IRC channel logs
2025-07-08.log
back to list of logs
<umanwizard>Hi all. Is there a good way to get emacs to enter a guix shell when in a particular directory? For example, if I am editing files under ~/code/foo , I want emacs to have all the environment variables I would get from running `guix shell -D foo` . <ieure>umanwizard, I believe emacs-guix has a set-emacs-environment facility. <postroutine>When I reconfigure my system, or my home, does a copy of my config.scm is put in the store ? <postroutine>Is it put in a derivation dedicated to the config, or in a derivation with other files ? <Rutherther>postroutine: sorry I dont understand what you are asking <postroutine>If I understand it, everything put in the store is saved in a derivation. Is it correct ? <podiki>you can do guix gc --referrers /gnu/store/....config.scm to see where it is referred to; including the system derivation <postroutine>But, if I remember correctly, everything in the store is readable by all users of the system ? <postroutine>That mean, if any of the system service I enable and config contain a password in its config, any user on my system can retrieve this password. <postroutine>That include system container and also other system if I share my store with `guix publish` ? <Rutherther>postroutine: yes, exactly, you shouldnt use secrets directly in your config or in anything that would leave them in the store <postroutine>But, even the simple config of some software should not be readable by all users, like the OpenSSH server config. And in a home environment config, if any user could read my config files they could access a lot of data that should remain private. Like the ssh client config that would leak every host I know and a lot of info about thems. <postroutine>If I use Guix System and Guix Home on a single user personal computer, like my desktop, and don't use container for a shell or a system, that limit the risk. But, on a server, it would cause a lot of problems. <postroutine>Do you know if there is a plan to implement a way for Guix System and Guix Home to keep private the config files they manage or generate ? <Rutherther>postroutine: I dont understand what you mean everything in the store is saved In derivation... I have no idea what that means <Rutherther>postroutine: there are derivation (.drv) files in the store, but not everything and there is nothing 'stored in it' except for instructions that say how to realize that derivation <Rutherther>postroutine: there already is such implementation, just not in guix channel <postroutine>Ok, let me take an example: If I use Guix Home and, in a home-environment services, I add a `home-openssh-service-type` to configure my ssh client. I configure the list of hosts I know with every necessary infos like host-name, user, port, identity-file, etc. When I run the command `guix home reconfigure home-config.scm`, it will generate the config file for my ssh client, put it in the /gnu/store and c <postroutine>reate a symbolic link from my home directory. But, as everything in the store is readable by all users of the system, any user could know my ssh client config and so the hosts I can connect to with a lot of details. <postroutine>And same with Guix System if I use it to configure my ssh server: Any user on my system could read the config of my ssh server. <postroutine>Which is a big problem. And I would like to know if it's planed to add to Guix System and Guix Home a way to avoid that. <postroutine>Do you know if it's discussed somewhere or if patches have been sent ? I've become a huge fan of Guix since few weeks and I'm very curious to learn all I can find. <postroutine>Thank you very much for your replies. 😁 I'm sorry if I sound insistent. 😆 <azval>I checked ZFS for Guix on root (/) but I am not sure to understand the issue with it, why it cant be in Guix and mostly evolve in NonGuix for the kernel module and whats the issue with "providing binary blob", like the user would need to compile it him/herself, but why ? <csantosb>lilyp: do we consider #77714 or better refresh it in codeberg ? there is a new v2.7.0 around <azval>also I was wondering, in the case in which there is a riscv laptop for which I install Guix, how could I make a substitute that compile those packages so that the laptop doesnt have to spend hours on it ? (if Guix supports riscv in the future, but here could be ARM) <nigko>sneek: later tell tazjin: I have read your draft https://tazj.in/blog/trying-guix with interest! In the section "Archtectural differences" between Nix and Guix you describe the profiles as being baked into guix CLI. I think the channels are backed into guix CLI, not the profiles. Profiles can be easily created/built/changed/combined without rebuilding the guix command, see <attila_lendvai>azval, the manual has details on how to enable substitutes. IIRC they even find each other automagically on the local network. look for guix-publish-service-type <sneek>Welcome back civodul, you have 1 message! <sneek>civodul, noe says: if he could run the etc/teams.scm sync-codeberg script when he has time <apoorv569>I'm trying to package a software and it installed a config file which it look s for in `/etc` dir and the prefix it installs to in the store. This config needs to user editable as well. How should I handle this? copying to the prefix in store won't be a good idea as the store is read only AFAIK. Do I let to it copy its config to `/etc`? if so can the package definition copy a file to `/etc` i.e outside the prefix? <sneek>tazjin, nigko says: I have read your draft https://tazj.in/blog/trying-guix with interest! In the section "Archtectural differences" between Nix and Guix you describe the profiles as being baked into guix CLI. I think the channels are backed into guix CLI, not the profiles. Profiles can be easily created/built/changed/combined without rebuilding the guix command, see <tazjin>nigko: somebody pointed out earlier that the channels aren't "baked in" as such, but rather that the guile load path is somehow configured in the profile with the right channel, but I'm still a bit fuzzy on the technical details <tazjin>anyways, other question: I saw that there are a few ci.guix/bordeaux substituter mirrors, is there any information about how to set one up? <nigko>tazjin: 'guix pull' not only adds .scm modules from all the current channels to the GUILE_LOAD_PATH environment variable, but also compiles these modules to Guile bytecode (.go files). In addition it also performs some additional heavy calculation when it performs notorious "Computing Guix derivation" phase. <tazjin>nigko: yeah, I'd like to know how people have set these up <nigko>You can configure them with --substitute-urls option (many guix commands has it) or system wide. <tazjin>I mean literally setting up one of the mirror servers <nigko>tazjin: OK, then you may want to look at 'guix publish' command. <tazjin>no that'd run a substituter for my local store, but the mirrors of the official bordeaux etc. are configured to redistribute the nars/narinfos with the same signatures <tazjin>and I'm wondering if there's some existing automation for setting that up <tazjin>my employer hosts a bunch of distribution mirrors, and we could add guix there depending on how it's set up. Most of the existing distribution mirrors synchronise with some upstream rsync endpoint, but there's a few different ways of doing it <noe>I think there’s rsync but you could also use the nar-herder for this <noe>cbaines has the knowledge <tazjin>cbaines: would be great to know, if there's some example of a public config for this somewhere that would also help <tazjin>I just checked how our other distro mirrors work, and 90% of them just point `rclone` at some URL <cbaines>unfortunately the nar-herder doesn't facilititate a rsync mirror at the moment <cbaines>there's also not great documentation on setting up a mirror with the nar-herder currently <tazjin>cbaines: if there was an endpoint on bordeaux listing all available narinfo hashes in whatever format, we would be able to set something up <tazjin>(even if its behind auth or whatever, if it is considered too expensive to make available publically) <tazjin>cbaines: also, do you know approximately how much storage space bordeaux currently occupies? <cbaines>the database itself is 22G, and it contains information about 29.5TiB of nars <futurile>cbaines: are you going to the Guix Social tonight? <futurile>I'm in London so I actually get to attend irl! <futurile>tazjin: someone in Japan just set up a mirror, there was a discussion on guix-devel, they might have more information on what they did <futurile>hah hah ironically I did what Ludo did, didn't vote for my own GCD! Duh! (even remembered yesterday and didn't do it) <futurile>a sign of my total disorganisation right now - multi-tasking whee! <efraim>guix gc: freed 1408382723/536870912 GiB <efraim>oops, that's not what it's supposed to print <tazjin>cbaines: is it possible that the `nar_size` column in the narinfos table in that DB is ... wrong? <tazjin>or maybe there's something about compressed vs. uncompressed going on here <cbaines>tazjin, nar_size represents the uncompressed nar (which is what the hash is also over) <cbaines>the size for the compressed files that are downloaded is given separately <tazjin>cbaines: guessed correctly then) here's what we're planning: to test the setup, we'd like to mirror the last month of x86_64 packages (this seems to be approximately 350GiB of downloads from bordeaux), then refine diffing logic and iron out potential kinks before we do a larger sync <tazjin>cbaines: questions: 1) should we coordinate about when we start this sync / limit the bandwidth somehow / anything like that? 2) how often does the dump update? <mehrad>Hi, I have been struggling with `gnu/packages/dotnet.scm:51:12: error: #{ %make-origin-procedure/abi-check}#: unbound variable` error while using `guix time-machine ... -- shell ...`. The packages I'm loading are simple R packages that do not have any .Net dependencies. Have anyone any idea how this could be resolved? I have a minimal toy example to reproduce the issue.