<marusich>In the build.cc file, we #define pivot_root. Looks like it expands to SYS_pivot_root. I see in the linux-libre source there are places that mention "sys_pivot_root", but not "SYS_pivot_root".
<marusich>I've looked in a couple places, and I can't figure it out. What is SYS_pivot_root referring to?
<civodul>SYS_pivot_root is the syscall number for 'pivot_root'
<marusich>I found the answer in glibc-2.25/sysdeps/unix/sysv/linux/sys/syscall.h
<marusich>Fun fact: I don't know why, but pivot_root succeeds when I launch my docker container with --privileged, but it fails when I launch it with --cap-add=ALL
<marusich>I thought all capabilities would have been enough; I guess I was wrong...
<marusich>At least this is just something that happens because I'm running guix-daemon. Other GuixSD Docker imgages, which don't run builds using Guix, shouldn't require such extensive permissions.
<marusich>I wonder what the difference between --cap-add=ALL and --privileged is?
<marusich>I think I'm just gonna roll with --privileged for now and see if that will be good enough for doing the things I need on a Mac.
<marusich>Since the question of what privileges must be given to a Docker container in order to run a specific service inside it depends on what the service does, it's orthogonal to the creation of GuixSD docker images, so I'll see if I can polish up my patch I sent long ago for that.
<efraim>is there a way to use binfmt with guix on a foreign distro?
<groffer>Is there a way to predict how much space will required in TMPDIR for building? I ran out with 3.9GiB when trying to install cargo (apparently no substitutions are available (yet?)), now I hope 95GiB will be enough ;)
<pkill9>i find that for example, 'guix gc' will remove build software such as gcc and make from the store, because I don't have it installed to any profile or have them registered with the garbage collector, so when i next build something it needs to redownload them
<groffer>quiliro, I have only *very* limited understanding, but I think stuff gets deleted by guix gc when it's not referenced by any used profile, i.e. also things that are only build dependencies but are not needed once something is installed. Then when you do guix package -u some of it might be needed again and thus re-downloaded
<pkill9>also i have only limited understandign so can't give you definitive answer
<groffer>It also bothered me a lot in the beginning, as it seems very counter-intuitive, but now I just use a ~9GiB partition for /gnu and haven't needed run guix gc during the last few weeks :) (I use guix on a foreign distro and have only limited amount of packages installed, YMMV)
<quiliro>so i can guix gc and operate correctly....but i have to re-download if i need something as a compilation library which is not necesary for the installed packages but it is for the packages i will install?
<ng0>hm.. so if letencrypt needs(?) files owned by root, and prosody requires them to be read by prosody only *and* prosodyctl cert import can't find the certnames in the /etc/lets.../live/name-different.. folder, how is one supposed to make prosody with tls work in GuixSD? I mean I have my own CA in an old repo, but LE would be better. One idea I have is copy the files around and chmod
<marusich>Does anyone here understand the difference between LOG_COMPILER and LOG_DRIVER? I do not understand from reading the Automake manual and inspecting our Makefile.am what the contract is for these things.
<marusich>From reading the section "15.3.3 API for Custom Test Drivers" I understand that log *drivers* are expected to follow some kind of contract which is pretty well defined in the manual, but I do not have a clue what a LOG_COMPILER is supposed to do. Just run and return an exit code? I don't know.