<wonko_the_sane>'guile-emacs' ? is that related to the plans Stallman et al had which included implementing elisp on top of a Scheme to be called 'GEL' ('GNU extension language', later renamed Guile) since like 30 years ago or something ?
<terpri>wonko_the_sane, inspired by those plans, yes
<terpri>bqv, guile-emacs compilation is likely slow due to its continued use of guile 2.x (not due to any notable technical difficulties, just lack of time). guile's bootstrap process is extremely slow (3.x might be better, i haven't checked)
<terpri>guile-emacs shouldn't significantly slow down emacs compilation, though guile-emacs itself is really slow (correctness was the priority, not performance)
<terpri>iirc dustyweb has a partial guile-elisp rebase onto modern guile that will probably be the basis of the next guile-elisp update
<terpri>(and the guile half isn't usually difficult to update; i imagine they spent half their time writing proper ChangeLog entries for my commits :p)
<jlicht>PurpleSym: I am being besieged by an army of telemarketers since my phone number ended up in one of their databases; I'll be rebasing (and fixing) that branch somewhere this weekend, so if you send me the command you tried, I can make sure that one actually works.
<PurpleSym>jlicht: I fixed it like this: https://paste.debian.net/1184873/ and now running `./pre-inst-env guix import npm-binary -r fuse-box` succeeded. Sometimes it spits out #<unspecified> for the homepage field, but that’s easily fixed.
<jlicht>PurpleSym: thanks for sharing findings/feedback/improvements!
<raghavgururajan>Folks! During initial development of `guix deploy`, why was DigitalOcean chosen?
<PurpleSym>jlicht: I’m running into another issue right now: chain-able 3.0.0 and 1.0.1 are pulled in at the same time, but since the variable names are the same only the first one is actually used causing errors in the package requiring 1.0.1.
<jlicht>PurpleSym: manually adjusting it is the name of the game for now, but the crate importer should have a solution for that that I might simply copy in the long run
<roptat>raghavgururajan, probably because the author had an account at digitalocean, so it was easier for them to develop for it
<pineapples>Hi! I have a question regarding channels. Let's suppose a malicious actor gained unauthorized access to a third-party channel I use, and uploads a package that bears the name of a package from the official Guix repository. Let's also ignore the fact there are other, most likely more refined means of compromising a Guix System via a compromised channel. What will happen? Will the package from the third-party channel take preceden
<pineapples>ce over the package from the official repository?
<raghavgururajan>roptat: Ah cool! I thought it was related to uploading custom images.
<roptat>pineapples, I think it depends on the version of the package in the channel and in guix. In any case, you'll at least get a warning that there are two packages by the same name, and it'll tell you which it chose
<roptat>actually, you'll also get that warning if you try to install a package and we have multiple versions of it already
<roptat>if you use a package by variable name (in a script or manifest), you'll get whatever you imported last I think, but guile will warn you "foo in (channel corrupted) shadows definition foo in (gnu packages bar)" or something like that
<roptat>but if you imagine a corrupted channel, it can already do arbitrary code execution, so that's not really the biggest threat here :p
<pineapples>Well. Thank you for the detailed response. The best security practise appears to be sticking to the official channel if possible. Not a huge deal to me if you ask me
<PurpleSym>jlicht: Ooof, I don’t think that’s feasible. I’ll see if I can add version numbers myself.
<adfeno>Hi there, which package provides Ruby's mkmf (the full one, not mkmf-lite) ?
<kondor>Do we still not have a vnc system service?
<pineapples>roptat: >"it can already do arbitrary code execution" How does this happen? As far as I understand, when 'guix pull' is run, every defined channel's modules is compiled? Yes? Would the execution of arbitrary code take place during the compilation? Just curious
<bqv>rekado: nothing, currently. I packaged it for nix, so I know how to do it there, but I am exceedingly novice to guix so I am not sure how to achieve the same. I'm reading emacs-xyz.scm, but just wondering if someone here might be able to knock it out in seconds
<jsoo>I had a chance to use the official installer this week. What a good experience! Nice work!
<pineapples>roptat: That's scary, albeit an eye-opener. Can non-package Guile modules do that as well?
<roptat>pineapples, maybe, but they'd have to be loaded by something first
<rekado>pineapples: that’s a price to pay for the ability to compute anything
<rekado>we can, for example, compute fancy package variants without having to fully specify the package as data
<iyzsong>little scary, but it's same as npm, pip, both can run any code..
<pineapples>I see. Anyway, if I understand correctly, although any code hosted by a channel can be used to compromise an instance of Guix System, packages have the highest probability of becoming an entry point of malicious code
<rekado>pineapples: we could perhaps think about sandboxing channels by default and disabling sandboxing with a channel configuration flag.
<modinjp>/!\ this channel has moved to #nyymit /!\
<bqv>rekado: is is really gonna be possible to sandbox code though, eventually it runs toplevel so surely expressions buried deep enough would escape
<pineapples>rekado: So, at the end of the day, there are multiple entry points of a compromised channel's malicious code, and whatever my or someone else's security model is, as long as we add a third-party channel that we only partially trust, there's no way for us to protect ourselves from it unless we remove it from our system?
<ShibewG>/!\ this channel has moved to #nyymit /!\
<dannym>civodul: Could you look at the kernel-loadable-module-service-type patch https://issues.guix.gnu.org/45692#1 (just that one)? I almost was ready to push that contribution to master, but I'm not sure about that "mbegin %store-monad" in kernel-builder-configuration->system-entry. Is it OK?
<sundbry>@PurpleSym @jicht the approach I take to get work done is using the wip-node-14 branch for the recent node.js (TYVM), and then I do a manual build with `npm ci/install` and then do guix build with the project directory as source to vendor in all of the deps. Not ideal by any means but I have a similar workflow for java/maven projects.
<rekado>FWIW, with my patch for guile-emacs the build of guile-for-guile-emacs and guile-emacs itself passes after 87m7.213s
<ngks>Here's a simple question: I am running Guix System and trying to create Guix packages for some software whose build system requires Docker (probably there is different way to do this but I want to follow upstream instructions at this point in the process).
<ngks> This introduces a requirement that my user be in the "docker" group. I haven't been able to create this group either in my config.scm or at the guile repl.
<roptat>I'm kinda overwhelmed by the build process for the videos...
<ngks>so I guess I will have to investigate the software's build process to break this (IMO depraved) Docker requirement.. We'll see how far I get. Thanks for the advice.
<lfam>They are probably using Docker in an effort to have an understandable build environment, but it's unlikely it really depends on Docker
<roptat>probably, you'll find that info either from alternative instructions in the README or INSTALL files, or from the dockerfile itself
<ngks>to follow up on the previous question, can someone point me to docs location (or more likely a location in the Guix sources) that illustrates how to create a user group? It's a basic Unix task and I feel queasy not being able to do it.
<roptat>when you use the guix system, you should forget about trying to use a command to do anything ;)
<ngks>My question is pretty basic so thanks for hanging with me. I was looking at that section in the docs yesterday; it says how to write user group declarations like `(user-group (name "students"))` but not where the declaration should go.
<ngks>I tried putting that declaration inside the operating-system declaration, no luck. Then I tried putting it inside the users declaration, no luck. At that point it felt like I was just changing things at random. Ideally somebody could point me to a location in the Guix sources that provides an example.
<lfam>I think it would go like (groups (cons* (user-group (name ...)) %base-groups)
<lfam>That's the pattern of the other fields in operating-system
<dannym>Gah, with guix master (commit af55e2aad6abaf1efb60366796fcfb7867e296fb), right after guix system init, the first guix system reconfigure fails with: /root/.config/guix/current no such file or directory
<dannym>That's because the directory /root/.config/guix does not exist and apparently is not being created either
<zdm>Does anyone run guix (or well, linux-libre kernel really) using a high resolution and/or high refresh rate display? I'm currently planning on buying an Intel NUC as it seems the most appropriate platform for me to install Guix on and use my 1440p 165hz display. What I'm wondering is if anyone has had any issues in terms of resolution and also importantly high refresh rate?
<lfam>zdm: It has integrated Intel graphics support?
<zdm>lfam: The NUC yeah, that's the point of me getting one
<lfam>I think it should work, since support for that is usually built in to the kernel, unlike with discrete GPUs from nvidia or amd