| 14 Feb 2026 |
 ris_ | this does make me wonder how libcxxhardening* should interact with _LIBCPP_HARDENING_MODE_DEFAULT though | 11:30:03 |
| ris_ | https://github.com/NixOS/nixpkgs/pull/490358 | 12:07:04 |
 emily | IMO we should just control the default with that rather than with wrapper flags. though on macOS we are not building libc++ anyway | 15:52:41 |
| ris_ | interesting - we might have to do some hackery as I wouldn't expect _LIBCPP_HARDENING_MODE_DEFAULT to be designed to be set from the cli | 17:31:34 |
| emily | no I just mean we should set it in our libc++ build :) | 17:58:50 |
| emily | like how we do PIE by default in our GCC and Clang builds | 17:59:13 |
| emily | overriding for an individual package can be flag driven | 17:59:26 |
| emily | though I think NIX_CFLAGS_COMPILE is probably sufficient interface there | 18:00:02 |
| ris_ | i seeee | 18:02:04 |
| ris_ | yeah i just think it's weird, people will expect that setting hardeningDisable = ["libcxxhardeningfast"]; to actually disable it | 18:02:58 |
| ris_ | * yeah i just think it's weird, people will expect setting hardeningDisable = ["libcxxhardeningfast"]; to actually disable it | 18:47:29 |
| emily | might be good to support hardeningDisable adding flags? but if we control it with the build-time default + cflags maybe it can just be an override in pkgsExtraHardening and not need the hardening* machinery at all | 20:34:31 |
| 4 Aug 2022 |
|  Winter (she/her) joined the room. | 03:27:09 |
|  [0x4A6F] joined the room. | 22:08:01 |
| 6 Aug 2022 |
| Winter (she/her) | Does anyone know where the fact that the Darwin stdenv builds CMake twice comes from? As far as I can tell, it's from stage 0, and then just gets used in the other stages from there. Am I missing something here, is it something with the overrides? It looks like it might be, but then the fact that those are only allowed in the final stage (per booter.nix) (when that doesn't seem true, since then they wouldn't be defined...?) comes up.
(Isn't this the same pattern (defining in one stage and referencing in the others) that makes Glibc only build a limited number of times in the Linux stdenv?) | 08:00:17 |
 trofi | You think cmake should be rebuild less? Or more?
glibc's is probably a bit different as it's a part of stdenv.cc.libc and mainly used by that I would guess. Also, if depends if the package is used or not by other packages in the derivation would affect rebuild count as well.
| 14:59:09 |
| trofi | Looking at stdenv's dep tree I see 2 cmake-boot hashes and one cmake hash: https://dpaste.com/8GGM6P9BF.txt | 15:03:11 |
| Winter (she/her) | In reply to @trofi:matrix.org
You think cmake should be rebuild less? Or more?
glibc's is probably a bit different as it's a part of stdenv.cc.libc and mainly used by that I would guess. Also, if depends if the package is used or not by other packages in the derivation would affect rebuild count as well.
I have no particular opinion, I'm just curious how that happens. | 21:22:09 |
| Winter (she/her) | Oh, for clarification, I was talking about cmake-boot. | 21:22:19 |
| Winter (she/her) | (which is cmake in the stdenv stages) | 21:22:29 |
| Winter (she/her) | see the line i linked | 21:22:36 |
| trofi | AFAIU cmake = cmakeMinimal is only for stage1-4 (first build: bootstrapTools -> cmake-boot in pastebin). Last stage uses cmake as is. Also note that cmakeMinimal is used by zstd (used by final stage, does second build: stage4 -> cmake-boot -> zstd in pastebin). | 21:44:31 |
| trofi | I used the following command to grep through the full depgraph: $ nix-store --query --graph $(nix-instantiate -A stdenv --argstr system x86_64-darwin) | 21:45:39 |
| 10 Aug 2022 |
|  luxus joined the room. | 09:55:36 |
| 17 Aug 2022 |
| trofi | Quiz question: for a final glibc used in nixpkgs all over the place which gcc you think is used to build it on linux? a) Possible answers: gcc from bootstrap tools b) gcc from nixpkgs. | 17:36:21 |
| trofi | You knew :) | 17:39:09 |
 Artturin | obviously it is the more ridiculous answer 🙃 | 17:40:03 |
| trofi | Yeah :) Spoiler: https://dpaste.com/DMD34BUN9.txt | 17:40:23 |
| trofi | * Quiz question: for a final glibc used in nixpkgs all over the place which gcc you think is used to build it on linux? Possible answers: a) gcc from bootstrap tools b) gcc from nixpkgs. | 17:42:06 |
 vcunat | AFAIK it isn't easy to do better. gcc links against glibc. So either somehow try replacing it later (rather hacky, probably) or build gcc twice during bootstrapping (will remain persistently annoying). Or as you suggest, update the bootstrapping tools more often. | 17:49:27 |
