| 23 May 2023 |
 Arian | what is unreproducible about it? | 14:07:43 |
 @elvishjerricco:matrix.org | In reply to @arianvp:matrix.org
we don't support user namespaces inside the build sandbox do we? or do we these days? we do | 14:07:51 |
 @nikstur:matrix.org | If there is no machine-id systemd-repart creates random UUIDs for partitions | 14:08:06 |
| @nikstur:matrix.org | and I think timestamps might be an issue | 14:08:13 |
| @elvishjerricco:matrix.org | in fact I've used that to do FHS style builds in a nix build | 14:08:14 |
| @elvishjerricco:matrix.org | In reply to @nikstur:matrix.org
If there is no machine-id systemd-repart creates random UUIDs for partitions You can also pass --seed | 14:09:04 |
| Arian | oh yeh that stuff. Just put a /buildroot/etc/machine-id file . should work | 14:09:28 |
| Arian | or --seed. yheh | 14:09:33 |
| Arian | hmmmm without fakeroot my build fails with:
> Failed to copy symlink 'sbin', ignoring: Permission denied
> Failed to copy '/nix/store/049705cr0z1mzjfngjr4vlybp3z5n1wx-bcache-tools-1.0.7' to '/build/.#repartabde6bac7950c286/nix/store/049705cr0z1mzjfngjr4vlybp3z5n1wx-bcache-tools-1.0.7': Invalid argument
| 14:11:01 |
| Arian | but works with fakeroot woohoo. (What does fakeroot do? | 14:14:06 |
 @janne.hess:helsinki-systems.de | In reply to @arianvp:matrix.org
but works with fakeroot woohoo. (What does fakeroot do? It pretends you're root | 14:15:06 |
| Arian | that I understand. but how does it do that? | 14:15:25 |
| @janne.hess:helsinki-systems.de | In reply to @arianvp:matrix.org
that I understand. but how does it do that?
This is done by setting LD_PRELOAD to libfakeroot.so, which provides wrappers around getuid, chown, chmod, mknod, stat, and so on, thereby creating a fake root environment.
| 14:15:56 |
 @mberndt:matrix.org | ElvishJerricco, thanks for your review. I've responded to your comments…
https://github.com/NixOS/nixpkgs/pull/229767 | 14:19:15 |
| @elvishjerricco:matrix.org | user namespaces are better though. Are there still holdout distros that disable that? | 14:21:27 |
 @aloisw:kde.org | In reply to @elvishjerricco:matrix.org
user namespaces are better though. Are there still holdout distros that disable that? Our own "hardened" kernel does that, at least. | 14:36:43 |
| @aloisw:kde.org | There's also proot -0. | 14:37:49 |
| @elvishjerricco:matrix.org |
No, Stratis is unrelated to LVM and a simpler design
mberndt Huh. For some reason I thought stratis was a management tool for a variety of underlying tech like lvm
| 16:16:08 |
 @gdamjan:spodeli.org | stratis is an opinionated subset of LVM + XFS (I think) | 18:11:14 |
| @gdamjan:spodeli.org | doesn't even do raid :/ | 18:11:24 |
| @mberndt:matrix.org | In reply to @gdamjan:spodeli.org
stratis is an opinionated subset of LVM + XFS (I think) It's not based on LVM. | 18:56:12 |
| @mberndt:matrix.org | It uses DM though. | 18:56:23 |
| Arian | hmm. I think doing NixOS activation in the initrd was a mistake. You can't boot images with systemd-nspawn anymore that use systemd initrd | 21:43:35 |
| Arian | We should move it to early stage-2 | 21:44:09 |
| Arian | Using a DefaultDependencies=no systemd unit | 21:44:31 |
| @elvishjerricco:matrix.org | Couple things | 21:44:41 |
| @elvishjerricco:matrix.org |
- we literally can't move it early enough in stage 2 unless it's pre-systemd, because it sets up etc and therefore the systemd units
| 21:45:08 |
| Arian | for systemd units we can use the SYSTEMD_UNITS env var | 21:45:34 |
| @elvishjerricco:matrix.org |
- It gets us a lot to have it in stage 1. Like if anything in activation fails we get a proper recovery environment
| 21:45:40 |
| Arian | (This is documented and stable) | 21:45:44 |
