| 7 Jun 2022 |
 @linus:schreibt.jetzt | In reply to @schnecfk:ruhr-uni-bochum.de
One point might be that sudo allows somewhat fine-grained restriction on executed commands (But that requires you to know what you'll run) But if you're running something you just copied over... | 07:54:43 |
| @linus:schreibt.jetzt | (Which is necessarily the case with a nixos configuration) | 07:55:22 |
 CRTified | True 🤔 | 08:22:37 |
| @linus:schreibt.jetzt | In reply to @schnecfk:ruhr-uni-bochum.de
And in a sense, it allows for crude 2FA (SSH with pubkey, sudo with pw) Are people doing that? | 08:49:23 |
| CRTified | I don't know, but I've seen that reason a few times (not limited to colmena), always with the advice to make root as inaccessible as possible | 09:11:53 |
| 8 Jun 2022 |
 Wanja Hentze | How do you folks feel about adding a --interactive or --confirm (actual name can be bikeshed) option to colmena that makes it prints the list of target hosts and asks you to confirm before proceeding? | 16:56:51 |
| 9 Jun 2022 |
 Zhaofeng Li | That sounds like a reasonable feature to add | 03:42:09 |
|  Taeer Bar-Yam joined the room. | 13:25:40 |
| Taeer Bar-Yam | I'm hoping someone here can help me out. If not, I'll open an issue on the github. I can't get --keep-result to do anything. I'm running colmena build --keep-result, and it doesn't create any .gcroots directory. I've tried it with and without flakes. | 16:39:06 |
| Zhaofeng Li | In reply to @shine:proqqul.net
I'm hoping someone here can help me out. If not, I'll open an issue on the github. I can't get --keep-result to do anything. I'm running colmena build --keep-result, and it doesn't create any .gcroots directory. I've tried it with and without flakes. The current implementation only creates GC roots as one of the last steps after a successful activation (not build). It should probably be moved to after the build. | 16:56:15 |
| Zhaofeng Li | (done) | 18:33:07 |
| Taeer Bar-Yam | Thank you! <3 I was trying to make that change myself and getting bogged down in where exactly mut should and shouldn't go (not a rust programmer) | 18:46:49 |
| Taeer Bar-Yam | Oh. Hm... I'm still having the same behaviour (nothing being produced with --keep-result) | 18:47:14 |
| Zhaofeng Li | Hmm, it does create them for me with colmena build | 18:56:13 |
| Taeer Bar-Yam | Aha! It works when using flakes, but not without | 18:57:48 |
| Taeer Bar-Yam | presumably it doesn't know how to find the hive directory in a non-flake build | 18:58:03 |
| Zhaofeng Li | Weird, it should be able to create GC roots with non-flakes (actually we are only testing it in the non-flake path in the end-to-end tests) | 19:00:28 |
| Zhaofeng Li | Just tried and it does work in the non-flakes case | 19:01:47 |
| Taeer Bar-Yam | oh never mind, I see it now. | 19:09:28 |
| Taeer Bar-Yam | I think i might have just been looking in the wrong place | 19:09:37 |
| Taeer Bar-Yam | anyway, this works great. thank you :) | 19:22:21 |
| 10 Jun 2022 |
|  lblasc joined the room. | 08:54:46 |
| 18 Jun 2022 |
 @blaggacao:matrix.org | Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream.
I think I'm just not ready yet for forking, so I'd appreciate if I can build on those building blocks. | 02:10:55 |
| @blaggacao:matrix.org | * Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream.
I think I'm just not ready yet for fully forking, so I'd appreciate if I can build on those building blocks. | 02:11:12 |
| @blaggacao:matrix.org | * Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream.
I think I'm just not ready yet for fully forking, so I'd appreciate if I could build on those building blocks. | 02:11:26 |
| @blaggacao:matrix.org | * Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream. | 02:11:56 |
|  @atharvaamritkar:matrix.org joined the room. | 10:03:38 |
| 19 Jun 2022 |
| Zhaofeng Li | In reply to @blaggacao:matrix.org
Hey Zhaofeng Li: would you be willing to consider https://github.com/zhaofengli/colmena/pull/89?
I wanted to continue hacking along on my colmena adoption, but I feel like a tightrope walker without security if I need to deviate too much from upstream. Hi sorry, been busy in the past couple of days. Minimizing the eval interface should be fine and I'll review and merge it today. | 20:09:17 |
| Zhaofeng Li | Note that the eval interface is still subject to change in the near future, like for the upcoming auto rollback feature as well as https://github.com/zhaofengli/colmena/pull/96 | 20:09:18 |
| @blaggacao:matrix.org | Since using deploy-rs, I never used the auto-rollback feature. But this is probably less a fault of the rollback fearure amd more of the systemd-mediated choreographed (not orchestrated) reconciliation loop. | 20:49:17 |
