| 21 Nov 2023 |
 Jan Tojnar | In reply to @drupol:matrix.org
Must be done in https://github.com/fossar/nix-phps * yeah, I still have not come up with a good warning for nix-phpgs | 10:10:10 |
| Jan Tojnar | this stuff is hard, we have the same issue with meta.knownVulnerabilities in Nixpkgs | 10:11:08 |
| Jan Tojnar | maybe something like displaying big red This software contains XYZ security vulnerabilities in its dependency tree. and then explain the alternatives | 10:12:09 |
| Jan Tojnar | but getting the CVE data is still difficult problem | 10:12:24 |
 Pol | The idea is not to show the CVE... just say that it is no more supported. Maybe with a link pointing to a list of CVE ? | 10:13:51 |
| Jan Tojnar | My theory is that most people do not comprehend abstract, which is why you need "There are at least 135 ways for hackers to steal your identity and eat your pet hamster if you use this unsupported version of software." | 10:27:54 |
| Jan Tojnar | Though the question of degree of our responsibility is one without a clear answer, so the necessary amount of sufficient precautions is difficult to quantify. | 10:30:25 |
| 22 Nov 2023 |
| Jan Tojnar | Just to exaggerate for point, if you give away small nuclear bombs with a meal, it does not matter if you add a warning “You and everyone you love will DIE horribly, if you use this toy in a populated area.” at the and of a day, someone will try to project-orion around their suburb on their skateboard. | 06:38:38 |
|  Heisfer joined the room. | 10:01:30 |
| 23 Nov 2023 |
 w | In reply to @drupol:matrix.org
Are you using the new PHP/Composer builder in nixpkgs? How can I check it? | 01:29:52 |
| 24 Nov 2023 |
| Pol | In reply to @wjjunyor:matrix.org
How can I check it? Are you using the function pkgs.php.buildComposerProject ? | 09:37:22 |
| Pol | Gaël Reyrol: Got news on FrankenPHP ? | 09:37:40 |
| 25 Nov 2023 |
 Gaël Reyrol | I didn't had enough time this week to go further. But one think is actually wrong, it is the way I fetch go modules, it is not reproducible and make the changes between compilations. I have to fix this. Still the PR is publishes on nixpkgs but in draft mode. | 07:49:51 |
| Gaël Reyrol | * I didn't had enough time this week to go further. But one think is actually wrong, it is the way I fetch go modules, it is not reproducible and make the hash change between compilations. I have to fix this. Still the PR is publishes on nixpkgs but in draft mode. | 07:50:28 |
| Gaël Reyrol | * I didn't had enough time this week to go further. But one think is actually wrong, it is the way I fetch go modules, it is not reproducible and make the hash change between compilations. I have to fix this. Still the PR is published on nixpkgs but in draft mode. | 07:50:54 |
| Gaël Reyrol | https://github.com/NixOS/nixpkgs/pull/268665 | 07:51:26 |
| Pol | Nice, feel free to ping Kevin Dunglas in case of issue | 11:13:07 |
| w | In reply to @drupol:matrix.org
Are you using the function pkgs.php.buildComposerProject ? No. Just knew about it when I googled. I'll try it. | 12:43:14 |
| Gaël Reyrol | Sure, I need to fork the main repository and see if I can build his project with go vendor mod instead of relying on modules from the $GOPATH. | 13:45:49 |
| Gaël Reyrol | I mean, it is in fact possible but it misses an internal dependency that is not included in the vendor mod, it is a raw C library: https://github.com/dunglas/frankenphp/tree/main/C-Thread-Pool | 13:48:12 |
| Gaël Reyrol | turns out I just needed to enable vendorProxy = true; to fix this | 15:29:27 |
| Gaël Reyrol | I didn't knew about this in buildGoModule derivation | 15:29:42 |
| Gaël Reyrol | Last thing is to fix this pie mode, which require to use musl instead of glibc | 15:30:40 |
| Gaël Reyrol | * Last thing is to fix this pie buildmode, which require to use musl instead of glibc | 15:30:54 |
| Gaël Reyrol | Turns out that golang still do not include non go files when vendoring : https://github.com/golang/go/issues/26366 | 15:33:28 |
| Gaël Reyrol | * It is worth to mention that golang still do not include non go files when vendoring : https://github.com/golang/go/issues/26366 | 15:33:43 |
| Gaël Reyrol | I am not sure I want to try to compile it with musl, it will take ages 🤣 | 15:45:38 |
| Gaël Reyrol | Pol: the PR is ready to review :) | 15:52:50 |
| Pol | Il manque le mainProgram | 16:11:47 |
| Pol | Ah non sorry ! :) | 16:12:00 |
