IRC channel logs


back to list of logs

<lilyp>shouldn't SSL_CERT_DIR be set if you manually install nss-certs tho?
<lilyp>mine points to /run/current-system/profile/etc/ssl/certs
<iskarian>I thought so, but "guix environment --ad-hoc pianobar nss-certs" didn't work AFAIR
<maximed>iskarian: FWIW, pianobar uses libcurl
<maximed>I don't know if libcurl fallbacks to /etc/ssl/certs
<iskarian>pirate-get uses Python's networking, so I presume this would affect most networked Python applications
<maximed>/gnu/store/x2lzl79lbhsfhn36y3g261xjc6115gba-curl-7.77.0/bin/curl-config --ca --> no output
<maximed>According to, libcurl needs to be configured to look in /etc/ssl/certs
<maximed>We would need to pass --with-ca-bundle or --withca-path according to
<iskarian>I do think the easiest fix is to somehow make sure having nss-certs or le-certs in a profile always sets those variables, since that's typically what users *mean* when they install them
<iskarian>now, having nss-certs in my system profile seems to set SSL_CERT_DIR in my main profile
<iskarian>I'm not sure why "guix environment" isn't setting it, then
<maximed>I think we should both move SSL_CERT_ stuff to nss-certs or le-certs, and set --with-ca-bundle --with-ca-path
<lilyp>I don't think this is a guix environment problem
<maximed>iskarian: What's the "guix environment" command?
<maximed>To reproduce
<lilyp>I think it is those programs not honoring said variables
<lilyp>maximed: guix environment --ad-hoc pianobar nss-certs
<iskarian>lilyp, if I set SSL_CERT_DIR, it works
<iskarian>maximed, `guix environment --pure --ad-hoc pianobar nss-certs'
<iskarian>though there's not an issue until you enter your Pandora login
<maximed>iskarian, lilyp: That doesn't set SSL_CERT_DIR because pianobar doesn't have SSL_CERT_DIR in its search paths
<maximed>(the search paths of the 'inputs' (excluding propagated inputs?) don't count)
<lilyp>The point is that nss-certs and le-certs ought to set SSL_CERT_DIR, I believe
<lilyp>though I'm not sure I agree
<maximed>It appears with-ca-bundle is set for gnurl, but not for curl?
<maximed>nevermind, it isn't anymore
<iskarian>The manual *does* say that unless you install nss-certs at a system level, you'll have to manually set e.g. SSL_CERT_DIR
<maximed>(with-ca-bundle was added with patch 30165)
<maximed>Nevermind, it was removed in bb85ce7327ea17f89c82d8fc6788470080620701 because ‘It broke building gnurl in non-reproducible ways.’
<iskarian>hmm. currently only 4? packages set a SSL_CERT_DIR/SSL_CERT_FILE search path
<maximed>So maybe worth adding again, in gnurl and curl, presuming these irreproducibility issues are gone
<maximed>(in addition to adding SSL_CERT_ stuff to various packages, or moving it to nss-certs, le-certs)
<ArneBab>New article: Installing a Program on Guix → — how to get the libraries you need and then build locally
<ArneBab>(incl. packaging lib)
<iskarian>maximed, just did a quick test; just adding the search paths to nss-certs doesn't cause the env var to be set (presumably because a search path doesn't look in the defining package for files?)
<iskarian>anyway, I've got to go for now, but I think this definitely deserves some more investigation
<maximed>(in addition to adding SSL_CERT_ stuff to various packages, or moving it to nss-certs, le-certs)
<maximed>* oops wrong message
*maximed quits
<lilyp>I think this is just one more on our good old friend #22138, or as I like to call it "propagated-native-search-paths".
***ChanServ sets mode: +o nckx
***nckx sets mode: +b ix!*@*
<podiki[m]>does anyone frequently have time sync errors from ntp? should I be configuring different from the default servers to sync to?
<nckx>Hm, no.
<nckx>I use openntpd and use constraints from, but that shouldn't make that much of a difference… right?
<nckx>You could try using <XX country code> and see if it helps.
<podiki[m]>hrm. okay, will set some servers explicitly
<podiki[m]>get things like localhost ntpd[551]: receive: Unexpected origin timestamp 0xe4f4ec49.25d1bb05 does not match aorg 0000000000.00000000 from server@ xmt 0xe4f4ec4a.3e1aaad5
<podiki[m]>and then localhost ntpd[551]: kernel reports TIME_ERROR: 0x41: Clock Unsynchronized
<nckx>Looking at the sourc, the scary-looking TIME_ERROR isn't anything serious, or even an ‘error’ at all:
<nckx>I'd ignore it as ‘that's what ntp is now here to fix’.
<nckx>podiki[m]: The other error could be a real bogus packet/server, or a corrupted/bogus /var/db/ntp/ntp.drift file (not sure of the exact location as I don't use that ntpd).
<nckx>You can easily and safely delete the latter to test that.
<nckx>If the former… I'm not sure.
<podiki[m]>thanks, will check
<nckx>podiki[m]: By the way, just to reassure you: the Guix version of ntp (4.2.8p15) should not be vulnerable to the (4.2.8p4) attack you might find mentioned in some search results for the first error.
<podiki[m]>good to know! thanks
<testingguix>how can I remove gedit and epiphany from guixsd gnome?
<iskarian>testingguix, I'm not sure if you can, but if you can, it would be by making a replacement package for gnome, which removes gedit and epiphany from its inputs. However, you'd have to then recompile gnome and all its dependencies locally.
<apteryx>efraim: for some reason binutils-gold is much larger than binutils
<apteryx>it keeps a reference to gcc-lib
<apteryx>well, much larger being about 30% larger
<iskarian>doesn't pretty much anything that uses binutils(-gold) want gcc-lib anyway?
***califax- is now known as califax
<nckx>iskarian: Isn't gnome just a cheap-to-build all-singing all-propagating metapackage?
<iskarian>nckx, honestly I have no idea. I haven't touched anything GUI in guix
<iskarian>in fact that reminds me: after a guix pull / guix package -u / sudo guix system reconfigure, my xfce is complaining it can't find programs anymore and it lost a bunch of icons
<iskarian>what the heck do I do to get it to redetect them?
<apteryx>a reboot fixes it, right? it'd be nice to understand exactly what's at cause though
<iskarian>apteryx, a reboot did not fix it
<apteryx>that's bad :-/
<iskarian>I can access applications through the Applications menu, but the desktop wallpaper doesn't show, and nothing on the "panel" (dock) works
<iskarian>it seems to have saved all the old /gnu/store links
<iskarian>Hmm, actually, I'll try making a new session
<apteryx>ah, perhaps some cache
<iskarian>ah, nope :/
<iskarian>deleting ~/.config/xfce4 fixes it, but also resets all my settings
<jackhill>Hi doncatnip! I like your nick :)
<iskarian>hmmm, and some minimize/maximize buttons are missing
<jackhill>iskarian: perhaps?
<jackhill>iskarian: and is it true that you updated your profile and reconfigured, but did not garbage collect so any old store references should still be present?
<iskarian>Ah I definitely deleted all old profile and system generations and then garbage collected
<iskarian>ah, wait, are you suggesting I should try updating/reconfiguring again after the garbage collection?
<jackhill>ah, okay. I'm afaid I don't have any real suggestions having not used xfce, but I missed that and was even more confused than usual :)
<jackhill>iskarian: nope, just making sure I understood
<iskarian>Yeah, and I'm not super invested in trying to fix it myself since I'd rather move to e.g. i3
<jackhill>yeah, I made the move from GNOME to sway. I was trying to be good and dogfood what I would ask others to use, but sway definitly fits my computing better. I'm using wofi to launch stuff, and it, too, memorized store paths, but that's a simple rm away!
***b_ is now known as brendyn
<jackhill>I must say, I do now appreciate all the fiddly bits (backlight control, power management, etc) that gnome takes care of usually
<iskarian>do you feel sway is pretty usable on desktop?
<brendyn>'rg /gnu/store .config' turns up lots of results unfortunately
<jackhill>iskarian: yes. It does crash for me sometime. ungoogled-chromium-wayland seemed like the worst offender, so I switched to the x11 version there. I haven't invetigated more, because I wanted to try the wlroots/sway update that's in core-updates-frozen to see if I could recreate it there. I need to try again, but the last time I tried it, core-updates wasn't ready yet :)
<iskarian>thankfully for me its just xfce that's keeping references!
<brendyn>Curiously, for me it embeds a different version of xfce's background for each desktop!
<brendyn>i think when i added new workspaces, it created the cache
<iskarian>Ah, I do have workspaces
<brendyn>Anyway. It's a bug. I think ill fix it after I'm done working on these KDE updates which will occupy me for the next few days most likely
<jackhill>iskarian: there are probably some tweaks I could do to the config, but overall I'd say sway's been working for me. My history with window managers before my guix with gnome adventure was wmii and xmonad. I mostly haven't used it on hidpi monitors, but did breifly one time and it seemed ok if that's a concern for you
<jackhill>brendyn: thank you for the updates and future bug squashing
<iskarian>jackhill, I think I'll wait until wayland/sway is a little more stable :) I don't like debugging my daily driver
<iskarian>ah, as far as browser goes, I'm trying to like nyxt, but it's just... lacking
<iskarian>brendyn, I also noticed the minimize/maximize buttons for all of xfce's configuration windows are now missing
<brendyn>you can open the configuration window from a terminal and see if it shows any errors
<jackhill>yeah, when the compositor crashes, it isn't fun :) I switched to force me to get more wayland experience and because I'm a MNT Reform owner and allegedly bare xorg on with the etnaviv graphics drivers is less polished
<iskarian>brendyn, just tried it: no errors
<jab>hmmm...I'm so close to getting opensmtpd-filter-dkimsign to work...
<ixmpp>Alright, say i need to modify gnu/system.scm to change how systems get generated. This is lisp, surely i can do that without having to literally edit the file? Code is data and all
<jab>I think it's a permissions issue...just need to move the file to /etc/opensmtpd/dkimsign/file.key
<jab>then make sure that user nobody can read that file.
<ytc>which directories i should avoid touching besides "/gnu/store"?
<sneek>ytc, you have 2 messages!
<sneek>ytc, apteryx says: the x200 performance is quite good; it has 8 GiB of memory and an SSD. The only place it's not really at home is for video playback
<sneek>ytc, apteryx says: haven't compared Guix System on it to other distributions though
***califax- is now known as califax
<efraim>hello guix!
*raghavgururajan towards his X200T: "You spin my head right, round right round, when you shut down, when you shut down down" 🎶️
***iyzsong- is now known as iyzsong
<attila_lendvai>i'm wondering how well constructive criticism is received on the guix-devel mailing list. i'm a newcomer, just getting through my first patch submission, and i'm collecting a kind of first impressions list, mostly about tools and project workflows... my usual style is very much to the point, and i'm used to rational receivers, but as i'm new here, i don't know how many hornest nests are kept around...
<vivien>Hello guix, Maxime Devos helped me a lot, but my latest patch series introducing a slight modification in the minetest build system still lacks reviews (, the untested patch is;att=4;msg=23;filename=0001-guix-minetest-build-system-Report-all-error-lines-be.patch). Could someone help?
<attila_lendvai>i guess what i'm looking for is: "be careful with the wording", or "send it first to me, and i'll read it first", or "fire away! don't be rude or personal, but rational points should be received rationally, and if not, people will speak up to moderate", etc...
<efraim>attila_lendvai: fire away! we'd like to ease the pain points as possible
<rekado>attila_lendvai: my recommendation: keep it to one point. Mails with a dozen unrelated points rarely ever result in a good discussion.
<attila_lendvai>rekado, that's a good point, thanks!
<rekado>one more note: there is no point in trying to debate community foundations (e.g. free software, FSDG, CoC, etc). But technical discussions and debating procedures and approaches is most welcome.
<attila_lendvai>sure, that i understand and accept, or even support. even though i'm pragmatic when i need to resort to using... that other repo... :)
<lilyp>vivien: I don't think it makes sense to split those errors from context
<lilyp>Perhaps we could instead simply count the errors, raise an exception if that count is bigger than 0 and then point to a log file (for guix build -K)
<Soheil[m]>What is the problem with this config? I get a strange output!
<Soheil[m]>The first few lines of the output
<jab>morning guix!
<yewscion>Good Morning, Everyone!
<hjklambda>Can I inherit service-types? I'm looking to modify a couple of services and looking for an easy way
<jab>hjklambda: I believe so. I believe this is called extending a service.
<hjklambda>jab: No I'm not looking to extend but modify existing service-types, For example I write my own shepherd-service then edit the service type to refer to mine
<lilyp>hjklambda: You can configure the existing shepherd service but not add features not already accounted for
<jab>hjklambda: You might be able to write your own channel...and modify the service that way.
<hjklambda>I thought of defining a new service-type and referring to my extensions, But the existing extensions are not exported so there is a lot of duplicated code
<jab>awesome! I am trying to get opensmtpd-filter-dkimsign to work...and I just realized a lot of my issue is a permission issue with the dkimsign key...So I put some code in to copy said file over to /etc/opensmtpd/dkimsign/. Said code also creates /etc/opensmtpd/dkimsign...
***yjftsjthsd9 is now known as yjftsjthsd
<jab>though it's not quite working. error: %smtpd.conf: unbound variable.
<jab>it was working-ish before.
<jab>ok I think that's the problem...I guess you are not allowed to create a module that executes code when you load the module.
<roptat>jab, you could make create-etc-dkimsign-key-file to create a computed-file that contains the keys, since you have to point the config to them anyway, I don't think the location matters?
<roptat>ah nevermind, it would end up in the store, world-readable
<vivien>lilyp, that’s the clever thing to do. Let me write it...
<jab>roptat: yeah, that was my thought too. probably best not to have that world readable...
<lilyp>vivien: regarding config.txt and _config.txt, what's the rationale behind installing those?
<vivien>Maxime found that they are sometimes used by other projects.
<vivien>I don’t have much more ^^
<zamfofex>Hello, everyone! Does anyone happen to know whether it’s possible to replace the Shepherd package of the Shepherd “essential service” (with a customized one) when defining an operating system? Or at least doing so without having to redefine the essential serves, that is. Is there a “correct way”, or is this something that is not expected for users to do?
<attila_lendvai>is there a way in emacs, magit, to auto-generate the commit message in the ChangeLog format? i'm staring at a magit-commit-reword, and i wish i could press a button to generate the commit message...
*attila_lendvai has found C-x 4 a
<vivien>attila lendvai, I don’t have the right words to thank you and explain how miserable I feel for not knowing that despite needing it so much.
<attila_lendvai>vivien, well, you're very welcome! :) it's not too convenient, though: it opens the ChangeLog file, and starts modifying it, and then you need to copy-paste it to the commit message, and deal with the annoyance of an open, modified file that you don't want saved... but it's bearable for now.
<vivien>attila lendvai, if you do that from the magit buffer, it will do what you expect
<attila_lendvai>vivien, i did it while standing on a diff chunk, and IIRC it still opened ChangeLog... but maybe i'm confusing something. i'll see next time.
<vivien>Oh, it doesn’t always work
<attila_lendvai>guix pull'ing from my own fork of guix, added as a channel, for the first time -- very exciting! :)
<zamfofex>To answer my previous question, it seems ‘modify-services’ is what I need. There is also an example of exactly what I want in the manual!
<vivien>Weird, I can’t have it work again. Anyway, you also have magit-generate-changelog
<attila_lendvai>vivien, heh, i already had it in my notes... *shakes head*. saved it from an email, so that it will be useful in the future. it contains this, too: magit-commit-add-log (bound to C)
<civodul>sneek: seen mothacehe
<sneek>mothacehe was in #guix 21 days ago, saying: bsturmfels: ok, we slowly progress :) If you can find the sources of their resizing tool we can maybe understand why it doesn't work on our image..
<makx>I really need a beefier aarch64 build environment; building linux-libre takes hours (and needs a lot of disk and ram)
<nckx>Frabjous morning, Guix.
***ChanServ sets mode: -o nckx
<roptat>hello nckx :)
<jab>drakonis: did you get home set up last night?
<jab>guix home*
<jab>sweet action! I've got some code that copies my dkimsign key to /etc/opensmtpd/dkimsign/file.key, and makes sure that the directories are owned by user nobody.
<attila_lendvai>is there a way to have a 'cc' in the PATH? it's rather annoying to resolve this in my current context, and it's only needed on Guix...
<attila_lendvai>i mean, in a guix environment --ad-hoc clang...
<roptat>I have an issue building a latex project: (file fir_junpg2.enc): cannot open encoding file for reading
<roptat>any ideas?
<roptat>I'm using the monolithic texlive package
*rekado cannot help with the monolithic texlive package
<rekado>does the file exist somewhere?
<rekado>attila_lendvai: upstream does not provide “cc”, so in Guix it doesn’t exist.
<roptat>doesn't seem so
<roptat>but I can't find this referenced in what I'm trying to build either
<mbakke>attila_lendvai: the 'clang-toolchain' package provides cc and c++ executables
<rekado>roptat: it’s not listed in texlive.tlpdb either.
<attila_lendvai>mbakke, thank you!
<nckx>attila_lendvai: The software you're working on doesn't support $CC (or similar)?
<nckx>That's how we work around ‘cc’ users in Guix proper.
<efraim>phase `build' succeeded after 246746.8 seconds
<roptat>wow, what was it?
<efraim>guile-3.0.7, core-updates-frozen on powerpc-linux
<iskarian>attila_lendvai, you can use a snippet from etc/snippets (see "The Perfect Setup" in the manual), and then use M-x yas-insert-snippet
<jab>efraim: is the guile supporto n powerpc-linux decent?
<vivien>With the change suggested by lilyp to improve the minetest build system:
<efraim>jab: its not bad I guess
<ixmpp>Alright, say i need to modify gnu/system.scm to change how systems get generated. This is lisp, surely i can do that without having to literally edit the file? Code is data and all
<podiki[m]>you want to override/shadow functions from system.scm somehow?
<ixmpp>podiki[m]: I want to change system generation
<jab>apparently my email does not meet IPv6 PTR just blocked an email that I just sent.
<jab>Now if I can figure out how to fix that...
<nckx>jab: Your PTR is, but there is no AAAA record there.
<nckx>You need to change the PTR to or add an AAAA record to pointing to 2600:3c00::f03c:92ff:fed1:1be3.
<Noisytoot>or use IPv4 if you have PTR set up for it
<jab>nckx: I'm not even certain how I set up PTR...
<jab>I guess I'll add an AAAA record pointing to my IPv6 address.
<vivien>jab, you need to ask your ISP
<nckx>If this is a hosted server, look in the control panel.
<nckx>jab: <I guess> That'll work finely.
<jab>nckx: I don't think I plan on using IPv6 with this server...
<jab>it's with linode.
<nckx>Then don't send over IPv6. Also, I'd ask why, but I don't talk to IPv4 weirdoes.
*nckx never used linode, but I guess I know who wrote the Guix guide :)
<drakonis>linode works
<nckx>This gon b gud.
<Noisytoot>nckx, my mail server doesn't have native IPv4
<Noisytoot>only over a tunnel
<Noisytoot>neither do either of my ISPs
*nckx hears distant voices but can't understand what they're saying because they're using an obsolete IP version.
<jab>nckx hahahaha. :)
<nckx>They are pretty neato.
<nckx>I almost wish I still had to use them.
<nckx>I tried to tunnel berlin through them but our firewall's too restrictive :(
<Noisytoot>on my VPS, it doesn't have much of an effect on ping time (sometimes it makes it slower, but sometimes faster, both by ~1ms), but virgin media seems to throttle 6to4
<nckx>jab: If you don't send over IPv6, Google (or anyone) won't care if it's misconfigured.
<Noisytoot>(my mail server isn't on virgin media, but my home internet connection and IRC bouncer is)
<jab>nckx: So if I sent email over Ipv4, people will care if it's misconfigured? But if I send over IPv6, people will not care? Or should it just be properly configured both ways?
<vivien>It’s hard to configure an email server properly, because expectations are so low that noone will tell you if you did something wrong.
<nckx>No, I mean a ‘broken’ IPv6 PTR set-up shouldn't affect your reputation if you never send over IPv6. If you do send over IPv6, as it seems you are, you need IPv6 FCrDNS. You need to choose.
<jab>vivien: thanks. I'm slowly getting it t owork.
<jab>nckx: gotcha. Can I send email over both IPv4 and IPv6 or do I need to pick one?
<nckx>Meh, it's hard, but how hard is overblown.
<nckx>jab: Both is fine!
<vivien>jab, if you send an email to me over ipv6 even without a reverse DNS, it won’t be discarded!
<nckx>It will here.
<drakonis>gonna get me gandi now
<drakonis>free mail boxes yall
<jab>vivien: hahah. thanks!
<jab>nckx: ok. cool.
<nckx>Note that ‘reverse DNS’ isn't enough: the FC means ‘forward-confirmed’, which is a stilted way of saying your A/AAAA has to resolve to a PTR that resolves to the *same* A/AAAA again.
<nckx>You have rDNS, but it's not a loop: → 2006:… → → no PTR
<nckx>Eh, s/no PTR/no AAAA/.
<jab>nckx: Hmmm...I thought I just added an AAAA record that pointed to my IPv6 address. I thought that would have fixed it...
<jab>and I thought I had rDNS set up in my linode...
<vivien>nckx, as long as it’s IP -> name -> same IP and not name -> IP -> same name, I should be fine :)
<nckx>It might, I didn't recheck.
<nckx>jab: Affirmative.
<jab>sweet action!
<podiki[m]>ixmpp: sorry, don't know, I would guess something/combo of guile load path, definitions in the system config, but maybe you have to build guix with your modifications?
<ixmpp>Yeah thats what im trying to avoid
<ixmpp>Shouldnt have to fork lisp projects
<jab>ok, I'm getting out of here for a while. Thanks for the help nckx! as always!
<drakonis>ixmpp: what are you trying to achieve here?
<bdju>is spacefm known to be broken or does it work for some people? it crashes on launch for me
<ixmpp>What i said on the tin
<ixmpp>Changing how systems get gen'd
<ixmpp>Should be hackable, no?
<bdju> these are the errors when launching spacefm
<nckx>bdju: Does ‘guix environment --pure --ad-hoc spacefm -- spacefm’ work for you?
<nckx>Does here.
<nckx>This looks like glib-related environment horriblage.
*nckx reflexively blames propagation.
<drakonis>ixmpp: but in which way?
<ixmpp>drakonis: Any way, i don't have a plan, i'm just figuring out the hackability routes there are, if any
<ixmpp>Also `guix home` has stopped working for me... but home is still in guix/scripts
<bdju>nckx: oh yeah, it does open when I do that. lots of gtk warnings in the terminal and missing icons in the program, but it opened at least
<nckx>Yeah, same, I just meant that it didn't crash.
<nckx>Could you report a bug? Gstuff is not really my field of interest.
<nckx>Thanks ♥
*nckx → away.
<attila_lendvai>nckx, iskarian, i know how to deal with it when packaging, but it's about a guix environment --ad-hoc and shell use. i keep forgetting to use make CC=clang test, and it fails a couple of minutes into the tests... but it happens often with various apps
<iskarian>attila_lendvai, are you using 'clang-toolchain'?
<attila_lendvai>iskarian, now i am, as suggested, and i'm happy to have a cc in the PATH
*attila_lendvai goes to sleep o/
<ixmpp>Apparently i left
<ixmpp>drakonis: Did you respond further
<drakonis>hmm i did not
<ixmpp>Well, more curiously, `guix home` has stopped working for me, despite home.scm still being in ~/.config/guix/current/.../guix/scripts, and me using that guix
<ixmpp>Egh i'll just ask abcdw
<ixmpp>sneek: later tell abcdw looks like `guix home` has stopped working for me, despite home.scm still being in ~/.config/guix/current/.../guix/scripts, and me using that particular guix. Any ideas?
<sneek>Got it.
<ixmpp>Bots'll never let you down... Good bot