| 26 Oct 2024 |
 gluonix | from running diffoscope, one thing that stands out is the different build paths | 00:44:30 |
| gluonix | For instance, without docker:
/build/cargo-vendor-dir/...`
versus, with docker:
/tmp/nix-build-teleport.drv-0/cargo-vendor-dir/...
| 00:46:27 |
| gluonix | * For instance, without docker:
/build/cargo-vendor-dir/...
versus, with docker:
/tmp/nix-build-teleport.drv-0/cargo-vendor-dir/...
| 00:46:40 |
 artturin | https://github.com/NixOS/nix/blob/3db75b00602a7a937c1e983e01c071100102c18c/src/libstore/unix/build/local-derivation-goal.cc#L1167 | 00:48:07 |
| artturin | Definition is a few lines up | 00:48:25 |
| artturin | You can enable sandboxing https://hub.docker.com/r/nixos/nix shows how | 00:49:33 |
| gluonix | yes, ok, I was reading about this | 00:49:51 |
| gluonix | This applies to the docker-nixpkgs images as well right? I am using nix flakes so the image nix-flakes or cachix-flakes is convenient. | 00:50:34 |
| artturin | In reply to @switch3flip:matrix.org
This applies to the docker-nixpkgs images as well right? I am using nix flakes so the image nix-flakes or cachix-flakes is convenient. Should work in any docker with nix | 00:51:06 |
| gluonix | Does this also mean that we cannot use docker build to build nix packages, but instead we must create the build environment with docker and use docker run --privileged ... ro tun a container in which we build the nix package? | 00:52:39 |
| gluonix | * Does this also mean that we cannot use docker build to build sandboxed nix packages, but instead we must create the build environment with docker and use docker run --privileged ... ro tun a container in which we build the nix package? | 00:53:00 |
| artturin | I don't know what docker build does | 00:53:25 |
| artturin | https://stackoverflow.com/questions/48098671/build-with-docker-and-privileged | 00:54:44 |
| gluonix | whoa, thanks, that was exactly what I was asking about | 00:55:47 |
| artturin | You could just build the image with nix instead of docker build | 00:56:59 |
| artturin | * You could just build the image with nix instead of docker build
There's builders for that in nixpkgs. | 00:59:53 |
| gluonix | ah yes, good idea, the reason I wish to use docker right now is for integration purposes as we have a larger system that uses docker to build "stuff" and we only nix for a specific component as it has higher requirements with respect to reproducible builds | 01:02:26 |
| gluonix | as you may know, nix has a steep learning curve, hence most dev teams prefer docker, unless they have no choice 😆 | 01:03:01 |
| 29 Oct 2024 |
|  jzbor changed their profile picture. | 17:10:18 |
|  eva removed their profile picture. | 22:26:39 |
| eva set a profile picture. | 22:26:54 |
| 30 Oct 2024 |
|  @seapat:matrix.org left the room. | 07:49:55 |
| 2 Nov 2024 |
|  Mel joined the room. | 03:07:18 |
|  Artem Markov changed their display name from Artem Markov to drownbes. | 08:42:16 |
| 5 Nov 2024 |
|  @grossmap:in.tum.de left the room. | 14:15:59 |
| 6 Nov 2024 |
|  @peddie:matrix.org left the room. | 12:33:19 |
| 8 Nov 2024 |
|  @printfn:matrix.org left the room. | 06:13:24 |
 p14 | I know there was some interest in having a PGO/LTO/BOLT clang build, as well. Some notes on build reproduciblity when PGO is involved: https://discourse.llvm.org/t/pgo-profile-reproducibility/82861/6
TL;DR: For profiles it is not enough for the profiling mechanism to be deterministic and the workload to have a deterministic output; the workload must compute the output in a flow-control deterministic way. Clang unfortunately uses inodes in a hash map, which makes the profile not reproducible, so it's not currently possible to have a reproducible PGO clang build. (Unless you control the inode integers that clang sees during profiling, among other horrible details). | 11:41:38 |
| 12 Nov 2024 |
|  pfhuh joined the room. | 05:55:01 |
| 13 Nov 2024 |
|  Inayet joined the room. | 22:16:32 |
