<niebie>I use gitk to get a summary of repositories - it looks like the build process does build gitk, but it doesn't install it into the profile when you install the git package. Does anybody know anything about this? <snape>niebie: yes, gitk belongs to an "output" of the git package: the "gui" one. <snape>you might need to type: guix package -i git:gui, so that gitk is installed. <niebie>ah, i wasn't aware of that command syntax. that makes sense. <snape>(side note: if you use Emacs, I hope you tried magit :-)) <niebie>i have tried magit, and if i was always on linux i would use it for most things <snape>well, you can use it on Windows and Mac I reckon <niebie>unfortunately a significant portion of my time is on windows for work <snape>too bad you have to use Windowd <niebie>for any repository of meaningful size, the high number of calls to git causes huge slowdowns <CharlieBrown>How bad is the GNOME experience on GuixSD? Does GNOME Software work? <snape>but wait, did you install Guix on Windows?.. <snape>CharlieBrown: that's a pessimistic question :-p <niebie>snape: right now i'm in GuixSD on my personal machine - the issue is that i like to have a unified environment across machines when i can <niebie>that command syntax did indeed get it installed in my profile - many thanks <CharlieBrown>snape: I'm debating between Trisquel 8, Parabola, GuixSD, Debian, or Fedora. <niebie>CharlieBrown: I use suckless.org's tools for my desktop, so I don't really know about gnome. I think it is the default desktop and worked fine for me <niebie>snape: i believe that one of the many goals for the year of magit is to improve cross platform support, probably leaning on libgit quite a bit <snape>CharlieBrown: I don't use Gnome either, but even if it doesn't work very well, it's an opportunity for you to contribute, and it's a great experience :-) <CharlieBrown>IDK how to encrypt my entire disk on a Libreboot X200 on GuixSD. <snape>CharlieBrown: well, that's fairly easy <snape>just one symlink to do in /boot/grub <niebie>CharlieBrown: I like GuixSD quite a bit, but there is a bit of a learning curve to getting decent at it <CharlieBrown>Several people have done it, but copying their config was hard. Those long strings of IDs for the disk/volumes were confusing to alter for my particular hardware/installation. <snape>CharlieBrown: I don't have long strings of IDs... <CharlieBrown>Hold on, I'll find what I was having to deal with in the docs. <snape>well, it's written "Alternatively" :-D <snape>you definitely don't need it <niebie>That way if your physical drive setup changes it still works <CharlieBrown>I guess I could install a Flatpak of Firefox and run it there. <niebie>Icecat is just a fork of firefox, it should be able to run that afaik <niebie>i just went to riot.im and it seems to be working in icecat <CharlieBrown>It does not. I have tried it. IceCat completely BREAKS WebRTC. <niebie>my mic is busted right now so i can't really test that <niebie>but, i did try to invite you to a chat - it _appears_ to work on my end, idk i don't really use riot personally <niebie>I have been wanting FireFox Quantum for a while now, I might package it <snape>CharlieBrown: it was for niebie sorry "That way if your physical drive setup changes it still works" <CharlieBrown>niebie: Would verbatim Firefox be allowed, or would you have to basically port Abrowser to comply with FSDG? <niebie>CharlieBrown: you can define any package you want, there is just no guarantee that it will be accepted into the official Guix repositories <niebie>CharlieBrown: I have several packages that I have lying around that i use personally that i never submitted upstream <niebie>I'm just going to try importing nix's firefox and see if it just works (tm) <niebie>I don't use them - 'installed' in Guix means that the package is in your .guix-profile, IE links to the /gnu/store/.../ files <niebie>ofc you can put things wherever you want otherwise - aren't Flatpaks independent of the host system? I don't see why they wouldn't run if all the references to assemblies are relative <niebie>you can just try this in a vm ofc <niebie>i'm running on a thinkpad X131e, shit educational hardware <niebie>1.3ghx i3 means i don't run vm's either <niebie>one thing about GuixSD is that if the substitutes are not available, you end up building the packages on your own hardware <niebie>it is for my hardware on occasion <niebie>being out of date with the build server and building the linux kernel isn't fun <CharlieBrown>I'd normally have no issue with it, since I've used FreeBSD and Slackware, but GuixSD is worse because it goes all the way up the dependency tree and compiles THAT half the time. <niebie>Yes, but usually if you pull and reconfigure then packages are available on the build servers <niebie>but on the occasion where you _need_ a package real fast, a long delay is hell <snape>you can workaround this by buying a powerful machine that builds everything for you <niebie>I'm getting around to having a cuirass server setup <niebie>I have one I'm just waiting to recycle for that, as soon as I stop playing HOI4 on it <snape>and for build Firefox, it might be really useful :p <niebie>I don't mind waiting a while for a build in the background <snape>if you are trying to fix a bug or something, it's less frustrating when the build lasts 8min than 60min. <niebie>sure - but as i said, i'm hoping that the nix package just works for me <CharlieBrown>Is writing a recipe any harder than writing a PKGBUILD? (Would Arch users get frustrated packaging for Guix?) <niebie>If you know guile it is great. If you don't like lisp you will hate it <niebie>git's build process is complicated enough for you to see the 'harder' end of packages imo <niebie>I guess if you write a Wisp backend for guile it would interop similar to the elisp backend <niebie>but afaik there isn't one, and all the scheme code is in guile rn <niebie>i'm not an expert in the implementation details, but what i meant is for wisp to be a first class citizen in the Guile vm. <niebie>based on the language modules in the source code, looks like brainfuck, bytecode, cps, ecmascript, elisp, scheme, tree-il, and value are the langugage backends the vm supports directly <CharlieBrown>Bonus points if you can mix brainfuck and heavily nested Scheme <niebie>i have a friend that is obsessive about brainfuck <niebie>-[------->+<]>.-[->++++<]>.+[->+++<]>.--.+++++++++++..[++>---<]>--.-[--->++<]>-.+++++++++++.[---->+<]>+++.[->+++<]>++.[--->+<]>----.+++[->+++<]>++.++++++++.+++++.---.--.+++.. <niebie>i try and have as little casual knowledge of bf as i can, keeps me sane <niebie>i'm NOT going to learn how guile's vm does stuff with it <OriansJ>niebie: generally, everytime says they wrote a large program in brainfuck, what usually is the case is that they leveraged the C to brainfuck transpiler <niebie>I'm trying to get my buddy in here to defend the brainfuckers of the world ***liveuser is now known as cbr0wntmp
<cbr0wntmp>OK, is there a system declaration I can just copy and paste for full disk encryption with GNOME on Libreboot X200? <efraim>testing clisp-2.49.90, can't find the stray /bin/sh <tomlukeywood>orelozno1: i decided to build from source and i have run ./configure and i am told i need to check my guile-2.x installation <jlicht>tomlukeywood: guild is a guile package manager for scheme, akin to npm for node. I would recommend using binary guix for you initial installation, and then using that guix to build a new guix from source. <jlicht>tomlukeywood: guild might be packaged as 'guildhall' btw <efraim>tomlukeywood: there is a 'guild' binary in guix's guile package <efraim>but it seems to be for compiling guile modules <rekado>guild is not a package manager. It’s part of guile. <pch>Hello Guix, i want to have mutual tls package download. I have setup a webserver with server/client certs and have the corresponding client certs for the client side. How can i supply them from the .scm file? <lorslara>i3lock-color is listed in the package list so why doesn't guix find it? <wigust>lorslara: What do you mean by “guix find”? <lorslara>guix gives me an error which says "unkown package" when I try to install it <lorslara>Also it doesn't appear when I run guix package --list-available <rekado>lorslara: what “package list” are you refering to? <rekado>lorslara: what version of Guix are you using? <rekado>you may need to update to get a version that includes the package you want. <pch>any hints/links on implementing mutual TLS in guix? <rekado>lorslara: v0.14.0 was made on Wed Dec 6 09:22:12 2017, but that package was added on Tue Jan 24 13:03:42 2017. <rekado>So you need to run “guix pull” to get a more recent version. <rekado>You should do that anyway in order to get access to updates. <pch>i have tried one way SSL with guix, it works :), but how to do two-way handshake? Is my question understandable? <efraim>If I'm having problems with my store can I delete the database and have guix rebuild it? <pch>it makes my store really heavy and if i run "gc" these dependencies are downloaded again <rekado>efraim: no, the database is the canonical description of the store. <efraim>Not looking good for my build server <efraim>Btrfs reported a bunch of errors on the disk, I'll try 'guix gc --verify=repair,contents' again <newbie>Hi guix, i am not using GuixSD and have installed guix on Ubuntu for my first tests <newbie>I just want to distribute binaries via guix and do not want to build on the target machine. How do i stop guix to download unnecessary packages required for building etc? <newbie>It seems to download lot of dependencies and makes my store really heavy <lfam>newbie: In general, Guix only downloads things that it needs to use <efraim>Guix doesn't have a way to specify only using substitutes, but if you add '-n' to your build or package commands you can see what would be built or downloaded <lfam>If you are building locally, it's because there is no pre-built binary substitute found on our servers <newbie>newbie: yes, but for e.g. i donot need to install packages like gcc, since i am not building them on target <newbie>lfam: yes, but for e.g. i donot need to install packages like gcc, since i am not building them on target <lfam>Otherwise it's hard for us to know what's going on <newbie>efraim, Ifam: i am attaching the list what it shows. and i do not need most of them since i do not build the package. <lfam>I don't see GCC in the list <newbie>my package "first_remote-2.11", just contains a simple text file <lfam>Most of those are software used by Guix to build profiles. So if it's your first time doing `guix package`, or if you recently updated Guix, you will need to download those programs <rekado>�ACTION doesn’t see anything because that website requires javascript for some reason� <lfam>After you've built your first profile, you won't need to download those again until they get updated by us and you update your Guix <newbie>yes, but my store becomes more than 1G <lfam>Guix is not reusing the software from the host system, but is self-contained. So you will end up need to store both distros <lfam>I mean, you will need to store both distros <newbie>Is it not possible to to just install my own package without these? I do not need them <newbie>I mean i do not need them for my package <newbie>i will just attach an output where you see that gcc also got downloaded for e.g. <rekado>�ACTION still cannot see anything on thepasteb.in� <rekado>�ACTION updates haskell packages now� <lfam>newbie: Does your package use the gnu-build-system? <rekado>It’s official now: GNU Guix is participating in Outreachy. Our application has been approved and we can now begin to welcome prospective interns. <pch>lfam: i just use trivial build system and move a downloaded file to a certain directory in my installation <lfam>pch: Right, I'm not sure why it downloaded GCC there. Presumable Guix needed it for something, or expected to need it. But it could also be a bug, hard to say <lfam>That paste looks like it's from the first time you ran `guix package`, because it downloads the bootstrap binaries. <roptat>it always happens to me after a guix gc <pch>yes, its my first time, because i ran "gc" <lfam>I think it's typical after `guix gc`, because you'll have deleted all the build-time dependencies that are not referenced in a profile <roptat>guix downloads the bootstrap binaries even when it doesn't need to build anything <roptat>at least I remember that happening <pch>is there a way to ignore it. <pch>how to keep the store light? <lfam>pch: There's no option to ignore it. It would require changing the Guix code somehow <rekado>pch: the store is as light as it can be. There is nothing you can do to make Guix build or download fewer things than what is described in the derivations. <pch>rekado: in general i get your point, but i wanted to use guix for an embedded platform and just want to distribute binaries (without building them on target) using guix. In my case i donot need most of the dependencies installed? <rekado>if you’re not building on the target why don’t you cross-build them first, and then push the package closure (and only that, e.g. via guix pack) to the target? <pch>so for building them, we do cross build them <pch>what does it mean to push a package closure? <pch>so does this mean, i dont even need to install guix on my target? <jsierles>That command will export the specified packages, and their dependencies, as a tarball you can extract and on your platform. In the pack you'll find a profile <pch>what do you call dependencies here? is GCC a dependency for my package? <lfam>rekado: Should we add etc/guix-daemon.cil to gitignore? <jsierles>pch: Just try the command and see what you get in the tar. It will likely be much less software, since when you build you also get build time deps like GCC <pch>Had a look in guix pack, but i dont want that because: <pch>I wanted to use features like secure download, atomic updates, data integrity checking out of the box <pch>otherwise i will need to implement them myself as a separate service <jsierles>pch: you need to do that from embedded platform itself? <jsierles>All I can think of is to have your own build server from which you serve all your packages. That way, you can guarantee everything is already build there and served as a binary. To avoid unnecessary builds on your embedded platform <pch>jsierles: i am evaluating if i can distribute binaries over the air, to IOT devices <jsierles>pch: I see. I wouldn't rely on guix's internals for that kind of security <pch>jsierles: for which security? Https? <jsierles>you said 'secure download' and 'data integrity' checking <pch>i tested the data integrity, it works fine. What issues do you see? <jsierles>I'm just saying guix wasn't designed for this use case <pch>by secure download i mean SSL connection By data integrity, i mean SHA256 <jsierles>If you aren't running on a local network, you're likely to have to repeat a lot of builds on your devices <pch>"repeat a lot of builds"? i am not building anything on the devices <jsierles>OK, i don't understand what you're doing them or what the problem is <pch>the problem is, that the store is too heavy for my usecase, where i do not want to build specifically <amz3>can some try 'guix package -i bigloo@4.3b' and tell me if it works. I have a hash mismatch on my side <pch>i want want to download a file, and install it on a particular location. What i do not want to have packages like gcc to be downloaded to my store <lfam>Please report the hash mismatch <lfam>Any ideas how I can build a particular package (unzip) with FORTIFY_SOURCE? I'm passing "CFLAGS=-O1 -D_FORTIFY_SOURCE=1" but it seems to have no effect <lfam>Could be a bug in the Makefile but I want to make sure I'm trying the right thing <pch>jsierles: I hope I was able to explain... <jsierles>pch: Still not too clear what you want to do. since you say 'download a file', what is the file? <pch>jsierles: sorry for confusion. It is intended to be a binary file <jsierles>pch: Your own software or something else? <pch>Which gets guix installed in users profile <jsierles>what gets guix installed? your embedded platform? <jsierles>Maybe it would be good for you to write a small document with your architecture. That would be easier to follow <pch>The binary gets moved into a user profile <jsierles>A short answer is that you can't avoid the store bloating because you sometimes need build dependencies <rekado>the best way to avoid building anything on the target is to not use Guix. <pch>Understood but I wanted to use it instead so that I get all the functions out of the box <pch>Do you mean that guix is only meant for host systems only? <rekado>Guix uses binaries only as an optimization. It is perfectly happy to build everything from source and will do that if no binaries are available. <rekado>for your use-case I’d simply use “guix pack” to deploy software and replace it atomically by swapping a link on the target. <jsierles>pch: Guix pack can also generate Docker images if that helps. <pch>rekado: what is the benefit of using guix pack in that case? I can tar it myself too <pch>Is there anything specific that it offers <rekado>it gets you the complete package closure; nothing more, nothing less. <pch>I guess I have got an idea to move forward <pch>I will try pack tomorrow <jsierles>pch: Also inside the package you get a profile which you can source to get all the environment variables setup. That's important too. Though you would get it with a normal profile, you don't want to have to tar that up manually... <rekado>the Haskell package updates are tricky. <rekado>I’ll also have to upgrade the default ghc <efraim>From my 'guix gc --verify' I'm getting a bunch of: error getting attributes of path `/gnu/store... <jsierles>Yeah, that's just suggesting to use guix pack <jsierles>My goal here is actually to run the guix-daemon non-root <rekado>jsierles: no, it also suggests using proot. <jsierles>Actually, as root inside a docker container that doesn't have chroot privs <jsierles>Well, to be accurate, that article suggests using proot as a way to run the binary generated by guix pack. Not to run the daemon <jsierles>The previous link discusses how to run the daemon, but is pretty involved <jsierles>Alright, I got it to work just with `guix-daemon --build-users-group guixbuild --disable-chroot` <jsierles>--disable-chroot is all that's needed to get it working in an unprivileged Docker container. <rekado>but it’s not recommended because you lose build isolation. <jsierles>Yeah, this is just for a proof of concept, not a permanent installation. <habs>hi, i'm trying to install guixSD with full disk luks-encryption on /dev/sda1, but am having a lot of trouble getting it to boot from grub (i use libreboot so my grub config is stored in the bios CBFS). this was my config.scm (with uuid replaced): http://ix.io/Gug and these are the commands i tried to run at grub command line: http://ix.io/Gur that got me a prompt to enter my luks password, but then when I enter <habs>it it always kernel panics :-( <habs>has anyone been able to set up full-disk-encryption with guixsd? i think it should be set up fine, but it's just a matter of me figuring out what to type at the GRUB command line (and then updating the built-in config if it works). <rekado>a kernel panic is likely due to a failure to mount the root file system <rekado>why do you need to run anything at the grub command line? <rekado>up until a few weeks ago I also used Libreboot. <habs>rekado: yes, i agree. i'm running my commands at the grub command line because grub can't read my grub.cfg, as it's on an encrypted file system. my grub config is stored on my BIOS flash chip, it's a libreboot X200. i want to make sure it can boot before overwriting that config <rekado>I’d simply have Libreboot’s GRUB pass execution on to GRUB on disk. <rekado>instead of telling the Libreboot GRUB to boot Linux directly use “configfile (crypto0)/boot/grub/grub.cfg” <habs>rekado: that sounds like a good idea -- i'll try *just* doing cryptomount -a and then loading /boot/grub/grub.cfg, and report back after <rekado>you’ll need to unlock the disk a second time when Linux is booting, but it should work. <wigust>rekado: Is “configfile (crypto0)/boot/grub/grub.cfg” line generated by Guix? <rekado>that’s what you need to tell the GRUB on chip, not the GRUB that Guix installed. <pkill9>anyone interested in a github repo for Guix package requests (software to package in Guix that hasn't been added)? <pkill9>then you can just post them as issues <lfam>I just sent a patch to mitigate the UnZip buffer overflow, review requested <davidl>hi habs: Im running GuixSD with libreboot / GPT 1 LUKS partition / BTRFS <habs>davidl: rekado: hi, thanks for checking in! i was able to get it to work, but i had to edit this menuentry http://ix.io/Gw5 to say this instead http://ix.io/Gw9 (replacing 'cryptroot' with 'root') to get it to boot. i think it may have had something to do with my config.scm labels being wrong. <castilma>dae receive 502s from berlin.guixsd.org? <pkill9>does guix require large amount of RAM to install? i tried installing in VirtualBox with 512mb RAM available, and it downloaded a lot of stuff but eventually the process was killed due to being out of memory. Also the folder /mnt/gnu doesn't exist, which leads me to believe it didn't try to isntall to /mnt, I did however run `herd start cow-store /mnt` <pkill9>I didn't create a swap partition, i'll add one and try again <niebie>a swap partition doesn't really help if you go out of memory <niebie>disk is so much slower that most of the time is spent swapping, not doing things <niebie>i've installed guix on physical machines with 2gb of ram without trouble <niebie>it also probably depends on the install you are doing - are you doing barebones? <niebie>i would suggest getting a working system on barebones, then reconfigure to a more complete system <pkill9>nah, desktop, though i think i'l do barebones actually <niebie>i assume you are doing a pull before trying to install - iirc that is critical <niebie>otherwise your substitutes won't exist for many packages <niebie>it was probably building literally everything <niebie>its possible that some of the desktop packages _do_ require a large amount of ram to actually build <rekado>ther’s a known problem with the latest version of Guile that causes “guix pull” to consume a lot of memory. Currently you will need more than 1 GB.