| 15 Jan 2023 |
 @nickcao:nichi.co | I'm testing the fix tomorrow. | 12:23:57 |
 @elvishjerricco:matrix.org | Hm, why patch these dlopen calls instead of just double checking that they'll be found (correctly) in RPATH? | 12:30:46 |
| @elvishjerricco:matrix.org | We trying to avoid LD_LIBRARY_PATH shenanigans or something? | 12:31:03 |
| @nickcao:nichi.co | The other distros would also be vulnerable, is RPATH is considered harmful. | 12:33:33 |
| @nickcao:nichi.co | * The other distros would also be vulnerable, if RPATH is considered harmful. | 12:33:41 |
| @nickcao:nichi.co | I think the best way forward is convince upstream to use configure options for absolute paths to these libs. | 12:34:41 |
| @nickcao:nichi.co | Security, maintainability, usability, take all three of them. | 12:35:13 |
| @elvishjerricco:matrix.org | Yea the systemd commit says it's not really a security measure since they use secure_getenv | 12:36:18 |
| @elvishjerricco:matrix.org | Not really sure what that does | 12:36:43 |
 @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
Not really sure what that does https://linux.die.net/man/3/secure_getenv | 12:37:07 |
| @elvishjerricco:matrix.org | Yea I saw that but I'm not exactly sure what the implication is | 12:37:58 |
| @janne.hess:helsinki-systems.de | the case that we might hit is: the process has a nonempty permitted capability set. | 12:38:07 |
|  dadada joined the room. | 15:13:07 |
| @elvishjerricco:matrix.org | Nice, my initrd networkd PR has officially demonstrated value over scripted initrd networking. I've always had problems where initrd networking on my home server wouldn't work when I need it most: After a power outage. I'm pretty sure the server starts back up before my router, so its initrd fails to get a DHCP lease quick enough and gives up. systemd initrd networkd managed without issue | 21:01:25 |
| 24 Jan 2023 |
 flokli | ElvishJerricco: can we merge it in? | 23:24:22 |
| 25 Jan 2023 |
 @vika:fireburn.ru | Huh, that's weird:
Jan 25 06:17:24 localhost systemd[1]: Found device WD PC SN740 SDDPNQD-1T00-1027 nixos-hydrangea.
Jan 25 06:17:24 localhost systemd[1]: Found device WD PC SN740 SDDPNQD-1T00-1027 swap-hydrangea.
Jan 25 06:17:24 localhost systemd[1]: Starting Cryptography Setup for nixos-hydrangea...
Jan 25 06:17:24 localhost systemd[1]: Starting Cryptography Setup for swap-hydrangea...
Jan 25 06:17:24 localhost systemd-cryptsetup[312]: TPM2 driver name 'device' not valid, refusing.
Jan 25 06:17:24 localhost systemd-cryptsetup[311]: TPM2 driver name 'device' not valid, refusing.
This has worked before, but stopped after an update. Maybe someone here is wise enough to know what's up?
| 03:51:56 |
| @vika:fireburn.ru | Thankfully if I boot an older system, it does work, so at least it's not my TPM being broken! | 03:52:16 |
| @elvishjerricco:matrix.org | Vika (she/her): I think that's a known and fixed bug | 03:53:12 |
| @elvishjerricco:matrix.org | Vika (she/her): specifically https://github.com/NixOS/nixpkgs/pull/210896 | 03:55:24 |
| @vika:fireburn.ru | oh wow it's in staging ðŸ˜ðŸ˜ðŸ˜ðŸ˜ðŸ˜ðŸ˜ | 03:57:43 |
| @vika:fireburn.ru | i don't know if i can afford rebuilding the world while cherry-picking updates | 03:58:07 |
| @vika:fireburn.ru | i guess i'll resort to entering my passphrase every time I boot like in the old times until it hits nixos-unstable | 03:58:34 |
| @elvishjerricco:matrix.org | Maybe you can just roll back to before the bug? It's quite recent | 03:58:36 |
| @vika:fireburn.ru | oh, do you know the commit that introduced the bug? perhaps it was some systemd update? | 03:58:56 |
| @vika:fireburn.ru | it probably happened somewhere before Jan 15 and Jan 24, since these are the dates for my updates... | 03:59:50 |
| @elvishjerricco:matrix.org | Vika (she/her): it should have been the last systems update I believe | 04:00:39 |
| @elvishjerricco:matrix.org | * Vika (she/her): it should have been the last systemd update I believe | 04:00:44 |
| @vika:fireburn.ru | 47de6ecabb0609bc8b4212842fb01533b3616874 systemd: 252.3 -> 252.4
ed9e8cd687b08a4e8f3d673f25c12e345afd65cb systemd: 252.1 -> 252.3
| 04:03:53 |
| @vika:fireburn.ru | well, two possibly-bad commits are better than 2760 (not including merge commits) | 04:04:27 |
| @elvishjerricco:matrix.org | I'm not sure which one it was but I am on my phone at the moment so I'm not well equipped to figure it out :P | 04:04:56 |
