depedency?" *repeat for every depedency*
<gchristensen> that is pretty much what you do
<gchristensen> and is pretty much what paranoid enterprises do
<gchristensen> this is one place Nix can find a foothold in paranoid enterprises
disasm has quit [Quit: WeeChat 2.0]
disasm has joined #nixos-dev
<supersandro2000> vim update and nodePackages should ideally be generated by some trusted system or member
<supersandro2000> tbh anyone could stick anything in there and probably no one would notice it but it would also be removed on the next generation
<gchristensen> a trusted system running it regularly would be good
<supersandro2000> even a github ci runner would be more trustworthy than someone random from the internet
<eyJhb> WHAT! Am I not trusted? \s yeah we should do that
pmy_ has quit [Quit: WeeChat 3.0]
pmy has joined #nixos-dev
pmy has quit [Read error: Connection reset by peer]
pmy has joined #nixos-dev
<supersandro2000> also it takes forever to generate nodePackages
<gchristensen> that could be and should be fixed tbh
pmy has quit [Read error: Connection reset by peer]
pmy has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
<nh2[m]> <dhess "gchristensen: is it possible to "> @dhess: The yubikey has its own setting for exactly that
<gchristensen> what's this?
orivej has joined #nixos-dev
rajivr has quit [Quit: Connection closed for inactivity]
<andi-> Are the generated files at least reproducible?
<gchristensen> it takes ~forever to generate, making it use a local cache of hashes would probably make it reasonably fast to check thaht sort of thing
<siraben> Hmm I wonder what I can do with spare computing time overnight.
<siraben> I once ran an automated git bisect on darwin before going to sleep
<siraben> It'd be good to test cross-compilation for various packages or targets, perhaps.
<gchristensen> you have a mac?
<siraben> Yes.
<gchristensen> could get you running an ofborg node :)
<siraben> 13 inch MacBook Pro 2013, 2.6 GHz
<siraben> hehe, would it be heavy in terms of space? I would only run it when I'm not using my computer if that's ok.
<siraben> How many darwin builders are there on ofborg?
<gchristensen> so actually part of the original design goals of ofborg was having it run on regular people's computers
<gchristensen> there are some caveats: it would run PR's builds, and PRs with fixed output derivations get access to your computer's internal network, so if that is weird for you, then you probably don't want to do it. (this is sort of what killed the original design)
cole-h has joined #nixos-dev
<siraben> gchristensen: what about filesystem access?
<siraben> my local network? so theoretically someone could scan my router? heh
<gchristensen> it'd be as safe as a Nix build can be, w.r.t. filesystem access
<gchristensen> it is a pure build, so it can't evaluate files outside of the nixpkgs checkout
<siraben> ah i see
<siraben> Yeah I have a decent internet connection ~300 Mbps as well
<siraben> down*
<gchristensen> I've gotten word that we have a mac mini ordered for ofborg, so we'll have at least some stable base load capacity
<siraben> What's the current capacity?
<gchristensen> 0
<siraben> lol
<siraben> I'd be happy to try running an ofborg node. I'll check back in ~8 hours
<qyliss> siraben: why does the stdenv.lib warning direct people to use pkgs.lib?
<qyliss> I think that'll result in people literally writing pkgs.lib where they don't need to
<cole-h> I think the intention was in people's external nix expressions where they're using `let pkgs = import <nixpkgs> {}; in`
<cole-h> s/in/for/
<qyliss> wouldn't they have written pkgs.stdenv.lib before though?
<qyliss> so telling them to replace stdenv.lib with lib should still be clear?
simonpe^^ has quit [Remote host closed the connection]
<cole-h> Fair.
<cole-h> If you send a PR, I'll r+ it :P
<qyliss> won't be able to until tomorrow, in case somebody wants to beat me to it
abathur has quit [Quit: abathur]
fuzzypixelz has joined #nixos-dev
<fuzzypixelz> can anyone please explain to me what `outputLib` does exactly?
<jtojnar> fuzzypixelz: it contains the name of the output where library goes
<jtojnar> i.e. lib if it is in outputs, out otherwise
<jtojnar> and ${!foo} is indirect variable access (getting the value of variable named as the contents of $foo)
<fuzzypixelz> jtojnar: but where does the path come from?
<fuzzypixelz> oh I see now
<fuzzypixelz> it's another dead end haha
<jtojnar> what do you want to do?
<{^_^}> #76615 (by JonathanReeve, 1 year ago, open): Can't install a new KDE theme
<fuzzypixelz> Looking at the last comment
<fuzzypixelz> basically the path to the program that handles kns:// requests is wrong, according to ebaday
<fuzzypixelz> I tried tracking down kde src code
<fuzzypixelz> then I was told that path comes from extra-cmake-modules
<fuzzypixelz> but I just can't find where in extra-cmake-modules nix source is the flag set
__monty__ has quit [Quit: leaving]
<jtojnar> fuzzypixelz: looking at the source code you sent, `KPACKAGE_DEP_RESOLVERS_PATH=${plasma5Packages.frameworkintegration}/libexec/kf5/kpackagehandlers` might side step it
<worldofpeace> Jan Tojnar: got a response from geoclue for a API key https://github.com/NixOS/nixpkgs/issues/110031#issuecomment-777078988
<worldofpeace> I guess our users will be represented in their metrics now when we update, and no rate limiting as they want to transition people to their own keys
<fuzzypixelz> jtojnar: I see. Couldn't we hunt down the issue though?
<jtojnar> fuzzypixelz: I would expect extra-cmake-modules is included by kpackage and it takes the value from the setup hook you sent
<jtojnar> so really the issue is that KDE code expects there is a single libexecdir
<jtojnar> but with Nix that is not true
<jtojnar> so we either need to override the variable in kpackage, or use the environment variable
<fuzzypixelz> *facepalm* of course there isn't a single libexec
<fuzzypixelz> jtojnar: by env variable you mean the one used by cmake?
<jtojnar> fuzzypixelz: looking at the source code you sent, `KPACKAGE_DEP_RESOLVERS_PATH=${plasma5Packages.frameworkintegration}/libexec/kf5/kpackagehandlers` might side step it
<fuzzypixelz> jtojnar: oh I see! But I'm not sure how we can set an env var at runtime ...
<fuzzypixelz> where would it be incorporated?
<jtojnar> fuzzypixelz: on NixOS, I would go with `environment.variables` option in the plasma module
<jtojnar> supersandro2000: where do you see zero width character? and which one?
teto has joined #nixos-dev
<fuzzypixelz> I'm asking because I didn't find it (:
jonringer has quit [Remote host closed the connection]
<fuzzypixelz> jtojnar: could we add it to the activationScript instead? https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/x11/desktop-managers/plasma5.nix#L55
<jtojnar> fuzzypixelz: yup, that is the one
<fuzzypixelz> jtojnar: just checking, there is environement.variables options right?
orivej has quit [Ping timeout: 256 seconds]
fuzzypixelz has quit [Ping timeout: 246 seconds]
<supersandro2000> jtojnar: no idea which one but your lists break if they have that character after the - or *
<samueldr> a non-breaking space will break `- [ ] ` and `* [ ]` in github, I know with my layout it's easy to accidentally alt+gr a non-breaking space while typing [ or ] (which uses alt+gr too)
fuzzypixelz has joined #nixos-dev