IRC channel logs


back to list of logs

<raingloom>nity nite guixers o/
***ChanServ sets mode: +o lfam
<pkill9>has there been any work done on runtime wrappers?
*** sets mode: +o ChanServ
<lle-bout>pkill9: not yet AFAICT!
<pkill9>they would be so useful
<Noisytoot>It's guix environment --pure guix if you're not on guix system
<leoprikler>runtime wrappers?
<lle-bout>leoprikler: attaching a runtime wrapper script to an installed package in a profile
<lle-bout>e.g. re-implementing flatpak desktop sandboxing that way
<lle-bout>with bwrap
<pkill9>I like what they want to do with flatpak sandboxing of having it ask you if you want to allow it access to a given file when it's accessed
<jackhill>+1 to a flatpak-like wrapper
<lle-bout>it wont work great until we have wayland-only desktop but I think you can disable XWayland in Sway and be pretty good, also only use QT or GTK apps that only use Portal APIs for stuff
<pkill9>I don't want to restrict myself to those applications
<pkill9>currently I'm using firejail for sandboxing
<lle-bout>pkill9: flatpak-like sandboxing can only be really effective security-wise if the applications themselves use portals APIs and do not require direct access to anything so, I think it can be a realistic constraint to at least realize what works and what doesnt to try and fix it
<pkill9>I'd like to have it so the program can see a list of files, and have the sandboxing tool monitor when it tries to read/write one of those files, and then pop up a window letting me grant/deny permission
<jackhill>and for me, I only really have a use for certian types of apps to be sanboxed in that way. Namely ones that process untrusted data. Granted, that's a large contingent of apps…
<lle-bout>pkill9: it's not so trivial to do this
<pkill9>hmm ok
<pkill9>why is that?
***ChanServ sets mode: -o lfam
<lfam>You really have to design the operating system around this use case
<lle-bout>You would have to somehow suspend apps *during* system calls with some kernel module then have some usermode interface communicate with that kernel module to display such dialogs, first I am not sure suspending processes *during* system calls is a good idea/possible
<lfam>Maybe it could be bolted on to Unix
<lle-bout>All in all, such functionality is similar to a rootkit of some sort
<pkill9>hmm ok
<lle-bout>I wonder why no one's done it
<lle-bout>Maybe there's an issue I don't foresee
<jackhill>lfam: perhaps with Hurd :)
<vagrantc>lfam: so, getting guix running on the apm mustang reminded me of why i prefer linux-image-arm64-generic ... linux-libre required me tracking down which modules it needed to load from the initrd to mount the rootfs ... -arm64-generic had them built-in and "just worked"
<lfam>Yes jackhill!
<vagrantc>though, if the initrd shipped more modules by default and had something like modprobe instead of insmod to load modules with dependencies ... that would fix a lot of the issue
<lle-bout>pkill9: there's this thing:
<jackhill>:) This push-only project stack that I have is getting to be a problem…
<lle-bout>pkill9: it does networking, not sure if that can be extended to files
<vagrantc>but maybe my take on what should be in the initrd is biased from my experience with debian :)
<lfam>Thanks for the note vagrantc
<lfam>I was collecting "user stories" about installing an OS on the Honeycomb LX2
<lle-bout>pkill9: this: also
<lfam>I saw someone say that the "generic" ARM image for Arch booted first try
<lfam>Anyways, if you can suggest some changes to how Guix does this, I'm all ears
<lfam>Or rather, some patches / pseudocode that someone else could implement
<lfam>My role with our kernel is just to keep it up to date
<vagrantc>i've struggled to understand how it works on a code level ... in practice it seems to just blindly load all modules from a predefined/configured list of modules
<lfam>lle-bout, pkill9: It sounds like iOS a little bit
<vagrantc>e.g. most baremetal systems end up needlessly running virt* modules
<lle-bout>lfam, pkill9: AFAICT macOS/Darwin retrofitted such system calls intercept with allow/deny
<lfam>Android too, but Android is less designed and more evolved from regular Linux
<vagrantc>at the very least, adding modules that are dependencies of the specified modules would be a big improvement ... though some are non-obvious
<vagrantc>e.g. for mustang, in the end i needed to add "ahci_xgene" and "sd_mod" ... sd_mod surprised me that it wasn't already there
<pkill9>well it doesn't sound very straightforward to do, oh well
<vagrantc>luckily this time, ahci_xgene just depended on other things already present
<lle-bout>raghavgururajan: everything built for me too! I need to sleep now but will review commits individually after waking up in approx 12h!
<vagrantc>but on other systems, i had to manually track down the module dependencies
<lle-bout>pkill9: e.g. for some reason on deny SELinux forcibly kills processes, not sure why, maybe there's some issue there.
<vagrantc>(and to add insult to injury, some of them were effectively dependencies but not represented in any way ... e.g. you need to have some 12v rail enabled or whatever ... but there's no code path to verify that)
<lle-bout>In that you couldnt do any other way and expect the application to work somehow
<lfam>sd_mod is for SCSI?
<lle-bout>raghavgururajan: $ ./pre-inst-env guix build -v1 --without-tests={shepherd,python-pygobject,nss,libsoup} gstreamer gst-plugins-base gst-plugins-good gst-plugins-ugly ibus librsvg gst-libav iqa faac zbar transcode flite gst-plugins-bad gst-editing-services
<vagrantc>extracting the needed modules for a specified platform woudl work for some armhf/aarch64 systems
<vagrantc>s device tree
<pkill9>it doesn't matter a great deal for me anyways, i hardly use applications that simultaneously want network access, and to be able to read my files, most are pretty separate
<pkill9>and I create files when working on things, so that's more of an explicitly allowing thing
<raghavgururajan>lle-bout: Thanks!
<GNUtoo>Do you have other package manager with statedirs in Guix?
<GNUtoo>There is dpkg for instance, where does it stores its information ?
<vagrantc>GNUtoo: i don't think it would be reasonable for dpkg to install packages with guix, but it has other functionality
<vagrantc>such as extracting the contents of a .deb file
<GNUtoo>or to be used with debootstrap
<vagrantc>you might be able to do interesting things with dpkg --root= for a chroot
<vagrantc>debootsrap doesn't really use dpkg, it was in guix long before dpkg was
<GNUtoo>oh ok
<GNUtoo>I've a WIP package for pacman
<vagrantc>i may be oversimplifying ...
<GNUtoo>pacstrap does need pacman AFAIK
<GNUtoo>So I was wondering how to handle the statedir
<GNUtoo>And it somehow works but I've still many tests failing
<GNUtoo>So I was wondering how other similar packages did it
<GNUtoo>Maybe I should just leave the statedir stuff as-is
<vagrantc>now you've got me curious about dpkg
<GNUtoo>(it picks /gnu/store/a322nwjkk94n1cfwkwn67xrwln0a2wk5-pacman-5.2.2/var/... by default)
<vagrantc>it doesn't look like it does anything special ... probably similar ... e.g. /gnu/store/...dpkg.../var/(cache|lib)
<GNUtoo>ok, thanks
<GNUtoo>btw, do I need all the tests to pass to submit a package, or is it ok if they have broken tests?
<vagrantc>if it fails to build it's not good :)
<GNUtoo>it builds fine and I can even build packages with it (or install packages but that's dangerous...)
<vagrantc>ideally get all the tests fixed, or disable them with explanations of why
<vagrantc>in the worst case
<GNUtoo>I'll try to fix them then
<vagrantc>but many tests make assumptions that just don't make sense in guix ... so ... use judgement :)
<GNUtoo>I've got some strange failures though, like file not found when trying to find fakeroot and so on, it probably assumed a standard FHS directory somehow
<GNUtoo>So if I fix that it would enables more tests but then many still remains to fix
<GNUtoo>+ I'll probably ending up patching the source which isn't great for maintenance
<GNUtoo>So it's rather a time issue here
<GNUtoo>(fixing all that will probably take quite some time)
<jgomo3>Hi! Are the Guix Manual and Cookbooks available as *info* nodes?
<raghavgururajan>sneek, later tell civodul: In c-u, glib-or-gtk-build-system doesn't trigger bootstrap. For example. try `guix build farstream --without-tests=gupnp-igd`.
<sneek>Will do.
<marusich>lle-bout, re: the blog post, it's a decent description of what we did... I wanted to discuss the issues of (1) reproducible bootstrap binaries and (2) the chain of trust, but I haven't written anything about it yet. Mainly I guess I want to call attention to the fact that the old version of GCC 5.5.0 (or something used to build it) doesn't build reproducibly, and it's hard to figure out, but help is welcome. Also, I wanted to highlight the
<marusich>"blobs" that you end up trusting, depending on whether you start by downloading a foreign distro OS image or whether you start by downloading a release of GNU Guix.
<marusich>I think some people don't fully appreciate that they are trusting binaries when they use e.g. Fedora or Debian...and I think that answering the question of "what blobs are my trusted bootstrap binaries?" in the case of a traditional GNU/Linux distro is quite a bit harder than in the world of Guix or Nix
<marusich>I wonder how Gentoo manages its "bootstrap binaries"
<marusich>Maybe the most important thing about the post is just to highlight the fact that it is released, multiple people have helped, why it is important, you can help too, and invite people to try it out (e.g., try building it and report build failures for your favorite packages)
<everstone>I'm having font problems with icecat. Everything is displayed as squares. It says it can't load Gvfs is installed and the file exists.
<marusich>I think a blog post that compares "what do you have to trust" when you install Guix in various ways, to the situation on some other common distros, would be interesting, but perhaps it isn't particularly relevant to this one.
<vagrantc>jgomo3: the manual definitely is
<vagrantc>jgomo3: not sure about the cookbook
<jgomo3>vagrantc: Do I need to install a package to get it? When I run `info guix` I get: `info: No menu item 'guix' in node '(dir)Top'`
<link2xt[m]>Is it possible to produce an AppImage out of relocatable guix-pack tarball?
<pkill9>link2xt[m]: it's possible but not implemented
<pkill9>i'd like it to be implemented so you could generate an appimage with guix
<vagrantc>jgomo3: is the INFODIR environment variable set?
<pkill9>i think it's possible since you can structure appimages however you want i think, as long as there's a specific entry point file
<vagrantc>jgomo3: i'm not terribly familiar with info pages, fwiw ... but i did recently use guix's info pages
<jgomo3>@vagrantc It seems to be set. The variable INFOPATH. but it's content doesn't have the guix info page. And now I'm just noticing I have not a man page for guix neither. I'm on a foreign distro (Ubuntu 20.04). So I'm using guix as a package manager.
<vagrantc>jgomo3: have you run guix pull yet or added anything to your user profile, e.g. guix install somepackage ?
<vagrantc>jgomo3: you may need to log out of your session and back in again ... presuming /etc/profile.d/ is configured
<raghavgururajan>sneek, later tell lle-bout: It appears, build of webkitgtk on offload-VM fails due to memory.
***apteryx_ is now known as apteryx
<awb99>I need to access /usr/bin/env inside guix environment. I am using nodejs (or rather npm package manager9 for js development, and many packages need this.
<awb99>It seems that many shell scripts use this.
<awb99>Perhaps I can search for the program, and then create a symlink after the environment gets set yp?
<leoprikler>/usr/bin/env should already exist in Guix System, but if you have a container, you may need to add an appropriate --expose
<awb99>thanks @leoprikler
<awb99>I thought --expose only adds host files to the guest (guix container)
<awb99>If I do --expose from my fedorasystem when I create the guix env, then I would use the env of the host system.
<awb99>I want to have a reproducible dev setup
<awb99>so I dont want to expose the host system
<leoprikler>ah, so you need to add env to your container and expose the container's env as /usr/bin/env
<leoprikler>there is some documentation on FHS containers
<bdju>Is anyone here using Gajim with OMEMO on Guix System? When I click the encryption icon in a chat, nothing happens. Also, OMEMO doesn't show up in the plugins list. I have gajim-omemo installed. I'm using Sway.
<bdju>seems the gajim-openpgp package doesn't do anything either
<bdju>and my password won't save because there's "No recommended keyring backend available" (?!)
<bdju>and does anyone know why dino/gajim ignore my configured gtk theme? I have to launch with an environment variable to make them dark
<davidl>bdju: I used it in the past and I know that omemo worked at some point. It could be that you need to install additional packages for the keyring thing for example. Are u using Gnome?
<davidl>bdju: u could look into trying to use gnome-keyring.
<lle-bout>marusich: hey! I think including those various things in the blog post is good!
<sneek>lle-bout, you have 1 message!
<sneek>lle-bout, raghavgururajan says: It appears, build of webkitgtk on offload-VM fails due to memory.
<lle-bout>raghavgururajan: hello! the memory/cpu amounts may be a bit unbalanced yes, could you succeed building after more retries or?
<Frosku>How can I install Simplified Chinese character set?
<brendyyn>do you mean a font for it?
<Frosku>Yeah, however I can get it to display in my browser, I guess I'm missing a font
<brendyyn>many general purpose fonts should have them. maybe install liberation, dejavu, ...
<brendyyn>noto fonts
<Frosku>Do you know what the package name is?
<brendyyn>font-dejavu font-liberation font-google-noto
<Frosku>I was trying ttf- for some reason
<Frosku>Hm, I have dejavu installed, guess for some reason qutebrowser just isnt using it
<brendyyn>Apr 5 19:43:14 localhost Tor[1]: Your system clock just jumped 73025 seconds forward; assuming established circuits no longer work.
<brendyyn>I think i just found the reason my gpu keeps timing out and crashing my desktop every single day
<brendyyn>question is... why would my clock suddenly jump forward like that
<Frosku>Do I need to enable locales or something
<brendyyn>Frosku: maybe fc-cache -fv
<brendyyn>73025 is over 20 hours, and its currently nearly 21:00, so the hour is maybe being reset to midnight ?
<abcdw>hi guix (:
<lle-bout>abcdw: hey :-D
<brendyyn>with `guix build flightgear' im getting an error from nix/libstore/ saying error: integer expected from stream
***jx97 is now known as jx96
<everstone>Guix keeps redownloading stuff it already has. Can I somehow force it to use cache?
<brendyyn>it probably isnt really doing that but is downloading different versions
<everstone>I have hardcoded the kernel version and location I want it from, and when I do guix system reconfigure or guix system vm, it downloads it again
<brendyyn>without running guix pull?
<everstone>Yea. It also recompiles the kernel from scratch, and I'd rather it not since I didn't change anything about the config. Maybe it has to do with me moving my system partition backwards
<everstone>I can confirm now that the font problem I was having yesterday is not reproducable. I'll just reinstall my system
<pkill9>this looks interesting
<nckx>Good morning Guix.
<nckx>everstone: Guix (and Nix) are built around a cache. It will never build the same inputs twice, unless you ask it to do so (--check) or clear the cache in the meantime (guix gc).
<pkill9>also owncast
<davidl>pkill9: yes that is cool
<davidl>pkill9: my recent bash-related discovery is grex
<davidl>just packaged it today by the way:
<brendyyn>how can i list all leaf-node packages?
<brendyyn>davidl: please submit it ;)
<everstone>nckx: I'm hoping a reinstall will fix some of the jank I'm experiencing. I think most of it is cuz user error on my part
<davidl>brendyyn: I will soon. Though, I could need some help figuring out rust-ndarray@0.15 which I wasn't able to compile. It is needed for grex, but I changed it to version 0.14.0 which happens to work but it may cause - i don't know. Current guix-master has wrong hash for ndarray@0.15, and after fixing the hash it still doesn't compile.
<davidl>may cause bugs*
<nckx>everstone: OK, better luck this time 😉 If you see things being built that you already have, note the respective /gnu/store/<hash>-file-names, and you might be able to find out how they differ (it's as good as guaranteed that they're somehow different).
<brendyyn>davidl: the patch doesnt apply and some other dependencies need adding int seems
<davidl>brendyyn: have you tried: git apply --ignore-space-change --ignore-whitespace patch.diff (from here
<ieroglif>Hello. Making a fresh install of guix system. Internet stops few minutes and pkg download stops. Internet is now up. Is there a way to continue loading packages?
<brendyyn>davidl: i meah the patch in ndarray
<davidl>brendyyn: oh, yeah I didn't notice that the lines were cut off. Its supposed to be a few hundred lines in the patch.
<davidl>brendyyn: sry, ignore my last comment.
<davidl>I will check this
<brendyyn>i ran guix import crate ndarray, and it makes definition with more inputs
<davidl>brendyyn: yes it does. Did you see the link I pasted:
<davidl>brendyyn: if you copy that to a file say patch.diff, you should be able to apply it with git apply --ignore-space-change --ignore-whitespace patch.diff
<davidl>brendyyn: I wil try it myself now
<brendyyn>did you confirm that blas patch isnt needed any more?
<davidl>brendyyn: nope.
<davidl>but the patch didn't work to apply anymore after I updated the hash and was able to start trying to build it.
<davidl>brendyyn: hmm, Im not able to apply the diff as a patch :/
<nckx>ieroglif: Repeating the same command multiple times will not redownload completed files. However, continuing downloads of incomplete files is not implemented yet.
<pkill9>i do not like the jami logo
<pkill9>i also do not like the bibliogram logo
<pkill9>they have similar kinds of style
<ieroglif>nckx: Ok Thanks. I'll install again from beginning.
<brendyyn>davidl: ok i dont understand those rust errors
<nckx>pkill9: De gustibus. I think the Ring/Jami logo is one of the best free software logos out there (Guix is better). The font is horrible though.
<pkill9>yea the font is what i'm talking about
<pkill9>has anyone actually managed to have a voice or video conversation with jami?
<nckx>Well, s/best/better/ anyway.
<brendyyn>i did with apteryx
<pkill9>were you using guix system?
<apteryx>I was
<davidl>brendyyn: which ones? The one I was getting was some suggestion to E2007 or something. Is that what u got too?
<apteryx>brendyyn: hey :-)
<leoprikler>don't forget the GJS logo ;)
<brendyyn>apteryx: hi
<davidl>brendyyn: ok. Well thanks for checking!
<apteryx>pkill9: also the jami team uses it daily for their stand ups (using a rendez-vous point conference)
<brendyyn>davidl: perhaps you can post a bug report up stream
<davidl>brendyyn: yeah Im considering it. Though they report that it builds on their git, so i wonder if it's about how guix builds it. I should probably try to build with cargo build grex or something first.
<davidl>brendyyn: if u make any progress on it, please let me know though!
<pkill9>lol, it crashed when i pressed call
<pkill9>running it from guix environment
<link2xt>when I run "guix environment --ad-hoc --pure pkg-config clp -- pkg-config --libs coinutils", it shows -lbz2
<pkill9>it fails to send audio clip too, just says connecting
<link2xt>and if I run `guix environment --pure clp`, there is bz2 in the profile
<pkill9>i can send messages to myself however
<link2xt>so ./configure of coinutils from Clp source detects that bz2 library is present, and compiles against it
<link2xt>but "bzip2" is not a dependency of "clp", why it goes in the profile?
<link2xt>now I have to use `guix environment --ad-hoc gnu-toolchain pkg-config clp bzip2` to compile programs against clp library
<link2xt>bzip2 is an optional dependency of Clp
<pkill9>maybe cos i'm tryingt os end to myself
<nckx><but "bzip2" is not a dependency of "clp"> <bzip2 is an optional dependency of Clp> which is it?
<pkill9> can someone test jami with me?
<link2xt>nckx: in maths.scm, there is a "clp" package defined
<link2xt>"bzip2" is not listed as its dependency
<link2xt>but during configure phase it has detected that bzip2 is present
<nckx>‘guix size’ clp shows that it is very much a dependency.
<leoprikler>maybe bzip2 is propagated by another input?
<leoprikler>otherwise perhaps it's present in the unpacker
<nckx>link2xt: bzip2 is available by default in the build environment. Any package can use it and retain a reference (dependency, more or less) in the output.
<link2xt>but now "clp" lists -lbz2 in its .pc files (CoinUtils one, specifically)
<abcdw>yoctocell: I started to review home-xdg-*-service-types and related changes, overall they are good, I'll apply patches as they are and will add my fixes and updates on top of it. Have to go soon, probably will finish and push results tomorrow.
<link2xt>so to actually use it, I have to also add "bzip2" to my profile
<nckx>link2xt: Are you saying clp should propagate bzip2?
<link2xt>I don't know, why is bzip2 always available in the build environment?
<link2xt>if this can't be fixed, then probably "bzip2" should be explicitly listed in "clp" inputs
<nckx>It's something of a judgment call: it's so frequently used (for unpacking tarballs and the like) that it's one of the default inputs.
<nckx>Adding it again won't change anything, unless you propagate it.
<nckx>That's what's generally done for .pc requirements.
<leoprikler>isn't it present as a native input rather than an input?
<leoprikler>I know guix confuses those two sometimes, but it would make a difference, no?
<nckx>You are.
*nckx distracted by Revision 😊
<link2xt>so there should be a (propagated-inputs (("bzip2" ,bzip2))) ?
<nckx>I'm not sure.
<nckx>I'm not a fan. But there are other packages in Guix that propagate all Libs.private packages, so I can't say no.
<leoprikler>what exactly is the problem here?
<leoprikler>that bzip is not a part of `guix environment --ad-hoc clp`?
<nckx>There is no problem. Just a minor inconvenience.
<link2xt>leoprikler: yes, I have to also specify "bzip2" explicitly
<link2xt>not sure if it's a bug
<leoprikler>specifiy explicitly in order to do what? invoke bzip2 on the command line?
<link2xt>"clp" detected during ./configure at the build phase that -lbz2 is present and put it into pkg-config .pc file
<link2xt>so to compile against "clp" with gcc $(pkg-config --libs clp), I need "bzip2"
<leoprikler>hmm, I think if you added it as a normal input and do `guix environment clp` (no --ad-hoc), you should get what you want
<nckx>The ‘-lbz2’ is added because ./configure saw it lying around at build time? Nutness.
<leoprikler>I think we should handle inputs vs. native-inputs a bit more cleanly than we currently do.
<link2xt>it's an ordinary script
<nckx>leoprikler: Absolutely.
<link2xt>if I run `guix environment --pure clp`, bz2 library is indeed lying in the profile
<leoprikler>There's already a thread documenting its weirdness in the ML, perhaps we can try changing that on c-u this season? (Or possibly next season?)
<nckx>link2xt: Year, --pure is relative, it will give you gcc too! Note that it's the build environment used to *build* clp itself.
*nckx goes back to watching tiny pretty things.
<link2xt>yes, I was just checking why clp detected bzip2 as present, and found that it is indeed in the --pure non-adhoc environment
<link2xt>even though it is not in the inputs
<leoprikler>it actually is in the inputs, in the implicit ones that is ;)
<link2xt>I found the thread:
<link2xt>anyway, I should probably make a patch to add optional dependencies of clp (bzip2 and zlib) to propagated-inputs?
<link2xt>hmm, it's only a problem for ad-hoc environments
<link2xt>other packages depending on clp will have bzip2 too
<link2xt>what is the policy on optional dependencies generally?
<nckx>link2xt: Correct: we always recommend writing proper Guix packages for everything, and those will have the same implicit inputs so the problem doesn't even exists.
<nckx>link2xt: Guix is rather maximalist. Most optional dependencies are usually added as inputs and enabled, unless they are disproportionally huge or obscure (or non-free or obsolete or ...).
<brendyyn>link2xt: can you make it so it directly uses the bzip binary rather than searching for it in path?
<link2xt>brendyyn: clp does not use "bzip" binary, it uses -lbz library
<link2xt>* -lbz2
<nckx>You can still patch the .pc file, no?
<nckx>(Didn't look.)
<brendyyn>there are some examples that substitute that for the exact path
<brendyyn>search the repo for lbz2
<link2xt>I found it only in libarchive package
<link2xt>well, it's probably too hacky
<bavier[m]>oh, this is nice for us, right? new mrustc 1.29 can bootstrap rustc 1.39.0 :
<bavier[m]>err, maybe not new mrustc release, just progress since last...
<canant>Hi All,
<canant>My name is Canan and I'm an Outreachy applicant. I'm trying to build Guix Data Service on my Ubuntu 18.04 laptop.
<canant>I'm getting below error after running the steps mentioned on the README file.
<canant>Could you please help me to understand what I missing?
<cbaines>hi canant, I'm not quite sure where that's coming from
<cbaines>are you using direnv to manage the environment?
<lle-bout>raghavgururajan: hello!
<lle-bout>raghavgururajan: sorry have been busy cooking stuff for the place I live in
<canant>Hi cbaines,
<canant>I've followed the steps written on the README but I can check it again. Am I the only one getting this error?
<cbaines>canant, I get the same error, but only when the normal development dependencies aren't available
<canant>Thanks for your response, cbaines. I'm checking again the direnv steps.
<abralek>Hi, could someone please check this
<abralek>just a friendly reminder)
<lle-bout>abralek: hey! it seems nckx was already reviewing it, it would be best if they finished it!
<lle-bout>I don't run Dovecot myself
<lle-bout>nckx: also could you kick/ban PotentialUser-28 please since they are flooding join/leave since a while now, thanks!
<nckx>If it's considered annoying, why not.
<canant>Hi again, after checking the steps again I've successfully passed the previous error but now I can't generate the .go files in the make step.
<lle-bout>nckx: well it would be best if such problem could be solved client-side but :-)
<bdju>davidl: I'm using Sway, a Wayland compositor. No GNOME.
<lle-bout>nckx: I havent found a way to strip join/leave with ERC, ignore doesnt work
***ChanServ sets mode: +b PotentialUser-28!*@*
***PotentialUser-28 was kicked by ChanServ (Banned: Please fix your client's constant {dis,re}connection spam; thanks and welcome back!)
<cbaines>canant, good good, from that error (missing (guix narinfo)) I'd guess you're using an older guix
<cbaines>canant, I'd suggest doing guix pull, then running "direnv allow" to prompt direnv to do it's thing, you might then also need to re-run the configure script
<canant>It's possible because I've installed Guix from official Ubuntu repo
***ChanServ sets mode: -b PotentialUser-28!*@*
<nckx>lle-bout: I keep them visible as well (probably a bad idea to hide them as moderator) so I've ‘banned’ people for it before. Thanks for asking.
***ChanServ sets mode: +b PotentialUser-28!*@*
***PotentialUser-28 was kicked by ChanServ (Banned: Please fix your client's constant {dis,re}connection spam & reconnect with a different nick, and welcome back!)
<lle-bout>lfam: hello! :-D
<lle-bout>lfam: so about CVE through Github, do we just do it through there?
<lle-bout>lfam: someone has a Github account for GNU Guix already?
<lle-bout>This maybe?
<lle-bout>lfam: I would actually maybe prefer we use Gitlab
<lfam>So, nckx still didn't hear from MITRE?
<nckx>lle-bout: Why GitLab/Hub?
<lle-bout>nckx: they are a CNA and are more responsive to assign CVE IDs (if not completely automated)
<nckx>I'm repeating myself, but wth is GNU itself not a CNA.
<lle-bout>It seems their process to assign CVEs is more streamlined
<lfam>GNU doesn't "exist" as an organization
<lfam>There is no formal body of GNU that could be responsible for this
<lle-bout>nckx: I don't know, I would like it to be the case but right now that's not the case so
<lfam>I want to reply to me advisory on oss-sec and ask, what is the deal?
<nckx>lfam: You know what I mean.
<lle-bout>I do not know the right FSF people to ask them to be responsible for a CNA
<lfam>Do you mean FSF? I would like GNU to exist more formally but it's a longstanding issue that it doesn't
<nckx>Let's not get into that.
<lfam>Haha okay
<lfam>It's a FOSDEM late-night topic
<lle-bout>Who are the FSF people we can ping so they become a CNA?
<lfam>To be sure, you applied on March 18, nckx?
<lle-bout>Also do we want to increase GNU Guix's project dependency on FSF?
<lfam>Okay. I'm going to shame / beg on oss-sec
<lle-bout>lfam: OK!
<nckx>And sent a follow-up mail (just to note the blog post), but that rules out any ‘oh the Web form is buggy’ excuse from them.
<nckx>(And the GNU we deserve *would* be a responsible org; that's my grudge.)
<nckx>lfam: Thanks.
<lfam>That would be great
<lle-bout>I think also, how is membership to GNU managed, since it's all lax
<lle-bout>I don't agree there should be very formal membership
<lle-bout>But how such organization is compatible with MITRE requirements about CNAs?
<lfam>I have hurled my complaint into the void
<nckx>lle-bout: Do you mean <> (super vague, as expected)?
<lfam>I don't know the requirements, lle-bout. But as it is, there is not even a leader of GNU, or a leadership body
<lfam>I mean, there is a leader, if you look from certain angles
<lfam>Not from this angle of administrative busywork
<nckx><still didn't hear from MITRE?> I didn't explicitly answer yet, so: no, of course not.
<nckx>I don't expect to.
<lfam>Considering that MITRE is a black hole for pre-disclosure security advisories, and that my messages oss-sec take >24 hours to be relayed to the subscribers, one might wonder if the CVE process is just a way for the US govt to to stay one step ahead of the computing community
<lfam>MITRE is one step away from being an agency of our federal govt
<lfam>Anyways... this tinfoil is uncomfortable
<lfam>It seems like a lot of distros are CNAs. We would be in good company
<lfam>Fedora, Debian, SUSE, Red Hat
<lfam>There are even independent researchers who are CNAs now
<lfam>We could offer this service to the rest of GNU
<nckx>lfam: If it were, it would be responsive to encourage submissions, not drive them away, so I think it's actually unlikely for that reason alone.
<lfam>Yeah, you're right. I'm just feeling salty
<lfam>I actually think that MITRE was gutted under the Trump administration because they didn't understand its value
<lfam>Its value to the USG
<nckx>You'd get a free ‘I sent my vuln to the NSA first’ sticker.
<nckx>From that angle it's extremely weird that it isn't well-funded.
<lfam>I may be a free software hacker but I'm also a USA citizen. I like when we have info
<lfam>Well, we could think about becoming a CNA
<nckx>That can only mean that they didn't use ‘cyber’ enough in the presentation and that's entirely on them.
<lfam>"Demonstrate mature vulnerability management practices and a commitment to cybersecurity to current and potential customers."
<lfam>We might want a way to have private Git branches within our infrastructure
<lfam>That's the main thing I've missed over the years
<lfam>The FSF "forge" initiative could deliver that
<nckx>Have they even decided on the software?
<lfam>I don't know
<canant>Thanks for your help, cbaines. Now I have a stable development environment to focus on introductory tasks. :)
<cbaines>canant, great :)
<sss2>hi all
<sss2>is it possible to build package from stand-alone .scm file ?
<nckx>sss2: Yes. Have you tried ‘guix build -f’?
<sss2>not yet
<sss2>thx, i will
<nckx>Note that if your .scm file wraps the (package ...) definition in (define... my package ...), you need to add ‘my-package’ to the end.
<nckx>Otherwise the file evaluates to nothing.
<sss2>but i am not yet here )
<nckx>That said, there's probably a hint to that effect now.
<sss2>"/home/sss/git/guix/guix-packages/packages/ejabberd.scm:9:25: error: (%origin (method git-fetch) (uri (git-reference (url "") (commit version))) (file-name (git-file-name name version))): missing field initializers (hash)"
<sss2>what should i put into hash >?
<sss2>git commit hash ?
<sss2>or ?
<nckx>sss2: The output of running ‘guix hash -rx .’ in a (clean!) git check-out that you've chucked out at <version>. Which version is it?
<canant>cbaines, I'm starting to investigate the tasks listed below. However, I didn't understand the exact expectation about the first task.
<canant>Add a JSON representation for the single job page
<canant>Set a more informative page title for any page where the title is "Guix Data Service"
<canant>Should I create a Json object that includes the information shown on the job page like below?
<canant>Could you please give me more details about it?
<sss2>hmm.... complicated )
<nckx>sss2: 21.01?
<db48x>sss2: the hash is always the hash of the content of the package
<db48x>it would certainly be easier if it were the git hash though
<nckx>sss2: The result should be 0fyxfwgqw72i4nz5g5nw79h6d4f6kw5r2mzh7c2s3npv7kx4zvry, but try to reproduce it yourself.
<nckx>That's commit fca41796c035897b38695a4eb8a004675977835b, tag 21.01.
*nckx AFK, good luck.
<BlackMug>Hi There
<BlackMug>how to contribute to guix wiki if possible
<lfam>That's the Guix manual BlackMug
<BlackMug>yeah but there are missing parts inside it
<lfam>You can contribute to it by following the steps about Contributing, outlined here:
<BlackMug>really if user want to follow copy/paste commands wont work
<BlackMug>e.g: parted /dev/sda set 1 esp on
<BlackMug>this wont work
<lfam>Specifically, the file is where the manual comes from
<BlackMug>because there is a missing command which labeling the partion
<BlackMug>parted /dev/sda -- mklabel gpt
<BlackMug>something similar
<lfam>I don't think that section is intended to be fully copy-pastable. It's more of a general guideline
<lfam>"How to partition a disk" is out of scope for the Guix documentation
<lfam>It's a big and complicated topic that is covered elsewhere
<BlackMug>ah thought its for copy/paste just changing the variables according to the user needs
<lfam>If it's really bad, we should change it. But, in general, one should use the installer if they don't want to do things manually
<raghavgururajan>lle-bout: o/
<raghavgururajan>> lle-bout‎: raghavgururajan: hello! the memory/cpu amounts may be a bit unbalanced yes, could you succeed building after more retries or?
<raghavgururajan>I see. Nope, I tried 4 times.
<BlackMug>also one more question how to add dns in guix manual installation? route command doesnt work , ip route giving error which i dont see a solution for it. but is there specific command im not aware of?
<roptat>BlackMug, "ip route" is not related to DNS
<roptat>it sets the routes (such as the default router to connect to the internet)
<roptat>to set the DNS server manually, you can edit /etc/resolv.conf
<roptat>although, depending on your settings, your changes are only temporary
<BlackMug>you are absolutely correct but /resolv.conf is not there in guix
<roptat>mh, I think it should be, but you can always create it yourself
<roptat>create it with content "nameserver" (replace that with the IP of your nameserver)
<roptat>also, what does "ip route" tell you? what's the error?
<cbaines>canant, hmm, I think the single job task is left over from a previous project, I'm not sure providing JSON would actually be useful. I'd look first at improving the title for one of the pages
<BlackMug>roptat i can as well create /etc/network/interfaces and guix gonna read just like debian?
<roptat>I don't think so
<BlackMug>i see
<roptat>/etc/resolv.conf is a libc thing, so it's read universally, but /etc/network is specific to debian I think
<roptat>but that you don't have /etc/resolv.conf sounds a bit suspicious, you sure the network interfaces and network access is ok? it's only a DNS issue you have?
<canant>ok, thanks, cbaines.
<lfam>Hey cbaines, any sign of your Honeycomb?
<BlackMug>roptat no actually im installing guix on qubes which using xen VM
<BlackMug>so nothing identified by default from the distro
<BlackMug>everything should be put manually
<bdju>so do I really need to install something like gnome-keyring to get gajim to save my password? isn't there something more minimal that would fit a tiling wm better?
<roptat>oh, ok
<roptat>no idea how to help you more then, sorry. and good luck ^^'
<cbaines>lfam, not yet, but I'm hoping it'll ship soon. I ordered it at the end of January
<lfam>I see
<BlackMug>roptat no problem i wont ask sophisticated questions just normal guix on static ip thats the idea
<lfam>That's weird because I've seen people on social media have received them in this timeframe.
<roptat>BlackMug, there's the static-networking-service-type you can use to configure the interface
<BlackMug>roptat really where?
<roptat>just a moment, let me find the manual page for it
<BlackMug>sure tyt
<sss2>guix build: error: /home/sss/git/guix/guix-packages/packages/ejabberd.scm:15:15: package `ejabberd@21.01' has an invalid input: #<<license> name: "Expat" uri: "" comment: "">
<sss2>what does it mean ?
<roptat>oh but that's not useful in the installer itself, only for the installed system
<roptat>so if the network card is detected as eth0, you can set things up manually with "ip l set eth0 up" "ip a add dev eth0" "ip r add default via dev eth0" and "echo 'nameserver' > /etc/resolv.conf"
<lfam>sss2: It means that you need to "prefix" the lices=nses in ejabberd.scm
<lfam>sss2: In Guix, there are variables for 'expat' (a package) and 'expat' (a license)
<lfam>If you use both in the same file, you have to distinguish them
<lfam>If you search in our packages for 'prefix', you'll see how to prefix licenses
<roptat>(that's my usual way to do it, but if that doesn't work I can't promise I know how to solve it)
<sss2>this syntax is new to me
<sss2>sorry for stupid questions
<lfam>I don't know what happened with "lices=nses". I meant to write "licenses"
<lfam>No worries
<BlackMug>roptat no problem i will try and report back
<roptat>BlackMug, good luck :)
<lfam>Same story for zlib, and maybe some other packages too
<roptat>sss2, at the start of the file, you can replace #:use-modules (guix licenses) with "#:use-module ((guix licenses) #:prefix license:)"
<roptat>most of the files in gnu/packages are like that btw, in case you need examples :)
<sss2>guix build -f ejabberd.scm
<sss2>substitute: updating substitutes from ''... 100.0%
<sss2>something happening
<lfam>That means it's working :)
<roptat>and after you do that, you need to replace (license ...) with (license license:...)
<lfam>It didn't crash, so your code is well-formed
<sss2>just a smallest part is left, implement proper logic ......
<raghavgururajan>Hmm. glib-or-gtk build system is not triggering bootstrap in core-updates. Any ideas?
<bdju>what have I got to do after installing gnome-keyring to make it actually work? do I need to make a custom user service?
<raghavgururajan>bdju: Add gnome-keyring-service-type to you system config.
<raghavgururajan>> raghavgururajan‎: Hmm. glib-or-gtk build system is not triggering bootstrap in core-updates. Any ideas?
<raghavgururajan>For example. try `guix build farstream --without-tests=gupnp-igd`.
<bdju>raghavgururajan: thank you, but it seems that still wasn't enough. gajim still says there's no recommended keyring backend found. also `sudo herd status` doesn't list gnome-keyring after my reconfigure
<bdju>maybe I have to log out and back in
<sss2>./configure: ./conftest: /bin/sh: bad interpreter: No such file or directory
<sss2>how to trick this kind of error ?
<roptat>normally the configure script is called with SHELL=..., and we rewrite shebangs, but sometimes you have to rewrite the file with something like this: (substitute* "configure" (("/bin/sh") (which "sh"))) in a phase
<roptat>does it make sense?
<roptat>there's no /bin/sh in the build environment for the package, so we rewrite it to where the "sh" script is actually located
<BlackMug>roptat i set it up following ip commands it didnt show any errors
<BlackMug>but i dont know if its implemented or not
<sss2>roptat, i understand meaning of problem, just do not know how to do this in guix )
<roptat>sss2, oh! it's the generate script that tries to run /bin/sh
<roptat>so you'll have to find how it's generated, and exactly where the /bin/sh comes from
<BlackMug>roptat there is a command showing ip,gateway,netmask,dns ? i can see only ip and netmask
<roptat>then, in a phase (before 'configure), you'd substitute* that file in the way I showed you
<roptat>you can find plenty of examples in existing guix packages if you need to :)
<sss2>looks like we have two SHELL's here
<roptat>BlackMug, good question "ip r" should show gateway, "ip a" should show ip and netmask
<sss2>probably because of spaces
<roptat>BlackMug, not sure for dns, maybe if you install "bind:utils", you can use dig to see if it's working (by default it would use the dns server you configured)
<roptat>sss2, oh, be careful with the substitute* command I gave you, it'll substitute the bin/sh that's explicitely in the store to, so it'll break configure
<roptat>maybe adding the space as you noted would work better: ((" /bin/sh") (which "sh"))
<sss2>but how to apply it
<sss2>i am complete noob to lisp syntax
<sss2>so this is my very first code
<roptat>sss2, maybe something like this:
<roptat>you'd simply replace - with a space
<roptat>you need the whole arguments field too, something like (arguments `(#:phases (modify-phases %standard-phases (add-before 'configure 'fix-bin/sh (lambda ...)))))
<sss2>i will try, thx
<roptat>sss2, something like that (untested):
<sss2>this my brain fails to understand
<roptat>actually you don't even need to specify inputs, so would work too
<roptat>the arguments field is optional, and is used to give more instructions to the build system. Here we set the #:phases argument to be a new set of phases that is like the %standard-phases, but where we add 'fix-bin/sh before 'configure (which is the phase when the configure script is run)
<sss2>yes yes, but this lamda syntax
<sss2>is damaging my brian
<roptat>oh, ok
<sss2>and overall lisp cnstructions
<sss2>i am often coding on c
<roptat>yeah, you'll get use to them ^^
<roptat>I also got introducted to scheme via guix, I totally understand how you feel
<roptat>coming from C/C++ too ^^
<sss2>so for now i do not understand meaning of lamda* nor lambda _
<roptat>lambda is an anonymous function
<sss2>what difference between lambda* and lambda _ ?
<rhou[m]>Quick question: Let's say I developed some software with guix and want it now to put into a docker container with the dependecies in the corresponding `manifest.scm` file. What is the best way to achieve this? Do I create a private channel with the package description of the software to bundle it directly with `guix pack`?
<roptat>whenever you see a * at the end of a procedure name, it means it's the same but different :p
<roptat>so lambda is an anonymous function, and lambda* is also an anonymous function but with another syntax
<lfam>I find this page invaluable when learning about Guile:
<lfam>It can be dense but it is authoritative
<roptat>you can do (lambda _ body) or (lambda (arguments ...) body), and the same with lambda*, but lambda* can also do optional, keyword arguments (like the #:key and #:allow-other-keys syntax I used), and more
<roptat>(the _ is a placeholder, it means "any number of argument, and ignore them all")
<BlackMug>roptat good news ip commands working with add /etc/resolv.conf for dns
<roptat>BlackMug, great!
<BlackMug>i hope to add /etc/resolv.conf by default
<BlackMug>to guix
<BlackMug>i dunno if there is a ticket for that
<BlackMug>also i would like to ask like why guix not using GUI interface similarly to NixOS ?
<roptat>it's already covered by the static-networking-service, but if you think of some way to improve it in the installer, you can send a message to bug-guix
<BlackMug>i mean in the installation process
<roptat>not sure, maybe because interfacing guile and graphical libraries is not very easy
<roptat>also, the image is already very big, and having a graphical interface would make it even bigger
<BlackMug>489MB very big?
<roptat>I mean, it's just above the limit for a CD :p
<BlackMug>lol i see
<roptat>but really, I don't know
<BlackMug>nixos is 1.3 GB
<roptat>maybe now we have enough power on the build farm to generate a graphical variant, but we'd still need to write a graphical interface for the installer
<BlackMug>i think this is priority if guix want new users even new user to gnu/linux
<sss2>BlackMug, not really
<roptat>sss2, it's "lambda", not "lamda"
<sss2>BlackMug, 614M /home/sss/temp/nixos-21.03pre-2021_03_25-i686-linux.iso
<sss2>637M /home/sss/temp/nixos-21.03pre-2021_03_25-x86_64-linux.iso
<sss2>roptat, oh....., just typo, i need to sleep
<roptat>sss2, for some reason I do that one all the time...
<BlackMug> check images size sss2
<BlackMug>full image for sure not the minimal
<BlackMug>ok network done and working
<BlackMug>now for the partitioning
<sss2>thats default image which builds by script
<roptat>well, we plan a new release in... 13 days, there won't be a graphical installer ready ^^'
<sss2>ah, do not waste time on graphical installer
<sss2>better add ability to set static network in installer
<BlackMug>in the VM it should be MBR (better than gpt), is msdos available in guix?
<roptat>the partition type? yes I think so
<BlackMug>sss2 i would agree but as i understand from guix who answered me about that they dont want offline installation plus its a step back to attract new users to guixos
<BlackMug>so 2 goals with one stone is to have graphical installation
<BlackMug>just simple as nixos or trisquel/triskel ..etc
<sss2>BlackMug, i am not talking about offline, i am talking about ability to install without dhcp server
<BlackMug>roptat cool i will try then with MBR which is easier than gpt inside VM
<sss2>"/configure:ac_link='$ERLC $ERLCFLAGS -b beam conftest.$ac_ext >&5 && echo "#!/bin/sh" > conftest$ac_exeext && $as_echo "\"$ERL\" -run conftest start -run init stop -noshell" >> conftest$ac_exeext && chmod +x conftest$ac_exeext'" source of problem
<sss2>roptat, сфт ш увше ше иуащку ./ launch ?
<sss2>can i edit it before ./ launch ?
<BlackMug>sss2 this is what we solved now between roptat and me , we set static ip address for the machine using ip commands + adding /etc/resolv.conf for the dns
<BlackMug>and it worked
<sss2>BlackMug, yes yes, but thuis require to interupt installer
<roptat>sss2, yes, is run in the 'bootstrap phase, so you can add something before 'bootstrap
<sss2>which is inconvinient
<sss2>roptat, got it, i will try
<BlackMug>sss2 not having graphical installation in 2021 is not convenient if we really want to talk about convenience
<BlackMug>but i excuse guix devs because its not mandatory to focus on now because there are other areas to focus on
<sss2>i disagree
<sss2>i prefer to NOT have graphical installer
<sss2>honestly, i like old arch way
<BlackMug>yeah nixos provide 2 images one with and one without
<sss2>also old gentoo way
<BlackMug>so users can use whatever suits them
<sss2>it's ok to have de on live system
<sss2>but i see not need in graphical installer
<sss2>bette improove docs and drop installer completely
<roptat>I mean, we would have the graphical installer, the console "graphical" installer or the manual installation process
<BlackMug>im talking about DE in live system like calameres installer or so for debian
<roptat>it's not like a live system wouldn't have the existing options available
<sss2>BlackMug, this is just a set of limits
<sss2>roptat, as i understand to modify boostrap i need to hook not (arguments but something else ?
<roptat>no, 'bootstrap is a phase like 'configure, so you'd simply add another (add-before 'bootstrap 'fix-another-bin/sh (lambda ...))
<roptat>at the same level as the other one
<sss2>ok, got it
<sss2>so it's just stage in gnu build system ?
<sss2>yes, found example in existing packages, thx
<roptat>yes, the build system is decomposed in multiple phases, and you can replace or add new phases where you want to
<sss2>i should stop i should stop
<sss2>i need to sleep ...
<roptat>then go to sleep, it's the most important thing in the world :)
<lfam>Hey nckx, which MITRE address did you send your followup message to?
<sss2>roptat, can't sleep with porblems unsolved
<sss2>body just refusing to do so
<lfam>nckx: We got some replies:
<nckx>Subject: Re: CVE Request 1045371 for CVE ID Request
<jgomo3>Hi! I'm using Guix in Ubuntu 20.04 as a package manager. What will happen if I install postgres? How would that service be managed? will it be managed by the Ubuntu's systemd?
<nckx>jgomo3: It won't be managed or run at all. After ‘guix install postgresql’ you'll have ‘postgres‘ and related pg_* etc. tools in $PATH when you log in; that's it.
<roptat>jgomo3, that means that to run postgres service, you'll have to run that manually, or create a custom systemd service to run it for you. In general, we don't have support for running services outside of Guix System
<sss2> - i guess some escaping needed ?
<sss2>how to do it in lisp ?
<roptat>sss2, oh, you have two lambdas for the same phase, that's not possible
<roptat>a phase is a single function, but a function can do more than one thing
<sss2>how can i solve this task ?
<roptat>and even the substitute* can take more than one substitution pattern, give me a sec
<BlackMug>i have reached to latest step guix system init /mnt/etc/config.scm /mnt
<sss2>roptat, thx
<roptat>(it's just an example: you can have more substitute patterns if you substitute the same file, and you can call multiple function from the same function)
<BlackMug>it gave me error that no luks partition
<BlackMug>i intentionally skipped encrypting the device
<BlackMug>or the vm
<raghavgururajan>bdju: Oh for Gajim! I am working on a fix, but haven't finished yet.
<roptat>BlackMug, I think that means there's a mapped-device field in /mnt/etc/config.scm that you don't want to have
<roptat>and you want to make sure the file-systems field is setup correctly (no reference /dev/mappers or mapped-devices)
<BlackMug>roptat i can disable luks in config.scm ? or its mandatory to be set ?
<raghavgururajan>bdju: For now, you can toggle-off 'Use System Keyring' in Gajim --> Preferences --> Advanced.
<roptat>you can disable it, it's only mandatory if you actually have luks on your disk
<roptat>the file-systems part don't create the file system, it's information used by guix to know where to load the kernel and how to adjust the bootloader to start the system
<roptat>so if the info doesn't match what's on guix, it won't boot properly
<BlackMug>ok i might be found something else didnt expect that , the config.scm didnt adjust itself to my label because i changed from my-root to guixos
<raghavgururajan>bdju: Hmm. The fact that `sudo herd status` doesn't list gnome-keyring, might indicate the service is broken. Could you file a bug please?
<roptat>BlackMug, you used the guided installer, or followed the manual steps?
<BlackMug>roptat manual for sure
<sss2>roptat, does fuix applying restrictions during build process ?
<roptat>ok, then there's no way guix could adjust itself, you just copied a static file, right?
<roptat>so you have to edit the file and carefully review all options you set
<BlackMug>i see, i hope i done it right
<roptat>sss2, yes, the build is performed in a container where only the declared dependencies are available, with no FHS thing like /bin, /usr etc
<sss2> - is this problem with my dns, or i can't use network during compile (or what is it call)
<roptat>also the store is read-only except for the output paths, and you can't access anything except the current build directory
<roptat>no network
<sss2>and if i need network ?
<roptat>downloading arbitrary stuff from the internet would defeat the goal of having reproducibility
<roptat>the only way to have network is to use a "fixed-output derivation" (like what we use as sources)
<sss2>but this is how build system designed
<lfam>Thanks nckx
<roptat>I'm afraid you'll have to find a way around the build system then
<roptat>like for python, it would try to download missing deps, but instead we provide them in the inputs
<jgomo3>@roptat thank you!
<roptat>we run maven with --offline so it fails instead of trying to download dependencies, etc
<sss2>roptat, understood, but this is work for another day, thx for your assistance
<roptat>basically, you'll have to package the dependencies and provide them, then find a way for erlang (or whatever it is) to find them instead of trying to download them
<roptat>sss2, sweet dreams :)
<everstone>Can I modify default variables instead of having to redefine them? Like if I wanted the group 'users' to have the gid 1000
<BlackMug>roptat i switch vfat to dos right? (i chosen msdos not fat32)
<roptat>mh? I though msdos was a partitioning scheme? (like gpt?)
<roptat>didn't you create a linux partition with a file system (like ext{2,3,4}, btrfs, ...)?
<BlackMug>one sec
<BlackMug>yeah done that
<roptat>so you have to use whatever filesystem type you used for the partition
<roptat>everstone, looking at the code to find out how to do that :)
<BlackMug>i used msdos instead of gpt
<BlackMug>ext4 for xvda1 , swap xvda2
<BlackMug>in config.scm it says:
<roptat>everstone, I'd filter the default list, maybe something like this: (map (lambda (g) (if (equal? (user-group-name g) "users") (user-group (inherit g) (id 1000)) g)) %base-groups)
<BlackMug>file-system: device uuid "1234-ABCD" 'fat
<BlackMug>this need to be changed? or not gonna effect anything?
<roptat>looks like a file system for the efi partition (when using gpt)
<everstone>rptat: Okay, I'll try that!
<roptat>you'll have to remove it or guix will fail to boot (and probably even fail to configure since it won't find the partition)
<BlackMug>ok switch 'fat with what? or just remove it?
<Noisytoot>Could someone apply
<jgomo3>After installing a package linke postgresql: how to get the manual and info documents? context: Ubuntu 20.04 using guix as an alternative package managment. Thanks?
<Noisytoot>Ubuntu contains nonfree software
<roptat>jgomo3, if they are part of the package (I don't know), then you can find them in ~/.guix-profile
<Noisytoot>They might be in a different output
<roptat>Noisytoot, I don't think this kind of comment is very welcoming :/
<Noisytoot>roptat, What type of comment?
<roptat>Noisytoot> Ubuntu contains nonfree software
<roptat>I know it's true, but it's sounds very aggressive
<Noisytoot>But it does
<lfam>There is truth, and there is tact
<lfam>Guix is designed to be used on all kinds of distros
<roptat>jgomo3, if you want "man" or "info" to find them, you'll have to add something like "source ~/.guix-profile/etc/profile" to your ~/.bash_profile
<roptat>the file contains definitions for environment variables that will help them find the relevant files in the guix profile
<lfam>It looks like our postgresql package does not include documentation. At least, it's not where one would expect to find it
<roptat>jgomo3, I just looked at the postgresql package, it doesn't seem to contain any information :/
<jgomo3>Oh, I see. That explains it. Thanks!
<lfam>We need to fix this
<BlackMug>roptat damn 123-abcd is just standard meaningless which i need to change to my device uuid
<BlackMug>thats big F for me
<roptat>you can find it with ls -l /dev/disk/by-uuid/
<roptat>there'll be a link with the correct uuid to the partition
<roptat>should be relatively easy to figure out :)
<BlackMug>yeah but its not friendly :(
<roptat>indeed, the installer would have done that for you :/
<roptat>at least, once you've done it once, you won't have to do it again
<BlackMug>i suggest really to take note from nixos and hope to see it implemented in guix for installation process
<BlackMug>there is a demand in qubes to see guix there (but thats different story) , but the first thing to solve is to make guix friendly at least at the installation
<BlackMug>which is the first step user going to hit
<roptat>yep, the installer was a very good first step in that direction
<roptat>you chose the hard path :p
<BlackMug>no i meant if guix has graphical installation similar to nixos i wouldnt take this path
<BlackMug>i would configure network manager using very easy gui steps
<BlackMug>and done i have network
<BlackMug>then i proceed with the installation
<roptat>right, I guess it'll need some work, but it's probably doable
<roptat>I just don't see it happening soon with our current manpower
<BlackMug>from my experience on distros, distros with easy first steps specially setups get more attractions than using the cli or old graphics
<Noisytoot>GUI installers sometimes don't work
<Noisytoot>I have a computer on which the mouse doesn't work in Debian's GUI installer, but it works fine when installed
<roptat>Noisytoot, we would provide a graphical and console installation image, and I guess even on the GUI you can switch to a tty to run the console installer
<BlackMug>yeah thats what nixos done, they provide 2 sets of distros one for normal/full and one without gui
<BlackMug>roptat exactly
<jgomo3>@lfam, just to not forget the need to fix the postgres package documentation... where can I fill an issue ticket?
<lfam>jgomo3: You can send an email to <>. Thanks in advance!
<jgomo3>lfam: Done! Thanks!
<BlackMug>anyway i need to keep playing with guix over qubes until adding every missing part
<lfam>Thanks again jgomo3!
<BlackMug>thank you roptat for the great help
<BlackMug>really appreciated
<roptat>glad I could hepl!
<roptat>even though I can't type apparently
<BlackMug>take care, god bless
<lle-bout>raghavgururajan: hey! here? It would help if you could (1) submit the patchset for review on guix-patches with git-send-email so I can send inline review comments, (2) be more verbose in either comments or commit messages on the *why* of changes so I can easily understand why and review, thank you!
<lle-bout>lfam: FYI I'm looking at the blocking bugs for the release
<lle-bout>I fixed zabbix, and looking at others
<tricon>Good experiences with zabbix? I'm considering building an instance for work.
<lle-bout>lfam: I think the most important one we should solve is patch, the others are low priority, I think we could as an easy one import all patches from Debian, WDYT?
<raghavgururajan>lle-bout: Cool!
<lfam>I think it's a good plan, lle-bout
<lfam>Some of those bugs, I'm not sure if they are really "blockers"
<lle-bout>raghavgururajan: I already skimmed onto the patches, no big problem, just a bit of not knowing why things
<lle-bout>lfam: yes
<lle-bout>lfam: Remove squid, libupnp and pjproject, we'll solve them ASAP
<lfam>They can be removed by sending a message that "unblocks" them, to the control address:
<Noisytoot>Could someone apply
<lle-bout>lfam: OK! For patch, in the release we can afford to not graft, correct?
<Arnik>I got this error when I am trying to set fonts for tty1: guix system: error: service 'console-font-tty1' provided more than once
<Arnik>How can I solve this problem?
<lfam>What do you mean, lle-bout?
<lfam>Arnik: Can you share the config.scm you're using, on <>? That will make it easier to understand what you've done, and to reproduce the problem
<lle-bout>lfam: is it OK if the release causes world rebuilds?
<lle-bout>lfam: I want to update the 'patch' package directly
<lfam>No, the release will be a snapshot of the master branch
<lfam>Basically, sometime in the days before April 18, we will choose a commit on the master branch, and that will be what the release is based on
<lle-bout>lfam: okay, then what do you think about Ludo's comment at ?
<lfam>I agree with that comment. Maybe Mark Weaver's new foo/stable pattern could be used here
<lle-bout>lfam: I have not understood yet how their pattern works, also, I have not installed the 'patch' package and I have it anyway, so I wonder where from
<lfam>Like, I do use `patch` by hand, and I'd like to use the fixed patch
<lfam>But, in the build environment, a lot of exploitation vectors are not possible
<lfam>I'd guess it's part of %base-packages, not sure
<lfam>If you ask Mark for help on the mailing list, I'm sure he will assist
<lle-bout>lfam: it's in %base-packages-utils
<lle-bout>lfam: we would have to point to patch/something there as well, correct?
<lfam>I think so. The important thing is to use the unchanged patch in the build environment
<lfam>Assuming I understand everything correctly...
<lle-bout>lfam: is there a way to query if packages use patch as a native input or else?
<lle-bout>and if so, which?
<lfam>Hm, I would just `git grep`
<lle-bout>lfam: I was about to, but quite error prone
<lle-bout>lfam: grep -R ',patch' .
<lfam>Maybe `guix package --search=. | recsel -e 'dependencies ~ "patch"' -p name,synopsis`
<lle-bout>lfam: I can see a few
<lle-bout>lfam: wow cool thanks!
<lfam>I don't think it can distinguish between native-inputs or inputs
<lle-bout>lfam: that's fine I think for us now
<lfam>There are very few results grepping for ',patch'
<lle-bout>lfam: yes but there's some :-P
<lfam>It's available in the build environment, so adding ,patch is a mistake, I'd guess
<lle-bout>lfam: yes!
<lle-bout>lfam: so first, remove patch there, then make patch private somehow then create new patch package
<lle-bout>make sure patch can still be used in the build env
<lfam>I didn't look yet at how foo/stable is achieved, so I don't know
<lfam>Basically, if we get it wrong, we'll know. Because everything will want to build from source
<lfam>Noisytoot: It won't help to spam
<lle-bout>Noisytoot: there's 1000+ patches pending review, I am sorry I am not sure I can do it now
<lfam>I'm sorry
<lle-bout>Noisytoot: we have items with more priority right now, I can think of security issues to patch, then GNOME 40 upgrade, after that I'll feel better reviewing other patches
<Noisytoot>GNOME 40 is much larger
<lle-bout>Noisytoot: I am 100% focused on security and GNOME 40 upgrade these days
<lle-bout>Noisytoot: Why do you need that patch merged? Maybe a channel or including it inline in your config are solutions?
<lle-bout>Noisytoot: is this part of some larger work?
<Noisytoot>lle-bout, It is a dependency of Sourcehut
<lle-bout>Noisytoot: frontend ?
<Noisytoot> (which is required for all sourcehut packages)
<lle-bout>Noisytoot: I think it is great you open a big issue for sourcehut and suggest things there so people know
<lle-bout>It helps me filter and gain motivation for things
<lfam>I pushed the patch Noisytoot.
<lle-bout>That's good you mentionned it, because I am interest in Sourcehut also.
<lfam>I'm sure you noticed that this channel is more about discussion than asking for reviews
<lle-bout>lfam: I did it also when I wasnt committer so I totally understand :-S
<lfam>This was a really simple package / patch so it was easy
<lfam>I missed that your email address was wrong in the commit message, but I can't change it
<lle-bout>lfam: thanks for handling it
<lfam>I don't know why some submitter's get their email address rewritten like that
<lfam>I think that the best way to get your patches reviewed more quickly is to start reviewing other patches. People will notice and return the favor
<lfam>And it helps with the problem, too
<Noisytoot>I am not a committer, so I can't apply patches
<Noisytoot>Why is "guix" a suffix for bug-guix/help-guix, but a prefix for guix-patches/guix-devel?
<lle-bout>Noisytoot: you can still comment on whether these patches build for you, and if you notice some violations to the guidelines
<lfam>I really value reviews from non-committers. It helps a lot
<lfam>And it's a good way to become a committer :)
<lle-bout>lfam: I think probably there should be some blog post or announcement that reviewing as a non-committer is valuable
<lfam>It also will improve your own submission quality. Not that anything was lacking in #47585 :)
<Noisytoot>I just found
<lfam>Yeah, I agree lle-bout
<lle-bout>lfam: I didnt feel legitimate to do this as a non-committer
<Noisytoot>I think all Python dependencies of are packaged, but I don't know about the rest of sourcehut
<lfam>I think the feeling is widespread lle-bout
<lle-bout>Noisytoot: thanks a lot!
<lle-bout>Noisytoot: about sourcehut
<lle-bout>lfam: about whether stuff builds or running guix lint, we should probably just have a robot for this.
<lle-bout>lfam: I would make such robot post to the issues directly but..
<lle-bout>lfam: would that be considered spammy?
<Arnik>lfam: here is the link of my config.scm:
<raghavgururajan>lle-bout: Any idea how to build webkitgtk on offload-VM?
<lle-bout>raghavgururajan: login there and use --cores=8 for example
<lle-bout>raghavgururajan: --cores=N options arent passed through offloading somehow AIUI
<raghavgururajan>lle-bout: Oh so I clone and bootstrap the repo in the VM and build?
<lfam>lle-bout: That sounds like the service that cbaines runs
<lle-bout>raghavgururajan: yes, workaround but yes
<lle-bout>lfam: yes! but accessibility to that info is very poor
<lle-bout>even I have trouble using it
<lfam>Yeah, but I think it will improve
<lle-bout>lfam: do you think it would be OK if a robot replied to the issues?
<lle-bout>lfam: so that such info reaches the contributor also, without any additional setup
<lle-bout>lfam: I'm going to open a thread on the ML
<lfam>I think a lot of us will unsubscribe
<lle-bout>lfam: how else can we do?
<lfam>There's already too many messages
<lfam>I would work with cbaines to improve that site
<lle-bout>lfam: then send off-list to the contributor?
<lfam>It's not clear to me how it would work
<lle-bout>lfam: is there a way to reply off-list but attach to another list also? that people could choose to subscribe to? Like
<lfam>Mail delivery is not a simple issue, and we should be careful when adding new automatic mail things
<lfam>Well, start the discussion!
<lle-bout>Alright! :-D
<lfam>At least we can see what people think
<lle-bout>I think this will save us SOO much tie
<lle-bout>time *
<Noisytoot>lle-bout, Should I send the sourcehut thing to bug-guix or guix-devel?
<lle-bout>Noisytoot: not sure if it's best to submit all deps and sourcehut in one big bug, or to simply keep track of an abstract project and WIP status on guix-devel
<lle-bout>Noisytoot: Do as you see fit but if there's no patches in that thread, then definitely guix-devel
<lfam>Do we have a package that provides a "photograph browser"? Like, a way to view photos, plus a sidebar with thumbnails, to quickly skim through them?
<Noisytoot>Shouldn't patches be sent to guix-patches rather than bug-guix?
<lle-bout>Noisytoot: right, but for me everything ends up in guix-patches..?
<lle-bout>lfam: ephoto from a quick guix search?
<lfam>There is also shotwell, but it's slow to build the thumbnails
<lfam>ephoto is great, thanks