<lfam>jackhill: It sounds like a problem with not being able to find the certificates
<jackhill>lfam: it is good to be sure :) Yeah, I think the certs aren't available inside the flatpak container (at least not in an expected place)
<jackhill>some flatpak-ed applications, like firefox, ship their own trust roots I assume, but haven't fully investigated.
<guixy>civodul: I have two old laptops I'm using as home servers. I want to let people in my household use them to learn python and scheme. It's also an exercise in writing guix services and thinking through security issues.
<lfam>jackhill: It's highly likely that firefox includes its own certs. Firefox / Mozilla is *the* authority on certificates, and they actually create nss-certs as a byproduct of that
<lfam>They lead the community that decides which certificate authorities can be trusted
<jackhill>I was somewhat hoping that someone that pakages applications for flatpaks (e.g. the org.chromium.Chromium folks) would recognized what at gone wrong and then we could translate the solution to Guix, but I'm still not sure if it's a Guix-specific problem
<flatwhatson>lfam: will do. briefly, git-predicate is useful for creating a local-file source for a package definition in a project's guix.scm (ie. building based on current source code checked out in the repository)
<flatwhatson>but if your project uses submodules, those don't get included so you need to write a custom predicate around "git ls-files --recurse-submodules"
<nij>pkill9: I'm new to home surveillance stuff before. Not sure which kinda packages I'd need to stream from a camera.
<lfam>flatwhatson: That does sound like a missing feature!
<lfam>The code probably dates to before we added support for Git submodules to git-fetch
<raghavgururajan>lfam: Should one alter the commit message, while cherry-picking a commit from another branch?
<lfam>I guess it depends on if it needs to be changed or not
<lfam>Many times, I don't think it would need to be changed
<raghavgururajan>IIRC, we updated package to latest version and guix lint didn't show any more CVEs. Also, I think the change was added as part of the cosmetic change commit, to cleanly apply succeeding patches.
<raghavgururajan>Yeah, the commit title didn't mention the change but the commit message did.
<guixy>Been working for the past day on a jupyter service. It seems fine for now as long as you don't need SSL encryption. I'll test it tomorrow to make sure it's stable. Expect patches soon.
<guixy>If anyone wants to work on making it more secure outside localhost or a direct ethernet connection, I'll clean the code up and send it to them on request.
<civodul>not even GCC + libc++ (instead of libstdc++)?
<cTeX>If I have issues with a foreign-distro installation of Guix, should I try the distribution's package of it, if available?
<cTeX>I wasn't able to get Guix working correctly on Fedora 33.
<cTeX>It appears that the daemon or service is not run, even after enabling and starting the service manually; when I ran `guix pull` or ...`install [emacs]` it would complain that a service needs to be available.
<cTeX>I can't stay logged, though; I have an exam early Friday morning, and I am expecting an interviewer to call me in the morning. I'll check the channel logs for a reply some time tomorrow. Have a good night!
<rekado>civodul: no, there are many errors when building with GCC, since GCC is a bit stricter about certain things (like order of initialization). There’s a long, but outdated patch set to make it build with GCC.
<rekado>upstream is not interested in making it work with GCC, so the patch never got merged.
<rekado>cTeX: could be that the daemon is prevented from doing work by SELinux
<rekado>cTeX: you could either set SELinux to permissive mode or help us figure out what needs to change in our guix-daemon policy for SELinux.
<civodul>rekado: and there's no way to get around it with -std=c++11 or whatever?
<brendyyn>civodul: Thanks for reviewing the wrap program patches 🎉
<brendyyn>Do you mean you just applied it to your own core-updates to build your own system for testing before pushing?
<civodul>brendyyn: yes, i'm testing this and other patches on core-updates to make sure nothing obvious broke
<leoprikler>but tbh I still favour Guix' design, as it's more functional
<brendyyn>tbh i never figured out how to download and apply lots of patches so ive never tested any long patch series before
<brendyyn>normally id just use the web interface to download one at a time
<brendyyn>i just tried the magit invocation C-u M-x debbugs-gnu RET RET guix-patches n y, and then ran debbugs-gnu-apply-patch on a thread and got all sorts of errors, 3 emacs windows opening, and a bunch of unstaged changes applied to the repo
<roptat>apteryx, any estimate for the release? anything I can help with?
<apteryx>What is slowing it down at this point is 1) we do not have armhf-linux cuirass workers producing substitutes (and QEMU emulation is not always viable -- causes false positive failures) -- that's being worked on by Mathieu and 2) same for powerpc64le
<apteryx>roptat: we'll also have to expound that WIP commit at the top of the version-1.3.0, although this can wait after RC1 is out
<civodul>apteryx: you're offloading to the OSUOSL machine?
<apteryx>by the way, sorry for repeating the question, but I still don't understand the firewall requirement thing; what is it about? Can't we have that OSUOSL reach berlin via the already opened wireguard port?
<apteryx>civodul: wg is refreshingly simple (very similar to SSH), and it has a keepalive toggle (supported in our wireguard-peer-configuration) that allows machines behind NAT to keep being reachable.
<apteryx>FYI Mathieu has also explained the process well in doc/cuirass.org (guix-maintenance repo)
<morgansmith>powerpc + guix is going to be awesome! Does any other distro have a bootstrap seed as small as ours? If not then powerpc + guix would be the most auditable system available right?
<meo>there's autossh for maintaining persistent ssh tunnels, idk if that helps, I used it successfully
<apteryx>At least judging from the Makefile.am, not sure what the blockers are for adding it to the current "GUIX_SYSTEM_SUPPORTED_SYSTEMS ?= x86_64-linux i686-linux" variable; perhaps someone more in the know (lle-bout) can comment
<morgansmith>frankD2: guix installs the packages. Straight installs them in a different place. Straight is easier to use if you want to be on the bleeding edge. guix is better if you want stability and the ability to rollback version. I don't think either offer the ability to configure the package though. You can configure the packages in any way you want and it'll work regardless of if the packages are installed using straight or guix
<frankD2>@morgansmith i'm having trouble trying to get doom-emacs magit-forge working, emacs couldn't fine sqlite3 binary, even after (setq sql-sqlite-program ***), Any idea ?
<morgansmith>frankD2: Oh ya. Ok for guix system then installing packages using guix is superior. For the guix packages people package all the dependencies with it and set the paths right. For emacs packages without dependencies they're the same :P
<tissevert>I have a question about coding style inpackage definitions: looking at package definitions, I've seen the `(inputs …) «thing» (what type is that thing ? I haven't got a clue) use the comma as separator between keys and values like this : ("key" ,value)
<tissevert>it looks like there's a good reason to write it like that related to fundamental scheme stuff I don't know
<abcdw>jgart[m]: Oh, the invidious is pretty cool, thank you for pointing it out.
<tissevert>what is this reason ? is it simply an arbitrary esthetic choice ?
<morgansmith>tissevert: The quasiquote prevents evaluation of things contained within. The comma re-enables evaluation. so `("package" ,package) expands to a list with the first item being a string and the second being the actual package object obtained from the evaluation of "package"
<roptat>tissevert, if you wrote `("package" package) instead, you'd get a list whose first element is the string "package" and the second is a symbol package (not evaluated, it's somewhat similar to an atom in prolog if you know that)
<morgansmith>tissevert: Reading a bit of the guile manual or the rsr6 standard might be helpful. There is also a guile irc you can ask questions on too (but we're happy to answer questions here as well :))
<roptat>the comma (,) is called "unquote", and it works inside a quasi-quote (`), but not inside a quote (')
<abcdw>frankD2: jgart[m]: The approach for managing emacs config with guix you mentioned is a little hacky. We recently finished home-emacs-service-type for `guix home`, this solution should be much cleaner, I'll make better examples in a few weeks. And maybe will write more details to guix cookbook or will make a stream on the topic.
<morgansmith>tissevert: It's probably important to note that everything in scheme is a list and we don't use any seperators in the lists except whitespace. That's why we are able to repurpose comma to do a different thing
<roptat>tissevert, there's also "unquote-splicing" (,@) which is the same as the quote, but removes one level of parenthesis (it can put more than one element at the current position)
<tissevert>roptat: I don't know prolog but I thought there were atoms, isn't that what quote does in front of a string ? 'foo
<roptat>' and ` are the same, but you can unquote `, whereas you can't unquote '
<tissevert>morgansmith: ohhh so yes of course in that case they'de be equivalent
<rekado>finished building irods. But it’s deeply unsatisfying to have all these clang-6-built library variants.
<tissevert>«you can't unquote '» : wait, that means a list declared with '(…) can only contain immediate values (strings ? anything else ? ints maybe ?) and symbols ? at least no variables
<morgansmith>when building emacs packages, do you always set the elisp dependencies as propagated inputs?
<dongcarl>We likely need to skip a coreutils inotify test for v1.3.0: #47935. I've reported the underlying bug upstream and will keep track of it.
<morgansmith>tissevert: You can later evaluate things in the list because you still have the data. I'm not quite sure of the syntax but I think something like this is valid (eval '(display "Hello World!")). The quote returns the literal list with no evaluation but then we give that data to the eval function which runs it
<morgansmith>tissevert: The point I'm trying to get at is you can put variable names in a quoted list if you really want
<tissevert>yeah, but they'll be temporarily «inactivated» into symbols, won't they ?
<jgart[m]>Everybody prefers , instead unquote for obvious reasons
<morgansmith>maybe we should mention that ' and ` are actually just short forms. so like '(my "list") == (quote my "list"). The idea of scheme is that everything a list and there is no other syntax. but then we added some. but that syntax can be expanded to the original syntax of just lists. dunno if that made sense. I'm probably using the term list in a confusing way...
<jgart[m]>does anybody know why guile requires a second argument to eval (interaction-environment)?
<guixy>What are the minimum texlive packages necessary for exporting a jupyter notebook to pdf via LaTeX?
***iyzsong- is now known as iyzsong
***MidAutumnHotaru7 is now known as MidAutumnHotaru
***drakonis1 is now known as drakonis
<apteryx>lfam: I was asking a collegue about a solution for ARM CI; they pointed to the new Apple M1 chip. Being massed produced, it is affordable and apparently there's an effort to reverse engineer the GPU drivers. A Mac mini costs less than 1k for the base model (8 cores/8 GiB ram/256 GB SSD). I'm not a big fan of Apple, but perhaps an option to consider.
<lfam>Yes, perhaps. That and the Ampere Altra are by far the fastest ARM CPUs
<lfam>I wonder if the M1 is cost-effective compared to the Altra, especially when you factor in the headache of the M1 being an inappropriate form-factor (laptop or "mini" PC)
<gr0n>you could rent a cloud instance for ARM builds as well. again, not ideal, but it might serve the purpose until Morello boards go out and more chips get produced?
<lfam>We really prefer not to use cloud services for the build farm
<lfam>I can also assist with a Wireguard tunnel through my own server if necessary
<apteryx>Actually they probably already saw my email to guix-sysadmin, so I'm not sure what they can do more :-)
<apteryx>perhaps no need to worry about it until I setup wireguard (I trust this will work, we did for 2 machines couple days ago and it was working fine)
<lfam>Yeah, but even "dunno, that's weird!" is a response worth getting quickly
<lfam>Do you have a date in mind for 1.3.0, apteryx?
<vagrantc>just release it on April 18th with an appropriate UTC offset :)
<nckx>jess: I agree, but well, this is IRC; trying something remotely new is always scary. I like the idea of more community news, especially if it's not just projects like Ubuntu that get to shine. I hope it works out.
<nckx>That sounds like a (not so) subtle hint but really wasn't.
<apteryx>Guest75: if you get an SSD, something such as a X200 is quite decent
<lfam>When people complain about "bloat", GNU is usually their first target. In my opinion, "bloat" is features, and features are what it's all about
<lfam>Yes, no matter what computer you use, you'll be happier using Guix with solid-state storage. Guix is extremely I/O intensive
<vagrantc>guix definitely consumse more disk space than other more conventional distros
<Rovanion>I made a stupid little documentation patch this december and forgot to mark it as a patch. Unsure if it still applies but if it does perhaps it can help someone in the future: https://issues.guix.gnu.org/45542
<Guest75>yeah, ur right. but idk what else to go with, especially because im trying to get a somewhat ok experience whilst using linux on my oldie laptop. can you guys help me come up with some solution?
<lfam>vagrantc: Beyond space usage, Guix accesses I/O resources in some really unusual and intensive ways
<lfam>Guest75: My advice for using Guix on an old laptop is to use an SSD and always use packages from the day before, rather than updating them immediately. That way, it's less likely that you'll have to build from source
<AleQu[m]>Hey folks, I have written and tested a new (and my first!) package definition. I'm trying to figure out what to do next, but I'm finding the manual 'Submitting patches' a bit unclear and wanted to check. It seems I need to: (a) clone the repository (which I'm assuming is <https://git.savannah.gnu.org/git/guix.git>), (b) insert my package definition in one of the bundles (let's say 'python-science.scm', though I'm not really
<AleQu[m]>sure how to choose), (c) produce a patch with 'git format-patch', and (d) mail the patch to <email@example.com>. Is that enough? Did I miss something?
<lfam>If you don't do that, just mention it in the commit message of your patch file
<apteryx>perhaps connected to my work VPN, which is usually on.
<guixy>AleQu[m]: It sounds like the library you packaged is like python-igraph in gnu/packages/graph.scm or python-objgraph in gnu/packages/python-xyz.scm. You could put it in one of those files. The maintainers are not picky enough about where you put packages imho.
<AleQu[m]>Thanks everyone, I'm taking notes. Oh, there's one more thing, I've written my definition accompanied by a tiny procedure that figures out the pythonpath to install to, to make it more readable. Does that go into the same file? Or should I undo the procedure and just incorporate it to the definition?
<lfam>apteryx: I've had weird DNS issues in the past after turning wireguard on and off
<cTeX>hash guix # Does this belong in my BASH Profile?
<cTeX>Might that be why `. .bash_profile` was unsuccessful?
<cTeX>I understand the process I followed is difficult to follow from the way I've communicated it, and I apologize for that and for this wall of text that I've submitted to the channel. I hoped to include enough information for it to be helpful, rather than only providing the error I recieved when sourcing my BASH Profile and saying, "this didn't work." :) Thanks for any help or suggestions, Guix!
<bandali>[aside: for future reference, please use paste.debian.net instead of pasting multiple lines of text into irc :-)]
<cbaines>your second message contains all the information necessary
<cTeX>I'll also mention that I've experienced that error with `guix pull` in the system distribution of Guix, as well as on a foreign distro (Parabola). The second time that command is run it was successful, and it is presently "Computing [a] Guix derivation" for my current system. Is there something strange happening that might require a failure on the first run? A strange hidden state, perhaps?
<jgart[m]>nckx: Sorry! I'm messaging across a matrix bridge. Now I understand Drew when he says "Also, their bridge is a major nuisance to IRC, which biases me against them. Please don't integrate your next chat app with IRC; just leave us alone, thanks."
<jgart[m]>I think matrix needs an IEEE standard so to speak for their bridges
<rekado>apteryx: perhaps your IP has been banned for too many authentication failures? We have some custom iptables rules in maintenance.git that could have that effect.
<apteryx>rekado: sorry for the bother, there was something with my network; all I had to do to resolve it was 'sudo herd restart networking' (!)
<AleQu[m]>jgart: well, it's not really an encoding issue, it's because we're both messaging from matrix so you mention me with my full matrix name, which doesn't correspond to my irc name because it contains spaces and the japanes character for number 2 (which may look like an encoding issue if you don't have a font to display it I'm guessing). Well, one could improve the bridge to convert the names inside mentions too, but well. I
<AleQu[m]>personally think it works like a charm nowadays (it was a bit rough early on).
<apteryx>I still don't get it, but it works, so that's that.
<apteryx>nckx: the osuosl machine accessible on localhost port 2224 appears to be unreachable
<apteryx>process 59198 acquired build slot '/var/guix/offload/localhost:2224/0'\nguix offload: error: failed to connect to 'localhost': Connection refused
<guixy>Today I experienced yet another moment where a hacker's guide to guix would have made things so much easier.
<guixy>I understand the source a little bit more now. But the newcomers with parenthephobia would give up if they realized they would have to go through the same experience.
<apteryx>nckx: perhaps the tunnel has fallen for some reason. I'll restart it in screen.
<zzappie>Hey guix! Anyone using marionette-eval here? Is there a way to get thrown excetption? I always get #f if things go wrong...