IRC channel logs


back to list of logs

***sandy-claws is now known as poggers
***poggers is now known as jess
<bqv>hey, why's guix still on glibc-2.31?
<rekahsoft>Hi all! Firstly, happy holidays. I was curious what the best way to modify an inherited packages build phases?
<ryanprior>rekahsoft: happy holidays to you too! Here's an example of inheriting a package and modifying things:
<rekahsoft>ryanprior: Ooo..that looks like exactly what I need. Sadly it was right in front of me in another source file and I hadn't yet investigated it. Thanks! :)
<dissoc>has any work been done to try to get any security modules like selinux or apparmor to work with guix system?
<xelxebar>dissoc: Just checked on the guix-devel mailing list and saw this:
<xelxebar>Doesn't look directly applicable to a Guix System, however.
***apteryx is now known as Guest72305
***apteryx_ is now known as apteryx
<raghavgururajan>Hello Guix!
***MidAutumnHotaru3 is now known as MidAutumnHotaru
<PotentialUser-46>Hi ! The blog post "Porting GuixSD to ARMv7" explain how to install Guix System on a ARM board but state that guix wasn't capable to produce a disk image from a desktop machine on x86_64. Is it possible now ?
<davidl>janneke: changing the disk space option just doesn't seem to help, no idea why :-S Do I need to run some hurd version of resize2fs?
<bdju>could anyone with experience packaging go stuff package this for me?
<bdju>looks super nice. like an alternative to the sleep command with a visual countdown
<ngz>My Emacs became crashy recently (in particular when reading mails with Gnus). I get segmentation errors. Are you experiencing the same?
<janneke>davidl: did you reconfigure?
<davidl>janneke: yes
<davidl>janneke: how can I check the space left on the filesystem on hurd?
<davidl>janneke: thats why I also tried to install gptfdisk which also fails.
<janneke>davidl: df -h /
<leoprikler>Can someone help me debug a graft issue?
<leoprikler>The following test passes:
<leoprikler>But when trying to package something, that uses a strange filename, I get: Fran??ais: No such file or directory
<leoprikler>during grafting
<leoprikler>and the file vanishes from the grafted package
<leoprikler>and according to convmv, those files are already UTF-8 encoded
<mekeor[m]>is there a guix-service for dyndns (aka ddns aka dynamic dns)? :)
<mekeor[m]>mekeor: yes, there is ddclient-service-type
<BlackMug>does kvm and vbox works within guix?
<BlackMug>vbox mostly wont work since its not considered as free software tool
<BlackMug>but not sure about kvm if its gonna work or not
<leoprikler>BlackMug: doesn't qemu have a kvm flag? It should work if enabled and permissions work out
<BlackMug>so user have to do some hacky stuff to make it work? wont work just by installing similar to apt/dnf..?
<leoprikler>If you consider adding "kvm" to your supplementary groups "hacky", then yes.
<BlackMug>need to check out but thought somebody tried that
<leoprikler>IIRC correctly if works with `guix system vm` if you pass --enable-kvm after that
<leoprikler>"IIRC correctly if works", my english is on point again
<mekeor[m]>does one need d-bus on a server?
<aecepoglu[m]>How should I build/install a guile-scheme project consisting of multiple files? Normally I'd "cd" into the directory and add that directory to guile-load-path and run the main.scm file in there. Should I install the files in the bin/ directory of its guix package? Should they be copied to GUILE_LOAD_PATH or be compiled and placed into GUILE_LOAD_COMPILED_PATH?
<mekeor[m]>aecepoglu: i don't know but did you look into other the source code of the declarations of guix-packages of other guile-based software?
<aecepoglu[m]>I could not think of a relatively simple guile executable to take inspiration from
<jonsger>sneek: ask lfam whats the way to get a module enabled in guix/gnu/packages/aux-files/linux-libre/5.10-x86_64.conf
<ryanprior>bdju: here's a package for countdown:
<aecepoglu[m]>ryanprior: was that for me?
<ryanprior>aecepoglu: no but you are welcome to use it as well of course
<aecepoglu[m]>Ah, I thought it was a scheme executable :)
<ryanprior>I know very little about Guile, despite using it to contribute to Guix and reading a decent amount of its documentation. I couldn't begin to answer your question about how to build and install. I hope there are some example packages that can help you.
<ryanprior>Looking at gnu/packages/guile.scm it looks like most of them are using the GNU build system, which means you could look at their makefiles and see what
<ryanprior>The one exceptionis guile-gdbm-ffi, which uses the "guile-build-system":
<ryanprior>In guile-xyz.scm there's a bunch more examples that use the guile-build-system
<aecepoglu[m]>I think you pasted the same link as before
<ryanprior>Oh indeed, darn
<ryanprior>Ah it's because I instructed Emacs to copy a link to Savannah but Emacs doesn't know how to format Savannah links so it just didn't copy anything
<aecepoglu[m]>I remember browsing these and hoping to find an executable among them.
<ryanprior>I'm not sure what you mean by an executable. Do you mean not-a-library?
<aecepoglu[m]>something that is not a library, yes
<ryanprior>Here's one that's not a library:
<aecepoglu[m]> So they seem to copy straight into the load path
<sneek>Welcome back rekado, you have 1 message!
<sneek>rekado, raghavgururajan says: I was not able to find anything regarding your issue with librem laptop. But I will keep looking and will let you know if I find anything.
<spudpnds>Hello! I'm trying to read a number of different config.scm files for inspiration. Does anyone know of any good ones I should read, or perhaps a curated list of them? Currently I'm just googling like: "guix" "base-packages" "base-user-accounts" "scm"
<rekado>raghavgururajan: thank you, but it turns out that there’s no problem booting. There’s just no visual feedback until *after* the passphrase has been input.
<rekado>it’s a graphics problem, not a boot problem
<ryanprior>I tried creating a JSON package definition today. It didn't work & I have no blue how to debug it.
<ryanprior>Here's a working package written in Guile:
<ryanprior>Here's the equivalent written in JSON:
<ryanprior>Here's the build output:
<ryanprior>Am I being dense or should I report a bug?
<rekado>ryanprior: it’s a bug.
<rekado>could you please submit it to and CC me?
<ryanprior>I will do
<bdju>ryanprior: thanks for the package! should I just be able to `guix package --install-from-file=countdown.scm` to install it? I get an error trying that, `guix package: error: cannot install non-package object: #<unspecified>` (I usually just use stuff from the repo so I still don't have the hang of this sort of thing)
<ryanprior>I'd recommend: guix install -L. countdown
<ryanprior>The -L. flag adds the current directory (.) to the Guix load path
<bdju>I made a new dir for it because it was in my downloads directory at first but I had some other .scm files in there it looked like it was trying to do stuff with, so I canceled it and moved it.
<bdju>and I'm getting an unknown package error now
<bdju>well anyway, if it works and you upstream it, I'll get to use it eventually
<bqv>hey, why's guix still on glibc-2.31?
<aecepoglu[m]>is guile-build-system for libraries only? It seem to put everything in lib/
<civodul>aecepoglu[m]: yeah i think so
<civodul>bqv: re glibc 2.31, major updates like this trigger a complete rebuild, so they're done in a separate branch called "core-updates"
<civodul>that's merged every six months or so
<ryanprior>bdju: I wrote a bit just now about how to try out packages, including lots of troubleshooting info:
<ryanprior>Hopefully that will help you try the countdown package! Might also be useful to other Guix developers to see where the sharp edges are & strategize how we can do better.
<civodul>ryanprior: the post looks like there are lessons to be learned, indeed!
<civodul>thanks for sharing
<bqv>civodul: ah, makes sense
<ryanprior>civodul: thanks for reading! Happy to have this now as a resource to share when I see confusion
<Aurora_v_kosmose>guile-json-1 might serve as anexample?
<Aurora_v_kosmose>For a simple package?
<mekeor[m]>how to make a server running guix-system more secure and protected? are there any services which you'd recommend for a server exposed to the internet?
<Aurora_v_kosmose>A firewall and key-only ssh are usually good pratice.
<OriansJ>Aurora_v_kosmose: port knocking too
<mekeor[m]>Aurora_v_kosmose: what firewall? which guix-service or -option offers such a firewall?
<mdevos>and automatic upgrades with unattended-upgrade-service-type
<Aurora_v_kosmose>OriansJ: Eh, port-knocking is kind of security by obscurity. It's not necessarily bad to add it in addition to other proper measures but...
<mekeor[m]>i found this firewall-service, developed for maintenance of the guix-build-farms:
<OriansJ>Aurora_v_kosmose: fair but when combined with more rigorous firewall rules it is quite effective
<OriansJ>Aurora_v_kosmose: but then again passwords are also security by obscurity but that doesn't change the fact security requires obscurity to be truly effective.
<Aurora_v_kosmose>OriansJ: The difference, I think, is the degree of additional entropy and guessability/observability of the secret.
<Aurora_v_kosmose>Encrypted HMAC'd port-knocking like fwknop allows is better than plaintext, for example.
<OriansJ>Aurora_v_kosmose: if port knocking is the only line between access and not; you are correct. But we are talking about hiding services like SSH behind it; where you should also set up SSH keys for additional security.
<OriansJ>So even if they just use knockd; it doesn't reduce the security benefits of clearing out virtually all of the noise.
<Aurora_v_kosmose>For a bit more configuration overhead but more audited safety, I find that exposing wireguard and only listening to ssh on it is also an acceptable alternative
<OriansJ>Aurora_v_kosmose: fair; personal preferences and all. but wireguard access attempts will still show up in the logs
<Aurora_v_kosmose>OriansJ: Dropped connections are logged? I didn't observe such behavior, though since I did setup the optional symmetric keys, that may be why.
<OriansJ>Aurora_v_kosmose: Government logging settings; require tracking of failed access attempts
<Aurora_v_kosmose>Ah. Is it an access attempt if the connection is dropped before any protocol analysis due to an invalid MAC?
<OriansJ>Aurora_v_kosmose: that depends on how one's agency interprets the standard.
<Aurora_v_kosmose>Logging those would otherwise allow someone to fairly trivally DoS a server.
<OriansJ>Aurora_v_kosmose: Not all services should be tolerant of DDoS attacks
<OriansJ>Sometimes the correct behavior is to go offline.
<Aurora_v_kosmose>OriansJ: Huh.
<OriansJ>Aurora_v_kosmose: Some sensitive systems should go offline in the face of a DDoS attack.
<Aurora_v_kosmose>mekeor[m]: Personally I'm kinda fond of nftables.