<lfam>My (naive) understanding is that it's usually /dev/sda5 with LUKS
<ng0___>1: grub_bios 2: boot 3: swap 4: home or root 5: home or root
<ng0___>maybe i boot gentoo to see if I've set any labels
<lfam>Looking at the commits between linux-libre 4.8.5 -> 4.8.6, the only thing that seems relevant (besides the kernel upgrade) is 1ef8b72a7f (system: Record store file system info in each generation.)
<lfam>But, I'm not sure what to do if you can't even get to GRUB
<ng0___>you get it wrong. I can get into grub. but, but, it is only popping up after 2 minutes or so and drop me to grub console after 4 minutes
<ng0___>i don't dare to ask in #libreboot if i should update libreboot because i'll very likely just be told to use a real system or whatever by leah. was there a new libreboot release I missed? or is this entirely on guix side, with the commit lfam mentioned?
<Common_Era>Oh, right, I forgot that she's a real annoying jerk, right?
<ng0___>the "user" is still wrong... but theoretically i should be able to copy one of my git checkouts, select the commit before the file-system commit and reconfigure.. but this would require internet connection afaik which i don't have right now
<ng0___>i think it's faster to just redo the system at this point
<marusich>ng0___, did you figure out why your system could not boot?
<marusich>I think lfam was concerned that commit 1ef8b72a7f87afe7cffe52393d99e1b14e4770e1 may have been responsible, but I have reconfigured my own Libreboot system using that change, and I have no trouble booting, so I don't think it's the cause.
<marusich>For details, please check the email I just sent to guix-devel with the subject "Re: [PATCH 01/10] * gnu/system.scm (<boot-parameters>): Add 'store-device' and 'store-fs-mount-point'."
<Apteryx>Interesting to note that my rtl8169 wifi chipset is working fine even though it attempts to load a blob ;)
<ng0___>1ef8b72a7f87afe7cffe52393d99e1b14e4770e1 49baaff4d2995cc4455843d7249894cb7456d8d5 ffde82c9ecf99524220e463055f4f18c8c9e7a81 those seem relevant to me, but i can't tell which of those broke booting for me
<ng0___>setting up the system again now, i hope i won't run into this again
<iyzsong>yeah, I use label too. maybe we can use (device (by-label "..")) and (device (by-path ".."))? to get rid of the confusing (title 'device)..
<marusich>ng0____, civodul, I've sent you and the guix-devel list a patch to fix the problem ng0____ notice.d
<marusich>The subject is "Fix a boot problem reported by ng0"
<marusich>I need to get some sleep now. I'll check my email later. Thank you for reporting the issue, ng0____. I hope in the future we can add more automated tests to catch these kinds of issues sooner.
<paroneayea>civodul: would a gnutls-with-guile-next package be welcome in guix? I ask because I want to get the https support added to guile, and we need the custom binary i/o ports from guile 2.1/2.2 *and* a gnutls built for 2.1/2.2 support
<paroneayea>and is there a better name than gnutls-with-guile-next? :)
<civodul>paroneayea: sure! maybe you can use 'package-with-guile-2.2' for that?
<civodul>probably only works with the GnuTLS version that's in core-updates
<Apteryx>so, as root, a "guix pull && guix system reconfigure" updates the globally available packages.
<Apteryx>So should I be doing this manipulation often, to get possible CVEs patched?
<kyamashita>Apteryx: With some frequency, yes. Perhaps once or twice a week if you're on the internet a lot. Being aware of Guix commits helps.
<Apteryx>Wait, even if a package is "global" that doesn't stop me from updating it in my personal profile, right? What would a "guix pull && guix system reconfigure" do as when run with my user otherwise?
<kyamashita>Apteryx: ng0 is right. Though if you run it twice in a row, you'll probably get the same Guix both times.
<Apteryx>kyamashita: OK. I was hoping my previous "guix pull" as a user built placed all the updated components in /gnu/store, and that my second "sudo guix pull" would just notice about that and be done.
<Apteryx>(or rather, just update the links to the updated components of the store)
<Apteryx>davexunit: Great! Maybe that's what happened.
<kyamashita>You can run "sudo ln -sfv /home/k/.config/guix/latest /root/.config/guix/" to link root's guix checkout to yours so you don't have to run two separate "guix pull" commands all the time. It's deep in the Guix manual somewhere...
<kyamashita>BTW, the directory /root/.config/guix/ has to exist first.
<Apteryx>Does "sudo guix system reconfigure /etc/config.scm" installs grub? I haven't see any grub related output.
<Apteryx>Yay! Back to where I was; no more fontconfig issue! It seemed there was some problems with grafts. I had to do as root: "guix pull && guix system --no-grafts reconfigure /etc/config.scm", and as my user: guix package -u --no-grafts
<lfam>I contacted each of the people listed as administrators of the SourceForge repo. Some never replied, and the ones that did reply said that they had abandoned the project. I asked them to transfer the repo to the Debian developer who is doing all the work, but they did not reply to that.
<lfam>Indeed, our lynx package seems to handle the PoC incorrectly
<Apteryx>lfam: Suppose I don't run "guix gc" anytime soon, grafted versions fontconfig would work expectedly? I understand that it's the garbage collecting process which is deficient here, and kills things that it sees as no longer used.
<lfam>Apteryx: That should help you avoid the font-config issue. But, references to vulnerable packages will not be replaced correctly. I don't know a way to avoid this for now except rebuild your system after manually "ungrafting"
<lfam>An example of an "ungrafting" commit can be found in 34708a221aac12f96d0ba2403bb52658c6355536
<lfam>Basically, remove the replacement package and integrate its changes into the previously replaced package
<lfam>If you start doing this, you will probably have to build the entire distribution from source. That's why I suggested using the core-updates branch. Most of the grafts are removed and we substitutes for that branch
<Apteryx>Hmm... So if I was to run "guix package -u fontconfig" (it was last installed using the --no-grafts option) it would not get the security grafts applied?