| 23 Aug 2024 |
 jade_ | In reply to @niksnut:matrix.org
How does that explain the minutes-long slowdown on macOS and some docker containers? oh that's a different bug sorry | 18:29:50 |
 niksnut | not sure we're talking about the same issue | 18:29:50 |
 kjeremy | git bisect? | 18:38:54 |
| kjeremy | I just saw a post on discourse that is most likely the root of https://github.com/NixOS/nix/issues/7698. I did a quick perf run and noticed that 20% of the time for the pythonCross case is spent in GC_mark_from | 21:50:21 |
| 24 Aug 2024 |
|  @shymega:one.ems.host changed their display name from Dom Rodriguez (shymega) to [DEPRECATED] Dom 'shymega' Rodriguez. | 01:58:29 |
|  summit0 joined the room. | 06:06:40 |
|  cafkafk changed their profile picture. | 07:02:20 |
 trofi | Fun fact: glibc does not survive CA-derivation transformation: ld-linux.so has the code that does memcmp("/nix/store/path", p, N) and gcc transforms that into a sequence of movabs $part1, %rax; xorq %rax, %rsi; jne ...; movabs $part2, %rax; ... dilutin the original store path into 8-byte chunks. CA-transformation can't rewrite that and loses paths at https://sourceware.org/git/?p=glibc.git;a=blob;f=elf/dl-load.c;h=8a89b71016d426796e602b60555696649871c6ae;hb=HEAD#l162 | 12:34:16 |
 emily | 😱 | 14:20:25 |
| emily | does that mean GCC breaks conservative root scanning in general? | 14:21:11 |
| trofi | I think so | 15:13:00 |
 @aloisw:kde.org | Well, at least that can be worked around by putting a plaintext file containing the reference somewhere. | 15:16:09 |
| @aloisw:kde.org | With CA stuff you're out of luck. | 15:16:19 |
| emily | we could have some kind of CA rewrite hook thing. not sure what properties that would break. | 15:17:11 |
| emily | feeling vindicated in my hopeless opinion that store path self-reference should not be allowed 🫠| 15:17:41 |
| emily | anyway, I assume you could hack around this by inserting whatever black boxes or linker script indirection or whatever is required to make GCC unable to see system_dirs | 15:18:37 |
| @aloisw:kde.org | In reply to @emilazy:matrix.org
feeling vindicated in my hopeless opinion that store path self-reference should not be allowed 🫠This will only make things worse, since it rejects the cases that do work, while allowing the cases that don't. | 15:18:49 |
| emily | true and fair in this case. I guess what I mean is that we would have already had to patch the world to not do this kind of thing. | 15:19:27 |
| emily | (anyway, I assume the resulting package is ~broken as-is) | 15:19:39 |
| @aloisw:kde.org | In reply to @aloisw:kde.org
This will only make things worse, since it rejects the cases that do work, while allowing the cases that don't. Well, allowing some of the cases that don't, things where only a checksum is broken would now be rejected too. | 15:20:36 |
| trofi | We can disable CA derivation on glibc if really needed. But it would be even nicer if nix was able to detect unstable derivations at least in --check mode: https://github.com/NixOS/nix/issues/5336 | 15:21:51 |
| 25 Aug 2024 |
|  @accelbread:matrix.org left the room. | 03:42:38 |
|  LinearArray changed their profile picture. | 05:01:34 |
 tomberek | Reverted the "/proc/homeless-shelter" PR due to it breaking existing Nixpkgs behavior. | 17:09:58 |
 puck | i still believe this was an entirely misguided attempt to fix a completely different issue here, one specifically to do with building nix under an unsandboxed (or not properly sandboxed) environment, when looking at https://github.com/NixOS/nix/issues/11295 | 17:12:12 |
| @aloisw:kde.org | Single-user sandbox is not unsandboxed. | 17:15:35 |
| puck | yeah, i got that much from the fact it worked entirely unsandboxed. but that still raises the question of what kind of sandbox it was running in, and what was missing | 17:17:07 |
| @aloisw:kde.org | It is running in the single-user sandbox, where you can write to the root filesystem (potentially after a chmod, don't remember the details) because it's not mounted read-only. | 17:18:00 |
| puck | it's hard to figure out what is exactly going on here because it's not a build in WSL2 that's failing, but a build inside a build that is | 17:19:52 |
| @aloisw:kde.org | You don't even need WSL2, just build Nix (needs to be cppnix, Lix has a workaround) using an unprivileged user while pointing --store to some path. | 17:22:49 |
