<ruffni>where should the installing package look for math.h? in %output/lib? <civodul>i've just read janneke's latest Hurd developments and it was like a breath of fresh air <butterypancake>If I had to go out and buy a wifi card for my laptop (since my current one is an intel one), what card should I buy? It's nvme like slot, not the mini-pcie like slot <butterypancake>Ok, so I think the slot is called NGFF. Any suggestions for a half height NGFF wifi card? ryf.fsf.org doesn't have any suggestions <butterypancake>what wifi drivers are included in the base install? And are any prefered over others? Ex ath5k vs rtl8723be <butterypancake>I think I found some cards which will work from h-node.org but I'd like to make sure the drivers are builtin along with being free <reepca>butterypancake: the only ones I've found listed in the manual are ath9k and b43-open <ryanprior>When you use invoke in guile, how do you redirect or silence the stdout? I want to invoke a command just to see if it fails, don't care about stdout, only stderr. <drakonis>is it competitive with other hardware though? <drakonis>seems super weird to use up a m2 slot for wifi <OriansJ>butterypancake: I believe the phrase is freedom isn't free <ryanprior>Oh maybe it does, in which case it's not ideal <butterypancake>There's a but load of $15 CAD intel cards on amazon... I just want a cheap atheros card... <ryanprior>Study shows: "[on a failure] raise a '&message' error condition that includes the status code and the output of PROGRAM." so yeah invoke/quiet is exactly the shit I want <jonsger>drakonis: no. Better (ac or even ax) Intel wifi cards are sub 20$ <jonsger>butterypancake: look at ebay for atheros qca9565 there are cheaper options <ruffni>where are library inputs like libtiff at compile time? (string-append %output "/lib") ? <jonsger>user_oreloznog: they are not really cheaper then thinkpenguin <butterypancake>well, thanks guys! I'll be back when the wifi card comes and try to install guix! <ryanprior>ruffni: I think you have to do `(assoc-ref inputs "libtiff")` and then maybe append "/include" <ryanprior>or "/lib" if you want the library bin, I'm not sure, but that's my hunch <ruffni>like so: (string-append (assoc-ref inputs "libtiff") "/include") ? <ryanprior>So far it works fine, but I want to test whether using the system deps for those things could work. Any idea how I should go about modifying my package to use guix? Anybody dealt with something like this before? <ryanprior>I'm not sure whether those vendored deps have patches applied to them, I've asked upstream for guidance. But I'd like to mess with it. :) <ruffni>ryanprior: input seems undefined. are you sure this is the way to refer to the inputs of the package definition? <ryanprior>Guix will pass inputs as a keyword argument to your function I think <ryanprior>See how that package grabs inputs as an argument, then goes to find the bin and libs <enderby>when i run the ExecStart command i specified it runs fine <ryanprior>I do not know anything about running services installed from Guix using systemd, but I'd like to learn <reepca>does guile have anything like common lisp's prog1 by default? Where, for example, I could run (prog1 (open some-file) (do-something-else)) and have it still return the result of open? <ryanprior>Can you link to what your current setup looks like? Maybe in a GitLab snippet or something? <pkill9>going into guix environments is a lot snappier now that manual-database.drv is marked unsubstitutable :) <ryanprior>Anybody know why `guix package` and `guix build` take an -f argument but `guix environment` wants a -l argument for the same thing? <ryanprior>environment doesn't use -f for anything, could we make that do what -l does (and maybe deprecate -l in environment since it's used for list-generations in package and thus kinda overloaded?) <ryanprior>I guess maybe these are thoughts I should send to guix-devel <butterypancake>hello! So I'm trying to install guix but the installer is being quite buggy. Is there a can generate a disk image from the latest source? At least one of my problems seems to have been solved already but not in 1.1.0 <butterypancake>is the guix package managment and the guix system distribution found in the same git repository? <ecbrown>guix system disk-image --file-system-type=iso9660 gnu/system/install.scm <mroh>butterypancake: in a checked out tree you can `guix system disk-image --file-system-type=iso9660 gnu/system/install.scm` to build an installer iso, see manual 3.9 <ecbrown>that command is in the manual: it will generate an iso you can burn <butterypancake>just found the manual page. I guess I didn't have enough attention span to read the entire table of contents :P Thanks for helping my stupid ADHD monkey brain do things <pkill9>butterypancake: yes they are both in the same git repository <butterypancake>the guix system disk image is not easy to make on arch linux at all. It's got way to many dependencies <ecbrown>i love that i can just ad-hoc konsole. i just want f*cking konsole. <butterypancake>welp, I didn't actually get all the dependencies. Apparently the configure script doesn't check for guile-ssh ***wxie1 is now known as wxie
<reepca>according to the manual guile-ssh is supposed to be an optional dependency :-/ <butterypancake>I'm tempted to try to write a patch myself but idk how autoconf and those fancy build systems work... <butterypancake>when guix compiles all the scheme modules, it does the ssh one. I suppose it's supposed to do a check before compiling that one <butterypancake>oh damn. I thought I was done but if you do `sudo make install` right after `make` then it has to recompile all the scheme modules <butterypancake>does guix have a bug tracker? I don't want to post a duplicate bug <butterypancake>oh sweet. Does that mean I can somehow browse it using the emacs debbugs package? <ecbrown>C-u M-x debbugs, then guix for the package <butterypancake>just wondering, does RMS run guixsd? I heard he really like guile <ecbrown>rms runs trisquel, another fine distro <drakonis>trisquel is debian but with less packages <butterypancake>fair enough. from my 2 hours with not getting guix to work and having trisquel just work, I can sorta see why. <butterypancake>not shitting on you guys, just saying you're proably a little less stable <bandali>drakonis, more precisely, trisquel is an ubuntu derivative, which itself is a debian derivative <bandali>and it's kind of disingenuous perhaps to list/consider package count as the only different between trisquel and ubuntu/debian <bandali>i mean i think ideally i'd want it to be a direct debian derivative, but i've come to accept and love it for what it is :-) <drakonis>trisquel already updates once every 2 years doesnt it? <bandali>i'd say that's pretty major and important around gnu and gnu projects ;-) <drakonis>seems kinda weird to not just track debian already <bandali>re updates, yeah its slow release has been a bit slow <bandali>but i think they've been working to improve that <drakonis>i see ubuntu derivatives track ubuntu lts and think "man why not just track debian instead, seems like the sane option" <bandali>i think for trisquel that's a historical thing, and apparently ubuntu has been easier to get up and running / more friendlier than debian perhaps, and i think those are at least part of the reasons why trisquel was based on ubuntu initially <ryanprior>I, on the other hand, see people grouse about ubuntu or trisquel for not being debian and think "debian is right there if you want it." <alextee[m]>did someone change the manual pages database building thing? seems to be faster now <raghavgururajan>sneek, later tell nckx: I have missed your replies to #40603, as I am not subscribed to mail-list. I just saw your replies, when I revisited the bug thread via web. I have now replied to thread. :-) <alextee[m]>it tells me it's gonna downgrade if i install gtk+@2 <ryanprior>alextee: I think you could install them in different profiles, or have packages that want different versions in the same profile <ryanprior>I don't think there's any such thing as two versions of the same package in a single profile, though. Guix creates a link to what "gtk+" means in the current context, and it has to point to some particular version. <ryanprior>alextee: so if you're in a position where you ultimately do really need to have gtk2 and gtk3 in the same profile at the same time, I believe you could create a new package (called eg gtk+-2) that just packages one of them, install that package, and then install the other version normally. <ryanprior>But then, supposing some of their output files have exactly the same name? In that case I'm not sure how you'd resolve that within a single profile. <ryanprior>So your solution might be to use two profiles. That sounds tricky, somebody else please correct me if I'm overthinking this! <alextee[m]>i just want to use it in an environmenta ctually <alextee[m]>i think just adding the 2 as dependencies to the package works <raghavgururajan>alextee[m] Yeah, adding as deps works. Because the variable names are different (gtk+ and gtk+-2). <pkill9>for the first time ever, sway randomly crashed <pkill9>does anyone know if it's possible to change sway's title border? <pkill9>(or i3's, since they use the same config system) <Guixguy>Hey all, is there a way to force guix system disk-image use more cores or more memory? At about 30 mins into a build, it pins 1 core and stays there. <raghavgururajan>Guixguy You could try specifying all the cores, by passing an argument `--cores=N` to `guix system disk-image`. <Guixguy>I could try that. I assumed that it would use all of them by default but perhaps that isn't the case. <guix-vits>raghav-gururajan: that disroot interface for e-mail looks good. <u0_a83>Why doesn't guixsd provide xinit support? <guix-vits>`guix search xinit` prints version 1.4.1 available. <devtexa>;I simply looked through all the Guix documentation and source code, but I could n’t find a way to use xinit correctly. <guix-vits>devtexa: "create ~/.xinitrc with something like `exec COMMAND` inside, use startx" isn't working? <guix-vits>probably the package xinit should be installed, also. <devtexa>My xinitrc can ensure that there is no problem, I also installed xinit. <devtexa>Use xinit or startx on guixsd, it will prompt that X cannot be found <devtexa>And even if I specified X manually, it would still have various permissions or driver problems. <guix-vits>devtexa: maybe you try sway? It's an Wayland WM, starts from (when works) tty with simple `sway`. Not a solution, but it's best i can think of. Someone of developers should know. <peanutbutterandc>I was looking at the binaries in my $GUIX_PROFILE/bin (I am on a foreign distro), and all of them seem to be owned by root (obviously, because guix-daemon); however, they run as my user... <peanutbutterandc>On the same vein, I have a guix-installed binary (`newuidmap` from the package `shadow`) that I need to setuid (because it is being denied access to proc directory). Given the clear warning in the guix reference manual to not touch the STORE manually, how - and should - one go about setuid-ing a guix-installed binary? <devtexa>guix (as a client) connect guix-daemon (server) <reepca>peanutbutterandc: are ye on guix system or a foreign distro? <peanutbutterandc>I guess I'm just really confused how the binaries in the store that are owned by root are accessible to unprivileged users without any clear setuid or something going on... and what does that mean, security-wise... <reepca>stuff in the store is always world-readable, writable-by-nobody, non-setuid, non-setgid. The only variable part is the executable bit. <reepca>on guix system we get around this by having a system service that sets up setuid binaries outside of the store <reepca>... which, come to think of it, would be a great way to figure out how exactly to do that <peanutbutterandc>so... how does emacs, that is in /gnu/store, that is owned by root, and has no setuid, runs from a 1000 uid user's profile? I am really curious <reepca>setuid ON means "set (effective) user id to owner of program", setuid OFF means "keep whatever privileges the executing process currently has" <reepca>so setuid OFF works the same in /gnu/store as it does in /usr/bin - both are root-owned, but won't change any permissions in the process that executes them. <peanutbutterandc>Now, guix reference manual clearly says that nobody should manually touch the STORE... but I would like to setuid this binary.... should I do it, or would that be a super stupid thing to do? <reepca>you may be interested in ACTIVATE-SETUID-PROGRAMS on line 229 of ~/.config/guix/current/share/guile/site/3.0/gnu/build/activation.scm <reepca>modifying it in the store would be a bad thing to do, aye <reepca>it looks like what we do is basically just copy the executables out of the store and chmod the result <peanutbutterandc>*sigh* :( I am afraid I am not yet that knowledgeable to do ACTIVATE-SETUID-PROGRAMS thing but I'll try to look around... <reepca>chmod affects the underlying file, so if what you mean is create a hard-link into the store and then chmod that, that won't work <peanutbutterandc>reepca, That means I would have to manually copy the binary over everytime there is an upgrade? Is there a better idea? <peanutbutterandc>reepca, okay.... o this (activate-setuid-programs) thing... I suppose it is for guixSD systems and not for foreign distros... or is it? <reepca>there's probably a reason we don't do it this way, but you could create what is essentially a setuid-symlink (but not actually). It would just be a shell script that executes ~/.guix-profile/sbin/<your-program>, and you would then make that setuid. <peanutbutterandc>And, is the package definition defining programs to be setuid? I haven't yet run into any setuid programs (it seems) so far in my guix usage as a 'foreigner' <reepca>actually, I can see a major flaw with doing it that way: if a malicious user temporarily gains control of your account, they could replace ~/.guix-profile with whatever they wanted, and the script would execute it with root privileges <peanutbutterandc>reepca, Ummhmm... wikipedia article on setuid says that setuid bit only works on binaries... <peanutbutterandc>well, perhaps just a good old fashioned `cp binary ~/.local/bin; sudo su; chmod ...` would have to do for me :[ <reepca>package builds may produce setuid binaries, but the permission bits are always canonicalized before it's copied into the store and has its permissions changed (it's actually kind of tricky to do safely because of race conditions) <reepca>err, s/its permissions changed/its owner changed/ <peanutbutterandc>I just checked by $GUIX_PROFILE/sbin and none of them are setuid. So I suppose at the end of it all, setuid is lost? o.O <peanutbutterandc>Makes sense. The more I delve into guix, and per-user isolated everything, the more I find myself wishing HURD was complete. I've heard HURD is like super well crafted and there's per-user-everything there <peanutbutterandc>Also, reagarding 'sandboxing' which seems to be all the rage these days and flatpak's main selling lines: does guix also do sandboxing? It does seem to me that guix is superior over all universsal package managers, but I haven't yet understood if it does 'sandboxing' <reepca>it could be said that we do "sandboxing" of builds currently, but AFAIK no sandboxing by default of programs run by the user. <reepca>there's guix environment -C, which could be considered a type of sandboxing <peanutbutterandc>Ahh.... I've been told `guix pack` can basically replace flatpak (for the most part) <reepca>it can produce self-contained bundles, but doesn't do anything to restrict the privileges of those bundles or what they can do. <reepca>which is what I assume you meant by sandboxing <peanutbutterandc>reepca, Yes, I understand. hence "(for the most part)". :) Once we have the sandboxing thing down, we can probably rule the galaxy *rekado_ manually frees up space on ci.guix.gnu.org again <peanutbutterandc>Another question: I have a problem showing up in guix on one machine, whereas the problem does not manifest itself in another one (both foreign distros). Am I to consider the problem specific to the computer and the host-configs (which I am not sure should be relevant) or should I report them and/or talk about them here with the devs to figure things out? Would the difference count as a build-reproducibility issue? <peanutbutterandc>One of the three problems I am trying to deal with at the moment is font issues on my Elementary OS machine. Devanagari fonts are not showing, despite font-lohit being installed, and the issue only manifests itself in generations post generation 59 (before an upgrade). I did another upgrade too, but to no avail. <peanutbutterandc>Did that too, after I installed fontconfig from guix, but didn't work: so I `--rollback`-ed <pinoaffe>peanutbutterandc: fonts are quite finnicky in guix, so I'd say just report it <peanutbutterandc>pinoaffe, But the isssue just manifested itself. And it hasn't been that way. I have used guix as a package manager on foreign distros on 6 machines so far and all of them have worked all right, except this... and it's only in the generationss prior to the upgrade. *sigh* <peanutbutterandc>X protocol error: BadMatch (invalid paramter attributes) on protocol request 139 <peanutbutterandc>I have no idea how is that even possible. I've even used guix time-machine --commit=guix-describe-commit-from-another-machine-where-emacs-works -- install emacs; but that didn't do it either <peanutbutterandc>which makes me think that there must be something in my system: I suspect my own home directory, why that issue is manifesting itself. hmm... I should probably create a test user to test the theory out. If the isssue manifests itself for the other user too, it means a system issue and not a home-dir one. <Kimapr[m]>Hmmm, weird. typing `ifconfig` doesn't show my wifi interface but `ip a` does <srk>ifconfig -a ? ifconfig is deprecated for some time <Kimapr[m]>okay so now i know that my wifi interface is named "wlp10s0". nice <srk>predictable interfaces names, can be turned off by "net.ifnames=0" kernel param <Kimapr[m]>now i'm having a dependency hell. i'm trying to install network-manager-applet but it complains about conflicting entries for libselinux <Kimapr[m]>hints me to either update both `network-manager-applet` and `glib` or remove one of them <Kimapr[m]>i tried to remove `glib` from profile but it can't find it in profile <Kimapr[m]>even though `guix package -I | grep glib` finds it <rekado_>Kimapr[m]: I suggest just upgrading all packages in your profile <bricewge>Kimapr: Could you be more specific? It looks like your wifi interface show up at least. *bricewge forgot how to use ifconfig... <ecbrown>ifconfig up wlp10s0 && dhclient -v wlp10s0 <ecbrown>Kimapr[m]: it is also possible that your wifi device is "recognized" but doesn't work <ecbrown>not uncommon when putting free os on devices purchased with a proprietary os in mind <ecbrown>Kimapr[m]: does it work on another free os, e.g. trisquel? <Kimapr[m]>idk, didn't try that, but it doesn't work right away <Kimapr[m]>maybe running the script from that h-node page would make it work on trisquel <Kimapr[m]>ah, the page says that its tested with 5.5.0 version of linux-libre <ecbrown>i would work in very simple steps, first make sure the wifi works with distro with considerable heft behind it. <bricewge>Kimapr: You wrote a package for the driver of your wifi card, If I remember correctly. Is it loaded in memory; ie does lsmod report it? <peanutbutterandc>so... regarding my issue that I was testing earlier (fonts not working, emacs not working); I tested on the same machine with a new user and used a manifest file (to check all the issues) and the only issue that manifested again was the emacs gtk issue <peanutbutterandc>Now, I've been poking around with rootless docker today. And I did manage to set it up manually using the shell script they provide; but in trying to set it up using guix, I have run into a few confusions.... <peanutbutterandc>is there any reason why guix does not package dockerd-rootless.sh and friends that they provide from the website? <thomassgn>I just started, though, so I'll see if I figure it out on my own, but if anyone has that knowledge readily available I'd be quite happy :) <peanutbutterandc>thomassgn, Hey there, I am not an expert (just learning, and very much a n00b) but you might find something helpful in the "origin Reference" section of the guix manual. `info guix "origin reference"`, if you have info reader. There you'll find 'patches' and 'snippet' which might be, I think, what you might be looking for. (Sorry I don't know much nix, and am very much n00b in guix) <thomassgn>peanutbutterandc: Cool, I'll check it out. :) <thomassgn>peanutbutterandc: is there a reason you need docker rootless? <thomassgn>I'm just superficially familiar with docker, but in guix I don't know if you'd need rootless. Well unless you user is missing permissions to create/start services. <thomassgn>If you're on guix system there's a docker-service <TZander>docker is a bit of a security problem. Anyone able to start a docker can become root on that machine. <TZander>So my guess with the 'rootless' is that it works around this issue. <peanutbutterandc>TZander, I suppose so... but at the moment I'm just playing around with it and I just really want it to be rootless: per user docker installation <peanutbutterandc>thomassgn, Well, we should not forget that guix is a package manager, first and foremost. Haha :D <TZander>Docker derives its value from generic functionality which you can find in many apps and it also is useful because there are so many pre-build images. <peanutbutterandc>TZander, it's excruciating right now. I've been on it for the entire day today. Did manage to get it running with docker-supplied script, yes. But now I want to do it using guix and the docker-supplied wrapper around dockerd (dockerd-rootless.sh) which <TZander>If you don't want to just run a specific image, you might want to play with the containers feature build into guix. <peanutbutterandc>....is when I came to the realization that at least 3 binaries that they installed (with the installer script) come from an undisclosed source. <TZander>Here is an example of the container concept in guix (which is what docker basically is doing too); <TZander>guix environment --container --share=/tmp/.X11-unix/ --share=HOME/.Xauthority --ad-hoc feh coreutils -- env DISPLAY="DISPLAY" feh my-image.jpg <peanutbutterandc>TZander, I have a docker image I'd like to run... I know that guix can export something akin to docker image for packages (or sth, I don't remember exactly); but I don't suppose I can go the other way around <peanutbutterandc>TZander, Oh wow... that seems.... neat.... that my-image is from the current directory, I presume? <TZander>the big advantage with guix is that the software comes from the guix repository. You don't have to trust a random huge download of essentially a whole stack. <peanutbutterandc>TZander, so, I suppose I could do something like `guix environment --container --ad-hoc bash -- super-shady-looking-script.sh` too. Interesting. Or, rather a binary, instead of a script. <TZander>yes, the example I gave is in the mindset of qubes, isolate the data (or app) being processed into its own container. <peanutbutterandc>I have a containerized version of a website that I like to spin the container for (for chords and stuff). How could I go about setting up something similar with guix only? <peanutbutterandc>I am aware that I could just `wget` and then `python -m http.server` but I really like containers. :D <TZander>create a dir with your content, run nginx in a container and map the dir to your container. You likely need a nice config to make nginx run on a port > 1024 <TZander>(and map that config into your container too) <peanutbutterandc>also, is there another container thingy (besides docker) that you'd recommend for rootless containerization? <peanutbutterandc>that seems like an entire virtualization thing...rather than containerization...... I wonder if someone knows how to get rootless docker working with guix on a foreign distro <peanutbutterandc>there is an --experimental and a --rootless flag in the dockerd supplied by guix; but that doesn't seem to be enough, and there isn't any documentation regard6ing how to get it working <peanutbutterandc>Pl6e6a6s6e excuse me my k6eyboa6rd6 is ma6lfunctioning. need to s6witch computers <devtexa>I used guix enviroment --container to create an environment to test and compile my project, but it is missing /usr/bin/env, how should this be solved? <ecbrown>devtexa: you can add a special-files-service-type <ecbrown>(wait, not sure that works in your context) <devtexa>I don't have GuixSD, I am Guix running on AlpineLinux <peanutbutterandc>ecbrown, Aww :( Do you have any ideas why dockerd-rootless.sh isn't available on guix? <ecbrown>peanutbutterandc: i though that was "experimental" <peanutbutterandc>the 3 binaries being: 'rootlesskit' 'rootlesskit-docker-proxy' and 'vpnkit' <TZander>I think you are asking about docker things in the wrong place <TZander>you will likely get more answers in a more on-topic channel <peanutbutterandc>TZander, I am also consulting #docker but I hope to package it up using guix (or at least maybe get the contributors interested in doing so)... <ecbrown>so the first step is to track down the source <ecbrown>if there's no source, pretty sure it's a non-starter <jojoz[m]>Are guix environment containers secure? Like, is security an explicit goal, or are guix containers only really expected to be used with trusted code? <devtexa>When will Guix add multi-thread download? <devtexa>I found that it was n’t that my internet connection was slow, but that my single connection was too slow. <tom_>Does anyone know how to increase the font size of the Linux terminal? <tom_>Brilliant thanks devtexa <apteryx>phew; our degraded raid array experience on Guix System is suboptimal :-) <apteryx>1st problem: bootloader can only be installed on one drive (that's a very low hanging fruit, I believe) <apteryx>2nd problem: no way to pass the degraded flag (our initrd doesn't honor rootflags) <NieDzejkob>jojoz[m]: When I asked, I got the answer "they're as secure as any other Linux container, i. e. not" <TZander>devtexa: +1 on fixing downloading. I'd like to see downloading from a single host should not disconnect and reconnect every time.. (creating a second or two between files from the ci host) <apteryx>3rd problem: At least when using Guix System on a Btrfs RAID1 array atop LUKS, GRUB behavior is to query for the LUKS of every drive in the array, even if the drive went missing, and prevents further booting of the machine. <apteryx>There might be a 4th problem, I'm not sure: perhaps the mapped-devices (handled by the initrd I guess block booting when one of them fails -- I coudn't really test that given the other issues. *apteryx will try tackling those issues over the coming weeks (months?) <TZander>apteryx: If not already, I suggest ou use the guix issue tracker for that <jojoz[m]>NieDzejkob: Haha ok. I don't expect perfect� security or I'd be talking to a professional and using encrypted CPU enclaves or whatever. I just figured I'd ask in case there's some obvious flaw in security that's not intended to be fixed due to it not being a goal. <tom_>devtexa, I've installed font-terminal but setfont isn't find ter-v12n etc, do you know what I need to do for setfont to find it? <devtexa>I rarely use setfont now because I configure the console from config.scm <tom_>devtexa, you set the font through the config? Is that the console-setup package? I can't find it's documentation <tom_>I'm on a mobile which isn't helping <devtexa>Wait, where do you refer to the terminal, terminal emulator? <devtexa>Or the one based on framebuffer on Linux? <jojoz[m]>NieDzejkob: Looks interesting, very fine-tuneable. And I guess Guix doesn't do the syscall fuzzing? Do you know if it's much better otherwise? Using Guix would be much more familiar and convenient for me. <tom_>Yeah the root Linux terminal, the framebuffer I suppose <tom_>Yeah I'm sure that has the answer somewhere, would be good to change the font before I read it though. <NieDzejkob>jojoz[m]: Hmm, I've seen nsjail being used to organize a CTF, which is basically when we let random security-minded people from the internet execute arbitrary code on purpose, and it hasn't failed us yet. No idea how secure a Guix container is. <devtexa>find /gnu/store -name 'ter-v18n.psf.gz' <NieDzejkob>There's the possibility of a DoS and of leaching the resources of the server to do some cryptomining <NieDzejkob>with regards to resource utilization, nsjail has knobs available, you'd probably have to use a separate tool otherwise <tom_>Brilliant thanks again devtexa <NieDzejkob>I don't know whether stopping a guix container will reliably kill the entire process tree <jojoz[m]>NieDzejkob: Re. risks, I'm not sure. I don't know what I don't know, I suppose. At the very least I want to close off network access so people won't install botnets on my server. <jojoz[m]>Resource utilization limitation is a good point. I would want that. <NieDzejkob>maybe you could ask the Rust Playground team about their experience? <jojoz[m]>Aye, I suppose that would the obvious starting point ***leomd__ is now known as leomd
<thomassgn>slightly related to resource use; a year back I tried setting up cgroups here, I don't remember the details now. But has anyone got cgroups or something along those lines working? I know they are in guix, at least as part of elogind, but havent found much. <bricewge>TZander: I'll give it a try. I just got commit rights yesterday so bear with me. <bricewge>Thanks folks, I hope I'l be able to help to help effectively Guix! <devtexa>How do you solve the problem of SSL certificate in guix environment --container? <devtexa>I tried adding the nss-certs package, but it does not work <pkill9>i assume they need to be in /etc/ssl, but the guix container doesn't let you modify / <devtexa>Wget works fine after I created a soft link <butterypancake>ok. I cannot for the life of me bootstrap the bootable image on my arch linux machine. And the current 1.1.0 installer is too buggy for me to use. Should I try the 1.0.1 installer or is it possible for someone to upload a 1.1.1 for me? <mothacehe>butterypancake: do you happen to have a guix checkouted somewhere? <butterypancake>So I installed guix onto my arch linux machine from source (because the aur guix package is broken). But when it trys to build certain packages like ghostscript and a few others, it throws errors. When I go through the logs, it's an error at the make level. So It calls make, and I guess I don't have the proper make or something like that. You know dependency hell. This prevents me from being able to generate an ISO <butterypancake>sorry for the late response. I'm techniqually working right now :P <butterypancake>I guess another take away here is someone should look at the guix AUR package. <dutchie>it should be able to find the right make when you are building guix packages <butterypancake>so when I run guix pull, it's using guix packages to compile? not system packages? <ecbrown>butterypancake: want to make sure your guixbuild01...09 have permission to use qemu <ecbrown>sudo usermod -aG kvm guixbuilder01, etc. etc. <butterypancake>ok I did that. Do I have to restart the daemon? Also should that be part of the manual? Because I set up the guixbuilder users according to the manual <ecbrown>you can, but i think guixbuilder user will effectively "re-login in" <ecbrown>i wouldn't mess with the daemon becaus ei don't thin its related. but it wont hurt <butterypancake>Well I'm in the middle of building stuff. It usually fails on the same packages but seems to chose what packages to build at random. So I'll let it do it's thing <peanutbutterandc>Has anybody had any issues with 'Calibre' not being able to use xdg-open immediately after `guix gc`? <peanutbutterandc>For context, I'm on a foreign distro, and this has happened to me a number of times and now I am certain that it only takes a call to `guix gc` for the issue to manifest <peanutbutterandc>The error: Launch failed (/gnu/store/jsqihy7z3bsbiixchk19dsnaj6bh9h2b-xdg-utils-1.1.3/bin/xdg-open file:///.... <janneke>"<mbakke> janneke: commit 541122957c68a15f8657775e62448b1cfafd7cb8 forgot" <janneke>mbakke: oops, wrt the native-inputs: of course -- sorry! <thomassgn>I don't understand what I'm doing wrong here: during install phase, parafrased I get: entering directory '/tmp/guix-build-wkhtmltopdf-.../src/lib' mkdir: cannot create dir '/include': permission denied... I'll post the package asap <janneke>mbakke: hmm, i assumed that "all" my cross-build work would be OK for core-updates...so i need to rethink that <janneke>oh my...guix-build-linux-libre-5.4.35.drv-20 and we're alerady up to 36 now <janneke>thomassgn: wouldn't it be something like: (string-append "INSTALL_ROOT)" out) <janneke>oops, i'm copying an example with a strange parenthesis substitution...but you get the point <thomassgn>let's see. That makes sense, I have to admit I'm not quite where I should be for programming. :) <janneke>i'm guessing that INSTALL_ROOT equals what we call DESTDIR <thomassgn>mm, would make sense. The substitution was copied from the nix package. And nix leaves out a lot of context I think. <janneke>thomassgn: there are a few more examples in gnu/packages/*.scm -- although i wonder if this wouldn't/shouldn't be handled centrally <alextee[m]>i see, it takes a "demos" option. i'll send a patch to enable it. that's pretty useful for development <alextee[m]>aaah i see it's enabled by default an di need gtk+:bin <janneke>just like the gnu build system doesn't need overrides/patching when it's used properly by a package <janneke>i would hope that the same would go for this qt build system <janneke>...but it could be that the package is doing something special <thomassgn>mm. this package is somewhat strange. They have a separate repo for distribution and production builds and it says to build in docker or other container because it used to require a patched qt, it seems no more, but the build is still strange. <thomassgn>I might just give up on it again. it's a shame cause the program used to be really good at it's purpose... :( *civodul sends more wip-openpgp news <thomassgn>Thanks anyway janneke :) Always good to gain some insight :) <pinoaffe>I want my laptop to automatically keep an open ssh connection to a server (for port forwarding and the like), and to retry when connections are lost / internet access is regained - I think the guix way (tm) to do this would be to write a service, am I right in that regard, and is there code/services in guix that I could build upon? <pinoaffe>ecbrown: not yet, seems like that's pretty much what I'm looking for <ecbrown>pinoaffe: it works well for this. guix install autossh is the guix way (tm) ;-) <pinoaffe>ecbrown: yep, or to write an autossh service wrapper for autossh <joshuaBPMan>hey guix, I probably know the answer to this...is zoom free software? <butterypancake>what should I do when guix complains about a sha256 hash mismatch with a downloaded package? can I force a redownload? <butterypancake>ok, every time I run guix pull, then icu4c-64_2-src.tgz has a different hash. And it never matches the proper one. <pkill9>dunno about their client, but i assume not <ecbrown>butterypancake: sounds like a bad pacakge definition <ecbrown>can you compare it with what's in the guix source? <ecbrown>well, you may want to file a bug report. but inside of package definitions (guile code) there is embedded the source file (the .tar.gz) name and the sha <butterypancake>aight. I decided to remove the file and pray. I was wrong to do that. Now it says: <butterypancake>guix pull: error: opening file `/gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv': No such file or directory <ecbrown>you went into the store and started whacking stuff? <butterypancake>I mean guix didn't seem like it was doing a good job managing the store. I'm probably doing stupid stuff but honestly guix isn't treating me nicely either <mbakke>janneke: re: cross patches, if a patch can be applied on 'master' it should, to reduce merge conflicts <pinoaffe>joshuaBPMan: their client is not free software and not even open source <ecbrown>butterypancake: i don't know what to do here, so you may want to wait for a "pro" <butterypancake>bruh, I literally just want an updated guix ISO... I didn't think this was so hard :'( <pinoaffe>joshuaBPMan: I'm not aware of any projects to make an open source client for zoom, and think the odds of that happening are quite low because zoom seems to be rather opposed to the idea and because they're nto the type of company free software fanatics generally would want to interact with <butterypancake>ya, I think. guix seems to install stuff in random order but I stoped failing on certain things after I did that. But now I got these new problems that are preventing me from making the ISO <pinoaffe>butterypancake: where possible, I do, but in some situations I have no control over the matter and end up using zoom in chromium <butterypancake>anyone know how to make guix redownload a drv file that I may have deleted? It's really not happy <mbakke>butterypancake: it looks like ICU changes their website so that the original download link no longer works <NieDzejkob>butterypancake: guix gc --help, look into --repair <NieDzejkob>(also, never ever touch anything in the store manually) <mbakke>butterypancake: if you deleted things from the store (directly, you should run 'guix gc --verify=repair' to try and fix the corruption <mbakke>you should use 'guix gc -D <the item>' to purge a specific item from the store <butterypancake>I'm trying your guix download command. Hopefully that helps. Thanks for the helpful commands :) <butterypancake>Maybe I'll be better behaved once I get a guix system running. On that system I'm unable to touch the store directly right? <mbakke>butterypancake: even on a foreign distro the store should be read-only <mbakke>butterypancake: using sudo for what? <apteryx>butterypancake: to manage your user profile, you call guix using your own user (not sudo) <apteryx>users are advised to *not* meddle directly with the store ;-) <lhp22>Hello there ! I'm a new user of Guix (I'm installing GuixSD on a virtual machine and reading the manual). I don't understand what does a `guix install` done by root. Does it mean that the installed package will be installed only for the root user ? Not in the whole system ? <NieDzejkob>(see gnu/system/file-systems.scm:360 for the details on that) <lhp22>And congrats for this fabulous tool Guix <3 <mbakke>oh, I thought the daemon took care of mounting the store read-only on foreign distros <butterypancake>I'm running the daemon manually in probably the wrong way. I'm trying to quickly generate an ISO so I can abondon my current system <vagrantc>in my early uses of guix, i do recall manipulating the store manually ... learned about guix gc --check that way <mbakke>butterypancake: are you not using substitutes on purpose? <vagrantc>and --repair ... if i remember correctly <butterypancake>substitute: guix substitute: warning: ACL for archive imports seems to be uninitialized, substitutes may be unavailable <vagrantc>yeah, that basically says you're not configured to allow any binaries and you'll build everything locally <vagrantc>butterypancake: what instructions did you follow to get where you are? maybe there's a step you missed? <butterypancake>so I built guix from source and then ran: sudo guix-daemon --build-users-group=guixbuild --max-jobs=10 <ecbrown>butterypancake: you can guix archive --authorize < ci.guix.gnu.org.pub <ecbrown>you have to track down the .pub file, but that will put guix CI into /etc/guix/acl <ecbrown>yeah, you could get permission denied and not notice <butterypancake>sudo doesn't work because the redirection thing. you should do it as root <Guixguy>I am doing the following: guix environment -u flatpak --no-cwd -C bash flatpak guix (to isolate flatpak) <vagrantc>or cat path/to/file | sudo guix archve --authorize <Guixguy>but when I am in my environment, guix commands aren't there. What do I need to add? <mbakke>butterypancake: step 2 says that you need to become the root user <butterypancake>wait, that file isn't there. I think I missed the step that makes that file <ryanprior>How do I see if there's any imports currently authorized? <vagrantc>butterypancake: the file is in the git checkout too, under a slightly different path <mbakke>Guixguy: you need "--ad-hoc" to make the specified packages available in the environment <mbakke>otherwise you end up in a shell with just the dependencies of the specified packages <Guixguy>guix environment -u flatpak --no-cwd -C --ad-hoc bash flatpak guix <-? <bricewge>Can I add myself to build-aux/git-authenticate.scm or should some one add my keys to it? <Guixguy>mbakke: it loads into env but I don't have guix commands <ecbrown>yeah, i whacked a whole computer because i thought i had whacked my /etc/guix/acl <mbakke>Guixguy: what do you mean by not having guix commands? <Guixguy>I don't have access to guix package or guix anything else <ecbrown>Guixguy: yes, but it's possible that the PATH got whacked <mbakke>Guixguy: to run Guix commands inside the container, you need to share /var/guix and /gnu, as well as any profiles you wish to use <ecbrown>suprised you don't even see /usr/local/bin/guix <mbakke>ecbrown: guix environment --container is fully isolated from the host system <ryanprior>wow I'd never tried environment --container before, that's cool as hell <xavierm0229>Hi. I'm trying to get the path in the store of a package. How do I do that? I tried using package-derivation and derivation->output-path but I get an error that I don't understand <xavierm0229>guix/ui.scm:1936:12: In procedure run-guix-command:Wrong type (expecting resumable continuation): #<vm-continuation 7f0d074fcfd0> <xavierm0229>(I suspect that I didn't access the store properly but I tried 3 ways and all gave the same error...) <ryanprior>Can you specify other paths other the the cwd that you want to be available in the isolated container? <xavierm0229>(It's package-derivation part that throws the error) <ryanprior>Like suppose I want to have in my container the cwd and also /etc/hosts can I do that? <ryanprior>It looks like `--share` and `--expose` are what I want but there's no help for what SPEC looks like <ryanprior>I'm working on updating a package (oil-shell in guix) and upstream would like to change the name to "oil" since that's the official title. Can we change package names? Can I introduce a new package "oil" and make oil-shell into an alias for it or something? <rekado_>ryanprior: yes, search for deprecated-package <thomassgn>xavierm0229: guix build <package-name> or readlink $(which <package-name>) is what I use in bash. Not sure if that's what you mean though? <ryanprior>rekado_: awesome thank you, what should the commit message look like when I'm deprecating a package? <ryanprior>Should I do this as two patches in a series, one which renames the package and then another that updates it? Or all in one patch? <xavierm0229>thomassgn It's for a package I've just defined to I need a scheme function :/ <xavierm0229>More precisely, I'm trying to transform a single package into several packages, one per phase of the original package, in order to cache the phases <xavierm0229>So if I have two phases A and B, I need to give the uri of the package corresponding to A as source to the package representing B <xavierm0229>(I think I'm nearly there. After I manager to get the URI, the only remaining thing is getting the sha) <rekado_>ryanprior: personally, I’d do it in two steps. <rekado_>xavierm0229: in Scheme you’d use a G-expression to get the output directory of another package. <xavierm0229>The error I was getting was because I was using xen as a test package >_< <butterypancake>ok, now I'm getting this problem trying to generate the ISO. I feel like I'm almost there <butterypancake> guix system: error: canonicalize-path: No such file or directory: "/usr/local/share/guile/site/2.2/gnu/installer/aux-files/logo.txt" <amom>hi, I usually run a minimal setup (bspwm+terminalapps+etc). How much hard drive space will I need for gnu guix? <amom>Im wondering if it will be significantly more as a result of rollback feature <ngz>amom: Hello. It probably depends on how back you want to go with the rollback feature. <civodul>in general packages take more space than on Debian, for instance <amom>ngz: Oh, I didnt know that was configurable. <amom>can I put the rollbacks on a seperate hard drive? <civodul>"guix size bspwm xterm xorg-server | tail -1" says 500 MiB for these packages + their dependencies <amom>civodul: thats not too bad <mbakke>I have an update for QEMU 5.0, but it fails to build on 'master' for no apparent reason <mbakke>I'll just sit on it until the merge <pinoaffe>amom: rollback stuff is in the gnu store, which is mounted at /gnu/store. It can be put on a separate disk, but needs to be available at all times as it contains *all* program-files and the like, not just the ones to roll back to <civodul>rekado_, bricewge: my bandwidth to ci. is back to normal today <amom>I think I might try to install gnu guix today. <amom>civodul: thanks. Will do. Im looking for a stable distro for grad school next year. <amom>Nothing more stable than rollbacks eh <vagrantc>rollbacks are pretty impressive! though ... i'll say if you update regularly, you'll definitely need them from time to time :) <bricewge>civodul: This issue is intermittent, personally it mostly happen in the afternoon <vagrantc>rollbacks are essential for a rolling release :) <civodul>bricewge: oh i see, that's really weird <bricewge>civodul: Can I add my keys to build-aux/authenticate.scm or will it screw with "make authenticate"? <lfam>mbakke: I'm glad to hear it works on core-updates. I was tracking the RCs but never figured out why it was failing the test suite. I had to use more recent kernel headers to make it build at all. I think that's actually a bug in QEMU; apparently QEMU should provide the newer headers itself <mbakke>lfam: ooh, I figured out the test suite failures, but did not understand why it failed to build on "master", thanks for the headers tip <mbakke>I'll try providing newer headers, and/or look into why thebundled headers fail <bricewge>sneek: Later tell dftxbs3e Did you managed, to have answer trough usenet about the packet loss? <lfam>I asked about them in the QEMU channel on oftc, and they said that it shouldn't be dependent on the machine's headers. QEMU should use a bundled copy <lfam>"That struct should be defined in linux-headers/linux/vfio.h" <lfam>"One possibility is that the machine has older kernel headers installed and QEMU's code is including <linux/vfio.h> in certain files where the system header will be found instead of QEMU's up-to-date header (a copy of the file from recent Linux)" <lfam>"That would be a bug in QEMU's code or makefiles. I'm not 100% that this is the case you are seeing, but it's a possibility." <lfam>I didn't find the time to dig in <dftxbs3e>bricewge, never sent an actual message because I was busy with other things and the diagnostic sometimes showed weird results that made me doubtful it was Free or not <sneek>Welcome back dftxbs3e, you have 1 message! <sneek>dftxbs3e, bricewge says: Did you managed, to have answer trough usenet about the packet loss? <lfam>mbakke: If it uses <linux/vfio.h>, then I think it won't search in the local codebase <lfam>It would need to do something like "linux/vfio.h" or "../../confusing/../linux/vfio.h" <bricewge>dftxbs3e: Some one from Mexico complained about the same issue <mbakke>not sure if it's worth fixing, I hope to merge in a day or two <lfam>Anyways, it built when I made newer headers a native-input <dftxbs3e>civodul, are you certain it's not on your side? <lfam>mbakke: Any progress on that login failure upon reconfigure? <lfam>That might make for some annoying bug reports later on <mbakke>lfam: I haven't looked into it, but I suspect we've had that problem forever <dftxbs3e>people should set up mirrors for the cache <bricewge>dftxbs3e: I tried to call them, I spent 3h on this and it was never conclusive... <lfam>dftxbs3e: Are you referring to things from the build farm? Those are signed and possible to mirror transparently <dftxbs3e>bricewge, I imagine but they garbage collect older artifacts I think <bricewge>dftxbs3e: Why are you doubting it come from Free? <dftxbs3e>bricewge, because the observed speed loss vs the ratio of dropped packets doesnt make sense <dftxbs3e>also I wondered, to what extent did GNOME need patching for making it work without systemd? <bricewge>WDYM, it could be a router doing smart queue management or something similar <lfam>That's how Guix makes its mirror and its easy to adapt <dftxbs3e>bricewge, well, I just don't know. It seemed weird, that's all. I don't know THAT much about ISP-level infrastructure <PathIssue>how do i fix the PATHs in guix; basic commands like rm or ls aren't working on a new install <mbakke>QEMU 5.0 does not fix the armhf user-mode emulation issues :/ <PathIssue>clipboard is not working; I will need to type it manually <PathIssue>doesn't look like IRC is letting me paste it <qyliss>PathIssue: If your IRC message starts with a /, you need to use two slashes, or it's interpreted as a command <lfam>Right, or try what qyliss said <jonsger>lfam: can you play h264 videos in Icecat with proper audio? <lfam>jonsger: I don't know, I'm not using icecat <lfam>I'm not using Guix System on the desktop <PathIssue>I get errors like this: bash: ls: command not found ... and i think it is a PATH issue <lfam>PathIssue: It's a strange PATH, especially the first component <lfam>But still, rm should exist in the '/run/current-system/profile/bin' part <lfam>How did you log in PathIssue? <lfam>So, when you log in from the console (alt+ctrl+f3), you get that PATH with the /gnu/store/hk4...-glib thing? <PathIssue>Let me try it now and see if it echos the same <lfam>You could also try `echo /run/current-system/profile/bin/l*` and see if ls is in there <lfam>Do you have any custom ~/.bashrc or ~/.profile or anything like that? Did you make this VM image yourself? If not, where did you get it? <PathIssue>i tried installing guix three times and it happened all three times <PathIssue>i forgot how in virtualbox to send the alt + control via virtual keyboard <lfam>Apparently, you can go fullscreen by pressing host+f1, and the default host key is right ctrl <lfam>You said you installed Guix? Like, with the installer? <lfam>Can you share your config.scm?