<sss1>hi all, is here any documentation on how to create custom guix channel ? <sss1>it does not describe file/dir layout, or how to define one <sss1>also, i want to use local channel, not in git, is it possible ? <sss1>for example i need to modify some package which already on guix and do not planing to publich it <sss1>want to work with it locally <civodul>sss1: if you have a non-Git directory and you'd want to point Guix to it, you can pass "-L /path/to/packages" or set GUIX_PACKAGE_PATH <civodul>but overall, a Git repo (so, a "channel") is preferable <drakonis>a local git repo is actually surprisingly easy to do <sss1>can i read more detailed documentation about all this ? <sss1>yes yes, i know git, i mean about guix <drakonis>you can point it to with git://<path to git repo with trailing backslash> <sss1>thx, i will read, i think i have already done it, but probably missed something <sss1>what is best way to make own versions of just some packages from guix itself without introducing any kind of collisions ? <sss1>i do not want to have copies of whole scripts like messageing.scm for example <tassos-m>I need help with making an executable file in the store. I've been trying with a g-expression that uses a local file and then calls chmod but it fails with "operation not permitted". Has anyone done something like this before? <KE0VVT>Does anybody know how to build Abrowser for Guix? *raghavgururajan is pulling his hair out on finding a replacement for calibre ***califax- is now known as califax
<therealdonotshak>Calibre does a lot. What functions are you looking for? Conversion, library organization? <drakonis>huh, what's up with core-updates-frozen? are we getting an update? <marusich>the_tubular, a lot of big companies likely have their own processes and build systems, and it is difficult to advocate to use something like Guix in those environments. Guix is more likely to see adoption in places that are not already wed to a specific style of building or deploying software; so probably not large companies is my guess. <marusich>I imagine that researchers and newer organizations are more likely to adopt Guix. Another significant contributing factor is that the company is more likely to use Guix if they care about free software. <marusich>My impression is that most people, regardless of the company they're in, end up "just doing it" and getting the job done with whatever tool works. Guix can get many jobs done, so I imagine it's being used here and there. <the_tubular>True, maybe that is controversial, but I'd like to see big companies use Guix. I really feel it is a unknown gem <marusich>You are less likely to hear about large companies using Guix, though, comapred to individuals, because it is unfortunately common (in my experience, at least) for companies to have policies that as a rule tend to discourage people from talking about what they do in their job publicly. <the_tubular>I mean, yes and no, a lot of companies are backing debian / ubuntu even Centos <marusich>I suppose I could be wrong; I only know my own experience, and I don't have studies or anything to provide data. <marusich>On the positive side, my experience suggests that most people are willing to consider using Guix if you can show them that it solves their problems. <the_tubular>Just go on Ubuntu's website, main page has 5 top companies listed <marusich>By the way, did you solve your btrfs issues? <the_tubular>Yes. I've gotten in touch with raid5atemyhomework and he helped me figure it out. He seems very nice <the_tubular>I was planning to kind of do a writeup, so people don't fall in the same pitfall I did <marusich>That would be cool. An addition to the Cookbook, maybe? <the_tubular>Basically he defines package and functions in his config.scm, he doesn't use what's in the repo <the_tubular>Well he inherits those and do some hacky things to them <marusich>Anyone can post to the Guix blog, too, if you have something interesting to post, FYI.' <the_tubular>Maybe i will, I'm a bit busy these days, but it's definitely something that people should have access to <marusich>I see. Yeah, Guix makes it possible to customize the system in ways that are extremely hard to accomplish using a traditional distro (IMO) <the_tubular>He submitted a few patch, I guess if those patch gets merge, the way to get ZFS working will probably be simpler <marusich>I was just pointing out that it's something anyone can do <marusich>the cookbook is also a good resource and anybody can contribute to that, too <the_tubular>I'm not a big fan of the cookbook to be honest, guess I've been spoiled by Gentoo's wiki in all those years <the_tubular>That one pager sucks if you just want a quick ctrl + f <marusich>I like reading about random stuff people do with guix on the blog though <the_tubular>Also I feel you can't go in as deep in an issue with the cookbook <marusich>One nice thing about the blog format is that you don't have to worry about keeping it up to date, if things change in the future (hah) <marusich>I also want to learn more about how to make VPNs. I feel like it would be really useful to be able to make "my own network" on top of an existing network infrastructure... <the_tubular>Yes, checkout Wireguard. You'll need some networking basics to get it working, but it's really useful to have <the_tubular>I use that everyday to get into my homelab from the internet <marusich>Think, an office in which you have no control over the IP addresses or the DNS names. It would be great if you could create your own overlay network using machines on that network, and just do your thing inside there. <marusich>I keep hearing about wireguard. I guess I need to learn about it and try it. <apteryx_>marusich: also, you may want to check the autossh service; I use that with reverse port forwarding to allow SSH'ing to my office machine <apteryx_>(the office machine connects to home via SSH using the autossh service; a port is kept open to allow connecting from it in the reverse direction (e.g. ssh localhost -p 6666). You need port forwarding on your home router + have a script to refresh a dyndns service with your (changing) home IP. <apteryx_>wireguard is nice but it doesn't handle dyndns itself (I hear there are scripts to kick it into doing that, but the wireguard service in guix doesn't have that -- yet). <apteryx_>so if your home ip changes and for some reason the keep alives were interrupted, it won't reconnect automatically as it will keep trying the old IP (it resolves the host name of the remote only at start) <marusich>Too many options! I feel overwhelmed :) I'll try to keep this one in mind, too. <tissevert>is there a way with guix system to show what differs in a system generation compared to the previous one (like in guix package which shows what was added and removed) ? <vivien>tassos-m, you should use a computed-file, and chmod the executable file before you copy it to the store. <leoprikler>hmm, you'd probably have to diffoscope the canonical names <tissevert>in my case, I was just looking for the latest version without a package I had been trying, so a find -L … | wc -l did the job and wasn't too slow, but I wanted to make sure I wasn't missing an existing info ***mark is now known as mjw
<podiki[m]>same question as drakonis, is core-updates officially entering a frozen state for a merge and update soon ("soon")? <southerntofu>hello is there info/work about differential upgrades for binary substitutes? <roptat>yes, there's been an announce on the ML that core-updates is frozen <roptat>I see php is failing for instance, but it's still on version 7.4.20, whereas master is at 7.4.21. has there been a merge from master to core-updates-frozen? <roptat>southerntofu, not that I know of <southerntofu>well if some people in here are interested, please let me know <southerntofu>i'm tired of wasting bandwidth and having to wait for minutes/hours for simple updates (not just with guix, i just asked the same in #debian :)) <roptat>I don't think we can have the difference be computed on the fly by the substitute server, it would be extremely expansive <roptat>but then, there would be thousands of possible diffs for any package because of the number of times a package gets a different derivation <southerntofu>maybe it doesn't have to be computed on the fly? although i'm not sure it would be so expansive...? <southerntofu>but yes different derivations would produce different diffs <southerntofu>anyway i'm interested in this question, please ping me if you are too, we could open a dedicated channel to talk about it <southerntofu>maybe setup some sort of website like "arewediffyet" like reproducible-builds and bootstrappable have been doing to keep an eye on that question across the ecosystem? <roptat>I'm not *that* interested, but it would be nice to have <efraim>I've considered bsdiff between a package and it's replacement but nothing more than that *efraim can't remember it's our its <roptat>maybe something interesting would be to have a hash "up to references", so if you have a package that has the same hash as what you want to download, you can replace that with a graft <roptat>or maybe simply have the narinfo advertise the hash of individual files, and the substitute server could serve files individually, so you can choose to download the full substitute or just pick a few files that you don't have yet <southerntofu>the individual files approach would be interesting because it would play well with P2P distribution (eg. IPFS/torrent) <southerntofu>buut that may be impractical for packages with a lot ofsmall files? <anonhyi>I recently started using Guix, partly on a laptop. My main distribution is Qubes. Actually, I had a few questions, is Guix safe without preconfigurations? How secure is it against HardenedBSD, or at least OpenBSD? I plan to use a security strategy like in Qubes, that is, through virtualization, but I need a secure host of machines. I also noticed that Guix had problems with Xen, at least I could not start <anonhyi>it, although I was able to install it. Thank you in advance for your response. <anonhyi>Or is it better to choose debian / devuan? <rekado_>there’s no system-wide hardening for Guix System, but “security” is always a matter of degree. <rekado_>virtualization is convenient with Guix as you can use “guix system vm” (and others) to build declarative VMs. <sneek>Welcome back minikN, you have 1 message! <sneek>minikN, mekeor[m] says: i would have guessed that you can install two versions of a software at the same time with guix. so, i wonder how exactly guix complains when you try to upgrade wlroots. do you have an error message? <roptat>minikN, so you have #:use-module (base-system) in the second file? <roptat>and is that file really base-system.scm, from the path pointed to by -L? <GNUtoo>anonhyi: comparing security systems is hard, especially when they don't necessarily address the same issues <GNUtoo>Guix is probably the best distribution for reproducible build as it goes beyong just having reproducible packages: there is work on reducing the amount of (free) bootstrap binaries to trust <GNUtoo>One of the big advantages of OpenBSD is that the design is less complex, but the security team often do things based on intuition rather than proven scientific research, though that was worth with spectre/meltdown class of bugs <GNUtoo>And for Qubes as I understand the main security feature is based on hardware isolation. How effective it is probably depends on the hardware and so on. <GNUtoo>Note that security is more a process than some features and the distribution is not the only part in it <GNUtoo>You have human behavior, the hardware, your BIOS / UEFI, and many other things that are to be taken into account <GNUtoo>And all that have to be relative to a threat model anyway <GNUtoo>The neat thing with Guix is that it could enable to recover from attacks way more easily if all your config is public, and easily retrievalbe <apteryx>hello Guix! Question; how should TLS certs be exposed to containerized Shepherd services? <dstolfa>apteryx: if you find out, please let me know. i'd like to know that as well :) <GNUtoo>apteryx: dstolfa: there is letsencrypt support but there is a chicken and egg issues sometimes <GNUtoo>With https for instance, nginx needs a certificate to start, but letsencrypt needs nginx to work if it uses webroot *GNUtoo wanted to add standalone support for letsencrypt but as I'm a total beginer to lisp I didn't manage to do it well yet <apteryx>GNUtoo: I meant in the context of GnuTLS and OpenSSL. The former wants the certs under /etc/ssl/certs; the later honors the SSL_CERT_DIR environment variable. <GNUtoo>I lack background to understand it <apteryx>Oh, I have an idea. Add a 'tls-certs' field to the configuration of the service (defaults to nss-certs). In the shepherd service definition, add a #:mappings entry for mapping /etc/ssl/certs to #$nss-certs/etc/ssl/certs in the container (fixes GnuTLS). Also specify SSL_CERT_DIR in #:environment-variables to that mapped /etc/ssl/certs (fixes OpenSSL). <apteryx>GNUtoo: no worries, thanks for tipping in :-). And happy you're sticking around here. Have you managed to get some value out of Guix for your Replicant endeavours? <GNUtoo>Yes, I used it for several things: <bricewge>GNUtoo: What do you mean by standalone Let's Encrypt support? <GNUtoo>(3) I also used it in the Replicant VM to deploy a matterbridge binary <apteryx>GNUtoo: the source code of the git-repo tool? <GNUtoo>apteryx: for that I found some way to get it, but the issue is that the archive has much more than just git-repo tool, it has python, probably a libc, and so on <GNUtoo>And now that guix pack supports debs, it might be really interesting to find a way to release somehow the corresponding source code <apteryx>I think there's a way to transitively request the sources of a bundle (pack); rekado shared something before IIRC. *GNUtoo is really interested *GNUtoo has the manifest, the package versions and so on <GNUtoo>If someone has a link or some pointer for me to find that I'd be very interested <apteryx>GNUtoo: perhaps 'guix build --sources=all --manifest=your-manifest.scm ? <bricewge>GNUtoo: You want to run certbot with it's built-in web server. So I guess you wouldn't use that machine as web server? <bricewge>I'm also bothered with the chicken and egg problem when using nginx and certbot. <GNUtoo>bricewge: the idea was to somehow first run the standalone certbot, then once the certificate is ready, through the hook start nginx, and then have a regular certbot with webroot do the cert upgrades <bricewge>It seems a simple workaround, I like it. But you would get some downtime when generating new certificate, even tho it's not needed. <GNUtoo>indeed, it needs to get the cert in the first boot <GNUtoo>The advantage is that you have everything needed to do it if the guix VM / container / system is configured to be a standalone server <GNUtoo>feel free to pick up the work and complete it and upstream it *GNUtoo has too much things to do and cannot work on everything at the same time so things takes too much time *GNUtoo really has to go, but I'll test guix build --sources=all --manifest=your-manifest.scm <roptat>minikN, so you have #:use-module (base-system) in the second file? <roptat>and is that file really base-system.scm, from the path pointed to by -L? <minikN>Yes, #guix:use-module (base-system) is in the second file, that's the one I execute with guix system reconfigure. Both files are in the same folder <minikN>The 2nd file is called wsl.scm, the first one base-system.scm <roptat>can you load base-system in a repl? like "guix repl -L ." and ",use (base-system)" <roptat>this error "unbound variable" often hides the actual error which is that the module fails to compile <ggoes>is it possible to download extensions to guix's ungoogled-chromium without a google account? aside from those like ublock that have guix packages. opening the add-on file locally doesn't seem to work <roptat>I only have ublock in ungoogled-chromium, but I usually use icecat <roptat>I remember having that same question, because I wanted ublock, and I forgot the answer, except that I could use guix <roptat>tbh I'm so used to using umatrix now that I become suspicious when css loads first time when visiting a website ^^' <roptat>it doesn't feel good using chromium because of that <minikN>roptat: After ",use (base-system)" nothing happens, just a new prompt. <roptat>then can you use %guix-channels from there? <minikN>Yeah I think it works. I entered (display %guix-channels) and it outputs the content. <roptat>minikN, so what's the exact command you run that gives you unbound variable? <mekeor[m]>roptat, yes but what if its not working as you think it does, and it this malfunction doesnt get fixed? <mekeor[m]>i'm also still using it actually, but it feels bad, very bad <roptat>well, I don't think I have a choice, it's still better than not using anything <rekado_>I have a Python question: I’m trying to build “modin”, but it tells me this during the build: Please `pip install modin[dask]` to install compatible Dask version. <rekado_>or this one: Please `pip install modin[spreadsheet]` to install the spreadsheet extension <roptat>does it use -L when reconfiguring? <roptat>ah you need to use -L in order for guix to have the other files (base-system.scm) in its search path <roptat>add -L . to the script, and it should work <roptat>well, -L <location-of-base-system.scm> <rekado_>I sidestepped the issue by only running a subset of the tests. <minikN>So I'm calling the script like so: wsl -d guix /bin/busybox sh -c "/path/to/guix-infect.sh /path/to/wsl.scm" and I changed the guix command inside to this: "guix system reconfigure -L $(dirname $(readlink -f $1)) --no-bootloader $1 --no-grafts", $(dirname $(readlink -f $1)) returns the folder containing wsl.scm, which also houses base-system.scm. <minikN>But Im still getting ice-9/eval.scm:223:20: In procedure proc: <minikN>error: %guix-channels: unbound variable <minikN>hint: Did you forget `(use-modules (base-system))'? <roptat>do you have warnings or other messages? <minikN>The errors implies that guix knows that base-system.scm exports %guix-channels but thinks I don't use that module in wsl.scm, right? <roptat>yeah, that's what you would see if there was an issue in base-system <roptat>but we already seen that you can load it <roptat>mh, is the a missing ) after the #:export thing, or did you just forget it? <minikN>That was just an error while pasting, it's actually there in the real file <minikN>I removed the whole section with %guix-channels, now the same error appears with base-operating-system <minikN>(I also added that to the exports) <minikN>Sorry I just got a dc, did you get my messages? <roptat>also, I see there's "wsl" at the end of wsl.scm, but it's never defined <minikN>Currently, with the export section and (define base-operating-system ...) the error says "unbound whatever ... Did you forget to add (use-modules (base-system))?", If I remove the export section and instead do (define-public base-operating-system ...) the error now says "Unbound whatever .. Did you forget to add 'use-modules'?" Why does the message <roptat>I think it's because the mechanism is not exactly the same, so guile doesn't know in advance what is exported with define-public. For packages and services in guix though, it's pre-compiled, so guile usually knows about them <roptat>but I'm not an expert on the guile compiler, so I might be wrong <minikN>I removed the wsl at the end, unfortunately no difference <roptat>yeah, I wasn't expecting a miracle... <minikN>I wonder if the source is not inside the files but something in the environment not being set up correctly <minikN>After all the whole situation is quite unique <roptat>maybe we can blame wsl for that... <roptat>but that doesn't feel satisfying <roptat>after all, you don't have any issue with the other modules <minikN>True, and it installs fine if I only have one file <roptat>maybe don't add GUIX_PACKAGE_PATH, it could be interfering? <roptat>can you paste the complete base-system.scm file? <roptat>mh... I have no issue on my end to load these files <roptat>apart some variables coming from a channel I don't have <roptat>so maybe it *is* wsl for some reason <minikN>One thing I could think of.. could it be windows/unix line-endings incompatibility? <roptat>it should just be treated as whitespace <minikN>Well, at least it wasn't something stupid I should have seen myself :P <roptat>yw, I'm sorry I couldn't help you solve the issue ***mark__ is now known as mjw
<minikN38>roptat the guix binary dl is super slow now. I think they throttled me because I downloaded it too many times :P <roptat>I don't think so, there's no throttling on the server <atka>hello guix, which package has the clear command? <the_tubular>I stopped obsessively clearing my terminal since I haven't included ncurses in my profile <atka>I'm trying to use a python program that was exiting with clear not found <atka>it works now... partially <vivien>atka, you may want to package it :P <atka>vivien: is that a joke on partially working stuff being packaged? <vivien>Packaged programs work better with guix, because we can make sure that they can find their dependencies and set up their environment. <atka>oh got it, so your saying this python program should have ncurses as a dependency when packaged? <the_tubular>So people are reporting bugs and updates on the same package <vivien>Exactly, you can even "hide" ncurses so that your environment isn’t polluted when you install the program. <vivien>(not that ncurses is a pollution, but maybe you don’t want to have it in your environment if you just want the python program) <atka>vivien: hopefully I will get there someday, I'm only on day 3 or so of using guix full time <atka>I would like to start contributing <atka>I have SICP coming to the local library and what to learn Guile/Scheme as my first language. <KE0VVT>Noisytoot: Thanks. I saw issues with it when I searched, so didn't know if the package was good to use or not. <KE0VVT>[1627506650.976]: [ WARN ] We recommend installing and/or starting your distribution 'nscd' service <KE0VVT>[1627506650.978]: [ WARN ] Please read 'info guix "Application Setup"' about "Name Service Switch" ***jackhill is now known as KM4MBG
<lfam>KE0VVT: What do you mean? <KE0VVT>guix install: error: failed to connect to `/var/guix/daemon-socket/socket': No such file or directory <lfam>But, it's not required (hence the status of WARN instead of error) <lfam>That error you posted makes it sound like the guix-daemon is not running <KE0VVT>lfam: Right. I guess the install script does not start it. <lfam>But, if you are on a weird distro it might not work <lfam>Do you know how to use systemctl? <lfam>You can check the status of the 'guix-daemon' service <lfam>`systemctl status guix-daemon` <KE0VVT> Active: failed (Result: exit-code) since Wed 2021-07-28 16:14:48 CDT; 9min ago <lfam>And you can check the logs: `journalctl --boot=0 --unit=guix-daemon` <lfam>There should be some clues there <lfam>Maybe a problem with SELinux. I've heard of new installations briefly stumbling over it on Fedora, and I think we have a SELinux policy file <lfam>"Failed to locate executable /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon: Permission denied" <lfam>See if that file actually exists <KE0VVT>lrwxrwxrwx. 1 root root 70 Dec 31 1969 /var/guix/profiles/per-user/root/current-guix/bin/guix-daemon -> /gnu/store/0iii8i1lc4wg3wccs1db7y7d8lg80i04-guix-1.3.0/bin/guix-daemon <KE0VVT>Thing is, I saw something about the SELinux '.ci' thing being done in the script. <lfam>I don't have any experience with SELinux so I can't tell you how to check on it or diagnose if that is the problem <lfam>I could be missing it, but I don't see anything about SELinux or the .cil file in the installer script <lfam>Does anyone know about this stuff? <lfam>I'm not even sure where the file is supposed to be on the filesystem <lfam>So, the SELinux stuff sounds like a work-in-progress <lfam>I can share with you the built guix-daemon.cil file, or you can follow the advice in that email to build Guix from sources in order to obtain it <lfam>Yeah, I think this problem is not related to nscd <KE0VVT>lfam: Sounds like the “.cil” file is the proper way. <lfam>You can adapt that command to use "1.3.0" instead of "1.2.0" <lfam>It's a shame this is soooo clunky on Fedora, which is a great distro <KE0VVT>lfam: Normally Fedora gives me a very clean, vanilla experience. <KE0VVT>lfam: Just installed linux-libre on it. <KE0VVT>lfam: That command just outputs the file listing. <lfam>I was trying to help you find it