<mbakke>we do have grafts as an actual advantage, and less build system hacks such as patchelf and compiler wrappers
<Noclip>How do Nix and Guix compare for virtualization, containers and custom environments?
<jonsger>some hours later I finally have my desktop running Guix :P
<mbakke>I believe Guix and Nix are pretty similar when it comes to containers and environments... Guix has an advantage in Ganeti though ;-)
***catonano_ is now known as catonano
<Noclip>How well does the nix importer work? Is there extra work required to get nix packages work with guix and does it work for all or just for some packages? (The main advantage of nix seems to be it's huge repository with basically everything in it.)
<guixy>When the script is finished executing, du says the disk is more than 10GB large.
<guixy>When I start it in virt-manager, it is 429M large.
<guixy>When I run guix pull, it says the database is full.
<pkill9>so, I've made a guile script that lists all available packages in guix, and when you select it it checks for .desktop files and binaries in /bin and opens the first one available, and it checks to see if the package is already in your guix profile and uses that one if it is
<pkill9>one step closer to creating a launcher of all packages regardless of whether they're 'installed' or not
<pkill9>I'm going to eventually have it check the guix repository log for new packages, and list those, and update guix in order to get the new package definitions lol
<brettgilio>nckx: Hey I got your report on the Mercury build failing for you. I gc'ed and cleared all of my local builds and I cant get the failure to reproduce.
<pkill9>maybe ultimately security is an illusion, and we should just try to make sure we no more sensitive data than we need on machines connected to the internet, or accessible by other people
<brettgilio>pkill9: I would say that security is not so much an illusion as much as it is not a guarantee. Especially in our current era where software is written in poorly specified languages that run on residual undefined behavior.
<brettgilio>We just need to do (alot) better in how we design software
<brettgilio>and stop using languages that dont provide guarantees about how execution happens
<brettgilio>We have a mathematical toolbox full of logical applications, but only the smaller few of programming languages use them (Standard ML, OCaml, Haskell, Scheme)
<brettgilio>Thats part of what bandali and I wanted to do awhile back before I took my hiatus, bring formal methods tooling to Guix :)
<guixy>Security is a little more real than an illusion. We can protect against predictable vulnerabilities. It's the unpredictable and neglected vulnerabilities that make complete secuirity impossible.
<rovanion>nckx: I'm reading the kernel manual on intel_pstate and "Active mode - In this mode the driver bypasses the scaling governors layer of CPUFreq and provides its own scaling algorithms for P-state selection."
<rovanion>So that would explain why setting the scaling governor through cpufreq-set had no effect.
<rovanion>Given that my CPU is in active mode. I've not found where I can see that yet.
<nckx>rovanion: Interesting. Nor do I, but temper your expectations: most modern CPUs consider user-space power meddling obsolete, to the point that ‘performance’ saves more power than ‘powersave’/‘ondemand’ because it now means ‘leave me alone granddad’.
<nckx>Of course that depends very much on your CPU & your goals.
<NieDzejkob><Noclip> Is there a command to show the download and/or installed size of a package before installing it? (Debian's "apt show <pkg>" does that for example.) </Noclip> guix size uses substitute information to tell you, guix build -n will tell you how much will be downloaded
<Noclip>NieDzejkob: Exactly what I was looking for, thanks!
<raghavgururajan>How do I invoke a program inside 'pre-check phase, that requires to be ran as root?
<nckx>raghavgururajan: Not. You convince it that it doesn't need to be root after all & it was just a big misunderstanding (maybe it can do its job just fine if you comment out a UID == 0 check), or disable those tests as some packages do.
<roptat>the same happens with grafts: guix needs the ungrafted version to determine what it has to graft and compute the name of the grafted variant; but gc will collect the ungrafted variant, so if you later want to build the grafted package, guix will have to re-download the ungrafted package
<roptat>you can prevent that kind of behavior by using --gc-keep-outputs=yes and --gc-keep-derivations=yes: this will keep the runtime dependencies and the ungrafted variants of the packages from your profile
<civodul>i wonder if we should change 'guix gc' to be equivalent to 'guix gc -F10%' by default
<roptat>it's not the default because it makes your store bigger and prevents gc from collecting a lot of things
<nckx>Noclip: Guix would never delete any reference it knows about. So any ‘guix fsck’ would have a second reference scanner that's better than the ‘real’ one, and Guix should just use that one instead.
<nckx>Kimapr_on_window: Because I thought you were still using VirtualBox. :o) I'm not familiar with Windows at all.
<roptat>rovanion, the home manager completely takes over your home directory. With Nix, it simply copies files but keeps them writable, so any software could change your configuration. The guix home manager creates a profile for your home, so it's completely read-only
<roptat>you can poke holes by creating symlinks to a writable directory, which I do for .local and .cache for instance, as well as for software that don't work when the configuration is read-only
<roptat>or whose config I haven't converted to a service type
<NieDzejkob>could you try it on your side to check if it works?
<NieDzejkob>if it works, could you try to minimize your operating-system into a full example that breaks?
<apfel>hi there i try to build a package definition with my locale guix checkout. package: https://pastebin.com/Sxfu8TbN - but i get the following error: guix package: error: getting attributes of path `/gnu/store/3il0ngja1qn6vz72bvmkfxa0b9271nhr-bootstrap-mes-0': No such file or directory
<apfel>it did work once bevore, i think i might messed up my store somehow ...
<roptat>apfel maybe try to run "guix gc -D /gnu/store/...-bootstrap-mes-0"?
<roptat>the reasonning being that if the directory doesn't exist but guix thinks it does, the gc will help guix understand the path doesn't exist anymore
<NieDzejkob>roptat: I can't find any documentation for named extension points, could you point me to the relevant manual page or code?
<roptat>NieDzejkob, it's not in guix, but in the guix home manager
<tirifto>Hello! Could someone confirm whether there are no substitutes available for ‘icecat’ and no builds therof in queue right now? (I think that’s what ‘guix weather’ is telling me, but it seems odd.)
<sseneca>hi all. I want to install gnu guix on a laptop. its networking drivers aren't free software so that won't work, but its use case doesn't require networking, so I want to do it anyway. does anyone know how I could go about updating it every so often? it doesn't have an ethernet port.
<jonsger>oh, it's nice how much faster building guix on a desktop is compared to a laptop :)
<jackhill>sseneca: is a USB network card an option? Another option could be using guix archive --export on a different machine, and then guix archive --import. It's possible, but will requiere some thinking or scriping to make sure you get all the bits :)
<jackhill>sneek: later tell sseneca is a USB network card an option? Another option could be using guix archive --export on a different machine, and then guix archive --import. It's possible, but will requiere some thinking or scriping to make sure you get all the bits :)