| 2 Dec 2024 |
 Tranquil Ity | Ey! | 09:31:52 |
 anouk | I am interested in a "use local caches" feature (idea: download only hashes from the trusted main caches; and then check in the local network for public caches, verify everything downloaded from there).
But I'm not sure which project a feature request should go to. Lix? Nixpkgs? So entirely new, it's out of scope everywhere? | 10:32:28 |
 K900 | A local cache can just copy signatures from the public one | 10:33:03 |
| K900 | And as long as the key is trusted it should work | 10:33:08 |
 Niklas Korz | https://github.com/NixOS/nix/pull/11713
seeing the same issue in Lix but the fix looks simple enough | 11:52:26 |
|  dala left the room. | 16:28:48 |
 ToxicFrog | aidalgol: tragically the set of libraries that it dlopens is unbounded, it has an ffi; I just noticed it first with readline (because it wants that as soon as the repl initializes)
I have for the moment implemented a hacky workaround by wrapping it in a script that points LD_LIBRARY_PATH at /run/current-system/sw/share/nix-ld/lib | 16:49:55 |
| ToxicFrog | speaking of which isn't share for architecture-independent stuff?? | 16:50:06 |
|  dish [Fox/It/She] changed their profile picture. | 19:58:57 |
 vorboyvo | hi! does anyone know why whenever i update my nixos flake with lix, a system rebuild builds lix and dependencies (such as aws-sdk-cpp, webkitgtk?) from source? | 22:44:59 |
| vorboyvo | if i remove lix before the update and then add it back after the update, it works fine | 22:45:11 |
| 3 Dec 2024 |
|  stigo 5716 changed their display name from stigo (away) to stigo. | 00:52:11 |
|  getchoo changed their profile picture. | 06:06:34 |
 @acidbong:envs.net | In reply to @vorboyvo:matrix.vorboyvo.com
hi! does anyone know why whenever i update my nixos flake with lix, a system rebuild builds lix and dependencies (such as aws-sdk-cpp, webkitgtk?) from source? is your lix built from git? do you by any chance use nixpkgs-* branch instead of nixos-*? | 06:42:17 |
 aidalgol | I was just trying out vulnix, and it flagged lix.
lix-2.91.1
/nix/store/g0ay3i77nrjhs7w11520l96ryjl22raf-lix-2.91.1.drv
CVE CVSSv3
https://nvd.nist.gov/vuln/detail/CVE-2020-10800 8.1
Wasn't that bug fixed a while ago?
| 08:43:10 |
 thubrecht | Not the correct lix either | 08:46:03 |
| thubrecht | That cve is for a javascript package | 08:46:38 |
| thubrecht | From 2020 | 08:46:50 |
| aidalgol | Well vulnix seems to be completely broken then. 😞 | 10:28:32 |
 ghpzin | It seems to do as expected from description:
It matches name and version of all derivations referenced from the command line against known CVE entries. A whitelist is used to filter out unwanted results.
Matching Nix package names to NVD products is currently done via a coarse heuristic. First, a direct match is tried. If no product can be found, variations with lower case and underscore instead of hyphen are tried. It is clear that this mapping is too simplistic and needs to be improved in future versions.
Otherwise they would need to manually match packages with CVEs | 10:59:55 |
| ghpzin | It seems to do as expected from description:
It matches name and version of all derivations referenced from the command line against known CVE entries. A whitelist is used to filter out unwanted results.
Matching Nix package names to NVD products is currently done via a coarse heuristic. First, a direct match is tried. If no product can be found, variations with lower case and underscore instead of hyphen are tried. It is clear that this mapping is too simplistic and needs to be improved in future versions.
Otherwise they would need to manually match packages with CVEs | 11:00:05 |
|  Evie (they/she) changed their profile picture. | 12:24:06 |
 antifuchs | Time for a package manager that identifies software by their cve IDs | 13:44:36 |
| vorboyvo | In reply to @acidbong:envs.net
is your lix built from git? do you by any chance use nixpkgs-* branch instead of nixos-*? this is my inputs:
```inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
``` | 14:07:32 |
| vorboyvo | so I suppose so | 14:07:40 |
| vorboyvo | though I followed the instructions here | 14:08:23 |
| vorboyvo | https://lix.systems/add-to-config/ | 14:08:25 |
| vorboyvo | * this is my inputs:
```inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
```
edit: Why did it format like that
| 14:10:15 |
 kuruczgy | I am trying do debug an issue in nixpkgs, and I am trying to get more familiar with the debugger.
Is builtins.break expr supposed to be equivalent to expr when --debugger is not used? Because for me it breaks evaluation when I insert it... | 15:28:10 |
| kuruczgy | * I am trying to debug an issue in nixpkgs, and I am trying to get more familiar with the debugger.
Is builtins.break expr supposed to be equivalent to expr when --debugger is not used? Because for me it breaks evaluation when I insert it... | 15:28:17 |
