| 7 Oct 2025 |
 Grimmauld (any/all) | diff --git a/pkgs/by-name/au/audit/package.nix b/pkgs/by-name/au/audit/package.nix
index 215cda4ba459..f4dbb79518be 100644
--- a/pkgs/by-name/au/audit/package.nix
+++ b/pkgs/by-name/au/audit/package.nix
@@ -75,6 +75,9 @@ stdenv.mkDerivation (finalAttrs: {
libcap_ng
];
+ # audit is built with asan, and asan breaks with pie on some kernels
+ env.NIX_CFLAGS_COMPILE = "-no-pie";
+
configureFlags = [
# z/OS plugin is not useful on Linux, and pulls in an extra openldap
# dependency otherwise
try this one then, i guess
| 16:48:13 |
 dramforever | well i guess you've thought about pkgsStatic and pkgsMusl so it's probably okay | 16:48:32 |
| dramforever | i just thought it was dysfunctional before as well | 16:48:40 |
| dramforever | which doesn't make sense | 16:48:50 |
| Grimmauld (any/all) | but tbh i am at the end of my knowledge, i can't repro and i am lost with pie/asan, so this is just throwing shit at the wall and seeing what sticks | 16:49:01 |
 Lun | the dysfunction was in hardeningflags infra rather than just turning it on by default using the toolchain flags everyone else has been using for a decade | 16:49:04 |
| Lun | is this some cursed issue where the hardened kernel widens the number of bits used for layout randomization and ASAN assumes it can store info in them? | 16:49:31 |
 Randy Eckenrode | Are they releasing a new SDK? | 16:55:15 |
 Willi Butz | (just to confirm, the tests do indeed no longer pass after switching the local machine to 6_12_hardened) | 16:56:56 |
| Grimmauld (any/all) | oh thats amazing info!! | 16:57:16 |
| Lun | What's in /proc/sys/vm/mmap_rnd_bits after that swap? | 16:57:30 |
 K900 | They literally did | 16:57:41 |
| K900 | A few hours ago | 16:57:49 |
| K900 | 1.4.328 | 16:57:59 |
| K900 | No KosmicKrisp AFAICT | 16:58:06 |
| Willi Butz | 32 | 16:58:15 |
| Lun | alright probably that's the issue :/ | 16:58:30 |
| Randy Eckenrode | It was mentioned on the MoltenVK issue tracker that it’s coming in December. | 16:58:43 |
| Willi Butz | 28 on the other local machine without _hardened | 16:59:00 |
| Lun | Is this broken at runtime too? If it's just check fails during build we could skip then when mmap_rnd_bits > 28 | 16:59:04 |
| Grimmauld (any/all) | i am surprised audit is the first thing to run into that | 16:59:12 |
| K900 | Oof please don't | 16:59:24 |
| Grimmauld (any/all) | i believe all of audit is currently built with asan | 16:59:33 |
| Grimmauld (any/all) | which would make this fail runtime too | 16:59:45 |
| Randy Eckenrode | The MR for KosmicKrisp is out there. Someone on r/macgaming tested it. It’s unsurprisingly slower and missing some extensions. | 16:59:50 |
| Randy Eckenrode | (Optional ones, presumably.) | 16:59:59 |
| Lun | Reportedly llvm 20+'s ASAN should work with mmap_rnd_bits 32 though, what asan is audit getting? | 17:00:13 |
| Randy Eckenrode | IIRC that’s how Honeykrisp landed. | 17:00:27 |
| K900 | Well yes | 17:00:39 |
| K900 | But it's not like | 17:00:42 |
