| 4 Mar 2025 |
 raitobezarius | this is the 2nd time someone told me | 13:59:50 |
| raitobezarius | i am fixing it now | 13:59:51 |
| raitobezarius | Elvish never told me the typo btw | 13:59:54 |
| raitobezarius | done | 14:00:06 |
 Arian | cpio archives preserve fsverity info? | 14:00:07 |
| Arian | I assume they do? | 14:00:12 |
| raitobezarius | In reply to @arianvp:matrix.org
cpio archives preserve fsverity info? actually they probably don't | 14:00:22 |
| Arian | then this doesn’t work :D | 14:00:28 |
| raitobezarius | fsverity exist only for ext4 & f2fs iirc | 14:00:33 |
| raitobezarius | In reply to @arianvp:matrix.org
then this doesn’t work :D yes but you know what is the fix | 14:00:37 |
 emily | it's already been hashed into immutable metadata and verity would complain, easier to just get a legal name change | 14:00:39 |
| Arian | so I guess deprecate initramfs and go back to initrd :D | 14:01:00 |
| raitobezarius | this is how identity leaks should be handled | 14:01:02 |
| raitobezarius | you just rotate your identity | 14:01:06 |
| raitobezarius | In reply to @arianvp:matrix.org
so I guess deprecate initramfs and go back to initrd :D no but we can just fix her | 14:01:13 |
| Arian | In reply to @emilazy:matrix.org
and I guess we don't need the fancy bind mount stuff because the daemon isn't running in stage 1 anyway? systemd does exactly this fancy bind mount stuff | 14:01:20 |
| Arian | but for /usr | 14:01:24 |
| emily | finally the option names will be correct again | 14:01:29 |
| Arian | https://github.com/systemd/systemd/blob/facc9439a76b4c3a5c273c71bd7a676e4c74778c/src/core/main.c#L1871-L1884 | 14:01:50 |
| emily | I mean, including the part where there's a secret writable version? | 14:02:27 |
| emily | I assume systemd has no need to write to /usr unlike the Nix daemon | 14:02:27 |
| emily | (but like I said I guess irrelevant since running the daemon in stage 1 is nuts) | 14:02:39 |
| raitobezarius | (actually) | 14:02:53 |
| Arian | me sweats I’m not supposed to run `nix-daemon in stage1? | 14:02:56 |
| raitobezarius | (there's a good reason to do that: store verification) | 14:02:58 |
| raitobezarius | and people who does fancy immutable A/B schemas might do nix-build in stage 1 | 14:03:16 |
| raitobezarius | to obtain their upgrades | 14:03:18 |
| raitobezarius | because the userspace is under dm-verity | 14:03:27 |
| raitobezarius | this is your last chance to swap the dm-verity by something else | 14:03:38 |
| emily | I was thinking about that, but I figured anyone implementing such a scheme would take my statement as a compliment | 14:04:19 |
