| 24 Jul 2025 |
 jade_ | oh right because the horrible chromim thing actually abuses a collision right? | 22:15:01 |
 emily | since the Chromium update script specifically relied on SHA-1 collisions | 22:15:03 |
| jade_ | thats still totally absurd to me that nixpkgs did that | 22:15:26 |
| emily | I'm pretty sure it was done for the meme. | 22:15:40 |
| emily | there was no technical constraint pointing to using Nix for it I think | 22:15:53 |
| emily | fwiw SHA1DC is also substantially slower than the best SHA-1 implementations, especially hardware-accelersted ones. it could be more competitive but nobody cares enough because it only matters for Git and OpenPGP. irrelevant for Nix anyway | 22:17:12 |
| jade_ | answer: not. it was a casualty of one of the not banning nazis incidents https://github.com/NixOS/nixpkgs/pull/428183 | 23:48:00 |
| 25 Jul 2025 |
| emily | btw, to be clear the Chromium update script hack was removed long ago | 00:53:12 |
| emily | so it's only relevant for historical compatibility; I think disabling SHA-1 by default with a flag to allow it is unlikely to break anyone's workflow | 00:53:30 |
|  Federico Damián Schonborn changed their display name from Wormy McWormface 🏳️🌈 (he/they) to Cat McFishface 🏳️🌈 (he/they). | 01:43:06 |
|  Simon Hauser joined the room. | 07:04:33 |
| 26 Jul 2025 |
 raitobezarius (DECT: 7248) | In reply to @emilazy:matrix.org
fwiw SHA1DC is also substantially slower than the best SHA-1 implementations, especially hardware-accelersted ones. it could be more competitive but nobody cares enough because it only matters for Git and OpenPGP. irrelevant for Nix anyway i feel like this is anyway a non-question for Lix, we are using the git CLI, if git starts using sha1dc for checking reasons, it will probably exit during one of the relevant fetching operations and we are automatically protected | 00:43:15 |
| raitobezarius (DECT: 7248) | (not that i'm disagreeing with you, but expanding on the "it only matters for Git" and how Git matters relates to Lix again) | 00:44:02 |
| raitobezarius (DECT: 7248) | emily i ended up doing a thing for the caFile stuff https://gerrit.lix.systems/c/lix/+/3765 | 00:44:24 |
| raitobezarius (DECT: 7248) | contrary to your suggestion of putting CA in the store, I went against and just fixed the small remaining part | 00:44:37 |
| raitobezarius (DECT: 7248) | the diff is smaller this way and I think it's a more correct change because I could not prove (at the current levels of fatigue) that importing in the store would be necessary | 00:45:11 |
| emily | how is this meant to work on Darwin? | 01:30:37 |
| raitobezarius (DECT: 7248) | for a while, I convinced myself that chroot works on Darwin | 01:31:21 |
| raitobezarius (DECT: 7248) | but your remark means that I fooled myself | 01:31:26 |
| emily | it does not | 01:31:37 |
| raitobezarius (DECT: 7248) | so… logicalTargetPath needs to be coerced to the physical location path if we cannot chroot at all | 01:31:42 |
| raitobezarius (DECT: 7248) | and… that should be sufficient, right? | 01:31:55 |
| emily | I believe you're going to recreate the complexity of https://gerrit.lix.systems/c/lix/+/2906 that lead to the store path proposal | 01:32:00 |
| raitobezarius (DECT: 7248) | (and the variable should be renamed) | 01:32:02 |
| raitobezarius (DECT: 7248) | In reply to @emilazy:matrix.org
I believe you're going to recreate the complexity of https://gerrit.lix.systems/c/lix/+/2906 that lead to the store path proposal why would that whole canonicalization be required at all | 01:32:34 |
| raitobezarius (DECT: 7248) | if the CA file appears inside the scratch path of the derivation being built | 01:32:45 |
| raitobezarius (DECT: 7248) | that whole canonicalization seems to intervene without trying to copying the CA file and just giving access to it | 01:33:13 |
| raitobezarius (DECT: 7248) | or am I missing something? | 01:33:25 |
| raitobezarius (DECT: 7248) | put in another way: canonicalization takes place in XNU which will perform POSIX path resolution for me when I copy the file inside the scratch path
all I need to do: get right the logicalTargetPath to export | 01:34:19 |
| raitobezarius (DECT: 7248) | reminder: I copy before entering into the sandbox | 01:34:25 |
