***sandy-claws is now known as poggers
***poggers is now known as jess
<bqv>hey, why's guix still on glibc-2.31? <rekahsoft>Hi all! Firstly, happy holidays. I was curious what the best way to modify an inherited packages build phases? <rekahsoft>ryanprior: Ooo..that looks like exactly what I need. Sadly it was right in front of me in another source file and I hadn't yet investigated it. Thanks! :) <dissoc>has any work been done to try to get any security modules like selinux or apparmor to work with guix system? <xelxebar>Doesn't look directly applicable to a Guix System, however. ***apteryx is now known as Guest72305
***apteryx_ is now known as apteryx
***MidAutumnHotaru3 is now known as MidAutumnHotaru
<PotentialUser-46>Hi ! The blog post "Porting GuixSD to ARMv7" explain how to install Guix System on a ARM board but state that guix wasn't capable to produce a disk image from a desktop machine on x86_64. Is it possible now ? <davidl>janneke: changing the disk space option just doesn't seem to help, no idea why :-S Do I need to run some hurd version of resize2fs? <bdju>looks super nice. like an alternative to the sleep command with a visual countdown <ngz>My Emacs became crashy recently (in particular when reading mails with Gnus). I get segmentation errors. Are you experiencing the same? <davidl>janneke: how can I check the space left on the filesystem on hurd? <davidl>janneke: thats why I also tried to install gptfdisk which also fails. <leoprikler>But when trying to package something, that uses a strange filename, I get: Fran??ais: No such file or directory <leoprikler>and according to convmv, those files are already UTF-8 encoded <mekeor[m]>is there a guix-service for dyndns (aka ddns aka dynamic dns)? :) <BlackMug>vbox mostly wont work since its not considered as free software tool <BlackMug>but not sure about kvm if its gonna work or not <leoprikler>BlackMug: doesn't qemu have a kvm flag? It should work if enabled and permissions work out <BlackMug>so user have to do some hacky stuff to make it work? wont work just by installing similar to apt/dnf..? <leoprikler>If you consider adding "kvm" to your supplementary groups "hacky", then yes. <BlackMug>need to check out but thought somebody tried that <leoprikler>IIRC correctly if works with `guix system vm` if you pass --enable-kvm after that <leoprikler>"IIRC correctly if works", my english is on point again <aecepoglu[m]>How should I build/install a guile-scheme project consisting of multiple files? Normally I'd "cd" into the directory and add that directory to guile-load-path and run the main.scm file in there. Should I install the files in the bin/ directory of its guix package? Should they be copied to GUILE_LOAD_PATH or be compiled and placed into GUILE_LOAD_COMPILED_PATH? <mekeor[m]>aecepoglu: i don't know but did you look into other the source code of the declarations of guix-packages of other guile-based software? <aecepoglu[m]>I could not think of a relatively simple guile executable to take inspiration from <jonsger>sneek: ask lfam whats the way to get a module enabled in guix/gnu/packages/aux-files/linux-libre/5.10-x86_64.conf <ryanprior>aecepoglu: no but you are welcome to use it as well of course <ryanprior>I know very little about Guile, despite using it to contribute to Guix and reading a decent amount of its documentation. I couldn't begin to answer your question about how to build and install. I hope there are some example packages that can help you. <ryanprior>Looking at gnu/packages/guile.scm it looks like most of them are using the GNU build system, which means you could look at their makefiles and see what <ryanprior>In guile-xyz.scm there's a bunch more examples that use the guile-build-system <ryanprior>Ah it's because I instructed Emacs to copy a link to Savannah but Emacs doesn't know how to format Savannah links so it just didn't copy anything <aecepoglu[m]>I remember browsing these and hoping to find an executable among them. <ryanprior>I'm not sure what you mean by an executable. Do you mean not-a-library? <sneek>Welcome back rekado, you have 1 message! <sneek>rekado, raghavgururajan says: I was not able to find anything regarding your issue with librem laptop. But I will keep looking and will let you know if I find anything. <spudpnds>Hello! I'm trying to read a number of different config.scm files for inspiration. Does anyone know of any good ones I should read, or perhaps a curated list of them? Currently I'm just googling like: "guix" "base-packages" "base-user-accounts" "scm" site:github.com <rekado>raghavgururajan: thank you, but it turns out that there’s no problem booting. There’s just no visual feedback until *after* the passphrase has been input. <rekado>it’s a graphics problem, not a boot problem <ryanprior>I tried creating a JSON package definition today. It didn't work & I have no blue how to debug it. <rekado>could you please submit it to bug-guix@gnu.org and CC me? <bdju>ryanprior: thanks for the package! should I just be able to `guix package --install-from-file=countdown.scm` to install it? I get an error trying that, `guix package: error: cannot install non-package object: #<unspecified>` (I usually just use stuff from the repo so I still don't have the hang of this sort of thing) <ryanprior>The -L. flag adds the current directory (.) to the Guix load path <bdju>I made a new dir for it because it was in my downloads directory at first but I had some other .scm files in there it looked like it was trying to do stuff with, so I canceled it and moved it. <bdju>and I'm getting an unknown package error now <bdju>well anyway, if it works and you upstream it, I'll get to use it eventually <bqv>hey, why's guix still on glibc-2.31? <aecepoglu[m]>is guile-build-system for libraries only? It seem to put everything in lib/ <civodul>bqv: re glibc 2.31, major updates like this trigger a complete rebuild, so they're done in a separate branch called "core-updates" <civodul>that's merged every six months or so <ryanprior>Hopefully that will help you try the countdown package! Might also be useful to other Guix developers to see where the sharp edges are & strategize how we can do better. <civodul>ryanprior: the post looks like there are lessons to be learned, indeed! <bqv>civodul: ah, makes sense <ryanprior>civodul: thanks for reading! Happy to have this now as a resource to share when I see confusion <mekeor[m]>how to make a server running guix-system more secure and protected? are there any services which you'd recommend for a server exposed to the internet? <mekeor[m]>Aurora_v_kosmose: what firewall? which guix-service or -option offers such a firewall? <mdevos>and automatic upgrades with unattended-upgrade-service-type <Aurora_v_kosmose>OriansJ: Eh, port-knocking is kind of security by obscurity. It's not necessarily bad to add it in addition to other proper measures but... <OriansJ>Aurora_v_kosmose: but then again passwords are also security by obscurity but that doesn't change the fact security requires obscurity to be truly effective. <Aurora_v_kosmose>OriansJ: The difference, I think, is the degree of additional entropy and guessability/observability of the secret. <Aurora_v_kosmose>Encrypted HMAC'd port-knocking like fwknop allows is better than plaintext, for example. <OriansJ>Aurora_v_kosmose: if port knocking is the only line between access and not; you are correct. But we are talking about hiding services like SSH behind it; where you should also set up SSH keys for additional security. <OriansJ>So even if they just use knockd; it doesn't reduce the security benefits of clearing out virtually all of the noise. <Aurora_v_kosmose>For a bit more configuration overhead but more audited safety, I find that exposing wireguard and only listening to ssh on it is also an acceptable alternative <OriansJ>Aurora_v_kosmose: fair; personal preferences and all. but wireguard access attempts will still show up in the logs <Aurora_v_kosmose>OriansJ: Dropped connections are logged? I didn't observe such behavior, though since I did setup the optional symmetric keys, that may be why. <OriansJ>Aurora_v_kosmose: Government logging settings; require tracking of failed access attempts <Aurora_v_kosmose>Ah. Is it an access attempt if the connection is dropped before any protocol analysis due to an invalid MAC? <OriansJ>Aurora_v_kosmose: that depends on how one's agency interprets the standard. <Aurora_v_kosmose>Logging those would otherwise allow someone to fairly trivally DoS a server. <OriansJ>Aurora_v_kosmose: Not all services should be tolerant of DDoS attacks <OriansJ>Sometimes the correct behavior is to go offline. <OriansJ>Aurora_v_kosmose: Some sensitive systems should go offline in the face of a DDoS attack.