| 21 Jan 2025 |
 jean-paul. | (and it is a mess of Python which looks miserable to try to understand/fix) | 13:12:33 |
 maralorn | MangoIV might know about this. ^ | 13:28:30 |
 MangoIV | I have done a very cursed thing for wire once but you’ll have to do some adjustments for it to work with your project. | 13:29:58 |
| MangoIV | It’s a two stage process where first we extract meta data from the nix code (this has to be done in nix because dependencies are not easy to analyse outside of it (main reason being string contexts) and then after you collect this json there’s a pretty simple haskell script that builds an SBOM from it | 13:30:58 |
| jean-paul. | I guess since the requested format for this particular SBOM is "table in google docs" maybe I should just write the nix expression to get the info and then sed/copy/paste/whatever | 13:32:35 |
| MangoIV | https://github.com/wireapp/wire-server/blob/0b236a6560a3fe228dae5898a0b840b573b23922/nix/wire-server.nix#L477
This is the entry point to the nix code ^
https://github.com/wireapp/wire-server/blob/develop/hack/bin/bombon.hs
This is the entry point to the haskell code
| 13:34:42 |
| MangoIV | https://github.com/wireapp/wire-server/blob/develop/hack/bin/Sbom.hs | 13:35:01 |
| jean-paul. | MangoIV: Thanks | 13:35:04 |
| MangoIV | There’s some really cursed issues with extracting info from nix code but since this is a one off I duct tape fixed them | 13:36:07 |
| MangoIV | So don’t expect a „clean“ solution | 13:36:22 |
| MangoIV | (Also yes, it’s expected for the nix script to memory leak like crazy and take multiple minutes) | 13:37:35 |
| MangoIV | If you wanna improve it, probably don’t do the recursion manually but use genericClosure. That should also fix the problem with nixpkgs being an actual graph (vs a tree) | 13:38:31 |
| jean-paul. | probably won't, going for minimum effort here as the motivation appears to by CYA rather than anything remotely valuable, interesting, or useful | 13:39:17 |
| MangoIV | It probably won’t be useful anyway. All tools that I have seen work with SBom have an insanely high false positive rate and none of this stuff is actionable at all (except if you’re able to spend half of your companies time on it) | 13:42:17 |
 emily | hmm, what kind of SBOM only covers direct dependencies? | 14:43:10 |
| emily | I thought including the whole tree was kind of the point | 14:43:23 |
| jean-paul. | The kind where someone is just checking a box because someone told them to check a box, I think | 15:02:08 |
| jean-paul. | Another team has to do this for a non-Nix JavaScript project with >3000 transitive dependencies, someone was probably worried about wasting a whole week on this instead of just a morning | 15:03:17 |
| maralorn | I mean I have basically one question: Do we have AGPL in our closure.^^ | 15:04:22 |
| maralorn | * I mean I have basically one question: Do we have AGPL in our closure?^^ | 15:04:25 |
 João Moreira | Okay, I was able to do it. If anyone could please review, merge: https://github.com/NixOS/nixpkgs/pull/371934 | 21:37:39 |
| João Moreira | * Okay, I was able to do it thanks to y'all. If anyone could please review, merge: https://github.com/NixOS/nixpkgs/pull/371934 | 21:37:52 |
| João Moreira | I also want to package HVM3 in this same approach in the future. | 21:38:44 |
|  oak 🏳️🌈♥️ changed their profile picture. | 22:35:12 |
| oak 🏳️🌈♥️ changed their profile picture. | 22:37:00 |
| 23 Jan 2025 |
|  tobz619 joined the room. | 10:14:02 |
| 24 Jan 2025 |
 KSP Atlas | is there a good way to use the Haskell VSCode extension on NixOS? It seems to depend on GHCup which can't be installed because it depends on a package marked as broken | 14:09:12 |
| KSP Atlas | ill send this in the main haskell room too since i feel it would fit in both | 14:10:05 |
| maralorn | KSP Atlas: That extension is usable without ghcup. Use the manual install option and install HLS via Nix. GHCUP does not offer working binaries for nixos so there is no point in fixing its build. | 14:26:15 |
| maralorn | * KSP Atlas: That extension is usable without ghcup. Use the "manual install" option and install HLS via Nix. GHCUP does not offer working binaries for nixos so there is no point in fixing its build. | 14:26:27 |
