*vagrantc cheers on rekado for making some r-* packages build reproducibly :) <vagrantc>guess that's ~1322 more packages to fix... <rekado>vagrantc: I saved your yaml notes and thought I should fix the R stuff one of these days <vagrantc>nckx: i think my earlier explosion was due to (delete-file (string-append out "share/doc/itpp/html/_formulas.log") vs. (delete-file (string-append out "/share/doc/itpp/html/_formulas.log") <vagrantc>i committed itpp reproducibility fixes a while ago, but this time i think i got it for real i hope. <vagrantc>basically was reviewing all the fixes i'd already pushed to make sure they worked <Gooberpatrol66>*what's the correct way to enable trim with device-mapper in guix? <Gooberpatrol66> /proc/cmdline doesn't seem to have the "cryptdevice" flag in it <ajarara>Are there commercial guix offload services? <nckx>Gooberpatrol66: ‘cryptdevice’ isn't a Linux option, so it shouldn't be. <nckx>There are some other options that would also make sense to allow, others not so much. <ajarara>What external risks are there for a cuirass instance consuming arbitrary derivations <ajarara>given that there may be no commercial options I'm thinking of putting up a communal one and allowing relatively unknown people to use it <ajarara>like on a manually approved/revoked basis, not 'publish private ssh key in the repo' <ajarara>or is better access control simply code review? <nckx>The daemon alone certainly isn't hardened or tested against downright malicious derivations. Such a service existing would certainly make most of us very nervous :) And derivations are one thing, but you mention Cuirass, which implies running ‘host-side’ code as well, not just ingesting raw derivations. Host-side code isn't sandboxed by Guix at all. The current reasoning being ‘you trust the channel with your final binaries anyway’. I do s <nckx>ee that attitude changing, eventually, but not swiftly, and it would take a lot of work to retroactively sandbox channels. <nckx>That's assuming you really accept arbitrary code, of course. <vagrantc>on the plus side, if things are eventually merged into guix, you could add that substitute server to your list of substitutes, but not add an authorization key :) <nckx>For example, although all that would give you might be a slightly faster download and less network load on the official servers, no? <nckx>Which is not nothing, but it's not having-rust-before-berlin-finishes-it. <nckx>You'd still be waiting for the signature and hence build. <nckx>Anyway, there are already communities (including Guix itself) that run substitute servers that pull from a channel to which several relative strangers got commit access without a full NSA background check, so it's a matter of degrees of trust. <nckx>Actually using Cuirass (which I read, and still ignored) implies some sandboxing of evaluations, but it's not the kind of sandboxing I'd trust to protect against deliberate attacks. <ajarara>right, the aim behind this is to have an intermediary between high standards of the guix package set and 'I just want fast builds across these hosts for this hack <ajarara>I think I'm convinced though that code review before merge into the channel that is just 'this doesn't actively harm anything' is the right tool here <nckx>I personally agree. Good luck! <nckx>> implying the Guix standards are extremely high and not exactly such a trade-off :) <vagrantc>nckx: yeah, it's of limited benefit if they're not building the same packages <nckx>I was assuming the were. <nckx>What's a benefit I didn't list? <vagrantc>still, i love the pull signatures from one server, pull substitutes from another model <nckx>Not that I don't care, but I wouldn't list it as a benefit. More as a community service. <nckx>‘You get the awesome opportunity to give vagrantc even more work.’ <vagrantc>one of the main benefits of reproducible builds is to be able to use untrusted or even untrustworthy resources without having to trust <nckx>> a slightly faster download and less network load on the official servers <nckx>I'll admit that as sales pitches go it was perhaps too unenthusiastic. *nckx not very good at sales. <vagrantc>nckx: i'll take your bountiful contributions and help over your sales skills any day *nckx sighs the word Matrix, shrugs in bullet time. <nckx>It seemso, doesn't it? But I hop^Wthink it just comes in waves (or random clumps, if that's your thing). <nckx>I can censor the logs all night, friend. <podiki[m]>I wonder if liberachat has some global ban list via matrix federation...as in get banned from one channel as spam, everyone knows <nckx>I'd set +qz $a:*:matrix.org and whitelist folks myself, but I can't because I'm off to bed. May the rest of your stay be spam-free. o/ <nckx>Oddly, I feel 0 urge to play shitty on-line scam RPGs. Night! <yuu[m]>podiki: bot spam on matrix indeed increasing all over <podiki[m]>I'm only in a few matrix rooms, but did seem that way anecdotally <yuu[m]><nckx> "It seemso, doesn't it? But I..." <- depends. openbsd matrix room was spam-bombed once. i had to quit it *vagrantc remembers when matrix was touted as more spam-free than irc or xmpp <yuu[m]>i have ("/run/current-system/profile/sbin" "/run/current-system/profile/bin" "/run/setuid-programs" "~/.guix-profile/sbin" "~/.guix-profile/bin" tramp-default-remote-path ...) in my tramp-remote-path but still getting tramp-error: Couldn't find a proper `ls' command <yuu[m]>it was working but it then just stopped working ***daviid` is now known as daviid
***roptat is now known as Guest8836
<unmatched-paren>yuu[m]: The problem is you put %base-file-systems inside the (list ...) <yuu[m]>unmatched-paren: that was it, thank you! now i'm getting another error; i'll try to debug first myself ***unwox is now known as scisssssssors
***unwoxx is now known as unwox
***scisssssssors is now known as scisssssssors_
***Dynom_ is now known as Guest9285
<bost>Hi. While setting up reproducible environment (with 'guix home') I need to do some additional work, like cloning git repos, copying files, etc. Is there a preferred or recommended way to do it? <lilyp>"cloning git repos" sounds like something that could be solved with origins <lilyp>as for "copying files" that depends on your source and destination, but there should be a service type to place particular files (or file-like objects) to your target destination <iyzsong>maybe extend home-activation-service-type or home-run-on-first-login-service-type to run some scripts, required to be idempotent though. <unwox>home-files-service-type for copying configurations <bost>lilyp iyzsong unwox Thank you. <bost>lilyp what do you mean by 'solved with origins'. What is the 'origins'? <lilyp>(origin (method git-fetch) (uri (git-reference ...)) ...) <bost>unwox: local-file has recursive copy capabilities! I completely missed that. Thanks again <dgcampea>is there a way to automatically launch a docker/podman container after boot? podman has a 'podman-generate-systemd' that generates systemd .service files but that won't work here right? <jeandudey>Hello, is it normal for cross-gcc packages to not be found using `guix search'? For example, avr-gcc is define-public'ed (avr.scm) but can't be found using `guix search avr-gcc' <jeandudey>alright just found about hidden-package so that's why ***lukedashjr is now known as luke-jr
<cizra>Hi, I'm new to Guix. (for background, I've used Arch and NixOS and many other distros, tho). I'm trying to set up a multiboot with Guix in one of my btrfs subvolumes. I'm having troubles achieving this, though - it seems that the luks2 module is missing from my Grub install, so it's not decrypting my btrfs. I'm not overly familiar with Grub - can I add a hook to Guix to copy the kernel to the ESP, and set up <cizra>EFISTUB, or reuse my existing systemd-boot bootloader from another OS? Or add luks2 module to grub somehow? <Phil51>Hi all - I was wondering if there is a rough ETA for the Guix 1.4 release? <nckx>Phil51: There's no project ETA, no. <nckx>(Personally, I expect it to happen in about 2-3 months… or so?) <nckx>Anyone else need disappointing answers? No? I'll be AFK then. <Phil51>nckx - that's useful even as a rough prediction! <Phil51>Where I work we periodically move our guix baseline, I was considering holding out for 1.4, but if it's months not weeks, makes sense to move it now, and then again come 1.4. <cizra>nckx: I'm not insisting on encrypted boot. I'm using a separate, unencrypted boot partition, but the guix installer apparently didn't notice it, and thus the grub configuration is referencing kernel/initrd from the _root_ partition. Not boot. Thanks for the tip about copying, though, perhaps I'll be able to steal ideas. <acrow>Guest8836: I wanted to ask you if could commit https://issues.guix.gnu.org/32947#29. I believe it has had a thorough review and given great due diligence. Adding a xalan library to guix will open new avenues and I don't want to see the, literally, years of effort that has gone into this go to waste. <davidl>unmatched-paren: I have made more progress, and have defined around 70 javascript (node) packages now, getting old. Gotta have that recursive importer. I can let you know, that common thing is that devDependencies are installed as the node build system works now, so I pretty much always replace the configure phase so it uses the --production flag. <davidl>more progress on the tern* package (javascript engine) <acrow>roptat: Of course, I'm also happy to field questions. <mgd>I'm trying to install GUIX on a thinkpad X220. The usb with the ISO is being read but not booting into the installer. Does it require a "free" loaded i.e coreboot or am I doing something wrong? <unwox>which mode is bios in? legacy/uefi? <mothacehe>mgd: which installer are you using? 1.3.0 or latest? <yuu[m]>cizra: maybe you could try systemd-boot->grub? <mothacehe>ok, you can try booting in legacy mode, but the installer should support both <mgd>monadgauge Don't know if it helps but I just get a flashing cursor waiting the bios loads <nckx>mgd: This sounds like something went wrong whilst creating the installer. <mgd>I used dd to create the usb. But I will try again <nckx>Did you dd an undamaged image, and did all the bytes get written? (You can check the former with the signature on the Web site, the latter with cmp.) <mgd>yes, I checked. Might be my usb then <nckx>I'd personally recommend the ‘latest’ image if you're retrying anyway. <nckx>1.3.0 isn't some beacon of stability. <nckx>Phil51: Well, maybe someone else finds weeks realistic… Don't flame me if they pull off the impossible :) <nckx>mgd: To answer your question: no, Guix should boot on any x86 firmware, no matter the freedom. And Thinkpad X2x0s should be pretty well tested. I'm surprised. <mgd>nckx I will try the latest installer and see if that fixes anything <sektor[m]>Is there a way to turn off the ascii spinner in Guix and substitute it with the compiler output? <unmatched-paren>sektor[m]: As in, get the build log output? I believe you might want to use `guix build`. <tex_milan>Any hard way? I am wondering whether it has to be "nightly" or some very recent new one suffice...? <unmatched-paren>because #![feat(...)] is only available when using a nightly compiler <unmatched-paren>Oh, wait, I think you might be able to bypass that by setting RUSTC_BOOTSTRAP=1 <tex_milan>did you see any recipe for nightly rust? do you think it is possible to reuse existing rust recipe? or is there some other significant issue? <tex_milan>heee, will try. but eww looks too good for giving up. <attila_lendvai>with tongue in cheek: there could be some captcha-like thing that is a bit of an effort to solve, and patch submitters could use it to bring their submission higher up in a list. that way submitters could express their commitment in a way that is better than pinging/annoying the maintainers... :) integrate it with bounties, submitter reputation/history, and/or donations, and it may even start making some sense. <pkill9>bug bounties to increase the priority of your bug would be interesting <pkill9>increase the market value of your bug report <pkill9>someone probably already has tbh <nckx>I'm sure someone has and it went extremely well and everyone was impressed. <attila_lendvai>pkill9, i'm pretty sure something like this exists. but i'm also pretty sure not in the form of a debbugs plugin... :) <pkill9>and the system probably wasn't abused in any way <nckx>This is going to end up at reproducible-builds-Guixcoin-to-the-moon in 3… 2… <robin>(no idea about the licensing, i just remember McCLIM uses it) <podiki[m]>sneek: later tell tex_milan as a proof of concept I built and ran eww in the fhs container I'm working on <nckx>pkill9: Right. Anything you encourage users to do in exchange for X, will be done poorly, even if it's just ‘translate one string for us’. <nckx>Which is like the least harmful example I could think of. <nckx>(My cmp suggestion was not in jest.) <nckx>Although there are USB drives that just refuse to boot even if they have all the bits. Haven't worked out what that means yet. <robin>podiki[m], ooo fhs containers <podiki[m]>some polishing remains but it is functional; I use it for some work <podiki[m]>most welcome! if you try it out and run into any issues or have suggestions, leave a comment there (or tell me here) <mgd>However, now the installer gets to the disk partition section and when I pick an option, it throws me back to the start of the installation <johnjaye>how would i make sure the guix manual is readable offline? <johnjaye>is it in the debian repos when i install guix for example? <unmatched-paren>johnjaye: it should be installed by default when you install guix; sadly it's an info manual <johnjaye>well. i realize info may not be the best document format, but it's at least reasonable to expect a gnu project would have an info documentation <nckx>unmatched-paren: You can get man page-quality documentation with guix COMMAND --help. <unmatched-paren>johnjaye: you might want to try the `pinfo` package for saner navigation <podiki[m]>on the info front: anyone have some nice looking info readers? or customizations for emacs info mode? (like with better markup/styling like the html one) <podiki[m]>hmm...emacs info uses fixed pitch font everywhere, though I thought my default is variable pitch (with fixed for code etc, using a mixed mode) <podiki[m]>ah, can do it manually, probably need to add something to a variable of what gets what font mode <johnjaye>unmatched-paren: i thank you for recommending this despite the fact doing it is sort of admitting that info browsing kind of... sucks <johnjaye>although one could argue emacs is the more common viewer <jeandudey>has anyone tried to make a Rust toolchain that is able to cross-compile? <PotentialUser-22>Hi, I'm trying to boot Guix system from a multiboot ISO USB memory, but it's failing to find the root partition with a particular UUID. This is the entry in my grub.cfg: <PotentialUser-22> linux (loop)/gnu/store/5axms2d6yqx1zqbcjn3cl015cbcaf7i1-linux-libre-5.11.15/bzImage --root=31393730-3031-3031-3139-343934363833 --system=(loop)/gnu/store/a361dixcmijs70zlq0rhc917fci1qfy0-system --load=(loop)/gnu/store/a361dixcmijs70zlq0rhc917fci1qfy0-system/boot <PotentialUser-22> initrd (loop)/gnu/store/6gqlkmklgvqks6nqf6bc39vj044pjvjd-raw-initrd/initrd.cpio.gz <drakonis>you just move the image into the root directory <drakonis>if i remember correctly, it does some mount trickery to get the job done <nckx>PotentialUser-22: So you just extracted the ‘contents’ of the ISO to a USB drive? That won't work. It's looking for that specific UUID, for one. <PotentialUser-22>nckx: I didn't. I used the ISO. I was under the impression that Ventoy does that. And it seems that it doesn't <drakonis>while you're inside the live image, you can't mount the usb device with ventoy in it <nckx>To add to drakonis: The ‘graphical’ partitioner crashes, but it's more of an overzealous check. The actual OS runs perfictly, and installation from the CLI works fine. <drakonis>i never tried doing the graphical install with ventoy <drakonis>or maybe that explains why it never works lol <nckx>It uses advanced magicks to present the ISO file as a dm-mod device. <nckx>As opposed to mundane device-mapper sorcery. <drakonis>it does the things you thought ventoy would <drakonis>it has a mode that's basically extracting the iso and using syslinux to boot and another that dds the image into the device <nckx>IME the 31393730… root device shows up after a few seconds. However, the number of seconds is highly variable and sometimes unusually long. I can easily see it exceeding the time-out. <drakonis>ventoy on the other hand only requires spending 32mb of the usb's partition space and then the rest can be used for whatever you want <nckx>Ventoy is cool, but whether it's ‘elegant’ or a clever hack is up for debate. <nckx>Maybe try rootdelay=SECONDS on the kernel command line. <drakonis>you should check its repository at some point <nckx>(My implied opinion was that it's not elegant, but so useful that I'm OK with it.) <nckx>It's an admirable effort. This wasn't some lazy twentieth ‘I'll theme GRUB to be my resqboot menu’ hack job. <PotentialUser-22>nckx: Thanks for the hint. It might be because my USB drive is too slow? <nckx>I can't say, I didn't investigate why the time was so variable here. <nckx>All my USB drives are cheap, so I generally blame it on that, try another, and move on. <drakonis>the recipes are for the ones that the standard method does not work *PotentialUser-22 is looking for them now <nckx>PotentialUser-22: Support just means somebody reported success, in this case me. There's no test lab. <nckx>Nobody verified my claim. <PotentialUser-22>Thanks for all the pointers, I didn't expect this level of community support. I'll give Ventoy a try <nckx>The only method we ‘support’ is dd, but I'm interested in fixing the last few Ventoy bugs, so thanks for the report. *nckx is looking for a slow USB 1.0 or so drive. <apteryx>nckx: fede010299693d4bc9b1a12708af2b3b471b36b5 says I did, but I didn't reconfigured the build nodes with the mass deploy command, so it's not yet in effect I guess <nckx>I don't see a risk if you don't. <apteryx>berlin ssh is getting slow again, right? <nckx>I could do the job I needed to do as hydra@, so it wasn't a problem. <nckx>Stop me if this is silly, but I was thinking about rebooting berlin again this Wednesday, during the MDC maintenance window. <apteryx>if there's a good reason for it of course <nckx>I'll do that if I can be sure to be around to complete the job (should be). Since, you know, the network might briefly go down during. <nckx>apteryx: Well, I think delaying the next hard reset is always good? I'd rather gracefully reboot given the chance than keep resetting it like we are. <nckx>Plus, this time I want to write down the several manual steps that follow a reboot. <apteryx>nckx: when our storage reach 1 TiB of usage on /, it'd be nice to time 'guix gc' <nckx>Are we close? (Not going to use up an sshcoin® just to check.) <apteryx>not really: /dev/sdk2 100T 322G 100T 1% / *apteryx runs 'guix deploy -L modules berlin-nodes.scm' using the latest guix <nckx>100T is so ridonkulous. I wonder how soon that will become mundane to us. <apteryx>guix deploy: error: failed to deploy hydra-guix-125: SSH connection to '141.80.167.182' failed: No route to host <nckx>I forgot to properly report it. <nckx>(deploy stops on the first error, so do be sure to comment it out & try again.) <apteryx>we could try rebooting it from iDRAC <apteryx>nckx: also, 100 TiB * ~2 at least for /gnu/store, thanks to Btrfs encryption ;-) <yuu[m]>given that error message, is position 2 lst in `remove pred lst`? <nckx>yuu[m]: Thanks for the diligence in providing all relevant information! I can't reproduce your system though; for example, file-system-os-guix is missing. <muradm>apteryx: I tried your suggestion with (gnu services configuration), but I found it quite painful unfortunately <muradm>i found plain records more readable <muradm>And that required documention strings is another upcoming pain <apteryx>the benefit of (gnu services configuration) is the self-validation of each field, with useful error messages <nckx>yuu[m]: Anyway, my current guess is a typo, but maybe I'm (literally) missing something. <muradm>this especially is very wierd codes https://paste.rs/FUC without reading (gnu services configurations) does not help in understanding <muradm>apteryx: I understand the intention, but implementation looks not very useful at least.. imho of course <nckx>yuu[m]: (dependencies %file-system-os-guix) → (dependencies (list %file-system-os-guix)) <nckx>Fields ending in -s usually being list is Guile's definition of advanced typing. <apteryx>muradm: I can't review deeply right now, but I'm curious if all these custom serializers are really needed <nckx>And of course, ‘#2 is bad thing’ its definition of advanced error reporting. <apteryx>muradm: also list-of-strings is already defined as a type, and 'list-of' can be used to define other ones. <muradm>apteryx: I went by reading chapter in manual and (gnu services configuration) it self. once filed name is customized, serializers should exist <apteryx>I've never used that, I guess this is where all this verbosity comes from <muradm>then rest have to use it, and should be present <muradm>i can sacrifice readability and have field-name's same as written in config, then those serializers may be can go away <apteryx>ah, you wanted to customize the field names like that, I see. I'd suggest against it for simplicity, and for users to match the equivalent documented in the tool manpage easily <apteryx>you can always sanitize the name, e.g. something? -> something <muradm>apteryx: you suggest to have bantime.rndtime field instead of ban-time-rndtime is ok? <apteryx>and then have the '-' turn into '.' at serialization time. <muradm>there is no pattern in where to replace that <muradm>and then again, same thing will have to happen with serializers <muradm>once you touch field-name and customize it, all other serializers has to come as well <muradm>define-maybe for another configuration? while it is logical and looks compiling, i'm not sure if it is going to work yet <muradm>apteryx: any way, I'm going to sleep, it is late here... may be when you have time to look deeper, and share your toughts on snippet I pasted, I will appreciate <apteryx>sneek: later tell murmradm define-maybe on a complex value (e.g. another configuration) is possible; jami-service-type makes use of that <rekado_>nckx: I’d like to replace our znc abomination for logging IRC channels with a guile abomination. Message <87tu7bsp1x.fsf@elephly.net> introduces it. <Bung>Hi. Which one is more good;GNU/LİNUX GUİX and Trisquel? <vivien>There are some technical differences between them, but that doesn’t make one better than the other. I guess you have to try them and see what you prefer. You can also run guix in trisquel, if you would like to combine them.