<catern>how can I keep the build directory of a *succcessful* build? <catern>because I know in this case it is not truly successful <catern>also, given that I am using disable-chroot, what should I set my PATH and other environment variables to, to make sure that there's no contamination? <catern>the issue is, I need to get the bootstrap binaries into my path... <catern>oh, the path is already set, huh... <lfam>catern: To keep a build directory around, add a phase after the strip phase that just does (lambda _ #f), and build the package with --keep-failed <catern>lfam: oh, heh, yeah, that seems like a sensible way to do it <catern>is there an outline somewhere of how the bootstrapping process works? <lfam>Yes, in the manual, section 7.7 Bootstrapping <catern>ah, thank you! I knew I saw this nice graph somewhere :) <lfam>I assume you already know this, but using Guix with disable-chroot is probably going to be kinda frustrating <catern>indeed I know, since I'm already somewhat frustrated :) <catern>but, I am tracking down this bug and I can hope that maybe after this one, I can at least build GNU Hello <lfam>That's your end goal, right? To print "Hello, world!"? ;) <catern>actually my end goal is verifying that I have actually built a working guix, so I can move on to running the daemon as root... <lfam>I have a work-around for you. Try typing `echo Hello, World!` in your terminal. <catern>since it's tricky to get root here at my work <catern>(so I want to be justified first) <lfam>Cool, that's a good idea. <lfam>If your work machines' kernels have unprivileged user namespaces enabled, you might take advantage of that to try keeping the builds pure <lfam>Yeah, that would be unusual <catern>so... here's a question. when I run /store/...-gcc-cross-boot0-4.9.4/bin/gcc, I get an error about it not being able to find libpthread.so.0. this happens even if I use the LIBRARY_PATH and environment that guix is using for building things! <catern>how should I actually get it to run? <catern>(I want to check -print-multi-os-directory, because I think that that has been contaminated somehow for that compiler, maybe...) <lfam>I'm not sure. Hopefully somebody else will chime in, or ask on help-guix@gnu.org <catern>stracing it, I see that it's looking for its libpthread.so.0 in /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-glibc-2.18/ <catern>which, certainly does not exist on my system <catern>or, i expect, any system? i assume that hash was chosen to be impossible to fulfill <catern>it's especially weird that it's looking in /nix/, too... <lfam>You win the jackpot if you write a package definition with that hash <lfam>I mean, that creates a store item with that hash <rekado>despite my problems to reconfigure yesterday because of missing substitutes, everything seems to be fine today <rekado>successfully reconfigured and got a linux-libre substitute <cynede>if anyone aware about nvidia drivers and multilib support please tell me before I start trying <rekado>cynede: this is a very vague statement. What about nvidia drivers and multilib support are you interested in? <cynede>rekado is there multilib support, is it enabled by default <cynede>rekado can I install drivers from nvidia? since they are not fully free, I guess I can do it but not using package manager <cbaines>Morning all, I'm seeing ERROR: Throw to key `gnutls-error' with args `(#<gnutls-error-enum Error while reading file.> set-certificate-credentials-x509-trust-file!)'. <cbaines>I'm not sure what has changed, as the code I was using was working fine yesterday. <civodul>could it be that it contains invalid PEM files? <cbaines>civodul, yep, that was it, thanks :) <ng0>has someone tried to run ./pre-inst-env guix vm /path/to/config.scm recently? it no longer works for me <ng0>where configus.scm is just a variation of my system config <ng0>cool :) but, what happened to the pb-client I submitted a while ago? I think pb (one of the instances is ptpb.pw) is good <efraim>hmm, not sure, i'll search the mailinglist <ng0>i guess it is stuck on the old curl problem <ng0>but this guix system vm problem is odd. I can use it in the system itself without problems, and the git checkout used to work before and was used to test other things before <ng0>I can try another, new checkout <ng0>when I add gnu services version-control I get: guix system: error: service 'file-system-/sys/fs/cgroup/elogind' requires 'file-system-/sys/fs/cgroup', which is not provided by any service .. version-control is the module which I wrote <ng0>nice, emacs segfaulted the second time this month >.< <iyzsong>ng0: I haven't download qemu yet, but add 'git-daemon-service' to the minimal template seems work for me. also when nothing happend (I get this sometimes too), you can try 'pre-inst-env guile /path/to/config.scm', which will show errors. <ng0>that is very verbose <ng0>where is this minimal system? do oyu mean bare-bones? <ng0>now it seems at least to work on something I do not see <ng0>it seems to have generated a vm <ng0>I'll test it in about one hour <efraim>i'm failing on using kvm on this machine ***Guest43854 is now known as sturm
<ng0>iyzsong: you need git as a package to test git-daemon, right? when I add that to the (packages) of bare-bones the problem appears again <iyzsong>ng0: i can add it fine. what's your config like? <ng0>I think I needed cons* instead of cons. it's working now <ng0>which command did you use to clone from the local git-daemon? <ng0>I also think we should make --no-informative-errors a default, and only disable it if #f <iyzsong>git clone git://localhost/hello. yeah, according to the man pages, '--no-informative-errors' is the default :- <ng0>oh, i was used to ":" and then path <ng0>fix the typo and push it :) <ng0>thanks :) didn't harmut had some thread on guix system vm with networking? if I can get that, I can get to fixing my gnunet-service <fr33domlover>Does guix have / is guix going to have packages with nonfree culture works (e.g. proprietary images)? ***marxistvegan_ is now known as marxistvegan
<taylan>fr33domlover: I think not... Firefox is considered proprietary because of the artwork and therefore not in Debian or any fully-free GNU distros, right? or was that a different reason? <efraim>We also try to strip out non free assets from stuff we package, like games <fr33domlover>efraim, but can I trust that? I mean, it's part of the rules in Debian and Trisquel. Can I feel safe with Guix too? :) <efraim>You can audit it yourself if you'd like, I'd argue its easier to audit it than with Debian <fr33domlover>efraim, but it'sa bit annoying to start digging into source trees and licenses every time I want to "guix package -i" <fr33domlover>it's probably not a big problem in my case, i don't install games etc. <fr33domlover>but still, in general, it would be nice to know those nonfree assets are removed by nice people who prepare the packages <civodul>taylan: Firefox is not considered "proprietary", but it doesn't match the FSDG because it points users to a repo containing non-free add-ons <civodul>fr33domlover: it's part of Guix's mission, so if you notice anything wrong, it's a bug :-) <fr33domlover>civodul, thanks. some guix user told me guix only cares about free software, and not free culture at all <kmicu>ACTION is sure it was a Nix user talking about Nix, not Guix ( ͡~ ͜ʖ ͡°) <ng0>fr33domlover: we also have an QA process before packages get added <ng0>which involves reviewing packages, even added ones, and people who know more about licenses add their findings. I personally am not secure with licenses and find this very safe to "offload" to people who know more <ng0>with "even added ones" I meant that occasionally people seem to go through the sources and check packages <civodul>ng0: you're not expected to "offload" to others though :-P <ng0>no one can remember everything <ng0>that which I do remember or learn, I apply <ng0>what I can not, others correct <ng0>so it's not offloading, it's being conscious about my own limitations and the knowlegde of others :) <ng0>notmuch 0.23.2 was released.. i try to version bump and see if the tests are fixed <ng0>maybe we can just disable the test suite <lfam>I read your chat with dkg and started packaging the upstream-maintained GnuPG bindings we mentioned <lfam>ng0: Can you share a paste of the test failure? <ng0>Notmuch test suite complete. <ng0>757/764 tests passed. <ng0>2 broken tests failed as expected. <ng0>full one coming in a mnute <lfam>paroneayea: I'd like to try staying near up-to-date for gnupg family packages. What do you think we should do? Wait a week or two for an assword update? Create a gpgme variant for assword? Just break assword on master (this is what would have happened if I hadn't decided to spot-check a few dependent packages)? <paroneayea>lfam: is it possible to keep an old version of gpme around just for assword for now? or are there security vulns and etc being fixed? <paroneayea>lfam: that way assword can still function while we wait for the fixes <lfam>ng0: Did you report it upstream yet? Does the package work for you with tests disabled? <paroneayea>lfam: sounds like we could also in parallel create a gpgme variant for assword and upstream wants it <ng0>lfam: no, and no haven't tried <ng0>i'm about to switch back from Gnus to notmuch, so i will be able to report on this tomorrow <ng0>notmuch is like guix, once you tried it everything else becomes annoying <lfam>ng0: I think you should do those things, and then report back. Considering that the failures are crypto-related, we should check with upstream <ng0>if they aren't introduced by parts in the package <ng0>lfam: i'll do as soon as I can, i'm just sorting out old books and stuff, and will be away for the evening to the hackerspace <lfam>civodul: I saw that! Yikes! <lfam>I guess it shouldn't matter since they sign packages... right? <lfam>But AFAICT, none of the Savannah admins took part <lfam>But now, the situation has wider attention in the security community, for better and for worse. <civodul>i'd rather discuss it with the actual admins than with rms :-) <civodul>hey, BTW, we have a git daemon service for GuixSD now! <lfam>I think it would be relatively easy to put our new git-service into practice for ourselves. I recently tried serving Git over HTTP, and it's really trivial. And doing it over HTTPS is another trivial configuration change to the web server <lfam>Since we will already be running an HTTPS server... <ng0>git has a stupid simple http daemon <ng0>which does not even require a service afaik <ng0>and if it does, it should be very simple to create <lfam>ng0: We can also use a Git hook to pack the Git repo so it can be served by a regular web server with no extra configuraiton <ng0>yeah, but the git http-daemon thing is just a cgi script which can be used in for example nginx config <ng0>so that's also an optin <ng0>the discussion with rms about savannah derailed to the point where I'd just stop and discuss with admins. <lfam>"Basically, all you have to do is put a bare Git repository under your HTTP document root and set up a specific post-update hook, and you’re done (See Git Hooks). At that point, anyone who can access the web server under which you put the repository can also clone your repository." <lfam>Ideally we'd still have a web-based interface like Cgit <ng0>if you just want the view, i'd recommend stagit <lfam>Well, I just would like to offer secure anonymous access to the Git repo. However or wherever it's hosted :) <ng0>stagit does nothing other than webview as can be seen at its instances, no special access in addition <lfam>All the major internet service providers have the ability to programmatically mutate / inject HTTP to specific users <lfam>They use it to serve data usage warnings or copyright violation warnings <lfam>No reason it's not also used for bad stuff <lfam>albertoefg: I think the problem is that wordpress updates are not authenticated when downloaded. So, somebody could hijack your internet connection and trick your wordpress server into using a malicious program <lfam>I don't have a blog, so I don't know how good or bad wordpress itself is. If it's really that popular, it must be pretty good as a blog host <lfam>MD5 is broken now. It can be used to discover accidental file corruption, but it can't be used for security <albertoefg>a few years ago i didn't new about free software and SOPA <ng0>i think WP can be good if you depend on something on a CV or whatever. here, I can do WP plugins/administration <paroneayea>lfam: it at least hopefully has the https tunnel <paroneayea>(and I don't really have a strong trust in SSL to not be MitM'ed either, but it is better than nothing... as being discussed for guix and https ;)) <ng0>albertoefg: look at the bright side: you have 2 years to think about wether you want to switch and what you want to move to <lfam>Right, I'm sure powerful governments have compromised the PKI. Why wouldn't they have? But it's much better than plain HTTP <lfam>And it feels urgent to me to pick the low-hanging fruit. <paroneayea>lfam: large CA vendors already sell certificate MiTM things to corporate environments. <ng0>albertoefg: i got a 2 year contract with runbox because I got annoyed by hosting <ng0>and everything in general <lfam>paroneayea: I think that one CA vendor was recently ended by Mozilla for issuing a cert for *some other site* for their internal networks <ifur>ssl is a bit non-sense, what happened to never trusting anything on the internet... verification is nice and all that, but why not encrypt at a lower level than http? <ng0>I used them in the past and had good experiences prior to self hosting and A/I <paroneayea>lfam: yeah we need something better, but sadly we also really need to improve the UX of alternate key verification mechanisms <lfam>Right, I think it's currently unrealistic to only use PGP <ng0>autistici.org (Autistici / Inve-whateveritwas Collective) <ng0>invetistici if my italian is not off <lfam>ifur: It's flawed, I agree. But it's a big improvement over the current alternative, which appears to be nothing <ng0>we started to assemble a list with what's broken and why. there's so much more broken than just CAs <paroneayea>I liked the Ring approach of having identifiers just be your key fingerprint and using that to bootstrap a web of trust <lfam>And by "alternative", I mean available or ready to be deployed on all computers <lfam>paroneayea: Sounds interesting. Got a link? <paroneayea>I'm not sure what their new plan is with blockchains... I hope that's just for "discovery" purposes <ng0>lfam: sadly that's gone <lfam>ng0: It's all broken, right? :) <ng0>i meant the old ring thing, they now do blockchain, i wasn't bothered to read it in detail yet <paroneayea>ng0: is the blockchain just for discovery, or did it replace the fingerprints entirely? <ng0>I would link to the "it's all broken" page if it was complete yet.. but it's already public^^ <lfam>paroneayea: So, in order to bootstrap trust, you verify the key fingerprint of the person you want to commuicate with? <ng0>i generally don't like blobchain so much. occasionally it works. i ncase of bitmessage it seems (still) to work <paroneayea>lfam: I think so, I think you can use one person to start finding more people but I'm not sure. <lfam>Ah, sounds similar to PGP <paroneayea>the nicest thing about bitcoin is that it's shown that people are just fine with copy-pasting around random looking strings as an identifier :) <ifur>lfam: i'd say its a small improvement requiring a level of effort that isn't warranted. terrible that ipsec got dropped from ipv6 just like from ipv4... I certainly don't think https is worth the time, would be better to "ecapsulate" the entire thing and get rid of the metadata issue <paroneayea>and if necessary they'll just turn it into a QR code ;) <lfam>Which could have more adoption if the tooling was simpler. Thankfully gnupg-2.1 is simplifying the experience <ng0>well... and providing an ilusion for people who think their currency exists in a vacuum :) <ng0>don't get me started about the energy waste of bitcoin :/ <paroneayea>its a pretty cool idea for building a web of trust without having do things in person <lfam>ifur: I'm talking about what's possible today. Today, my ISP *does* mutate my HTTP traffic. They can't do that to HTTPS traffic unless they compromise a CA <lfam>And my ISP is has tens of millions of customers <paroneayea>yeah we need better than ssl/https CA mindset, but we need people to show how to make it *actually work* for humans <paroneayea>clearly a bunch of nerds showing up at a tech conference and signing each others keys in person doesn't scale for the general public :) <lfam>tens of millions of customers around New York City and Washington, DC. High value targets <ng0>crypto parties are ineffective and don't scale. I think pep has a nice approach <ifur>CA's are fine for verification, but trusting them with encryption is quite frankly crazy <lfam>paroneayea: Sure, but it's fun :) <lfam>ifur: I don't see the distinction <paroneayea>lfam: there's nothing wrong with it, as long as you ACK that we need to figure out how to make it scale beyond our nerdparties :) <lfam>paroneayea: It's just a party, does it need to scale? ;) <ng0>ideally you have software which is not so complicated that you need to teach how to use it <lfam>ifur: I'm not a cryptographic expert. But my understanding is that public-key encryption is directly related to the public-key authentication. And in either case, the CA doesn't hold your private key <ifur>lfam: if the verification step happens inside an encrypted connection that isn't CA dependent, it is much harder to compromise the system at scale <lfam>paroneayea: Yeah, I'm just kidding around <ng0>itÄs not like you need to create a techno-elite to teach to all the people. the base target should be all the people <lfam>I'm looking forward to learning more about these issues <ifur>paroneayea: well, ssh still works with passwords since that step happens within an encrypted connection, increasing the strength as the process goes a long is much better than an all-or-nothing aproach <paroneayea> The type of the ‘/etc’ service. This service can be extended by <paroneayea> (list `("issue" ,(plain-file "issue" "Welcome!\\n"))) <paroneayea>which one is used to become /etc/issue, and what is the other one used for? <paroneayea>I guess it must be the first tuple member used for /etc/issue <lfam>monkeypatch looks useful. Too bad we lack a package for it :) <lfam>I'm skeptical of the claim in this LWN article that humans can visually verify the QR code or OpenSSH-style randomart <OrangeShark>paroneayea: I think the "issue" in plain-file would be the name of the file. <lfam>The OpenSSH randomart is not a hash; you can get the same art for different keys <lfam>And even if it's different, human brains are bad at comparing things like that <paroneayea>OrangeShark: yeah, what's the other one used for? <lfam>That's why we enjoy those "spot the difference" games <lfam>"made", I actually just extracted the OpenSSH code <lfam>It's nice to create bigger random-art fields and pipe urandom through it periodically. Digital clouds :) <paroneayea>ACTION temporarily abuses extending etc-service :) <bavier>ACTION is having trouble drawing the line between (gnu packages maths) and (gnu packages engineering) <ZombieChicken>I'd assume that, if it's primary purpose is for engineering, it should go in the later and if the primary use if math, it should go in the former <bavier>yeah, there's just so much math in engineering :) <bavier>and I like to be impartial about purpose <jje>trying to add network-manager-service to my GuixSD. http://paste.lisp.org/+74A2 is my config. /etc/config.scm:12:2: error: invalid field specifier is the error i get from guix system reconfigure. where did i go wrong? <rekado>jje: ‘define’ cannot be inside (operating-system …) <jje>ah ok thank you back to the drawing board then. <rekado>bavier: my view on engineering was that it’s for electrical engineering (geda), CAD, and similar applications <rekado>bavier: whereas math is for libs. <rekado>I have more problems separating math and algebra… <bavier>rekado: yeah, that's another one <bavier>rekado: I appreciate the separation of maths and engineering, just a bit hard sometimes for me to distinguish high-level-pde-maths-lib from pde-solver-for-engineering <bavier>e.g. our gmsh package could probably go in (gnu packages engineering) <bavier><joking>we could be completely impartial and use a hierarchy based on package name prefixes like (gnu packages g gcc) and (gnu packages l llvm)</joking> <baconicsynergy>so0o0o0o my previous two attempts to do a system reconfigure ended in tragedy, but knowledge was gained <baconicsynergy>i want to trash the two latest generations and keep the stable one that im using now. its great to be able to fallback to it, btw <baconicsynergy>im reading the manual, but can't find it. how can i delete them? <paroneayea>baconicsynergy: afaik, manually "rm" the symlinks of the profiles you aren't using from /var/guix/profiles/ <paroneayea>M-x guix-system-generations will help you look over which ones to remove, if yer emacs-inclined <paroneayea>we need better tooling here, that's generally acknowledged <baconicsynergy>I have everything I really need: LibreOffice, GIMP, Inkscape, LibreCAD, IceCat, Ardour, Rhythmbox, all the GNU coreutils <baconicsynergy>and a couple other packages, but they'll be coming around soon enough <jmd>I should run gc again sometime. <jmd>It's even more fun dealing with all the broken things afterwards. <paroneayea>jmd: hey, that only happens when our graft system breaks right? ;) <jmd>Well there are also problems if you've run guix environment and want that environment to still work. <paroneayea>jmd: well yes that's true. I consider that a bit less alarming. But we should have a way to keep those. <civodul>jmd: nope, that works well, fortunately <jmd>even if you've exited that environment? <paroneayea>jmd: well if you've exited that environment, doesn't it make sense for it to be gc'ed? <paroneayea>what we need is a way to keep it persistent though <civodul>well, 'guix package -p' does that but it's not integrated <buenouanq>how do I determine who to report bugs to? should they all go to guixsd and let you guys figure it out, or should I first try to find if it's the program or gnome or gtk or whatever and talk to them? <bavier>buenouanq: any amount of triage is appreciated, but sending bugs to us is fine. <bavier>paroneayea: I can try to answer questions <paroneayea>bavier: apparently I need the following packages: <paroneayea>but I don't know much about how to look these up <bavier>you should be able to just give those names to 'guix import cpan' <paroneayea>I'm soo close to having a dirvish setup working, I should really stick with it, but I'm pretty close to just writing the equivalent program in guile! <paroneayea>by "pretty close" as in, losing patience with not having a backup system running again :) <bavier>I know the feeling, I was going to spend tonight getting my home backups back up an running <rekado>hey, do you know where I can find ox-bibtex? I thought it would be part of org-mode but it doesn’t seem to be available. <efraim>I hear its in contrib in orgmode <rekado>yes, but it doesn’t seem to be part of our emacs-org package <civodul>rekado: it's in contrib/ in the org-mode repo <civodul>Nicolas Goaziou wrote it IIRC, which is why i asked 'em on the ml <ng0>if no one picks up fixing notmuch before 1 PM tomorrow, i'll do it. i have an appointment before that. also caffeine at this hour is not good x.x