| 21 Jun 2021 |
 Foxboron | But initrd != efistub (or something) | 08:40:54 |
| Foxboron | (I never dug deep into that part of the problem) | 08:41:01 |
 Linux Hackerman | Well yeah, inserting the key into the initramfs is what I'm describing | 08:41:34 |
| Linux Hackerman | The efi stub is part of the linux kernel which makes it into an EFI-bootable image IIUC. | 08:42:02 |
| Foxboron | initramfs isn't actually protected by secure boot. But if you make a unified EFI image with initramfs+kernel it is. Hmmmm. Ahh this would be a cool feature | 08:43:33 |
| Linux Hackerman | Oh right, yeah, just saw that in https://github.com/NixOS/nixpkgs/pull/53901/files#diff-14341d580318ebe4f2ce22e4fc94c02f6a56229cdc7ae939728628a47b9e6b39R144-R149 :) | 08:44:00 |
| Foxboron | Make a seperate initramfs with the key in kernel/x86/key/somecert.cert (this is what microcode does for early boot loading) which you can concat with microcode + initramfs. | 08:44:49 |
| Foxboron | This is me theorizing what alternative key loading would look like fwiw | 08:45:32 |
|  fgaz joined the room. | 10:05:45 |
 baloo | 1486 out of 1486 (100.00%) paths in the minimal installation image are reproducible! πππ | 12:48:25 |
| baloo | In reply to @foxboron:archlinux.org
initramfs isn't actually protected by secure boot. But if you make a unified EFI image with initramfs+kernel it is. Hmmmm. Ahh this would be a cool feature That is pretty easy to do actually.
https://github.com/baloo/reproducibility-lab/tree/main/pkgs/uefi-bundle
I havenβt worked on injecting the key from the secureboot but that does not sound impossible. | 13:32:28 |
| baloo | Although if I might be pessimistic a bit. Not too sure all too many people have a practical use case for it | 13:33:46 |
 @grahamc:nixos.org | Foxboron: how do you deal with the key? | 20:56:34 |
| Foxboron | In reply to @grahamc:nixos.org
Foxboron: how do you deal with the key? for which part? The discussion above refers to quite a few keys :p | 22:20:00 |
| 22 Jun 2021 |
 siraben | is there a collection of patches we sent upstream to achieve 100% reproducibility? | 04:19:19 |
 raboof | In reply to @siraben:matrix.org
is there a collection of patches we sent upstream to achieve 100% reproducibility? I don't think so, no | 07:26:03 |
 davidak | In reply to @baloo_:matrix.org
1486 out of 1486 (100.00%) paths in the minimal installation image are reproducible! πππ i have just checked and noticed it. congratulations to everyone involved! can we have a big announcement with short introduction what this effort is about, link to https://reproducible-builds.org/ and then include it in their newsletter? also announce on twitter, mastodon, hackernews, reddit, lemmy, ... with link to our blog post. that's how we can make people interested in NixOS ;) #marketing | 19:37:58 |
 tomberek | Ideally, yes. It was on HN yesterday for a while. Iβd suggest one aspect of the marketing is to describe why this is a good thing and what this allows. The Nix/NixOS marketing team meets tomorrow, we can bring it up to have a coordinated thing. | 20:05:47 |
|  ollijh joined the room. | 20:12:40 |
| 23 Jun 2021 |
| siraben | tomberek: is there an invite link for the marketing meeting? | 03:21:32 |
|  anubhavkini joined the room. | 06:52:49 |
| raboof | we should definitely make sure it makes it to the reproduce-builds monthly newsletter, I'll write something up unless someone beats me to it | 07:40:03 |
| raboof | I'd really like to see https://github.com/NixOS/nixpkgs/issues/125380 fixed before making more noise, but I guess the cat is out of the bag :D | 07:40:27 |
| tomberek | @siraben: https://nixos.org/community/teams/marketing.html | 13:33:38 |
| 24 Jun 2021 |
|  tadfisher joined the room. | 03:33:06 |
|  nrdxp joined the room. | 17:04:11 |
| 26 Jun 2021 |
| @grahamc:nixos.orgchanged room power levels. | 01:31:35 |
| 27 Jun 2021 |
| davidak | CW: RANT
the post was on hackernews and got 23.5k views. most probably hear about nixos and reproducible builds for the first time. the post didn't explain what either is about. so what people will remember might be "obscure project does obscure things and i don't see why i should care". this is a missed chance for us to make nixos more popular. i would say it's a marketing disaster that damages nixos reputation. why are we unable to coordinate and do something correctly? this makes me angry, because nixos has so much potential :((( | 01:14:44 |
 matthewcroughan - nix.zone | In reply to @davidak:matrix.org
CW: RANT
the post was on hackernews and got 23.5k views. most probably hear about nixos and reproducible builds for the first time. the post didn't explain what either is about. so what people will remember might be "obscure project does obscure things and i don't see why i should care". this is a missed chance for us to make nixos more popular. i would say it's a marketing disaster that damages nixos reputation. why are we unable to coordinate and do something correctly? this makes me angry, because nixos has so much potential :((( Functional package management isn't going anywhere. It is grounded as a concept, in my view. | 01:44:58 |
| matthewcroughan - nix.zone | Doesn't matter how long it takes to get there, we can only speed it up. | 01:45:21 |
