IRC channel logs
2022-12-13.log
back to list of logs
<podiki[m]>mirai: you'll see things like (pkgname)[phases]{phasename}: description of changes or similar (sorry off the top of my head) <podiki[m]>mirai: when in doubt I always look for examples in the git log, but don't sweat it if you aren't sure, someone can help you in review <florhizome[m]><unmatched-paren> "unfortunately there doesn't seem..." <- I have one locally <florhizome[m]>Serializing the config file for thinkfan just was a bit too much <KarlJoad>Can someone with CI access answer this question for me? What does the /var/cuirass/cuirass-mailer script get provided as command-line arguments to send a notification email? I am trying to re-write a wrapper in Guix for my Cuirass instance. <florhizome[m]><jpoiret> "more than 60k debbugs issues? 🥳" <- I was 60000 hehe <tribals>rekado: meaning that it does not "magically" run different arch binaries on host - it only builds those binaries for desired arch (or substitutes them) <tribals>(I was remembering it *does*, but that's not the case, of course) <ham5urg>Can someone point me to the right git repository? <mekeor[m]>ham5urg, if i understand correctly, the configuration only allows to specify the openvswitch-package <mekeor[m]>i guess it's like (service openvswitch-service-type (openvswitch-configuration)) <ham5urg>mekeor[m], my second day working with Guix. Does that mean, openvswitch will be installed but a function must be self provided to configure it (one shot)? <mekeor[m]>ham5urg: if i understand you correctly, yes. <mekeor[m]>ham5urg: although openvswitch-configuration is not strictly a function, but a record type. (openvswitch-configuration) will create an empty or default record, i dunno <KarlJoad>I have some questions about Cuirass and how it behaves. Is there someone with knowledge about it? I am working on getting email notifications set up, and am trying to protect the file that contains the password to log into the email account. <apteryx>KarlJoad: you want to avoid having the password baked in the guix configuration. you could read it for example from /root/secret.txt at run time <apteryx>the service could take a secret file (as a string, not a file-local object!) as an input <apteryx>the filename of the file containing the secret, I meant <KarlJoad>apteryx: I am avoiding putting anything in the store; I am well-aware of that "issue". My configuration file for MSMTP uses gpg to get the password. But, gpg requires a password to decrypt the password. Because Cuirass is a daemon, I cannot manually input the decryption password. <KarlJoad>So, I can either use a file, or no password at all. <apteryx>we could devise more complicated scheme to retrieve the secret (interact with vault software?), I guess, but that's not done <KarlJoad>Ok. Because I am using Guix to generate the MSMTP configuration AND the sendmail script that Cuirass will call. But, I just need to figure out the best way to securely access the password to my email account. <lechner>KarlJoad / Is it a big deal to keep a system-wide, machine-specific password for an SMTP relay in a file readable only to by the mail software? <KarlJoad>Right now, this isn't a machine-specific password, which is why I am trying to be careful with it. This isn't a big setup either, just a single CI instance for just me, so I don't have any real infrastructure. <lechner>KarlJoad / Okay, maybe eventually you want to gravitate toward opensmtpd with an authenticated relay. It can easily replace msmtp(d) <KarlJoad>lechner: Perhaps will just use that right now. How do you submit mail to the local mail-server then? <KarlJoad>I still have other things that need to be fixed before these changes become more permanent (guix-deploy configurations should not fail Cuirass, for instance). <lechner>KarlJoad / opensmtpd provides a 'sendmail' executable like msmtp, or port 25. opensmtpd is a local favorite <lechner>in fact, i could not get msmtp to work, but i never looked back. now i even run my big mail server with opensmtpd. it's a great and totally underpromoted mail server. i wasted so many years with postfix and exim <KarlJoad>lechner: I am not sure Cuirass provides the contents of the mail on STDIN, so I'm not sure how well sendmail would work. Cuirass currently invokes sendmail:///path/to/script, running that. My script then calls MSMTP. <lechner>KarlJoad / okay. sorry i could not be of help <lechner>Hi, do i have to add something other than 'python' to get some Python variables in my environment? <KarlJoad>lechner: I think that depends on what variables you need and what you intend to do with them. <sughosha>Hi all, I am trying to have custom PS1 environment variable for my bash shell. I exported it in the environment-variables field in my home-bash-configuration of home-bash-service-type. It also appears in my ~/.bash-profile, but when I open terminal, the default PS1 is displayed. I have to export the same variable manually in the shell. This is happening only with PS1, other variables are exported properly. Could somebody possibly know why is this <sughosha>happening like this? 🤔️\n Thanks in advance. <roptat>sughosha, if it's the first time you do that, you need to re-login in your account, because .bash_profile is only loaded when you log in <sughosha>roptat: Thanks for the quick reply. I tried relogging, but didn't work. <roptat>then maybe another PS1 is exported later? <sughosha>roptat: In the ~/.bash-profile, PS1 is the last thing exported. Does gnome-console export new PS1 as I open it? <roptat>it might load .bashrc or some other config, but apart from bashrc, I don't think Guix will change anything else <roptat>if it's not in .bashrc, then it's a mystery to me, sorry <roptat>or maybe in your ~/.guix-home/profile/etc/profile? <sughosha>roptat: Thanks for trying to help me out. I just now logged in TTY2 and there I got my new PS1 as desired. So this seems not a problem with Guix but with GDM or Gnome? 🤔️ <sughosha>I tried in a sway session on another tty, with alacritty, there also the same problem. So it's not even problem with GDM or Gnome. Not getting why. <sughosha>I will try cleaning cache and restarting my PC. <efraim>the test suite for various julia packages really uses lots of ram when given lots of cores <SUPERB[m]>Is Guix using systemd or nonsystemd as default? <ham5urg>I try a (static-networking (links (list (link-add "br0" "bridge"))) ... ) in /etc/config.scm but get an 'error: link-add: unbound variable'. What am I doing wrong? <rekado>but that’s nothing at all to do with the static-networking service <ham5urg>A field in static networking is called 'links'. That's why I tried it that way. <ham5urg>Where could I look into 'links (default: '())' ? Could not find it. <civodul>ham5urg: should be (static-networking ... (links (list (network-link ...)))) <civodul>see 'network-link' on the page above <ham5urg>I tried and searched for but I still get 'error: (network-link (name "br0") (type "bridge")): missing field initializers (arguments)' What args does it miss? <ham5urg>I see that Guix is using a different approach for containerization as LXC. Therefore no need for LXC. Am I right? <mekeor[m]>ham5urg: but i'm not an expert of containerization. but there is docker-service-type (and singularity-service-type). also, you can use "guix shell --container". <lechner>ham5urg / Hi, environments in Guix are so isolated already that often a full container is needed even though they are available. The Guix advantage is that you avoid all the difficulties of sharing files or other resources that you may have in a traditional container, because it "contains" or restrains the environment too much. The whole concept requires a bit of a rethink, but Guix has something truly unique to offer <mrvdb>i get the error "profile contains conflicting entries for..." with some regularity. Is there a strategy for solving these? i now solve them ad-hoc, with limited success <mrvdb>also, the hint is buried in a backtrace display, is that a config thing? i.e. to not show the backtrace <rekado>see also the cookbook for an example of using “guix system container” with separate net namespace <lechner>ham5urg / actually, for you i was thinking about something even lighter. in guix, you may not even need a network bridge. (you would also not be using a "container" in the traditional sense.) <lechner>ham5urg / what type of isolation do you require, and why? <oat>Hello I would like to request your opinion about which format is a more useful passphrase or hexadecimal string. <rekado>the network setup described there was — at the time of writing — not possible to do with guile-netlink <lechner>ham5urg / do you need to isolate the database? <rekado>if that’s in fact possible now I’d be very happy to review and apply a patch to the cookbook <ham5urg>lechner, yes. And put it into a different network as the OS is in. <lechner>ham5urg / if you can bear the question, why? <lechner>it's not like Postgres interacts much with the host environment <rekado>if all you want is running a process in a different net namespace it may be easier to use unshare. <ssb>hi! What is the magic spell to retrieve list of packages that can be installed immediately from local store, without building or contacting substitute servers? <ham5urg>unshare or nsenter are looking good. But ain't it more secure to run a process in its own container? <a12l>Noticed that Guix 1.4-rc2 was installed when updating my system. How does Guix versioning work? Are there significant changes between the versions? <rekado>a12l: Guix includes package definitions. Every time you run “guix pull” you get a new version of Guix. <rekado>the version string has little meaning beyond being a starting point. <rekado>ham5urg: depends on what you mean by “secure” <a12l>rekado: Okey, so it's pretty much just a new snapshot of the current state? <rekado>a12l: it has diverged a little from what’s available on the “master” branch, but not by much. <ham5urg>rekado, e.g. I install a dozen and more processes onto one machine, each accessing the network. If only one got hacked, the attacker has the processes rights and could affect the other processes. Not so in a containerized scenario. <rekado>containers are separate namespaces + cgroups <rekado>it’s up to you to define the threat scenario and pick the kind of mitigation that makes the most sense for you <mekeor[m]>is LXC different from "containers [that] are separate namespaces + cgroups"? <rekado>all these offerings give you a more convenient user interface, reasonable defaults, etc <rekado>my point is merely that it is a misdirected question to ask whether “containers” are more secure than using a separate net namespace. <nckx>ssb: There is no such magic. <nckx>You could use --dry-run, but I do not think its output is a promise, especially when grafts get involved. <nckx>And that's still polling particular packages, not generating a list. <mekeor[m]>idea: a guile function which reads an emacs-configuration from a given path and returns a list of emacs-... packages. you could then use this function inside a manifest.scm to make sure you install all needed emacs-... packages. <ssb>nckx, thanks, got it <KarlJoad>Can someone point me in a direction for how to have a "guix deploy" configuration in a channel? My Cuirass instance fails to evaluate the channel if the deploy machines are present, because of an "incomplete configuration", or something to that effect. <apteryx>hello Guix! I'm looking at sunxi-target-tools, and it has #:system "armhf-linux" as a an argument. Does this effectively forces the build to use offloading or emulation on non-armhf-linux host systems? <apteryx>and should someone attempt to cross-compile with --target, it'd build a cross-compiler to run on armhf-linux? <f1refly>I'm trying to upgrade my installation, but my system doesn't has enough storage on / to build rust. Can I specify a different build directory for the upgrade process? Checking the 'common build options' section in the manual didnt yield any results. <KarlJoad>f1refly: Depending on how things are set up, it may be possible to build without Rust, then GC the old generation, then build a new generation that does include Rust. That way you only build Rust by itself rather than with everything else. <KarlJoad>Perhaps you could also mount a ramfs on top of /tmp with more capacity than /tmp has? <nckx>TMPDIR, to be anal. As set for the running guix-daemon. <KarlJoad>Right. Because Nix uses /run/<uid>/tmp, or something like that, but that doesn't exist for Shepherd. <f1refly>Hm, so it might work when I mount a different part of my disk to /tmp that has more space available? <nckx>In practice that works, assuming nothing in your system (in the mean time) relies on previously created /tmp files being visible. <f1refly>I can just reboot, nothing forces me to keep the system online before running upgrade again <KarlJoad>Can someone point me in a direction for how to have a "guix deploy" system configuration in a channel? My Cuirass server fails to pull the channel when I have such a system in the channel. <Lembrun>Did anyone managed to get greetd with sway working? All I get right now is a black screen with a _ <jlicht>Lembrun: I have it working locally. What's your system config? <jlicht>Lembrun: I wasn't able to get the `greetd-wlgreet-sway-session' working either. I'll paste the relevant snippets from my config in a bit <Lembrun>On my previous attempts I got it to a point where I could get to tty1 and I could see that greetd was launching a sway session, but it was looping quit -> launch sway over and over <jlicht>(I have one user with zsh, one with bash, so that's what the `login-shell' is for :) <jpoiret>jlicht, Lembrun: by the way, greetd by default sources `/etc/profile` and `~/.profile` if they exist <jpoiret>btw, I'm just using `(greetd-agreety-session (command (file-append sway "/bin/sway")) (command-args '()))` and it works well enough <jlicht>jpoiret: I know, I just posted a patch to prevent those shenigans in our service ;) <reyman>another rust packaging question, the last i hop ... <reyman>i create a local crate that don't exist in crates.io, i add the (tested, it compile alone) package to my local channel, then as a input dependency of my main crate to build. <reyman>but the crate is never added to my guix-vendor :( <reyman>so the (modified) Cargo.toml failed to found this crate. <reyman>and i don't understand, the find-files don't search a tar.gz : find-files: /gnu/store/jmk2d3rgivvjzx6y3qyzj31fhlawilvq-rust-deno-test-util-0.1.0-checkout/share/cargo/registry: No such file or directory <lechner>Hi, how may I find out which mcron job the Shepherd runs, please? <lechner>euandreh / that's even better. i am only looking at system jobs. my host is mailing someone! <lechner>euandreh / do you know what something like this means? (#(52 58 13 13 11 122 2 346 0 28800 "PST")) <lechner>or this ;;; ((#((1 8 15 22) #<procedure tm:mday (obj)> #<procedure set-tm:mday (obj val)>) #((0 1 2 3 4 5 6 7 8 9 10 11) #<procedure tm:mon (obj)> #<procedure set-tm:mon (obj val)>) #(() #<procedure tm:wday (obj)> #<procedure set-tm:wday (obj val)>))) <euandreh>I'd guess those are scheme objects that have custom schedules <euandreh>But I don't see any of those on my system <Lembrun>I do see those as well, no idea what they are <apteryx>lechner: looks like some pk forgotten in mcron; are you using latest Guix? its version of mcron removed some forgotten pk's