| 30 Nov 2023 |
 Ilan Joselevich (Kranzes) | Hercules uses runc for its effects | 16:11:59 |
| Ilan Joselevich (Kranzes) | So there's lots of layers of hardening and sandboxing | 16:12:20 |
| Ilan Joselevich (Kranzes) | Robert might just be paranoid | 16:12:27 |
| Ilan Joselevich (Kranzes) | Because that used to be his main reason against it | 16:12:42 |
 Mic92 | Maybe this is also to make the environment that is local the same as on the ci machine | 16:12:54 |
| Ilan Joselevich (Kranzes) | Effects are basically rootless oci containers with access to the Internet and nix daemon of host | 16:14:26 |
| Ilan Joselevich (Kranzes) | I also have a PR open for adding systemd hardening to the agent on top of that | 16:15:25 |
 Robert Hensing (roberth) | I'm in the process of doing some optimizations around Hercules' I/O, which is currently where the eval latency is | 18:15:08 |
| Robert Hensing (roberth) | Indeed effect sandbox is for both security and reproducibility of the environment | 18:15:34 |
| 1 Dec 2023 |
|  @lotte:chir.rs changed their profile picture. | 09:44:32 |
|  Moritz Hedtke set their display name to Moritz Hedtke. | 11:08:12 |
 zowoq | We're switching a couple of the community machines for better ones, the CI systems and the build box may be down for a bit but hopefully not for too long. | 21:35:32 |
| Ilan Joselevich (Kranzes) | What specs difference? | 22:13:17 |
| 2 Dec 2023 |
| zowoq | The new machine is a ryzen 9 3900 12 core, 128gb RAM, 2x 1.92tb nvme for CI (buildbot/hercules/hydra).
The machine that used to do CI will become the community build box.
See https://github.com/nix-community/infra/pull/989.
| 00:17:14 |
|  mao_tse-tung joined the room. | 04:20:32 |
| 3 Dec 2023 |
| Mic92 | zowoq: raitobezarius It would be interesting if change fixes the github race condition that you see in lanzaboote: https://github.com/Mic92/buildbot-nix/commit/590f31eb6f205a47313a3525cd504fa4a405b6a4#diff-df8c266d76f942a320d71b583a24da5fa8ecd8135993a696f376dbd960359be7R334 | 15:23:25 |
| Mic92 | (not yet deployed on build03) | 15:23:31 |
| Mic92 | Do you have a better way of reproducing the issue? | 15:24:20 |
| Mic92 | I wasn't able to trigger this anymore | 15:24:33 |
| zowoq | In reply to @joerg:thalheim.io
(not yet deployed on build03) It has been deployed. | 22:25:55 |
| 4 Dec 2023 |
| Ilan Joselevich (Kranzes) | do we have some community darwin box I can use? | 03:06:00 |
 Lily Foster | In reply to @kranzes:matrix.org
do we have some community darwin box I can use? https://nix-community.org/community-builder/ | 03:07:36 |
| Ilan Joselevich (Kranzes) | cheers | 03:09:48 |
| zowoq | In reply to @joerg:thalheim.io
zowoq: raitobezarius It would be interesting if change fixes the github race condition that you see in lanzaboote: https://github.com/Mic92/buildbot-nix/commit/590f31eb6f205a47313a3525cd504fa4a405b6a4#diff-df8c266d76f942a320d71b583a24da5fa8ecd8135993a696f376dbd960359be7R334 Looks like it worked, retried this automatically. https://buildbot.nix-community.org/#/builders/6/builds/52 | 03:14:06 |
| Ilan Joselevich (Kranzes) | 
Download image.png | 03:14:23 |
| Ilan Joselevich (Kranzes) | #1000 | 03:14:25 |
| Ilan Joselevich (Kranzes) | 🚀 | 03:14:29 |
| Ilan Joselevich (Kranzes) | zowoq
[kranzes@pongo ~]$ ssh darwin-build-box.nix-community.org
kranzes@darwin-build-box.nix-community.org: Permission denied (publickey).
seems to have deployed already, is there anything else that needs to be done?
| 03:24:10 |
| zowoq | No, it should be working. | 03:52:08 |
| Ilan Joselevich (Kranzes) | In reply to @zowoq:matrix.org
No, it should be working. That's really weird then | 03:55:25 |
