| 24 Apr 2024 |
|  @stablejoy:matrix.org changed their profile picture. | 08:59:22 |
 osnyx (he/him) | I had wanted to use replaceRuntimeDependencies in a system config to hotfix the latest glibc CVE, but unfortunately Hydra fails to evaluate it due to
error: access to absolute path '/nix/store/anlf335xlh41yjhm114swi87406mq5pw-glibc-2.38-44' is forbidden in restricted mode.
I guess there's a good reason why Hydra uses restricted mode and I better don't just patch evalSettings.restrictEval = false;?
| 15:57:34 |
 casey © | there is probably a good reason, but back when i used hydra, i also patched that out for... reasons. | 16:01:28 |
 ma27 | In reply to @os:matrix.flyingcircus.io
I had wanted to use replaceRuntimeDependencies in a system config to hotfix the latest glibc CVE, but unfortunately Hydra fails to evaluate it due to
error: access to absolute path '/nix/store/anlf335xlh41yjhm114swi87406mq5pw-glibc-2.38-44' is forbidden in restricted mode.
I guess there's a good reason why Hydra uses restricted mode and I better don't just patch evalSettings.restrictEval = false;?
I think the main reason was that h.n.o. is effectively evaluating untrusted Nix code and the devs wanted to have certain restrictions for that (e.g. being unable to fetch stuff from random URLs). I've seen it a few times that people patched it out in their overlays. | 16:01:49 |
| osnyx (he/him) | The last time I looked (~1year ago), the effects of restricted mode weren't that greatly documented, neither in Nix nor what they cause in Hydra. So I'm always a bit wary about it. | 16:03:21 |
| ma27 | not sure if much has changed about that...
But tests/functional/restricted.sh from the nix repo has a few test cases that may give a rough idea of what it does | 16:08:05 |
| osnyx (he/him) | * The last time I looked (~1year ago), the effects of restricted mode weren't that greatly documented, neither in Nix nor what they cause in Hydra. So I'm always a bit weary about it. | 16:08:15 |
| 25 Apr 2024 |
|  @me:indeednotjames.com left the room. | 03:33:20 |
|  @delroth:delroth.net left the room. | 14:43:29 |
|  NixOS Moderation Bot banned  @jonringer:matrix.org (Banned until 2024/06/10 after deliberation of the Moderation team). | 21:11:58 |
|  David Mell (zraexy) joined the room. | 23:19:14 |
| David Mell (zraexy) changed their display name from David Mell to David Mell (zraexy). | 23:51:58 |
| 26 Apr 2024 |
| @stablejoy:matrix.org changed their profile picture. | 14:03:43 |
|  @patka_123:matrix.org left the room. | 19:33:34 |
| 29 Apr 2024 |
|  stigo left the room. | 12:03:45 |
| NixOS Moderation Botchanged room power levels. | 15:29:48 |
| 30 Apr 2024 |
|  ondt joined the room. | 22:21:41 |
| 1 May 2024 |
| NixOS Moderation Botchanged room power levels. | 15:06:26 |
| 3 May 2024 |
 John Ericson | https://hydra.ngi0.nixos.org/build/3992#tabs-summary I was trying to figure out why this stuff is stuck in queue | 18:03:13 |
| John Ericson | anyone know where to look? | 18:03:16 |
| 4 May 2024 |
|  Regnat left the room. | 15:55:58 |
| 6 May 2024 |
|  tracteur joined the room. | 21:58:35 |
| 7 May 2024 |
 hacker1024 | How do you handle garbage collection when using an S3 store_uri? Is hydra-s3-backup-collect-garbage appropriate? It's made for the S3 backup plugin, which was made before Nix supported S3 natively and (as far as I can tell) is now redundant. | 23:59:52 |
| 12 May 2024 |
|  @man2dev:fedora.im left the room. | 10:22:13 |
| 13 May 2024 |
|  Arian left the room. | 17:44:14 |
| 14 May 2024 |
|  infinisil changed their profile picture. | 17:45:10 |
| 15 May 2024 |
|  raghavsood joined the room. | 08:28:11 |
| raghavsood set a profile picture. | 08:38:29 |
 hexa | is there a requirement for hydra-notify to be up for evaluating/scheduling/shipping builds? | 10:04:58 |
| hexa | wondering if disabling it would impact the hydra.nixos.org pipeline | 10:05:40 |
