| 15 Feb 2026 |
 emily | if this fixes a nondeterminism issue then it seems dodgy to just revert it. presumably the yarn hashes are deterministic in practice but in a different way and we should match that? | 15:49:42 |
| emily | maybe upstream would even be amenable to that as it would increase compatibility of the fix? | 15:50:00 |
 Alyssa Ross | Oh it's a revert | 15:50:56 |
 K900 | I think it fixes a determinism issue if you hold the API wrong | 15:51:25 |
| emily | that said it seems unlikely that zlib-ng will guarantee bit-reproducible compression outfit forever right | 15:51:30 |
| K900 | Which yarn doesn't seem to be doing | 15:51:35 |
| K900 | Oh no it won't | 15:51:37 |
| K900 | Yarn vendors it | 15:51:39 |
| emily | so pinning a version seems unavoidable in the long run | 15:51:40 |
| K900 | We may have to do that long term anyway | 15:51:46 |
| Alyssa Ross | In which case we should not overrideAttrs and should just make a separate expression for yarn's zlib-ng. | 15:52:00 |
| emily | so adding a patch revert that violates the guidelines from the checklist doesn't seem acceptable | 15:52:07 |
| K900 | Or we slap upstream with a fish until they concede that this was a terrible idea | 15:52:08 |
 dish [Fox/It/She] | well its more an issue of having to regenerate all hashes of every dependency for every yarn package, no? unless im misunderstanding this | 15:52:15 |
| K900 | Well we can just have a separate zlib-ng-yarn | 15:52:29 |
| K900 | That's pinned to the exact version of whatever the fuck | 15:52:49 |
| emily | why do we need to do this hash in the FOD btw? | 15:53:12 |
| emily | it seems like the same kind of reproducibility-load-bearing logic that makes us reject new complex FOD dep fetchers... maintaining an old zlib forever doesn't sound fun | 15:54:14 |
| emily | we've had to patch Chromium vendored zlibs for new compilers | 15:54:37 |
| emily | the fetchCargoVendor solution is to split the fetcher FOD and the input-addressed derivation that arranges it into the format Cargo accepts, is that not viable here? | 15:57:02 |
| emily | I guess we still might need the old zlib in that drv | 15:57:19 |
| emily | it's sort of only "nice to have" to check downloads against the lock file though if we have our own hash in Nixpkgs pinning it though right? | 15:58:24 |
| emily | (but admittedly introduces another TOFU step) | 15:58:37 |
 Randy Eckenrode | I have a fix: https://github.com/NixOS/nixpkgs/pull/490757. | 17:16:24 |
| Randy Eckenrode | Do I need to target staging-next? | 17:16:59 |
 Vladimír Čunát | Yes, please. | 17:17:41 |
| Vladimír Čunát | The issue plagues staging-next already. | 17:17:51 |
| Randy Eckenrode | I retargeted staging-next. | 17:20:12 |
| Randy Eckenrode | The only issue is Linux. I didn’t do the patches conditionally. Are we okay on Linux rebuilds currently, or do I need to make these conditional? | 17:20:42 |
| emily | should probably conditionalize and revert on staging | 17:28:34 |
