| 2 Jun 2021 |
 Reventlov | Redacted or Malformed Event | 12:30:38 |
| Reventlov | Redacted or Malformed Event | 12:31:17 |
 Regnat | In reply to @rgrunbla:matrix.org
hey Regnat , about https://github.com/NixOS/nix/issues/4859#issuecomment-852980341, how come it was working at some point ? Was that before content addressed nix ? I think that references in CA paths were just ignored before https://github.com/NixOS/nix/commit/0abb3ad53795aa3a4792d30e5721a337f0eddfb7 , so things were kinda-working | 12:34:59 |
| Regnat | (But ignoring the references is actually unsound) | 12:35:14 |
| 4 Jun 2021 |
| Regnat | Eelco Dolstra John Ericson I think I forgot to mention, but I’ll be off on monday, so I won’t join the Nix-CAS weekly | 11:02:42 |
|  rycee joined the room. | 21:44:44 |
| rycee | Howdy. I'm a bit curious, does anybody know if there has been any work done on supporting suid executables natively in Nix? Specifically, how one would do it securely (if at all possible) while still allowing user profiles? | 21:59:00 |
| 6 Jun 2021 |
 Mic92 | In reply to @rycee:rycee.net
Howdy. I'm a bit curious, does anybody know if there has been any work done on supporting suid executables natively in Nix? Specifically, how one would do it securely (if at all possible) while still allowing user profiles? I guess it would require a separate user set of users that are allowed to install setuid binaries and a nix-daemon for sure. To allow creating setuid binaries while building one could employ usernamespaces. After the build the nix-daemon would need to shift uids back. One issue still is that the nix store only knows one uid (0), which does not cover all use cases of setuid. | 07:06:59 |
| Mic92 | To be honest I think the current approach of not having this in nix but external sounds cleaner to me. | 07:07:29 |
| 7 Jun 2021 |
 manveru | is anyone working on a fix for https://github.com/NixOS/nix/issues/4893 ? | 14:33:17 |
 John Ericson | In reply to @joerg:bethselamin.de
To be honest I think the current approach of not having this in nix but external sounds cleaner to me. yeah the design of setuid binaries is pretty ugly to begin with | 14:53:20 |
| Mic92 | For NUR users there is now: #nur:bethselamin.de | 21:29:34 |
| 8 Jun 2021 |
 abathur | rycee Curious what your use-case is? I doubt it's directly helpful, but I have a narrowly-related need (via resholve) for build-time references to valid run-time setuid executables (to resolve sudo invocations in shell scripts, for example) | 01:53:17 |
| Regnat | In reply to @manveru:matrix.org
is anyone working on a fix for https://github.com/NixOS/nix/issues/4893 ? I am not, but the fix should be rather easy. Feel free to ping me if you want to do it and need some pointers | 04:37:59 |
| Regnat | Has anyone thought about implementing a dedicated GC for Nix rather than (ab)using boehm? I wonder how much work that would be, and how much we could gain from it | 07:22:51 |
| manveru | Regnat: i don't particularly want to do it, since I'm pretty much a noob when it comes to C++, but i guess it doesn't hurt to learn and beats waiting :) | 07:49:04 |
| manveru | at least it doesn't look like those nasty race conditions and GC segfaults, so I might have a chance to actually understand it | 07:50:14 |
| Regnat | In reply to @manveru:matrix.org
Regnat: i don't particularly want to do it, since I'm pretty much a noob when it comes to C++, but i guess it doesn't hurt to learn and beats waiting :) I didn’t try it, but I guess just changing the logic here to handle the case where attrSet->pos == nullptr should be enough for a quick fix | 07:56:12 |
| manveru | ok, thanks | 07:59:37 |
| manveru | Regnat: so... comparing doesn't seem to work, no match for ‘operator==’ (operand types are ‘nix::Pos’ and ‘std::nullptr_t’) | 08:10:20 |
| manveru | i guess this has to happen before it dereferences the pointer | 08:11:14 |
| Regnat | Yes, it has to, the lhs of the == should be a nix::Pos*. What did you write precisely. | 08:11:52 |
| Regnat | * Yes, it has to, the lhs of the == should be a nix::Pos*. What did you write precisely? | 08:11:54 |
| manveru | gotta wait for the compilation... seems to get further now :) | 08:14:42 |
| manveru | running make in the devShell seems to fail because of some aws thingy, but nix build .#nix works | 08:18:55 |
| manveru | In file included from /nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/x86_64-unknown-linux-gnu/bits/c++allocator.h:33,
from /nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/allocator.h:46,
from /nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/memory:64,
from src/libutil/ref.hh:3,
from src/libstore/s3.hh:5,
from src/libstore/s3-binary-cache-store.cc:3:
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/ext/new_allocator.h: In instantiation of ‘void __gnu_cxx::new_allocator<_Tp>::construct(_Up*, _Args&& ...) [with _Up = nix::AwsLogger; _Args = {const Aws::Utils::Logging::LogLevel&}; _Tp = nix::AwsLogger]’:
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/alloc_traits.h:512:17: required from ‘static void std::allocator_traits<std::allocator<_Tp1> >::construct(std::allocator_traits<std::allocator<_Tp1> >::allocator_type&, _Up*, _Args&& ...) [with _Up = nix::AwsLogger; _Args = {const Aws::Utils::Logging::LogLevel&}; _Tp = nix::AwsLogger; std::allocator_traits<std::allocator<_Tp1> >::allocator_type = std::allocator<nix::AwsLogger>]’
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr_base.h:551:39: required from ‘std::_Sp_counted_ptr_inplace<_Tp, _Alloc, _Lp>::_Sp_counted_ptr_inplace(_Alloc, _Args&& ...) [with _Args = {const Aws::Utils::Logging::LogLevel&}; _Tp = nix::AwsLogger; _Alloc = std::allocator<nix::AwsLogger>; __gnu_cxx::_Lock_policy _Lp = __gnu_cxx::_S_atomic]’
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr_base.h:682:16: required from ‘std::__shared_count<_Lp>::__shared_count(_Tp*&, std::_Sp_alloc_shared_tag<_Alloc>, _Args&& ...) [with _Tp = nix::AwsLogger; _Alloc = std::allocator<nix::AwsLogger>; _Args = {const Aws::Utils::Logging::LogLevel&}; __gnu_cxx::_Lock_policy _Lp = __gnu_cxx::_S_atomic]’
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr_base.h:1371:71: required from ‘std::__shared_ptr<_Tp, _Lp>::__shared_ptr(std::_Sp_alloc_shared_tag<_Tp>, _Args&& ...) [with _Alloc = std::allocator<nix::AwsLogger>; _Args = {const Aws::Utils::Logging::LogLevel&}; _Tp = nix::AwsLogger; __gnu_cxx::_Lock_policy _Lp = __gnu_cxx::_S_atomic]’
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr.h:408:59: required from ‘std::shared_ptr<_Tp>::shared_ptr(std::_Sp_alloc_shared_tag<_Tp>, _Args&& ...) [with _Alloc = std::allocator<nix::AwsLogger>; _Args = {const Aws::Utils::Logging::LogLevel&}; _Tp = nix::AwsLogger]’
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr.h:859:14: required from ‘std::shared_ptr<_Tp> std::allocate_shared(const _Alloc&, _Args&& ...) [with _Tp = nix::AwsLogger; _Alloc = std::allocator<nix::AwsLogger>; _Args = {const Aws::Utils::Logging::LogLevel&}]’
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/bits/shared_ptr.h:875:39: required from ‘std::shared_ptr<_Tp> std::make_shared(_Args&& ...) [with _Tp = nix::AwsLogger; _Args = {const Aws::Utils::Logging::LogLevel&}]’
src/libstore/s3-binary-cache-store.cc:82:83: required from here
/nix/store/cfkfpca5ymx2rf66k6f16sa3lb6ndgc2-gcc-10.3.0/include/c++/10.3.0/ext/new_allocator.h:150:4: error: invalid new-expression of abstract class type ‘nix::AwsLogger’
150 | { ::new((void *)__p) _Up(std::forward<_Args>(__args)...); }
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/libstore/s3-binary-cache-store.cc:52:7: note: because the following virtual functions are pure within ‘nix::AwsLogger’:
52 | class AwsLogger : public Aws::Utils::Logging::FormattedLogSystem
| ^~~~~~~~~
In file included from /nix/store/pj9f7qgpvw27ri18hdk11bkp24lzqq2a-aws-sdk-cpp-1.8.121-dev/include/aws/core/Aws.h:8,
from src/libstore/s3-binary-cache-store.cc:11:
/nix/store/pj9f7qgpvw27ri18hdk11bkp24lzqq2a-aws-sdk-cpp-1.8.121-dev/include/aws/core/utils/logging/LogSystemInterface.h:46:30: note: ‘virtual void Aws::Utils::Logging::LogSystemInterface::Flush()’
46 | virtual void Flush() = 0;
| ^~~~~
make: *** [mk/patterns.mk:3: src/libstore/s3-binary-cache-store.o] Error 1
| 08:19:07 |
| manveru | anyway, after the fix it doesn't segfault anymore | 08:20:06 |
| manveru | ❮ ./result/bin/nix eval --expr 'builtins.listToAttrs [ (builtins.listToAttrs [ { name = "foo"; value = "bar"; } ])]'
error: attribute 'name' missing for call to 'listToAttrs'
at «string»:1:1:
1| builtins.listToAttrs [ (builtins.listToAttrs [ { name = "foo"; value = "bar"; } ])]
| ^
| 08:20:09 |
| manveru | will see if that also fixes my original issue :) | 08:20:36 |
| manveru | yep | 08:22:12 |
