| 4 Apr 2024 |
 das_j | In reply to @mrtrk:matrix.org
Has anyone ever tried to deploy all the hydra components separately? from what I understood hydra architecture is meant to be distributed and use postgresql as a message bus That's mostly true but I think (although I am not sure) that the queue runner expects the drvs from the evaluator in its store | 13:51:47 |
 ma27 | In reply to @janne.hess:helsinki-systems.de
That's mostly true but I think (although I am not sure) that the queue runner expects the drvs from the evaluator in its store That should be solvable by instructing the evaluator to write into a remote store I guess. | 13:53:45 |
| 9 Apr 2024 |
|  @5m5z3q888q5prxkg:chat.lightnovel-dungeon.de changed their profile picture. | 23:12:30 |
| 11 Apr 2024 |
|  Anthony Rsl set a profile picture. | 21:59:20 |
| Anthony Rsl removed their profile picture. | 22:12:55 |
| 12 Apr 2024 |
|  hexa joined the room. | 16:46:26 |
| 14 Apr 2024 |
|  @bootstrapper:matrix.org changed their profile picture. | 04:54:39 |
| 17 Apr 2024 |
|  K900 changed their display name from K900 ⚡️ to K9Ö0. | 17:16:44 |
| K900 changed their display name from K9Ö0 to K900. | 17:21:55 |
| K900 | 17:21:55 |
| 18 Apr 2024 |
 @stablejoy:matrix.org | I'm trying to determine the duration of a build for a single package. However, when parsing the JSON with start and stop times, curl -H 'Accept: application/json' <https://hydra.nixos.org/build/255062383> | jq '.starttime, .stoptime', it shows the same start and stop time while the build duration at https://hydra.nixos.org/build/255062383#tabs-summary shows it took 45 seconds. | 06:59:38 |
| 19 Apr 2024 |
 cransom | the key part there is that the build was cached from another build. you'll need to grab the build info from that original build. | 15:54:32 |
|  @belak:matrix.org left the room. | 19:53:58 |
| 21 Apr 2024 |
| @stablejoy:matrix.org | In reply to @casey:hubns.net
the key part there is that the build was cached from another build. you'll need to grab the build info from that original build. Ooh I see, thanks | 07:51:39 |
|  @mlyx:matrix.org left the room. | 15:47:35 |
|  cole-h left the room. | 23:46:03 |
| 22 Apr 2024 |
|  mjolnirchanged room power levels. | 08:33:54 |
| das_j | @room You Hydra might have a XSS vulnerability, please check if you need to update: https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx | 15:25:58 |
 @linus:schreibt.jetzt | Hm, that's not really a helpful reproducer since the fix doesn't prevent the alert from happening? | 15:27:30 |
| @linus:schreibt.jetzt | (or at least as far as I understand the fix, it shouldn't) | 15:28:17 |
| das_j | In reply to @linus:schreibt.jetzt
Hm, that's not really a helpful reproducer since the fix doesn't prevent the alert from happening? That's a reasonable point :/ | 15:28:41 |
| das_j | I can just drop it, it's not like the issue or anyone's vulnerability to it is debatable | 15:29:14 |
| @5m5z3q888q5prxkg:chat.lightnovel-dungeon.de | In reply to @janne.hess:helsinki-systems.de
@room You Hydra might have a XSS vulnerability, please check if you need to update: https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx Does that in any way affect nixos users who use the distro-provided cache? | 16:46:55 |
| @5m5z3q888q5prxkg:chat.lightnovel-dungeon.de | In reply to @janne.hess:helsinki-systems.de
@room You Hydra might have a XSS vulnerability, please check if you need to update: https://github.com/NixOS/hydra/security/advisories/GHSA-2p75-6g9f-pqgx * Does that in any way affect nixos users who use the distro-provided cache? e.g. malicious cache? | 16:49:44 |
| das_j | In reply to @5m5z3q888q5prxkg:chat.lightnovel-dungeon.de
Does that in any way affect nixos users who use the distro-provided cache? e.g. malicious cache? It doesn't affect the cache, it's only an issue when looking at html files from the Hydra web interface | 16:51:49 |
 Rick (Mindavi) | Merged the fixes in nixpkgs, doesn't seem like it'll hurt | 17:03:29 |
| 24 Apr 2024 |
| @stablejoy:matrix.org changed their profile picture. | 08:59:22 |
 osnyx (he/him) | I had wanted to use replaceRuntimeDependencies in a system config to hotfix the latest glibc CVE, but unfortunately Hydra fails to evaluate it due to
error: access to absolute path '/nix/store/anlf335xlh41yjhm114swi87406mq5pw-glibc-2.38-44' is forbidden in restricted mode.
I guess there's a good reason why Hydra uses restricted mode and I better don't just patch evalSettings.restrictEval = false;?
| 15:57:34 |
| cransom | there is probably a good reason, but back when i used hydra, i also patched that out for... reasons. | 16:01:28 |
| ma27 | In reply to @os:matrix.flyingcircus.io
I had wanted to use replaceRuntimeDependencies in a system config to hotfix the latest glibc CVE, but unfortunately Hydra fails to evaluate it due to
error: access to absolute path '/nix/store/anlf335xlh41yjhm114swi87406mq5pw-glibc-2.38-44' is forbidden in restricted mode.
I guess there's a good reason why Hydra uses restricted mode and I better don't just patch evalSettings.restrictEval = false;?
I think the main reason was that h.n.o. is effectively evaluating untrusted Nix code and the devs wanted to have certain restrictions for that (e.g. being unable to fetch stuff from random URLs). I've seen it a few times that people patched it out in their overlays. | 16:01:49 |
