<rekado_>CharlieBrown: the manual shows how to do full disk encryption <rekado_>DoublePlusGood23: LVM is there, obviously, but the initrd doesn’t contain the code to boot from LVM <paroneayea>ACTION wonders if you can you do an encrypted lvm for just the sensitive partitions and swap <rekado_>I used my LVM from Fedora with GuixSD <rekado_>I guess nowadays this could be done automatically <blu_>I'm trying to write xorg-configuration-file (a gexp defined in xorg service) out to an actual file in /etc/X11 from my operating system config, but I seem to have no idea what I'm doing. Any ideas how this should work? <blu_>it's a computed-file actually** but that contains a gexp which I presume I need to gexp->file on ***Piece_Maker is now known as Acou_Bass
<CharlieBrown>Trying to partition disks with single root and 2GB swap. <CharlieBrown>parted /dev/sda mklabel msdos mkpart primary ext4 0% 100%-2G mkpart primary swap 100%-2G 100% # Like this? <Apteryx>It seems the cached gmp package is empty. I've had a failure about it before, and now I see another user has had it too (hyperreal). <brendyn>Man deciding how many outputs to have is real frustrating <Petter>I want to replace one character in a string with another. I'm trying (string-replace-substring myvar "/" " ") but I get "Unbound variable: string-replace-substring". How do I enable this? <Petter>That's my guess, but I'm unable to find the right one. <buenouanq>string-replace-substring is not bound because you're not including the lib that defines it <Petter>I'm even looking at machine-learning.scm where string-replace-substring is used, and copying use-modules. But no. <Petter>Except the correct one I assume. <buenouanq>in the guile docs I'm only seeing string-replace <buenouanq>is string-replace-substring defined somewhere in whatever you're working on? <Petter>It's not in machine-learning.scm either. <Petter>At least searching for the phrase only gives 1 result in each file. <Petter>Only match in machine-learning.scm is: (string-replace-substring version "." "-") <buenouanq>and you've traced through all (load "file")s and all the modules they call? <Petter>I get no match for "(load" in either file. <Petter>Do you know of another way to replace a character? <Petter>I was looking at this earlier as well, but I was unable to get string-replace to work. <sneek>Welcome back phant0mas, you have 1 message. <buenouanq>I don't know Petter - I haven't done anything in Guile for a long time. <Petter>buenouanq: Ok, thanks though! :) <janneke>phant0mas: anticpating self-hosting mes release for...wel since fosdem <janneke>ACTION hasn't looked at hurd since vm recipe...very busy with mes <Petter>buenouanq: Turns out this isn't what I needed anyway. I tried hardcoding the value, but didn't get where I was hoping to go. Back to the drawing board... <buenouanq>how do I check and/or set the locale on guixsd? <Petter>You can set locale in config.scm. <ng0>"our VPS using OnApp (https://onapp.com). Also yes we can manually also add custom OS, but mostly these have not been working if there is no support for kvm or onapp. Example: http://templates.repo.onapp.com" <- has anyone of you SysOps / Engineers ever heard of OnApp? <ng0>btw: I might or might not get the chance to introduce some people to GuixSD (among other systems) if my hackerspace participates in this GNU/Linux Desktop Day the Linux Foundation has announced for next month <MaliRemorker>i'm trying to run a program extracted from a tarball created by gnu pack <MaliRemorker>... as a non-root user. I've found the instructions that you can do "unshare -mrf ... chroot ..." <janneke>MaliRemorker: i'm new to guix pack and unshare, what does the -r flag do? <MaliRemorker> Run the program only after the current effective user and group <MaliRemorker> IDs have been mapped to the superuser UID and GID in the newly <MaliRemorker> created user namespace. This makes it possible to conveniently <MaliRemorker> gain capabilities needed to manage various aspects of the newly <MaliRemorker> created namespaces (such as configuring interfaces in the net‐ <MaliRemorker> work namespace or mounting filesystems in the mount namespace) <MaliRemorker> even when run unprivileged. As a mere convenience feature, it <MaliRemorker> does not support more sophisticated use cases, such as mapping <MaliRemorker> multiple ranges of UIDs and GIDs. This option implies --set‐ <Petter>Oh, I thought you were a fast typer. ;) <Digit>ACTION points at MaliRemorker, to help add to the embarrasment <MaliRemorker>Digit: now i'm actually embarrased for not spelling it correctly <Digit>i just brashly pushed on, not knowing the spelling. i didnt know the right spelling, n i didnt care. ^_^ <janneke>MaliRemorker: and it does not work without -r, i presume? <MaliRemorker>i don't have access to fakeroot; i have this brand new 32 core machine running an ancient centOS system (because that's the IT dept policy) and no admin access; <MaliRemorker>i'd prefer not to need to chroot each time i want to run a guile script <Petter>Is there a construct for disabling (commenting/removing) a range of lines? <Petter>Oh, I mean for a package recipe. <janneke>removing or commenting the region is not what you want? <Petter>It is, but I want the recipe to do it. <Petter>Trying to use sed at the moment. <Petter>But maybe there's a more guixy way. <Petter>No, not a recipe commenting a recipe. A recipe disabling code in a project file. <ng0>so you want substitute* ? <ng0>(substitute* "file" (("foobar") "# foobar")) <brendyn>Is it ok to have a 3 or 4 differnt outputs? <ng0>probably not, but you can look at the substitute definition in whereever it was <thomasd>Petter: I don't think there's a ready-made construct for this (substitute* always looks at single lines), except adding a patch <Petter>Patch sounds interesting. I'll look into that. I assume one can create and apply a patch within a recipe. <thomasd>yes, you can grep for "(patches" in gnu/packages to get an idea <thomasd>but maybe some more tools for source code manipulation during the buid could be useful <efraim>Normally multiline means patch, its what I ended up with for onionshare with patching the setup.py <thomasd>also inserting something is more complicated than it should be, I thnk <thomasd>I've done it by looking for the line before/after which I want to insert using substitute*, and then adding that line again in the substitute, + what I want to insert. (not sure this is more light-weight than adding a patch ;-) ) <Petter>efraim: I don't see a patch in onionshare, only substitutes. <efraim>Oh, I must've taken the patch out during one of the upgrades <Petter>You don't happen to have it, or another example, nearby? I'm looking for a complete process of writing and applying a patch in a recipe. <Petter>So far all i see are (patches (search-patches... <efraim>(patches (search-patches is how the patch gets applied <efraim>The easiest way I've found for writing patches is to take the source tarball, unpack it, git init, git add ., git commit -m 'start', and then hack in my patch <Petter>I see. Are the patches then stored somewhere as files? <ng0>gnu/packages/patches OR/AND in the topdir of GUIX_PACKAGE_PATH <ng0>i think I have an example <efraim>I take my changes and export them as a patch <Petter>So one adds a patch to gnu/packages/patches and then refer to it with search-patch? <ng0>or root of $GUIX_PACKAGE_PATH <ng0>as can be seen with the .diff and .patch files <ng0>i would like it if not the root of GUIX_PACKAGE_PATH would be used but searched in directories, but it's not important to me <ng0>I'd rather put them in name/packages/patches or patches/ <janneke>to add a new package, i mail to guix-patches@gnu.org? <janneke>ACTION hasn't used the debbugs workflow yet, used to git send-email to guix-devel <ng0>hey, good news on torbrowser :) I don#t know which position gk fills, but after some time I finally have a positive reply on porting torbrowser <ng0>all i know is georg speaks for torbrowser project and commits code to it <ng0>might even be the maintainer, don't know al lthe names <ng0>Also, eventually someone I know wants to package icedove as a first guix package, as a roadmap task within pragmatique pragmaOS. Unless someone is secretly in the dark hacking on icedove already? <efraim>Icedove is rebranded thunderbird? <Digit>ACTION thinks both names sound like some kind of sex toy <brendyn>So I'm packaging 6 fonts together, but they are all atleast 30MiB each. Is it ok to create different outputs with different combinations of each font? <efraim>hmm, i should package vim-fugitive, i only use fugitive and airline as plugins <wingo>why is guix still built against guile 2.0 <efraim>building against 2.2 involves rebuilding the world, 2.2 came out after the last core-updates freeze <efraim>core-updates should be built against 2.2 though <wingo>some corrupt nars on hydra, sadly <wingo>ACTION rebuilding some old gcc on his poor little droplet <wingo>uf, one of them is glibc-bootstrap-0 <wingo>i do not understand why hydra caches truncated files :/ <wingo>which has a fcgiwrap service, a certbot service, and some things to do expose git repos over https <wingo>i think the certbot service is pretty nifty! just add (certbot-service (certbot-configuration "my-host.org")) and have an (nginx-service) in your services, and it should just work <wingo>so nobody here has perms to invalidate bad hydra cache entries? <efraim>Just got an email from scaleway, armv8 servers <davexunit>wingo: I think that might just be ludo and mark? <davexunit>this problem seems to come up more and more frequently these days :/ <wingo>i think andreas might also have perms <wingo>ACTION votes to give other people perms :P <wingo>congrats on mes release janneke :) <janneke>ACTION tried to make it in time for fosdem, but it slipped a bit <efraim>i realized that if I can't figure out how to have aarch64 use grub-efi in all places instead of grub, I can always `guix system init` on top of my current aarch64 system <bavier>janneke: congrats on the mes release <bavier>always exciting to see the progress you've made <wingo>i don't understand "top" any more <wingo>i can't get it to put things in an order that makes sense <mbakke>can someone try restarting the master evaluation on hydra? <mbakke>"Unable to reap all children, even after KILLing them at /usr/local/libexec/hydra/lib/Hydra/Helper/Nix.pm line 499." <mbakke>efraim: what more do you need apart from specifying grub-efi in the system configuration? <efraim>I tried to build an install image but it needed grub to run some commands somewhere and I haven't had time to go through it to see where I should pull in grub-efi for that <efraim>Grub is used all over gnu/system so it wasn't so fast <efraim>My first attempt was to just mark grub-efi as superseding grub, but then it cant inherit from grub <efraim>I want to switch grub-efi to grub and grub to grub-legacy and switch the inheritance, but that would be a breaking change <mbakke>efraim: I think changing grub to grub-efi in (gnu system vm) would be sufficient <mbakke><grub-configuration> is available there, so it should be possible to factorize it to use the grub package from there <mbakke>btw, if you've tested the jemalloc thp thingy on aarch64, could you push it to master? :) <efraim>I'm still having issues getting the patch to work correctly. I'm having trouble with the syntax somewhere <Petter>Hm, I want to forward a patch from a project to a fork. I've cloned the origin repo, but git tells me the commit is a "bad object". I'm tempted to just copy+paste the change. Is this kinda ok? <bavier>The "autotools is shit" comes up often, but I've yet to see an actual breakdown of concerns <efraim>I've learned to decipher configure.ac but actually coding it seems scary <bavier>it's not so bad once you read enough of it <bavier>and you can always fall back to good 'ol posix shell <wingo>do i hear that you just set up a server? :) <wingo>you want to try a letsencrypt thing? :) <wingo>or do you have a guix checkout? <wingo>if not then it could take a while i guess <wingo>i will paste my server config... <paroneayea>wingo: I need to set up a server for the activitypub test suite I'm working on <wingo>i think it works but i haven't tried the activation thing that requests the initial certificate <wingo>i am minimizing my config and will send it shortly, in the meantime there's docs in that branch <paroneayea>wingo: could you also paste me your sample config too? <paroneayea>wingo: ok I'll get to work on setting up a git checkout on that server <ng0>I'm wondering about the neo2 layout description. Like, in this case it's the console layout, not for X, and it is optimized for German languages. Should the description still be in English? <ng0>do the package descriptions get translated by translationproject? <wingo>paroneayea: you can build locally and read docs locally, might be easier <ng0>can be translated by translationproject? <ng0>I take that as a "they can be translated by translationproject" <ng0>and I have written a description in english now <paroneayea>it's too bad that "guix system vm" takes so long to come up on this machine <efraim>i'm busy hacking it to bits here, comments everywhere trying to get lightweight-desktop.tmpl to build ***methalo is now known as methalo_
<paroneayea>wingo: I notice a git service thing is exposed in here <paroneayea>wingo: is part of the motivation here for self-hosting git repos on wingolog.org? <wingo>paroneayea: no the motivation is more for guix-potluck.org, it has to host a git repo <wingo>and i wanted it to be over https rather than git:// <paroneayea>wingo: this is pretty cool, it doing the automatic renewal <davexunit>'guix import' isn't working for me because guix can't verify certs :( <wingo>davexunit: i think you have to install nss-certs <davexunit>this is an ubuntu machine with guix on it, btw <wingo>i think when you install nss-certs it will tell you which env var you need <davexunit>wingo: I'll make sure that's installed but I guess I have to wait for openssl to build <davexunit>CharlieBrown: easy to use, popular distro with good support <bavier>ng0: yes, package description are included in guix's gettext digests and get sent to translationproject <bavier>ng0: but, as one might image, with the large number of packages, many descriptions are untranslated atm <wingo>paroneayea: yeah i had to do that at some point too! <wingo>if you're on digital ocean there's a console too, if you have the root pw <paroneayea>wingo: I hadn't set the root password yet stupidly <wingo>paroneayea: if you are on digitalocean i think you can reset the password too! <wingo>i think i had to do that too <wingo>probably linode/etc that's an option <wingo>my experience report omitted all my blunders :) <ng0>I think with the file download now, I can try to just make neo.map an input of kbd <ng0>like I tried before but gave up <paroneayea>hilariously, there's a chmod in the recovery system <wingo>so i just submitted those service patches upstream <wingo>and i didn't hear back anything on my potluck patches, oddly <wingo>i guess i will just commit over the weekend <ng0>so I have a file without a version name which is downloaded in a package definition as an input. does this mean it ends up with just the name in the store, like /gnu/store/hashthing-foo.extension? <ng0>*without a version string <ng0>I could use the (version) of the package and not the input, but that would be wrong <ng0>no, doesn't work like that. I'll figure something out <ng0>ah… /gnu/store/5z31lx8ihr0gbdj6f0ymgwaja6d8smpx-neo.map ... well that works. <paroneayea>wingo: btw I recommend you add this to the example config <ng0>that's in the default i think <ng0>then I changed it already <ng0>and port something other than 22 because of automated attempts... but I guess you know that <paroneayea>changing the default port number kind of feels like the terrorists win <ng0>it's irritating when there are millions of login attempts each day <ng0>and you come back and the log is full of bloat… <wingo>paroneayea: i thought it was off by default for root at least? <ng0>rename-file when I have to do it anyway can replay install-file, right? It's been a while since I used it <ng0>nope. but I know how to do it again <paroneayea> (password-authentication? openssh-configuration-password-authentication? <ng0>no, root password is off <ng0>that is OpenSSH default <paroneayea>right, password auth is dangerous in general tho <ng0>and how do you expect the keys to end up in the config? <ng0>or on the machine? via root? <ng0>well it's for servers, headless <ng0>I don't see the problem <ng0>well let me take a look at my config first <ng0>welp. okay it's still on <ng0>thanks for reminding me <ng0>I think that install-images should provide this unchanged though <ng0>not every hoster has some out-of-band console <paroneayea>and we've discussed having some sort of service that just installs some flat files if they aren't there <ng0>doesn't exist yet, but I agree <ng0>is x11-forwarding #f really necessary when there is no x? <paroneayea>ng0: I think it's a good idea in general to put on on all your systems as a default, because you might reuse the config for something that does have X <paroneayea>can allow the remote machine to access stuff on *your* machine <buenouanq>not always smart to just trust defaults though, especially given that they may change in the future