From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from atuin.qyliss.net (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 69C601BD94;
	Mon, 27 Oct 2025 13:17:50 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 993)
	id 72E1B1BC6B; Mon, 27 Oct 2025 13:17:47 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DMARC_MISSING,SPF_HELO_PASS autolearn=unavailable
	autolearn_force=no version=4.0.1
Received: from fout-a6-smtp.messagingengine.com
 (fout-a6-smtp.messagingengine.com [103.168.172.149])
	by atuin.qyliss.net (Postfix) with ESMTPS id 0A2191BC68
	for <discuss@spectrum-os.org>; Mon, 27 Oct 2025 13:17:45 +0000 (UTC)
Received: from phl-compute-12.internal (phl-compute-12.internal [10.202.2.52])
	by mailfout.phl.internal (Postfix) with ESMTP id 92EADEC0335;
	Mon, 27 Oct 2025 09:17:43 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163])
  by phl-compute-12.internal (MEProxy); Mon, 27 Oct 2025 09:17:43 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=cc
	:cc:content-type:content-type:date:date:from:from:in-reply-to
	:message-id:mime-version:reply-to:subject:subject:to:to; s=fm2;
	 t=1761571063; x=1761657463; bh=mcXkux5EMFCs9x5RJW0ZUkXp6VaI8pys
	8lrsUEJDApk=; b=oKTYr7lTcmD9urCBp9aK1/x18PfXN12Jq4dOTLbfMCby6IZO
	ecQEEhCjocz2XgYzvtf5X2I2rEHo2usE0pxj3506lL6rf++7vrNRM+JvvIUDhBqO
	dZUrqAg5WK0B6wEcfC9MVQymq+fT1jLqS00CIdtNFwQRUDY21sKt/qLF3Z9SA08S
	tc91cdEY+rG+89VvMqbzbFRpZYKyQdvisoS707abuUIV4cjIQX5IVOnoZG8PKkre
	/ooVfGIk4Qrq0Y4xNDw9wfon08unSOOJONQxEFvVpqj9W+ZgFnPIuIpoaFdMxRNF
	rmsU1GQFigosokq8NQKJIvw1uSC5ffkl9THbOg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:cc:content-type:content-type:date:date
	:feedback-id:feedback-id:from:from:in-reply-to:message-id
	:mime-version:reply-to:subject:subject:to:to:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1761571063; x=
	1761657463; bh=mcXkux5EMFCs9x5RJW0ZUkXp6VaI8pys8lrsUEJDApk=; b=O
	8OyvvJ6YS0x3C6JN6yqzeMpFxVuP2rDd1Scp365E9v+ur6mlddXG6Mij4SDOXQqA
	tHtAnqzUpXs1+o8K776dO0yTB/Q5eTVaq8Mr+CZlBGFQWCRk6OP9lMBE864oiTW1
	obRmJ2qjKLeFO9nveGLFHfLxqxL4lssWI0RJhfKyyxKWbtmLSeuH9SLUK7fRigBh
	MpmA695azk+Qs8tKDOdKpfvcBmltVaZc3570o1gFHR/NLxB2mBaKdeWRRjubZHsw
	U0IKaX0e00BqBFHiHzLiSWVI0NaKA/xHXPUR806exeKMqE746L96t67a90G6DGtN
	ZmRX8RPSptH2K8Ya5xIrg==
X-ME-Sender: <xms:9nD_aBYbn5PlyBlnx1BOxe58IrGmIzGBcOfQyvgSc83Ly9DZ5lCExg>
    <xme:9nD_aMs39Ha6O3NeM0-0lb5P2qf6_2FnfSnIXonORw8JLzduwJDRzvHilSrhcCLws
    I3dHErVGIhrhik56ayGERnPWHnNpnTIw8W5pYAq1Ba5TjrZBx920g>
X-ME-Received: 
 <xmr:9nD_aDHW1GShum7uNjYicOYKe8OeRlRVm44Oi7nE0sxVBqKLHK_WotCeoRFxzoOjjqc>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdduheektdejucetufdoteggodetrf
    dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu
    rghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujf
    gurhephffvvefufffkgggtsehgtderredttddtnecuhfhrohhmpeetlhihshhsrgcutfho
    shhsuceohhhisegrlhihshhsrgdrihhsqeenucggtffrrghtthgvrhhnpeethffgleethf
    efveegfffgtdegueeggeduteejtdelgfeiueehvdeuvdfghedvgfenucffohhmrghinhep
    shhpvggtthhruhhmqdhoshdrohhrghdpkhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrh
    fuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhephhhisegrlhihshhsrgdrihhs
    pdhnsggprhgtphhtthhopeefpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopeihuh
    hrvghkrgestgihsggvrhgthhgrohhsrdguvghvpdhrtghpthhtohepuggvmhhiohgsvghn
    ohhurhesghhmrghilhdrtghomhdprhgtphhtthhopeguihhstghushhssehsphgvtghtrh
    humhdqohhsrdhorhhg
X-ME-Proxy: <xmx:9nD_aHwwDcwQLN-ZmZtpbe5zyoFORbQaoeG8-zxQJtE3-eCuRGBxbw>
    <xmx:9nD_aCgV-ylyDUzk4uhlUFvSUpHW-MO8wAbXG6rilxzXnL915EvYdw>
    <xmx:9nD_aKx1lI49fNh-4Gu4d9eiDa6OYN_65aAnWu39aGpEgapAq4SoCA>
    <xmx:9nD_aNId4CMYrpaPxAW64_e0CMP_BP-snVkUhjmhebpdShhVImNnzg>
    <xmx:93D_aKwR0LucSapR1hSIw3IH03gjSeQazPQwVEHFMR_xQex0_aL8ZY6E>
Feedback-ID: i12284293:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 27 Oct 2025 09:17:42 -0400 (EDT)
Received: by mbp.qyliss.net (Postfix, from userid 1000)
	id B9CEF61B9FEC; Mon, 27 Oct 2025 14:17:40 +0100 (CET)
From: Alyssa Ross <hi@alyssa.is>
To: discuss@spectrum-os.org
Subject: This Week in Spectrum, 2025-W43
Date: Mon, 27 Oct 2025 14:17:39 +0100
Message-ID: <878qgwzdos.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Message-ID-Hash: P5ZUNE4VXIYQ35MWXTSRLCFDXXZSJ46N
X-Message-ID-Hash: P5ZUNE4VXIYQ35MWXTSRLCFDXXZSJ46N
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation;
 header-match-discuss.spectrum-os.org-0;
 header-match-discuss.spectrum-os.org-1;
 header-match-discuss.spectrum-os.org-2;
 header-match-discuss.spectrum-os.org-3;
 header-match-discuss.spectrum-os.org-4; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
CC: Demi Marie Obenour <demiobenour@gmail.com>,
 Yureka Lilian <yureka@cyberchaos.dev>
X-Mailman-Version: 3.3.9
Precedence: list
List-Id: General high-level discussion about Spectrum
 <discuss.spectrum-os.org>
Archived-At: 
 <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/message/P5ZUNE4VXIYQ35MWXTSRLCFDXXZSJ46N/>
List-Archive: 
 <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/>
List-Help: <mailto:discuss-request@spectrum-os.org?subject=help>
List-Owner: <mailto:discuss-owner@spectrum-os.org>
List-Post: <mailto:discuss@spectrum-os.org>
List-Subscribe: <mailto:discuss-join@spectrum-os.org>
List-Unsubscribe: <mailto:discuss-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain

Hi!  I'm back after being unwell for a couple of weeks.  As such, I'll
be covering things that have happened since the last update.

Demi fixed the BPF x86_64 build failure mentioned last time by avoiding
the use of userspace headers in BPF compilation environments[1].  While
she was at it, she also submitted a refactor and possible small
performance improvement, which is still awaiting review.

[1]: https://spectrum-os.org/git/spectrum/commit/?id=db54efac07deee32f39bdec4e4b8b73674df18c7
[2]: https://spectrum-os.org/lists/archives/spectrum-devel/20251021-fix-forwarder-build-v4-2-b978718c004d@gmail.com

Yureka fixed some recently introduced build regressions in Nixpkgs[3],
including a fix for iproute2 which was applied upstream[4], and then
submitted a patch to update Spectrum's pinned Nixpkgs[5].  I am
absolutely delighted with this, because it's the first time anybody else
has taken on this regular maintenance work.  Unfortunately, when I
tested the Nixpkgs update, I found that the networking integration test
no longer passed.  A still-running bisect indicates this is probably due
to the update to Linux 6.17.  If so, it's probably been caught by
somebody else and fixed already, so which means hopefully the fix will
just be to update to an even newer Nixpkgs and cross our fingers no new
build regressions have been introduced in the meantime.  Yureka has also
been working on automatically testing Spectrum builds against newer
Nixpkgs versions, which I hope might pave the way for semi-automatic
updates at some point, and/or automated notifications of regressions.

[3]: https://spectrum-os.org/lists/archives/spectrum-devel/82249ddc-ae1a-4e3a-a6ae-bb4717243fca@yuka.dev
[4]: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=25b2834cc974729229afcd308f127995405f85c5
[5]: https://spectrum-os.org/lists/archives/spectrum-devel/20251012222756.20947-2-yureka@cyberchaos.dev

I've been working on running Flatpak applications in VMs.  This is a bit
more complicated than the AppImages we already support, because rather
than relying on the system to provide libraries, Flatpaks are installed
to a shared OSTree repository, so that they can be hermetic while still
not duplicating huge amounts of common libraries between applications.
We don't want to just pass through the whole Flatpak repository to
application VMs, because then any application would be able to see which
other applications were installed, so to do Flatpak VMs we need to
determine which paths are actually needed by an application, and pass
through just those.  I've written a program that sets up bind mounts for
a Flatpak application and its runtime to pass through to a VM (but not
extensions yet), and also the glue in the Spectrum application VM to
actually run a passed through Flatpak.  I haven't had a chance to do a
full end to end test yet, but I think everything should just about work.

Thanks to work from Demi[6], file modes in Spectrum images are now fixed,
rather than being affected by the build environment.  As well as being
an important reproducibility fix, this will be important to start
running things as non-root users, where modes actually become relevant.

[6]: https://spectrum-os.org/git/spectrum/commit/?id=a972ba0ce2be8fb32f4b44a708024cdcddd890e6

Demi has been working on implementing OS updates using
systemd-sysupdate, and just got to the point where everything works!
Hopefully we'll see that on the list soon.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRV/neXydHjZma5XLJbRZGEIw/wogUCaP9w9AAKCRBbRZGEIw/w
otCCAQCgO7MVc4v+9xNrMP/lcZBcxcVM5gOVsn70fNhPywiaOwEAseDSY4op9zMo
F6aGLkcGAuM4w6HSjTlxpPtVUKVhBQg=
=0bfw
-----END PGP SIGNATURE-----
--=-=-=--