| 12 Jul 2025 |
 jade_ | who improved the pgrep -af nix-daemon output? it's really nice now :D | 02:50:40 |
| jade_ | oh! https://git.lix.systems/lix-project/lix/src/9dbf46f57374a99311f0c23de40b2d4c657becf5/lix/nix/daemon.cc#L369-L388 we shipped that? hell yeah | 02:52:20 |
| jade_ | 100% in favour on doing this for our in tree builds, though we will have to set it up so it actually runs the tests on every build on client machines as that does still find bugs with some frequency. | 04:03:43 |
 emily | In reply to @jade_:matrix.org
100% in favour on doing this for our in tree builds, though we will have to set it up so it actually runs the tests on every build on client machines as that does still find bugs with some frequency. right, install check should be the top level derivation. ps big wins available if you implement ninja style validations where a separate drv is required to make the outputs of the one it validates valid but its build does not block builds of downstream drvs (only their marking valid) | 08:59:49 |
| emily | getting tests out of the critical chain in Nixpkgs would be so nice... | 09:00:26 |
 puck | In reply to @jade_:matrix.org
oh! https://git.lix.systems/lix-project/lix/src/9dbf46f57374a99311f0c23de40b2d4c657becf5/lix/nix/daemon.cc#L369-L388 we shipped that? hell yeah wait how many fork()s are left??? | 09:02:11 |
 K900 | How many spoons does it cost to get rid of a fork | 09:05:42 |
 raitobezarius | In reply to @puck:puck.moe
wait how many fork()s are left??? The POSIX spawn work was done some months ago but postponed because we probably need our own posix_spawn for shitty reasons | 09:42:18 |
| emily | what are the reasons? | 10:59:42 |
| raitobezarius | I don't have my notes / laptop with me and I don't remember, let me get back to you on Sunday or Monday if that's ok | 11:03:32 |
|  @georgyo:nycr.chat joined the room. | 20:28:41 |
| 13 Jul 2025 |
 Sergei Zimmerman (xokdvium) | Lix still does the fork hack in the bindConnectProcHelper, to work around the darwin unix socket path limitations? https://github.com/lix-project/lix/blob/2090853b8026ebac17eae181e36bd68ca1f424f2/lix/libutil/unix-domain-socket.cc#L69-L85
At least in cppnix this code path is now being exercised with the build-dir changes (as emily noted above).
The curious thing is that with the darwin sandbox bind to the socket fails with EPERM in the forked process with the "relaxed" and full sandbox.
Any clue what's going on there?
| 15:03:45 |
| emily | might be https://gerrit.lix.systems/c/lix/+/3500? | 15:05:33 |
| emily | if you're testing the daemon inside a build, that is | 15:05:55 |
| Sergei Zimmerman (xokdvium) | Thanks, I have no clue what that didn't get merged to cppnix. Thanks | 15:06:35 |
| emily | I think Lix shipped without it too so Unix sockets in the build sandbox probably don't get enough QA 😅 | 15:10:22 |
| emily | you can't nest the Darwin sandbox, and even "unsandboxed" builds set up a basic sandbox with the macOS API, so it has basically no CI coverage | 15:10:47 |
| emily | https://gerrit.lix.systems/c/lix/+/3521 was an attempt to make a test you could at least run under _NIX_TEST_NO_SANDBOX but I couldn't get it to function | 15:11:28 |
|  Marie changed their profile picture. | 20:12:29 |
| 14 Jul 2025 |
| jade_ | raitobezarius: anything I have to do to make forward progress on https://gerrit.lix.systems/c/lix/+/3633? I would like to get at least an initial configuration of codeowners in place so that I don't have to keep messing with owners overrides if possible. | 05:27:20 |
| jade_ | (oh the reason it was not seeing my default codeowner entry to begin with was that I didn't have jade@lix.systems registered as a gerrit email. woops. fixed) | 05:31:12 |
| jade_ | * (oh the reason it was not seeing my default codeowner entry to begin with was that I didn't have jade@lix.systems registered as a gerrit email. woops. fixed. that fixes the owners override shenanigans but i still would like to permit more reviewers) | 05:47:45 |
| raitobezarius | In reply to @jade_:matrix.org
raitobezarius: anything I have to do to make forward progress on https://gerrit.lix.systems/c/lix/+/3633? I would like to get at least an initial configuration of codeowners in place so that I don't have to keep messing with owners overrides if possible. Will review today yes | 08:49:25 |
| raitobezarius | jade_ sent +2 for the changes | 11:24:13 |
| raitobezarius | we can figure out what we want to be with the reviewer list as we go | 11:24:26 |
| raitobezarius | my biggest aim is to reduce the toil on active reviewers like pennae or me who has to subscribe to the firehose right now | 11:24:41 |
|  vai joined the room. | 16:20:25 |
| 15 Jul 2025 |
| raitobezarius | aloisw you asked about CVE details — https://labs.snyk.io/resources/nixos-deep-dive/ | 13:36:00 |
| raitobezarius | this doesn't cover yet CVE-2025-46416 | 13:36:06 |
 aloisw | Thank you. Is my understanding correct that CVE-2025-52991 only applies once you already have the directory emptying (or otherwise deletion of the build directory)? | 15:05:58 |
