<axd-v>Am I supposed to make a /boot partition that it left unencrypted and then however many partitions for the system? I want at least 2 for / and /home along with a swap partition, which should also be encrypted. How do I make sure that guix understands all of it, lets me user only one key to unlock the system and configures grub correctly? <rekado_>grafoo: I have. You also need a few configure flags. <dustyweb>axd-v: full disk encryption is possible, but if you don't want to type a bunch of decryption commands, you might want to just have it do it all in one partition <dustyweb>however you'll still need to type the key in twice, once in grub, once during linux boot <axd-v>dustyweb: not even a partition for swap? Just use a swapfile? <axd-v>dustyweb: so the one in grub is for cryptsetup, and the one during linux boot is for my user or root account? <axd-v>dustyweb: do you by any chance know if there will be a way to setup FDE with multiple partitions in the future? <zybell>grub doesnt give the key to linux <axd-v>zybell: linux has to decrypt and grub? Do you also keep your /boot partition in the luks crypt? <axd-v>dustyweb: thanks for the example I will try to adapt it. <axd-v>zybell: but I've used fde on arch and debian and even ubuntu and never had 2 keys or even put the same key in twice, why is guix special here? They also all used grub and a normal linux kernel. <mbakke>axd-v: Did you also encrypt /boot? <zybell>grub must be started from unencrypted(bootsector/efi dont know luks)but grub needs decrypt *when* the kernel is read from encrypted. Other os put kernel unencrypted,less safe. <dustyweb>zybell: guix can't have unencrypted /boot <axd-v>mbakke: I haven't set it up yet personally, I definitely want to encrypt it though. I would usually have this layout: bios_partition(/dev/sda1, for GPT with BIOS), boot(/dev/sda2), root(/dev/sda3), home(/dev/sda4),swap(/dev/sda5). I've done this with arch before, but now I use lvm so only need 3 partitions. <mbakke>axd-v: I have some bad news... GuixSD does not support LVM yet. <grafoo>rekado_: i opened an environment based on emacs, installed webkitgtk and ran configure with --with-xwidgets but i won't find the libs. <axd-v>dustyweb: so you just have a partition for bootloader bios_grub partition/EFI and a second for the whole guix? <grafoo>rekado_: what's strange, even pkg-config does not find the webkit libs <zybell>but the 'embedded' part *is* unencrypted or grub wont start. Note that I said "*started* from". It doesnt mean that the whole grub is unencrypted. <axd-v>mbakke: I did see that lvm isn't supported, but isn't it possible to set up multiple encypted partitions that open one another starting with root using just LUKS and without lvm? <mbakke>axd-v: I believe multiple LUKS partitions will work fine. <axd-v>mbakke: so is boot supposed to be encrypted or unencrypted and on its own partition? <mbakke>Regarding partitioning, I have the same setup you asked dustyweb about. <mbakke>axd-v: For GuixSD I would recommend having /boot on the same partition as /. <axd-v>mbakke: so having something like 4 partitions: bios_grub, root, swap, home, be possible? Which ones would be encrypted and which ones not? <axd-v>mbakke: forgot a boot partition, but only if there any point to split it from / <mbakke>axd-v: You can encrypt all except bios_grub; however you'd have to type a password for each during the boot process. <mbakke>Plus once for GRUB to unlock the root partition. <axd-v>mbakke: is that what you do? Multiple passwords? How many in total? <mbakke>There is no point in having /boot on a separate partition since GRUB needs to load the kernel from the encrypted /gnu/store anyway. <mbakke>axd-v: I only have one large partition for GuixSD with btrfs subvolumes for /home etc. <mbakke>Then a different partition with LVM that I use "manually". <mbakke>You'll also need a bios_grub partition, or an EFI System Partition, depending on your hardware. <axd-v>mbakke: so you use a swapfile in your guixsd partition for swap? Is your third lvm partition just used for data storage and irrelevant to the rest of the system? Just wondering why you have it. <mbakke>axd-v: I use a swapfile or an LVM partition if/when I need swap. <mbakke>The LVM partition is used for VMs, temporary mounts, that sort of stuff. Nothing interesting. <mbakke>More convenient than setting up backing files for the same purposes.. <axd-v>mbakke: never thought of having a throwaway lvm partition, might just set one up. <pkill9>how is a file in the store typically made setuid? <mbakke>pkill9: On GuixSD you can use (setuid-programs ...) in your system configuration. <pkill9>so would it automatically create a setuid wrapper in /run/setuid-programs when the package is installed by anyone? (that's my impression from looking at %setuid-programs in gnu/system.scm, i'm probably wrong tho) <mange>No, the packages referenced by %setuid-programs will be used as input to the system (so they'll be in the store), and setuid wrappers will be installed to /run/setuid-programs. A user doesn't need to install the package into their user profile in order to call the wrappers in /run/setuid-programs. ***atw` is now known as atw
<vagrantcish>given that users can build arbitrary software, it would seem a bit dangerous to allow users without root privledges to arbitrarily mark things as setuid... <axd-v>alright, so I'm building a custom kernel in my system config and I'm getting this error: `Makefile:933: *** "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev,lielf-devel or elfutils-libelf-devel". Stop phase `biuld' failed after 1.8 seconds`. <axd-v>Not sure what to do with it, there are a few more messages, but I think this is the main error. <axd-v>I'm trying to build linux 4.15.6 using a custom definition. It's inheriting linux-libre and it did work with another install of guixsd on another machine, so I don't understand why it should fail to build on this one. <axd-v>here's how my config looks like. The amount of modules and the specific ones are a bit all over the place since I don't really understand their hierarchy, but if anyone is willing to give it a look, it would help me a lot. http://paste.debian.net/1023618/ <axd-v>I've tried to install libelf in the installation live image and then try to run guix system init again, but the same problem came up. I guess gonna try to install libre version for now and hope that my raspberry pi arrives soon so that I can flash my bios and get rid of the wireless whitelist and install my libre card that I already have. <lfam>axd-v: Packages are built in ephemeral containers that only contain the packages listed in the package definition. So, installing a package with `guix package --install` or similar will have no effect on any package building <zybell>cross-compiling:libelf is needed in hostcode:nativeBuildInput in nix-Vocabulary. <zybell>(btw,you should say if you run a cross-compile) <axd-v>lfam: I see, well I'm now building a new generation with linux-libre. It should work and I may try to get the custom kernel to work maybe with the latest 4.16.7 version, but I have no idea what might be causing it to behave differently now that it's the same config on a different install. Still waiting for the easy deployment promissed by guix hehe <axd-v>zybell: well, I posted my config in the pastebin link above. Not doing anything that deviates from the installation manual and you can see what's in my config. Don't think I'm cross compiling since it's just an amd64 architecture, but I really don't know. <lfam>axd-v: My guess is that, on system that worked, Guix had been upgraded to a newer version with `guix pull`, whereas the failing system was still using an older version of Guix. <zybell>sorry,I thought it was for Raspberry.But libelf has differences between i686 and x86_64. <axd-v_>sorry got disconnected, let me see the archive real quick <axd-v_>zybell: I see, no worries. I'm probably going to ultimately use FreedomBox or something on it which sets up nextcloud and other hosted services out of the box. Should be nice from everything I heard about it. But first I will use it to flash Heads+Coreboot onto my thinkpad x230 which should also be fun. <CornBurglar>I realize it's not recommended, but with my current hardware the only way to run GuixSD is with the use of (unfree)intel wifi. Is there a good way to recompile GuixSD with this allowed or otherwise make the distribution usable for me? <vagrantc>alright, guix pull finally worked on armhf-linux with f2e66663c2e00b482cdf5ba83173291d30363e7c ... i wonder if breaking out the base system helped, or if it was some other random thing <vagrantc>CornBurglar: you'd have to use a kernel other than linux-libre <axd-v_>CornBurglar: check your private messages <vagrantc>anyone have any advice about bootstrapping an armhf guixsd install from a machine with guix installed? <vagrantc>guess i can adapt the example for beaglebone-black <vagrantc>i don't have herd installed, so i can't run "herd start cow-store /mnt <vagrantc>do i need to manually copy the existing /gnu/store and/or bind-mount /gnu/store to /mnt/gnu/store ? <mange>I'm pretty sure `guix system init /path/to/config.scm` will install correctly. <vagrantcish>so, how do i install without a bootloader? i don't yet have a bootloader in guix for this yet... <efraim>I think you can add --no-bootloader <vagrantcish>i'll be adding a bootloader shortly ... just found gnu/bootloader/u-boot.scm which i wasn't aware of before <vagrantcish>$ sudo -E guix system --no-bootloader init /mnt/etc/config.scm /mnt <vagrantcish>/mnt/etc/config.scm:9:0: error: missing field initializers (bootloader) <efraim>You might need to add a bootloader field even if it isn't being used <efraim>I'd try (bootloader #f) first, otherwise I'd toss in some grub one <axd-v_>Ok, so I have installed guixsd system and rebooted for the first time. I used encryption, so here, grub, after starting from bios_grub partition, tries to open the next partition which is encrypted in order to boot the kernel, but it shits the bed and doesn't find uuid or something. Has anyone experienced this? <axd-v_>actually never mind everything I just said. I'm dumb and used the wrong password, but it is still strange that it didn't prompt me again and just failed. <axd-v_>So my GuixSD install gets stuck during the boot procedure on `clocksource: Switched to clocksource tsc` anyone have any idea what this is? <mange>Doesn't seem to be GuixSD specific. From a brief search it looks like a kernel thing. <mange>... By which I mean, a problem that happens on other distributions, too. <axd-v_>mange: how do I try some of those different options for clocksource? <axd-v_>where would I put them in, or do I have to compile again? <mange>I think to try them out you could try editing the grub entry that you boot, to add in the flag. <mange>Wait, you're not using grub, are you? <mange>I'm not really familiar with non-grub bootloaders, so I don't think I can be much help. <axd-v_>mange: like when I can select a grub entry, I would select e to edit it? And the prepend stuff to the linux ... part? <mange>Okay then! When you get to the grub menu you can press "e" to edit the command before running it. On the end of the linux line you should put the extra arguments for the kernel. <mange>Yeah, what you said, except appending rather than prepending. <axd-v_>mange: that's right, it worked, now that i changed clocksource=hpet <axd-v_>but what did it change? Is the tsc method supposed to work? <axd-v_>mange: alright, well thank you very much anyway, at least I'm in the system right now. <mange>But to fix it without having to manually edit the grub config each boot, add a kernel-arguments field to your operating-system in config.scm, then reconfigure your system. <mange>I think you'd need (kernel-arguments '("clocksource=hpet")). <axd-v_>mange: makes sense, will do that, thanks <axd-v_>So I'm trying to run a `guix pull` and right after everything is done compiling I get this: `exception thrown whlie printing backtrace: In procedure private-lookup: Module named (guile) does not exist` <soundtoxin>I want to set up an mpd service and an ssh server, but I don't know what I have to put in my config to get them working. Can anyone assist? <mange>Have you looked in the manual? (guix) Audio Services, and (guix) Networking Services look the most helpful. They each have an example that can be added to your services entry in your operating-system. <soundtoxin>I haven't yet taken a stab at getting mpd working, I think I tried and failed to get ssh working, but I'll give it another go <axd-v_>Has anyone had any problems with getting `guix pull` to complete on the latest commit? <soundtoxin>I don't know how to fit the examples in to my existing file <soundtoxin>the audio services article mentions (gnu services audio)... what part of my file would I want to put that in? <mange>Have you written any lisp/scheme before? <soundtoxin>technically yes, but I consider myself as one who cannot currently program <soundtoxin>I have started sicp but I don't really have a good grasp of it <mange>Okay then. What you have there, (services %desktop-services), is defining a list of services, as a field of your operating-system (which is opened higher in the file). <mange>So, what you need to do is add more services into that service list. <mange>By replacing that with something like (services (append (list ...) %desktop-services)) <soundtoxin>okay, not sure how much of this to take literally, I get that I should expand the services thing instead of adding a new service thing below it <mange>Then, where that ... is, you want to put your service definitions. So maybe (services (append (list (service openssh-service-type)) %desktop-services)). <mange>If you put that in your file, it should actually work. But I've defined that openssh-service-type with no configuration. If you want to put in configuration, you can do it in the same way as what you have in your screenshot (bearing in mind that nesting of parentheses matters, but whitespace doesn't). <mange>If that doesn't make sense, say so and I can put together a more complete example. <soundtoxin>I don't understand entirely yet. I quickly start to lose track of how many parentheses I need and where <soundtoxin>(services (append (list (service openssh-service-type )) %desktop-services)) <soundtoxin>not sure where I add in the openssh-configuration and other stuff <mange>First of all, what you have there will already work. If you don't provide a configuration it will run, but it might not quite have the settings you want. <soundtoxin>ah yeah, you were saying that. I don't know if I'm used to some amount of pre-configuration from other distros <mange>But otherwise, you need to put the openssh-configuration stuff (including all the relevant parentheses) where you have that single space after openssh-service-type, but before the next closing paren. <soundtoxin>I haven't updated today so it might take a bit before I see if this works <soundtoxin>I have an alias that does 'sudo guix pull && sudo guix system reconfigure /etc/config.scm' <soundtoxin>not sure if this is the best approach, but I just run it every now and then to get updates or when I change my file <mange>If you change the file you don't need to pull first, which can let you rebuild much faster. <soundtoxin>I guess if I did a reconfigure before a pull it might finish faster <mange>I also usually don't pull all the time, because the build servers aren't always up to date on master. <soundtoxin>yeah I often end up compiling things for a couple hours <mange>So sometimes I pull, then run the update a bit later, in the hopes that I'll have more substitutes available. <soundtoxin>/etc/config.scm:110:26: error: openssh-service-type: unbound variable <soundtoxin>my use-modules section looks like (use-modules (gnu) (gnu system nss) <soundtoxin>adding ssh to the end wasn't what I needed to do I guess <mange>You could try (gnu services ssh). Or you can also add a (use-service-modules ssh) line. They do the same thing. <soundtoxin>ah okay, I have a (use-service-modules desktop) line, can I just put 'ssh' after 'desktop'? <mange>Make sure it's inside the parentheses, though. <soundtoxin>holy crap... it really works. that was simpler than I thought it'd be <mange>The only problem I have with the default openssh config is that it allows password authentication, so you should try changing it to only allow authentication with a private key. <mange>Unless you are fine with password authentication. <soundtoxin>I've never gotten into much of that stuff with ssh. I guess I could give it a go. I usually have password authentication, and then I generate keys and do 'ssh-copy-id user@host', then it doesn't ask a password anymore. <soundtoxin>I guess disabling password auth is just more secure <mange>Yeah, disabling password auth means that other people can't guess your password. Usually a secret key is a lot harder to guess than a password. <mange>Well, there are other attack vectors besides guessing a password, but for some reason that's the one I'm most intrinsically scared of. <soundtoxin>my only worry is not being able to get into my own machine at some point... my workflow doesn't account for key-only ssh currently <soundtoxin>I generally generate a new key on each machine and then copy it over via that command <soundtoxin>if I was going key-only access, would I just make one key and keep it on a flashdrive or something? <soundtoxin>not sure if it's secure to have the same key on multiple machines <axd-v_>Why could guix complain that `Network is unreachable` when I can ping websites reliably. `nmcli` reports 2 connections, wired or wireless. Why would it play with me like that? <mange>I have one key per machine. When I generate a key I copy it onto another machine with access, and use that to copy the key to the server. <soundtoxin>yeah I guess as long as I keep one machine with access I can work things out <mange>As long as I have at least one device with a valid key then I can set up all of my other ones. <soundtoxin>I shared a vps with a friend who had password auth disabled so I had to deal with manually adding keys of other machines a couple times <mange>axd-v_: What is saying the network is unreachable? <axd-v_>...and now it starts working. I have been having these intermitten issues recently, hopefully it just goes away. mange: guix was saying that it can't get the substitutes but after a little more time, same thing just works. <mange>Yeah, I've had problems with networking on GuixSD that I don't understand. I have basically no idea how to even start debugging it, but it usually fixes itself relatively quickly. <mange>I've assumed it's my machines, because it's usually been on things with fairly patchy Linux support. <axd-v_>mange: have you ever had this network problem happen mid installation? I have a few times just today. The only thing that saves me is that guix doesn't restart entirely from scratch everytime. <mange>Yeah, I think I have. I haven't reinstalled for a while, so I can't really remember. <axd-v_>mange: I mean even mid `guix pull` or `guix package -i ..`? <mange>Oh, right. I don't think of them as installing. :P But yeah, definitely. <mange>Because at some point the network just gives up, and everything stops downloading. Then I start it again and it's like "oh no, sorry, I do know how to download things!" <soundtoxin>mange: so if I now want to get mpd going, do I just add to that same section where I just put openssh? <soundtoxin>well maybe add another )) and put it near the end or something <mange>Yep! Within the parentheses that the (list opened. If your editor doesn't help you then you'll have to count parentheses, unfortunately. <mange>We usually use indentation to specify how many parentheses there are, which can be helpful. All the code in the documentation is formatted in this way. <mange>Parentheses are pretty important in scheme, so if you're planning to do much with Guix it might be a good idea to find an editor that can show you which parenthesis matches which. <axd-v_>mange: haha that's exactly what happens. It didn't use to do that on an older install I had a couple of months ago, so a bit of a regression, oh well. <axd-v_>It still gets me that to install git, even with completely updated system, I have to wait for like 10-15 mins <soundtoxin>and maybe I should move some of the parens from the end to earlier... <mange>Excellent! In that case, think of the parentheses as being like a function call. Your earlier (service openssh-service-type (openssh-configuration ...)) is similar to service(openssh-service-type, openssh-configuration(...)). <mange>Sorry, that was about the vim comment, not the broken config. :P <mange>This will be hard to explain, but easy to show. Give me a few minutes and I'll show you what you should have written. Hopefully that will help you to work out what to do in future. <divansantana_>libreoffice crashing with "GLib-GIO-ERROR **: Settings schema 'org.gtk.Settings.FileChooser' is not installed". Anyone seen that? <mange>It's also worth mentioning that I don't think ~ expansion will work within a system config file. <soundtoxin>was kind of just looking at my mpd config from another distro <mange>divansantana_: I have seen that, and it was talked about on one of the mailing lists at some point (maybe a bug?). I think it's matter of installing something to the profile, but I can't remember exactly what. <soundtoxin>hm I wasn't thinking of this in a system-wide mindset I guess, I normally would use a user config and user systemd service. I might want to change where I mount my music <soundtoxin>I'll use it with how I was thinking for now to make sure it works <divansantana_>mange: thanks. Ill search the mailing list a bit later. If anyone knows, let me know :) <soundtoxin>/etc/config.scm:111:24: error: mpd-service-type: unbound variable <mange>soundtoxin: Yeah, that file is for setting up the whole system. I run a separate shepherd process to manage my user daemons, and mpd is just one of those. We ideally would love to have a more cohesive approach to managing daemons, but we're not there yet. <soundtoxin>ohh I gotta add 'mpd' somewhere near the top I think <mange>mpd is in the audio service module (which you can find in ~/.config/guix/latest/gnu/services/audio.scm). <soundtoxin>well, had to add 'audio', but I think it's gonna work now <soundtoxin>okay it says service mpd has been started, but ncmpcpp refuses the connection <mange>So `herd status mpd` says it's started? <mange>The default port that it listens on is 6600, but you specified 6666 in your config. Are you telling ncmpcpp to connect on the right port? <soundtoxin>I guess maybe I need to configure ncmpcpp now so it knows what mpd process to attach to <soundtoxin>I didn't use a port in my config on another distro so I wasn't even sure what it was for at first <mange>You can just leave it off and it will use the default. If you just delete the port line it should "just work". <soundtoxin>still won't connect. where should I configure ncmpcpp? also in this file, or a more traditional way? <mange>Oh, you've hit on an annoying bug that will definitely annoy you. <mange>You have to stop mpd, then reconfigure the system. <mange>The reconfigure process is really conservative, so it won't redefine or restart running services. <mange>So, run `herd stop mpd`, then reconfigure and, if necessary, run `herd start mpd`. <mange>Sorry, I always forget about that. <soundtoxin>so on another distro I normally have a state file configured, so if I restart my pc it keeps the same songs in ncmpcpp <axd-v_>damn, my computer just shut off while compiling(?) icecat. Nothing feels overhot, so I don't think it was a thermal emergency. Not a good sign. <mange>I don't really know what you mean, so I don't know. I thought mpd managed its own state, and stores it somewhere so you don't have to think about it. Do you mean ncmpcpp stores its own state? <soundtoxin>I'm trying to add (state-file ...) in case that's it, but now my parentheses are off again somehow <mange>It doesn't look like there's a setting for that. <mange>Give me a sec to investigate. <mange>Yeah, it doesn't look like it gets set. Can you try adding some songs to your playlist, then restarting mpd, then check whether or not they're still there? <mange>If it doesn't work, you should raise a bug for it! <soundtoxin>when I try to play a song it won't actually play, it stays stuck at 0:00 and says paused when I hit enter in ncmpcpp <soundtoxin>also I just did the restarting mpd test and it does wipe my list <mange>Yeah, okay, so there's no state file. That shouldn't be too hard to fix. If you raise a bug for it I'll try to fix it in the next few days. <soundtoxin>so to file a bug do I just want to send an email to bug-guix@gnu.org? <axd-v_>mange: what do you do usually when guix forgets how to use networking? <mange>Also, by default mpd should connect to pulseaudio, but I don't know enough about that to be able to help you debug it. <mange>You could check the log file? /var/log/mpd/brad/log might have some insight. <mange>axd-v_: Usually I disconnect the network and reconnect, either by pulling the plug or by turning my wireless off and on. <mange>It doesn't happen often enough to really mess me up, but it sounds like you've got it a lot worse than I do. <axd-v_>mange: yeah it's happening all the time at the moment. I'm using a weird kernel which might affect something. I'm using 4.15.6, the mainline. The network reset seemed to reset it. I'm hoping this will go away once I transition to linux-libre kernel and a different wifi-card (intel -> atheros) <mange>Sorry, /var/run/mpd/brad/log. <soundtoxin>exception: bind to '0.0.0.0:6600' failed (continuing anyway, because binding to '[::]:6600' succeeded): Failed to bind socket: Address already in use <axd-v_>although, other distros didn't have problems with this card or intel's drivers <mange>soundtoxin: Can you check if there are any other mpd processes running, and kill them if there are? Also `herd stop mpd`. Then, once you're confident none of them are running, run `herd start mpd`. <mange>axd-v_: Yeah, my problems have been most prevalent with a nonfree kernel and an intel wireless chip. <soundtoxin>after a herd stop mpd I don't see anything mpd-related in htop, and starting it again I have the same problem and the log looks the same <mange>Hmm. I feel like I have seen that in my mpd logs before, despite mpd working fine, but I'm not at a machine with mpd at th emoment, so I can't check. <axd-v_>Does anyone use `Nextcloud`? It seems like the client isn't packaged, so a job for a brave soul? <efraim>the owncloud client is packaged, it should work for owncloud or nextcloud <axd-v_>efraim: it does? That's great news, thank you. <axd-v_>Is it possible to install two things at the same for the same user? <axd-v_>i.e. have two `guix package -i <package>` instance running under the same user? <efraim>not a good idea, its not certain what will end up installed at the end of the two processes <axd-v_>efraim: they don't lock something to make sure that something like this doesn't happen? <axd-v_>Well I was waiting for icecat to install and installed a couple other things meanwhile and it seems ok so far. Will be more careful in the future. <axd-v_>heh, nice password there. Shouldn't be hard to change <soundtoxin>anyone had issues with i3lock? when I run it, it won't accept my password. I have to go to another TTY and then pkill i3lock to get back to my session <soundtoxin>how does xlock decide what screensavers to use? I didn't have xscreensaver installed, so I installed it and then disabled a bunch of the screensavers from xscreensaver-demo, but when I use xlock it still uses ones I turned off <civodul>soundtoxin: did you use 'screen-locker-service' for i3lock? <civodul>if you don't do that, i3lock cannot check your password <soundtoxin>I just found out that xscreensaver is separate from xlock and a newer program <soundtoxin>went to try it, it couldn't get my password, killing it from a TTY froze my machine entirely <civodul>yeah it should be just one line in your 'services' config <soundtoxin>/etc/config.scm:112:24: error: i3lock: unbound variable <soundtoxin>I added it as (screen-locker-service i3lock "i3lock") <soundtoxin>but the package is called i3lock-color, not sure if that matters <soundtoxin>is there anything in the manual on setting up pulseaudio? not sure if my pulseaudio broke or if it was just never set up previously <roptat>civodul: I'm still trying to make a binary tarball for my phone, but I can't remember the command to run :p ***Piece_Maker is now known as Acou_Bass
<efraim>make guix-binary.aarch64-linux.tar.xz <roptat>soundtoxin: you may want to add dbus-service in your system if you don't use %desktop-services <roptat>efraim: guix/scripts/pack.scm:403:31: Throw to key `match-error' with args `("match" "no matching pattern" #<package glibc@2.26.105-g0890d5379c gnu/packages/commencement.scm:678 2d52180>)'. <soundtoxin>I use %desktop-services but I'm wondering if I broke it by misconfiguring my services section <roptat>could you share your configuration? <efraim>I'd have to check the makefile to see if its a different command then <roptat>soundtoxin: what's wrong with pulseaudio? no sound? <soundtoxin>icecat tells me audio won't work without pulseaudio, pavucontrol says it isn't running, and I have no sound in mpd <soundtoxin>if I play a video in mpv it has sound, but it says it's using alsa <roptat>can you try to run the pulseaudio command (as a user, not root) <zybell>soundtoxin from your error it runs,but accepts IPv6 only. <zybell>so any client trying v4 thinks its away <soundtoxin>I didn't have pulseaudio in my packages list, but I manually added it due to this problem. Does that cause any issues? <soundtoxin>since I might be getting it both from %desktop-services and my packages list <roptat>zybell: I don't think pulseaudio listens on IP <roptat>I have no idea how to help you :/ <roptat>do you have a configuration file pulseaudio may read? <zybell>Either you configure your client to use v6 too or you could strace -f the startup of mpd,see where it tries to read conf from,where it gets the notion not to use v4,and depending on source change that. <soundtoxin>any configuration stuff should just be part of my config.scm file <zybell>but that isnt read directly by mpd <soundtoxin>I've never used strace before, but I guess I'll install it <zybell>so guis places that data into a conf <zybell>what if another conf from a previous install is in the way in another dir? <soundtoxin>so how should I go about this? do I do strace separately from mpd or is it one big command? <soundtoxin>should I 'sudo herd stop mpd' then run strace and 'sudo herd start mpd'? <zybell>more like `sudo strace -fo logfile -s 4000 herd start mpd` <civodul>roptat: guix pack --localstatedir guix <roptat>civodul: /gnu/store/mjhfil9h4fwkfks1hdlyjmir9xhz8lf9-tarball-pack.tar.gz <civodul>am i actually talking to a shell? ;-) <roptat>I don't know why you wanted that though <civodul>it's the command to create a binary tarball <civodul>now i see that efraim already answered anyway <az`>guix-geiser-eval-read: Wrong type argument: arrayp, nil <az`>on <M-x> guix-all-available-packages <az`>(freshly installed guix + xfce + emacs, ~default desktop config without gnome packages) <civodul>az`: could you email the details to bug-guix@gnu.org, along with the elisp stack trace? <civodul>it works for me but i've seen it fail this way on other people's machines <bavier`>�ACTION has a meeting with IT to discuss security topics relating to Guix� <bavier`>civodul: thanks, that will be good to have at the top of my mind <bavier`>the current item on the agenda is the build workers group and user accounts <civodul>in theory we could use user namespaces instead <civodul>perhaps something we should look into <bavier`>right, but afaik our systems do not have user namespaces enabled <bavier`>civodul: could you tell me more about this: "home directories should be mounted on the master node as well so that guix-daemon knows about these non-standard profiles and avoids collecting software they refer to." <bavier`>guix-daemon doesn't scan home directories; it just needs to be able to check if a symlink to /var/guix is still alive, right? <civodul>so if it doesn't have access to home directories, it might think that a link it finds in /var/guix/gcroots/ is a dead link <civodul>and then it might reclaim the think that this link would otherwise protect <az`>civodul: I report this on emacs-guix notabug already <bavier`>so, it really needs read access to *all* filesystems that a client might make a profile link <castilma>hey, guix system vm-image starts qemu. how can i make it only return the image? <civodul>bavier`: to be on the safe side, yes, but you could have a policy saying that profile links must be in one specific place <vagrantcish>civodul: the armhf segfaults went away after the commit splitting out the base-packages: f2e66663c2e00b482cdf5ba83173291d30363e7c <civodul>vagrantcish: ok, thanks for the heads-up <civodul>i'm pretty sure it's non-deterministic and due to another threading issue, though <civodul>i've been working on providing a reduced test case with one bug we have <civodul>but just doing that is already difficult... <vagrantcish>plausible that processing things in smaller chunks actually mitigated or worked around a bug that's already there? or did i have just dumb luck? <vagrantcish>�ACTION is getting the impression that there aren't many available substitutes for armhf packages� <civodul>vagrantcish: it could be luck, it could be that smaller chunks help, who knows :-) <civodul>re substitutes, hydra.gnu.org has much less build power for arm, so that's probably why you're seeing fewer substitutes <civodul>it also has fewer users i think, and substitutes are prepared on-demand <castilma>can someone tell me: when you use guix system vm-image, does it start qemu without gui? does qemu quit after a while? <vagrantcish>so, the first user who asks for a substitute that isn't present yet builds it locally, and then the build farm picks it up? <vagrantcish>or is it possible for the initial request to wait for the build to complete on the substitute servers? <vagrantcish>�ACTION also just had an experience where "guix pull --commit=N" failed, "guix pull --commit=N-2" succeeded, N-1 succeeded, and then N succeeded ...� <civodul>vagrantcish: it's not building that on-demand, it's just "baking"--i.e., preparing and compressing the actual archive, assuming the item was already built <pkill9>hmm i just got this error Starting download of /gnu/store/xrn652lsbj9g6h521i54qj1lsfdz80x9-bamf-0.5.3.tar. <pkill9>In procedure getaddrinfo: System error <jlicht>pkill9: I get that too when I have a flakey internet connection. <kvetcher>Hi, could someone please help me with config.scm setup? I'm looking at a custom kernel config, and it comes with SHA256 hashes that I don't understand. <kvetcher> It looks like this: (source (origin (method url-fetch) (uri (linux-custom-urls version)) (sha256 (base32 "1vzl2i72c8iidhdc8a490npsbk7q7iphjqil4i9609disqw75gx4")))) <kvetcher>Where should I look to find the corresponding hashes to add to my config.scm before I install with it? <pkill9>kvetcher: you can get the hash of a file with `guix hash <local file>' or you can get it from a url using `guix download <url>` <kvetcher>pkill9: If I install the guix package manager separately on my current computer, I can do that? <apteryx`>Hello! I'm using a SSH port forward to connect to IRC using a firewalled network, but gnutls fails the handshake, with the most likely cause being this message: gnutls: the hostname in the certificate does NOT match "localhost". Would there be a way to make this work, even with the hostname discrepancie? ***apteryx` is now known as apteryx
<efraim>phase `strip' succeeded after 303.8 seconds <kvetcher>How do I know what a SHA256 hash refers to? I found the line "(define (linux-firmware-version) "9d40a17beaf271e6ad47a5e714a296100eef4692")" and can't figure out what the hash leads to. linux-firmware-version only pops up in 1 other spot. Online decrypters for it return errors. I'm a bit confused by the whole SHA256 thing. Help please? <pkill9>i dunno kvetcher, but you can use `guix hash <file>` to get the hash of a local file, and `guix download <url>` to download the file and get the hash of it <kvetcher>pkill9: Thanks. A shorter version of my question is "how do I go from an unknown hash to the original file"? <kvetcher>pkill9: Unfortunately, the config.scm on my hands is a bit old, and the hashes correspond to modules and firmware for an older kernel release (not to mention possibly a different architecture). <kvetcher>zybell: So a hash assigned out of the blue without a url leading back to the download source is a dead end? <pkill9>maybe it refers to a git commit? <nckx>kvetcher: Also, that's a git commit (which happens to be SHA-1 but that's not really important), i.e. a ‘version’, not a hashed tarball. <zybell>sha(1-512)are all constructed to make this impossible- <nckx>So you can ‘git clone <repo>’ and ‘git checkout <commit>’ and that's the source you're looking for. <nckx>I'm guessing you'll find <repo> in the linux-firmware package definition, but I didn't check. <zybell>if somebody finds a way to do it,that func is ditched, and a new one constructed,where that trick wont work. <nckx>kvetcher: After reading the channel history: I'm still not entirely sure what exactly you're trying to do, but if you're writing custom package definitions you can use ‘guix download <URI>’ or ‘guix hash’ to calculate the checksum of an already downloaded file. <nckx>That's not usually done or needed in config.scm though, so I might be way off :-) <kvetcher>nckx: I'm trying to copy someone else's config.scm. Do I need the hashes? <nckx>kvetcher: You need hashes if you're modifying standard Guix packages or defining new ones, yes. It's not a standard setup, but it's possible. <nckx>Hard to say without seeing your config.scm and knowing exactly what you're trying to do, but if it's not a linux-libre variant I'm afraid we can't help you with that. <nckx>(Hence why I'm only giving general advice since I'm pretty sure that's the case :-) <kvetcher>Will it all work on a default-BIOS T400? <nckx>kvetcher: Not trying to be unhelpful here, but 1) please see the channel topic for the preferred pastal service and 2) pasting anything with ‘define-public linux-nonfree’ in this channel is not going to end well :-p <nckx>I will gladly explain any general packaging questions you may have though, though. <kvetcher>nckx: Sorry about that. Do you have a tutorial to SHA256 sums for packages? I see them all the time, but searches online tell me how to verify them or generate one from a file. What are they actually? <nckx>Changing gears a little: are you sure you need a different kernel at all? <vagrantc>wow ... installing guixsd on armhf is taking... a long time. :) <roptat>I've added a postgresql database in my config. How do I connect and create a database? <nckx>Because it's not like installing Libreboot would magically liberate you peripherals. Linux-libre should boot on any machine. <nckx>kvetcher: As in ‘what is a hash’? Hm. <kvetcher>nckx: well, I need wifi to work. When I booted it up, it didn't show my wireless interface. I've used hashes in hash tables before in a data structures class. I'm not sure how they relate to package management and keysigning (other than that these hash functions require factoring large primes to crack them). <divansantana_>How can I modprode a module with a particular option in the config.scm? <vagrantc>basically, the hashes allow you to determine that the thing you've downloaded or produced matches what was expected. <nckx>kvetcher: While I certainly don't want do discourage you from flashing Libreboot, it won't solve your wifi problem. Only replacing your wi-fi card or using an external (USB, ...) one (‘dongle’) will do that. <kvetcher>Huh. Guess I'll have to do some shopping then. vagrantc: I don't actually need them for downloading a package? They're just to protect against man-in-the-middle attacks? <nckx>kvetcher: I know it sounds cumbersome (I was once in your boat), but think of it as an investment :-) <vagrantc>kvetcher: or any other form of data corruption <vagrantc>kvetcher: in any reasonable package management system, you'll want some sort of cryptographic hash to verify that you're getting the right thing. <mbakke>divansantana: I think currently you have to pass "module.option=foo" in (kernel-arguments ...). <nckx>kvetcher: To be very sloppy, there is only one real file in the world that matches any given hash. So if your file matches that hash, you can be 99.muchos% certain that it was not maliciously modified. A million caveats apply, but that's the gist. <mbakke>vagrantc: What arm hardware are you installing GuixSD on? <nckx>^ a million CS heads explode <vagrantc>mbakke: so, reasonably powerful, as armhf boards go ... quad-core, 3.8gb ram (usable) <bavier`>nckx: seems a reasonable layman's explanation to me :) <vagrantc>technically has 4GB, but the SoC can't see it all <davidl_>somehow I have gottena all these little boxes with numbers in them in my browser and in emacs. <davidl_>not sure how to fix it. seems like a font issue, but I ran fc-cache -f and it didn't help. <mbakke>Sounds similar to another arm laptop we talked about... ;) <mbakke>vagrantc: Cool! Afterwards we just need a Mali driver :P <mbakke>The novena looks really nice, what chassis do you have? <vagrantc>mbakke: the "desktop" variant ... basically the laptop without the battery controller <vagrantc>mbakke: freind lent it to me as it wasn't being used, figured i could test and fix things on it <nckx>Yeah, OK. Maybe not a million. Like, six. <vagrantc>mbakke: the LCD support isn't pushed upstream, though :/ <divansantana_>comma-separated: unbound variable . Where/how can I see where this is defined? Which module to include. <vagrantc>mbakke: but even with such a "powerful" system, "guix system init" has been running for well over 12 hours and still doesn't appear to be anywhere near done <vagrantc>took a crazy long time for "guix pull" to work <mbakke>12 hours, wooow. Are we lacking substitutes, or what? <mbakke>`guix pull` took about 1hr on the c201 IIRC. <nckx>divansantana_: You sure that's a existing variable? <vagrantc>�ACTION is curious what the armhf substitute builders are currently� <vagrantc>given the lack of substitutes, should probably at least publish my builds somehow. <mbakke>I don't know their specs. Probably you can find some mailing list post about it :P <mbakke>But why is `guix system init` taking so long? <vagrantc>linux-libre took a long time ... gcc-5.x took a good long while ... it's been stuck on guix-build-guile-static-2.2.3.drv-0 for at least a couple hours <mbakke>Perhaps you'd have better luck if you started on the 0.14.0 tag. <mbakke>Substitutes for releases are GC protected. <vagrantc>mbakke: so if i skipped "guix pull" and then just build it? <vagrantc>going to have to upgrade sooner or later, though :) <mbakke>vagrantc: That *might* work better. <mbakke>I'd check with `guix weather`! :) <mbakke>It sounds odd that you didn't get substitutes for GCC and Guile from a recent pull though. Hydra definitely has those. <nckx>divansantana_: My guess is (al utils) [not (al guix utils)!] which is imported but not included in that repository... <nckx>I'm guessing it just a trivial string-join wrapper that you can rewrite or avoid yourself. <nckx>Seems a bit over-engineered IMO but I'm sure there's a reason. <nckx>�ACTION no longer wants to use IMHO in a post-xkcd world :-/� <vagrantc>mbakke: i'm always surprised by what gets a substitute and what doesn't. <mbakke>vagrantc: Are you sure the Hydra key is authorized? You can find it in `/etc/guix/acl`. <lfam>davidl_: It sounds like those applications can't find a font that provides the full range of Unicode characters <davidl_>lfam: yep, and how can you fix that? <davidl_>I started working more with user manifest and moved all font packages to one of those. Now Ill try and put them back into system config.scm <lfam>davidl_: I would take a look at which fonts are installed. I know we have fonts with large or complete Unicode character glyphs, and font-gnu-unifont is a good fallback for the entire Unicode "basic multilingual plane" <nckx>Does anyone have working emojos under GuixSD and know why? <lfam>davidl_: It's possible that fonts are found when logging in (dunno) so you may need to log in and out for the applications to find the newly installed fonts. I don't really know how fonts work on GNU / Linux <nckx>�ACTION doesn't use them, but it's somewhat affecting my relationship.� <davidl_>lfam: ok, ill try installing that package. <lfam>nckx: I have them on my headless system at the console with font-gnu-unifont <lfam>nckx: But they are very crude renderings. If you want to really communicate with them we should find a font that has prettier glyphs <nckx>Hm, I've already put that into my system packages and they are still not rendered. <nckx>Not even as mystery boxes. ‘Hi dear, you sent another empty message this morning. Oh. Oh dear.’ <nckx>Oh. Crude renderings fine. Way better than copy-pasting apparent s into a search engine and seeing what the spam results are titled. <nckx>But OK. It's not my package set at fault. What was the fc-something something that everyone's always tripping over? <lfam>`fc-cache -f` according to our manual <lfam>It comes front fontconfig <nckx>Ah, I've also tried that. Thought there was something else. Hoped. Idly. <lfam>I should figure out how this all works someday <vagrantc>mbakke: i see two keys in there, one ed25519 and one rsa ... <nckx>It affects everything from mu4e to Icecat so it's not some desktoppy thing. <vagrantc>mbakke: they seem to correspond to the hydra and berlin.guixsd pub files <nckx>vagrantc: Are they both in /etc/guix/acl? <lfam>nckx: Do your installed fonts show up in `fc-list`? <lfam>From there, I would take a look at your locale set-up <lfam>The dejavu font web page has been lost to a cyber-squatter <nckx>The unifont one is the only one I've explicitly installed. fc-list shows... quite a few gs-fonts and four unifont*.ttf. So I fear that's ‘good news’ :-( <lfam>nckx: Do you have any programs with a "font picker" installed? For example, LibreOffice? I wonder if it shows up there? <nckx>My locale is .utf8. Thing is, after installing the Unifont I do see *more* ‘typographic’ glyphs. Just not all. <nckx>lfam: Good tip. I don't, but I can install one. <lfam>nckx: There are a few new Unicode emojis since the last unifont release, I believe. I think the pretzel is one <lfam>And I'm not sure how it handles the skin-color emoji picker <nckx>lfam: Nah, not even smiley faces. <lfam>You have to *be* smiling to see those ;) <nckx>Which, ironically, weren't they part of some ASCII flavour? I remember them from my yooth. <nckx>lfam: Hey! I smile! Sometimes! I'm sure! <lfam>I remember using fonts that used emoji-like images in place of ASCII characters, if that's what you mean. Wingdings was a childhood favorite <nckx>I'm talking raw IBM VGA funtimes. <nckx>Not the renderings I know, but hey, thanks for solving all my problems, Unicode. <davidl_>I suspect part of the font-issue is using Wayland. <davidl_>removing some fonts helped 1 issue but created another.. <nckx>I'm just using boring old X & i3 with as little as possible in-between. <nckx>�ACTION switched from xmonad to i3 because of Wayland, ironically, but then went back to X.� <nckx>Nice. gucharmap only took 10 minutes to install. <nckx>Good news is Linear B renders fine. <nckx>Well hello pixelated smiling poo! <nckx>Sopologies: apparently this isn't a font bug, but a configuration problem with uxterm & Icecat. Only the two ways I can read mail. <nckx>Thanks lfam & davidl_ (for reminding me of fonts). <davidl_>nckx: how is this a problem with the Icecat package? Or is it upstream? ***tilpner_ is now known as tilpner
<nckx>davidl_: ‘Configuration problem.’ Not saying it's upstream. Probably very downstream. Somewhere in the chair-keyboard area. <vagrantc>well, guix system init finally stopped ... but with a backtrace :/ <vagrantc>gnu/system.scm:952:23: gnu/system.scm:952:23: In procedure struct_vtable: Wrong type argument in position 1 (expecting struct): #f <vagrantc>ah, back to the bootloader configuration problem. <vagrantc>apparently doesn't like #f passed as a bootloader. <vagrantc>so... --no-bootloader doesn't seem to be very... useful ***Piece_Maker is now known as Acou_Bass
