IRC channel logs


back to list of logs

<quiliro>rekado: where are the videos?
<minall>Hello guix!
<minall>My xorg session freezes... I'm only able to use the PC using SysRq, to retrieve my keyboard from the X session...
<minall>What can I do to be able to use graphical mode?
<quiliro>minall: had you not repaired that with sdd?
<minall>Nope, that was a test
<minall>But happends the same on slim or sddm
<quiliro>no entiendo.....ya podías entrar en el modo gráfico antes
<minall>Nope, parece que me esta dando ese problema, tanto con el kernel nuevo, como con el kernel 4.9
<minall>linux-libre claro..
<minall>No se que hacer, pienso instalar pureOS para al menos tener activa la PC
<quiliro>estoy mareado
<quiliro>yo ví que funcionaba con linux-libre
<minall>Bueno, ahora intento instalar guix de nuevo y, no puedo..
<quiliro>ok...lo que pasa es que la configuración de Xorg da el problema
<minall>Me da ese error, le he intentado cambiar el kernel y de sddm a slim... pero nada..
<quiliro>puedes ver el log
<quiliro>de Xorg
<minall>Pense eso, elimine toda configuración de xorg, como keyboard-layout o el módulo que le añadí, pero nada...
<minall>Enseguida a prendo...
<minall>Dado que puedo entrar al modo terminal, puedo descargar wgetpaste, y publicar el log si lo desea...
<quiliro>claro...pero es mejor que tú lo analices
<quiliro>te puedo guiar
<minall>Ok, estoy instalando wgetpaste, lo iré analizando de todas maneras
<quiliro>estás en el modo live?
<minall>No, estoy en el sistema pero en el modo terminal...
<minall>No me funciona wgetpaste... cual era el servidor a parte para poder pasarle?
<quiliro>fíjate en los mensajes que negan (EE)
<apteryx>where is the line about what module is OK to pull in a Gexp vs what is not?
<Kolya>I currently use GNU Guix on a foreign distro, but I would much rather use GuixSD alone. However, I use LUKS2 and LVM, of which both are supposedly unsupported. Is there anything I can do ( I dont want to revert to LUKS1 if I can ). Perhaps I could use dracut as initramfs? Point me in the right direction.
<quiliro>Kolya: perhaps you could get more responses if you send an email to the help-guix mailing list
<leungbk>@efraim: I read your message about the problems with the crate recursive importer. I think the reason we get two package recipes for rust-xdg instead of just one is that presently, rust-xdg appears twice in the recipe for rust-afl: once as a #:cargo-input, and once as a #:cargo-development-input. I suppose the most straightforward solution is to run a filter on the computed #:cargo-development-inputs, so that rust-xdg appears in
<leungbk>#:cargo-inputs but not in #:cargo-development-inputs. Is this OK, or will this cause the recipe to fail?
<apteryx>I'm now at adding some new record to operating-system, to describe the partition layout of the storage devices. Has anyone thoughts about this? It'd look like:
<apteryx>And then instead of having parts of the Guix code base hard code things (e.g. when creating a disk-image), this config could be honored. More flexibility and more transparency.
<apteryx>The partition file-system type is consciously omitted, as this is where the existing file-systems list can pick up.
*vagrantc finally built qtwebkit with ~24GB free and it failed with 14GB free ... so not sure how much it actually took in the end
<user_>hello there
<user_>anybody around
<str1ngs>if you have a question user_ it's best to just ask :)
<user_>ok lol
<user_>i have installed guix
<user_>cant update it
<user_>guix pull
<user_>then guix package -u
<user_>doesnt work
<user_>pull works , -u or update not working
<user_>any idea what im doing wrong
<leungbk>guix upgrade
<leungbk>after guix pull
<apteryx>does someone have a good understanding of a record definition?
<apteryx>what is the constructor needed/useful for?
<user_>leungbk thanks it worked :)
<verbasidor>since Tor installed in Guix , is hidden service repository ?
<verbasidor>is there*
<verbasidor>i dunno if guix supports the transfer of data through onion routers with its package manager
<xavierm02>Is there some specific area other than comments in the package code where we can write stuff stuff that could be useful to know for people modifying this package?
<xavierm02>And if not, is it fine to write a lot of stuff in the comments?
<xavierm02>And on an unrelated topic, would a thunderbird package be accepted in Guix?
<rekado_>apteryx: the constructor is used to build a value of that record type
<rekado_>xavierm02: probably. It’s just tricky to package.
<xavierm02>Ok. I'll probably give it a try since it's the only program left I need to be able to completely replace Debian
<rekado_>xavierm02: excellent! Let us know here or on the mailing lists if you need help.
<xavierm02>By the way, my LyX package is ready I think. I just added the wrapper to make it find Qt plugins, and removed the weird forlder placements and it works
<xavierm02>The question remains of why that specific folder name was needed in the first place. I tried a few things to try to guess that but couldn't find anythign that worked when Lyx is in a lyx2.3 directory and not when it's not
<xavierm02>Is it fine to submit the path if it compiles and works, or should I put more effot into guessing why this special folder was added?
<rekado_>xavierm02: just submit it and mention it. We’ll see then if this can be fixed.
<jort>Hi. I'm trying to install guix in a virtualbox vm (on Windows host). Worked fine yesterday on another machine, now it fails repeatedly. Using a fresh and verified download of guix 1.0.1 x86_64. Tried a bunch of installation options. Error message is here: (I had to type it out, sorry about any typos). Any ideas what might be wrong?
<jort>Sorry, just noticed the paste link:
<rekado_>jort: this sounds like a network error.
<jort>ok. It could be something with my VM, but there are several succesfull pulls before it fails, so that seems unlikely. Is there a way to see what it is trying to pull when it fails?
<dftxbs3e>hi guix
<dftxbs3e>I'm on core-updates and getting this error: [ 47%] LOAD gnu/machine/ssh.scm error: failed to load 'guix/ssh.scm': ice-9/eval.scm:293:34: no code for module (ssh session)
<dftxbs3e>any idea how to solve it?
<dftxbs3e>I'm compiling on powerpc64le-linux with this commit in addition to the core-updates branch:
<dftxbs3e>hmm I guess I need guile-ssh though it's not in the README
<xavierm02>dftxbs3e: I think it tells you to run "guix environment guix" somewhere. Maybe that fixes it.
<xavierm02>People that offload: What kind of machine do you offload to?
<dftxbs3e>xavierm02: I don't have guix, so I can't run that
<dftxbs3e>I am not offloading
<dftxbs3e>I'm porting GNU Guix to powerpc64le-linux
<dftxbs3e>for it to run natively there
<dftxbs3e>installing guile-ssh fixed it
<dftxbs3e>might want to add this inside the README
<rekado_>dftxbs3e: AFAIK this is only needed when guile-ssh is available at configure time.
<dftxbs3e>rekado_: well I didnt have it and it threw an error
<dftxbs3e>or I had it for guile 2.0 but I was using guile 2.2
<dftxbs3e>anyways my distro doesnt provide it so I couldnt have it before I purposely installed it
<zaab>hi everyone
<zaab>Just installed guix first time!
<zaab>first problem: how do I get my system conf, so I have a file to base my next generation on?
<str1ngs>zaab: did you use the installer or manual?
<zaab>string[m]: I used the installer
<zaab>str1ngs: ahem. I used the installer.
<dftxbs3e>how can I install guix from source? like creating /gnu /var
<rekado_>dftxbs3e: all that is done when you run “make install”
<dftxbs3e>rekado_: didnt work
<rekado_>configure first, with “--prefix=/” and “--localstatedir=/var”
<dftxbs3e>hm I didnt do --prefix=/ but I did --localstatedir=/var
<dftxbs3e>I'll try again
<dftxbs3e>rekado_: "systemd[29781]: guix-daemon.service: Failed at step EXEC spawning /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon: No such file or directory"
<dftxbs3e>on the service
<rekado_>the service file is for use with the binary installation method. You’ll have to adjust the file name of the daemon if you do something else.
<dftxbs3e>rekado_: okay well it's make install that created the service file and put it in the right place, what can I do to start the daemon?
***len1 is now known as lenn
<lenn>Can I ask for some help?
<lenn>I am trying to import a package from nix. Not very successfully. I've been reading through guix packaging tutorials but I am not able to make the next step from a simple my-hello package definition to something more complex.
<rekado_>lenn: do you have some work in progress that you can share with us?
<rekado_>lenn: there’s a Nix importer, but I hear that it’s pretty broken, so I wouldn’t recommend trying to use it.
<rekado_>dftxbs3e: you can also just start the daemon with the service
<rekado_>*without* the service
<rekado_>just execute bin/guix-daemon manually
<lenn>rekado_: ty, so I downloaded nix package definition for dasht program (which I rally love) and tried guix import nix path/to/package.nix
<lenn>and I got: In execvp of nix-instantiate: No such file or directory
<rekado_>yes, the Nix importer needs a working installation of Nix. And it’s currently broken, so it’s probably not going to work.
<rekado_>perhaps it wouldn’t be too difficult to translate the package definition manually.
<rekado_>we could try this together. Can you share the Nix package definition?
<lenn>ah, ok I didn't catch that I need working nix ... I'll try to do it manually, then
<lenn> package def
<rekado_>oh, so it’s just a bunch of shell scripts.
<rekado_>no build system.
<rekado_>we can use the gnu-build-system and modify its build phases
<rekado_>first you’d write the easy stuff: (package (name "dasht") (version "…") …)
<lenn>Yeah, I am working on it
<rekado_>okay. Please share what you’ve got for the next steps.
<lenn>Ok, give me 5min :)
<rekado_>you can use as many 5min blocks as you need :)
<lenn>Hey rekado_: I got this far:
<lenn>I have 2 problems: 1. which modules I should use and 2. how to determine sha256sum of code
<kirisime>You get the checksum from downloading the source somewhere yourself, cd'ing into the directory and running guix hash
<lenn>kirisime: ty
<lenn>I have cloned the repo so this wont be the problem
<kirisime>guix hash -rx to be precise, r for recursive and x for exclude version control files so you can calculate hashes for different commits
<lenn>ok, I have that
<lenn>So if there would be a new commit on github hash would change and guix package would be no longer valid.
<kirisime>And yes the modules your dependencies are in go in use-modules
<lenn>How do I specify branch/commit in package definition
<kirisime>Add a commit to the git-reference
<kirisime>If your version string is the same as a release tag you can just call it (commit version)
<lenn>I am still a bit confused here. Probably it is better to take official relase commit then the latest commit, right? If so, should I set the code url origin to tar.gz file on release page?
<kirisime>No, you give the commit alongside the url for the git repository
<lenn>ok, still better to take official release than latest commit right?
<kirisime>As in, (git-reference (url "") (commit "v2.3.0"))
<kirisime>Or some such
<lenn>oh, that's nicer, I thought I should paste in commit hash ...
<kirisime>I'm not sure if it'll work that neatly, but the hash should work too
<kirisime>And (commit version) works for a package I wrote a while ago
<kirisime>Also, you'll need to checkout the same commit in the local repository you use to calculate the hash
<lenn>I am on it
<kirisime>'git checkout v2.3.0' followed by another 'guix hash -rx'
<lenn>I've updated the gist: anything still stands out as wrong?
<dftxbs3e>rekado_: hi, I'm getting this error now when running "guix build hello": "substitute: guix/ui.scm:1692:12: In procedure run-guix-command: substitute: Wrong type to apply: #<unknown-type (0x24f . 0x7fff7865ff98) @ 0x7fff78971678> guix build: error: substituter `substitute' died unexpectedly" -- any idea?
<kirisime>lenn: (gnu packages coreutils) doesn't seem to exist, huh
<kirisime>When you build something with the gnu-build-system, it takes care of bringing coreutils and probably grep and sed too so you don't need to add them to the dependencies yourself
<kirisime>Also, are you sure they need to be in propagated-inputs?
<lenn>not quite sure
<lenn>on the project page it says it only sqlite is dependancy and others are optinal
<lenn>but in nix pkg definition all are listed as deps
<dftxbs3e>rekado_: I ran guix-daemon with this: sudo guix-daemon --build-users-group=guixbuild --substitute-urls="https://ci.guix/"
<dftxbs3e>I added both pub keys with guix archive etc
<lenn>If I understand correctly propagated inputs are dependencies in runtime of an installed program
<kirisime>lenn: socat comes from (gnu packages networking) by the way
<lenn>I have a lot to learn
<kirisime>You can check by running guix package -s <package>' and checking the location: listing
<lenn>cool trick
<lenn>so, I do that for all the packages, right?
<lenn>gnugrep is probably just grep from base?
<kirisime>The rest of the use-modules seem fine, besides you probably not needing coreutils, grep or sed
<lenn>what about gawk?
<kirisime>Not entirely sure myself
<lenn>I'd guess it is probably awk on nix
<lenn>but I know nothing about nix
<lenn>I only used osx beside linux for a year and I remember there were gnugrep and gnu-other-things there as well ...
<dftxbs3e>rekado_: using --no-substitutes makes it work but now: Starting download of /gnu/store/hbdalsf5lpf01x4dcknwx6xbn6n5km6k-hello-2.10.tar.gzFrom Wrong type to apply: #<unknown-type (0x24f . 0x7fffe10bff98) @ 0x7fffe13d1678>
<lenn>Ok, I checked and package gawk exists so it might be ok to leave it in pkg def
<dftxbs3e>hmm I think it's due to my guile-gnutls installation
<lenn>I should probably add to define-moduele with #:use-module
<kirisime>Say, lenn, have you written much lisp before?
<kirisime>I was getting some invalid field specifier errors on this file and the parentheses are messed up
<lenn>Idk, I went through little schemer book and did some exercise on 4clojure
<lenn>and I've read a few chapters of realm of racket
<lenn>so the answer is probably still not much, since I've never really used it ...
<lenn>except for one short elisp code snippet to inset a list of paragraphs ...
<lenn>I've been trying to get into functional programming but currently I work/am stuck with php ...
<kirisime>Yeah, I recommend getting paredit and rainbow-delimeters for emacs so you don't have to count these things yourself
<lenn>I have those on spacemacs but maybe they were not enabled on scm file ...
<kirisime>From how much I've used guile with guix the error reporting is absolutely not worth trying to decipher so you might as well not make mistakes in the first place
<lenn>Yeah, I've started to work on this pkg definition in zile ...
<lenn>that's why I probably missed some brackets
<kirisime>Well, here's a version that at least downloads correctly:
<kirisime>If you run guix build -S -e '(load "./dasht.scm")' it drops the source in the store
<kirisime>Besides the parentheses, your hash wasn't a string and the call to git-filename was failing
<lenn>I've found a problem with brackets around source.
<dftxbs3e>rekado_: that was it
<lenn>Thank you kirisime
<kirisime>Looking at this thing itself it doesn't look like it actually needs any building
<kirisime>Maybe just copying the bin/ etc/ and man/ directories to the package output would be enough
<kirisime>And yes the things listed as dependencies do need to be in propagated-inputs
<lenn>so I tried to guix package -f dasht.scm and it failed
<lenn>but yeah, I've quickly inspected the code and looks like there are only bash scripts there.
<lenn>or shell scripts actually
<rekado_>lenn: let’s not use propagation but wrapping in PATH.
<rekado_>that’s also what the Nix package does.
<rekado_>now it’s time to provide arguments to the gnu-build-system to change the build flags.
<rekado_>erm, build *phases*
<lenn>Ok, I am on a bit of an unknown teritory so I hope I'll be able to follow along.
<rekado_>let’s add an (arguments …) field
<rekado_>the value will be `(#:phases (modify-phases %standard-phases (delete 'configure)))
<rekado_>the value for “arguments” is a list with keywords and their associated values.
<rekado_>with the above value we provide a new value for the build phases
<rekado_>we take the %standard-phases of the GNU build system and remove the “configure” phase.
<rekado_>Let’s also remove the “build” phase
<kirisime>I mean, you can pretty much delete most of the gnu-build-system since the setup for this thing is just adding the directories to your paths
<rekado_>after removing both the 'configure and 'build phases we should replace the 'install phase.
<rekado_>add this clause inside of the modify-phases expression: (replace 'install …)
<rekado_>every build phase is a procedure. We use unnamed procedures for the most part, i.e. “lambda”.
<rekado_>Build phases can take a bunch of keyword arguments and we can pick those that we need.
<rekado_>for the install phase we really need to know where the stuff will go.
<rekado_>that’s given to build phases with the “outputs” keyword argument.
<rekado_>so the procedure we use as the new value for the 'install phase will look like this:
<lenn>sry, should a backtick be before (#:phases ... ?
<rekado_>(lambda* (#:key outputs #:allow-other-keys) …)
<lenn>it does the same thing as quote but it can be escaped for some code eval, right?
<rekado_>the backtick is part of a beautiful Scheme feature set called quoting.
<rekado_>think of it as a toggle switch between “code mode” and “data mode”
<rekado_>This is data: '(hello world how are you)
<lenn>I learned sth from the packaging tutorial ...
<rekado_>it’s just a list of symbols
<rekado_>to toggle we start in data mode with the backtick: `(hello world how are you)
<rekado_>to switch to code mode we use the comma
<lenn>seems weird from a php perspective, though
<rekado_>`(hello world ,(symbol-append 'good 'bye) world)
<rekado_>this is equivalent to '(hello world goodbye world)
<rekado_>the unquoted part is evaluated and the result spliced in.
<rekado_>we use the backtick for the value of “arguments” because we don’t want to evaluate it *now* on the host.
<rekado_>instead we want to pass this chunk of code as data to the build side.
<quiliro> back: tick is like a data opennning, a comma is like a data opennings and a quote is data in a single string?
<rekado_>quiliro: not sure I follow, but it’s very much like format strings, except that it’s a proper data structure, not just string chunks that are glued together.
<rekado_>quoting can be nested and you get a proper data structure (such as a list or a tree) out of it, not a squashed string.
<rekado_>okay, back to the 'install phase
<rekado_>what do we need to do?
<rekado_>1) we need to wrap the shell scripts so that PATH is set, containing all the inputs (such as sqlite).
<rekado_>2) we need to create the target directory and copy the wrapped scripts
<quiliro>sorry for the bad grammar. what i meant is: back tick is like a data opennning, a comma is like a data closing and a simple quote is data in a single string?
<rekado_>quiliro: the idea is right; I just wouldn’t say that a comma is “closing” a data section; it’s rather “opening” a code section.
<quiliro>rekado_: thank you
<rekado_>lenn: the “outputs” value that is passed to the lambda is an association list.
<quiliro>is there a simple manual for this synthax? guile page?
<rekado_>we want to get the default output, which is called “out”.
<rekado_>we do this with this expression: (assoc-ref outputs "out")
<rekado_>i.e. get me the output identified by the label "out" in the association list “outputs”.
<rekado_>that’s going to be the target directory
<rekado_>it’s a long expression, so let’s bind it to a shorter name:
<rekado_>(lambda* (#:key outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out"))) …))
<rekado_>inside of the “let” we can refer to it as “out”.
<rekado_>let’s create a “bin” directory under “out”.
<rekado_>(let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin"))) …)
<rekado_>the “let*” is a variant of “let” where later definitions can refer to previous definitions.
<rekado_>okay, so we have two variables now: “out” and “bin”.
<rekado_>inside of the “let*” we can create that “bin” directory with “mkdir-p”
<rekado_>(mkdir-p bin)
<lenn>and we should put them in mkdri-p
<lenn>(I'm to slow...)
<rekado_>heh :)
<dftxbs3e>so another issue
<rekado_>perhaps we don’t even need that at all
<dftxbs3e>make-bootstrap.scm builds guile2.2
<dftxbs3e>bootstrap.scm expects guile2.0
<dftxbs3e>on core-updates
<rekado_>lenn: we could just use “install-file”, which creates directories for us
<rekado_>so just (install-file "my-script" bin)
<rekado_>I need to go now, but I’ll be back in an hour or so.
<lenn>Ok, ty.
<rekado_>Next thing to look at is “wrap-program”, which allows us to wrap the script in a new script that first sets environment variables.
<rekado_>gotta go
<dftxbs3e>seems like simply updating the version from 2.0 to 2.2 in paths works
***amiloradovsky1 is now known as amiloradovsky
<lenn>Where can I find reference for function such as install-file or wrap-program?
<quiliro>is there an easy tutorial to this synthax?
<quiliro>lenn: i would suppose the definition is in the source code of guix
<ashjkaell>Hi guix o/ !
<dftxbs3e>hi! : - ]
<ashjkaell>I'm trying to install guix SD atm; and I was wondering if anyone had run into the same problem as I'm having ?
<ashjkaell>The TUI installer works well, but fails on building the derivation of ...-profile.drv
<ashjkaell>(The installer output is something like: builder for `...-profile.drv` failed which leads to failure of the derivation of system.drv)
<ashjkaell>I looked into the derivation logs, but I can't really understand the error ! Here are the logs:
<quiliro>ashjkaell: congratulations for trying guix.
<ashjkaell>I also tried some things like running a `guix pull` before and running `guix system init` manually a second time; but same causes same effects ;-)
<dftxbs3e>never met that error
<dftxbs3e> -- unclear what could cause this
<ashjkaell>quiliro: I couldn't resist, honestly as long as I learn something, I'm /happy/ the system breaks :D
<quiliro>ashjkaell: when you have a problem, you can save the generated /mnt/etc/config.scm and use it latter. in the mean time you can start a new installation without the thing that gave the problem...even a base installation with nothing but the command line will be a good start
<quiliro>after the base system is installed, you can boot into the insatlled system and 'guix pull'....then you can 'sudo guix system reconfigure complete_config.scm'
<zaab>hey everyone. I still do not know how to find my system definition. I used the graphical installer (just installed guix!) and now I want to make a new system based on my current
<ashjkaell>quiliro: Hmm, that's a great idea, many thanks !
<quiliro>zaab: /etc/config.scm
<ashjkaell>dftxbs3e: My thanks for locating the error's source :-)
<dftxbs3e>does that ring any bell? ../../gcc-7.4.0/gcc/../include/libiberty.h:112:14: error: ambiguating new declaration of 'char* basename(const char*)'
<dftxbs3e>also, ../../gcc-7.4.0/gcc/system.h:540:20: error: conflicting declaration of C function 'const char* strsignal(int)' ../../gcc-7.4.0/gcc/system.h:488:14: error: conflicting declaration of C function 'void* sbrk(int)' ../../gcc-7.4.0/gcc/system.h:496:14: error: ambiguating new declaration of 'char* strstr(const char*, const char*)'
<dftxbs3e>compiling gcc-7.4.0 with gcc-7.4.0
<lenn>Ok rekado_ once you return, this is what I have so far:
<zaab>running `guix system reconfigure config.scm` I get
<ashjkaell>zaab: (caveat, i'm a massive noob, installing atm) As per you might need =sudo guix system reconfigure config.scm=
<Formbi>you have to run reconfigure as root
<zaab>thanks, trying
<rekado_>ashjkaell: the error means that “/gnu/store/8bdvn1xzacvbsm5w6k8bj5rvylrjz90n-eudev-3.2.7/share/man/man5” is a file and all the other instances of share/man/man5 are directories.
<rekado_>I don’t know why eudev would provide a file and not a directory.
<rekado_>doesn’t look like it’s your problem, but it does look like a bug.
<rekado_>lenn: the value for (replace 'install …) must be a lambda expression
<ashjkaell>rekado_: It's strange right ? I'm trying quiliro 's tip right now (install minimal system first, and reconfigure later); It seems to work well so far, at least I've a working (minimal) system :-0 !
<rekado_>lenn: so it should be (replace 'install (lambda* (#:key outputs #:allow-other-keys) …))
<rekado_>ashjkaell: yeah, that’s a good recommendation. If you get this again, though, it would be very good if you could send email to
<rekado_>lenn: the “install-file” call is incorrect. You’re telling it to install /gnu/store/…-dasht to /gnu/store/…-dasht/bin — not quite what you want, I suppose.
<rekado_>you want to copy whatever scripts there are to /gnu/store/…-dasht/bin
<ashjkaell>Success ! Many thanks for your help rekado_ quiliro and dftxbs3e :-) I've xfce's friendly rat in front of me.
<lenn>rekado_: something like (for-each (install-file (find-file out "*") bin)?
<ashjkaell>After the minimal system install, I did `guix pull` followed by the reconfigure; guix pull couldn't verify the ssl certificates because my system-clock was wrong somehow (maybe this was the root cause ?). After manually fixing the system-clock, and pull && reconfigure, everything went through nicely !
<rekado_>ashjkaell: FWIW, I can’t reproduce the problem with eudev providing a file where a directory was expected.
<lenn>(for-each (find-file out "*") (lambda (file) (install-file file))
***emyles`` is now known as emyles
<rekado_>lenn: close!
<rekado_>(for-each (lambda (file) (install-file file bin)) (find-file "." ".*"))
<rekado_>but I wouldn’t use .* but provide a list of files to copy
<rekado_>otherwise you could use “copy-recursively”
<rekado_>oh, it’s “find-files”
<rekado_>note that (find-files out …) wouldn’t do you much good because “out” is just an empty directory.
<rekado_>the build directory will be the current directory, so you can simply refer to “.”.
<lenn>is it: (for-each (lambda (file) (install-file file bin)) (find-files "./bin" "dasht*")) ?
<ashjkaell>rekado_: Hmm, I'll try to see if I can find a bug in something (or if some problems resurface !) :-)
<jonsger>dftxbs3e: nice work on the powerpc64le port :)
<dftxbs3e>jonsger: it's not done yet :| I think I'm stuck now
<dftxbs3e>gcc wont compile itself with weird errors
<jonsger>dftxbs3e: do you have a paste of them?
<rekado_>lenn: you need to use a real regular expression, not a globbing pattern.
<rekado_>I think it should be "dasht.*"
<rekado_>other than that it looks fine.
<rekado_>the next step is to wrap the scripts.
<rekado_>each of the things that end up in $out/bin should be wrapped in a script that first sets PATH, so that it includes sqlite and all these other tools.
<rekado_>we do this with “wrap-program”
<rekado_>if you’ve got the Guix code ready please open gnu/packages/bioinformatics.scm and go to the line starting with “(define pplacer-scripts”
<dftxbs3e>jonsger: Bdragon has been helping debugging this issue as well, they're new to GNU Guix so they're catching up on what GNU Guix does right now
<rekado_>inside of this definition there is an “arguments” field, which adds a phase “wrap-executables” after “install”.
<rekado_>we can use this as a template.
<lenn>I'll have to download the guix code first
<dftxbs3e>jonsger: here's my tree, latest commit contains all the changes
<dftxbs3e> this contains bootstrap tarballs and other binaries with git LFS
<dftxbs3e>I'm creating a Dockerfile to reproduce my current env
<lenn>rekado_ - I'm at the define pplacer-scripts line
<rekado_>lenn: go down to the “arguments” field and look for “(add-after 'install 'wrap-executables”
<rekado_>we’ll do something similar
<lenn>It seems complicated ...
<jonsger>dftxbs3e: oke, thanks for the update. I'll have a look on this the next days. Tomorrow I'll try to assemble my blackbird :)
<zaab>hm. Anyone know how I can make this brand new guix install work with wifi? when I open nmtui, I only see "Wired connection"
<rekado_>lenn: it does only a few simple things
<rekado_>you see the familiar “lambda*” line
<rekado_>there’s a let* just like yours
<rekado_>and then there’s a “let” that defines the variable “path” to be a long string.
<dftxbs3e>jonsger: oh you got a blackbird! :D Cool, thanks for the help.
<rekado_>ignore the “display” – we won’t need it.
<rekado_>the important part is “wrap-program”
<rekado_>it takes a file name and a list of clauses
<rekado_>here we see: `("PATH" ":" prefix (,path))
<rekado_>this means: wrap the program in a script that sets the PATH environment variable, connects the values with “:”, puts our new value for PATH before the value that PATH has at runtime (“prefix”) and then takes a list of values.
<rekado_>we can do something simpler for now
<rekado_>it’s going to be too much, but it will lead to results more quickly
<rekado_>`("PATH" ":" prefix (,(getenv "PATH")))
<rekado_>this means that we want PATH in the wrapper script to be whatever PATH is in the build environment
<rekado_>this will include stuff like GCC, which isn’t great, but at least we won’t have to build up the value by ourselves.
<rekado_>so! Here’s what we want: (wrap-program file `("PATH" ":" prefix (,(getenv "PATH"))))
<rekado_>and we want to apply this to every file in bin
<rekado_>we can add this in the for-each lambda
<lenn>What is confusing me is if we need the long string for path and then short ones for all inputs as well?
<rekado_>no, instead of building the “path” variable as in “pplacer-scripts” we just use (getenv "PATH")
<rekado_>(that’s the equivalent of running “echo $PATH” in a shell)
<lenn>so do we have to append specific path for each input/dependency?
<rekado_>eventually, we probably should. But for now (getenv "PATH") will be just fine.
<lenn>I see, so this is another expression before (install-file ...)?
<ashjkaell>zaab: From by understanding, if you use the linux-libre kernel (the kernel guix uses) only some wifi-cards are supported (for which there are fully libre drivers). It
<lenn>I've updated the code on gist with updated lambda function
<zaab>ashjkaell: It what?
<lenn>I'll put the long path out ...
<ashjkaell>zaab: Sorry :-) It might be possible to install the binary-blobs required to get your wifi-card to work
<rekado_>lenn: I just noticed that it would be better to do the wrapping after installing each script.
<rekado_>so instead of “(wrap-program file …)” you’d use (wrap-program (string-append bin "/" (basename file)) …)
<rekado_>also, install-file takes two arguments: the file to install and the target directory
<lenn>*(install-file file bin)
<rekado_>zaab: does the wifi card work with free software or does it require binary blobs?
<ashjkaell>zaab: You might want to try something like `lspci` and looking for the name of your network card. Maybe `lspci | grep Network`
<rekado_>zaab: you might find some info about the card on
<zaab>`lspci` gives
<zaab>ashjkaell: that was with the -k flag. Look at the bottom. to me it looks like I have the kernel module?
<rekado_>lenn: do the install-file before wrap-program
<rekado_>and then I think we can try building the thing already
<zaab>rekado_: what an awesome site! according to, my card is not supported :( any suggestions to how I can solve this?
<rekado_>zaab: you could use a USB wifi stick.
<rekado_>zaab: there’s no way to support an unsupportable wifi card with just free software.
<zaab>rekado_: so I need to change it. Can I in the mean time switch kernel?
<rekado_>on the Guix project channels (i.e. IRC, mailing lists, etc) we do not assist with the installation of non free software.
<zaab>that is good policy. thanks :)
<zaab>(you've been very helpful)
<rekado_>it’s possible, of course, to use a different kernel and there might be usable definitions out there
<lenn>build failed ...
<rekado_>hope you can get it fixed!
<rekado_>lenn: how?
<lenn>exit code 1
<rekado_>a bit more
<lenn>should I extract bz2 log file?
<rekado_>when you do “guix build -f” you can see the log right there.
<zaab>rekado_: you are not going to believe this. I am on wireless
<lenn> lambda: bad lambda in form (lambda (let* ((out (assoc-ref outputs "out")) (bin (string-append out "/bin"))) (for-each (lambda (file) (install-file file bin) (wrap-program (string-append bin "/" (basename file)) (quasiquote ("PATH" ":" prefix ((unquote (getenv "PATH"))))))) (find-files "./bin" "dasht.*"))))
<zaab>I whined out loud and a guy next to me handed a usb wireless card :D
<zaab>how do I get a list of all packages I installed with `guix package -i`?
<Formbi>guix package --list-installed
***lispmacs is now known as Guest69101
<lenn>well idk ... What is the right path to copy man files to?
<rekado_>lenn: the lambda is wrong
<rekado_>(lambda* (#:key outputs #:allow-other-keys) …)
<rekado_>if you’ve got a directory you just want to copy use “(copy-recursively source target)”
<lenn>rekado_ what is the difference between lambda and lambda*?
<divansan`>I have this in network-manager-service-type. (vpn-plugins '("network-manager-openconnect")) . Yet I'm getting the error "In procedure struct_vtable: Wrong type argument in position 1 (expecting struct):"
<lenn>oh, I see
<lenn>I didn't even give param to lambda
<lenn>rekado_ I got here: starting phase `build'
<lenn>make: *** No targets specified and no makefile found. Stop.y
<lenn>so I should probably remove 'build step as well
<lenn>and another thing that I don't know is which man path to choose (probably ~/.guix-profile/share/man)?
<rekado_>lenn: correct
<rekado_>no, we don’t use .guix-profile in package definitions
<rekado_>just (string-append out "/share/man/")
<rekado_>gotta go again, but I’m sure others here can help you push this package definition to completion
<rekado_>good luck!
<lenn>rekado_ thank you for the knowledge shared.
<lenn>So, I've been spamming this board for the whole day with trying to manually define the dasht package
<lenn>In case anyone else would be willing to check here is guix package definition:
<lenn>and here is the nix pkg def for reference
<lenn>I am also wondering wether this guix package definition needs some uninstall procedure as well?
<dftxbs3e>no it doesnt need that
<dftxbs3e>it gets installed within its own isolated folder, all GNU Guix does to remove it is remove that folder, which is an universal way of uninstalling
<lenn>what about manpages?
<dftxbs3e>that, I don't know
<dftxbs3e>lenn: I suggest you read other GNU Guix packages to find out about these details
<lenn>Currently I have a build error in copy-file procedure
<lenn>(Is a directory) error
<dftxbs3e>I guess that has to do with either some recursive mode or another procedure for copying folders
<dftxbs3e>like cp utility
<dftxbs3e>I don't know Scheme enough to advise
<lenn>Yeah, I've changed it to :
<lenn>(mkdir-p (string-append out "share/man/man1"))
<lenn> (copy-recursively "./man/man1" (string-append out "share/man"))
<lenn>but it did not copy ...
<lenn>and another thing that is missing is that dasht is not my execute path - or should it be after installing the package and not after building it?
<verbasidor>hi there
<verbasidor>i want to ask if guix is a reproducible build distro
<verbasidor>if not , is on the road map? or not going to happen?
<verbasidor>since its new , then having the best security practice is the best choice
<erudition>Guix is creme of the crop of reproducible build distros
<erudition>If any distro could be called that, it's this one
<erudition>Reproducibility is in the mission statement
<verbasidor>yes thats how it operates , but by itself is it?
<verbasidor>like guix as a whole is a reproducible build
<dftxbs3e>GNU Guix as a whole aims to be reproducible, it is essential to the concept of "substitutes", which is required for avoiding re-compiling big packages from source on all users
<dftxbs3e>there is some bits that arent, as always, but fixing them is always ongoing
<erudition>I'm not sure what standard of reproducibility you have, I'm just saying that no other distro will have a higher standard than guix right now
<erudition>They even have a whole section of the blog for it
<dftxbs3e>to illustrate, GNU Guix plans to host binaries on ipfs, which means you can get rid of centralized CI infrastructure
<dftxbs3e>and users share artifacts between themselves safely
<erudition>Oh really? I would think it'd be in the best interests to use torrent for now and the SAFE network long term
<dftxbs3e>GNU Guix replicates exact build environment every time because the steps required for that must be written in GNU Guix packages
<dftxbs3e>what's wrong with ipfs
<dftxbs3e>erudition: ?
<dftxbs3e> < details about IPFS
<dftxbs3e>"Developers of IPFS offered a session on package distribution over IPFS. IPFS implements peer-to-peer unencrypted data storage; there are privacy and censorship-resistance issues that it leaves unaddressed, but its efficiency and convenience are appealing for the distribution of package binaries. An IPFS package landed in Guix right in time for the summit, which allowed us to play with it. Together with fellow Nix hackers, we sketched
<dftxbs3e> an incremental path towards IPFS integration in Guix and Nix. We hope to be able to deliver a first implementation of that in Guix soon—stay tuned!"
<verbasidor>i see , thanks all for clarification
<erudition>Nothing fundamentally! But it's basically a subset of the functionality of maidsafe, though not compatible in any way, and if we're going to move towards a decentralized internet and computing resources (ipfs only does storage) then fragmentation is meh
<erudition>Plus maidsafe guys are from the free software movement like guix, both were even at LibrePlanet the same year
<dftxbs3e>SAFE builds upon libp2p which ipfs uses
<dftxbs3e>it's not all that fragmented
<dftxbs3e>I am skeptical about their PARSEC consensus algorithm
<erudition>At the moment, of course it's not fragmented. But by the time it is, it will be, ya know?
<erudition>Actually your quote about the lack of encryption and privacy points out some of the problems safe solves
<dftxbs3e>SAFE doesnt solve that
<erudition>That's the whole point of it lol
<erudition>Privacy, censorship resistance, decentralized resources
<dftxbs3e>You can't censor ipfs files either once they had lots of accesses, but you can censor the protocol
<dftxbs3e>ipfs doesnt have pay-to-host
<erudition>Anyway I agree that for packages that stuff isn't needed so ipfs is still an improvement
<dftxbs3e>ipfs is host-on-access
<dftxbs3e>on SAFE you can pay for people to host files they're not interested in
<erudition>Yeah, safe has more options
<dftxbs3e>but it's just as much censorable IMO
<erudition>Why, because you can block the protocol entirely? That's not really censorship
<dftxbs3e>unless SAFE is the industry standard and everything uses it so much you can't just do that, yes it is
<erudition>And when you have more resting on it than just some storage, but instead the whole web some day, then blocking it would be less feasible
<dftxbs3e>in countries that perform censorship, growth of new technologies are controlled
<erudition>No. For a protocol to be resistant to censorship means individual things on the network can't be censored. Blocking the whole network isn't censorship any more than shutting off the power grid is censorship of the internet
<dftxbs3e>DoS then
<erudition>It is true that countries that perform censorship and countries that control new technologies go hand in hand, but that's a far cry from it being the definition
<erudition>China censors the web, it does not block it
<verbasidor>if find ipfs protocol sorta similar to freenet
<dftxbs3e>China blocks stuff it doesnt like
<erudition>Whereas a country that simply has no web access is not "censoring" it lol
<dftxbs3e>if it doesnt like ipfs, it will block it entirely
<erudition>Right. Same with tor
<erudition>That doesn't make tor less censorship-resistant
<dftxbs3e>Tor is very censorship resistant
<dftxbs3e>it has pluggable transports
<dftxbs3e>it can't be censored at the protocol level
<erudition>Any protocol can be made that way
<verbasidor>Tor design is not based on p2p distributed network , but yes it mitigates some sort of country censorship
<verbasidor>compromising entry and exit node = you are doomed
<erudition>Right, tor relies on centralize routers
<erudition>Safe is a step up from that
<verbasidor>wide scale attack on Tor is not very much successor on getting off from it
<dftxbs3e>Tor relies on 9 authorities distributed evenly across the world
<verbasidor>but i like I2P
<verbasidor>more than Tor
<verbasidor>Safe? is it the same as ipfs or different?
<dftxbs3e>I2P is flawed because distributed consensus has yet to be achieved in practice to achieve without PoW
<erudition>verbasidor It's ipfs but for everything, not just storage
<dftxbs3e>You can launch a sybil attack on I2P without anyone being able to do anything
<dftxbs3e>on Tor, The Tor Project uses on of the 9 authorities it controls to ban misbehaving nodes and serves as an entity whose only mission is to protect Tor and its official network
<dftxbs3e>ipfs or SAFE is as flawed as I2P in that regard
<dftxbs3e>the reason Tor relies on 9 authorities is because in practice, consensus without PoW is inexistant
<erudition>No, because tor predates all that
<dftxbs3e>I am skeptical about PARSEC but we'll find out when their implementation actually implements byzantine fault tolerance
<dftxbs3e>Tor predates what?
<erudition>You implied that if the no-PoW was possible then tor would be using it
<dftxbs3e>Yes, it would, however Tor runs a working network that can't run "tests"
<dftxbs3e>But the reason Tor doesnt use it is because sybil attacks are inherent to distributed systems
<verbasidor>dftxbs3e not really as you mentioned it check here
<dftxbs3e>and even with the best consensus algorithm, a state actor will create 99% of nodes if they want to
<dftxbs3e>and there's nothing users can do
<dftxbs3e>The Tor Project rules over the Tor network in good faith because it's not possible to do otherwise technically
<verbasidor>dftxbs3e yes but Tor not real decentralization solution
<erudition>You know for a fact that tor would have been designed around that model when it was created, if that wasn't true?
<dftxbs3e>Giving up on authorities with Tor is about simply removing that rank from the code
<erudition>Otherwise you're just retrospecting. Tor very well could look the same as it does today
<dftxbs3e>verbasidor: decentralization is not possible safely
<dftxbs3e>Tor aims to protect privacy
<verbasidor>erudition ipfs shifting connection with its data to the user hardware? (like freenode)
<dftxbs3e>"If successful, this could be an effective DOS attack on the entire network."
<dftxbs3e>& also allows de-anonymization, just like on Tor
<erudition>verbasidor huh?
<dftxbs3e>"Tor's response can be much more nimble in the relay case, as the suspicious relays can be manually removed from the consensus. " -- Yes, via authorities
<dftxbs3e>"This attack becomes more difficult as the network size grows." -- though not for a state actor
<dftxbs3e>Currently, even for a state actor, it's difficult to attack Tor
<dftxbs3e>though it depends on the independence of The Tor Project and them not being corrupt
<verbasidor>yes but this is centralized model
<dftxbs3e>them being mostly anarchists, it's unlikely to attract corrupted individuals, but still possible
<dftxbs3e>verbasidor: yes because decentralized is not possible to achieve advertised goals
<verbasidor>i dont see how I2P sybil attack can be achieved as well , because its very hard and so as I2P can block suspicious nodes (which they did)
<dftxbs3e>I2P cannot block suspicious nodes because it's decentralized
<dftxbs3e>Sybils don't need to be suspicious
<erudition>verbasidor: regarding SAFE "The SAFE (Secure Access For Everyone) Network is made up of the unused hard drive space, processing power and data connection of its users. It offers a level of security and privacy not currently available on the existing Internet and turns the tables on companies, putting users in control of their data, rather than trusting it to organisations."
<verbasidor>but you forgot that each user is a node by himself , meaning updating I2P from mainstream can block x.x.x.x IPs
<dftxbs3e>The metric that The Tor Project uses for blocking sybils is: global active network analysis (which you can't do with a decentralized network that doesnt have a centralized directory of nodes)
<dftxbs3e>verbasidor: then that's not decentralized
<dftxbs3e>what about if I2P has 20 implementations?
<dftxbs3e>erudition: between what they say, and what actually exists/can exist/has been studied, there's a difference
<verbasidor>but you are the node then you can disable or enable the preferences because you are in control (unlike Tor)
<dftxbs3e>verbasidor: you can also do that with Tor
<dftxbs3e>but you don't know if nodes are sybils or not
<verbasidor>you are not the Node in Tor network
<dftxbs3e>you can decide to distrust authorities in Tor
<verbasidor>you are just connecting to an outside single node
<dftxbs3e>.. that's configuration, your choice
<dftxbs3e>same thing for I2P
<dftxbs3e>you can configure Tor to never use some set of relays or bridges or exit nodes, or use exclusively a set of relays, bridges or exit nodes
<verbasidor>where you can block an IP of particular Node in Tor? (through Tor ofcourse not firewall or so)
<dftxbs3e>you can also choose to not listen to authorities setting the "Bad" relay flag
<erudition>dftxbs3e: yeah I know a few bits of the implementation are still untested white paper-phase stuff. That's why I'd go with ipfs today
<dftxbs3e>I'm pretty sure I can flood IPFS's DHT and take the network down today, which hasnt happened but is a risk
<verbasidor>erudition yeah like i said almost similar to freenet project , check how it works.
<kmicu>Guix guix guix guix guix ヽ(*^▽^)/
<erudition>verbasidor No you didn't say freenet, you said freenode
<erudition>That's why I was confused lol
<erudition>coi kmicu
<verbasidor>lol ops just checked sorry mistyped
<dftxbs3e>verbasidor: I'm seeking for the specific switch in torrc, will send you once found
<verbasidor>sure tyt
<dftxbs3e>verbasidor: ExcludeNodes
<dftxbs3e>also ExcludeExitNodes
<dftxbs3e>allows you to ban nodes by fingerprint
<verbasidor>i know you can block connection from a specific region like #US , but specific IP thats i didnt hear of (though recommended against from Tor project)
<dftxbs3e>"A list of identity fingerprints, country codes, and address patterns of nodes to avoid when building a circuit. Country codes are 2-letter ISO3166 codes, and must be wrapped in braces; fingerprints may be preceded by a dollar sign. (Example: ExcludeNodes ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, {cc},"
<dftxbs3e>allows fingerprints, country, address..
<dftxbs3e>also, "By default, this option is treated as a preference that Tor is allowed to override in order to keep working. For example, if you try to connect to a hidden service, but you have excluded all of the hidden service’s introduction points, Tor will connect to one of them anyway. If you do not want this behavior, set the StrictNodes option (documented below)."
<dftxbs3e>so enable StrictNodes
<verbasidor>yes just remembered with fingerprint of the Node. Though i remember as well it will deprecated and its already not testing nor from Tor intention design
<dftxbs3e>also there's MiddleNodes and EntryNodes
<quiliro>how can I know which packages are installed on the system apart from the packages that are installed on a user
<dftxbs3e>quiliro: ls -l /gnu/store
*kmicu performs a Guix Dance in hope to bring Guix Rain on this channel.
<dftxbs3e>verbasidor: and to explain why it's generally not useful to ban nodes because the less nodes there is to choose from, the higher the probability is that your circuit is composed of only misbehaving nodes, though, if a node is known malicious, it's good to block it, but not based on other metrics
<verbasidor>"We recommend you do not use these — they are intended for testing and may disappear in future versions." that what Tor project saying about exclude feature
<dftxbs3e>for "MiddleNodes"
<kmicu>quiliro: for example guix can show references of system (or any) profile.
<verbasidor>dftxbs3e thats true
<dftxbs3e>MiddleNodes isnt relevant
<dftxbs3e>it can even be the NSA, it doesnt damage your anonymity
<verbasidor>entry and exit are the issues
<kmicu>quiliro: in the same way as we can ask about a user profile guix graph -t references `readlink -f ~/.guix-profile`
<dftxbs3e>for best anonymity, only access onion services
<dftxbs3e>there's no exit for them
<verbasidor>yes correct same as with I2P only .i2p. Though on both networks not many hidden services/eepsites around
<verbasidor>at least for major projects or websites
<verbasidor>gnu , guix , fsf , havanah ... should have hidden services entries
<dftxbs3e>every website behind Cloudflare has one now : - )
<kmicu>quiliro: it’s also possible to get a list of packages but I’m not aware of any existing Guile code to do that.
<verbasidor>Cloudflare and hidden services absolute suck
<dftxbs3e>it allows Tor users to access websites without captchas because Cloudflare cuts individual misbehaving circuits to prevent spam, the cost of creating a circuit being quite high, it's acceptable
<verbasidor>hidden service behind cloudflare it wont be hidden anymore
<quiliro>i could use a /gnu/store list...but guix graph will make an image or a list as well?
<verbasidor>Tor network has network balance feature
<verbasidor>no need cloudflare or any other US cdn
<dftxbs3e>I wasnt saying Cloudflare was good at all, it was sarcasm that now a good chunk of the Internet had an onion service without even knowing it
<verbasidor>ah yeah lol sadly not best encryption used (only through TLS) , Not anonymous for users when they connect to cloudflare
<verbasidor>but yeah i got your idea that cloudflare hide the server real IP , but just if its following the US laws. Any court order = IP revealed (and happened)
<kmicu>quiliro: list too, but it’s a list of store paths and not package names.
<verbasidor>will guix gonna have Onion Repositories ? like debian
<dftxbs3e>verbasidor: Tor's encryption is worse than TLS, for a while, and only until very recently, it had only RS1024
<verbasidor>yeah it was
<dftxbs3e>and Cloudflare actually offers onion services (don't know if you know)
<verbasidor>yeah wit DNS
<erudition>dftxbs3e : reading the PARSEC white paper, it looks like the byzantine fault tolerance (with <30% bad network) has been mathematically proven
<verbasidor>just no thanks to them , most users cool with Tor hidden services design
<dftxbs3e>erudition: 30% of bad nodes is unfortunately easy to achieve in most cases, even with big networks, also, I'm not fond of the mathematical proof so I'll try to attack it once their implementation works and I'll be convinced
<verbasidor>dftxbs3e read this
<quiliro>kmicu: gruix graph gives an image
<erudition>Haha I would do the opposite dftxbs3e, failed attacks prove nothing but math does
<erudition>Given the eventual scale of safe, assuming it's the new Internet, then yeah, 30% is pretty dang hard
<erudition>Every phone, iot device, whatever will be a node as well
<dftxbs3e>verbasidor: it's written like the next conspiracy theory, cloudflare is no worse when BGP allows hijacking any IP and DNS is centrally controlled by ICANN
<dftxbs3e>Cloudflare is no worse than the Internet infrastructure under it
<erudition>Haha yup
<dftxbs3e>erudition: but what the cost of creating a node is? 0
<erudition>Really? Last I checked it was not free
<dftxbs3e>if it's not free: PoW
<dftxbs3e>PARSEC is more like distributed consensus
<dftxbs3e>it bases off other nodes to make decisions
<dftxbs3e>erudition: issue with math is that not many understand fully : |
<dftxbs3e>unless an implementation exists, it's hard for an outsider to understand the math
<verbasidor>dftxbs3e yes not worse , but when you have a hidden service Cloudflare is MITM for sure.
<dftxbs3e>verbasidor: yes it is, because Cloudflare is the provider
<dftxbs3e>Cloudflare doesnt have to be MITM
<dftxbs3e>Some banks refuse to allow Cloudflare TLS middle man
<dftxbs3e>Cloudflare can also provide some degree of DoS protection without snooping on TLS but just TCP
<dftxbs3e>if TLS is end-to-end, it's fine
<verbasidor>they refuse to give protection to your website unless you handle the certificate keys or use their own
<dftxbs3e>no, you can pay them to not do that
<dftxbs3e>it's their free plan that only does this
<verbasidor>yeah pay them ...
<dftxbs3e>yes obviously?
<dftxbs3e>their infrastructure is not free to run..
<verbasidor>why would i got US based CDN , better check else where
<dftxbs3e>because Cloudflare has the best network for that matter :P\
<dftxbs3e>you don't have to trust your CDN
<verbasidor>lol , maybe but we should practice ourselves just because its the best to do the job doesnt mean its not evil
<lenn>Ok, thanks again for help ...
<dftxbs3e>lenn: "and another thing that is missing is that dasht is not my execute path - or should it be after installing the package and not after building it?" -- you need to install
<verbasidor>Intel , Microsoft , Apple ...etc great company they can give best practice but they are evil as hell
<lenn>I figured it out
<lenn>and manpages as well
<dftxbs3e>verbasidor: You don't have to trust Cloudflare, in contrast to Intel, Microsoft or Apple
<lenn>so if anybody else wants it, there is link to gist code snippet that should work
<dftxbs3e> ?
<lenn>yes, that's it
<lenn>I actually wanted to make a package for ddev but I said I'll try sth simpler first, idk
<lenn>so that's left for next week
<lenn>I hope I'll be able to create guile docsets by then :)
<verbasidor>dftxbs3e isnt cloudflare is a piece of code gonna be implemented into my server how come i dont trust them?
<dftxbs3e>verbasidor: do you trust all the routers of Internet? no, so what Cloudflare is more than an additional router?
<dftxbs3e>don't give them your TLS keys obviously
<verbasidor>but do trust routing your traffic through US?
<dftxbs3e>verbasidor: there's is a 100% chance your traffic goes through US controlled routers
<dftxbs3e>ICANN is controlled by US
<dftxbs3e>BGP has peers in the US (remember a single peer can hijack ANY ip)
<verbasidor>i prefer to have dedicated server in iceland with eepsite/hidden service rather than US.
<verbasidor>or even not hidden
<verbasidor>if cloudflare not happened to be in the eyes countries things would have changed
<dftxbs3e>verbasidor: even if your server is, your visitors arent
<dftxbs3e>US can hijack your iceland's server IP and get all your visitor's traffic
<dftxbs3e>BGP Hijacking
<dftxbs3e>any ISP can do this
<verbasidor>i think you very well the NSA and US court shit process, cloudflare must take any requested action no other choice (whether its fair or not)
<verbasidor>ISP capabilities compared to cloudflare is no comparison
<dftxbs3e>it doesnt matter, you need to distrust the Internet's infrastructure because anyways it can be hijacked
<dftxbs3e>BGP Hijacking power is even more powerful than Cloudflare
<verbasidor>Hijacking related to how much secure you are, not how much your country fucked to sell your data
<verbasidor>or doing operations against their citizens
<dftxbs3e>hijacking allows you to deliberately steal data in any way you want
<verbasidor>yes stealing not going to happen by breathing in the air, it needs security breakage.
<dftxbs3e>BGP Hijacking <<
<dftxbs3e>flawed by design
<dftxbs3e>any ISP can redirect all of Google's traffic to their own datacenter today
<dftxbs3e>all of the world's traffic
<zaab>hey anyone know why IceCat cant render emojis and numbers?
<dftxbs3e>most users click yes to big red security warnings + getting google's domain on a rogue CA isnt that hard for a state actor
<dftxbs3e>zaab: I'm guessing it needs non-free fonts
<verbasidor>true , but thats user stupidity.
<kirisime>Rumor has it Cloudflare is a tool built to monitor online crime, which is why the lowest tier is free and why they've historically turned a blind eye to everything questionable or outright illegal
<verbasidor>they were Tor enemies , and Tor wrote blog about them
<verbasidor>after that they used the magic and poof WE LOVE Tor
<zaab>dftxbs3e: what? I cant even read wikipedia
<kirisime>If it looks like a safe haven these types of sites are going to flock to it, and then Cloudflare can just do the mitm and now every visitor is bugged
<dftxbs3e>zaab: what numbers are you talking about?
<kirisime>Though, nothing I'd really looked into
<dftxbs3e>in Europe, Cloudflare is more of a blocker to law enforcement than an help
<dftxbs3e>from my sources, they are stuck with very long procedures to obtain backend IP, some times they don't get it at all.
<verbasidor>not in US
<zaab>dftxbs3e: I mean numbers in normal pieces of text like this: 2 is greater than 1
<dftxbs3e>zaab: then I'm sorry I don't know, if there's anything more than stock to your configuration then that issue must be known.., not by me though
<dftxbs3e>if there isnt*
<zaab>dftxbs3e: I have a hard time searching for guix issues.
<dftxbs3e>zaab: mailing list?
<zaab>Not much, if anything, pops up
<tune>what's the difference between inputs and native-inputs when making a guix package?
<dftxbs3e>zaab: GNU Guix doesnt have a wide user base so I'm expecting not as many trails of user issues online : )
<dftxbs3e>Everything should be either in their debbugs or mailing list
<kirisime>dftxbs3e: I'm still reflexively googling 'guix error this and that' and only ever get stuff like the Spanish translation of some unrelated info page
<zaab>dftxbs3e: It is actually really hard to read that site, because of the messed of font rendering
<quiliro>i was asking before how to know which packages are installed on the system, so i could remove the ones i installed on the user
<quiliro>is there any way to make a diff?
<dftxbs3e>quiliro: I don't think you can remove packages of the system by removing packages as a user
<quiliro>pacakages that are on the system are not needed to be installed on the user profile
<quiliro>i want to remove user packages
<dftxbs3e>uhm, I think they do need to
<dftxbs3e>GNU Guix doesnt work that way
<quiliro>for example, i have discovered that the system has ffmpeg
<dftxbs3e>users don't inherit packages
<quiliro>but i installed it as user because i thought they were not installed
<dftxbs3e>installing doesnt duplicate data
<dftxbs3e>it just adds a symlink and adds to profile
<quiliro>but that would mean to have two versions of packages
<dftxbs3e>quiliro: yes that's how GNU Guix works
*rekado_ is back
<dftxbs3e>ffmpeg shouldnt need to be a different version for user or root
<quiliro>not if i have two different versions
<rekado_>I think the merits of different distributed storage implementations are not quite on topic for this channel.
<rekado_>I guess we’d accept patches for distributing substitutes over any of these implementations.
<quiliro>that is correct but i do not have ffmpeg installed as root
<quiliro>just as system
<quiliro>for example, i do not need ffmepeg instaled on the user
<quiliro>because the system already has it
<kirisime>quiliro: I would just leave ffmpeg in your user profile if you need it, because it... Means you need it
<quiliro>i installed ffmpeg because i thought i needed it, not because i did in fact need it
<quiliro>so i have installed a bunch of things that might not be needed
<quiliro>i want to check which ones are already installed on the system that are installed on the user...that info will serve me to guix remove those packages
<quiliro>one example is ffmpeg but i do not know which others
<dftxbs3e>due to reproducibility challenges, GNU Guix has the tendency to have several versions of the same package installed, it is normal
<quiliro>dftxbs3e: that is not my case
<quiliro>at least, that is not what i am talking about
<kirisime>If it's a matter of saving disk space, just set all the users to the same version of guix and they'll use the same items in the store
<quiliro>i know guix has multiple versions of packages even on the same user
<quiliro>but that is not the question now
<kirisime>If not, then all you have is a symlink to the same thing in two different places
<quiliro>i do not want to guix upgrade packages that are already installed
<quiliro>even if that means just making the symlink
<dftxbs3e>users don't inherit packages
<dftxbs3e>if you want to remove everything
<dftxbs3e>do it
<dftxbs3e>it wont disturb other profiles
<quiliro>how can i use ls for example if users do not inherit packages from the system installation
<quiliro>i have not installed ls on my user
<quiliro>coreutils that is
<quiliro>but it is available
<quiliro>as available as ffmpeg
<kirisime>Check $PATH, it comes from /run/current-system/wherever
<quiliro>kirisime: i do not understand
<kirisime>which ls -> /run/current-system/profile/bin/ls
<dftxbs3e>quiliro: if you want to uninstall everything from your user: take the list from ` guix package --list-installed`, it will not touch system profile
<dftxbs3e>you **must** do this as your user
<dftxbs3e>with your profile
<Kolya>Is there anyway to install with LUKS2?
<kirisime>But listen, if you yourself need to use ffmpeg you have it in your own profile and don't depend on the system providing it
<dftxbs3e>kirisime: I'm guessing they don't care about this because they fully own their machine
<dftxbs3e>I'm guessing they want simplified updates management by always installing things within "system" profile
<quiliro>dftxbs3e: i know the user cannot touch the system profile
<quiliro>i just want to remove everything on the user profile that is not already on the system profile
<dftxbs3e>quiliro: get the list from: `guix package --list-installed`
<kirisime>dftxbs3e: Actually, does just running guix pull as root update any system-wide packages if you don't also reconfigure the system?
<rekado_>sneek: later tell lenn This is a great first package! I’ve posted a comment on your gist with a new version.
<sneek>Will do.
<quiliro>dftxbs3e: that is the user list, i want a list of the system's packages which are on the user's list
<dftxbs3e>quiliro: system packages arent on the user list
<kirisime>quiliro: run it as root and compare the lists
<quiliro>dftxbs3e: no...running 'guix pull' does not update the system profile...only sudo 'guix system reconfigure' does
<quiliro>kirisime: the root profile does not have the system profile package list
<kirisime>Oh, right
<dftxbs3e>guix package --list-installed -p system
<dftxbs3e>for me, guix package --list-installed does NOT show system packages
<dftxbs3e>only manually installed packages
<dftxbs3e>for user
<jort>Installing guix keeps failing for me, worked yesterday. Tried 1.0.0, 1.0.1, on two machines, different options. I get slight variations of this: or a TLS handshake error
<jort>It seems like some specific package is causing it - is there a way to see logs from the installer?
<excalamus>Hello, Guix!
<dftxbs3e>jort: what do you see when you connect to from the same network as the machine you're trying to install on?
<Kolya>Is there anyway to install with LUKS2?
<jort>one sec
<dftxbs3e>Kolya: if nobody answers, most likely it means nobody knows unless doing research which you should be doing instead
<katco>hey guix! i'm working on a package which has the issue of unpatched shebangs in ``. it appears there are various methodologies for handling this in existing packages. do we have a favorite?
<dftxbs3e>jort: as for the logs, I don't remember exactly but I think there is. You could try [CTRL]-ALT-F<NUMBER> to spawn a separate shell and look around
<dftxbs3e>as advised by other people before, you should try installing with minimum configuration through the installer, and modify later on your configuration and reconfiguring the system, that way, you have more room for rollback / debugging
<quiliro>guix-system-profile shows the current system profile on emacs-guix
<quiliro>there it is possible to list that system generation's installed packages
<jort>dftxbs3e, I hav eno problems connecting to
<dftxbs3e>jort: do you see Cuirass?
<quiliro>tha was my suggustion! to install a base install rekado suggested that to me about 1 year ago when i had problems
<jort>dftxbs3e, I don't know what that is?
<dftxbs3e>jort: the CI platform
<dftxbs3e>I meant connecting with a web browser
<quiliro>jort: check C-A-F12
<jort>oh, I just grabbed the page with wget (I'm installing on a clean machine). The index.html does look right, but I'll get a browser going and see what's there
<dftxbs3e>if the index.html looks right then..
<quiliro>jort: that will give you the messages
<dftxbs3e>do what they said
<jort>quiliro, thanks
<quiliro>jort: also run dmesg
<quiliro>you can do 'dmesg | less' in order to be able to search with '/'
<quiliro>or just move around with the arrow keys
<quiliro>that will give you the system log
<quiliro>but there are other logs in /var/log/
<jort>... and now it works apparently. The difference was I configure dhcp manually, and did a "guix install wget". When it's done I'll try to see if I can reproduce
<jort>I've tried at least 10 times with similar failures, and the moment I know where to see a log it works :D
<quiliro>jort: it would be nice to have a report on bugs-guix mailing list if you can reproduce the error
<dftxbs3e>jort: temporary networking issues I guess
<jort>quiliro, if I can reproduce it I'll send one.
<quiliro>jort: maybe even the usb was not well recorded or the usb port is not good
<jort>quiliro, I'm installing in a virtualbox vm (on a windows host)
<quiliro>if you can paste the error, it will be easier
<jort>there were variations on that, and once or twice it was a TLS handshake error
<jort>dftxbs3e, the weird part was that it did several "updating substitutes from ''... 100.0%" before failing.
<kirisime>What's the simplest way of getting a package's store path to use in a configure option of another package?
<quiliro>network error i says "header"...but i am not sure
<jort>quiliro, note that I had to type out that paste, so there could be typos.
<quiliro>wowo...used to de that too!
<quiliro>kirisime: you are making a guix package? is that why you need that?
<jort>yea I didn't really know how to get a file out from the vm with only the installer booted
<quiliro>you are using define if you are making a guix package
<quiliro>jort: guix install wgetpaste
<quiliro>i think
<bandali>hi guix, is there a recommended way for doing machine-specific user manifests?
<kirisime>quiliro: Yeah, this thing depends on imagemagick but the configure script doesn't find it
<jort>quiliro, awesome thanks
<quiliro>jort: that is exactly the command to install it...i do not know how to use it though :-D
<bandali>i keep my manifests in ~/.config/guix/manifest/, and would like to break them down like into $(hostname).scm files, within which i’d like to include some common lists of packages like emacs.scm, tex.scm, etc
<jort>quiliro, google can take me the rest of the way :)
<bandali>i wondering if anyone else does this, and if so, if they’d be willing to share their config, since my guile/guix foo isn’t strong :)
<bandali>*was wondering
<dftxbs3e>I'd rather see people use "search engine" than referencing a trademark
<quiliro>jort: choose ...respects your privacy (theoretically)
*quiliro agrees with dftxbs3e
<kirisime>Works in guix env though if I give the store path to the configure script
<quiliro>tested yacy, searchx, duckduckgo
<quiliro>kirisime: when you find out, please tell sneek to tell me how you did it
<jort>dftxbs3e, quiliro some habbits are hard to shake.
<quiliro>jort: it is worth it when you think that activists are being persecuted becuase of surveillance...when we all use privacy, it is safer for activists
<kirisime>I mean, I could always push it through the (derivation-output-path (cdr (assoc "out" (derivation-outputs (package-derivation (open-connection) imagemagick))))) but...
<quiliro>some are even jaled because of example, my friend ola bini
<quiliro>he spent 70 days in jail
<quiliro>ola bini is the developer of enigmail and otr
<quiliro>kirisime: would you please handhold me on that command?
<jort>quiliro, I wholeheartedly agree. I'm politically active myself and know (well, know that I can't really know...) the extent of government surveillance - and I have no illusions that corporations will protect my privacy (especially since it's such a valuable commodity). Even so, knowing and acting on that knowledge unfortunately aren't the same thing :/
<quiliro>from inside to the outside:
<quiliro>jort: i agree...needs more motivation then
<quiliro>kirisime: (package-derivation (open connection) imagemagik)
<quiliro>kirisime: what does that do?
<kirisime>I guess it builds the package derivation
<kirisime>But honestly
<kirisime>I'm not sure
<quiliro>kirisime: good enough, thank you
<kirisime>My wireguard-enabled kernel works just fine though
<jort>quiliro, well - I'm not just looking at guix because the package manager sounds cool, I've got some windows installs I want to ditch.