| 28 Nov 2024 |
 infinisil | Perhaps there should be some automation that always checks for a diff between master and all the releases, and makes a PR to match it if not | 20:37:50 |
| infinisil | Very low priority though, this doesn't affect much of anything | 20:38:06 |
 Tristan Ross | I've got https://github.com/NixOS/nixpkgs/pull/359945 & https://github.com/NixOS/nixpkgs/pull/359948 in the queue for the before the final release stuff. Working on the "Gather some information about the release for the final announcement" step, if I've missed anything in the PR's please lmk. | 21:36:54 |
| Tristan Ross | 49079 commits & 2669 contributors in 24.11 | 21:38:26 |
| Tristan Ross | Now let's see if my 128GB Ampere Altra Q64-22 has enough resources to generate those JSON files. My MBP OOM'd when I tried it lol. | 21:39:57 |
| Tristan Ross | New: 8141
Rem: 3970
Upd: 20975 | 21:49:26 |
| Tristan Ross | Modules added: 119
Modules removed: 30 | 21:51:34 |
| Tristan Ross | Options added: 1706
Options removed: 556 | 21:54:32 |
| infinisil | 🚀 | 22:03:18 |
 Sandro | I think I found a potential release blocker https://github.com/NixOS/nixpkgs/pull/360008 which should be fast to fix. | 23:42:59 |
| 29 Nov 2024 |
 hexa | modsecurity <> wants ipc | 02:24:29 |
| hexa | 2024 is calling | 02:24:32 |
| hexa | Sandro 🐧: that code has been there since 2022/2023, so how can it be a release blocker now? | 02:26:28 |
| hexa | 
Download image.png | 02:27:05 |
| Tristan Ross | I have my eyes set on Saturday for the release. I'll get some PR's queued up and they should be mergable then for the "At final release time" work. | 03:52:53 |
 getchoo | In reply to @hexa:lossy.network
Sandro 🐧: that code has been there since 2022/2023, so how can it be a release blocker now? it seems using pcre2 over pcre1 to build nginx made it start using syscalls filtered by that set. his original comment says a fix is to override nginx with pcre1, backing this up | 04:25:28 |
| Tristan Ross | Got the PR's queued up:
- https://github.com/NixOS/nixos-homepage/pull/1593
- https://github.com/NixOS/infra/pull/515
| 04:40:27 |
| Tristan Ross | There's not much I'll be able to do while I'm at work on Saturday but this should let me push buttons on my phone when I have the chance so it'll be easier then. | 04:42:54 |
| Sandro | In reply to @hexa:lossy.network
Sandro 🐧: that code has been there since 2022/2023, so how can it be a release blocker now? Emily switched pcre to pcre2 a week ago and backported that | 12:26:27 |
| Sandro | Overriding pcre2 with pcre also fixes the crash | 12:26:41 |
| Sandro | So we can also just revert that :P | 12:26:48 |
| Sandro | btw this is true for any service consuming any library that is going to be switched. I saw that libgit2 or libssh2 was also switched and now theoretically any service consuming those might just crash when triggering pcre2 jit based on individual configs or even user input | 12:27:51 |
| Sandro | * btw this is true for any service consuming any library that is going to be switched. I saw that libgit2 or libssh2 was also switched and now theoretically any service consuming those might just crash when triggering pcre2 jit based on individual configs or even user input and it is blocking memfd_create in hardening | 12:28:33 |
 lennart | In reply to @rosscomputerguy:matrix.org
Got the PR's queued up:
- https://github.com/NixOS/nixos-homepage/pull/1593
- https://github.com/NixOS/infra/pull/515
there was one mention of 24.05 hidden, left a comment | 12:30:30 |
| lennart | ah two | 12:32:01 |
| lennart | in the announcement post | 12:32:18 |
 vcunat | In reply to @sandro:supersandro.de
btw this is true for any service consuming any library that is going to be switched. I saw that libgit2 or libssh2 was also switched and now theoretically any service consuming those might just crash when triggering pcre2 jit based on individual configs or even user input and it is blocking memfd_create in hardening That's how these hardenings work. (Annoying to me honestly, but I get there's a tradeoff.) | 12:32:55 |
| vcunat | The worst thing is that the usage of a syscall is often conditioned by some kind of user settings.. | 12:33:40 |
| vcunat | * The worst thing is that the usage of a syscall is often conditioned by some kind of user settings... so you may not find out immediately. | 12:33:53 |
| Sandro | We just shouldn't push this a week before release when manually testing is required | 12:33:53 |
