| 26 Jun 2026 |
 emily | ok, not the bug I was thinking of | 19:41:59 |
 Sergei Zimmerman (xokdvium) | Remote builds are generally ugh... very racy yeah | 19:43:35 |
| Sergei Zimmerman (xokdvium) | Some work to be done there certainly | 19:43:49 |
| Sergei Zimmerman (xokdvium) | Specifically https://github.com/NixOS/nix/pull/15719, which I'll return to | 19:44:16 |
| emily | tl;dr normally materialized .drv keeps deps of a running build alive; in remote build scenario you don't necessarily have .drv; you are saved by the fact that /proc/*/environ is used as gcroots; but with structured attrs your builder's root process's /proc/*/environ doesn't contain the paths | 19:44:22 |
| emily | but it does contain paths to .attrs.json/.attrs.sh admittedly | 19:44:35 |
| emily | BUT the builder user owns those and can delete them | 19:44:40 |
| emily | so you can stash a path from your structured attrs, delete those files, wait for a GC, use after free | 19:44:54 |
| Sergei Zimmerman (xokdvium) | The issue in question is probably that the build hook doesn't root inputs befory copying those over | 19:44:57 |
| emily | (I forgot that you had to actually delete the structured attrs files to exploit this) | 19:45:07 |
| emily | (which admittedly makes it unlikely to happen in the real world, but it's not great!) | 19:45:23 |
| emily | oh I see dram is way ahead of me yeah | 19:45:52 |
| Sergei Zimmerman (xokdvium) | You'd be disappointed by the number of GC fixes we merged lately | 19:46:15 |
| Sergei Zimmerman (xokdvium) | So much shit has just been generally broken and not (temp)rooted | 19:46:28 |
 hexa |
sh: line 1: /nix/store/kjixkcwl9jivrzasdqmmjd9gcfr3wfcq-cmake-minimal-4.1.2/bin/cmake: No such file or directory
| 19:46:43 |
| hexa | smh | 19:46:45 |
| emily | perhaps disappointed; after looking over GC code for my own nefarious purposes, certainly not surprised | 19:46:48 |
| emily | what worries me is cases where a build system will "handle" something missing and we get unreproducible builds from Hydra | 19:47:12 |
| emily | e.g. optional dependency detection | 19:47:21 |
 K900 | I wonder if it makes sense, as a horrible workaround, to drain the builders for the GC runs | 19:47:24 |
| K900 | At least until we are more confident about this | 19:47:30 |
| emily | that's a scary environment to be operating in imo | 19:47:31 |
| emily | just reimage them whenever they fill up :D | 19:47:53 |
| K900 | Or that | 19:48:14 |
 Grimmauld (any/all) | even worse if that means security critical stuff is missing. Like, dunno, cacert or something.... | 20:02:29 |
| emily | probably relatively unlikely for that to be optional deps I'd reckon | 20:02:52 |
| emily | but spooky in general | 20:02:57 |
| hexa | we got a clang build at least | 20:06:06 |
| hexa | third try | 20:06:07 |
| emily | nobody tell hexa there's multiple of those | 20:06:57 |
