<Noclip[m]>Not really related to guix but I assume you know the answer to my question: <Noclip[m]>Why are the proprietary nvidia drivers not part of the linux kernel? I mean there are already proprietary binary blobs in the kernel. What's the difference here? <dstolfa>Noclip[m]: there aren't proprietary blobs in the kernel, there are proprietary pieces of firmware that the kernel loads into the device to run <Noclip[m]>Mhh, whats the difference between drivers and firmware? <dstolfa>drivers run in the kernel, firmware runs on the device <dstolfa>so your wifi driver would be running on your computer as a part of linux the kernel, wifi device firmware would get uploaded to the wireless chip and run there <slyfox>linux kernel source tree does not contain non-free firmware. it's all in a separate linux-formware repository nowadays <Noclip[m]>If it's running on the device why is it then not included in the device? This seems a bit weird to me. <Noclip[m]>(I know that often firmware is included in the devices but apparently that is not always the case.) <dstolfa>Noclip[m]: if only the firmware wasn't proprietary so we could find out what the reason is... there are some common reasons but it really depends on the device <slyfox>there should be no fundamental reason not to include some stock firmware on the chip, but the hardware is implemented in this particular way <Noclip[m]>"it's all in a separate linux-formware repository nowadays" <Noclip[m]>-> So it's now clean by default? When did they clean it up? <muradm>Noclip[m]: hardware implements some lowlevel electronics stuff which could be configured and/or extended without changing hardware, such extensions are implemented in the form of firmware <slyfox>i had vague impression that wifi firmware is both code and locale-specific configuration (like allowed frequency range to be used) that has to be passed to the device at initialization time <muradm>with time you may reconfigure or update firmware on hardware, the flexible part of overall hardware-firmware-software complex <muradm>hardware may include default version, that depends on design of hardware <Noclip[m]>Can wifi firmware see what the CPU or OS is doing? In other words could wifi firmware be used as spyware? <dstolfa>sure, if it's exploiting the system actively, which i guess you can't know <dstolfa>there are DMA-based exploits that bypass the IOMMU just fine <slyfox>at least it can be very aware of what data you send and receive over network <Noclip[m]>slyfox: But a lot of that data is also seen by your ISP so it isn't that critical. <Noclip[m]>Having full CPU or OS acess is far more concerning. <dstolfa>well, it doesn't have it by default but i could exploit the system... <dstolfa>i doubt that device vendors do this, but it's possible. <muradm>wifi is by definition carrying data you are sending over the network, so it has it in the first place, spyware, that all depends on electronics design, imagine i7 cpu under the load, how much of data can spy a 32-bit low profile chip? <dstolfa>it's up to the user to decide if they wish to use proprietary firmware or not <muradm>while you might find some exploit, you need a backend for it also <Noclip[m]>"it's up to the user to decide if they wish to use proprietary firmware or not" <muradm>it is like thinking can me alone spy the goverment for instance :) <muradm>for a big country it is like millions of people work for goverment and me alone how can spy every and each of them :) <dstolfa>Noclip[m]: sometimes proprietary firmware is unavoidable if you want to use a computer. for many things, you can avoid it, but some things are just that way. you can still avoid it by not using a computer though :P <Noclip[m]>You're whole operating system is still running on a proprietary piece of CPU which has proprietary firmware included in itself. By definition this CPU has unlimited power over the OS and everything it is doing. <slyfox>Noclip[m]: all depends on your threat model you guard against. If something is electrically plugged in your machine it very likely has full access to your machine :) <muradm>in the same way is like 1$ wifi chip can spy 800$ cpu :) <muradm>it will burn before trying to keepup the instructions of the bus :) <dstolfa>Noclip[m]: yes, hence "for some things it's unavoidable if you want to use a computer". as i said, you can still choose to not use a computer if this is a huge concern for you, but unfortunately we don't yet have a social solution for this. maybe in the future :) <Noclip[m]>"If something is electrically plugged in your machine it very likely has full access to your machine :)" <muradm>"If you think that you have information system security issues, then you either don't understand information systems or you don't understand security"... (something like that, don't remember (C) owner) <Noclip[m]>So something like USBGuard doesn't really solve the issue? <muradm>what is the issue in the first place? <dstolfa>muradm: exactly, anyone who understands both *knows* that security is a pipe dream :P <dstolfa>which is a good thing for me, because i have some job security then <muradm>Noclip[m]: so you guess, or you have issue :) <Noclip[m]>I wouldn't say that I have a particular issue here, I'm just interested how dangerous malicious USB devices are. <dstolfa>don't plug in random USB devices that are given to you by people you don't trust <dstolfa>(and you can apply that logic to pretty much anything within reason) <muradm>Noclip[m]: usb harddisk could fall from 5th floor on some ones head, that is dangerous :)) <slyfox>if you assume your USB host controller can be exploited by a nefarious device you probably have fully open machine to the device <Noclip[m]>slyfox said: "If something is electrically plugged in your machine it very likely has full access to your machine :)" <Noclip[m]>-> To me "full access to your machine" means full cpu access. <Noclip[m]>slyfox: So I have to assume that full cpu access is possible? <muradm>seriously, if you want to understand that, start looking at usb protocols, device roles, how do they negotiate, look at kernel, look at userland, draw full picture and see if it satisfies your needs or answers your "issues" <slyfox>i would imagine typical path to exploit would be to write arbitrary data to physical memory <Noclip[m]>muradm: So in other words: Look at everything. ... <muradm>it is like, you learned that windows has an autorun.inf feature, once you learnt it, you will a) turn off autorun b) never plug device with autorun.inf file <muradm>there is no gold bullet to questions "is it safe, is it secure" :) <dstolfa>when you work on systems security which involves the pipeline from ground up (HDL, synthesis, peripheral devices, kernels, compilers and everything in between), you do need at the very least one person that understands every part of the stack to answer such complex questions <Noclip[m]>slyfox: Are there known cases where such an exploit has been used by a bad actor? <muradm>having shared tabled with common password could be unsecure for goverment, but pretty secure for family use <dstolfa>and ideally you'd have people that understand formal methods very well to specify all of this in something like HOL <Noclip[m]>muradm: Or don't use Windows in the first place xD (I know, it was just an example.) <slyfox>Noclip[m]: sure, let's see if i can find the actual devices sold :) <Noclip[m]>slyfox: I know about existing USB devices which register as keyboard on the OS and then run some common key combinations to execute mailicious code on the system. <muradm>Noclip[m]: if you _know_ such devices, you understand how they work, and the impact they would cause if plugged into your host, then answer will arise automatically, for example you can permit only known keyboards only at designated ports <Noclip[m]>muradm: You can protect against those devices with USBGuard. <muradm>personally i didn't see such, and even from short description i make the conclusion that who ever makes such device should know my system in the way that he could pre-program key sequences, because keyboard is only input device <Noclip[m]>Maybe it loads now but it is still super slow. <muradm>Noclip[m]: is it advertisement of USBGuard whatever it is? :) <muradm>Noclip[m]: as an exercise for learning and understanding these issues, i would suggest to install qubes os, and try to do everyday work with it :) <muradm>for about a month, then let's talk again about issues and their mitigations :) <muradm>lol, read description of package, and read my solution :D both are whitelist devices :))) <slyfox>as for going back to why nvidia driver is not upstream there are a few issues: 1. driver is not really distributed in source code, 2. it's license is not compatible to kernel's GPL2 license. <Noclip[m]>I know qubesOS but I don't like it that much because it assumes the user to have a fairly powerful computer with a lot of unneeded ressource but that is often not the case. <muradm>nvidia does not want to bend to standards, they pretend that they are setting standards <Noclip[m]>muradm: I know that qubesOS has some protection against badUSB. <muradm>Noclip[m]: resource requirements are not important, what is important is "workflow" enforced by qubeos to the user <Noclip[m]>slyfox: I guess firmware doesn't need to be compatible with GPL2 in order to be distributet with the OS? <muradm>once you see it, you will see tradeoffs better <Noclip[m]>Of course resource requirements are important. *muradm feeling like being trolled.. :) <Noclip[m]>muradm: How much ram does your computer have? <Noclip[m]>muradm: Take 40 GB away and you are left with what I have. <slyfox>Noclip[m]: nvidia distributes 4MB nvidia.o ELF file. it's not a firmware, but object code linked into nvidia.ko and later into host kernel. <Noclip[m]>muradm: Some people have just 4 GB of RAM or even less. <slyfox>i believe some of nvidia firmware (already extracted by nouveau provect) is in linux-firmware repository <muradm>Nonclip[m]: i use like 2-3gb normally of them, i need rest when i test my systems locally :) <Noclip[m]>slyfox: I wasn't referring to nvidia firmware there but rather to the proprietary firmware which is included in pretty much any linux distro. Why is it allowed in the GPL2 kernel? *muradm restarting for testing <dstolfa>Noclip[m]: it's likely a GPL violation, but nobody enforces it because the alternative is that nvidia simply won't make drivers for linux <dstolfa>it doesn't matter if something is a GPL violation if the copyright holders don't enforce it <Noclip[m]>Does qubesOS support anything except for x86_64? (I guess it doesn't.) <slyfox>Noclip[m]: what do you mea by "it"? firmware is not in linux repository and is not normally linker with kernel, but gets uploaded directly to the device. <dstolfa>slyfox: i think they meant the driver itself <Noclip[m]>dstolfa: Nvidia drivers aren't included in the linux kernel. <dstolfa>in that case the GPL doesn't apply. firmware is just data being processed by the kernel <dstolfa>but nvidia driver is likely a GPL violation since it actually gets loaded into linux, which means it uses some of its interfaces and therefore links against GPL'd code <Noclip[m]>slyfox: So the proprietary firmware blobs aren't really part of the kernel and they are also not part of the kernel's compiled GPL2 binaries? <Noclip[m]>dstolfa: No, as I already said I'm not talking about drivers here and also not about nvidia. <dstolfa>Noclip[m]: i know you're not, you've said it already <Noclip[m]>"in that case the GPL doesn't apply. firmware is just data being processed by the kernel" <Noclip[m]>-> Isn't the user the person who would actually violates the GPL here? But (as far as I know) the GPL2 restricts only sharing of software so unless you share a copy of your installed OS everything should be legally fine, right? <dstolfa>the user can't violate the GPL. it only comes into play if you distribute the end result <dstolfa>but the GPL violation is in the fact that nvidia built the driver for linux somehow. it *probably* links against the linux kernel for the module system, potentially some other internals <dstolfa>and then they distribute a proprietary driver <dstolfa>this is a GPL violation if they actually do it <dstolfa>however, it is only enforcable by the copyright holders <zacchae[m]>I have one computer that doesn't support UEFI, and one that ONLY supports UEFI. Is there a way to install two bootloaders so I can make a universal image? <Noclip[m]>So eventually nvidia violates the GPL, okay. <slyfox>nvidia requires you to make a final step to get a nvidia.ko and claims nvidia.o does not use any of linux interfaces. <Noclip[m]>Well, the linux kernel has a ton of copyright holders. <Noclip[m]>slyfox: "(4) Has “QualPwn” been abused in the wild? <Noclip[m]>We have not found this vulnerability to have a public full exploit code." <zacchae[m]>The only way I can see to get two bootloaders on separate partitions is to do two identical installs on the same drive <slyfox>i dunno. i'd expect it to be used <muradm>zacchae[m]: are you using same harddrive to boot both computers? <Noclip[m]>slyfox: Most CVEs seem to be patched before anyone ever abused the bugs. <Noclip[m]>zacchae: I think you can make chains of bootloaders. <Noclip[m]>But I'm not an expert on bootloaders or dual booting. <muradm>zacchae: as far as i remember, uefi requires GPT partition table, while it should be possible to have fallback mbr partition at the same time, that will be tedeous to support for life time <Noclip[m]>slyfox: There are regularly critical CVEs for all kinds of virtual machines but I've never hard about an actual wild malware which abused them to escape a VM. <attila_lendvai>is it normal that the network manager asks for my password each time i connect to a wifi? my user is in the wheel group. <sneek>Welcome back attila_lendvai, you have 3 messages! <muradm>if you think from guix perspective, that will be harder to maintain, technically you will need to run "guix system reconfigure ... oldsystem.scm" while on new system, and then plug that harddrive to old computer <muradm>if it won't boot, i will have to recover the system <muradm>zacchae[m]: may be have a dedicated usb stick for booting system which is less used <muradm>thus you wont risk your main harddrive <attila_lendvai>sneek, heh, excellent, thank you! :) i can get patches into c2ffi... do you think it's worth upstreaming some of these changes? e.g. that -lLLVM? or expanding that would brake it on other distros? <attila_lendvai>sneek, also, llvm-11.0.0 is a branch. won't this package break if a new patch is pushed into that branch (and thus change the sha256 of the thus defined sources?) *attila_lendvai realized he's talking to the bot... :) <muradm>i suppose that c2ffi developer is a bit struggling <muradm>attila_lendvai: yes, you right, just realized that llvm-11.0.0 is not a tag but branch <muradm>if you will use that package locally, then yes, everytime new commit lands to that branch, you will have to update your local package sha256 <attila_lendvai>muradm, random note: i wanted to package c2ffi as a learning experience... :) i created its nixos package. thanks for getting it done, though! :) <muradm>for #50217, i will be updating patch by fixing to current commit, since it seems that c2ffi has no versioning <muradm>attila_lendvai: you selected not easy package for learning :D <attila_lendvai>muradm, well, i at least knew how to build c2ffi. the next thing i'm missing is gpaste, because the gnome-shell-extension-clipboard-indicator is damning a security issue: by default it saves the clipboard history in clear text, and the setting to turn it off is called "Cache only favorites" (WTF!?), and the author refuses to change any of this. <podiki[m]>hey all, I made it back! reformatted my ext4 partition and restored the files (though some files didn't make it, not sure what) <podiki[m]>as part of my messing around I'm guessing, when trying a guix pul, getting a "git error: failed to open - '/home/user/.cache/guix/checkouts/.../.git/FETCH_HEAD' is locked: permission denied" <podiki[m]>for some reason it is owned by root that file, maybe something from my recovery, should I just chown that? <muradm>attila_lendvai: #50217 fixed with fixed commit <muradm>i gave up using gnome like at least 5-6 years ago... ) no gnome no problem :) <attila_lendvai>muradm, what do you use instead? i was pretty happy with 4.0 on NixOS. finally stuff worked... and then i migrated to guix... :) <muradm>attila_lendvai: minimalist xorg/i3, recently switched fulltime to wayland/sway *attila_lendvai makes a note <muradm>it will take time to adapt to tiling window manager and mostly keyboard, but once done, never will want to go back :) <muradm>as far as i remember even gnome started to have tiling layout in recent versions <attila_lendvai>i don't touch the mouse while i'm programming, but for the entire gui stuff... dunno. it never really bothered me, because the most i do is arrange two windows side-by-side, and switch between windows using alt+tab <muradm>attila_lendvai: i3/sway/etc. exactly for that purpose, they do it for you, arrange windows side by side, or may be more windows :D <podiki[m]>hmm something very strange happening here. guix pull doesn't seem to update (it grabs channels, says 500 packages out of date), guix describe shows old and only guix channel <podiki[m]>guix system also unhappy guix system: error: opening file `/gnu/store/...-other.drv': No such file or directory <admason1413>anyone know how to match EOF in regex pattern for substitute*? I'm trying to append something to the end of a file in a build phase of a package. <tophullyte>does anyone know how to specify using the clang toolchain in a specification ? i tried reading the manual but it does not seem to help *apteryx wonders why `guix graph --path python-pytest@5 python-hypothesis` turns out no result <apteryx>guix gc -R /gnu/store/kf012v2k2jf23pmh9d81z9hrsz5byi69-python-pytest-5.3.5 | grep hypothesis is a match <apteryx>ah, multiple versions: guix graph --path python-pytest@5 python-hypothesis@5.4 <zacchae[m]>muradm: I want to have a USB thumb drive that can boot at any computer. The guix installer ISO does this, so it must be possible... <char>Would it be possible to possible to add a package to the environment I am already in? <sneek>char, raghavgururajan says: I have replied to your message in #48554. <sneek>char, raghavgururajan says: I have replied to your message in #48554. <podiki[m]>zacchae: you and use guix system image to build a system config to a bootable image <podiki[m]>is something going on with some recent updates? see lots of failures on the ci (looks like from rust? and hitting some gnome stuff?) <bricewge> podiki I managed to build nushell locally which was the source of the rebuild <podiki[m]>in the process of recovering from messing up my guix system a bit, and wasn't sure where some build failures were coming from (must be on my end) <attila_lendvai>so bluetooth is hardly functional on gnome. even the settings pase is greyed out for me. is that expected, or am i doing something wrong? *attila_lendvai is actually looking at the gnome stuff in the issue tracker, but it feels rather useless in the age of gitlab <attila_lendvai>as a newcomer, the project management side of guix feels rather lacking. there's no wiki dedicated to guix, no 21st century issue tracker, etc. i'm really comitted to using guix, but it seems to have a larger cost than i anticipated. <NicholasvonKlitz>attila_lendvai I have the same exprience but I think it comes primarily from me being so unfamiliar with email-focused git workflows. I've been pampered with forges ;) *attila_lendvai is still copy-pasting diffs from emails... :/ and still hasn't set up emails in his emacs <ss2>I just can't build guix anymore. :() <NicholasvonKlitz><bricewge> "I have this snippet in my `..." <- [bricewge](https://matrix.to/#/@bricewge:matrix.org) Just pasting this into my services solves all my issues. I find it odd that I didn't even need to add `"plugdev"` to my `supplementary-groups`. Do you know why this is the case? Just trying to understand guix magic :) <fnstudio>hi, guix on a foreign distro here, i have an executable (installed via guix) that works fine from my bash but apparently fails when it's launched via a script <fnstudio>it's a password manager and i have this script that launches it to retrieve some credentials (as opposed to have them hardcoded in plaintext in the conf file, of course) <fnstudio>now, the password manager works fine if called directly from the cli <fnstudio>the script that calls it also works fine if the password manager is installed at the host system level <fnstudio>but if i uninstall it from the host OS, then the script doesn't seem to be able to find the guix one <fnstudio>i suppose this makes sense, as how would the script otherwise know of all the path variables that are defined in my bashrc/profile? <fnstudio>and therefore how could it know of any guix app? <fnstudio>so, in a nutshell, my question would be - is there a best practice / recommended way to call guix executables from scripts (e.g. scripts that may not be aware of the guix path)? <fnstudio>hm actually, the error message reported by the third party app is "permission denied", which would seem to contradict my hypothesys <fnstudio>yeah... it's due to apparmor, sorry for all the noise here <leoprikler>fnstudio: the guix-approved way if you do ever find yourself in such a hypothesized situation, would be to a) wrap PATH and other environment variables, or b) rewrite all the command invocations in a copy of your script with a tool of your choice (e.g. sed or guix' own substitute*) <fnstudio>leoprikler: brilliant, thank you very much; option a would be something along the lines of "PATH=... third-party-script"? <leoprikler>yup, if you're writing a guix package you can also use wrap-program or wrap-script to write those for you <leoprikler>but if it works with $HOME/.guix-profile, then all is well <bricewge>Nicholas von Klitzing: All of this isn't Guix specific <bricewge>`elogind` give access to the device based on the active seat <bricewge>It looks like we wouldn't need to create the `plugdev` when `libfido2` will be package <bricewge>Actually, it's not fixed in `libfido2` :/ <bricewge>Just look at the git log history of the cookbook to see practical examples of it <papaya-salad>Hey! Im running into an issue on my guixSD where my Ethernet connection intermittently disconnects then reconnects. In other distros, I've solved this issue by changing the dhcp service type, but I'm unsure how to do that in guix <roptat>papaya-salad, you'd modify your /etc/config.scm <roptat>what changes did you make? changing the entire DHCP implementation? <apteryx_>is someone using Ansible regularly here? <papaya-salad>I changed it to a diff client, but if we only have isc-dhcp then my solution probs won't work <roptat>I thought we had dhcpcd, but it doesn't seem to <jgart>what's the usual for mitigating those unbound variable warnings? <jgart>I had run `guix environment guix --pure` <jgart>`./configure --localstatedir=/var` <roptat>jgart, your "/home/jgart/flask-guix-update/gnu/packages/abiword.scm" looks like it contains some garbage? <roptat>too many "e"s? 0hlwawnn8c41eeeeeeeeeeeeeexb97n294h09bqimzqhs0qdpq8x <jgart>that was me changing the hash in python-werkzeug <roptat>(all the unbound variables are because of that file failing to build I think) <jgart>because it wouldn't rebuild and was showing that it was building successfully <jgart>Ohh ok, do you have a way of generating a valid fake hash? <roptat>instead I would either make sure the file-name changes, or at least change 0->1 or 1->0 (the first character), that's always safe <jgart>I just want python-werkzeug to trigger a rebuild <roptat>(I mean change from an already valid hash) <jgart>I'll put the hash back to what it was <jgart>Can anyone spot the bug in this system config: https://bpa.st/GAHA ignore the abduco and dvtm packages at the top that I took from bqv <jgart>It completely borked one of my guix systems. I can't even rollback. Let me see if I can get some informative error messages <jgart>All previous generations are also borked <jgart>`Could not receive return value from daemon process` is one error <jgart>`Timeout reached while wating for return value` is another <jgart>Interesting that `wating` is spelled incorrectly in the error message <jgart>`error getting polkit authority: Error initializing authority: Error calling StartServiceByName for org.freedsktop.PolicyKit1: Timeout was reached <roptat>mh... could the nix daemon interfere? <jgart>My confusion is that I wonder why the previous generations are also borked <jgart>At this point, I can't reconfigure in the current state of the machine. This was a testing machine, mostly <jgart>what would guixers do at this point? set up a chroot and try to recover the machine? <jgart>roptat, how would you debug that? <roptat>reboot to a previous generation? <jgart>I've been picking various previous generations and they all seem to be borked. I'm pretty sure that was not the case before the reconfigure that ended all reconfigures <jgart>I'll try again just in case I missed one <jgart>But no solution was discovered in that thread <podiki[m]>I'm also trying to recover my system (I restored everything from a backup after a reformat, but some files didn't make it) <podiki[m]>is there a way to rebootstrap from a system? or use install media? or another computer to build base again <podiki[m]>(for me, some random builds are failing, not finding ldd, a few broken store items, must be some linking gone missing) <roptat>you might be able to recover with a reconfigure <roptat>or boot the install iso and enter a chroot <jgart>It seems on my machine that when I login it wants to start gdm and then it ends up just locking that tty <jgart>Then there's no way to run Ctrl + Alt F7, etc... to visit to a different tty <podiki[m]>I didn't have good luck with trying the chroot instructions people have used with guix <jgart>podiki[m], do you remember the link for where those are at? <podiki[m]>I'd like to reconfigure but that is one of the builds that is failing, I think because of ldd missing <jgart>I've followed ones before with gentoo <podiki[m]>I ran into issues getting to be a non-root user, which can later lead to some permissions issue as a user (but fixable, or removing the ~/.cache/guix folder) <podiki[m]>but as I said, I may have caused more problems like this, so be careful <jgart>Might be nice to test a guide like and include it in the cookbook <jgart>Like Oleg suggested in the thread <jgart>> I wish a guide like this to be in the Guix documentation. <podiki[m]>for me it did seem like a standard chroot procedure, but had some issues once I got in. maybe should try from a guix install boot, maybe it was a host system thing <jgart>podiki[m], thanks! not sure if I'll have the time to go through now but I'll keep it for later <podiki[m]>it is all pretty standard I think, just run a build daemon with --disable-chroot maybe <podiki[m]>but do report back, I would have found this helpful too <jgart>It'd be nice if someone writes a guide going through the whole process <jgart>I feel parts might be missing from that. It doesn't walk you through the whole process like the gentoo handbook would, for instance <podiki[m]>hmm...maybe I need to see what "guix system init" will do for me. my system is in a weird state (works at least, but can't do some builds and reconfigure <podiki[m]>I'm all for a complete guide in the cookbook on chroot and general guix repair <jgart>Does anybody still get this error: `source file ...config.scm newer than compiled` when building from a checkout? <podiki[m]>guix deploy might also be helpful I'm thinking.... <jgart>Maybe we can bring that up and organize ourselves to make it happen <podiki[m]>nice. I might not be home in time for that, but agree it will be helpful <jgart>We have a meetup once a month on the last Saturday of the month <jgart>The channel is just getting started <jgart>Let's hack! GNU's joy store. It's worth the journey! <jgart>It's like Toys R US but for Guix <the_tubular>There are a lot of "emacs" package on guix, is there one that is 'minimal' like without the games and without the fluff I won't use ? <admason1413>does any know how to write an empty file within a guix build phase? I need to write an empty __init__.py in test folder during a build. <roptat>also, if you speak one of German, Portuguese, Spanish, Danish, Tamil, Swedish, Italian, Russian, Esperanto, Hungarian, Vietnamese, Chinese, Serbian, Polish, Czech, Korean, Occitan, Sinhala, Turkish or Mongolian, please have a look at the suggestions for your language, and maybe consider contributing :) <the_tubular>Yes, I've looked at the package definition, maybe I'm misunderstanding it <roptat>admason1413, not sure if that's the best, but I would do (with-output-to-file "test.py" (lambda _ (display ""))) <roptat>I think it's minimal in the sense it uses the least possible dependencies <roptat>I don't think you will find less that that. maybe use zile instead? <roptat>"GNU Zile is a lightweight Emacs clone." <the_tubular>Can It use org-mode and magit and all the good emacs stuff ? <the_tubular>I'm trying to have something professional, I don't need to run tetris in it MysteriousSilver <the_tubular>I don't mind the fact that you can, but it's de default ... <jgart>roptat, this might sound funny but how do you slurp and barf? *dstolfa hops between emacs and vim for things all the time <roptat>jgart, I don't even know what that means ^^' <jgart>search for the animation that says `slurping and barfing` <jgart>And also raising is another one <jgart>Although I found out a way to do raising with vis that I'm happy with now <jgart>I do slurping and barfing but it takes more than one key stroke <jgart>it takes maybe *3* keystrokes <the_tubular>Guix and emacs are really cool, but they take a while to configure :P <dstolfa>i found emacs pretty easy to configure all things considered <podiki[m]>any ideas whey I'm not able to build mutter, erroring out with ldd not found? <podiki[m]>I think i see this on other builds, so something is wrong with my system, but not sure how to fix it <podiki[m]>e.g. during a system reconfigure. but also same error on a package like flatpak (with a newer source, it has built before with same setup; still works on another computer) <fnstudio>i've been trying installing a package that apparently has qtwebengine-5.15.2 in its dependencies and that takes sooo long and it eventually fails <podiki[m]>I know I have some missing links or corruption, but gc --verify=repair can't do anything (and no glibc appearing there), gc --verify=contents is showing a lot <podiki[m]>I need to do a full rebuild somehow....? guix system init from install media and then do my reconfigure? <fnstudio>it makes my system so slow that i wouldn't rule out it's due to hardware limits (although my machine is 8gb, 4 cores, ...) <jgart>It also depends where my cursor currently is <jgart>roptat, -> points to the resulting text <jgart>roptat, Would you do it differently in those editing contexts? <jgart>the first slurp could be x%%p instead or x2%p (still 4 keystrokes) <fnstudio>(guix on a foreign distro) is there a way to install a package by using substitutes as opposed to building things? <jgart>I guess it is a matter of choosing 4 extra keystrokes instead of 1-2 keystrokes *and* 3000+ lines of code (depending on the paredit plugin/implementation you choose to install) <jgart>fnstudio, there definitely is <fnstudio>jgart: thanks, i'm looking at the manual, is it something that works differently on guix system vs foreign distros, that you're aware of? <jab>I was thinking for guix package, guix system, guix build...should --fallback be the default? <jgart>fnstudio, how did you install guix? <podiki[m]>fnstudio: for substitutes, not that I'm aware. really only guix system <jab>I was trying to build gnome-desktop-service-type just now. It downloads lots, lots of grafts, so it takes a while to install. <jab>Well it failed to install the first time, because my network flaked for a second... <jab>Then it said guix system error network unreachable... <fnstudio>jgart: i installed it manually on a debian machine, before apt install guix was a thing <jgart>fnstudio, what foreign distro? <jab>maybe guix should have a pause phase...while downloading it should say...we lost internet connectivity...please wait 15 seconds we will try again soon. <admason1413>anyone know how to use build utilities or gexp to create empty file in a build phase? <jgart>I think it should have asked you if you wanted to authorize a substitute server <jgart>which in that case see the manual on how to do it manually <jab>Then when I tried to sudo guix system reconfigure config.scm again...it said that that CA certs failed to build. <fnstudio>jgart: lol for the unintended pun :) ok sure, i'll follow the manual process on the manual <jab># guix system --fallback reconfigure config.scm fixed the problem. <jab>Now I've got gnome installed...and I'm not certain how to use it...because I forgot to bring a mouse with my desktop computer... <jgart>if you're on the latest debian then you can also just reinstall guix with apt and maybe it will ask you then <fnstudio>out of curiosity, are there packages that are renowned for being particular resource hungry? this qtwebengine-5.15.2 really made my computer spin for hours <jgart>You can do `guix package --export-manifest` to save your current profile <sebbu>fontconfig if you installed lots of fonts <jgart>fnstudio, were you trying to install a custom package or a package in upstream? <roptat>jgart, I'm not knowledgeable enough, but it looks like it wouldn't work the same way in all context <jgart>yes, It wouldn't work the same way in all contexts. I can confirm that <the_tubular>I'm still looking for someone that is using guix as a firewall <roptat>like in (a b (c d) e f), your command wouldn't slurp only e <jgart>Oh ok, yes then proceed as you were <podiki[m]>paredit/smartparens are crucial for lisp languages, can't imagine writing or editing without <jgart>fnstudio, You can use your own offload server and substitute server to register those custom packages with substitutes <fnstudio>jgart: hm this sounds interesting, is offload server the same as substitute server here? <fnstudio>i guess that'd be a machine (of mine) that fetches packages, builds them, and finally make them available to my computer as if it were berlin or bordeaux? <jgart>no, an offload server will just take your derivation and build it for you <jgart>let's say you have a monstrous server somewhere with an obscene amount of cores and ram, then you can offload it to that beast <jgart>instead of your humble thinkpad X200 <jgart>fnstudio, yes to your last message <fnstudio>jgart: awesome (i'm in a call now, but i'll get back here asap) <jgart>I'm not a purist though, I use emacs also <podiki[m]>I've done without it too, but is annoying and requires more effort <podiki[m]>anyway, progress made with guix gc --verify=repair,contents seems to have fixed some things <jgart>The day I find a slurp/barf/raise implementation in the editor I'm happy with I'll use it. <podiki[m]>darn, guix system reconfigure still fails with error opening file /gnu/store/.....-other.drv <jgart>Maybe ask on the mailing list so it doesn't get forgotten here on irc if no one answers in time <podiki[m]>I might just do a reinstall, clearly I've messed things up (well in restoring files things got lost) <podiki[m]>maybe time to try btrfs too (problem originally with enabling a flag on ext4 that grub doesn't do) <the_tubular>Can't wait for the day that ZFS on root is going to work on guix *the_tubular wonders which will come first <dstolfa>Noisytoot: sometimes btrfs doesn't do what you need it to do <dstolfa>there's still no viable alternative to ZFS for some things <dstolfa>i frankly find this quite insane that linux still to this day doesn't have an in-tree replacement for ZFS <podiki[m]>are you all btrfs users in here? is that common in guix land? <podiki[m]>if so, how do you like to setup your snapshot/mount structure <dstolfa>i use btrfs on my guix machines just because of compression <dstolfa>i don't really do any snapshotting and the likes <dstolfa>anything that i really need that kind of thing for, i use ZFS on <zacchae[m]>podiki: are you saying guix system image will make it boot for UEFI and Legacy BIOS? <podiki[m]>zacchae: yeah like `guix system image --image-type=efi-raw /path/to/config.scm` for example <zacchae[m]>also, can't speak for everyone, but I use btrfs, and the user manual gives special attention to btrfs <podiki[m]>this actually comes up fairly often, and each time I say I'll write the cookbook article for it.... <zacchae[m]>podiki: If you are right about that, then I think the user manual should make that more clear. It says "The grub-bootloader is always used independently of that is declared in the operating-system file passed as argument", which implies that the (presumably EFI) bootloader entry is ignored. It could mean that both are used, but it doesn't sound like it <zacchae[m]>oh, actually, that was for qcow2 image type, nvm <podiki[m]>I think guix system does something different for 'image' (e.g. filesystem declarations are also ignored, or at least mostly) <podiki[m]>the bootloader config is also probably different, you can look at the source to see what it does <podiki[m]>I agree though, some details to make clear in a cookbook article about live media building (what is cool is that you can just reuse your own system config most likely, and have a portable version) <podiki[m]>dstolfa: what compression do you use? any gotchas there for things that won't work as well or something? <dstolfa>zstd works best in my experience, but use anything you like <zacchae[m]>I've actually just been making full installs over image building. I have gpg keys that need to live on an encrypted drive, and I don't see how to do that with images <dstolfa>ZFS has performance issues too compared to something like XFS <zacchae[m]>the_tubular: btrfs raid might not work yet, but at least it has the promise of working in the future <podiki[m]>btrfs non-raid, desktop (not databases, server etc.) usage...performance that different from ext? (I know ext is pretty fast for those situations though) <dstolfa>btrfs raid does work today, just not raid5/6 <dstolfa>the problems with btrfs is mostly that it's not user-friendly whatsoever, mountpoints are completely broken and NFS doesn't work well with it <podiki[m]>dstolfa: mount points? with how snapshots work you mean? <dstolfa>podiki[m]: no, i mean you can't create pools and datasets and then move around the mountpoints <dstolfa>this may seem irrelevant, but it is very relevant in a production setup <podiki[m]>so you'd say btrfs on a desktop setup is good then? <dstolfa>if you don't need these things, yeah it works well <dstolfa>fedora defaults to it on their workstation <podiki[m]>I see less point of snapshots on guix with rollbacks, but my recent debacle may have proven otherwise <podiki[m]>compression seems nice, I've noticed guix is pretty storage heavy <dstolfa>yeah, and it's easy to set up on guix. the installer supports it and you can just add an option in your config.scm to use zstd on your rootfs <dstolfa>and suddenly guix uses way less space :P <dstolfa>(+ you don't have the maximum inode issue. this is a double-edged sword because it breaks NFS) <podiki[m]>for future reference, I see on ext you can also disable the dir index feature, which is I think what I was hitting (might affect performance then) <podiki[m]>does everyone have giant /gnu/store/.links folder? that was the culprit for me and I was surprised <zacchae[m]>is it simple to install as a user in a chrooted environment? <zacchae[m]>I'm trying to figure out how to setup my user before booting into my new system <zacchae[m]>It would be nice if the users operating-system definition could take a list of packages for each user <podiki[m]>another btrfs question: what have people setup as their subvolumes? root, home, gnu, boot maybe? and is this something I should do at install phase? <zacchae[m]>I've seen it recommended that swapfiles be on their own subvolume <podiki[m]>(i've been running sans swap on ext for sometime....figured I could always add it as a file anyway if I need it) <muradm>however i do apply my modifications, like swap on btrfs <muradm>but this guide is good read, and sample reference <apteryx_>dstolfa: OK, weird. I've been exporting stuff on NFS from my main subvolume without problems so far, but I'll read carefull later. <podiki[m]>muradm: you do swap as a subvolume then. but you can create that later right? (i've just been skipping swap, find I don't need it with enough ram anyway) <podiki[m]>cool, actually had that page open to do some reading <muradm>podiki[m]: definetly, as you say it is subvolume, and can be done later on <podiki[m]>I think I'm convinced to redo my system. with everything in manifests and my system config, I should be able to just copy most of home and do a reconfigure after installing <muradm>i don't like partition swap, just waste of space and additional complexity <podiki[m]>so I think this should be pretty easy, quicker than figuring out what has gone wrong <podiki[m]>I thought I had fixed it, but reconfigure doesn't find a (hash)-other.drv and fails <muradm>podiki[m]: just keep in mind that, for now there is an issue with swapfile on btrfs, in guix. order on startup for (swap-devices does not wait for file system to come up. thus on boot "sudo herd status" will show swap as failed to start <muradm>i live with that since i have plenty of ram <podiki[m]>thanks (another reason for me to not have a swap :-P) <muradm>i start swap, often when i run lsp-java :D <slyfox>i found zram useful on machines with huge amount of ram when you want to compile everything in RAM <apteryx_>muradm: for me, herd status shows '+ swap-/swap/swapfile' as started, and I don't do anything after boot for the swap file. <muradm>apteryx_: i don't know, i was reporting this few times here, trying to discuss, since it is not very critical, didn't report it as bug personally, may be there is one already in history, but term swap makes it hard to find somethign :) <apteryx_>so for me /swap is a subvolume, and /swap/swapfile is the swapfile. It just works (TM). <boeg>I am trying to build something that has instructions for ubuntu saying it needs libgtk-3-dev - what might that package be called in guix-land? <muradm>my swapp is on encrypted btrfs subvolume <slyfox>boeg: looks like it's 'gtk+': $ guix environment --ad-hoc gtk+ <muradm>apteryx_: lucky you, never worked for me :) <boeg>slyfox: weird, i tried guix search gtk+ but it doesnt show, but guix describe gtk+ find it. I wonder why the search didn't prioritize it <slyfox>i guess guix search gets a regex as input <slyfox>'guix search gtk\\+' seems to woork here <boeg>Anyone know if the gtk+ package includes the development files, specifically gdk/gdk.h ? <podiki[m]>muradm: do you use snapshots at all? for guix I'd imagine more useful for home; I see some create a separate subvolume for snapshots, but I guess that can be done later <podiki[m]>boeg: I don't think guix usually separates out a "-devel" type package. if something needs it to build, include it in 'inputs' and should be okay (some big packages may be split into bin and lib outputs though) <podiki[m]>you can also just guix build or install gtk+ and browse the store directory it is in <boeg>podiki[m]: right - i think my profile is that i have installed it as a user package but have not added .guix-profile/includes.... to LD_LIBRARY_PATH. I'm gonna try to do that and see it it fixes it <muradm>podiki[m]: i used to use snapper on arch for snapshots. with guix i lost need for them, in the way that everything except "/home" is "ephermerial" for me, i.e. rebuildable with "guix system reconfigure/init" <podiki[m]>boeg: might try doing it as a guix package, it'll do this for you (or try a guix environment) <muradm>for "/home" it is also rebuildable with simple git clone <podiki[m]>yeah, I'm almost at that point for home, at least all the config is just a git clone && stow away <muradm>for datawise, i use small script btrbk <muradm>that does snapshot and backup to external drive on demand <apteryx_>muradm: perhaps it matters that swap is a subvolume <podiki[m]>anyway, this all sounds good, think I'm nearly at a plan for my rebuild <muradm>apteryx_: yes i suppose just some order/dependency issue, as far as investigated sources, swap shepherd service does not depend on file-system-service, so it is just matter of luck, alphabetic sort of services, number of file-systems etc. <muradm>podiki[m]: in the begining for btrfs subvolumes also was hard, i was influenced by lvm <muradm>but once you grasp that for btrfs subvolume is just a directory on root volume <muradm>if you do mount "subvol=5" i.e. root btrfs <muradm>you will see directory for every subvolume you created <muradm>so same file can be refered as "/home/user1/.bashrc" and as "/mnt/btrfs-root/home/user1/.bashrc" <muradm>i would not be surprised if "mkdir /mnt/btrfs-root/another-subvolume1" will do the same thing as "btrfs subvolume create ..." :) <muradm>but i didn't tested, and don't encourage for it :) <muradm>another suggestion is keep subvolumes flat <podiki[m]>some niceties of separation like partitions, but works like directories too <muradm>one would intuitively think that for "/home" having "/home/.snapshots" is good <podiki[m]>muradm: as in everything under root subvolume <muradm>better to have "/mnt/btrfs-root/home" and "/mnt/btrfs-root/home-snapshots" <podiki[m]>is it just easier to reason about them as all under one main volume? <muradm>yes, reasoning is better, access is better, mounting and recovery is better <podiki[m]>btw, I found what the whole -other.drv is, roughly. Looking at previous ones, it comes from guile, to build things like user pam or something <podiki[m]>so clearly something has gone critically missing in my system <podiki[m]>my "full" restore was not, maybe all the links and hardlinks etc. in guix did not play nice with fsarchiver <podiki[m]>or just corruption from failed attempts when I was trying to fix <muradm>generally one should not touch the / and /gnu/store <muradm>there is no reason for backup of them <muradm>guix manages them for you, and there is always "guix system init/reconfigure" <muradm>just boot with install media or have separate guix installed on usb key <muradm>boot, manually mount as per "System Installation" and do "guix system init" and magic happens :) <muradm>having guix installed on some usb stick is useful, mine i call "genesis" :) plug it into any system, write another config, do partitioning, guix system init and you are done :) <podiki[m]>I didn't try to mess up /gnu/store I swear! :-) <podiki[m]>the whole ext dir index getting full has me rethinking my filesystem anyway <muradm>that "genesis" stick also carries git repositories of important stuff lile "~/.config" <podiki[m]>I'd also like to put my system on a stick as a portable and rescue, just didn't get to it <muradm>so next step after boot to new system i just mount that same stick and clone the .config <muradm>then my home environment magically appears :D <podiki[m]>I did make some live system images before for testing <podiki[m]>we should collaborate on a cookbook article (even though the live system is really a one liner for guix system image) <podiki[m]>plus a new user could easily use the sample configs to have a quick desktop system on a usb stick for testing out guix <podiki[m]>(I've answered the live system question several times this week already) <muradm>i didn't find installer/live system very useful. they have limitations. i strugled a lot with "n-word" channel :D since almost all my systems include proprietary hardware <muradm>everytime i had to build new install media, because they are somehow not reusable <muradm>so i just thought, why not "guix system init" some usb stick, and it worked better than any install media <podiki[m]>right, I don't mean the installer, but a full system instead <muradm>require a tweak with grub as i remember, but other than that it is perfect <podiki[m]>guix system image made bootable usb drives for me without fuss (ufi-raw option I believe) <podiki[m]>(and yes, can make ones from other channels of course ;)) ***xgqtd is now known as xgqt
***iyzsong- is now known as iyzsong
<apteryx_>what's the GNU triplet for cross-compiling for armhf ? <apteryx_>arm-linux-gnu or armhf-linux-gnu doesn't work <apteryx_>hmm, or not: checking target system type... Invalid configuration `armhf-linux-gnueabi': machine `armhf-unknown' not recognized <fnstudio>jgart: sorry for disappearing, in case you're still around, i think all the substitute server thing is much clearer to me now, thanks <fnstudio>jgart: just on the distinction between offload and substitute servers, though, the way you describe a offload server looked to me as a substitute server <fnstudio>maybe an offload server is used to indicate a personal/private server whereas a substitute server is one of the publicly available ones? <fnstudio>maybe it's not that important, but i was wondering if there's anything i'm missing <apteryx_>fnstudio: a substitute server is one-way; offload server it two-way; the derivation and inputs are copied to the offoad machine, the build is done there, and the result copied back <fnstudio>apteryx_: thanks! i still have the feeling i'm missing something; first of all, a derivation is the artifact obtained at the end of the build, if i got it right? <fnstudio>and derivations can be either built locally on a user's machine or downloaded as "binaries" (or derivations) from a substitute server? <fnstudio>i might be missing the difference between one or two of these elements ***schmillin_ is now known as schmillin
<attila_lendvai>how does this work? if i have the nix package manager installed for my user on guix, and i install some package from the nix repos, then they will just run fine on guix? e.g. i could install e.g. Signal from the nix repo, and it would just work? <fnstudio>ok, i have substitute servers enabled now but when i run "guix install qtwebengine" it still says "The following derivation would be built: ..." <fnstudio>(so, "derivations" are the processes or actions, whereas "substitutes" are the results of those build processes, if i got it right?) <leoprikler>binaries you get over the aether instead of building them on your own <fnstudio>leoprikler: right, yes, i think i got it eventually; including in terms of offloading daemon and substitute server <fnstudio>why do i happen to find packages that still require a local build though? <fnstudio>i suppose the answer is that not everything has already been built on the substitute server? <fnstudio>or maybe there's a flag that i should make sure i add to the install command? (guix on foreign distro) <pineapples>muradm: Hey! Sorry for troubling you with this but do you have an idea as to why your `sway-next' is built without system tray icon support? <pineapples>Nevermind. Adding `basu' to the inputs of `sway-next' makes it so that system tray icon support is automatically enabled <muradm>pineapples: no idea, never use system tray :) <jgart>does channel news have to be in etc/ for the news to work? <muradm>hmm... basu isn't that stripped dbus? <muradm>interesting, i inherit sway from default guix sway <pineapples>It more or less is a drop-in replacement for libelogind/libsystemd <jgart>Also, does referring to a commit that was not authenticated in the news.txt file/entry block cause the channel news to not report any news? <jgart>I'm thinking that one of those must have caused channel news to not report news after a guix pull <muradm>pineapples: i suppose that is something to do with wlroots 0.14.1 and sway 1.6.1 changes <muradm>i think they are trying to drop dependency on logind