<cbaines>Ok, so I've hacked it enough that I can connect and execute "SELECT 1;" successfuly \o/ <cbaines>I'll send some rough patches tomorrow. <cbaines>Or, well. when I wake up later today... ***jonsger1 is now known as jonsger
<reepca>yikes, I'm actually at attempt number 38 of building mariadb now. Would it be wise to rebase guile-daemon on core-updates? Or should I just use a substitute for it in order to be able to continue testing building other derivations? <bavier>reepca: rebasing on staging might work; it includes a patch for mariadb tests, and has had master merged in recently <raghavgururajan>What are the disadvantages of NOT using LVM in GuixSD installation? Since 0.16 (beta) does not support LVM, should I wait for 1.0? <raghavgururajan>Also, in future, if GNUHerd development is completed; do I have to reinstall GuixSD to use GNUHerd Kernel or can I just install GNUHerd and enable/use along side Linux-Libre kernel? <olivuser>Hello everyone. I've just installed icecat and would like to install the extension "ublock origin" for it. How does that work? <kmicu>raghavgururajan: the number of cons for not using LVM depends on your hardware and filesystem. For example whether you use a laptop with one disk or a computing farm with ten disks or whether you use a basic filesystem like ext or something with more feature like btrfs. Migrating to new setups is easy and quick with Guix so go ahead with 0.16. Your current configuration doesn’t need to be perfect from the start. <kmicu>raghavgururajan: regarding Hurd, yes, changing kernel is pretty much a change in a config file and you can boot to a version with one kernel or another. <raghavgururajan>Thanks! I just use single 120GB SSD. Also, I have only one root partition. So LVM doesn't really matter right? <raghavgururajan>Thanks! So after changing config. one has to re-init the guix system right? ***rekado_ is now known as rekado
<rekado>raghavgururajan: “guix system reconfigure” <cbaines>raghavgururajan, not as far as I'm aware, I think it uses Slim <cbaines>although I think you can use the GDM if you tweak your configuration.. <cbaines>civodul, hey :) did you have a good trip back? <civodul>it's heavily raining here, but i'm good nonetheless <raghavgururajan>cbaines Thanks! Yes, I saw in guide that if I want to use wayland, I have to use "sddm-service". It's odd that guide mentioned "sddm" which is based on QML but nor "gdm" gnome's official display manager ?? Will you please be able to tell me what tweak I should make? <cbaines>civodul, I saw a few interesting things. There was a panel on corporate copyleft stuff, and a interesting presentation on a student organisation https://ulyssis.org/ <cbaines>raghavgururajan, unfortunately I don't know, I'm currently just using Slim at the moment. Maybe someone else does. <civodul>which reminds me i need to view the Sandler/Kuhn keynote <roptat>rekado, now I feel stupid, the issue with the overdrive was that I failed to find the button ^^' <roptat>it's working fine now, so I'll install it this evening <rekado>I should have shown you the button <rekado>it took me an embarrassingly long time to find it myself… <rekado>it took longer to pick a spinner than to implement the feature… and I’m still not happy with the spinner! <rekado>if anyone has a good idea how to better display merged bugs in the list: I’m all ears. <roptat>do you list all priority bugs, or do you limit to some amount? <rekado>these are all “serious” and “important” bugs. <roptat>could you add a small margin at the end of that list (say margin-bottom: 2em for instance)? I think it'd look a little better :) <rekado>there should be a footer as well, pointing to the sources <civodul>and yes, the AGPL footer will undoubtedly bring you a whole bunch of new contributions :-) <ngz>rekado: As a side note, when I search, for example, "is:open date:1m..today", I get a lot of duplicates. Is it intended? <rekado>the search features are a little weird, honestly <rekado>they are hamstrung by the Debbugs SOAP interface <rekado>I’m working on getting more info into a local database where we can search without those limitations. <cbaines>Has anyone seen this kind of error from guile-git? Throw to key `git-error' with args `(#<<git-error> code: -1 message: "invalid Content-Type: text/plain; charset=UTF-8" class: 12>)'. *civodul wrote "snipper" instead of "spinner", ENOCOFFEE? <civodul>cbaines: haven't seen it, but it could happen i guess :-) <doctorworm>Mornin' all. Does anybody know why Mate doesn't have power buttons in the menu? mate-polkit has been installed (thought that might be the issue, but apparently not). <civodul>cbaines: could be, in which case we should perhaps handle it better <allana>I am running the dockerd daemon as a service. For some reason the daemon fails to start upon boot and cannot be manually started. Runing "guix system reconfigure" after booting will successfully start the docker daemon. Any ideas what I may be doing wrong? <doctorworm>Also getting a prompt for authentication every time I use the screen brightness buttons, which makes me think Polkit isn't configured correctly <civodul>allana: what does "herd start docker" say? <civodul>are there hints in /var/log/messages? <allana>allana@guixsd ~$ sudo herd start dockerd <allana>Service dockerd could not be started. <allana>herd: failed to start service dockerd <efraim>doctorworm: interesting. I'll try to take a look at the service later <civodul>doctorworm: is that with GNOME? i think that works correctly when using gnome-desktop-service <civodul>i've seen it work correctly at least :-) <doctorworm>civodul: it's Mate. GNOME works pretty much perfectly on the same system, as does XFCE. <doctorworm>Looking at MATE as a possible replacement for XFCE but missing power options and some polkit related things aren't working <doctorworm>gnome-desktop-service is installed as well though for when I use the machine as a desktop <rekado>doctorworm: how did you start it? Do you use ~/.xsession to start Mate? <doctorworm>rekado: it's started using the standard desktop select screen, I haven't configured it beyond that. I don't use .xsession <doctorworm>It's installed by using mate-desktop-service in /etc/config.scm <doctorworm>When it didn't work I additionally added mate-polkit to config.scm to test but it doesn't seem to have made a difference <civodul>we should compare "guix system extension-graph" with mate and with gnome <civodul>it may be that the former lacks something <allana>civodul: sorry, I will look at /var/log/messages shortly and hopefully I can catch you again <roptat>doctorworm, maybe dbus is not started for the session? <rekado>(debbugs is again so slow that there are XML parse errors as the transfer times out…) <raghavgururajan>Hi! Is there any way to protect BIOS boot partition from tampering? For example, someone can boot live USB and tamper with BIOS boot partition. <civodul>cbaines: in artanis, you should avoid the hardcoded "/2.2" <cbaines>civodul, that would be ideal I guess, the package definition already did that, so I didn't go as far as trying to change it <civodul>raghavgururajan: i don't know, but i suppose you can't protect the system from someone who has physical access to it <cbaines>well, it is, but there are 2.2 references in the existing code as well *rekado tries to fix #22010, a bug from 2015 <civodul>rekado: it's weird that pyc files are reproducible, except those that come with python itself <allana>civodul: when booting, I get this message about docker: "Feb 5 09:26:42 localhost shepherd[1]: Service dockerd could not be started." I'm sure more context would be helpful, but I don't see anything obviously relevant around that message. After booting, if I run "guix system reconfigure" then the dockerd service starts without issue and I see other "happier" messages in /var/log/messages <ngz>giac-xcas currently fails to build on armhf because of an odd error: "ERROR: Unbound variable: bytevector->base16-string". Previous release built correctly. This is suspicious. <civodul>allana: uh, and nothing else in /var/log? could you send a report with all the details to bug-guix@gnu.org? <ngz>It doesn't look related to the package itself. <ngz>The package builds fine on other architectures, btw. <civodul>ngz: right, it has to do with the content-addressed mirror fallback code that fails on systems with a very old daemon <civodul>Mark H Weaver reported it, and i think we fixed it in code and/or actual setup, but maybe not <civodul>but anyway, i recommend getting substitutes from berlin.guixsd.org or ci.guix.info (CDN) <rekado>I may have a fix for 22010. It’s the same fix as for Python 3. <bgardner>Good morning guix! I'm trying to remove the ntp service from %desktop-services so I can change the list of peers, but while I am following the docs for the recommended method "(remove (lambda (service) (eq? (service-kind service) name-of-service)) %desktop-services)", 'guix system reconfigure' returns "service 'ntpd' provided more than once" - any advice? <roptat>bgardner, you probably want to use modify-services instead <bgardner>roptat: Worked beautifully, thank you again <nly>How can i add a (plain-file "foo" "bar") to guix store? <rekado>yo, I’m getting a silly error trying to build a new package. <rekado>All I see is guix build: error: invalid hash `960bfc6dd852eca98ce987667ca63f0b205d92386b4d0666d5dcf0a2fdcefe090a' <janneke>sometimes --no-build-hook gives more info? <roptat>rekado, is that the sha256 hash of the package? <rekado>this comes from nix/libutil/hash.cc <roptat>I got a similar message when I tried to build a packages with "" as the hash of the sources <rekado>no, I’ve got a proper hash for that package (as determined by guix download / guix hash -rx) <roptat>are you willing to share the definition? <rekado>the problem is with dune-functions <roptat>the hash is very similar to that of dune-pdelab, but it has one character that's different. Is it normal? <apteryx>rekado: I think I've had this error before, and it was just my mistake in the hash. Not nice error reporting, though. <apteryx>(as in invalid rather than mismatching hash, IIRC) <rekado>pdelab isn’t finished yet; just copied the other definition <rekado>no, the problem is actually with istl <rekado>I accidentally hit “n” instead of C-n <rekado>so the hash had an extra n, and the daemon wasn’t able to decode that. <apteryx>rekado: it should really error with something useful! Let's log a bug about it. <janas>This question might not have an easy answer, but does anyone here know why the node/npm build system was never merged into guix despite being implemented and approved over a year ago? <rekado>there have been different implementations of a node/npm *importer*, but the npm problem is unusually tricky. <rekado>npm packages may depend on hundreds of other packages that depend on the package in question in a dependency loop. <roptat>ah, I completely forgot that I wanted to send my version of the build-system to guix-patches... <roptat>swedebugia is working on a better version of the importer though, taking version numbers into account, which should help <roptat>but that'll probably add outdated packages to guix… <janas>roptat: thanks for the info! I don't mind having to manually add any tricky packages that I need <janas>I just didn't want to custom-install an entire build system :) <janas>also yes, I meant to say *importer* <mbakke>Welp, glibc 2.29 depends on Python.. <bavier`>I was a bit surprised to see that in the announcement <mbakke>Will be a fun bootstrapping endeavour. <apteryx>They could have used Guile, at least ;-) <mbakke>Is anyone working on a Scheme Python implementation? :) <bavier`>seems to be used for testing, so could probably be disabled if necessary during a bootstrap <efraim>Can we do it in micropython? I have a package for it <mbakke>efraim: Interesting, sounds like it could be worth a shot. Dunno how complicated bootstrapping Python proper will be. <bavier`>mbakke, efraim: the 'argparse' module, at least, seems to be missing from micropython <efraim>it seemed like a long shot anyway <rekado>mbakke: somebody did in fact work on Python for Guile. <raghavgururajan>Hey All! I installed GuixSD without boot loader on disk. I am not able to boot the installed system via GRUB. What are the syntax and values for "--root=", "--system=" and "--load=" in grub config? Can some one help me with this? Please and thank you. <rekado>raghavgururajan: why did you not install the boot loader? I wrote earlier that if you’re using libreboot you can let its on-chip GRUB pass execution to the on-disk GRUB. That’s the easiest way. <rekado>we can’t tell you what to pick for --root because the system is in a subdirectory of /gnu/store, which depends on your configuration and your version of Guix. <raghavgururajan>I understood that. But I already installed the GuixSD in a LUKS partition. <raghavgururajan>I came know after repeated trials that the file for system under /gnu/store ends with the name "system". Even the kernel got loaded and asked for Luks password. <raghavgururajan>But after that showing error "procedural file-load: no such directory". <raghavgururajan>rekado: Thanks for your input again. So may be I'll re-do installation with boot loader on disk. Can you tell me if there is any disadvantage for using /boot as separate unencrypted bios partition instead of using /boot under encrypted root partition? All I need to understand is this. Thanks in advance. <palica>hey guix! I am getting X.509 certificate of pypi.org could not be verified when trying to guix import pypi <package> <palica>why not install it as part of base-packages? <nand1>I had to declare nss-certs in my system-wide packages <nand1>I do not know the reason why nss-certs is not part of %base-packages <palica>it is the same also in freebsd IIRC <palica>so all curl, wget ... work out of the box <palica>could you please tell me how do you modify system-wide package set? <nand1>it should have been part of the installation directions <palica>pkill9: thanks guys! I am pretty noob what guix goes <nand1>in the desktop.scm template file I think it is there by default <pkill9>you're welcome :) we are all noobs at some point <janneke>has anyone seen and fixed this magit thing: git: 'rebase--interactive' is not a git command. <pkill9>my guess is there's a missing space between 'rebase' and '--interactive' <rekado>palica: on a Guix system there really is no concept of default system libraries. On traditional systems there is only one global namespace and all applications that have been installed depend on that same set of libraries. <rekado>But on a Guix system that’s not the case. Every package has its own set of independent libraries. They may be the same as those for other packages that are installed, but they also may not be. <rekado>since there is no global namespace these packages are not installed by default. They are available to packages that need them, but not necessarily exposed to the user. <rekado>TLS certificates are really a decision that users need to make by themselves. The user decides to trust the certificates provided by the nss-certs. This is a very large set of certs and it may not be a good idea to trust them all. <rekado>that’s why there is no global certificate store. Different users on the same system can choose to trust different certificate authorities and install different root certs. <palica>(but it breaks one of the basic functionality of guix (import)) <palica>I mean the user could still override the default-system nss-certs with his own if he wanted <palica>but you would get a functioning base system <palica>but just my opinion and I also know what you mean - you have to trust mozilla for doing the right thing <rekado>palica: I think one could argue that nss-certs should be installed by default. Looking at %base-packages in gnu/system.scm we see a few things that are not strictly required. Maybe you can start a discussion about this on guix-devel@gnu.org? <pkill9>doesn't nss-certs have to add it's certificates to /etc/ssl? <pkill9>due to hardcoding the path for security reasons <palica>how do I list files installed by a package? <rekado>pkill9: I don’t understand what you mean. We usually try to avoid hardcoding and use the environment variables to override the location of the certs. *rekado attempts to merge “master” into “core-updates” <palica>rekado: find $(guix build foo) seems to install it and build it even though I have foo already installed as system-wide package <pkill9>rekado: i thought that overriding the location of the certs wasn't possible <palica>does guix use any database store for installed packages (and their hashes)? <pkill9>yeah i think its just curl, since there are environment variables for SSL_CERT_DIR and SSL_CERT_FILE <palica>how could you verify that the package installed in /gnu/store didn't get tampered <janneke>efraim, pkill9: yeah, somewhere a space got lost ... now to find where? (this is magit, it works from the command line ...) <palica>doesn't that compare the binary from the servers with stuff you build locally? <pkill9>palica: i dunno if there's relaly any way to detect tempering of the store, because what if the bad actor also changes the database? <apteryx>I think it will go and build PACKAGE locally, and then compare that with the substitute a server is serving <rekado>palica: this means that you must be using different versions of Guix then. <apteryx>palica: yeah, exactly what you said ;-) <apteryx>isn't that good enough? if the version you have installed locally doesn't have the same hash as what was built by guix challenge, then something may be fishy (or non-reproducible). <palica>how does guix detect if a newly installed package version doesn't overwrite already installed eg. config file that I already modified? <pkill9>i think i mixed up the curl issue with the certs, because by default there's a symlink from /etc/ssl to /run/current-system/profile/etc/ssl, which i assume is put there by a service in order to workaround the issue with curl hardcoding the path to the certs <pkill9>actually no wait, it doesn't workaround it, nvm <apteryx>if the sources or any detail about that package is different, it won't collide with existing version due to everything in the store being hashed by their derivation and inputs (and maybe something more that I forget). <pkill9>palica: system-wide configs are generally specified in the guix configuration file <palica>ok, how does that protect it from being overwriten by a new version? <palica>or you mean only the changes to the files are specified inside the config.scm <pkill9>yeah changes are only specified inside config.scm <palica>so the new config gets overwritten but also patched according to config.scm settings? <apteryx>palica: your config is yours to keep versioned and safe, I'm not sure I understand the question. <pkill9>it doesn't get overwritten, but a new config file is generated in the store and is pointed to in the new system generation <palica>let me try to exaplain it with sshd.conf for example <palica>so I want some special setting enabled or disabled <palica>going to upgrade to 7.9 or whatever <palica>new openssh is going to overwrite the sshd.conf but this is going to be "patched" according to config.scm (foo_bar=enabled) ? is that correct? <apteryx>palica: every config file managed by Guix is generated at boot, when the OS declaration is instantiated, if I'm not mistaken. <apteryx>there's no patching involved, they're generated from scratch <palica>hm what if I don't reboot that often <apteryx>given what you put in your operating system config <palica>or forget to run reconfigure after update? <apteryx>you can just run guix system reconfigure <apteryx>then your services won't change at all <apteryx>your system won't change at all actually <apteryx>to update your system you have to both 'guix pull' and 'guix system reconfigure' <pkill9>yeah it's applied after running `guix system reconfigure` <palica>so the swwitch to new generation as well as config file regeneration is with system reconfig <palica>still would like to see a function to evaluate hashes of files at install time to the ones that are now on system <palica>because if you do guix challenge does it show you the files that differ? <pkill9>yeah it gets remounted as read only, you're not supposed to modify the store <pkill9>`guix challenge` is for comparing a remote bulid against a local build, to see if the remote build is the same as the locla one <pkill9>so what you want is to be able to see if your system has been tampered with? <palica>so I modified bash-completions/ssh <palica>run guix challenge bash-completion <palica>pkill9: I want to know if and what <palica>and it seems unless you build everything from source (locally) you can never tell <palica>unless you reinstall the whole thing <palica>all packages, but what about user-installed packages <pkill9>i wonder if the TAILS distro has a tool for that <bavier`>palica: maybe you could use something like AIDE, `guix package --show=aide` <palica>but wouldn't something like this be nice to have? <pkill9>i dunno how freebsd implements it, but maybe you could create a guix service that checks periodically using aide? <apteryx>I haven't modified my store, but if I did, I'd expect guix challenge to tell me they differed <pkill9>to get a local build of bash, run `guix build --check --no-grafts bash` <pkill9>then it should be able to compare <palica>now I have local build of bash-completion <apteryx>palica: how do you do it? remounting the partition as rw? <palica>I don't have any differences when running challenge now <apteryx>Maybe Guix is using its database instead of the actual files? <pkill9>yeah i think it will use the database, as the assumption is that nothing in the store changes <palica>I modified /gnu/store/6gvk...-bash-completion-2.8/.../ssh <palica>local build probably installed here /gnu/store/wgh45...bash-completion <palica>and even though the 6gvk-bash-completion was still modified <palica>the guix challenge returned no differences <palica>because it was comparing hydra build with local build <apteryx>ah; so you modified the wrong instance of bash-completion <apteryx>what happens when you modify the actual (current) one? <palica>the challenge installed a new instance <palica>it shows identical even with the wgh45 modified <pkill9>maybe it's overwriting the wgh45 one? <pkill9>palica: did you modify the wgh45 one in a different way, so that they aren't modified in the same wya and result in actually being exactly the same? <pkill9>e.g. if you add the $test comment to both of them, then they're gonna have the same hash <palica>but it is comparing hash from hydra-server and local <pkill9>and thus be considered idnetical by guix challenge <bavier`>palica: what does 'head ssh' show after the challenge? <bavier`>I'm not very familiar with this area of the code, but I think 'guix challenge' probably takes the hash from the store database, rather than computing it on demand <rekado>“challenge” is not made to detect a corrupted store. <rekado>it’s about challenging substitutes. <nand1>so I suppose it lets you detect if a mirror is serving <nand1>or if something is not reproducible <Copenhagen_Bram>So I just tried what both you folks and the arch wiki said would work, in the matters of encrypted root and /boot <Copenhagen_Bram>when I tried to init with an EFI bootloader, guix errored. So I used the legacy BIOS bootloader and guix finished successfully. Booting failed <Copenhagen_Bram>I'm now installing wgetpaste so I can share my config.scm and output of lsblk -f and fdisk -l /dev/sda and whatever other info you could use to help me find out why it won't boot ***renich_ is now known as renich
*janneke has a working magit /w rebase after guix pull <janneke>magit (package emacs-magit) is a git interface for emacs <Copenhagen_Bram>What information would be useful for determining why my computer won't boot? <roptat> rekado I found a cable to connect to the overdrive but screen terminates immediately and the overdrive doesn't connect to my box <roptat>There was a message about missing /var/run/utmp so I touched it <civodul>roptat: that's after your installed Guix? <roptat>No, I'm trying to start it for the first time <Copenhagen_Bram>I can't wgetpaste anything, certificates "hasn't got a known issuer.", what do I do? <roptat>Error messages in dmesg about group tty missing