| 22 Dec 2025 |
 hexa | settings = {
accept-flake-config = false;
builders-use-substitutes = true;
extra-experimental-features = [
"nix-command"
"no-url-literals"
"flakes"
];
| 23:00:27 |
| hexa | running into this situation on nixos 25.11 in nixos/infra | 23:00:40 |
| hexa | why does the nix team not own the nix module? https://github.com/NixOS/nixpkgs/pull/440438 | 23:28:36 |
| hexa | culprit was https://github.com/helsinki-systems/hydra-queue-runner/blob/master/builder-module.nix#L278 | 23:43:16 |
| hexa | which likely does not compose | 23:43:27 |
 Sergei Zimmerman (xokdvium) | Ordering of options might matter? | 23:44:06 |
| hexa | if it did that would be wild | 23:44:23 |
| Sergei Zimmerman (xokdvium) | extra- appends probably but the regular experimental-options sets it? Dunno, just a hunch | 23:44:52 |
| Sergei Zimmerman (xokdvium) | But that would be in-line with my expectations | 23:45:07 |
| hexa | https://github.com/helsinki-systems/hydra-queue-runner/pull/5/changes/7184ac1e00b1cb87f1c583325758b27b2da1a939 makes it work | 23:48:09 |
| 23 Dec 2025 |
 dramforever | today i learned that binfmt-misc can be set per-userns https://github.com/torvalds/linux/commit/21ca59b365c091d583f36ac753eaa8baf947be6f | 17:36:56 |
| dramforever | i wonder if anyone has looked into using this to isolate emulated builds. currently having binfmt-misc emulators enabled contaminates all the build sandboxes. if we can run builds each with a different set of binfmt-misc emulators that would be a huge improvement over the status quo (and i can get over my fear of enabling emulators on my machine) | 17:38:53 |
| dramforever | seems like we already run builds in a new userns if possible? | 17:40:27 |
 K900 | I do not remember how but binfmt userns is somehow fucked | 17:45:13 |
| dramforever | can we at least disable them for non-emulated builds or something | 17:47:14 |
| dramforever | well, guess i'm going to be wasting weekends looking into how fucked it is | 17:51:56 |
 Robert Hensing (roberth) | John Ericson and team, I apologize. The correct answer was ni: URLs, IETF RFC 6920 | 22:31:08 |
| Robert Hensing (roberth) |
ni:///sha-256;UyaQV-Ev4rdLoHyJJWCi11OHfrYv9E1aGQAlMO2X_-Q
Figure 1: Example ni URI
| 22:31:17 |
| Robert Hensing (roberth) | Hashes Are What Count
| 22:32:03 |
| Robert Hensing (roberth) | For an ni name of the form "ni://n-authority/alg;val?query-string"
the corresponding HTTP(S) URL produced by this mapping is
"http://h-authority/.well-known/ni/alg/val?query-string"
CA storage for NARs and tarballs?
| 22:34:48 |
| Robert Hensing (roberth) | No need to retract 2.33 ;) | 22:37:46 |
| Robert Hensing (roberth) | Well this was fun. Enjoy knowing about the existence of ni: URLs | 22:39:07 |
| Sergei Zimmerman (xokdvium) | +-------------------------------------------------------------------+
| Human-speakable form of a name for this key (truncated to 120 bits|
| in length) with checkdigit: |
| nih:sha-256-120;5326-9057-e12f-e2b7-4ba0-7c89-2560-a2;f |
+-------------------------------------------------------------------+
| 23:16:35 |
| Robert Hensing (roberth) | That is actually very important, but unfortunately it is not truly optimized for effective transfer over bad radio connections | 23:18:10 |
| Robert Hensing (roberth) | It's a start | 23:18:38 |
| 24 Dec 2025 |
 John Ericson | The use of the semicolon is interesting | 02:38:02 |
| Robert Hensing (roberth) | Nix vibes were in the air in 2013, but they forgot to press shift | 02:38:49 |
| Robert Hensing (roberth) | the vibes were too faint | 02:39:12 |
| John Ericson | I think mailto urls use semicolon | 02:39:21 |
| John Ericson | I wonder if it is with different precedence | 02:39:35 |
