| 7 Oct 2025 |
 Grimmauld (any/all) | gcc | 17:00:44 |
 Randy Eckenrode | * | 17:00:45 |
 K900 | Released properly | 17:00:45 |
| K900 | OK FINAL PYSIDE BUILD PLEASE | 17:01:25 |
| Randy Eckenrode | If I had time, I’d play with it and start working on the Darwin packaging story. I don’t right now, unfortunately. | 17:01:43 |
| Grimmauld (any/all) | actually Willi Butz you mind testing pkgsLLVM.audit on hardened kernel? | 17:01:51 |
| Grimmauld (any/all) | if Lun is correct, that one should work... | 17:02:11 |
| Grimmauld (any/all) | and then we'll need to figure out how to fix this mess | 17:02:30 |
 dramforever | @reckenrode:matrix.org: hi did you get the thing where i changed the bootstrap tarball fom aarch64-apple-darwin to arm64-apple-darwin? i hoped you were the right one to ask | 17:02:41 |
| dramforever | no hurry, just thought someone should know | 17:02:55 |
| Grimmauld (any/all) | people running hardened kernel probably need to meet some compliance stuff, and if audit is broken that isn't good in that environment... | 17:02:59 |
| Grimmauld (any/all) | tbh i am more and more tempted to just patch out the asan bit from audit... | 17:03:48 |
 Lun | apparently ubuntu is defaulting mmap_rnd_bits 32, wonder what they did for audit | 17:04:15 |
| Grimmauld (any/all) | i can go look | 17:04:28 |
| Grimmauld (any/all) | but they may not even do audit, they have their apparmor and they shoehorn everything into that | 17:04:46 |
| Grimmauld (any/all) | huh, they just use the debian package | 17:05:48 |
| Grimmauld (any/all) | time to look at that | 17:05:56 |
| K900 | NOPE WE'RE DOING THIS AGAIN | 17:07:59 |
| Grimmauld (any/all) | ugh, is salsa down? | 17:08:06 |
| Lun | I can reach it | 17:09:49 |
| Randy Eckenrode | I saw the ping, but I wasn’t sure what change is needed as a follow up. | 17:11:39 |
| K900 | https://github.com/NixOS/nixpkgs/pull/449572 | 17:13:15 |
| K900 | Don't merge just yet | 17:13:18 |
| K900 | But soon | 17:13:19 |
| Grimmauld (any/all) | nothing special about asan in the ubuntu/debian package either | 17:18:59 |
| Grimmauld (any/all) | good news:
diff --git a/nixos/tests/audit.nix b/nixos/tests/audit.nix
index d3fc558aeec8..a90ef85f117f 100644
--- a/nixos/tests/audit.nix
+++ b/nixos/tests/audit.nix
@@ -18,6 +18,7 @@
];
backlogLimit = 512;
};
+ boot.kernelPackages = pkgs.linuxPackages_hardened;
security.auditd = {
enable = true;
plugins.af_unix.active = true;
and the VM test still passes
| 17:23:08 |
| Grimmauld (any/all) | so this likely does not actually affect users | 17:23:16 |
| Grimmauld (any/all) | diff --git a/auparse/test/Makefile.am b/auparse/test/Makefile.am
index 0692843..f1405eb 100644
--- a/auparse/test/Makefile.am
+++ b/auparse/test/Makefile.am
@@ -33,12 +33,7 @@ DISTCLEANFILES = $(CLEANFILES)
AM_CPPFLAGS = -I${top_srcdir}/auparse -I${top_srcdir}/lib -I${top_srcdir}/common \
-I${top_srcdir}/src
-if HAVE_ASAN
-AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign ${WFLAGS} ${ASAN_FLAGS}
-AM_LDFLAGS = ${ASAN_FLAGS}
-else
AM_CFLAGS = -D_GNU_SOURCE -Wno-pointer-sign ${WFLAGS}
-endif
STATIC_LINK = -static
lookup_test_SOURCES = lookup_test.c
does the build succeed with this patch against audit?
| 17:26:16 |
| Grimmauld (any/all) | if that works, thats what i'll go do | 17:26:41 |
| Grimmauld (any/all) | because thats just asan for the test | 17:26:53 |
