<clever>
Infinisil: there is also import from derivation, just make a derivation that contains a nix file, then import it
<clever>
Infinisil: you can use builtins.readFile to read a file and then manipulate it
<clever>
simpson: and you are also reporting the set of object hashes you currently have in your ipfs store
<clever>
simpson: so anybody that knows your pubkey can find your ip, and track you, world-wide
<clever>
simpson: one issue ive noticed with ipfs, is that you have a long-term keypair, and while online, you are storing a pubkey=ip record in the DHT
<clever>
they would be using the cached build most likely, and not notice
<clever>
disasm: any time something low-level like glibc or gcc gets changed, nixpkgs will mass-rebuild as a side-effect, and then things like lxc might get noticed
<clever>
yeah, about 28,000 jobs on nixpkgs
<clever>
BlessJah: more that the tests got more strict
<clever>
Sonarpulse: i have been testing out the PR and github status stuff in hydra, and it could easily cover a lot of this
<clever>
nix changed the rules
<clever>
so the CI at merge time would have never caught it
<clever>
but a recent security update in nix broke lxc, after it was merged
<clever>
i believe in this case, the old nix was allowing the setuid
<clever>
BlessJah: yeah
<clever>
BlessJah: only a subset of the builds (see above link) are required for the channel to update
<clever>
Sonarpulse: yeah, it may also work on other platforms that lack signalfd
<clever>
so now try to ls it
<clever>
the makepanda directory does exist
<clever>
justanotheruser: try inserting an "ls -ltrh" call before the python3, and then use it to look around
<clever>
Sonarpulse: and i think the sigint from ctrl+c may go to several threads, so a different thread could catch it, then write a byte to an internal pipe
<clever>
justanotheruser: can you gist the .nix file nix-shell was loading?
<clever>
justanotheruser: what command did you run to trigger that error?
<clever>
tommyangelo[m]: yeah, if you build once with -I nixpkgs=/etc/nixos/nixpkgs, then it will use the value in the config, which is the same
<clever>
tommyangelo[m]: you would need to use nix.nixPath in the configuration.nix to control what lands in $NIX_PATH after its built
<clever>
tommyangelo[m]: nope
<clever>
symphorien: tommyangelo[m]: i believe it needs to be -I nixpkgs=/path/to/repo
<clever>
nixy: yep
<clever>
nixy: personally, i just delete that file and add its entries to configuration.nix on most systems, i know what i'm doing and dont need it to auto-generate everything for me
<clever>
nixy: you also have the option to run nixos-generate-config again after installing, to update that config
<clever>
wb?
<clever>
i need to start a blog
<clever>
kk
<clever>
i just took the kernel+initrd from the ipxe netboot, and ran it with kexec instead
<clever>
and if your internet is fast, you could load some of those files over the web, just beware of mitm
<clever>
depending on how many clients boot at once, you may want to put in a load balancer, either inteligent http redirects, or just some dns round-robin
<clever>
at this point, the only thing to consider is the network bandwidth when downloading 278mb initd's over http
<clever>
you can even download pre-built netboot images from a hydra
<clever>
so it allows resizing the mapping that is used as heap space
<clever>
gchristensen: the brk syscall is used to set the end of the heap, and by tracking where it was ending, you can move it up/down as you grow/shrink the heap
<clever>
gchristensen: why cant you operate purely with anon mmap's?
<clever>
gchristensen: i have also wondered if brk is even needed anymore
<clever>
though i could see char foo[strlen(input)]; being a potential exploit
<clever>
that sounds like it would need more then 4kb on the stack as local vars, or an exploit that can apply an arb decrement to the stack pointer
<clever>
so if you go byte by byte down the stack, you can never hit the heap
<clever>
gchristensen: i would expect the kernel to include some guard pages, something that acts as a limit and will always page-fault/segv
<clever>
and another reason to go all 64bit
<clever>
gchristensen: oh god, thats such a simple question, lol
<clever>
but i did notice that the binary cache didnt have it, and it had to build locally
<clever>
i had tested it on cb90e6a036 and it worked
<clever>
/nix/var/nix/profiles/per-user/root happens to already be a place that can hold roots, so it saves a step
<clever>
avn: which is managed under /nix/var/nix/gcroots
<clever>
avn: maybe, it needs to be somewhere that is a valid gcroot
<clever>
so it will only ever contain 1 result
<clever>
and --set will replace the entire contents of the new generation, with the result of the build
<clever>
avn: -f, -A, and -I do the usual things
<clever>
avn: the -p flag points it to a custom profile, where it will store all generations
<clever>
dont know, havent done that much with docker
<clever>
the result of running which uname at build-time
<clever>
ij: or you need to bake the path of coreutils into your build, by either adding ${coreutils}/bin to $PATH, or adding $(which uname) in where you call uname
<clever>
ij: you can either rely on the fact that coreutils is always installed, and just expect it to be in $PATH
<clever>
ij: at runtime or build time?
<clever>
at least under root, the channel name should be nixos
<clever>
ah
<clever>
what channel came back on its own?
<clever>
is this on nixos or another distro?
<clever>
tilpner: its to handle creating a default the first time nixos boots
<clever>
tilpner: nixos will add a default one if the dir is missing on root
2017-06-17
<clever>
catern: i heard 80gig per eval
<clever>
then when its done, it does a normal rm -rf on trash
<clever>
sphalerite: it moves things from /nix/store/ to /nix/store/trash, because directory moves are atomic
<clever>
sphalerite: and in the past, i have tried to get gpu passthru under xen to work, but discovered that the host must fully reboot any time the windows reboots
<clever>
sphalerite: i have a server in the cloud running win7 to handle some legacy junk that relies on windows
<clever>
ben: that is a property that will affect the hash