| 2 Jul 2024 |
 emily | does nix flake update without any parameters make a difference? if not, can you post your flake.nix maybe? | 18:47:04 |
 flyx | nix flake update does update other referenced flakes, but not nixpkgs. my flake is a longer business, here's the inputs section:
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
utils.url = "github:numtide/flake-utils";
home-manager = {
url = "github:nix-community/home-manager/release-24.05";
};
colmena = {
url = "github:zhaofengli/colmena/v0.3.2";
inputs.utils.follows = "utils";
};
dsa41heldendokument = {
url = "github:flyx/DSA-4.1-Heldendokument";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "utils";
};
nimyaml = {
url = "github:flyx/NimYAML";
inputs.utils.follows = "utils";
};
nyarna-web = { url = "github:nyarnalang/website"; };
};
| 18:50:06 |
| emily | are you sure it's not that there are other nixpkgs inputs in your dependencies that you're not overriding and that aren't getting updated? | 18:51:09 |
| emily | often you'll have e.g. nixpkgs_2 etc. in the lock | 18:51:19 |
| flyx | ah, that makes sense. yeah, I looked at the wrong nixpkgs, silly. thanks! | 18:56:04 |
| flyx | my original problem was that after the update, I wouldn't get a patched OpenSSH on my server, so I tried to figure out why that would be as it should be in nixos-24.05. the lock file apparently was the wrong place to look for the problem | 18:56:30 |
| emily | are you sure it's not patched? | 19:04:44 |
| emily | the version wasn't bumped or anything | 19:04:47 |
| emily | (yes, this means it's kind of hard to tell whether you're vulnerable, sorry; it was a big rush) | 19:05:07 |
|  @mewp:nurupo.pl left the room. | 19:05:12 |
| emily | you can check your ssh matches nix path-info github:NixOS/nixpkgs/nixos-24.05#openssh or such | 19:06:11 |
| flyx | ah. I was checking for 9.8p1 and my sshd shows 9.7p1 but the path does match. thanks again! | 19:08:49 |
| emily | yeah, 9.8p1 is a major release with breaking changes so we used upstream's few-line patches for old versions on stable instead | 19:09:29 |
| emily | I imagine this is going to keep coming up though, so maybe we should consider adding some kind of indication | 19:09:47 |
| emily | I think upstream does not care about releasing official security fix releases for old versions unfortunately :( | 19:10:17 |
| emily | how were you checking, -V output? | 19:10:35 |
| flyx | I did systemctl status sshd.service and looked at the nix store path in the last line under CGroup | 19:12:40 |
| emily | thanks | 19:21:22 |
| emily | so maybe changing the derivation name would have helped | 19:21:27 |
| flyx | yeah, that would have been noticeable | 19:22:49 |
| 3 Jul 2024 |
|  -=h0p3=- joined the room. | 03:22:13 |
|  @winston:milli.ng left the room. | 13:42:52 |
|  zebrag joined the room. | 19:06:19 |
|  vandycarlos joined the room. | 19:37:27 |
| 4 Jul 2024 |
|  monadam joined the room. | 00:25:13 |
|  @petrichor:envs.net left the room. | 07:48:51 |
|  @d:bugpara.de left the room. | 08:47:06 |
|  @philiptaron:matrix.org left the room. | 15:46:12 |
|  Benedikt changed their display name from Soispha to Benedikt. | 19:10:45 |
 mindslight | emily: ft ft ft were were were were we were were k | 21:33:36 |
