| 10 Apr 2026 |
 emily | do you see any problems with the temproots approach? I suppose there's no strict guarantee that the files are named after the nix-daemon PIDs or that they don't have random other derivations in there that can't be reliably distinguished? | 11:13:02 |
 raitobezarius | i don't see problems with temproots approach immediately | 11:14:52 |
| raitobezarius | for nix derivations? | 11:14:56 |
| raitobezarius | i so want to add the goddamn API in the daemon so you can get workload proofs proper | 11:15:17 |
| raitobezarius | well, there can be temproots for other things appearing | 11:15:45 |
| raitobezarius | it's not a 1:1 mapping with derivations being built | 11:15:50 |
| emily | yeah. ofc a proper story would be great but I'll take what I can get for now | 11:16:11 |
| raitobezarius | i think temproots is probably the best | 11:16:21 |
| emily | the ones for builds are named after the daemon PID | 11:16:25 |
| emily | so the lookup is easy there | 11:16:34 |
| raitobezarius | but there's multiple subdaemons PIDs | 11:16:37 |
| raitobezarius | i would also go for the dangerous scenario for a PoC | 11:16:40 |
| raitobezarius | for a intermediate production level target, i'd do a proxy nix daemon real quick | 11:16:49 |
| raitobezarius | and intercept what is being built | 11:16:56 |
| emily | in this setting you have peer credentials from the build | 11:17:01 |
| raitobezarius | it would be great to have a generic toolkit to do that | 11:17:05 |
| raitobezarius | yes | 11:17:10 |
| emily | so can walk up to the daemon proc to get its PID, look that up, (and then make sure the PID/socket still lives to avoid TOCTOU I guess) | 11:17:56 |
| raitobezarius | ah btw, if you have cgroups | 11:18:04 |
| raitobezarius | you can do nice things | 11:18:06 |
| raitobezarius | just list all the cgroups | 11:18:08 |
| raitobezarius | they contain the drvHash in their names | 11:18:12 |
| raitobezarius | by that, I mean: https://gerrit.lix.systems/c/lix/+/4773 | 11:19:12 |
| emily | right. that is nice but not sure I can assume it. (can builds make child cgroups? I guesS you need to check hierarchy if so?) | 11:20:49 |
| emily | * | 11:20:56 |
| emily | also can you actually query the daemon for a hash w/o drv name or do you need to walk the store? 🤔 | 11:21:28 |
| raitobezarius | build can make child cgroups | 11:36:49 |
| raitobezarius | you can probably directly query the sqlite database i think :D | 11:37:07 |
| raitobezarius | you can prevent that manually if you listen on cgroup appearances | 11:37:25 |
| raitobezarius | and write in subtree_control | 11:37:31 |
