| 4 Oct 2022 |
 @colemickens:matrix.org | ElvishJerricco: I was, but have dropped it due to NFS issues and kept having issues rebasing your net PR. But yes, it did work just fine. | 21:07:53 |
 Zhaofeng Li | I have one more question about #189676/cryptenroll: Should we include the tpm kernel modules by default, or should we drop this for this PR? | 21:08:01 |
| @colemickens:matrix.org | (and by fine, I mean it actually worked whereas the non-systemd-network has racey issues) | 21:08:08 |
| @colemickens:matrix.org | Zhaofeng Li I was just about to ask that, and about whether or not the fido2-device arg is needed or if it's implied to be auto? | 21:08:31 |
 @elvishjerricco:matrix.org | In reply to @zhaofeng:zhaofeng.li
I have one more question about #189676/cryptenroll: Should we include the tpm kernel modules by default, or should we drop this for this PR? yea so that's a pretty small thing in the grand scheme. Enough to block the PR on, but not enough to move systemd stage 1 into "documented and beta" status | 21:09:34 |
| @colemickens:matrix.org | I guess someone is likely to notice they need the modules as they enroll, so at least they wouldn't be likely to reboot and be unexpectedly having to enter their password due to modules missing. | 21:09:39 |
| @elvishjerricco:matrix.org | In reply to @zhaofeng:zhaofeng.li
I have one more question about #189676/cryptenroll: Should we include the tpm kernel modules by default, or should we drop this for this PR? * yea so that's a pretty small thing in the grand scheme. Enough to block the PR on, but not enough to stop the move of systemd stage 1 into "documented and beta" status | 21:09:51 |
| @colemickens:matrix.org | * I guess someone is likely to notice they need the modules as they enroll, so at least they wouldn't be likely to reboot and be unexpectedly having to enter their password due to modules missing. (I guess they could temp modprobe them and then reboot and be surprised) | 21:10:15 |
| @elvishjerricco:matrix.org | I mean I certainly was confused when my steam deck said there was no TPM device installed. Took me a minute to realize I needed a kernel module. Not a big deal but at least kinda noteworthy | 21:11:13 |
| Zhaofeng Li | In reply to @colemickens:matrix.org
Zhaofeng Li I was just about to ask that, and about whether or not the fido2-device arg is needed or if it's implied to be auto? It's not required and the cryptsetup service will determine the required token type from the LUKS key slot header | 21:11:38 |
 @hexa:lossy.network | hi, I'm seeing the mk-initrd-ng builder fail on the libxcrypt branch | 21:41:21 |
| @hexa:lossy.network | initrd-linux> /bin -> /nix/store/xavgss5cngx68ffd7y4nvf3gl5j8raq2-initrd-bin-env/bin
initrd-linux> /etc/fstab -> /nix/store/5x0glmakxlphadn0y5ynb3ymcxmsv4sn-initrd-fstab
initrd-linux> /etc/initrd-release -> /nix/store/7wwkq5lhxfjh81nan7kggc7vv3qwxnzn-initrd-release
initrd-linux> /etc/kbd/keymaps -> /nix/store/qbys2yn2mvixz0rc6g2cvmbihwlb3fgc-console-env/share/keymaps
initrd-linux> /etc/modprobe.d/debian.conf -> /nix/store/q7airdzvbg25php1a52bpswp92h6qchy-kmod-debian-aliases.conf-22-1.1
initrd-linux> /etc/modprobe.d/systemd.conf -> /nix/store/r7mlbby6n26amxrhsxzgnl5m8kldgpyr-systemd-stage-1-251.4/lib/modprobe.d/systemd.conf
initrd-linux> /etc/modprobe.d/ubuntu.conf -> /nix/store/wgaaknrv637qa0i1yhff7n5nh9447jny-initrd-kmod-blacklist-ubuntu
initrd-linux> /etc/modules-load.d/nixos.conf -> /nix/store/6adb24fxb7lxxpvrzgf9frk1ynh8l83v-initrd-nixos.conf
initrd-linux> /etc/os-release -> /nix/store/7wwkq5lhxfjh81nan7kggc7vv3qwxnzn-initrd-release
initrd-linux> /etc/passwd -> /nix/store/x79jlgg44cks805vzm9q3mshvk06nkk6-fake-nss/etc/passwd
initrd-linux> /etc/shadow -> /nix/store/vjisvrzd9rhhhidpa243rrnnzwb3ich3-initrd-shadow
initrd-linux> /etc/sysctl.d/nixos.conf -> /nix/store/ab44sbjb3zk06yzqs5xxnai2jcvga0jv-initrd-nixos.conf
initrd-linux> /etc/systemd/network -> /nix/store/i0wypsybg9f7xdjzp14mqzcdv313hxz4-initrd-link-units
initrd-linux> /etc/systemd/system -> /nix/store/11d3p04w20q1k3izmvlz7zfdlqpkbn05-initrd-units
initrd-linux> /etc/systemd/system.conf -> /nix/store/cq7f9nfwg8ly1730xbap0631km95apb8-initrd-system.conf
initrd-linux> /etc/udev/rules.d -> /nix/store/q5rdk89xnzplh7m0kgjpd53v960sw7yn-initrd-udev-rules
initrd-linux> /etc/vconsole.conf -> /nix/store/vnspz6aghpx0pkak1ps76as2qdcbzbb7-vconsole.conf
initrd-linux> /init -> /nix/store/r7mlbby6n26amxrhsxzgnl5m8kldgpyr-systemd-stage-1-251.4/lib/systemd/systemd
initrd-linux> /lib/firmware -> /nix/store/n7j49yh6kcisb31xg6c48lzcbhz813gw-linux-5.15.71-modules-shrunk/lib/firmware
initrd-linux> /lib/modules -> /nix/store/n7j49yh6kcisb31xg6c48lzcbhz813gw-linux-5.15.71-modules-shrunk/lib/modules
initrd-linux> /sbin -> /nix/store/xavgss5cngx68ffd7y4nvf3gl5j8raq2-initrd-bin-env/sbin
initrd-linux> Error: Os { code: 2, kind: NotFound, message: "No such file or directory" }
| 21:41:33 |
| @hexa:lossy.network | the error message is only mildly helpful | 21:41:43 |
| @hexa:lossy.network | https://github.com/mweinelt/nixpkgs/tree/glibc-without-libcrypt | 21:42:37 |
| @hexa:lossy.network | this branch | 21:42:38 |
| @hexa:lossy.network | for example when building up to nixosTests.hibernate-systemd-stage-1 | 21:42:54 |
| @hexa:lossy.network | * for example when building up to nixosTests.hibernate-systemd-stage-1 | 21:42:59 |
| @hexa:lossy.network | ElvishJerricco maybe? | 21:43:21 |
| @elvishjerricco:matrix.org | Seems like a missing symlink or something? We're not great at those AFAIK. Will check closer when I get home | 21:45:14 |
| @hexa:lossy.network | ❯ ./result/bin/make-initrd-ng
thread 'main' panicked at 'index out of bounds: the len is 1 but the index is 1', src/main.rs:202:33
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
| 21:45:40 |
|  @aktaboot:tchncs.de joined the room. | 21:45:41 |
| @hexa:lossy.network | this is also great 😄 | 21:45:42 |
| @hexa:lossy.network | thank you | 21:45:45 |
| @elvishjerricco:matrix.org | In reply to @hexa:lossy.network
https://github.com/mweinelt/nixpkgs/tree/glibc-without-libcrypt That branch has like... a bunch of commits :P Any chance of a smaller diff? | 21:55:27 |
| @hexa:lossy.network | hrhr, not really 😄 | 21:55:47 |
| @hexa:lossy.network | any chance we can find out what file it doesn't find? | 21:55:56 |
| @hexa:lossy.network | this is basically swapping out glibc's crypt() functionality for that of libxcrypt | 21:56:18 |
| @elvishjerricco:matrix.org | i guess you could try throwing way more verbose logging info in there? | 21:57:28 |
| @hexa:lossy.network | let's assume I've never written rust | 21:57:54 |
| @hexa:lossy.network | I assume A -> B is part of the copying | 21:58:14 |
