<piyo>Attempting to guix import nix ... ledger, hope this is easy. <piyo>"Examoles from Ruby Gems, Python Modules and R/CRAN" <lfam>I see some commits from civodul on grafting! <piyo>is this correct? "guix import nix /nix/store/785q54in628mk5vsw62ccz98pkf8rkiz-nixpkgs-16.03pre76763.be0abb3/nixpkgs ledger" I get a backtrace and error: guix/import/snix.scm:239:5: Throw to key `match-error' with args `("match" "no matching pattern" #f)' <piyo>I already checked the output of "nix-env -i ledger" and it seems to work. <davexunit>it can only do a small amount of work for you <davexunit>there's no possible way to translate the bash build script, for example. <piyo>:-/ As a guix newbie who finds writing a guix definition file(?) daunting, I am disappointed. BTW when the nix importer works minimally, I expect an guix definition file to be outputed. Where would it be saved? <rain1>I had an idea for GUI program to help create a guix package definition <piyo>Is there an example or log of using guix import nix anywhere? <davexunit>piyo: perhaps the Nix language has changed such that our importer can no longer parse it. <davexunit>AFAIK no one really uses this importer, so it's subject to bit rot. <davexunit>piyo: when an importer works, it writes to standard out <davexunit>note that importers *do not* generate expressions that work as-is, typically, because it's impossible in most cases. <piyo>"The result is a package definition, or a template thereof, in the format we know (see Defining Packages). <piyo>"... written to standard out. (correction to manual) <rain1>is it a specific program you wanted? or a large number? <piyo>rain1: just ledger "ledger-3.1" <piyo>ledger2-2.x seems to fail to install in nix, AFAICT <lfam>It allows kernel access from unprivileged VMs <piyo>BTW, where would I place this output? Inside my checked out copy of guix.git? <davexunit>it's just guile code, put it anywhere and do what you want with it. <davexunit>adding it to an existing module in (gnu packages ...) is the easiest thing to do <rain1>can you post the file please? <rain1>or even just paste the dependencies part to me in PM <piyo>If my goal is to add it so that guix package -i ledger can work for a general, what would I need to do... is this explained in the manual? (eg I don't know where to put this file on the file system) Yes I do need to read Contributing in the manual... <piyo>rain1: sorry which file? <rain1>oh nevermind! I thought you created a guix package def with some tool <mark_weaver>lfam: according to that email, the problem is only present in the 4300/6300 Opterons. The Libreboot docs specifically warn against those CPUs because of other bugs in the microcode that prevent virtualization from working with Libreboot. <rain1>I started trying to make package for ledger <rain1>but it has a lot of dependencies <piyo>Yeah, no I have not figure out how to create a guix package def from scratch. <piyo>Actually I'm not a user of ledger, yet. So this is not very pressing issue. I would just like to learn how to package something more substantial than GNU helloworld. <rain1>Well I am a very new user but here is what I have learned to do <rain1>in bash_profile export GUIX_PACKAGE_PATH=/some/path <rain1>then you can make modules inside there with your own custom package definition <rain1>and a lot of grepping is useful to find packages that do things you need to know hwo to do, e.g.: grep -r 'boost' ~/.config/guix/latest/ <piyo>so something like export GUIX_PACKAGE_PATH=~/.config/guix-package and place the definition into the file $GUIX_PACKAGE_PATH/my/ledger.scm ? <rain1>mine is this: export GUIX_PACKAGE_PATH=/home/rain/Code/repos/pkgs/ <rain1>I think that .config might be managed by something else <lfam>piyo: The only extra caveat is that the module path in ledger.scm must match the filesystem hierarchy under GUIX_PACKAGE_PATH <rain1>you can see midori.scm (web browser) as an example <lfam>There's no ~/.config/guix-package installed by Guix, AFAIK <rain1>although its not packaged perfectly yet.. LD_ issue that I want to ask about here at some point <piyo>oh yeah ~/.config/guix-package will be something I have decided to git init. <lfam>piyo: For example, the package modules shipped with Guix are in 'gnu/packages', and so they define themselves with '(define-module (gnu packages foo)' <piyo>lfam: I typed module path in the browser showing the guix manual but nothing shows up. <lfam>piyo: I don't know if "module path" is correct terminology. <piyo>The internal part gnu/packages makes sense, yes. Where is this on the file system...? <rain1>oops i forgot to mention, you may have to do 'guix pull' before ~/.config/guix/latest/ has all the packages and stuff in it <lfam>piyo: You can inspect the Guix system that you've installed by looking in ~/.config/guix/latest <rain1>but you don't edit these files <lfam>piyo: It's best that you clone our git repo and work in there. That way, you can easily send us your package and we can add it to the distribution :) <lfam>But using GUIX_PACKAGE_PATH works too <lfam>rain1 +1. The files in ~/.config/guix/latest shouldn't be edited <piyo>lfam: in this concrete example of ledger, where do I place the file to do the former. <lfam>piyo: I would put it in gnu/packages/finance.scm <lfam>piyo: I would search on github for ledger and guix. I think I saw a package for it while "reviewing the literature" last week <lfam>I believe it was on github <rain1>on the topic of packaging stuff: I have to do this with my midori build -- LD_LIBRARY_PATH=~/.guix-profile/lib64/ midori <piyo>maybe it was rain1's attempt? <rain1>piyo, i only started after you mentioned it today <lfam>You'd need to contact codemacs to ask him to put a license on it if you wanted to copy it. I'm sure he'd agree to do. He's sent us patches before <lfam>I noticed he also packaged utfcpp, which is where I gave up on packaging ledger :p <piyo>I hope rain1 is already trying this build this... ;-) <lfam>By "copy it" I mean "copy it and send it to us for inclusion in the distribution" of course <piyo>Is there a "quick start" manual for inclusion starting from nothing? i.e. I found this great package and it has a nix/dpkg definition. Where do I place files, please read Contributing for the rest, etc? <piyo>I think I'm just going to chew on codemac's repo for a bit. <lfam>piyo: Rather than referring to Nix or dpkg package definitions, I would read the documentation of the upstream software. They usually explain how to build it from source. <lfam>And you should also read the part in our manual about build systems, so that you have some idea of which of our build systems to use in the package. <lfam>You should also read Contributing, Defining Packages, Package Reference, etc. <lfam>Ideally you'd read the whole thing ;) <piyo>Yeah. but just a simple thing like WHERE to create a definition file would be helpful. <lfam>piyo: For ledger, you'd append it to finance.scm <rain1>I showed you where I put my personal ones <rain1>I think it is ok for tinkering before cloning the actual guix tree and doing stuff there <lfam>piyo: And if you read the manual and poke around our git repo, you'll figure out most of it <lfam>The nice thing about trying to put it in our source tree is that you'll be looking at lots of packages that you know work :) <rain1>Where do I get the program adduser? <rain1>is there a way to search for which package[s] create a binary with a given name? <mark_weaver>you can't add users that way. you need to add the user to your OS configuration and rerun "guix system reconfigure" <rain1>I'm just trying to figure out how to use kvm with qemu <rain1>does that require system configurating? if so is there one I could look at <piyo>so "Please peruse guix.git::gnu/packages to see if you can supplement an existing definition file." <rain1>(I was thinking of adding myself to the kvm group) <rain1>an OS configuration for qemu with kvm support <lfam>rain1: If you are trying to run virtual machines in QEMU with KVM, you have to pass '-enable-kvm' when you invoke QEMU. <rain1>I'm trying this command: qemu-system-x86_64 -enable-kvm -cpu ... <rain1>and I got some errors: Could not access KVM kernel module: Permission denied <rain1>failed to initialize KVM: Permission denied <lfam>rain1: What are the permissions of /dev/kvm? <rain1>So I was trying to figure it out <rain1>crw-rw---- 1 root kvm 10, 232 Feb 27 19:25 /dev/kvm <rain1>that's why i was thinking about adding my user to the kvm group (but i don't know if that's the right thing to do for sure) <lfam>I guess your options are to add yourself to the kvm group or changing the permissions of /dev/kvm <lfam>What operating system are you using? <mark_weaver>rain1: add "kvm" to the 'supplementary-groups' field of your 'user-account' in your OS config and rerun "guix system reconfigure" <mark_weaver>and then you'll need to log out and back in again to get the new group id added to your processes <rain1>ok ill try it out! Thanks very much! :) <piyo>"Before that, try cp guix.git::gnu/doc/package-hello.scm $GUIX_PACKAGE_PATH/$USER/your-new-pkg.scm and edit define-module to define-module (user your-new-pkg), then edit this file, guix package -i your-new-pkg, Contributing checks..." <rain1>so the midori program puts a library into /lib64 <rain1>and I think that's why it's not finding it <rain1>should I changed the build system somehow to make it put it in /lib? <rain1>or would we instead have guix learn about lib64 <rain1>btw were people having sound problems with videos/ogg files in icecat? <rain1>now that im setting the correct environment variables it still doesn't work <rain1>but I found something that made it work in midori <piyo>I am still guix package -i ledger via codemac's definition. It's building boost... ;-) <piyo>(cd $GUIX_PACKAGE_PATH/ && git clone https://github.com/codemac/guix-pkgs ../contrib/codemac/guix-pkgs && ln -s ../contrib/codemac/guix-pkgs/src/codemac codemac && guix package -i ledger) ## doing this on my raspberry pi 2 as well <CompanionCube>ACTION wonders if it would be useful to try out / use dmd/shepherd in a non-GuixSD system <rain1>I would like a newer version of GIMP <rain1>there isn't a stale release of 2.9 yet though <piyo>it's finally building ledger3!! ;-) I must have triggered a bunch of other packages to upgrade... <piyo>like cmake, git and more <rain1>should I run guix system reconfigure as root? <piyo>ledger make tests passes as well, its installed. Gonna +1 colemac's ledger <rekado>I'm trying to wrap the "jackd" command in a shepherd service, but it returns 0 even when the command fails, so shepherd always considers the service started. <rekado>luckily we can just use scheme to do the necessary plumbing. ***JRHaigh is now known as Guest90378
<xd1le>mark_weaver: re emacs maintainer, i think he uses nixos, although not sure <rekado>I note that on at least one of my machines running "su - user" as root prompts for the user's password. <alezost>CompanionCube: you can try shepherd for user services on non-GuixSD system (that's what I do on ArchLinux) <rekado>alezost: maybe that's worth changing in shepherd upstream. <rekado>debugging the xfce shutdown bug now on a separate machine <rekado>huh: "./pre-inst-env guix build -S xfce" throws an error: "guix/packages.scm:1073:2: Throw to key `match-error' with args `("match" "no matching pattern" #f)'." <rekado>works fine for other packages AFAICT <rekado>we should catch this as we use #f for meta-packages <efraim>its just `guix build foo --rounds=3`? <efraim>nothing special I need to do like copy it somewhere? <efraim>I think the wayland tests shouldn't be run in parallel <efraim>so wayland-1.10 builds non-deterministically, and with parallel-tests #f it builds reliably <rekado>so, xfce4-session does not seem to call "pkexec xfsm-shutdown-helper --shutdown" when systemd is detected. <rekado>xfsm-shutdown-helper is the tool that simply calls "halt" to shut down. <rekado>strace tells me that xfce sends "PowerOff" to "org.freedesktop.login1" via dbus and gets "org.freedesktop.DBus.Error.InteractiveAuthorizationRequired" back, which causes the whole thing to fail. <tsyesika>hm, I thought when you use `guix environment --container` you were root in respect to the container, I'm getting permissioned denied to do a `mkdir` inside the container <davexunit>tsyesika: you are root, but you may be writing to something that you don't have permission to write to outside of the container? <tsyesika>humph, I'm trying to get these tests to run in the same environment as they do under guix build <davexunit>'guix environment' is not completely the same, but often it's the same enough. :) <davexunit>would be interesting to know in greater detail what is failing that shouldn't be. <tsyesika>hm, it's complaining about the /usr/bin/env now, doesn't in the test, something must be different <Jookia>tsyesika: guix build patches shebangs, have you done that too? <tsyesika>I presume not :) how would I get that in the environment <tsyesika>ACTION wonders if this procedure is documented somewhere <Jookia>tsyesika: You can't without loading up Guile and running the function in Guix, though I don't know off the top of my head on how to do that <tsyesika>hum, would be good if there was an easy way for packages to just stop during one of the steps when building a package <tsyesika>seems like it's a step during the gnu-build-system <Jookia>tsyesika: I've asked about it before and the consensus is that it's not very useful or hard to implement <davexunit>and then use guix environment to fiddle with the build directory <Jookia>Remember to include all the stuff guix build does too, like mounting your /tmp or creating a chroot and automatically adding -j <davexunit>no need to create chroots manually, use --container <Jookia>davexunit: Does --container set /tmp up to your TMPDIR? <Jookia>Because if you don't do that your builds and tests can fail <Jookia>Sure, but it's not the same /tmp as TMPDIR so it won't have the build files in it <davexunit>if you run 'guix build -K', there will be a directory in /tmp with the failed build files. <Jookia>There'll be a directory in TMPDIR with the failed build files, yeah <davexunit>if you cd there, chown it your user, and run 'guix environment --container' <Jookia>So guix environment --container will mount TMPDIR on /tmp in the container? <Jookia>I built an application and it failed, TMPDIR=/mnt/scratch/tmp so during the chroot it had /tmp on /mnt/scratch/tmp - so in the guix environment trying 'make' it was looking for files in /tmp/guix... but couldn't find them <davexunit>you can use --share=/tmp=$TMPDIR or whatever ***Guest90378 is now known as JRHaigh
<davexunit>but 'guix environment --container' mounts the $PWD <Jookia>Yeah, but you have to tell people to do that or they'll get errors <davexunit>I've done this many times and not had this problem <Jookia>There was a problem when building QEMU <Jookia>If you try building QEMU with a custom TMPDIR you should get the same issue as I encountered <Jookia>Assuming you cancel it somehow and go to it in guix environment and continue <tsyesika>hm, okay so it's missing the "which" command <tsyesika>hm, I wonder why `guix package -i `isn't installing the deps for my package <davexunit>tsyesika: only propagated inputs are installed to a profile <davexunit>propagated inputs should be used with care, only when absolutely necessary. <civodul>mark_weaver: big thanks for the WebM videos! <Jookia>civodul: o/ - I posted some bugs the other day and not to nag but one of them affects my patches (GC root stuff) <tsyesika>davexunit: right, the docs say they get force installed along side the package, how that is different from "inputs" <davexunit>regular inputs are not propagated into the file tree of a profile <Jookia>tsyesika: If you install X on Debian and it installs Y, you can use Y without explicitly installing it. That's propagated inputs. <davexunit>most often, the built package contains absolute paths to these inputs <Jookia>tsyesika: Guix doesn't do that by default so you can run multiple versions of a program with different inputs without clogging up your profile/PATH <davexunit>right, two programs in your profile could link against different libjpegs or something <davexunit>we only propagate inputs when we cannot embed absolute references to store items in the binaries <civodul>Jookia: i've seen the bug report yes, i'll look into it if nobody beats me! <tsyesika>so would the best way to solve this be create a patch for this program (the program itself is a bash script) to replace the calls to the other programs it uses to references to the store? <davexunit>tsyesika: yes, usually build systems do this automatically though. <davexunit>for example, packages that use autoconf use it to lookup the absolute path to something at configure time <Jookia>If the program just runs something like 'system("which bash")' then you'll have to patch it <davexunit>and will just assume that certain things are on your $PATH or whatever <tsyesika>you can see it assumes "gpg" for the gpg command and then uses which to check for gpg2 and use that if it does exist <Jookia>Oh and it uses /usr/bin/env too, ~lovely~ <davexunit>tsyesika: does this program use autoconf or any build system? <tsyesika>it doesn't use autoconf or anything, it has a make file for installing and running the test suite <Jookia>I'd probably fix the shebang and rewrite those few lines to assume gpg version with a full path <davexunit>Jookia: /usr/bin/env shebangs are automatically patched <civodul>git.sv.gnu.org is slow these days :-/ <Jookia>civodul: While you were gone it went walkabout and broke git pull <Jookia>s/walkabout/away/ >_> I didn't realize the history of that word <tsyesika>davexunit: so you think I should create a patch <tsyesika>I'm wondering if I can offer patches upstream to make this a bit better <davexunit>certain groups of people refuse to use autoconf <davexunit>and thus have brittle hand-written makefiles <davexunit>maybe you should open an issue and request that the build system provide a way to set the absolute path to GPG and such at configure/compile time. <Jookia>That'd also fix their issue of having to find GPG in the first place <tsyesika>davexunit: I've checked the mailing list and they are not willing to accept a build process of any kind <tsyesika>two messages back they were pretty clear on this too <Jookia>Not sure I'd trust password-store with my passwords now <rain1>I can understand his point of view <tsyesika>davexunit: oh btw, I've nearly finished building my site with haunt :) <davexunit>ACTION needs to release haunt 0.2 and finish his own blog migration <davexunit>I really didn't expect to have users, and now it looks like a number of people are using it. <rain1>I have a silly question.. What is the point of a password manager encrypting your keys why not store them in plaintext? <tsyesika>honestly, I might switch to shround or assword or something <tsyesika>I'll send my patch as I've made a few changes to the mailing list in case someone else wants to pick it up and write the patch <rain1>but surely nobody else can read them anyway? <davexunit>any process running as your user can read them <davexunit>and furthermore, storing them in encrypted form allows you to move that database across computers <rain1>thats true but if someone bad can already execute programs on your computer is encrypting it really going to help? <rain1>I feel like I must be wrong about it because everyone wants encryption for their password manager but I never got my head about why - I suppose it would hepl accidentall leaks <_`_>fde and encrypting kex are exclusive <davexunit>but having an encrypted password database is definitely much better than storing them in plain text <rain1>I saw that there was a bug in rackets web server which could allow people to read arbitrary files off your disk <_`_>fde doesn't stop cold boot attacks and in the case where one happens and your keys aren't loaded, they're still encrypted so you have *some* piece of mind wrt that data. <_`_>ofc the rest is doomed but yeah <_`_>same thing unintended remote access e.g. that pdf.js exploit in mozilla. <rain1>maybe we need better containering though <_`_>it's just one good practice <_`_>there's no catch all solutions <rain1>I see , I get it better now thanks :) <_`_>and containering still might not help in the foremost example <rain1>shroud has no feature to generate a new password? <rain1>(I wrote a password generator in guile you could include it if you like) <tsyesika>okay, I've replied to the mailing list with my progress so far saying I won't continue packaging it <tsyesika>guess I'm spending the next hour switching to another :) <rain1>I'm thinking about trying shroud but GPG... <tsyesika>it's not too bad, there are good guides out there i think? (unsure i've used it for years now so I'm pretty familiar with it) <civodul>grrr emacs freezes when trying to yank <civodul>grrr everything i do is super slow today <civodul>if it was paid work i wouldn't mind waiting as long as needed, but here i have to be more efficient ;-) <random-nick>hello, I am having trouble installing any substitute with guix (I'm not on guixsd) <petter>hm, after an update my keyboard layout (programmer dvorak) is a bit weird. Umlauts and other special characters i used to access with Right-Alt don't show up anymore.. :| <tsyesika>ACTION made her own version of dvorak with accents for myself ^_^ <tsyesika>needs some improvements, it's notably missing the dollar sign which can be a pain in bash and the likes <Jookia>I haven't really gotten in to Dvorak despite my terrible typing pains. I'll probably try stenography sometime <rain1>it is so much more comfortable <tsyesika>ACTION should write a blog post on my alternative dvorak sometime <tsyesika>I was going to have a set of keycaps produced for my WASD keyboard with this on but I'm actually thinking that I'll be movig over to the kinesis advantage <rekado>I don't like the function keys on the kinesis. I bought a terribly broken keyboard from "truly ergonomic", but I found that switching to dvorak was enough for me to reduce strain. <Jookia>This might sound super doctorey but I started exercising and it disappeared my RSI, though its back since I haven't done it for a week <tsyesika>I've never typed on a kinesis, paroneayea swears by it though <Jookia>tsyesika: standard 4k dog walk for an hour at 4am in the dark <petter>rekado: have you had any problems with Right-Alt with your layout recently? <tsyesika>I don't cycle too too much now but i use to cycle a lot (minimum 20 - 30k a day) <tsyesika>i mean, it helped me keep fit and feel good but RSI wise it didn't help <rekado>petter: I rarely ever use right alt, actually. <rekado>(for Emacs I use god-mode whenever I feel conscious about using modifier keys too much) <tsyesika>as one of my first projects to learning guile properly I'm going to create a light weight deamon which monitors keyboard and mouse and can be configured so clients can prompt for rest breaks <Jookia>nice! i use to use that when i had it bad (no more than 3 minutes of use at a time) <Jookia>Having a tray icon that you can monitor really helps, dunno how a daemon could recreate that <tsyesika>workrave is okay but i don't want their front end and they've not decoupled it into a deamon and a client, so i tend to do that if I get time <tsyesika>Jookia: I plan to write a client which connects to the daemon and put the number in the bar which displays other info <tsyesika>pizzaiolo: I took most of my ideas from that thread <tsyesika>I want to re-write my scipts i use into something sensible like python or guile <tsyesika>pizzaiolo: i plan to post it there though :) <pizzaiolo>pls remember to license those scripts, tiny as they may be :P <tsyesika>pizzaiolo: i never forget to licence my work :) <pizzaiolo>I can't tell you how many bug reports I've opened on github to remind people to add a damn license <rekado>tsyesika: it's really very pretty. Makes me want to have a bigger screen. On my laptop screen I'd be sad to lose so much space to (the beautiful) margins and the bar. <pizzaiolo>rekado: that's the sole purpose of my github account :P <pizzaiolo>that, and pestering android devs to release their apps on F-Droid <efraim>`guix import pypi fdroidserver` if you want to host your own, I haven't found icecat anywhere <rekado>hmm, I wonder if setting GTK_DATA_PREFIX broke stuff or if something else did that. Something about my fonts has changed, and I'm not sure I like it. <rekado>yes, monospace fonts are rendered as regular sans-serif fonts. <rekado>maybe unrelated to the GTK_DATA_PREFIX thing I did. <rain1>I did GTK_DATA_PREFIX after I saw you mention it and it was a big improvement <fhmgufs>rain1: Maybe Gtk+ should be patched anyway to allow different places for themes. <rain1>what about guix providing that environment variable? <rain1>for: eval $(guix package --search-paths=prefix) <rekado>rain1: I think Guix can only do this when the package (gtk+ in this case) is installed into a profile <rekado>same for GUIX_GTK{2,3}_PATH which are needed for input method modules <rain1>were other people having problems with sound from icecat? <rain1>I found what might be a fix but might not, wasn't able to test it <phant0mas>hey everyone, when I add something as an (input `((...))) isn't it supposed to be added in that package's RUNPATH? <NiAsterisk>hrm... is EasyPG on out current emacs broken with gpg-2.1 and later? am I the only one facing issues to use gpg2 with gnus? <rekado>phant0mas: for some build systems it requires extra effort. <rekado>NiAsterisk: I'm using gpg2 (also in Emacs but not with gnus). <NiAsterisk>hm. gpg-agent is running, but I can#t decrypt or encrypt any messages I got on the current valid key I am using. however if I decrypt the messages alone, not via emacs, it works. <phant0mas>well my mig-boot0 package, in the (gnu packages commencement) module, was working great until I rebased my branch to the latest version. Now it can not find flex-boot0 <NiAsterisk>eval `gpg-agent --daemon` in .bash_profile seems to be too much, i get "gpp-agent already running, not starting another one" or something similar, and I would like to pindown why it's not working for me, but I can't. used to work on a different system. <rain1>do you put anything about gpg in /etc/config.scm ? <rekado>phant0mas: what do you mean by "can not find"? Are you sure it's related to the RUNPATH? <rain1>is there a guide for setting up gpg on guix <phant0mas>rekado: validating RUNPATH of 1 binaries in "/gnu/store/yvcc83j70qnnic7lvinilbnlj41aq15r-mig-1.6/libexec"... <phant0mas>/gnu/store/yvcc83j70qnnic7lvinilbnlj41aq15r-mig-1.6/libexec/migcom: error: depends on 'libfl.so.2', which cannot be found in RUNPATH ("/gnu/store/0ys1wr0dnw99nqd58f4qqml4fs6swac4-glibc-bootstrap-0/lib") <rekado>NiAsterisk: do you get any error messages logged to the *Messages* buffer? <NiAsterisk>rain1: no, there isn't and it's like on any other GNU system <NiAsterisk>rekado: let me try again and see for any messages <NiAsterisk>rain1: it *does* work, however I don't feel happy about using gpg in general. also, rekado, nothing in the messages buffer which comes close to error messages. <rekado>phant0mas: you may have to add something like this to the configure flags: (string-append "--ldflags=-Wl,-rpath=" (assoc-ref outputs "out") "/lib/something-flex-foo/") <rekado>phant0mas: oh, well that's weird then. <NiAsterisk>hm. maybe I am doing something wrong with how I did setup epa-file this time.. idk. I'll be back soon <rekado>NiAsterisk: FWIW, I'm using the `mml-secure-*' procedures in Emacs. <rekado>phant0mas: do you see in the logs how "migcom" is linked? <NiAsterisk>oh, okay. i'll see if this fixes what currently does not work. <rekado>the guile emacs build fails because GCC fails to pass a trivial configure test. I wonder what's up there. <NiAsterisk>oh! so mml-encrypt is the quasi default for Gnus now if I understand the emacswiki right. <NiAsterisk>or not. I have not read enough about gpg and gnus I think. I'll fix it. thanks anyway :) <wingo>ACTION wonders about guixsd, shepherd, and cgroups <tsyesika>davexunit: hey, with shroud, how do you enter passwords with = can you escape them somehow? <NiAsterisk>ah. emacs can't access the dbus service somehow, that's why I fail to de/encrypt/sign messages <rain1>if you wanted password generator support i could maybe add it? don't know if that's a desired feature.. <NiAsterisk>i used to use something like date +%s | sha256sum | base64 | head -c 32; echo for passwords. <davexunit>if I knew what day you signed up for an account <rain1>mine doesn't allow confusable characters like O0 Il S5 <rain1>which reduces entropy a little <rain1>that isn't so important for a digital one though <NiAsterisk>used to, because all passwords I have are no longer like this. <rekado>I use dicewords for new passwords. <NiAsterisk>rain1: ypu mean packaging a password generator, or for the system itself? <rain1>but I better add another entropy-reducer that ensures it has one of each lower, uppercaes, number (should add symbol too) <rain1>because certain sites reject passwords without it, like github <NiAsterisk>this is qwerty centered though.. but that's okay for most coverage of keyboards. <NiAsterisk>also, \\_!#-., etc would be another set of characters. <rain1>hm im a bit stuck how to get started hacking an existing program like this <rain1>i tried to clone it and then guix environment shroud then ./configure but it doesn't have autoreconf <rain1>so i guix package -i autoconf but then it didn't have another thing <rekado>rain1: shroud comes with a package.scm <rekado>so you can do "guix environment --pure -l package.scm" <civodul>if it didn't, you could do: guix environment shroud --ad-hoc autoconf automake <rekado>that also gives you autoconf and automake. <wingo>civodul: do you think that each login session should have a cgroup, and if so, who should make those cgroups? <wingo>i am thinking "yes if you use elogind", and "elogind, from the daemon, inside the call made by pam_elogind" <wingo>except logind does an rpc to tell systemd to create the cgroups (which systemd calls "slices") <civodul>wingo: i don't have clear ideas on that <civodul>ultimately it should probably be the shepherd or a separate daemon handling cgroup creation <wingo>civodul: is shepherd involved in "sessions" tho? <wingo>so i am thinking maybe shepherd is not the place; dunno <jmd>I have a question about reproducibility. ranlib adds a timestamp even when -D is passed. Is there a way to remove it? How do most packages cope with that? <wingo>elogind can cause the creation of cgroups. i don't know if it can create them itself. <civodul>jmd: binutils is configured with --enable-deterministic-archives <wingo>in systemd, logind calls out to systemd to make systemd create the groups <civodul>so it could (in theory) call out to shepherd instead <wingo>elogind could tell shepherd to make the groups if needed <wingo>i think if you're root you can move a process to a different cgroup without being its parent <wingo>the reason i am thinking about this is because of my damn backlight ;) <wingo>polkit can grant permissions to an "active" user <wingo>to determine whether a user is active, it uses libsystemd (which we patch to use libelogind) <Piece_Maker>heey guys, im interested to try guixSD on my laptop, but have a quick question before i dive in - if i want to setup a LUKS-encrypted drive, do i have to do it in the config.scm or do i do the encryption stuff first and then install as normal? (and if so, how do i go about editing the grub config, is that done in the scm or do i do that manually) <wingo>and libsystemd gets the cgroup for the process then tries to map that to a session <wingo>perhaps there is another interface elogind could provide, but if cgroups are the right thing (as opposed to traversing the pid tree) then we could do that <df_>is cgmanager an option? <rain1>Piece_Maker, you do have to set it up inside config.scm, but you (at least I did) also have to edit grub.cfg <rain1>it's quite hard so I would say practice in a VM to learn how first <rain1>i can help a bit because I have some notes about it, and petter has good notes too <Piece_Maker>my laptop already has a LUKS setup but its running another distro that i want to nuke 'n pave with guix <rain1>I have a feeling it will become easy in future <df_>wingo: aiui it's the thing that people who don't want systemd use to manage their cgroups <civodul>wingo: it seems to me that polkit should be able to determine whether a user is active without relying on cgroups no? (says the ignorant...) <civodul>df_: cgmanager is a standalone daemon that manages cg, right? <Piece_Maker>rain1: are your notes online anywhere? id love to read up on it ;D <wingo>civodul: it needs something. it used to use consolekit. it still can but consolekit is unmaintained. the other thing it can use is logind. <wingo>civodul: so the question is whether elogind needs cgroups to determine whether a user is active, i guess <wingo>thing is, mapping a PID to a session is not foolproof without cgroups afaiu <civodul>because "loginctl" already shows useful info <wingo>because a user can spawn a binary that ends up being reparented to pid 1 <df_>civodul: yep, that's how I understand it - it runs as root so other stuff can ask it to do cgroup stuff <rain1>let me find both and post them <df_>I have no idea on the question of whether cgroups are necessary at all in this situation... <civodul>wingo: "loginctl show-user ludo | grep State" shows it thinks i'm active <wingo>dunno whether that means active or not :) <civodul>i think you're active, but you're definitely online too :-) <wingo>b/c only a user logged into the active x session should be able to set brightness in theory <wingo>yeah, need some more clear thinking. <wingo>maybe i should hack polkit to use some other api. will poke. <wingo>polkit is terrifying in many ways -- a bunch of setuid utilities running dbus and javascript to let you have root permissions :/ <Piece_Maker>awesome, thnaks a lot! ill get reading up (and probably give it a try at some point) <rain1>if you get stuck feel free to ask because I could improve the instructions a bit <rain1>it's not a perfect setup either, have to input the password twice when booting <Piece_Maker>well, i was planning to use a passkey on a USB stick not a password so that probably wont be an issue <rain1>but when trying to generate a key I still get: gpg: agent_genkey failed: No pinentry <wingo>civodul: "loginctl show-user ludo | grep State" for you shows State=active ? <wingo>interesting, for me root is active <civodul>i get an error for 'root' because it's no logged in <wingo>ACTION back to 'active' now. software so strange <civodul>wingo: per logind-user.h, "active" means "User logged in and has a session in the fg" <wingo>well ok. polkit first does a pid -> session. then checks the state of the session. so if i get pid->session working then i should be able to be seen by polkit as active <civodul>elongind says you're active if your session is active, and a session is active if it has a seat <davexunit>ACTION still gets annoyed that the subreddit cannot be renamed with correct capitalization <rain1>would a nice API be something like this? shroud hide bank-account username=foobar password! <rain1>to say you want password generated <davexunit>rain1: hmmm this is tough because there could be many options for generating a password. how about not being clever at all yet and just adding a subcommand to generate a password? <davexunit>shroud hide bank-account username=foobar password=$(shroud password --length=16) <pizzaiolo>CompanionCube: having a whole distro under a pushover license is a bad idea IMO <rain1>in that case it may be ok to keep it a separate program then, like just now I can just go ./password-generator.scm <davexunit>rain1: sure, but I like the idea of my password store being able to generate passwords, too. <davexunit>so I would still welcome a patch to add a new subcommand. :) <NiAsterisk>i mean, not what is it trying to tell me, but how to solve this in guix packaging? <tsyesika>rain1: I am also looking forward to this functionality :) <rain1>I'm just pushing it to a copy of the repo <rain1>and things like that $(..) example do work <davexunit>rain1: do note that guile's random number generate shouldn't be used for secure applications. <davexunit>rain1: maybe look at what the pwgen program does? <davexunit>rain1: and make sure you add your copyright information to the headers of the files you edit! <davexunit>rain1: also, consider using character sets as opposed to strings for *password-symbol-groups* <davexunit>guile already has a number of built-in ones that may come in handy <rain1>the thing is i removed confusable letters, like i don't have 1 or I because they look similar <davexunit>it's best to move further conversation about this to #guile <rain1>this is important for passwords that get written down but not so much for ones stored digitally, so maybe the sets would be fine