| 7 Jul 2024 |
 emily | try nix derivation show $(readlink -f $(which ssh)) | 20:29:00 |
 matthewcroughan | The server is in a bit of a memory exploded state | 20:29:27 |
| matthewcroughan | dmesg has logs I see on my scrappy servers when bad memory things happen :D | 20:29:41 |
| matthewcroughan | Looks like the only patches are
"patches": "/nix/store/isik6ifcjxpw22sfh3kz37galficc78c-locale_archive.patch /nix/store/6id7rg81nbkx9r9pxvax7nssr11xdaas-gss-serv.c.patch?id=a7509603971ce2f3282486a43bb773b1b522af83 /nix/store/ybb4xs45dkngdf3x1xnxqgzn5zmv5alf-dont_create_privsep_path.patch /nix/store/7jbzj9s2wkbznn93ga3aqka6vfx06gjg-ssh-keysign-8.5.patch",
| 20:30:27 |
| matthewcroughan | * Looks like the only patches are
"patches": "/nix/store/isik6ifcjxpw22sfh3kz37galficc78c-locale_archive.patch /nix/store/6id7rg81nbkx9r9pxvax7nssr11xdaas-gss-serv.c.patch?id=a7509603971ce2f3282486a43bb773b1b522af83 /nix/store/ybb4xs45dkngdf3x1xnxqgzn5zmv5alf-dont_create_privsep_path.patch /nix/store/7jbzj9s2wkbznn93ga3aqka6vfx06gjg-ssh-keysign-8.5.patch",
| 20:30:30 |
| matthewcroughan | So yes, it is in fact vulnerable :D | 20:31:20 |
| emily | then I guess it's vulnerable | 20:31:24 |
| matthewcroughan | Shall we do a wordpress and hack it to fix it? | 20:31:43 |
| matthewcroughan | It'd probably just end up rebooting into the generation with the vulnerability anyway | 20:32:13 |
| emily | good luck, I don't think anyone has exploited it on a 64-bit system | 20:32:25 |
| matthewcroughan | Ah right, forgot about that | 20:32:39 |
 zowoq | In reply to @matthewcroughan:defenestrate.it
Who is it that controls aarch64.nixos.community anyway? The nixos infra team: https://matrix.to/#/#infra:nixos.org | 23:03:25 |
 hexa | yes and no | 23:04:29 |
| hexa | well, yes. | 23:04:43 |
| hexa | https://github.com/NixOS/aarch64-build-box | 23:05:17 |
| 8 Jul 2024 |
| hexa | figsoda: please https://github.com/nix-community/nix-init/pull/419 | 04:12:16 |
| hexa | * figsoda: ptal https://github.com/nix-community/nix-init/pull/419 | 04:12:38 |
|  @papalpenguin:matrix.org changed their profile picture. | 05:31:17 |
|  dish [Fox/It/She] changed their display name from Pyrox [Fox/It/She/They] to Pyrox [Fox/It/She]. | 06:53:16 |
 Mic92 | I can also merge if figsoda is too busy. | 08:30:08 |
|  thubrecht left the room. | 09:11:02 |
|  Nick Kadutskyi joined the room. | 19:29:51 |
| 9 Jul 2024 |
|  eyJhb joined the room. | 10:23:35 |
|  nospaces joined the room. | 22:00:28 |
| 10 Jul 2024 |
| emily | zowoq: could you turn off auto-optimise-store on Darwin? it is infamously broken (https://github.com/NixOS/nix/issues/7273, I've seen outright store corruption too though) | 20:39:00 |
| emily | I can PR this if desired | 20:39:11 |
| emily | we have a nix.optimise module for periodic optimization jobs in nix-darwin that may or may not be less broken (at the very least it's fewer opportunities for whatever race condition is going on) | 20:39:33 |
| 11 Jul 2024 |
| zowoq | I've disabled it on the community builder. The two CI builders only have a 256gb disk so we don't have much room to work with there. We're running gc every hour to ensure we have free space for builds, might try to run optimise every few hours? | 01:51:18 |
| emily | thanks, the community builder is where it was breaking for me anyway :) | 10:30:32 |
| emily | I'm not sure if it's something about auto-optimise-store itself that causes the brokenness or if it's the optimization linking stuff racing with builds (which obviously auto-optimise-store would make worse) | 10:30:54 |
