| 15 Jan 2023 |
 @elvishjerricco:matrix.org | oh wait ok, sorry I didn't realize you were saying the following check was the problem. That's what I get for reading these messages on my phone without reading the links :P | 12:17:34 |
| @elvishjerricco:matrix.org | we probably need to come up with some better agreement with the systemd folks for how to live with all this dlopen crap | 12:19:48 |
| @elvishjerricco:matrix.org | * we probably need to eventually come up with some better agreement with the systemd folks for how to live with all this dlopen crap | 12:19:56 |
 K900 | Why can't we just add those to rpath/ | 12:21:00 |
| K900 | * Why can't we just add those to rpath? | 12:21:02 |
 @arianvp:matrix.org | flokli: didn't u find this dlopen thingy that valve uses? | 12:21:04 |
| @arianvp:matrix.org | In reply to @k900:0upti.me
Why can't we just add those to rpath? We could actually | 12:21:49 |
| @elvishjerricco:matrix.org | In reply to @k900:0upti.me
Why can't we just add those to rpath? IIRC that didn't work for some reason? Either that or we were being picky and wanted to make systemd use absolute paths so it would be harder to trick it | 12:21:52 |
| @arianvp:matrix.org | We did this trick because it makes the build fail if you forget any deps | 12:22:09 |
 @nickcao:nichi.co | Maybe just paying more attention to the failing tests is enough. | 12:22:14 |
| @elvishjerricco:matrix.org | ah | 12:22:15 |
| @nickcao:nichi.co | They ought to have caught this. | 12:22:20 |
| @nickcao:nichi.co | https://github.com/NixOS/nixpkgs/pull/210896 | 12:23:24 |
| @nickcao:nichi.co | I'm testing the fix tomorrow. | 12:23:57 |
| @elvishjerricco:matrix.org | Hm, why patch these dlopen calls instead of just double checking that they'll be found (correctly) in RPATH? | 12:30:46 |
| @elvishjerricco:matrix.org | We trying to avoid LD_LIBRARY_PATH shenanigans or something? | 12:31:03 |
| @nickcao:nichi.co | The other distros would also be vulnerable, is RPATH is considered harmful. | 12:33:33 |
| @nickcao:nichi.co | * The other distros would also be vulnerable, if RPATH is considered harmful. | 12:33:41 |
| @nickcao:nichi.co | I think the best way forward is convince upstream to use configure options for absolute paths to these libs. | 12:34:41 |
| @nickcao:nichi.co | Security, maintainability, usability, take all three of them. | 12:35:13 |
| @elvishjerricco:matrix.org | Yea the systemd commit says it's not really a security measure since they use secure_getenv | 12:36:18 |
| @elvishjerricco:matrix.org | Not really sure what that does | 12:36:43 |
 @janne.hess:helsinki-systems.de | In reply to @elvishjerricco:matrix.org
Not really sure what that does https://linux.die.net/man/3/secure_getenv | 12:37:07 |
| @elvishjerricco:matrix.org | Yea I saw that but I'm not exactly sure what the implication is | 12:37:58 |
| @janne.hess:helsinki-systems.de | the case that we might hit is: the process has a nonempty permitted capability set. | 12:38:07 |
|  dadada joined the room. | 15:13:07 |
| @elvishjerricco:matrix.org | Nice, my initrd networkd PR has officially demonstrated value over scripted initrd networking. I've always had problems where initrd networking on my home server wouldn't work when I need it most: After a power outage. I'm pretty sure the server starts back up before my router, so its initrd fails to get a DHCP lease quick enough and gives up. systemd initrd networkd managed without issue | 21:01:25 |
| 24 Jan 2023 |
 flokli | ElvishJerricco: can we merge it in? | 23:24:22 |
| 25 Jan 2023 |
 @vika:fireburn.ru | Huh, that's weird:
Jan 25 06:17:24 localhost systemd[1]: Found device WD PC SN740 SDDPNQD-1T00-1027 nixos-hydrangea.
Jan 25 06:17:24 localhost systemd[1]: Found device WD PC SN740 SDDPNQD-1T00-1027 swap-hydrangea.
Jan 25 06:17:24 localhost systemd[1]: Starting Cryptography Setup for nixos-hydrangea...
Jan 25 06:17:24 localhost systemd[1]: Starting Cryptography Setup for swap-hydrangea...
Jan 25 06:17:24 localhost systemd-cryptsetup[312]: TPM2 driver name 'device' not valid, refusing.
Jan 25 06:17:24 localhost systemd-cryptsetup[311]: TPM2 driver name 'device' not valid, refusing.
This has worked before, but stopped after an update. Maybe someone here is wise enough to know what's up?
| 03:51:56 |
| @vika:fireburn.ru | Thankfully if I boot an older system, it does work, so at least it's not my TPM being broken! | 03:52:16 |
