| 7 Dec 2024 |
 hexa |
Microcode updates for AMD processors are provided by the sys-kernel/linux-firmware package.
| 18:47:45 |
 Winter | i was looking to see if they shipped anything from the repo, and they do for Intel | 18:48:26 |
| hexa | intel-microcode-20210608_p20210830.ebuild
intel-microcode-20220207_p20220207.ebuild
intel-microcode-20220419_p20220421.ebuild
intel-microcode-20220510_p20220508.ebuild
intel-microcode-20220809_p20220809.ebuild <-- in here
| 18:49:12 |
| hexa | only in a comment | 18:50:19 |
| hexa | # Package Maintenance instructions :
# 1. The ebuild is in the form of intel-microcode-<INTEL_SNAPSHOT>_p<COLLECTION_SNAPSHOT>.ebuild
# 2. The INTEL_SNAPSHOT upstream is located at: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files\
# 3. The COLLECTION_SNAPSHOT is created manually using the following steps:
# a. Clone the repository https://github.com/platomav/CPUMicrocodes
# b. Rename the Intel directory to intel-microcode-collection-<YYYYMMDD>
# c. From the CPUMicrocodes directory tar and xz compress the contents of intel-microcode-collection-<YYYYMMDD>:
# tar -cJf intel-microcode-collection-<YYYYMMDD>.tar.xz intel-microcode-collection-<YYYYMMDD>/
# d. This file can go in your devspace, add the URL to SRC_URI if it's not there
# https://dev.gentoo.org/~<dev nick>/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz
| 18:50:36 |
| Winter | did you read it? the tarball is constructed from the repo :P | 18:51:21 |
| hexa | SRC_URI="https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/microcode-${INTEL_SNAPSHOT}.tar.gz
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/raw/437f382b1be4412b9d03e2bbdcda46d83d581242/intel-ucode/06-4e-03 -> intel-ucode-sig_0x406e3-rev_0xd6.bin
https://dev.gentoo.org/~mpagano/dist/intel-microcode/intel-microcode-collection-${COLLECTION_SNAPSHOT}.tar.xz"
| 18:51:37 |
| hexa | so a repo at github.com:intel/Intel-Linux-Processor-Microcode-Data-Files has the collection? 🤔 | 18:51:56 |
| hexa | oh no, it is multiple files | 18:52:10 |
| Winter | yeah | 18:52:13 |
| hexa | and the maintainer is mpagano | 18:52:13 |
| hexa | curses | 18:52:15 |
| Winter | some from Intel, some from the guy | 18:52:22 |
| 8 Dec 2024 |
 aleksana (force me to bed after 18:00 UTC) | In reply to @joerg:thalheim.io
Is there some issue here, I don't see? https://github.com/NixOS/nixos-wiki-infra/issues/161 Should we explicitly tell users not to report vulnerabilities in the infrastructure publicly? | 03:41:28 |
 Tomodachi94 (they/them) | I think we already do through the issue templates. Third option down at https://github.com/NixOS/infra/issues/new/choose | 05:19:52 |
| Tomodachi94 (they/them) | I think we already do through the issue templates. Third option down at https://github.com/NixOS/infra/issues/new/choose ignore me, this is for the wiki infra | 05:20:22 |
| Tomodachi94 (they/them) | I think we already do through the issue templates. Third option down at https://github.com/NixOS/infra/issues/new/choose ignore me, I missed that this is for the wiki infra | 05:20:28 |
| Tomodachi94 (they/them) | Probably would be good to copy that issue template to the wiki infra repo as well though | 05:22:03 |
 tgerbet | It was leaked on his stream so the info was kinda public already in this case | 09:34:42 |
 aidalgol | I daresay that's much much less visible than the project's issue tracker. | 09:38:27 |
 @shadowrz:nixos.dev | In reply to @aleksana:mozilla.org
Not dealing with package request is even better: https://github.com/NixOS/nixpkgs/issues/308154 I thought you wanted to close it immidieately | 10:53:02 |
| @shadowrz:nixos.dev | Also follow up: https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2525468276 | 10:53:10 |
 emily | yaya and teutat3s, do you need help with electron? | 18:14:24 |
 teutat3s | emily: I can get to a version bump later today or tomorrow. If you wanna help, feel free to create a PR | 18:16:21 |
 yaya | In reply to @me:indeednotjames.com
yaya and teutat3s, do you need help with electron? i'm offline until mid-january | 18:24:58 |
| emily | In reply to @teutat3s:pub.solar
emily: I can get to a version bump later today or tomorrow. If you wanna help, feel free to create a PR think i would prefer if you could give it a shot first and review request me to get it reviewed and merged.
feel free to dm me on matrix if you need help :)
| 18:50:20 |
| 9 Dec 2024 |
 ElvishJerricco | https://github.com/NixOS/nixpkgs/pull/350097
Does anyone have access to a number of other distros to check which of them disable %h/.ssh/authorized_keys? That seems unprecedented to me
| 00:07:35 |
| hexa | not aware of any that does that | 00:09:07 |
 uep | We do this, in a corporate environment, to ensure that keys added on bastions are yubikey-resident, on our issued yubikeys, with a pin required. | 01:33:43 |
| uep | It seems ludicrous as a default | 01:34:03 |
