| 29 Nov 2024 |
 hexa | Sandro 🐧: that code has been there since 2022/2023, so how can it be a release blocker now? | 02:26:28 |
| hexa | 
Download image.png | 02:27:05 |
 Tristan Ross | I have my eyes set on Saturday for the release. I'll get some PR's queued up and they should be mergable then for the "At final release time" work. | 03:52:53 |
 getchoo | In reply to @hexa:lossy.network
Sandro 🐧: that code has been there since 2022/2023, so how can it be a release blocker now? it seems using pcre2 over pcre1 to build nginx made it start using syscalls filtered by that set. his original comment says a fix is to override nginx with pcre1, backing this up | 04:25:28 |
| Tristan Ross | Got the PR's queued up:
- https://github.com/NixOS/nixos-homepage/pull/1593
- https://github.com/NixOS/infra/pull/515
| 04:40:27 |
| Tristan Ross | There's not much I'll be able to do while I'm at work on Saturday but this should let me push buttons on my phone when I have the chance so it'll be easier then. | 04:42:54 |
 Sandro | In reply to @hexa:lossy.network
Sandro 🐧: that code has been there since 2022/2023, so how can it be a release blocker now? Emily switched pcre to pcre2 a week ago and backported that | 12:26:27 |
| Sandro | Overriding pcre2 with pcre also fixes the crash | 12:26:41 |
| Sandro | So we can also just revert that :P | 12:26:48 |
| Sandro | btw this is true for any service consuming any library that is going to be switched. I saw that libgit2 or libssh2 was also switched and now theoretically any service consuming those might just crash when triggering pcre2 jit based on individual configs or even user input | 12:27:51 |
| Sandro | * btw this is true for any service consuming any library that is going to be switched. I saw that libgit2 or libssh2 was also switched and now theoretically any service consuming those might just crash when triggering pcre2 jit based on individual configs or even user input and it is blocking memfd_create in hardening | 12:28:33 |
 lennart | In reply to @rosscomputerguy:matrix.org
Got the PR's queued up:
- https://github.com/NixOS/nixos-homepage/pull/1593
- https://github.com/NixOS/infra/pull/515
there was one mention of 24.05 hidden, left a comment | 12:30:30 |
| lennart | ah two | 12:32:01 |
| lennart | in the announcement post | 12:32:18 |
 vcunat | In reply to @sandro:supersandro.de
btw this is true for any service consuming any library that is going to be switched. I saw that libgit2 or libssh2 was also switched and now theoretically any service consuming those might just crash when triggering pcre2 jit based on individual configs or even user input and it is blocking memfd_create in hardening That's how these hardenings work. (Annoying to me honestly, but I get there's a tradeoff.) | 12:32:55 |
| vcunat | The worst thing is that the usage of a syscall is often conditioned by some kind of user settings.. | 12:33:40 |
| vcunat | * The worst thing is that the usage of a syscall is often conditioned by some kind of user settings... so you may not find out immediately. | 12:33:53 |
| Sandro | We just shouldn't push this a week before release when manually testing is required | 12:33:53 |
| Sandro | I mean it even took me over an hour of debugging with prior knowledge of the same issue in a different place | 12:35:28 |
 fpletz | In reply to @sandro:supersandro.de
We just shouldn't push this a week before release when manually testing is required I agree that we should revert the pcre2 switch in 24.11. That was clearly premature. | 18:07:15 |
|  lassulus changed their profile picture. | 18:29:49 |
|  alaliliiso joined the room. | 20:10:22 |
| 30 Nov 2024 |
| Tristan Ross | Starting the release process | 15:04:10 |
| Tristan Ross | https://github.com/NixOS/nixpkgs/pull/359948 this PR failed to backport and I don't have the time to backport manually | 15:05:16 |
| Tristan Ross | I found time to backport it | 15:42:18 |
| Tristan Ross | Nixpkgs related stuff for release is done, just needs the homepage & infra PR's merged | 15:42:45 |
| vcunat | Cancelling the last two jobs in nixpkgs-24.11-darwin, so that the channel can advance. (it's ~12 days old right now) | 16:29:47 |
| vcunat | They were probably stuck anyway, running for many hours already. | 16:30:10 |
| Tristan Ross | Alright | 16:31:24 |
| Tristan Ross | The last thing is the NixOS search needs an update but I can't do it on my phone lol. | 16:31:54 |
