***hitchcock.freenode.net sets mode: +o ChanServ
*NieDzejkob is chipping away at Sage again <NieDzejkob>phase `build' succeeded after 3414.4 seconds \o/ <NieDzejkob>the install phase is failing, but it's still something <dissoc>that's exciting. i looked for that when I first started with guix. so far i've gotten by with maxima <dissoc>im finally getting the hang or writing packages. I probably have 6-7 by now. Probably need to submit them after reviewing the older ones <clodeindustrie>I usually manage my dotfiles with a git repo and stow, does it sound like a good idea to make myself a package for that? ***drakonis1 is now known as drakonis
<NieDzejkob>clodeindustrie: a package for the dot files, or stow? <clodeindustrie>I mean I package that would still use stow to deal with my dotfiles but it would all be part of a package <NieDzejkob>I don't exactly understand, but I've never used stow myself. I use rcm, not sure how different it is <apteryx>clodeindustrie: using stow *inside* a package definition sounds really awkward to me. <apteryx>I also use Stow to manage my dotfiles <clodeindustrie>I am currently setting up GUIX on my Thinkpad, fumbling my way around everything <butterypancake>So I'm trying to figure out if it's even possible to package searx. It wants to be installed as its own user (a searx user) and then it wants to run pip a bunch inside of a virtual-env <butterypancake>and it wants to run pip stuff like "pip install --upgrade pip" and "pip install --upgrade setuptools". Is that a no-no? <apteryx>butterypancake: you wouldn't use pip as part of the package definition, no <butterypancake>I'm thinking it's a program, although I never figured out what the definition of a service is. it's just a local python server for running a meta-searchengine <butterypancake>also it looks like searx has an undocumented setup.py so I'm just forging ahead using that, ignoring the instaltion instructions. I'm getting some odd dependency issues though so I'm looking into what's up with that <butterypancake>ok, so I'm pretty close (maybe) but I need to use python-requests 2.22.0. It absolutly has to be that version and can't be any other version. The current version is 2.23.0. How do I lock the input to a previous version? <atw>butterypancake: I think there's precedent for writing your own python-requests-2.22 and writing a comment about why it's there. See python2-babel-2.6 in python-xyz.scm, e.g. :) <atw>my connection flaked but I read the log. Good luck, butterypancake! I hope that setup.py isn't bitrotten! <butterypancake>It was last updated two months before the release I'm using happened. Sounds like it might still work :P <apteryx>badair: it could be added like, guix environment --fhs <apteryx>not high on my priority list, but that could be an interesting features for experimentation ***Kimapr__ is now known as Kimapr
<pkill9>would it be okay to change the --with-input to match the syntax used by --with-commit? <pkill9>e.g. instead of --with-input=<file> and then it matches the filename of the sort "package-version" to the package's source to replace, you specify it yourself, and so you aren't required to have the filename match the form "package-version" <apteryx>pkill9: sounds reasonable to me, but perhaps it'd be nice to gather more opinions on guix-devel, just to be safe. <efraim>I always give it a tarball or link and hope it works, I've never reformatted the tarball if it didn't work <malaclyps>did someone say that there was a script to create a standard git commit comment for edits to guix package definitions? <jackhill>malaclyps: (and now that I've read the whole thread ☺) I see it's in etc/committer.scm in the guix repo now. Thanks rekado_! <malaclyps>jackhill, i found committer.scm.in and was wondering if there was a bug that wasn't making it -- but then i realised that I hadn't built guix since it arrived! I had no idea it was so recent ***rekado_ is now known as rekado
<rekado>jackhill: be sure to check the commit it generates. I tested this on a few updates already, but there’s always a chance I missed something <malaclyps>i am sometimes a little confused by what Guix thinks it needs to download -- I just installed a package that I know has a very small set of dependencies (afew), and somehow guix is downloading the Glasgow Haskell Compiler and GTK <efraim>Subversion is for git, have to graft all the outputs <efraim>The only programs that have GHC in their graph I use are git-annex and diffoscope <dissoc>for openvpn can i just use a config file (myconfig.ovpn) instead of putting all the config in data structure? <dissoc>im looking at the service code and im guessing not. it works via command line but my config has some stuff thats not in the service code ***aligngator is now known as certifiedcitrus
<sneek>nckx?, pretty sure was seen in #guix 14 hours ago, saying: Yes.. <lprndn>bricewge1: hey! looking at the lightdm service right now. I'm trying one last thing. <lprndn>does anyone happen to know if it's possible for one service to extend another one conditionally? :/ <efraim>I assume it would depend on what the condition is <NieDzejkob>lprndn: service-extension takes a function that returns the value used for extending, so if the service you're extending uses a combining function that has an identity, you could just sometimes return that <lprndn>efraim, NieDzejkob : I meant depending of the configuration passed to the service. I was wondering if it was possible to just modify the list of the `extensions field but I suppose it's not possible, right? <lprndn>NieDzejkob: ok, I think I understand. I wanted to avoid that but It seems the only way. <efraim>it should be possible, something like (if (not (null (lightdm-configuration-field field))) (extend-field-with-that-other-service) '()) <lprndn>bricewge1: I try: One service for lightdm, one for each greeter. Seats are defined in the lightdm service only. Then we collect greeter-sessions from seats and extend necessary greeter-services to activate them. <lprndn>greeters' configuration are done in their respective service. Really, I try to use the extension mechanism as a on/off switch for greeters... <lprndn>efraim: Thanks. I'll try! I used (when ...) but it was returning #f and failing... :/ <efraim>I don't always understand why sometimes when/unless works and other times it doesn't <efraim>When you go to write an if without an alternate (a one-armed if), part of what you are expressing is that you don’t care about the return value (or values) of the expression. As such, you are more interested in the effect of evaluating the consequent expression. <efraim>In our case with the config we care about the return condition of the test <lprndn>efraim: ok I think I understand. I'm just not sure anymore about something. Can you explain me where you would put the conditional in this case? <efraim>(if (test-statement) (true) (false)) <efraim>so in my example above (not (null (lightdm-configuration-field field))) is the (test-statement) <lprndn>efraim: Ok, this I got. :) But how would you put it in the service-type definition? (Am I clear? Sorry, I'm a little in my own thinking bubble...) <bricewge1>efraim: I thinks it's because 'when' return '#<unspecified>' when false and that downstream code don't handle it <efraim>I think I would do (extensions (list (if ...) (service-extension ...) (service-extension ...))) <efraim>or if it doesn't like returning an atom and it's easier to do a list then (extensions (append (if ...) (list (service-extension ...)))) <lprndn>efraim: hum... ok so I think my problem is that the service configuration is no available in the extensions field scope (or does it?). Maybe I should make a procedure of lightdm-service-type but it's done nowhere else so I'm not sure it's ok... <lprndn>efraim: Thanks! I'll try things... :) <nikita`>if i would have commit access, i would commit it. i think someone just remove the redirect i had and christian never bothered to have no 404s (but I did) <nikita`>this new URL is up for 1.5 years now i think, so /shrug <lprndn>where can I find informations on the (*-service-type config => ...) syntax? <lprndn>civodul: thanks! totally missed the modify-services in the outside sexp... this is good news. :) <nckx>raghavgururajan: Looks like a job for the copy-build-system. <nckx>See (guix)Build Systems in the manual. <nckx>raghavgururajan: Because it looks like these source files don't need to be built (‘you should compile and link the OpenSLES_IID.c file into your project’), but I didn't browse the entire tree. <nckx>raghavgururajan: The PDFs are non-free, don't install those. ***terpri__ is now known as terpri
<raghavgururajan>nckx: There is gc process going on in bayfront. I was wondering if you could build openjdk and icedtea on guix.tobias.gr, with the HEAD of wip-desktop branch? <nckx>efraim: znc.in is the ZNC home page. znc.in → wiki.znc.in/blah is a 302 redirect and an implementation detail, no need to ‘follow’ it. <necrophcodr>I'm currently trying to build a project using `cmake` inside a `guix environment`, but it fails. <necrophcodr>The exact issue is that it fails on a `file(DOWNLOAD)` function in cnamek. <necrophcodr>Are there currently any issues with cmake downloading from HTTPS sources? The guix environment is NOT run as a container FYI. <nckx>[wild guess without error message] necrophcodr: Are the nss-certs available in the environment? The cmake package declares SSL_CERT_{FILE,DIR} native-search-paths, check whether these are set & look sane inside your environment. <necrophcodr>nckx, they should be, in the logs it even references /gnu/store/dgpj6aypb3zi10r4bqivaalrl4pzs8lb-profile/etc/ssl/certs/ca-certificates.crt <bricewge1>I'm trying to mount a NFS share from within the initrd REPL, do I need to build a ntfs-utils static package first or can I use the current non static one? <rekado>efraim: oh, a shiny server service! Ah want thayut! <certifiedcitrus>(^- two posts up) StackOverflow mentioned that one should use strlcat instead of strcat.. IDK of those things, honestly. <necrophcodr>nckx, additionally, this file path differs (in name) from what my normal SSL_CERT_FILE environment variable points to (which is a path to a symlink in my ~/.guix-profile folder). <mothacehe>bricewge1: I think you have to use the static version in the initrd <sneek>mothacehe, you have 1 message! <nckx>necrophcodr: Sounds correct. Then I can't be of help. <mothacehe>hey civodul, thanks for the link, didn't know about that! *certifiedcitrus probably answer is there. <efraim>nckx: the znc home-page came up in guix lint and I was already touching the package so it seemed like a good time <bricewge1>mothacehe: There are none ATM, that why I wonder if using the current nfs-utils (dynamically linked) may work <bricewge1>Until I manage to package a statically linked one <efraim>rekado: I can see about upstreaming the r-shiny service :) I'll also add in the documentation about creating a shell script launcher <civodul>bricewge1: you can put anything in the initrd, but if you put dynamically-linked packages with doc & all, it's going to make the initrd very big <civodul>and thus it'll only be usable with large amounts of RAM <bricewge1>civodul: Thanks! That's not a problem on the machines I'm testing this on, I'll skim the fat from nfs-utils later. <mothacehe>civodul: I think we still have race conditions in Shepherd, the tests hang randomly. I'll try to strace the whole thing as you suggested. <civodul>though it could be anything else, no? <mothacehe>If I kill guix-daemon instead of restarting the Shepherd service, I cannot reproduce the issue anymore <apteryx>should we try to support Secure Boot at some point? Fedora and OpenSUSE both use something called 'shim' which uses the Microsof cert (it supports other certs as well), meaning it can boot out-of-the-box on Secure Boot enabled machines. <pkill9>malaclyps: you can use `guix graph <package> --path <dependency>` to see the path to a dependency <pkill9>though i can't find 'gtk' or 'ghc' in the output of `guix graph afew` hmm <pkill9>it's a mystery to me why guix downloads a tonne of unrelated stuff <pkill9>infact, i keep my root guix revision at the point I used to build the system, and it started downloading stuff when I reconfigured the system <bricewge1>apteryx: Adding support for Secure Boot is a good idea: network boot is vulnerable of MiTM attacks without it. <efraim>I looked at updating vlc but the key used to sign the tarball expired about a year ago <nckx>apteryx: Definitely! But ‘secure boot’ and ‘works out of the box’ don't mix; you choose 1 :-/ (Barring back doors or motherboards that don't allow removing OEM keys, in which case you choose none.) We should document & strongly encourage users to remove any MS keys ASAP. And figure out how to securely sign things. <nckx>raghavgururajan: Still building 😒 <apteryx>Secure Boot is just a name, and it does work out of the box for OpenSUSE and Fedora, using Microsoft 3rd party certs, but I get your point. <nckx>Then I'm not sure I get yours. I don't think we should endorse such a misleading name. <nckx>apteryx: Do you know the story amongst other FSDG/FSF-aligned distributions? <apteryx>It's just something I was thinking about given that at least one user seems to have issues disabling Secure Boot (and some cheaper boards don't allow to, IIUC), so these machines are locked from running Guix unless we implement the 'shim' as found in Fedora, OpenSUSE, others? <apteryx>This would allow out-of-the-box booting on Secure Boot locked down machines (given they are configured with Microsoft cert), while *also* giving you the flexibility of enrolling your own cert (you wouldn't have access to substitutes then, though). <nckx>apteryx: By the way, by ‘endorse’ I just mean supporting the shim/other OOTB hack without noting how problematic it is and putting on our FSF hat sometime during/after the installation to educate the user. Not to decide for them. <nckx>Seems like the GNU thing to do. <nckx>apteryx: Sure, I think compiling locally's acceptable to everyone (expected, even) who cares about that. <apteryx>An issue should we want to have OOTB Secure Boot support would be that the key would need to be secret to the build machines I guess... otherwise what's the point. And then you can't really build locally anything because you wouldn't have the key. <apteryx>Seems OOTB support won't be feasible in a distributed context. <apteryx>Anyway, just thinking out loud. I also find signing all of our stuff with Microsoft derived keys unappealing ;-) <nckx>My knowledge of what exactly happens & is enforced once the kernel's loaded is shaky at best. We should be able to build the shim & GRUB reproducibly (like we do TAILS) so we could just ‘re-use’ existing signatures, but that won't work for the kernel, let alone all of them. I think… <nckx>apteryx: In theory it's unappealing, in practice MS has signed enough things that any machine sold in 2019 or earlier without patched firmware (if the vendor even provides it) will silently boot anything an attacker puts on your disc, i.e. no security at all. *certifiedcitrus "cannot change dir to {5,Xw,21}/home/guix/" <- ah, that why it's `str[0] = '\0'` instead of `= ""`. <bricewge1>nckx: 'secure boot' looks to be a UEFI specification so we should be able to use that <nckx>bricewge1: It is, but I don't follow. <nckx>That's the SB that we were discussing. <nckx>Not just ‘a more secure boot’ (which, whether Secure Boot provides that… is arguable 😛). <bricewge1>We are talking about 'UEFI Secure Boot' right? <nckx>What exactly do you mean by ‘we should be ablet to use [the specification]’? <bricewge1>True that UEFI Secure Boot isn't that secure, but it's a start, PureBoot is the best that I know ATM <nckx>bricewge1: I'll need to look that up, thanks. <bricewge1>nckx: “I don't think we should endorse such a misleading name.” <bricewge1>Since it's just a spec name I don't see why the FSDG would prohibit it's usage <bricewge1>'UEFI Secure Boot' could probably be use in a Guix context. <nckx>That wasn't the strongest argument in retrospect. My point wasn't the FSDG specifically, just that the general GNU stance on it should be coordinated or at least discussed. <nckx>raghavgururajan: I hope it's still relevant: the icedtea/openjdk bootstrap has finally completed. I don't know how many of the damn things I built but they're available now. <nckx>bricewge1: Interesting. The FSF does call ‘Secure Boot’ that doesn't allow the user to manage keys ‘restricted boot’, and we shouldn't care about supporting that, but I don't know how widespread that really is. <nckx>Cfr. the ‘cheaper motherboards’ apteryx mentioned above. I don't know if they're all that common. <nckx>But this is a tangent, since such systems will be supported if we opt to make proper SB work ‘out of the box’ anyway 🙂 <rekado>hmm, I get a much earlier segfault in guile-emacs; during build <nckx>I say we, but I have plenty of gaps in my knowledge of this stuff too. Like: is ‘kernel lockdown’ (which disables useful features like hibernation ffs) mandatory to support SB? Debian thinks so. <nckx>bricewge1: Yep, that was on my reading list, but thank you! <nckx>bricewge1: It's on the ‘read later’ list because of the date, by the way. <bricewge1>A little dusty, I would like a fresher article too *certifiedcitrus victory. Though "variable-sized object may not be initialized" is awful error. And that i _need_ to initialize str before do any meaningful str[n]*cat. <raghavgururajan>Folks! The configure flag `(string-append "--cmake-install-prefix=" (assoc-ref %outputs "out"))` throws an error that directory doesn't exist. But the default output 'out' should automatically be created right? <NieDzejkob>raghavgururajan: it doesn't get created for trivial-build-system, dunno about what others build on top of that <civodul>rekado: i've restarted guix-daemon on berlin, so it's now running the latest and greatest, including reepca's improvements <nckx>Note the branch and commit and compare. <nckx>That would be this commit. <raghavgururajan>nckx: Do you have any ideas regarding the configure flag I posted above? <nckx>raghavgururajan: You need to create it if it doesn't exist, before 'configure. <nckx>raghavgururajan: And make sure you're not trying to install to /gnu/store/…/gnu/store/…/ or so. <nckx>raghavgururajan: Yes. There's nothing wrong with your code. <NieDzejkob>certifiedcitrus: I don't think that would make a difference <raghavgururajan>CMake Error: The source directory "/tmp/guix-build-srt-1.4.1.drv-0/build/--cmake-install-prefix=/gnu/store/0z6iyf4g1l703q888ag83haib1cgydzn-srt-1.4.1" does not exist <nckx>Some build systems do the equivalent of ‘mkdir $DESTDIR/$prefix’. <nckx>No, this is something else. <NieDzejkob>raghavgururajan: shouldn't cmake-build-system already set the prefix? <nckx>It's trying to install into a directory named, in full: "/tmp/guix-build-srt-1.4.1.drv-0/build/--cmake-install-prefix=/gnu/store/0z6iyf4g1l703q888ag83haib1cgydzn-srt-1.4.1" <NieDzejkob>no, it thinks the argument is a path to the source <nckx>raghavgururajan: Are you sure you're setting the right flag? <nckx>NieDzejkob: That's what I said, no? <nckx>Oh, no, I wrote ‘install’. <nckx>raghavgururajan: & where did you get the ‘--cmake-blah’ as the way to set that destination? <NieDzejkob>raghavgururajan: I think you need to set -DCMAKE_INSTALL_BINDIR=path <nckx>What NieDzejkob proposes is a lot more canonical. <NieDzejkob>or maybe -DCMAKE_INSTALL_PREFIX would work. More direct. <nckx>I'm sure it's possible to write a CMake script that accepts weird (in CMake land) --foo arguments but it wouldn't make sense. ***leoprikler_ is now known as leoprikler
<nckx>vlc-3.0.11.tar.xz is signed with an expired certificate… using SHA-1. <nckx>raghavgururajan: Did you find out the difference yet? I'm going AFK, if bayfront is still unavailable now's the time to ask me to start building something. <efraim>nckx: I noticed that too, that's why I didn't bump it. <nckx>efraim: I forgot to add it's DSA1024 for good measure. This ‘expiration’ is actually… irrelevant, as sad as that sounds. VLC has a long history of not caring about the key and not responding to (my and other's) messages about new ones. I treat it as an unsigned tarball, do my due diligence, and push. <vagrantc>nckx, efraim: i notice that debian's vlc package updated the upstream signing key a couple months ago ... maybe they got an updated signature from somewhere? given that the keysever networks have had issues in recent years... <lfam>I'm going to start working on the FFmpeg 4.3 upgrade, unless somebody else has already begun <blendergeek>I recently tried to install GNU Guix on my laptop. Unfortunately, my ethernet card was not configured by default. It showed up on `lspci` but not when using `iwconfig -a`. This ethernet card is fully supported by freesoftware and works with other FSF endorsed distros. <NieDzejkob>blendergeek: wasn't iwconfig for wireless cards? what does `ip a` say? <jsynacek>Hello. I installed guix 1.1.0, ran 'guix pull' today, then 'guix pull --roll-back' and then 'guix pull -l'. The roll back actually informed me that my generation was switched from 1 to 0, but 'guix pull -l' shows only generation 1 and then blocks and never finishes. Furthermore, if I run 'guix pull -S 1' again, the output from 'guix pull -l' is broken. <jsynacek>Is that a known issue or should I filed a bug report? <lfam>I'm looking at the package definition of FFmpeg 4.3 in (gnu packages video) <lfam>It nests delete and alist-delete calls to remove some things from the package definition that it inherits from <lfam>I wonder if there is a better way, that is a little less Scheme-y? <NieDzejkob>lfam: You mean 3.4? Anyway, this could be indented a bit better with one alist-delete per line. If you need to expand these substantially, you could also use a fold <lfam>Yes, that's what I meant. Sorry for the confusion <lfam>FFmpeg 4.3 is working on my end, with rav1e. I'm testing dependent packages now <civodul>tests/inferiors.scm hangs on aarch64-linux on master <civodul>why on aarch64 specifically is a mystery <NieDzejkob>Maybe rr in chaos mode will be able to catch it? It only works on x86 afaik, though. <civodul>the hang is likely a protocol/buffering issue ***rekado_ is now known as rekado
***terpri__ is now known as terpri
<leoprikler>Does Guix have any SmallCaps fonts or do I have to use font attributes to "fake" small caps? <cnmne>hi guix ! Has anyone used emacs tramp to connect to their guix machine? trying to troubleshoot. <dissoc>cnmne: i have. what's your problem? <cnmne>I connect, but inserting the file fails <cnmne>looking at the manual, i thought it might be a path error with `tramp-remote-path' <chipb>cnmne: hm. I seem to recall doing something for that a few months ago. lemme see if I can dig up what I did (it was from an old hard drive).