<catern>hey guix, wouldn't it be cool if we eliminated setuid binaries completely from guixsd? <ZombieCh1cken>I think some have to be. I /think/ X has to be to work, but I'm not 100% sure <catern>no, non-root X was worked out a couple years ago <catern>I don't know how it actually works <catern>but distros are working on it so that's good <catern>but other things! like su, and sudo! <catern>what are we going to use instead of sudo? <catern>su can be replaced with ssh to localhost but sudo has much more granular permissions <ng0>I think, I am not 100% sure as I'm following up some own bug tickets on this, that gnunet requires some. I'm not sure about this. I can only confirm when the service is finished <ng0>could be that it was recently solved in gnunet. <catern>ZombieCh1cken: well, it'll have to be done if we're to eliminate all setuid binaries! we might even gain things out of it :) <catern>ng0: I don't know what gnunet setuid stuff there is, but maybe with gnunet it would be easy enough to restructure them into a daemon/client IPC model? since gnunet is a networking application after all <ng0>well that's a misconception, but as I said I can't give 100% certain info about this right now <ng0>I'll update on this when I've looked at my bugtickets. <ng0>too late here to have this discussion. i'm off to bed soon. just wanted to give my 2cts to setuids. <ng0>i think it was something like gnswhich requires/required it to fully work. search our mantis bugtracker to see recent bugs i miught've filed on this. <efraim>AFAIK only for encrypted /home, unless you're on a libreboot machine <df_>I'm trying to test a cmake build in guix environment --pure but it's trying to use /usr/bin/cc rather than the gcc on my path <df_>am I missing a flag or something? I can't see anything obvious in cmake-build-system.scm to tell it the location of the c compiler <df_>the one on my path is gcc <df_>cmake is explicitly looking for cc <df_>hmm I think it must have cached something somewhere, it works now <wingo>i am still afraid of git-send-email <wingo>it's like a wood chipper or something <efraim>i don't use it often, but the man page helps a lot <efraim>git send-mail --to guix-devel@gnu.org patches-to-send/* <efraim>and then the man pages if I need to reply to an existing thread <efraim>well, my aarch64 board works with the armhf binaries but not with my aarch64 patches :/ <efraim>i take it back, it doesn't support the armhf binaries <efraim>it'll download but not build them and not run them <wingo>lol i seem to have been bit by send-email, regardless <wingo>ACTION uses guix lint in anger for like the first time <paroneayea>where you can see if a single package is building correctly right now <adfeno>I think I found another mirror with broken substitute <adfeno>Again, the download starts, so there is a substitute, but fails half-way. <wingo>i would like to be able to export a package and all its dependencies to a tar file containing the subset of /gnu/store needed to run the file <wingo>i am not finding that; though of course i can make a nar <adfeno>wingo: Yes... I think one can do `guix build -S "package"` to do that, if I'm not mistaken. <wingo>adfeno: humm, i think that does something else, right? afaiu "guix archive --export -r foo > /tmp/foo.nar" does the trick <adfeno>Although I don't know how to make it such that the tar.gz file can still be deterministic, and I'm not sure if there are permission issues considered important when passing that file. <wingo>i just don't know how to extract the nar <adfeno>wingo: Indeed. guix export is way better. <adfeno>wingo: Also, I also have the same problem; <adfeno>I was looking at Guix's repository, and found nothing. <wingo>build-aux/make-binary-tarball.scm looks about right :) <adfeno>I wish Guix mirrors would have a mechanism to check for hash matches and automatically redirect downloaders to the file from main server if there is a hash mismatch. <iyzsong>i think it should be (guix serialization restore-file). but I tried `guix archive --extract', which reports corrupt input.. <wingo>iyzsong: yeah i tried that too. weird <wingo>oh well, gotta do other things <adfeno>Well... Just use the .nar file and find free/libre software to open it. :) <adfeno>One thng that I really like about GNU IceCat is the possibility to install GNU LibreJS :) <wingo>i know folks don't want curl-bombs but seriously there should be a no-intervention guix installer or something <adfeno>Must go now, do some fitwalking. <habs>If I have an FTP directory mounted via gvfs that shows up in Nautilus and when I do "gvfs-mount -l", where can I find the actual directory of that mount? ***[0xAA] is now known as Zer0Pings
<roptat>I'm still having trouble with the nginx service <roptat>when the service is not loaded and I update the system with guix system reconfigure, it loads the new service automatically <roptat>but when the service is already running, it does not load the new definition <davexunit>roptat: correct, because it does not know how to do that. <roptat>I would expect that services with a different definition are reloaded <pthreat>Can anyone tell me a little bit about the kernel, I find "cleaned up linux kernel" a little bit too simplistic <davexunit>it's a fair expectation, but it requires someone to implement it. <roptat>do you mean in nginx service, or in the configuration system? <davexunit>the general facility is needed in shepherd, but each service may need special treatment. <roptat>ok, I'll see if I can do something <davexunit>for now, you either need to reboot or restart the service manually <roptat>when I only restart it, it loads the old definition <roptat>I need to stop it, reconfigure or reconfigure, reboot <davexunit>it's a difficult problem to determine what should be done for any given service that is already running. <davexunit>nginx is rather unique in that it supports zero downtime upgrades <roptat>where should I look to try and implement that? <davexunit>restart running services after a 'guix system reconfigure' <davexunit>change shepherd to allow each service to specify custom behavior in this case <davexunit>oh and a 3rd part: implement the custom replacement hook for the nginx service <davexunit>you're on your own to implement it. I'd start by jumping into the source code and exploring, just like you. ***kragniz1 is now known as kragniz
***Tox is now known as Gottox
***retroj_ is now known as retroj
***MightyJoe is now known as cyraxjoe
<jmd>How do I add a file to /etc/pam.d ? <adfeno>It seems debbugs didn't receive my email message. <dvc>is the wip openocd package available somewhere? need it soon... <dvc>quigonjinn: did you get anywhere with openocd yet? :) <quigonjinn>it's building and working, but i still need to make some modifications to it. would you like me to format a patch and send it to you? <dvc>quigonjinn: that would be awesome! thanks <dvc>do you need my email? <alezost>paroneayea: re "M-x guix-hydra-package-status": If I understand correctly, you want "C-u M-x guix-hydra-latest-builds", but you have to specify a full job name for this, which looks like this: "guile-2.0.12.x86_64-linux" <alezost>also note that hydra is slow (often unresponsively slow) <alezost>paroneayea: btw this info can also be accessed from a package info: try "M-x guix-packages-by-name emacs", and press any "Supported systems" button (like x86_64-linux) <quigonjinn>dvc: sure. if anyone else needs it i can post it here, until it is ready for guix-devel. just give me some time to make sure it's all working because i made some recent changes. <quigonjinn>side question. what is the correct file to put an HID-Class API library package in? <roptat>there's something I don't understand: "(make <service> ...)" where is make defined? or is it part of scheme? <lfam>ACTION works on updating BIND and isc-dhcp's bundled BIND <jmd>lfam: I thought bind was pretty much up-to-date <lfam>jmd: Security release today <lfam>I wonder if we should use bind package directly in isc-dhcp? <jmd>It sounds like a better idea to me. <dvc>quigonjinn: sure, take your time - my email is david@craven.ch <lfam>jmd: Okay, that's for later. For now I'm just doing the smallest update that will work. <jmd>Yep. For security updates that's best. <lfam>Are you interested in making that patch? Or, at least, suggesting the change on guix-devel? <lfam>ACTION pushed bind updates <thomasd>ah, the joy of seeing "my" package build on hydra... ***fkz is now known as Guest15408
***specing_ is now known as specing
<alezost>roptat: it is a part of guile (used to create objects); see (info "(guile) Instance Creation") ***kelsoo1 is now known as kelsoo
<quigonjinn>how can one apply a patch on a git-fetch origin? git-checkout is downloaded under gnu/store, so it's read only. ***mog- is now known as mog
<lfam>I wonder what is the best way to update Bash, considering how parts of the package definition are tied into %patch-series. There are 4.4 patches yet <lfam>I mean to say, "There are no 4.4 patches yet" <lfam>I'm also not sure how I'm supposed to use (download-patches) <lfam>I don't know what to pass as "store". I assume that "count" is an integer. <lfam>I guess we could just make %patch-series an empty list and update all the version strings.