| 19 Oct 2022 |
 m1cr0man | Depending on the renewal target in nginx shouldn't be triggering the timer? Unless, the timer is aware of when the unit last ran? Maybe I'm wrong though. | 22:57:28 |
| 20 Oct 2022 |
|  hjulle joined the room. | 12:04:33 |
| 24 Oct 2022 |
 Andreas Schrägle | the acme nixos test broke recently https://hydra.nixos.org/job/nixos/trunk-combined/nixos.tests.acme.x86_64-linux / https://hydra.nixos.org/log/hv4qwbrhmnxf6h0fq70m8lxy5an0xf89-vm-test-run-acme.drv
logs indicate minica being denied a system call, if I'm not reading them wrong. any ideas why this might be happening? | 08:30:55 |
 Arian | odd | 08:32:13 |
| Arian | seems both minica and lego dumped core | 08:33:26 |
| Arian | this is really odd. maybe the go package broke? | 08:34:10 |
| Arian | aaah wait | 08:34:45 |
| Arian | We have a whitelist of syscalls here: | 08:35:15 |
| Arian | https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/acme/default.nix#L63-L70 | 08:35:16 |
| Arian | so maybe lego and minica are doing new syscalls that aren't in this list | 08:35:27 |
| Arian | lego seems to be calling setrlimit (which tbh is a weird thing for a process to do themselves) and idk if that one is allowed by default | 08:36:04 |
| Arian | minica stacktrace is very... uninformative | 08:36:14 |
| Arian | anyhow this means that the acme module is properly broken. this is a release blocker | 08:36:44 |
| Arian | Andreas Schrägle: could you please open an issue so we can add it to the release blocker list? | 08:37:07 |
| Andreas Schrägle | In reply to @arianvp:matrix.org
Andreas Schrägle: could you please open an issue so we can add it to the release blocker list? does this not block the (non -small) channel anyways? | 08:38:39 |
| Arian | idk if this VM test is in the list. | 08:38:57 |
| Arian | if it is then we're good :) | 08:39:00 |
| Andreas Schrägle | looks like it isn't. I'll open an issue. | 08:41:04 |
| Arian | We should probably change that btw | 08:41:29 |
| Arian | channel update shouldnt cause people's certs to expire =) | 08:42:09 |
 hexa | this is about @resources | 12:43:59 |
| hexa | and go 1.19 | 12:44:01 |
| hexa | https://github.com/NixOS/nixpkgs/issues/197443 | 12:44:34 |
| hexa | * this is about @resources, setrlimit specifically | 12:45:24 |
| hexa | https://github.com/NixOS/nixpkgs/pull/197544 | 13:11:12 |
| m1cr0man | Only checking here now. Approved that pr 🙂 | 13:15:09 |
| hexa | still running the tests | 13:19:16 |
| Arian | Yikes | 13:19:38 |
| hexa | wonder why it failed on ofborg for x86_64-linux | 13:19:39 |
| Arian | So much for Go stability guarantee. | 13:19:45 |
