| 15 Jan 2023 |
 @nickcao:nichi.co | That line is patched | 12:12:39 |
 K900 | Oof | 12:12:47 |
 @elvishjerricco:matrix.org | Nick Cao: there's intentional code in the nix expression for replacing these dlopen expressions with ones that use absolute paths | 12:12:52 |
| @elvishjerricco:matrix.org | IIRC it's very much not easy to get it to work any other way | 12:13:20 |
| K900 | So I guess that line should be path_is_valid | 12:13:36 |
| @nickcao:nichi.co | In reply to @k900:0upti.me
So I guess that line should be path_is_valid I doubt whether upstream would accept this. | 12:14:08 |
| K900 | We can just patch it more | 12:14:17 |
| K900 | Since we're doing that anyway | 12:14:23 |
| @elvishjerricco:matrix.org | oh wait ok, sorry I didn't realize you were saying the following check was the problem. That's what I get for reading these messages on my phone without reading the links :P | 12:17:34 |
| @elvishjerricco:matrix.org | we probably need to come up with some better agreement with the systemd folks for how to live with all this dlopen crap | 12:19:48 |
| @elvishjerricco:matrix.org | * we probably need to eventually come up with some better agreement with the systemd folks for how to live with all this dlopen crap | 12:19:56 |
| K900 | Why can't we just add those to rpath/ | 12:21:00 |
| K900 | * Why can't we just add those to rpath? | 12:21:02 |
 Arian | flokli: didn't u find this dlopen thingy that valve uses? | 12:21:04 |
| Arian | In reply to @k900:0upti.me
Why can't we just add those to rpath? We could actually | 12:21:49 |
| @elvishjerricco:matrix.org | In reply to @k900:0upti.me
Why can't we just add those to rpath? IIRC that didn't work for some reason? Either that or we were being picky and wanted to make systemd use absolute paths so it would be harder to trick it | 12:21:52 |
| Arian | We did this trick because it makes the build fail if you forget any deps | 12:22:09 |
| @nickcao:nichi.co | Maybe just paying more attention to the failing tests is enough. | 12:22:14 |
| @elvishjerricco:matrix.org | ah | 12:22:15 |
| @nickcao:nichi.co | They ought to have caught this. | 12:22:20 |
| @nickcao:nichi.co | https://github.com/NixOS/nixpkgs/pull/210896 | 12:23:24 |
| @nickcao:nichi.co | I'm testing the fix tomorrow. | 12:23:57 |
| @elvishjerricco:matrix.org | Hm, why patch these dlopen calls instead of just double checking that they'll be found (correctly) in RPATH? | 12:30:46 |
| @elvishjerricco:matrix.org | We trying to avoid LD_LIBRARY_PATH shenanigans or something? | 12:31:03 |
| @nickcao:nichi.co | The other distros would also be vulnerable, is RPATH is considered harmful. | 12:33:33 |
| @nickcao:nichi.co | * The other distros would also be vulnerable, if RPATH is considered harmful. | 12:33:41 |
| @nickcao:nichi.co | I think the best way forward is convince upstream to use configure options for absolute paths to these libs. | 12:34:41 |
| @nickcao:nichi.co | Security, maintainability, usability, take all three of them. | 12:35:13 |
| @elvishjerricco:matrix.org | Yea the systemd commit says it's not really a security measure since they use secure_getenv | 12:36:18 |
| @elvishjerricco:matrix.org | Not really sure what that does | 12:36:43 |
