<vagrantcish>well, was able to successfully ssh to a remote machine using the gnuk token, encrypt and decrypt a message to myself ... signing was weird, but that maybe was because of the way i created a key <divansantana_>"qemu-system-x86_64: could not configure /dev/net/tun (tap0): Operation not permitted". Does a user have to be in a particular group on guixsd for this to work? <IntoxicatedHippo>thanks, next question: Is there any significant security benefits from running my browser with `guix environment --container`? <roelj>IntoxicatedHippo: Well, inside the container, only a small part of your file system is accessible, so a malicious website or plug-in would not be able to make an entire copy of your hard drive. Inside the container, the browser runs in an isolated process space, so it cannot see what else is running on your machine (other than things inside the container). <thomassgn>divansantana: Hi, is this for something built with 'guix system vm/container' or similar? Containers need to be run as root, don't think vm's do. Haven't seen this myself, my user is in groups "kvm" and "netdev" maybe that's what you need <mbakke>The manual should probably mention `loginctl` somewhere. <mbakke>Reboot, halt, logout, suspend, that kind of stuff :-) <civodul>otherwise i use halt/reboot, or i close the lid <mbakke>With loginctl I can reboot without privileges, which is kind of nice. <civodul>so yeah, i guess it deserves a mention the manual :-) <mbakke>Since we're on the topic, lid close does not work on my laptop since a few weeks(!). Perhaps it's my (custom) kernel 4.16 or eudev 3.2.5 (hopefully not!). <sturm>Can anyone point me to an example of using `guix pack --format=docker` that will run on a system without guix? I've tried a few different examples but end up with errors running `docker load` referencing a non-existent dependency <sturm>could the fact that my Docker is from Trisquel 7 (circa 2014) be the problem? <mbakke>sturm: I don't know anything about it, but can you try `guix system docker-image`? I think those should be self-contained. <IntoxicatedHippo>What are people here using for backups? I was using BackupPC, but that would be a nightmare to package for guix <ngz>IntoxicatedHippo: Why do you think it would be a nightmare ? <pkill9>unless you have other requirements, idk anything asbout backing up <IntoxicatedHippo>I have other requirments, mostly remotely restoring files and incremental backups <pkill9>BackupPC is a funny name for a free software project, it sounds very much like those somewhat obscure windows software that does things that free software does :P <mbakke>Huh. `./pre-inst-env guix build wine64` ignores my build hook and attempts to build my modified samba locally. <mbakke>The same happens with wine64-staging. But I haven't found any other packages that exhibit this behaviour. <mbakke>Ahh it's probably because of #:system. <mbakke>IntoxicatedHippo: You can access the absolute install path in the builder using the %outputs variable. <efraim>mbakke: before I head home and start testing gcc 8.1 are you already working on it? <mbakke>IntoxicatedHippo: What makes you think the package won't be reproducible? <IntoxicatedHippo>It requires running a perl script that requires the absolute path to lots of binaries and the hostname <IntoxicatedHippo>I guess I can just install it without that but that approach feels messy <pkill9>maybe you could patch the perl script <pkill9>not sure about the hostname though <mbakke>IntoxicatedHippo: That sounds great, using absolute paths is what we want. I suppose we'll have to pick some token hostname though. <efraim>mbakke: ok, I'll test it on aarch64 ***lostcoffee is now known as atw
<nckx>IntoxicatedHippo: You obtain the output directory ahead of time (it's not based on a hash of the contents) like mbakke said. Not sure how that's not reproducible? The hash is constant. <nckx>Oh god. I double-spaced. <IntoxicatedHippo>I thought it was based on contents, but not that I've realised I could do this all with a service that doesn't matter anyway <nckx>OK, as long as the service isn't just a hack to avoid this (non- :-) issue. <nckx>�ACTION is always happy to see more back-up software in Guix. Even if it does sound like Windows shareware.� <nckx>At least it's not BackupKit. <firewall`>What is the signification of error: 'Value out of range 0 to 5: 7' ? <mbakke>firewall`: Can you upload the package definition to paste.debian.net ? <efraim>Oh, its a go package, so I'm not sure. Is the commit number correct? It looks too short to me <firewall`>efraim: We cannot set tag version as commit ? <zybell>commit for git must have *more* than 5 chars, or git ends with error. <nckx>firewall`: My guess is that git-file-name takes a substring of commit, and yours is too short. <kkebreau>nckx: git-file-name is actually just a wrapped call to string-append. <kkebreau>git-version does take a 7-character substring, though. <nckx>Anyway, keep using tags, ‘commit for git must have *more* than 5 chars’ is only for actual commit IDs. <nckx>Who's our go-to Go person? That importer needs tweaking. <firewall`>nckx: o/ I know it's needs some improvement... <bavier`>and here I thought packaging "flang" would be a simple matter <mbakke>Hmm `guix pull --branch=core-updates` fails with `no binding `invoke-error?' in module (guix build utils)`. <mbakke>Perhaps I need to update the current Guix first. <bavier`>I used to be able to give people links to their package description on the guix website, but now with the paginated lists, I can't do that <bavier`>which I think is unfortunate, because I enjoyed informing maintainers that their software is packaged in Guix <bavier`>I should review the discussion on the ML about this <pkill9>soemone a few days ago also had that issue <nckx>bavier`: +1, it's also a pain when submitting patches to projects with a pretty Guix logo or ‘installation instructions’ — ‘yeah, here's a link sort of’. <nckx>I looked at the code but it's too foreign to bang out a quick patch :-( <nckx>�ACTION ♫ 88 patches of mail on the thread� <nckx>Can I opt out of the future. <mbakke>Oh great, it's an online mapping between Sphinx projects. And no such file is provided by the Python package itself. <nckx>�ACTION is bored waiting for ZNC 1.7 to compile.� <nckx>It takes surprisingly long. <nckx>Grr. *M, because otherwise that stupid typo is going to keep bothering me. Thanks for the reading materials :-) <mbakke>I think I'll go and do something more fun for a while. Do the dishes, or something :P <nckx>‘# The remainder of this file is compressed using zlib.’ <nckx>So objects.inv itself needs to be packaged? Haha I kid it's an unversioned blob. <nckx>That comment reminds me of gzexe. I think I'm going to gzexe some random binaries. Beats doing dishes. <mbakke>At least numpy provides the objects.inv file, so all hope is not lost. Not sure how to make "python" generate it (probably requires Sphinx!). <mbakke>But there will be circular dependencies all over once the "-documentation" packages all reference each other. <nckx>OMG OMG xzexe exists. 12-year old Tobias would have cried with joy, and slowed his Slackware box to an absolute crawl. <mbakke>Actually, I'm tempted to push my matplotlib/numpy/scipy updates and leave matplotlib-documentation broken for now, assuming everything else builds. <mbakke>The matplotlib issue is going to take a while. <nckx>I'm tempted to agree with you. <nckx>I thought that area was already rife with circular dependencies as it was, anyway. <mbakke>Yeah the Python ecosystem is steadily growing into itself with interdependencies. <ng0>snakes are already circular formed though <ng0>I think Monty Python would abide the comedy around circular dependency resolving <nckx>ng0: Do you prefer to be addressed by your IRC name or your e-mail name? I've seen peeps doing both; thought I'd ask. <amz3>ng0: it was a circular dependency? <ng0>nothing's solved so far. <ng0>i'll take another look into this tomorrow night <amz3>I am wondering whether to continue my work on guile or python <amz3>I always ask myself this question <amz3>I just can't keep coding, htat's frustrating :' <ng0>what about taking a break, focusing on other hobbies if coding is frustrating at the moment? <bzp>what I should know or consider to install 'guixsd'? <amz3>bzp: what's your background in tech? <bzp>I learned to install archlinux, I'm not computer <vagrantc>bzp: it uses a lot of disk space, and sometimes your system will spend a fair amount of time compiling. <bzp>guix, looks like archlinux or gentoo? <vagrantc>it's also notably different from most distros other than nixos <ng0>also note that you can use guix on top of archlinux <vagrantc>bzp: one of the best features is package upgrades can be easily rolled back <pkill9>also you can have multiple versions of multiple packages all installed <vagrantc>to some degree, it's just a different way to thinking about an operating system <vagrantc>users can install their own packages in a reasonably safe manner, different users have different sets of packages installed... even a single user may have different profiles with different sets of packages... <bzp>Is it a production system that I can use in my home work station? <pkill9>but I use it on my laptop, others do too <vagrantc>sometimes things do just break, or features require some effort to get working right <vagrantc>but rolling back to previous versions when they do is generally possible <bzp>I'll test on a virtual machine called parallel desktop <pkill9>you can also load previous system states from the Grub menu <pkill9>so if you make a change in your system setup or upgrade kernel etc, and it doesn't boot up, you can select a Grub entry with the previuos system state and boot up <davidl>snape: the LetsEncrypt certificate issue is almost resolved. I have certs now but I get "Secure connection failed" when I open it in by browser. http works fine. <sneek>davidl, snape says: it seems like server1.selfhosted.xyz/.well-known returns 404 instead of 403. That's a hint. Could you please share your nginx.conf? <pkill9>one of the reasons i switched to it <bzp>as I boot the system, download a file called 'guix .... iso.xz' <snape`>I can't pay online (because of ING's security system) with Icecat, but I can with Firefox... Frustrating <snape>and it's not the first time. There are lots of "javascript like" errors that happen only with Icecat <snape>(And I'm not even talking about videos...) <pkill9>i think icecat has an older javascript engine <davidl>anyone has anyone idea why GuixSD shows "Secure conncetion failed" - nmap shows port 443 is open, firefox says connection closed, and wget "Unable to establish SSL connection." <jonsger>snape: missing Firefox and Thunderbird are the most blocking issues for me to use GuixSD... <snape>jonsger: well, you can still package your own <pkill9>davidl: maybe you need the nss-certs package <davidl>pkill9: I have it for both system and individual users. <jonsger>snape: but I don't like that really when every one has his "private" git repo with the same packages who want go into guix because of gnu... <nckx>davidl: curl or ‘openssl s_client’ tend to produce more helpful error messages. <snape>davidl: yes, you need to install it globally <snape>jonsger: I don't like that Firefox ships with lots of non-free software and provides no easy way to remote it. <snape>I really prefer Guix' approach, and they unfortunately conflict. <davidl>nckx: curl was better - "gnutls_handshake() failed: The TLS connection was non-properly terminated" <snape>there must be a more recent list somewhere I guess <nckx>davidl: Mind sharing the URL? <snape>I wish we could do what Icecat does, but at Guix packaging level, on a recent Firefox <bavier`>jonsger: iirc, there was some thunderbird work recently <snape>and without their addons. I mean, maintaining it would be enough work. <pkill9>jonsger: you can install nix as well for the programs not in Guix <snape>Hmm, I don't see why it wouldn't be feasible. <snape>I'll mail guix-devel about it <nckx>davidl: Oh. I had +R set to block privmsgs, I'm afraid I didn't get it. Try again? <nckx>Or +g or whatever. Anyway, off now. <anonymoose>Does anyone have a straight forward install guide for the distro? I found the documentation confusing and other guides I found via web search lacking. <davidl>nckx: sent again. the /var/log/nginx/error.log shows no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 90.226.185.254, server: 0.0.0.0:443 <roptat>anonymoose: what's confusing in the documentation? maybe we can try and improve it? <anonymoose>roptat: I only found the VM install guide and an install guide for the package manager alone. I might just be dumb. :P <roptat>on each item of the download page, you have an "installation instruction" link that directs you to the correct part of the documentatino <drtan>Hi! Have you ever got: 'guix: offload: command not found' after 'guix pull'? <nckx>davidl: Yah, openssl says ‘no peer certificate available’, so it seems like nginx is telling the truth. Is your nginx.conf machine-generated? Or why is there no ssl_certificate? <davidl>nckx: machine-generated. I can show you the nginx.conf <nckx>No need, since it's clear what's missing :-) Adding ‘ssl_certificate /etc/letsencrypt/live/$SEKRIT_DOMAIN/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/$SEKRIT_DOMAIN/privkey.pem;’ would do the trick if you're using certbot. I can't tell you how, since I write all my confs by hand... <nckx>�ACTION is not the much of the help in this case.� <davidl>I have it added and I have checked the permissions on the files and folders. <nckx>Whuut. OK, I take back what I said. <nckx>I don't understand how that error message maps to that configuration. Are you sure that's what the running nginx is using? Can you stop it & ‘sudo nginx -c ...’ by hand? <nckx>Let's grasp all the straws! <davidl>nckx: I will try that in a sec :) <davidl>nckx: someone with the same issue curl (35), wrote "In my main nginx.conf I was setting the listen directives to both port 80 and 443" <buenouanq>davidl: I had this same issue I worked through last week. <nckx>I don't get what they mean by moving it from ‘main nginx.conf’ to ‘VHost’ (an Apache term): ‘listen’ is only valid in ‘server’ blocks anyway. <nckx>buenouanq gonna drop some enlightenment on us! <nckx>Which is good because now I'm curious and otherwise this is going to end with me spinning up an nginx with that config just to find the answer. <nckx>Ya know, I really don't think that configuration file is loaded, since the HTTP → HTTPS redirection at / is also not happening. The ‘hej’ here is really a failure: it should be a 301. <buenouanq>did you run /var/lib/certbot/renew-certificates ? <davidl>buenoanq: yeah. it just says it's not time for renewal again. keys and all are in /etc/letsencrypt folder <buenouanq>I have a server listening on 80 that redirects <buenouanq>clear you browser everything, with the 301 maybe it's working but you're just seeing cached pages <snape>davidl: how did you solve your renew-certificates issue? <davidl>snape: I upgrade with guix pull and reconfigured, then also for my user. <davidl>buenoanq, nckx: now nginx seems to work as well :P <nckx>davidl: Yep. I just checked. That configuration is *not* what your server's running: it redirects when I try it. <davidl>so I can't run it as the shepherd service, but starting it as root is fine. <mbakke>snape: Can you share your Firefox recipe? <mbakke>I'm not sure how our Rust stuff is doing. <davidl>buenoanq: thanks for that config. I'll do the same if I can't get it working the standard way. <snape>mbakke: I tried to package 53, that comes with Rust, it was maybe one year ago, and I failed. <mbakke>Is there a reason we can't include Firefox in Guix? ISTR the licensing issues were resoived. <snape>anyway I just sent email to guix-devel to start a discussion about it. <snape>well, that's basically the content of my email <bzp>hat I must configure in 'zile /mnt/etc/config.scm'? <vagrantc>so, i've read a few places that lvm in guixsd is unsupported ... but lvm packages are present, and can be used ... does that just mean there's no lvm service that enables lvm devices out-of-the-box? <mbakke>vagrantc: Yes, I use LVM "manually". <bzp>my partition is boot sda1, root sda2, swap sda3, home sda4 <mbakke>Tried creating an LVM service once, but gave up at some point :P <vagrantc>�ACTION wonders what all it would need to do� <vagrantc>e.g. "vgchange -ay" "vgchange -an" ... for the most basic usefulness <davidl>buenoanq,snape, nckx: the solution is to add (gnu packages web) and nginx package in list of packages! :D <nckx>bzp: Unfortunately that picture is missing the actual error, which has gone to that great scrollback buffer in the sky. Can you Shift+PgUp? Or even better: run guix system reconfigure again with ‘2>&1 | tee LOG’ appended. <vagrantc>would also really want to add support to the initramfs... and guess that might get complicated <davidl>you would think this should be taken care of when you add the nginx-service though. <nckx>davidl: That sounds like a solution that shouldn't be a solution. It will allow you to run nginx from the command line (in fact, I do just that myself), but it should not affect the service in any way. <davidl>nckx: right. So I guess that mean something is wrong with the nginx service definition in guix? <nckx>davidl: As an avid non-user, I'm afraid I cannot say. <davidl>just to be clear, current my nginx is started with herd, not the cli. <nckx>Well, I use (nginx-service <my-own-artisanal.conf>), but that's it. <snape>davidl: what did adding nginx as a user package change exactly? <davidl>snape: when having added it as a system package I could start it with herd and the certificates would work properly. <davidl>maybe that only the (gnu packages web) would have suficed. <snape>davidl: weird. Can you remove it and try again? <nckx>It must be a side-effect of running ‘guix system reconfigure’ again, but you mentioned doing that earlier so... hm. <nckx>And by ‘must’ I mean ‘please let it be or everything I thought I knew about the world is a lie’. <davidl>nckx: now it works after removing nginx system package and reconfiguring. I have no idea what happened but messing around with it made it work. <nckx>davidl: Is it possible you never happened to run guix system reconfigure && herd restart nginx in order? <nckx>Although we'll likely never know. It works! Rejoice! <davidl>mbakke: error was that nginx service couldn't find ssl-certificate but nginx -c config.cfg could when loading the same config-file. <davidl>nckx: yep, time for a whiskey :) <davidl>snape, nckx: thanks a lot for your help <nckx>mbakke, davidl: I have noticed that the nginx service, especially when using a generated configuration, is much ‘stickier’ than it should be. It keeps loading old files longer than you expect. That's what happened here. <nckx>davidl: Nice domain, BTW. <nckx>Perusing my nginx logs again: the number of bots plugged straight into crt.sh is unreal -_- <mbakke>All this web stuff reminds me I should fix up the Varnish package and write a service for it. In case anyone is expecting a good slashdotting. <snape>davidl: nice, you're welcome! 