| 16 Oct 2025 |
 matthewcroughan | nixosConfigurations.musl = nixosConfigurations.base.extendModules {
modules = [
./musl.nix
{
nixpkgs.buildPlatform = (inputs.nixpkgs.lib.systems.elaborate "aarch64-unknown-linux-musl");
nixpkgs.hostPlatform = inputs.nixpkgs.lib.recursiveUpdate (inputs.nixpkgs.lib.systems.elaborate "aarch64-unknown-linux-musl") {};
}
];
};
| 18:06:48 |
| matthewcroughan | * nixosConfigurations.musl = nixosConfigurations.base.extendModules {
modules = [
./musl.nix
{
nixpkgs.buildPlatform = (inputs.nixpkgs.lib.systems.elaborate "aarch64-unknown-linux-musl");
nixpkgs.hostPlatform = inputs.nixpkgs.lib.recursiveUpdate (inputs.nixpkgs.lib.systems.elaborate "aarch64-unknown-linux-musl") {};
}
];
};
| 18:06:49 |
 dramforever | i think it's entirely a coincidence that fb-re2 ever worked for python3 | 18:06:53 |
| matthewcroughan | Like is there anything wrong with line 5 and 6 three? | 18:06:55 |
| matthewcroughan | * Like is there anything wrong with line 5 and 6 there? | 18:06:57 |
| matthewcroughan | Because that causes pkgsMusl.pkgsStatic.musl to end up inside of the closure | 18:07:06 |
| matthewcroughan | musl.nix is nothing, just this https://github.com/MatthewCroughan/nixos-musl/blob/refactor/musl.nix | 18:08:29 |
| dramforever | try nix why-depends? | 18:18:13 |
| matthewcroughan | That's visible in the nom graph i | 18:23:12 |
| matthewcroughan | * That's visible in the nom graph | 18:23:13 |
| matthewcroughan | ┃ ┌─ ⏸ run-nixos-vm
┃ │ ┌─ ⏵ initrd-udev-rules ⏱ 9m54s
┃ │ ├─ ⏵ initrd-units ⏱ 10m41s
┃ │ ┌─ ⏸ initrd-linux-6.17.3
┃ │ ┌─ ⏸ boot.json
┃ │ │ ┌─ ⏸ security-wrapper-passwd-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ ├─ ⏸ security-wrapper-su-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ ├─ ⏸ security-wrapper-newuidmap-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ ├─ ⏸ security-wrapper-mount-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ ├─ ⏸ security-wrapper-fusermount-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ ├─ ⏸ security-wrapper-unix_chkpwd-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ ├─ ⏸ security-wrapper-newgrp-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ ├─ ⏸ security-wrapper-fusermount3-aarch64-unknown-linux-musl waiting for 1 ⏵
┃ │ │ │ ┌─ ⏸ aarch64-unknown-linux-musl-gcc-14.3.0 waiting for 1 ⏵
┃ │ │ │ ├─ ⏸ aarch64-unknown-linux-musl-binutils-wrapper-2.44 waiting for 1 ⏵
┃ │ │ │ ├─ ⏵ musl-static-aarch64-unknown-linux-musl-1.2.5 (buildPhase) ⏱ 11m4s
┃ │ │ │ ┌─ ⏸ aarch64-unknown-linux-musl-gcc-wrapper-14.3.0
┃ │ │ │ ┌─ ⏸ stdenv-linux
┃ │ │ ├─ ⏸ security-wrapper-umount-aarch64-unknown-linux-musl
┃ │ │ ┌─ ⏸ unit-script-suid-sgid-wrappers-start
┃ │ │ ┌─ ⏸ unit-suid-sgid-wrappers.service
┃ │ │ ┌─ ⏸ system-units
┃ │ │ ┌─ ⏸ etc-json
┃ │ │ ┌─ ⏸ etc-dump
┃ │ ├─ ⏸ etc-metadata.erofs
┃ │ ┌─ ⏸ nixos-system-nixos-25.11.20251016.6bec4e9
┃ │ ┌─ ⏸ closure-info
┃ │ ├─ ⏵ linux-6.17.3 (buildPhase) ⏱ 5m44s
┃ ├─ ⏸ nixos-system-nixos-25.11.20251016.6bec4e9
┃ ⏸ nixos-vm
┣━━━ Builds
┗━ ∑ ⏵ 4 │ ✔ 36 │ ⏸ 34 │ ⏱ 11m17s
| 18:23:38 |
| matthewcroughan | musl-static-aarch64-unknown-linux-musl-1.2.5 there on line 16 | 18:24:13 |
| matthewcroughan | security-wrapper-umount-aarch64-unknown-linux-musl wants it | 18:24:23 |
| matthewcroughan | because the stdenv wants it | 18:24:32 |
| dramforever | ah, that makes sense, the wrappers are pkgsStaic | 18:30:06 |
| dramforever | * ah, that makes sense, the wrappers are pkgsStatic | 18:30:10 |
| matthewcroughan | Oh, is there a reason they have to be pkgsStatic? | 18:30:22 |
| matthewcroughan | I didn't expect that | 18:30:26 |
| dramforever | # This is security-sensitive code, and glibc vulns happen from time to time.
# musl is security-focused and generally more minimal, so it's a better choice here.
# The dynamic linker is still a fairly complex piece of code, and the wrappers are
# quite small, so linking it statically is more appropriate.
| 18:31:29 |
| dramforever | trying to make the security sensitive programs minimal | 18:31:44 |
| dramforever | i guess | 18:31:47 |
| dramforever | fb-re2 https://github.com/facebook/pyre2/compare/main...dramforever:pyre2:fix-py3-type | 18:35:03 |
| dramforever | ideally someone actually familiar with python should take a look but this should be correct | 18:35:27 |
| dramforever | this is one of those "how did this ever work???" things | 18:35:43 |
| matthewcroughan | I mean, reading the news on the musl website indicates that it too has pretty bad vulns from time to time | 18:36:09 |
| matthewcroughan | And the speed of their website is concerning | 18:36:24 |
| dramforever | the speed feels like they compile a fresh copy of musl every time i load a page | 18:38:20 |
| matthewcroughan | It's more like it is running on a disposable vape, running mus | 18:39:00 |
| matthewcroughan | * It's more like it is running on a disposable vape, running musl | 18:39:02 |
| matthewcroughan | https://bogdanthegeek.github.io/blog/projects/vapeserver/ | 18:39:11 |
