| 19 Oct 2025 |
 Grimmauld (any/all) | i did fall into the glibc trap too... The default apparmor stuff pulls glibc for some reason too | 17:19:46 |
| Grimmauld (any/all) | i should fix that some day | 17:19:52 |
 matthewcroughan | Well it's not being tested by hydra so it's not like failures will be noticed | 17:20:08 |
| matthewcroughan | but now there's my flake, and I'm hoping to make it auto-update against nixpkgs | 17:20:38 |
| Grimmauld (any/all) | https://github.com/NixOS/nixpkgs/blob/8e0428720b47ab71cccfc98d2461d2c9f27e1ec6/nixos/modules/security/apparmor/includes.nix#L98
this is... wonky | 17:20:52 |
| matthewcroughan | Yeah, in my nixos-musl flake I get around that with https://github.com/MatthewCroughan/nixos-musl/blob/master/musl.nix#L18C3-L19C1 | 17:21:37 |
| matthewcroughan | And it works | 17:21:42 |
| Grimmauld (any/all) | lol | 17:21:52 |
| Grimmauld (any/all) | fair enough XD | 17:21:59 |
| matthewcroughan | I have my 47M image booted on an rk3588 right now | 17:22:17 |
| matthewcroughan | 47MB is about how big glibc itself is lol | 17:22:35 |
| matthewcroughan | 
Download image.png | 17:23:05 |
| matthewcroughan | systemd could stand to lose some weight | 17:23:14 |
| matthewcroughan | An annoying, not-overridable part of the bootstrap is gmp-with-cxx | 17:23:41 |
| matthewcroughan | coreutils-aarch64-unknown-linux-musl-9.8 12.47 MiB (8.96 MiB)│ gmp-with-cxx-aarch64-unknown-linux-musl-6.3.0 10.78 MiB (7.27 MiB) | 17:23:51 |
| matthewcroughan | which makes core-utils weigh 7MiB more | 17:23:58 |
| matthewcroughan | * which makes coreutils weigh 7MiB more | 17:24:01 |
| matthewcroughan | and it's only needed by systemd for a few small thigns | 17:24:12 |
| matthewcroughan | * and it's only needed by systemd for a few small things | 17:24:15 |
| matthewcroughan | probably not arithmetic expressions | 17:24:19 |
| matthewcroughan | btw, it turns out that the closure size of cross-compiled outputs tends to be larger, for some reason | 17:32:47 |
| matthewcroughan | * btw, it turns out that the closure size of natively-compiled outputs tends to be larger, for some reason | 17:33:17 |
| matthewcroughan | Hah damn, I'm getting to the point where compression isn't making a huge difference, 40MiB now by removing some dbus systemd stuff | 17:34:48 |
| matthewcroughan | 60MiB uncompressed, 40MiB compressed | 17:35:02 |
| matthewcroughan | if I throw -Oz on systemd it will chop off 2MB | 17:35:25 |
| matthewcroughan | 39.3 MiB, image.raw.zst) | 17:43:10 |
| matthewcroughan | Okay, maybe I should stop now | 17:43:14 |
| 20 Oct 2025 |
| Grimmauld (any/all) | matthewcroughan: https://github.com/NixOS/nixpkgs/pull/453557/commits/f3b1b7752116a278b0d9e63b956cb44b832941fa
@Sigmanificient has managed to make the musl build work, and forcing the musl version of the package still has a succeeding test:
diff --git a/nixos/tests/login-nosuid.nix b/nixos/tests/login-nosuid.nix
index cdd14478d02c..7f6242294fe0 100644
--- a/nixos/tests/login-nosuid.nix
+++ b/nixos/tests/login-nosuid.nix
@@ -21,6 +21,8 @@
security.enableWrappers = false;
security.pwaccess.enable = true;
+ security.pwaccess.package = pkgs.pkgsMusl.pwaccess;
+
environment.systemPackages = [ pkgs.which ];
# pam debug without giant rebuild
So, you may be able to just take that whole PR, set security.pwaccess.enable = true; and security.enableWrappers = false;, and then have suid-less login!
| 09:40:19 |
| Grimmauld (any/all) | who needs suid anyways :P | 09:42:52 |
| 23 Oct 2025 |
 Electro | Trying to cross compile the linux kernel with clang, finding that for some reason pkgsCross.aarch64-multiplatform.buildPackages.clang does not not have arm_neon.h. Looks like for some reason it's set up to just use --gcc-toolchain= pointing to the aarch64 gcc toolchain, which in my experience always runs into these incompatible header issues. The build finds this one, but it seems some of the types are messed up when it's used for clang. I've always been baffled by clang's intent to be a cross-compiler, but always being so difficult :(
Would appreciate if anyone has any suggestions on how to approach these kinds of problems.
| 00:22:26 |
