| 16 Oct 2025 |
 matthewcroughan | For real though, the real website hosted on the disposable vape, is much faster | 18:39:32 |
| matthewcroughan |
Versions 0.9.13 through 1.2.5 are affected by CVE-2025-26519, an input-controlled out-of-bounds memory write primitive in iconv when the input encoding is EUC-KR and the output encoding is UTF-8, which could potentially be used as a vector to achieve arbitrary code execution. All users of software which may use iconv should patch (1, 2).
| 18:40:19 |
| matthewcroughan | Are we applying that patch though ? | 18:40:23 |
 rosssmyth | clock speed is half the ones I use at work, but the flash and ram are about the same | 18:41:03 |
| rosssmyth | nice | 18:41:05 |
| matthewcroughan | The vape you use at work? | 18:41:26 |
| matthewcroughan | Ah yeah looks like we are | 18:42:09 |
| matthewcroughan | dramforever: NIX_DONT_SET_RPATH = true is set in pkgs/by-name/mu/musl/package.nix, does this somehow impact your patch from earlier? | 18:42:58 |
| matthewcroughan | > aarch64-unknown-linux-musl-ar rc lib/libc.a obj/src/aio/aio.lo obj/src/aio/aio_suspend.lo obj/src/aio/lio_listio.lo obj/src/complex/__cexp.lo obj/src/complex/__cexpf.lo obj/src/complex/cab…
┃ > aarch64-unknown-linux-musl-gcc -std=c99 -nostdinc -ffreestanding -fexcess-precision=standard -frounding-math -fno-strict-aliasing -Wa,--noexecstack -D_XOPEN_SOURCE=700 -I./arch/aarch64 -I.…
┃ > -Wl,-e,_dlstart -o lib/libc.so obj/src/aio/aio.lo obj/src/aio/aio_suspend.lo obj/src/aio/lio_listio.lo obj/src/complex/__cexp.lo obj/src/complex/__cexpf.lo obj/src/complex/cabs.lo obj/src/…
┃ > aarch64-unknown-linux-musl-ranlib lib/libc.a
┃ > collect2: fatal error: cannot find 'ld'
| 18:44:00 |
| matthewcroughan | Okay, so given this.. | 18:44:02 |
| matthewcroughan | gcc is expected, but it can't find ld by the name ld I guess | 18:44:16 |
| matthewcroughan | But this also seems to happen with llvm | 18:44:27 |
| matthewcroughan | Ah right it's only called gcc because of the way we wrap things right? | 18:45:16 |
| matthewcroughan | it's the gcc-wrapper | 18:45:19 |
 dramforever | rpath is completely irrelevant when static linking | 18:46:45 |
| dramforever | including my patch | 18:46:49 |
| matthewcroughan | alright, makes sense | 18:47:02 |
| dramforever | wait, it shouldn't be using ld at this step | 18:49:21 |
| matthewcroughan | I have another issue after I set security.enableWrappers = false anyway | 18:59:39 |
| matthewcroughan | Which is that somehow, glibc-nolibgcc gets involved and fails to build gettimeofday | 18:59:53 |
| matthewcroughan | ┣━ Dependency Graph:
┃ ┌─ ✔ etc
┃ ├─ ⏸ boot.json waiting for 3 ⏵
┃ │ ┌─ ⏵ glibc-nolibgcc-aarch64-unknown-linux-musl-2.40-66 (buildPhase) ⏱ 2m12s
┃ │ ┌─ ⏸ libgcc-aarch64-unknown-linux-musl-14.3.0
┃ │ ┌─ ⏸ glibc-aarch64-unknown-linux-musl-2.40-66
┃ │ ├─ ⏵ initrd-udev-rules ⏱ 6s
┃ │ ├─ ⏵ initrd-units ⏱ 55s
┃ ├─ ⏸ initrd-linux-aarch64-unknown-linux-musl-6.17.3
┃ ┌─ ⏸ nixos-system-nixos-25.11.20251016.6bec4e9
┃ ┌─ ⏸ closure-info
┃ │ ┌─ ✔ unit-nixos-activation.service
┃ │ ┌─ ✔ user-units
┃ │ │ ┌─ ✔ unit-serial-getty-.service
┃ │ │ ├─ ✔ unit-systemd-fsck-.service
┃ │ │ ├─ ✔ unit-systemd-makefs-.service
┃ │ │ ├─ ✔ unit-systemd-mkswap-.service
┃ │ │ ├─ ✔ unit-getty-.service
┃ │ │ │ ┌─ ✔ mdadm-aarch64-unknown-linux-musl-4.4 ⏱ 2s
┃ │ │ │ ┌─ ✔ udev-rules
┃ │ │ │ ┌─ ✔ X-Restart-Triggers-systemd-udevd
┃ │ │ ├─ ✔ unit-systemd-udevd.service
┃ │ ├─ ✔ system-units
┃ │ ┌─ ✔ etc-json
┃ │ ┌─ ✔ etc-dump
┃ │ ├─ ✔ composefs-1.0.8 ⏱ 21s
┃ ├─ ✔ etc-metadata.erofs
┃ ┌─ ⏸ nixos-system-nixos-25.11.20251016.6bec4e9
┃ ┌─ ⏸ closure-info
┃ ┌─ ⏸ run-nixos-vm
┃ ⏸ nixos-vm
| 19:00:09 |
| matthewcroughan | apparently to build initrd we need glibc in a pure musl build | 19:00:26 |
| matthewcroughan | leaky leaky | 19:00:29 |
| matthewcroughan | Hmm, apparently we have a requirement for pkgsStatic in stub-ld too? dramforever | 19:04:59 |
| matthewcroughan | ┃ │ │ │ ├─ ⏵ musl-static-aarch64-unknown-linux-musl-1.2.5 (buildPhase) ⏱ 19s
┃ │ │ │ ┌─ ⏸ aarch64-unknown-linux-musl-gcc-wrapper-14.3.0
┃ │ │ │ ┌─ ⏸ stdenv-linux
┃ │ │ │ ┌─ ⏸ stub-ld-aarch64-unknown-linux-musl
┃ │ │ │ ┌─ ⏸ nixos-tmpfiles.d
┃ │ │ │ ┌─ ⏸ tmpfiles.d
┃ │ │ │ ┌─ ⏸ X-Restart-Triggers-systemd-tmpfiles-resetup
┃ │ │ ├─ ⏸ unit-systemd-tmpfiles-resetup.service
┃ │ ├─ ⏸ system-units
┃ ├─ ⏸ etc
| 19:05:02 |
| dramforever | ah yes | 19:06:06 |
| dramforever | that one also must be static | 19:06:13 |
| dramforever | it is itself a dynamic linker so it can't rely on another dynamic linker... | 19:06:32 |
| matthewcroughan | s
┃ │ │ ┌─ ⏸ libgcc-aarch64-unknown-linux-musl-14.3.0
┃ │ │ ┌─ ⏸ glibc-aarch64-unknown-linux-musl-2.40-66
┃ │ │ ┌─ ⏸ initrd-linux-aarch64-unknown-linux-musl-6.17.3
┃ │ ├─ ⏸ boot.json
┃ ├─ ⏸ nixos-system-nixos-25.11.20251016.6bec4e9
┃ ┌─ ⏸ run-nixos-vm
┃ ⏸ nixos-vm
I've gotten rid of that anyway, and now this
| 19:06:40 |
| matthewcroughan | So it looks like actually initrd itself depends on glibc | 19:07:04 |
