| 19 Oct 2025 |
 Grimmauld (any/all) | i should fix that some day | 17:19:52 |
 matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | Well it's not being tested by hydra so it's not like failures will be noticed | 17:20:08 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | but now there's my flake, and I'm hoping to make it auto-update against nixpkgs | 17:20:38 |
| Grimmauld (any/all) | https://github.com/NixOS/nixpkgs/blob/8e0428720b47ab71cccfc98d2461d2c9f27e1ec6/nixos/modules/security/apparmor/includes.nix#L98
this is... wonky | 17:20:52 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | Yeah, in my nixos-musl flake I get around that with https://github.com/MatthewCroughan/nixos-musl/blob/master/musl.nix#L18C3-L19C1 | 17:21:37 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | And it works | 17:21:42 |
| Grimmauld (any/all) | lol | 17:21:52 |
| Grimmauld (any/all) | fair enough XD | 17:21:59 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | I have my 47M image booted on an rk3588 right now | 17:22:17 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | 47MB is about how big glibc itself is lol | 17:22:35 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | 
Download image.png | 17:23:05 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | systemd could stand to lose some weight | 17:23:14 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | An annoying, not-overridable part of the bootstrap is gmp-with-cxx | 17:23:41 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | coreutils-aarch64-unknown-linux-musl-9.8 12.47 MiB (8.96 MiB)│ gmp-with-cxx-aarch64-unknown-linux-musl-6.3.0 10.78 MiB (7.27 MiB) | 17:23:51 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | which makes core-utils weigh 7MiB more | 17:23:58 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | * which makes coreutils weigh 7MiB more | 17:24:01 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | and it's only needed by systemd for a few small thigns | 17:24:12 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | * and it's only needed by systemd for a few small things | 17:24:15 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | probably not arithmetic expressions | 17:24:19 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | btw, it turns out that the closure size of cross-compiled outputs tends to be larger, for some reason | 17:32:47 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | * btw, it turns out that the closure size of natively-compiled outputs tends to be larger, for some reason | 17:33:17 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | Hah damn, I'm getting to the point where compression isn't making a huge difference, 40MiB now by removing some dbus systemd stuff | 17:34:48 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | 60MiB uncompressed, 40MiB compressed | 17:35:02 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | if I throw -Oz on systemd it will chop off 2MB | 17:35:25 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | 39.3 MiB, image.raw.zst) | 17:43:10 |
| matthewcroughan @ 39c3 (DECT 94667 or 97340 or 67192) | Okay, maybe I should stop now | 17:43:14 |
| 20 Oct 2025 |
| Grimmauld (any/all) | matthewcroughan: https://github.com/NixOS/nixpkgs/pull/453557/commits/f3b1b7752116a278b0d9e63b956cb44b832941fa
@Sigmanificient has managed to make the musl build work, and forcing the musl version of the package still has a succeeding test:
diff --git a/nixos/tests/login-nosuid.nix b/nixos/tests/login-nosuid.nix
index cdd14478d02c..7f6242294fe0 100644
--- a/nixos/tests/login-nosuid.nix
+++ b/nixos/tests/login-nosuid.nix
@@ -21,6 +21,8 @@
security.enableWrappers = false;
security.pwaccess.enable = true;
+ security.pwaccess.package = pkgs.pkgsMusl.pwaccess;
+
environment.systemPackages = [ pkgs.which ];
# pam debug without giant rebuild
So, you may be able to just take that whole PR, set security.pwaccess.enable = true; and security.enableWrappers = false;, and then have suid-less login!
| 09:40:19 |
| Grimmauld (any/all) | who needs suid anyways :P | 09:42:52 |
| 23 Oct 2025 |
 Electro | Trying to cross compile the linux kernel with clang, finding that for some reason pkgsCross.aarch64-multiplatform.buildPackages.clang does not not have arm_neon.h. Looks like for some reason it's set up to just use --gcc-toolchain= pointing to the aarch64 gcc toolchain, which in my experience always runs into these incompatible header issues. The build finds this one, but it seems some of the types are messed up when it's used for clang. I've always been baffled by clang's intent to be a cross-compiler, but always being so difficult :(
Would appreciate if anyone has any suggestions on how to approach these kinds of problems.
| 00:22:26 |
| Electro | * Trying to cross compile the linux kernel with clang, finding that for some reason pkgsCross.aarch64-multiplatform.buildPackages.clang does not have arm_neon.h. Looks like for some reason it's set up to just use --gcc-toolchain= pointing to the aarch64 gcc toolchain, which in my experience always runs into these incompatible header issues. The build finds this one, but it seems some of the types are messed up when it's used for clang. I've always been baffled by clang's intent to be a cross-compiler, but always being so difficult :(
Would appreciate if anyone has any suggestions on how to approach these kinds of problems.
| 00:22:40 |
