IRC channel logs

2019-10-16.log

back to list of logs

<wdkrnls>Hi Guix, I'm having some issues with installation:
<wdkrnls>1. the installation freezes at "creating /etc/machine-id..."
<wdkrnls>If I press escape, the installation continues.
<wdkrnls>However, after I fill out the options in the graphical wizard I get an error saying that some patch for some python-pep8-* package was not found.
<wdkrnls>I chose "Guided - using the entire disk with encryption" option
<wdkrnls>Afterwards, when it tried to recover back at the beginning of the installation, the background color turned red and there was a scheme error stack trace.
<wdkrnls>I had selected GNOME, openbox, and ratpoison to be installed as desktop environments. I'm not sure if that's relevant, but wanted to be thorough.
<nckx>wdkrnls: …and what did that stack trace say? Do you happen to have a copy/photo of the pep8 file name? If you have time, please send reports with all relevant info to bug-guix at gnu.org, so these serious problems don't fall on deaf ears here.
<nckx>3 bugs in one sitting, my condolences.
<nckx>wdkrnls: /etc/machine-id contains a random identifier so it could freeze waiting for entropy. Maybe you happened to hit Esc at just the right time.
<nckx>(Just a guess, no idea where the random comes from.)
<nckx>Hm, it uses https://dbus.freedesktop.org/doc/dbus-uuidgen.1.html, no mention of blocking but seems unlikely to.
***malaclyps2 is now known as malaclyps
<efraim>oops, not upgrading aspell
<roptat>hi guix!
<lprndn>roptat: hello!
<efraim>hi!
<roptat>something's not working correctly with the DNS delegation for guix.gnu.org...
<efraim>I think the vim plugins are going to need an overhaul with vim 8.1+ and native package management
<shrdlu68>I have added certbot and nginx to base services. The nginx declaration references certificates which are to be generated by certbot. Predictably, when I run `system reconfigure` it fails because the validation of the nginx config fails because the certificate doesn't exist yet. How do I go about this?
<shrdlu68>Is there a way to specify the order of starting services and dependency?
<efraim>econnman wants /var/lib/connman/econnman.config to be root:users and writable. I might modify the connman service to generate the file as necessary.
<roptat>shrdlu68, you'll need nginx working for certbot to get a certificate
<roptat>but certbot for nginx to work :p
<roptat>I'd suggest reconfiguring with the nginx server block disabled, then you can run the mcron script manually, and reconfigure with the server block enabled
<shrdlu68>roptat: What's "mcron"?
<roptat>that's the cron implementation the certbot service uses
<roptat>when you reconfigure, you should see a message that says "you might have to run ..." that's what you need to run to get the certificates immediately, instead of waiting for the cron job to run
<shrdlu68>Hmm, I've been excited about the idea of having a config.scm somewhere that I can init an OS from hands-off.
<bricewge>Hello Guix.
<bricewge>I was reading the mailling list about checking the copyright line in `guix lint`.
<bricewge>And since this is a bit off topic I'm asking here. What is the point to write this line when you are in country that don't apply Common Law (in my case it's Droit Civil) ?
<bricewge>Is it just cargo cult? Where should I ask this kind of question?
<leoprikler>copyright law still applies in other countries
<leoprikler>(and probably your country as well, even if it's named different there)
<civodul>Hello Guix!
<lprndn>civodul: hello!
<nckx>Good morning, geeks!
<puoxond>Hello Guix!
<nckx>o/
<puoxond>Is there a way to trigger the "baking" of substitutes without building anything?
<puoxond>On machines with less popular architectures Guix often starts building things for which substitutes are available, but haven't been baked yet. I usually just hit C-c and try again after a few minutes.
<puoxond>I was wondering if there is a smoother way to do this.
<nckx>I don't think so.
<lprndn>hum. How would one produce an "on disk" equivalent of container-script? I see in sources it uses gexp->script which seems to return a procedure (?) but I suppose I would like a file(?) (I'm feeble on those file/scipt etc stuff)
<puoxond>nckx: That's unfortunate. It would be nice if I could run something like 'guix package -m manifest.scm --dry-run --bake-substitutes && sleep 300 && guix package -m manifest.scm'.
<nckx>[0% snark:] I hope the effort put into creating that hack could instead go into dropping that ‘baking’ hack altogether. It's just a cache. My nginx server never stops to ‘bake’ responses (imagine!). My substitute server never bakes things. But hacking Guile HTTP isn't my idea of evening fun. 🙂
<bricewge>leoprikler: Any guess where I could ask this question to people with the relevant skill?
<roptat>maybe the FSF? they have lawyers I think
<bricewge>FWIU in my country the "copyright" is automatic and inalienable, no need to write it explicitly.
<truby>that's also true in countries with common law (e.g. the UK and the US)
<bricewge>truby: Oh ok, TIL.
<bricewge>What's the point to write the copyright line then?
*truby tries to remember his copyright training he did at work 2 weeks ago...
<truby>I think it's just to make it clearer
<truby>so you can open the file and just at a scan of it see who owns copyright on that file. But, IANAL so I can't be certain
<wdkrnls>In addition to my other installation issues mentioned previously, I again had the problem I was having on my other computer that one package (openssl in this case) got stuck downloading during the installation and so the installation process is stuck there at openssl being 57.4% downloaded seemingingly permanently.
<wdkrnls>The other packages were downloading very quickly.
<bricewge>Thanks :)
<bricewge>I'll ask on #fsf.
<wdkrnls>Is there a way to modify the disk image so all the necessary packages are available without downloading?
<wdkrnls>... since my workaround there was to just abort and retry to downloaded on the fully installed system.
<leoprikler>bricewge: you need copyright holders in case of license violations
<nckx>bricewge: From #fsf: ‘you could also try writing to licensing@fsf.org’.
<leoprikler>and the GPL has been violated a non-zero amount of times :)
<nckx>leoprikler: That's true, but their standing isn't determined by a copyright line.
<bricewge>nckx: Ho, email is probably better.
<truby>leoprikler: I think liberdiko's point is that in most jurisdictions you hold copyright anyway without writing it explicitly. But possibly we need it because there might be some jurisdictions where that's not true?
<bricewge>truby: That would make sense. Better safe than sorry.
<bricewge>leoprikler: I'm nitpicking here. But wouldn't it be redundant since the author is already present in git's commits?
<leoprikler>I'm going to quote the Zen of Python here, even if it's irrelevant: "Explicit is better than implicit."
<truby>woah, I just tried to install rust and there's no substitutes for aarch64 :-)
*truby buckles down for a long ride
<leoprikler>bricewge: you don't always have the full commit log when dealing with a copy
<bricewge>Ohhh. I never thought of that; like when you download a tarball of the source.
<bricewge>I think I have sufficent answer. Thanks leoprikler!
<leoprikler>you don't even have to go so far: ~/.config/guix/current doesn't have the log either
<leoprikler>that said, you don't necessarily need a copyright line *in every file* in every project
<leoprikler>some projects have one COPYING file, that applies to the whole directory tree, for example
<leoprikler>In the case of Guix, I think it's more of a way of tracking contributions by author
<civodul>puoxond: you could run "guix ... --dry-run"
***apteryx_ is now known as apteryx
<brendyyn>Does anyone else think it would be reasonable to remove the /etc/guix/machines.scm did not return a list of build machines warning spam, since it shouldn't really matter if /etc/guix/machines.scm is an empty file? Also same channels.scm which actually errors
<civodul>brendyyn: sounds reasonable to me
<nckx>brendyyn: And /etc/guix/acl, yes.
<civodul>hey, ho, comrades! i'm seeking comments on https://issues.guix.gnu.org/issue/37744
<civodul>we should also discuss how we'll publicize the issue
<leoprikler>civodul: do we even need world-writable user-profiles though?
<bgardner>Good morning guix! I need a perl installation that includes a module in CPAN and not available in Guix right now. I had no luck with guix perl + cpan install, so I removed guix perl and am trying to build perl from source. My current issue is during the perl make I get: "Can't figure out your cwd! at [...] /ExtUtils/MakeMaker.pm line 237" Any suggestions?
<leoprikler>not sure how this would work for Nix, but Guix can create per-user directories through the operating-sysem
<leoprikler>bgardner: have you tried guix import cpan?
<bgardner>leoprikler: I... have not! Thank you, I will try that
<nckx>leoprikler: Only Guix System. And something about creating a directory for every user ever doesn't sit right with me. They can't be safely deleted.
<civodul>leoprikler: no, this patch is precisely about fixing that
<civodul>leoprikler: but note that we also need to account for foreign distros
<civodul>and that's why creating /per-user/$USER is now done by the daemon
<civodul>yeah, what nckx wrote :-)
<roptat>civodul, "Since @code{$USER} is in @code{$PATH},"
<roptat>it's technically /var/guix/profiles/per-user/$USER
<roptat>well, ~/.guix-profile that points to it
<civodul>yeah, that's ambiguous
<roptat>I don't find any good way to say it though...
<civodul>i didn't want to write the full file name, but maybe we should write @dots{} or something
<civodul>lemme see
<civodul>@code{/var/@dots{}/$USER}
<civodul>don't translate just yet :-)
<roptat>ok :)
<g_bor>hello guix!
<leoprikler>civodul, roptat: you're right, I forgot about tha
<leoprikler>s/tha/that
<g_bor>I had a look at the DNSSEC problem.
<roptat>g_bor, cool :)
<roptat>what did you find?
<g_bor>It seems that the DS records are not set up at gnu.org
<g_bor>Did we provide them the information they need to set that up for us?
<leoprikler>civodul: I didn't know, that this is handled by the daemon. Is that written anywhere?
<roptat>g_bor, I think we didn't set DNSSEC up on our zone
<roptat>but there's no DS record for gnu.org either
<roptat>so I don't know why a resolver would trust gnu.org...
<nckx>leoprikler: That's the change.
<g_bor>gnu.org should have a DS at the .org DNS server, I believe...
<nckx>leoprikler: It shall be written in a news post and commented in the code. Or did you mean something else?
<nckx>DNS: Yes, this is not something the Guix subdomain can fix.
<leoprikler>nckx: no, I was simply confused, that's all
<roptat>SaaS, but: https://dnsviz.net/d/guix.gnu.org/dnssec/
<nckx>civodul: No comments on the patch.
<leoprikler>for users migrating from older Guix, will the permissions automatically be changed or do we need to do that ourselves?
<nckx>SaaSS, but Free.
<g_bor>roptat:yes, I see the same thing.
<g_bor>Opps, delelgation NS is missing it seems.
<g_bor>Sorry my bad.
<roptat>so three issues: there's no DS record for gnu.org, no DNSSEC on guix.gnu.org and the gnu name servers answer as guix.gnu.org to NS queries
<nckx>leoprikler: It's best if you take a look at the patch as a separate set of eyes.
<g_bor>Could we point the gnu.org people there so that they know what to fix?
<roptat>I think so
<nckx>leoprikler: if (chmod(perUserDir.c_str(), 0755) == -1) throw SysError(format("could not set permissions on '%1%' to 755")
<roptat>all we can do is add DNSSEC support on our zone
<sneek>Got it.
<nckx>sneek: what is all we can do?
<sneek>all we can do is add DNSSEC support on our zone
<nckx>Deep.
<nckx>sneek: forget it.
<sneek>Okay.
<leoprikler>nckx: sure, but when is that code run?
<roptat>:)
<g_bor>which will still not be enough, they will still need to adjust their conf
<roptat>sure
<nckx>leoprikler: I'm not trying to be unhelpful, I'm trying to trick you into doing extra code review. 😉
*nckx is no grokker of C++.
<nckx>But I obviously read it as ‘always’.
<nckx>if (getuid() == 0 && settings.buildUsersGroup != "")
<nckx>It would be slightly tighter if we dropped the second condition, but I don't think it matters in practice.
<nckx>(Famous last words & all.)
<leoprikler>wait, wouldn't the condition be weaker then?
<leoprikler>if you have both conditions, you need to root AND have an empty buildUsersGroup setting
<nckx>Yes. The chmod is run inside the condition, so weaker == more often.
<leoprikler>I see
<leoprikler>but when exactly does the first even hold?
<nckx>No sane daemon runs without buildUsersGroup (can such a daemon even download anything, including sources?) but it's technically unrelated to being able to chmod.
<leoprikler>okay, the first holds always, and the second should also hold
<nckx>leoprikler: I don't understand. getuid() is a system thing, and 0 is, well, should be obvious.
<nckx>I mean that it's good old ‘man getuid’, not some Nix-specific wrapper that looks at the client user or anything magical like that.
<leoprikler>I don't have the context to see when this function is called, but now I'm at least sure, that getuid would return 0
<nckx>This is my understanding of nix/libstore/local-store.cc.
<leoprikler>okay, and given that this is in the constructor, it would always run some time during daemon startup
<leoprikler>btw is there a reason why we still use the nix namespace and everything?
<nckx>civodul: Actually, yes comment (see mail).
<nckx>leoprikler: Work/reward, I guess?
<olivuser>hello guix!
<olivuser>I hope this will be the last time me bothering you for the foreseeable future with "general purpose" questions.
<olivuser>Is it more problematic to have two separate drives (/dev/sdA and /dev/sdB), each with a different UEFI Bootloader and a different distro, than it is to have the same constellation with BIOS/non-UEFI bootloaders?
<leoprikler>Assuming you actually get to do an UEFI install, it should not make that much of a difference
<olivuser>leoprikler, hello awesome fellow :) I dont understand what you mean by that. You mean that I would be hindered doing this?
<leoprikler>on my current machine, grub-efi-install has failed me for reasons I no longer know
<leoprikler>but assuming your grub-install runs through, it should not be a problem
<olivuser>when I'm rather a noob when it comes to low-level system administration, does it make sense to still choose btrfs over ext4? I had several distros running ext4 and so far had no problems, but I heard btrfs is better in many regards
<nckx>olivuser: It makes sense. In my experience btrfs is still less stable than ext4 today. I had to nuke a 6 TiB btrfs just last month; it had corrupted itself (no crashes, power losses &c.) beyond repair. ‘btrfs check repair’ proceded to slowly and methodically repair each file by deleting it :-) OTOH, even if you don't use any explicit btrfs features, you can still benefit from implicit ones like checksumming that can at least detect bit-rot (ext4 cannot
<nckx>). So… as always, it depends.
<olivuser>nckx, so it is mainly seeing that your drive is about to die before it actually happens (in my case)?
<olivuser>and/or data loss might be imminent?
<nckx>I guess that's one reason your drive could start returning bogus data. There's also the idea that as drives get huge, the chance of a healthy drive returning bogus data once becomes non-trivial, although the maths of that are not agreed upon.
<nckx>olivuser: I've had btrfs catch one bad bit (well, block, but bit sounds cooler) in the ~10 years I've been using it. But that was in a huge DVD image of which I might have rotated all back-ups and kept the damaged copy otherwise, so I was thankful.
<nckx>(It was not a replaceable image.)
<olivuser>nckx, and would the reasoning be different for system and home partitions? I guess not right?
<olivuser>also, would I run into problems if other drives are formatted in ext4?
<olivuser>I mean, I regularly copy data between two drives, and it would be quite shitty if that would lead to corrupting the exchanged data
<nckx>olivuser: I certainly don't see the point of btrfs for / if you have a separate /home. Guix takes care of the roll-backs for which other distributions use btrfs snapshots, and btrfs deals very badly with things like /var/db. ext4 is a good / choice.
<nckx>olivuser: Nah, fs types don't affect that.
<nckx>(Copying.)
<olivuser>nckx, alright, thanks a bunch!
<olivuser>I've gotten a bit paranoid since things I only halfway understood happened to me in the last weeks....
<leoprikler>nckx: so would you recommend btrfs for /home or for / if /home is not separate?
<nckx>olivuser: NP. It's all opinion, but a decade of it.
<nckx>leoprikler: The only thing I recommend is good back-ups, anything else is too risky. I replaced that 6 TiB btrfs with a new btrfs, which is a Guix System's / partition, so it has its uses. In my case btrfs's checksumming, compression, and sortaraid are worth the immaturity.
<nckx>And yes, this is a system people pay me for.
<nckx>THE FOO—
*nckx → afk.
<olivuser>let me take this opportunity to thank you guys for your supportive attitude :-* have a great day!
*vagrantc wonders how https://jwilk.net/software/dothost would handle some of the graphs guix produces :)
<janneke>vagrantc: actually, civodul's latest patches made some bootstrap graphs a bit nicer
<vagrantc>janneke: curious how they'd render without a GUI :)
<nckx>civodul: I've translated the news to nl for the 1 person who will read it (me); how should it be submitted? To the bug so it can be squashed, or as a separate patch to master later on?
<civodul>nckx: neat! you can send it to the bug report if you want, i'll paste it into the news
<civodul>i have one colleague from .be who might read it as well FWIW :-)
<nckx>civodul: Cool! Sent.
<nckx>Fucked up by emacs! Again! Sorry, I'll resend.
<civodul>that happens :-)
<nckx>Looks like ‘mu4e-compose-format-flowed t’ munging. civodul: Resent.
<civodul>nckx: received! :-)
*civodul requests a CVE
<nckx>civodul: I just saw your ‘Should we:‘ e-mail. I don't really know how this stuff's handled. Are you waiting for a CVE to push the fix?
<civodul>nckx: no, i've rebased it and will push in a minute!
<nckx>Great.
<civodul>the CVE can come later
<civodul>it'd be nice if we could publish a blog post tomorrow, but i'm not sure i'll be able to do that
<civodul>perhaps it doesn't have to be much longer than the news entry, after all
<civodul>with links to the original oss-sec message etc.
<nckx>I don't mind writing a blog entry (can't start until tomorrow 20:00 CEST though…), but I don't really see the need for jazzing up the news message TBH.
<nckx>It's fine, it's dry, no animated GIFs but so what?
<civodul>well, dunno
<civodul>:-)
<civodul>the news entry is kinda concise and to the point, maybe it lacks context
<nckx>Probably a reaction to finding that Nix OSS report unreadable. I didn't understand it at all until I read a 2-line summary. ‘Oh. That.’
<civodul>maybe not!
<nckx>Hm.
<civodul>yeah actually it also took me a while to parse that message :-)
<nckx>Welp, if there's nothing posted by tomorrow evening you know what I'll be doing I guess.
<nckx>Cool, not just me then.
<civodul>pushed!
<civodul>nckx: yeah we'll synchronize tomorrow and see
<nckx>\o/
<civodul>now to update the 'guix' package again
<bavier>nckx: typo in second paragraph of the nl translation? 's/gebuikers/gebruikers/'
<nckx>bavier: You betcha!
<nckx>Used 2 SaaSS spellcheckers, too 😃
<bavier>heh :)
*civodul -> zZz
<civodul>night!
<nckx>civodul: Good night.
<nckx>bavier: How u know that?
<bavier>nckx: brief stint in NL growing up
<nckx>Cool :)
<bavier>can't speak or write worth anything, but can usually get through reading
<nckx>You're better at it than I am…
<bavier>:P