| 11 May 2023 |
 Julien | Where should I sign ? | 17:17:06 |
| Julien | Ah yes, the "hash collection infra" looks like something I had in mind actually | 17:19:08 |
| Julien | Well I'd be ready to work on that kind of solution and could probably even have that be part of my PhD when I start it | 17:20:22 |
 raitobezarius | stop giving hope to this channel's people | 17:20:55 |
 davidak | In reply to @raitobezarius:matrix.org
Would you be interesting into getting that hash collection infra first? i think trustix has hash collection infra, but no one knows if and how it works (except adisbladis who is unresponsive to the questions)
https://github.com/nix-community/trustix/issues/90 | 19:36:58 |
| davidak | i have collected thousands of hashes on my computer from reviewing PRs and would like to share them, so we can get a broader picture of unreproducible packages | 19:41:11 |
| raitobezarius | Someone needs to investigate this properly | 19:53:20 |
| raitobezarius | Or ping adisbladis on appropriate channels | 19:53:32 |
| davidak | i pinged him multiple times in the official room and he has seen it according to matrix | 20:01:57 |
| raitobezarius | I know | 20:02:39 |
| davidak | so someone else would have to dig into the code | 20:02:40 |
| raitobezarius | That's why I said "appropriate channels" ;) | 20:02:50 |
| davidak | maybe someone has personal contact to him or work together | 20:03:40 |
| davidak | i'm not good with this kind of social stuff | 20:07:59 |
| raitobezarius | No worries | 20:08:05 |
|  theesm joined the room. | 22:21:44 |
| theesm set a profile picture. | 23:08:38 |
| 12 May 2023 |
|  @federicodschonborn:matrix.org changed their profile picture. | 00:58:33 |
|  samueldr changed their profile picture. | 02:29:31 |
|  lassulus changed their profile picture. | 10:12:04 |
| raitobezarius | Adisbladis told us that he ran out of energy and he got some personal issues and couldn't move forward with the project | 10:20:59 |
| raitobezarius | He's still interested into Trustix | 10:21:07 |
| lassulus changed their profile picture. | 13:39:11 |
 j-k | In reply to @julienmalka:matrix.org
But yes, it fits my research interests to help nix get better in terms of software supply chain security #slsa:nixos.org | 14:28:54 |
| Julien | Thanks | 16:05:23 |
| @federicodschonborn:matrix.org changed their profile picture. | 19:34:06 |
| @federicodschonborn:matrix.org changed their display name from Federico Schonborn to Federico Damián Schonborn. | 19:34:53 |
|  Kourtni changed their display name from Kourtni Marshall to Kourtni. | 20:05:37 |
| 14 May 2023 |
 delroth | I think there's a way to fix the Linux modules BTF reproducibility issue -- it looks like pahole (the thing that generates the .BTF section from DWARF info) uses multi-threading, and I suspect that's the cause of the unreproducibility (stuff gets processed in a ~random order). But 1. there's a pahole flag we could use (-j 1); 2. we could just patch pahole to not support that at all, or default the number of threads to 1 if e.g. SOURCE_DATE_EPOCH is defined, or similar. | 01:59:14 |
| delroth | yep, ran a --check of linuxPackages.zfs with pahole patched to default to 1 thread, and it succeeded. could be a fluke, but that's promising (my run with no patch failed "as expected") | 02:06:59 |
