<drakonis>you can point it to with git://<path to git repo with trailing backslash>
<sss1>thx, i will read, i think i have already done it, but probably missed something
<sss1>what is best way to make own versions of just some packages from guix itself without introducing any kind of collisions ?
<sss1>i do not want to have copies of whole scripts like messageing.scm for example
<tassos-m>I need help with making an executable file in the store. I've been trying with a g-expression that uses a local file and then calls chmod but it fails with "operation not permitted". Has anyone done something like this before?
<KE0VVT>Does anybody know how to build Abrowser for Guix?
*raghavgururajan is pulling his hair out on finding a replacement for calibre
***califax- is now known as califax
<therealdonotshak>Calibre does a lot. What functions are you looking for? Conversion, library organization?
<drakonis>huh, what's up with core-updates-frozen? are we getting an update?
<marusich>the_tubular, a lot of big companies likely have their own processes and build systems, and it is difficult to advocate to use something like Guix in those environments. Guix is more likely to see adoption in places that are not already wed to a specific style of building or deploying software; so probably not large companies is my guess.
<marusich>I imagine that researchers and newer organizations are more likely to adopt Guix. Another significant contributing factor is that the company is more likely to use Guix if they care about free software.
<marusich>My impression is that most people, regardless of the company they're in, end up "just doing it" and getting the job done with whatever tool works. Guix can get many jobs done, so I imagine it's being used here and there.
<the_tubular>True, maybe that is controversial, but I'd like to see big companies use Guix. I really feel it is a unknown gem
<marusich>You are less likely to hear about large companies using Guix, though, comapred to individuals, because it is unfortunately common (in my experience, at least) for companies to have policies that as a rule tend to discourage people from talking about what they do in their job publicly.
<the_tubular>I mean, yes and no, a lot of companies are backing debian / ubuntu even Centos
<marusich>I suppose I could be wrong; I only know my own experience, and I don't have studies or anything to provide data.
<marusich>I also want to learn more about how to make VPNs. I feel like it would be really useful to be able to make "my own network" on top of an existing network infrastructure...
<the_tubular>Yes, checkout Wireguard. You'll need some networking basics to get it working, but it's really useful to have
<the_tubular>I use that everyday to get into my homelab from the internet
<marusich>Think, an office in which you have no control over the IP addresses or the DNS names. It would be great if you could create your own overlay network using machines on that network, and just do your thing inside there.
<marusich>I keep hearing about wireguard. I guess I need to learn about it and try it.
<apteryx_>marusich: also, you may want to check the autossh service; I use that with reverse port forwarding to allow SSH'ing to my office machine
<apteryx_>(the office machine connects to home via SSH using the autossh service; a port is kept open to allow connecting from it in the reverse direction (e.g. ssh localhost -p 6666). You need port forwarding on your home router + have a script to refresh a dyndns service with your (changing) home IP.
<apteryx_>wireguard is nice but it doesn't handle dyndns itself (I hear there are scripts to kick it into doing that, but the wireguard service in guix doesn't have that -- yet).
<apteryx_>so if your home ip changes and for some reason the keep alives were interrupted, it won't reconnect automatically as it will keep trying the old IP (it resolves the host name of the remote only at start)
<marusich>Too many options! I feel overwhelmed :) I'll try to keep this one in mind, too.
<tissevert>in my case, I was just looking for the latest version without a package I had been trying, so a find -L … | wc -l did the job and wasn't too slow, but I wanted to make sure I wasn't missing an existing info
<roptat>maybe something interesting would be to have a hash "up to references", so if you have a package that has the same hash as what you want to download, you can replace that with a graft
<roptat>or maybe simply have the narinfo advertise the hash of individual files, and the substitute server could serve files individually, so you can choose to download the full substitute or just pick a few files that you don't have yet
<southerntofu>the individual files approach would be interesting because it would play well with P2P distribution (eg. IPFS/torrent)
<southerntofu>buut that may be impractical for packages with a lot ofsmall files?
<anonhyi>I recently started using Guix, partly on a laptop. My main distribution is Qubes. Actually, I had a few questions, is Guix safe without preconfigurations? How secure is it against HardenedBSD, or at least OpenBSD? I plan to use a security strategy like in Qubes, that is, through virtualization, but I need a secure host of machines. I also noticed that Guix had problems with Xen, at least I could not start
<anonhyi>it, although I was able to install it. Thank you in advance for your response.
<anonhyi>Or is it better to choose debian / devuan?
<rekado_>there’s no system-wide hardening for Guix System, but “security” is always a matter of degree.
<rekado_>virtualization is convenient with Guix as you can use “guix system vm” (and others) to build declarative VMs.
<sneek>minikN, mekeor[m] says: i would have guessed that you can install two versions of a software at the same time with guix. so, i wonder how exactly guix complains when you try to upgrade wlroots. do you have an error message?
<roptat>minikN, so you have #:use-module (base-system) in the second file?
<roptat>and is that file really base-system.scm, from the path pointed to by -L?
<GNUtoo>anonhyi: comparing security systems is hard, especially when they don't necessarily address the same issues
<GNUtoo>Guix is probably the best distribution for reproducible build as it goes beyong just having reproducible packages: there is work on reducing the amount of (free) bootstrap binaries to trust
<GNUtoo>One of the big advantages of OpenBSD is that the design is less complex, but the security team often do things based on intuition rather than proven scientific research, though that was worth with spectre/meltdown class of bugs
<GNUtoo>And for Qubes as I understand the main security feature is based on hardware isolation. How effective it is probably depends on the hardware and so on.
<GNUtoo>Note that security is more a process than some features and the distribution is not the only part in it
<GNUtoo>You have human behavior, the hardware, your BIOS / UEFI, and many other things that are to be taken into account
<GNUtoo>And all that have to be relative to a threat model anyway
<GNUtoo>The neat thing with Guix is that it could enable to recover from attacks way more easily if all your config is public, and easily retrievalbe
<apteryx>hello Guix! Question; how should TLS certs be exposed to containerized Shepherd services?
<dstolfa>apteryx: if you find out, please let me know. i'd like to know that as well :)
<GNUtoo>apteryx: dstolfa: there is letsencrypt support but there is a chicken and egg issues sometimes
<GNUtoo>With https for instance, nginx needs a certificate to start, but letsencrypt needs nginx to work if it uses webroot
*GNUtoo wanted to add standalone support for letsencrypt but as I'm a total beginer to lisp I didn't manage to do it well yet
<apteryx>GNUtoo: I meant in the context of GnuTLS and OpenSSL. The former wants the certs under /etc/ssl/certs; the later honors the SSL_CERT_DIR environment variable.
<apteryx>Oh, I have an idea. Add a 'tls-certs' field to the configuration of the service (defaults to nss-certs). In the shepherd service definition, add a #:mappings entry for mapping /etc/ssl/certs to #$nss-certs/etc/ssl/certs in the container (fixes GnuTLS). Also specify SSL_CERT_DIR in #:environment-variables to that mapped /etc/ssl/certs (fixes OpenSSL).
<apteryx>GNUtoo: no worries, thanks for tipping in :-). And happy you're sticking around here. Have you managed to get some value out of Guix for your Replicant endeavours?
<bricewge>GNUtoo: You want to run certbot with it's built-in web server. So I guess you wouldn't use that machine as web server?
<bricewge>I'm also bothered with the chicken and egg problem when using nginx and certbot.
<GNUtoo>bricewge: the idea was to somehow first run the standalone certbot, then once the certificate is ready, through the hook start nginx, and then have a regular certbot with webroot do the cert upgrades
<roptat>this error "unbound variable" often hides the actual error which is that the module fails to compile
<ggoes>is it possible to download extensions to guix's ungoogled-chromium without a google account? aside from those like ublock that have guix packages. opening the add-on file locally doesn't seem to work
<rekado_>I sidestepped the issue by only running a subset of the tests.
<minikN>So I'm calling the script like so: wsl -d guix /bin/busybox sh -c "/path/to/guix-infect.sh /path/to/wsl.scm" and I changed the guix command inside to this: "guix system reconfigure -L $(dirname $(readlink -f $1)) --no-bootloader $1 --no-grafts", $(dirname $(readlink -f $1)) returns the folder containing wsl.scm, which also houses base-system.scm.
<minikN>But Im still getting ice-9/eval.scm:223:20: In procedure proc:
<roptat>also, I see there's "wsl" at the end of wsl.scm, but it's never defined
<minikN>Currently, with the export section and (define base-operating-system ...) the error says "unbound whatever ... Did you forget to add (use-modules (base-system))?", If I remove the export section and instead do (define-public base-operating-system ...) the error now says "Unbound whatever .. Did you forget to add 'use-modules'?" Why does the message
<roptat>I think it's because the mechanism is not exactly the same, so guile doesn't know in advance what is exported with define-public. For packages and services in guix though, it's pre-compiled, so guile usually knows about them