| 28 Apr 2024 |
|  @federicodschonborn:matrix.org changed their profile picture. | 22:46:56 |
| @federicodschonborn:matrix.org left the room. | 23:13:48 |
| 29 Apr 2024 |
|  NixOS Moderation Botchanged room power levels. | 15:29:42 |
| 1 May 2024 |
| NixOS Moderation Botchanged room power levels. | 15:07:20 |
| 6 May 2024 |
 ris_ | just making sure you're up to date with discussions going on @ https://github.com/NixOS/nix/issues/969, https://github.com/NixOS/ofborg/issues/68, https://github.com/NixOS/rfcs/pull/171 (towards bottom of each thread) | 16:18:54 |
| ris_ | short version: the fact that a FOD will quite blindly trust a cached outpath introduces a potential cache-poisoning attack for nixpkgs if someone is able to get their malicious outpath included (somehow) in cache.nixos.org | 16:22:17 |
| ris_ | how is this relevant to ofborg? several of us are thinking that we should introduce a CI check to counter this - one that will perform a fresh download of "new" FODs introduced by a PR and check the resulting hash | 16:24:55 |
| ris_ | i've developed a proof-of-concept of such a CI check in bash @ https://gist.github.com/risicle/3a521d040022c3e29faadcca8d8d4a20 | 16:26:05 |
| ris_ | it is of course by no means perfect | 16:28:14 |
| ris_ | for PRs that cause a lot of rebuilds (i.e. cause rebuilds to the packages depended upon by most fetchers) and for PRs to the staging branch it may be a lost cause | 16:30:40 |
| ris_ | so that's what my weekend was like, how's yours been? | 16:47:25 |
| 8 May 2024 |
| ris_ | so clearly, at the very least there's some expensive work that ofborg already does for all PRs that could be reused by such a check | 22:15:12 |
| ris_ | * so clearly, at the very least there's some expensive work that ofborg already does for all PRs that could be reused by such a check (the full evals) | 22:15:35 |
| ris_ | though this needs a slightly more stringent variant of it - from the looks of it, ofborg detects packages changing from their outpaths, whereas this needs to compare drv paths | 22:17:20 |
| 13 May 2024 |
 Ramses 🇵🇸 | I was looking at an ofborg failure on x86_64-linux, but the ofborg logs show that what's being built is aarch64... https://logs.ofborg.org/?key=nixos/nixpkgs.311394&attempt_id=4ebea30a-7949-4366-a795-ad2075eff475 | 22:54:48 |
| Ramses 🇵🇸 | Am I missing something here? | 22:55:08 |
 Artturin | In reply to @rvdp:infosec.exchange
I was looking at an ofborg failure on x86_64-linux, but the ofborg logs show that what's being built is aarch64... https://logs.ofborg.org/?key=nixos/nixpkgs.311394&attempt_id=4ebea30a-7949-4366-a795-ad2075eff475 A cross compiled systemd is in passthru.tests | 23:04:02 |
| Artturin | https://github.com/NixOS/nixpkgs/blob/714c88bc0ece31447992261d3acb6eb7d0b70592/pkgs/os-specific/linux/systemd/default.nix#L890 | 23:04:04 |
| Artturin | I added it to prevent cross systemd from breaking | 23:04:20 |
| Artturin | Note that that's not the build that's breaking | 23:06:06 |
| Artturin | The tests of the tests are not run | 23:06:23 |
| Ramses 🇵🇸 | Right, makes sense | 23:33:53 |
| Ramses 🇵🇸 | I'll have to look further into the failure tomorrow then. Thanks for the explanation! | 23:34:14 |
| 14 May 2024 |
|  Philip Taron (UTC-8) joined the room. | 00:26:18 |
|  Tristan Ross joined the room. | 00:27:16 |
| Tristan Ross | I got an out of space error on ofborg with
PR 212328. | 00:27:37 |
|  @infinisil:matrix.org changed their profile picture. | 17:44:32 |
| 15 May 2024 |
|  raghavsood joined the room. | 08:28:15 |
| raghavsood set a profile picture. | 08:38:26 |
| 16 May 2024 |
|  piegames left the room. | 18:55:48 |
