IRC channel logs


back to list of logs

<the_tubular>Chat is always dead during NA hours :(
<the_tubular>We need more NA guixers
<oriansj>the_tubular: we need more guixers in general
<oriansj>regardless of from where, as with many hands heavy work becomes light.
<oriansj>and I am assuming you mean North American by NA hours (as opposed to Northern Austria or Northern Australia or Naked Antarctica)
***sneek_ is now known as sneek
<brendyn>Australian Guixer here
<brendyn>It seems the build environment has randomly different group id numbers??
<roptat>brendyn, I think it's supposed to have reproducible group id numbers
<roptat>namely, I think it's supposed to be 0
<roptat>(well, inside the environment, but it's still run by a build user)
<brendyn>tar -c -sort=name --mode=go=rX,u+rw,a-s --owner=root,atime:=0,ctime:=0 --group=root --numeric-owner -j -v -f file.tar.bz2 .
<brendyn>This command is ran in a build, but it produces two different things that change between builds
<brendyn>│ │ │ │ │ │ -drwxr-xr-x 0 998 30000 0 2021-10-08 19:58:13.415850 ./
<brendyn>│ │ │ │ │ │ +drwxr-xr-x 0 997 30000 0 2021-10-09 02:17:25.830111 ./
<brendyn>different id, and timestamp
<brendyn>the command is stated in a command to be intended to produce a reproducible tarball
<brendyn>maybe root doesn't have a guid?
<brendyn>i notice in guix there are instances of --owner=root:0
<brendyn>actually, that is UID, and the 30000 is GID by the looks of it?
<apteryx>interesting: tensorflow@1.9.0: probably vulnerable to CVE-2021-29513, CVE-2021-29515, CVE-2021-29516, CVE-2021-29517, CVE-2021-29518, CVE-2021-29519, CVE-2021-29520, CVE-2021-29522, CVE-2021-29523, CVE-2021-29524, CVE-2021-29525, CVE-2021-29526, CVE-2021-29527, CVE-2021-29528, CVE-2021-29529, CVE-2021-29530, CVE-2021-29531, CVE-2021-29532, CVE-2021-29533, CVE-2021-29534, CVE-2021-29535,
<apteryx>CVE-2021-29536, CVE-2021-29537, CVE-2021-29538, CVE-2021-29539, CVE-2021-29540, CVE-2021-29541, CVE-2021-29542, CVE-2021-29543, CVE-2021-29545, CVE-2021-29546, CVE-2021-29547, CVE-2021-29548, CVE-2021-29549, CVE-2021-29550, CVE-2021-29551, CVE-2021-29552, CVE-2021-29553, CVE-2021-29554, CVE-2021-29555, CVE-2021-29556, CVE-2021-29557, CVE-2021-29558, CVE-2021-29559, CVE-2021-29560, CVE-2021-29561,
<apteryx>CVE-2021-29562, CVE-2021-29563, CVE-2021-29564, CVE-2021-29565, CVE-2021-29566, CVE-2021-29567, CVE-2021-29568, CVE-2021-29569, CVE-2021-29570, CVE-2021-29571, CVE-2021-29572, CVE-2021-29573, CVE-2021-29574, CVE-2021-29575, CVE-2021-29576, CVE-2021-29577, CVE-2021-29578, CVE-2021-29579, CVE-2021-29580, CVE-2021-29581, CVE-2021-29582, CVE-2021-29583, CVE-2021-29584, CVE-2021-29585, CVE-2021-29586,
<apteryx>CVE-2021-29587, CVE-2021-29588, CVE-2021-29589, CVE-2021-29590, CVE-2021-29591, CVE-2021-29592, CVE-2021-29593, CVE-2021-29594, CVE-2021-29595, CVE-2021-29596, CVE-2021-29597, CVE-2021-29598, CVE-2021-29599, CVE-2021-29600, CVE-2021-29601, CVE-2021-29602, CVE-2021-29603, CVE-2021-29604, CVE-2021-29605, CVE-2021-29606, CVE-2021-29607, CVE-2021-29608, CVE-2021-29609, CVE-2021-29610, CVE-2021-29611,
<apteryx>CVE-2021-29612, CVE-2021-29613, CVE-2021-29614, CVE-2021-29615, CVE-2021-29616, CVE-2021-29617, CVE-2021-29618, CVE-2021-29619, CVE-2021-35958, CVE-2020-15190, CVE-2020-15194, CVE-2020-15195, CVE-2020-15202, CVE-2020-15203, CVE-2020-15204, CVE-2020-15205, CVE-2020-15206, CVE-2020-15207, CVE-2020-15208, CVE-2020-15209, CVE-2020-15210, CVE-2020-15211, CVE-2020-15265, CVE-2020-15266, CVE-2020-26266,
<apteryx>CVE-2020-26267, CVE-2020-26268, CVE-2020-26270, CVE-2020-26271, CVE-2020-5215, CVE-2019-16778, CVE-2019-9635
<apteryx>didn't realize it was *that* long, eh
<vagrantc>at least the oldest ones are only from 2019...
<vagrantc>brendyn: i would specify --user=0 --group=0 to your tar command, at least... also, see more elaborate example at:
<roptat>brendyn, mh, maybe it's because we have multiple build users, so youcan get a different one on different builds?
<vagrantc>brendyn: sorry, --owner=0 --group=0
<roptat>but I thought the group was always the same
<brendyn>is that the same as --owner=root:0 --group=root:0 ?
<vagrantc>brendyn: since you pass --numeric-owner, it's pointless to tell it something it's going to ignore
<vagrantc>brendyn: you also want --mtime="@${SOURCE_DATE_EPOCH}"
<vagrantc>or --mtime=@0
<brendyn>it is mentioned that mtime=1 is better than mtime=0 due to gzip doing something...
<brendyn>in guix. but no explanation
<vagrantc>you want @1 then
<vagrantc>or pick an arbitrary date
<vagrantc>i have seen a few things fall over with dates older than ~1990
<apteryx>lilyp: by the way, do you still reproduce ?
<brendyn>vagrantc, what about the paxheaders stuff? is that junk?
<vagrantc>brendyn: i'd follow the "Full example" mentioned in the link above
<vagrantc>though some of the pax header stuff doesn't always seem necessary ...
*vagrantc also finds --mode= to sometimes be needed
<vagrantc>but pretty sure that won't matter in guix, where umask *should* be normalized
<brendyn>What's the @ do?
<vagrantc>it tells it the format is to be treated as a unix epoch
<vagrantc>as opposed to ... --mtime=2021-01-01 or something
<brendyn>i like how the tar manual states that the date can be specified in an "almost arbitrary format"
<brendyn>super helpful
<vagrantc>using the unix epoch is also supposed to be rendered timezone independent ... so should be good
<vagrantc>or at least, UTC ...
<brendyn>And it seems its OK if the env variable doesn't exist too
<brendyn>You don't think software will bug out with a fully deleted atime and ctime?
<vagrantc>i don't know why it would
<vagrantc>and if it does, i'd say it's a bug.
<vagrantc>tar doesn't promise to include all that information, anything not handling it being missing is making poor assumptions
<brendyn>ok i will make a patch for upstream to consider
<oriansj>well untar programs are known to make *VERY* bad assumptions.
<lilyp>apteryx: yes, I still have to specify gtksink
<lilyp>is anyone else being prompted for their passwords when trying to pull from savannah?
<brendyn>i get that with github when the repository doesnt exist
<efraim>lilyp: I think it's due to the openssh update. I just changed my key from RSA to ed25519 and i went back to using my key
<lilyp>is there a rationale on this openssh situation?
<vivien>Hi guix! I got news from TRAMP. They don’t want to assume a path order from client side, for security reasons, and they don’t want to perform too much extra checks just for guix.
<efraim>lilyp: "Incompatibility is more likely when connecting to older SSH implementations that have not been upgraded or have not closely tracked improvements in the SSH protocol. For these cases, it may be necessary to selectively re-enable RSA/SHA1 to allow connection and/or user authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms options."
<zacque>Hi #guix!
<zacque>A newbie here, how does guix download the rhash file from the sourceforge with uri "mirror://"?
<zacque>Code snippet: (method url-fetch)
<zacque> (uri (string-append "mirror://sourceforge/rhash/rhash/" version
<zacque> "/rhash-" version "-src.tar.gz"))
<slyfox>zacque: guix/download.scm has a 'sourceforge' mapping to real URLs.
<zacque>slyfox: Ah, I see, got it! Guix will replace "mirror://sourceforge/" with the string from the given url list, e.g. ""
<zacque>Another question: how does guix calculate the base32 of the sha256 of a file? I got a different result using "$ sha256sum <FILE> | base32".
<zacque>But "$ guix hash sml-mode-6.10.el" gives "01yf0s474r9xhj6nbs14ljn9ccxb5yy758i17c8nmgmqvm8fx7sb"
<lilyp>efraim okay, but can't savannah use e.g. ssh-rsa-256 with the same keys?
<lilyp>or would I need to generate a new public key for that
<lilyp>(or better ssh-rsa-sha512 of course)
<efraim>My reading of it is that Savannah accepts sha1 and they need to fix it but I didn't try a different RSA key
<lilyp>I tried adding "PubkeyAcceptedAlgorithms +ssh-rsa", but that did nothing
<efraim>What about HostkeyAlgorithms
<brendyn>zacque, guix uses a format called nix-base32
<lilyp>I did already store the ed25519 key, so that wouldn't matter but even enabling that as well doesn't help
<brendyn>zacque, you can use guix hash -f base32/base64/base16/hex/dexadecimal
<lilyp>what baffles me even more is this line: debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512
<brendyn>zacque, i think i vaguely remember reading that it excludes E O U T, so that its unlikely the hash will form any innapropriate language by accident. atleast i remember someone saying that
<zacque>brendyn: Thanks! You're right, "$ guix hash --help" indeed informs that it is using "nix-base32" by default
<brendyn>zacque, i found this implementation here of it
<zacque>brendyn: Looking into the file "guix/base32.scm", the %nix-base32-chars indeed left out the character E O U and T.
<zacque>brendyn: You have gone too far, I think this file "guix/base32.scm" will do
<PurpleSym[m]>Can I somehow inherit a package and add it to the inputs at the same time? Trying to package Python bindings for libolm, which are part of the same repo and thus share version and source.
<brendyn>PurpleSym[m], it should work fine if you just do it
<PurpleSym[m]>brendyn: Nope, I get a massive backtrace:
<lilyp>brendyn (inputs `(("my-input" ,my-package) ,@(package-inputs inherited)))
<lilyp>PurpleSym[m]: 👆️
<brendyn>sounds like it doesnt need to be included as an input though?
<brendyn>there are many packages that are build from a single source
<PurpleSym[m]>I still need to link to libolm, so yeah, I think I need to refer to libolm in inputs.
<brendyn>can you share the code.
<PurpleSym[m]>Sure, here:
<PurpleSym[m]>Trying to append to python-crypto.scm
<lilyp>PurpleSym[m]: Just do (source (package-source libolm)) and it'll be better, no?
<brendyn>it could be due to which module its in.
<lilyp>OTOH then you'd need to keep them in sync, so it's not much gained
<PurpleSym[m]>lilyp: Nope, does not work either. Same backtrace.
<PurpleSym[m]>brendyn: Yep, that’s it. If I add it to crypto.scm instead it works. Thanks!
<PurpleSym[m]>Not the prettiest solution having a Python package in crypto instead of python-crypto, but well…
<brendyn>PurpleSym[m], i had that before and solved it by moving the package. unfortately i don't know what mysterious logic goes on behind the scenes to run into that issue
<brendyn>someone with a good understanding of guile would need to explain it
<brendyn>PurpleSym[m], i actually posted a bug report asking about this stuff with respect to libdbusmenu-qt. maybe you can add your example to it and ask why it happens
<PurpleSym[m]>brendyn: You mean
<PurpleSym[m]>I think Guile does not handle circular imports well.
<brendyn>i should probably have just asked on guix -devel
<razor[m]><PurpleSym[m]> "I think Guile does not handle..." <- guile handeles circulur imports pretty well lol
<razor[m]>and its coming from a veteran developer
<razor[m]>how i look btw
*razor[m] uploaded an image: (1707KiB) < >
<brendyn>razor[m], do you know how to debug the source of a circular reference? guile just says unbound variable
<nckx>You look super veteran.
<nckx>Good morning Guix.
<razor[m]>brendyn: so make a boundary dumbass
<brendyn>? do we have another troll?
<razor[m]>its night here lol n im partying with huukers
<razor[m]>anyway Good morning
<razor[m]>brendyn: how, you ask stoopid questions
<lilyp>please refrain from such language, it makes it easier for all of us
<mekeor>hi guix! when i try "guix pull" with my custom guix-channel (called "channeled") (which includes a package for "emacs-athena"), i get this error: `(exception misc-error (value #f) (value "no code for module ~S") (value ((channeled packages emacs-athena))) (value #f))`. any idea how to fix this? :)
<mekeor>here's the package definition:
<vivien>mekeor, are you sure that this file is under /channeled/package/emacs-athena in the git repository?
<vivien>Sorry, /channeled/package/emacs-athena.scm
<mekeor>vivien: /channeled/packages/emacs-athena.scm, you mean? i.e. packageS with S
<vivien>Ha, here is your error: there’s no 's' in the (define-module) name in the file
<mekeor>oh :O
<mekeor>dayum xD
<mekeor>let's see if it works now :) thank you, vivien :)
<vivien>That sort of error happens all the time, because 3 things must exactly match: the line in (define-module), the file name it’s in, and the way you include that module (if applicable). That’s the single source for the "no code for module" that I’ve ever had.
<lasnesne[m]>Hey guix! I’m packaging openimagedenoise to use it on blender. But they provides their trained weights with only git-lfs. Are there any way to fetch it?
<nckx>Wow, Git LFS really doesn't want to give you a simple HTTPS URL you can actually download, does it…
<nckx>‘All Batch API requests use the POST verb, and require the following HTTP headers.’
<nckx>zacque: You just forgot a command or two in your pipe.
***ChanServ sets mode: +o litharge
***litharge sets mode: +q *!razormone@*
***litharge sets mode: -o litharge
<mbakke>how do I make 'hostname -f' return a FQDN on Guix?
<zacque>ncks: Wow, what are you doing there? Sorry, I'm not good at shell scipt =X
<zacque>ncks: Oops, I can just run the script... Wow, just wow
<zacque>ncks: Don't really understand what it's doing, but it looks cool
<nckx>You can probably golf it a bit to make it shorter but nor did I do anything to make it look silly. Just wrote the ‘‘‘obvious’’’ way to convert from the hash part of sha256sum (you were passing the entire output to base32 which is too much), into raw binary, into ‘text’ binary, reversed that, added some 0000 padding which nix-base32 expects, pass it to bc to convert the binary text back into hex text, then back into raw binary, then we simply call bas
<nckx>e32 so it's not cheating because we simply call base32, then replace the characters because Eelco was worried of hashes containing swear words, then truncate the "0===" ending.
<nckx>mbakke: Make sure you don't have ‘localhost’ as the canonical (=first) hostname in /etc/hosts, because that will override any FQDN set in /etc/hostname.
<nckx>mbakke: See, ‘THE FQDN’, ‘The recommended…’ parapgraph.
<mbakke>nckx: ooh, that makes sense, thanks!
<nckx>Hope it helps!
<nckx>zacque: Anyway, this proves that Guix really does use base32, but of course the real moral of the story is to use ‘guix hash’, for the love of god use ’guix hash’ 😉
<nckx>zacque: The tr just replaces the traditional (RFC-4648) character set used by the base32 command, [a-z234567], which omits some numbers (e.g., 1) that might look confusingly like letters (e.g., l or I), with a different set (, page 89, ‘This is to reduce the possibility […] potentially offensive to some users’).
<nckx>I'm still not sure if that was for real or he just wanted to pad his references…
<nckx>mbakke: I write my own /etc/hosts in my system.scm; does this mean Guix does something wrong(?) by default and could be improved?
<nckx>It *is* all pretty arcane…
<zacque>nckx: Ah, I see what you're trying to say! I would say it's a modified base32. I was just being curious while learning to write a simple package definition. It occured to me that "Why not simply hash it and then convert it into base32? It should give the same result, right?". Then the result turned out to be very different from what I expected. Ha!
<zacque>ncks: Well, maybe it's both (for real and to pad references) =D
<nckx>It would be a trivial character substitution if it weren't also backwards (bytes are reversed) for reasons I don't quite understand.
<nckx>Before I noticed the fold vs. fold-right, I got wildly wrong (not just backwards) results and like you was very confused ☺
<nckx>The ‘Ni’ in Nix really does stand for NIH.
<lilyp>How so?
<zacque>ncks: Ah, that's why the tac part in the chain of command?
<zacque>ncks: National Institutes of Health?
<lilyp>Not invented here
<zacque>lilyp: Oops, thanks
<nckx>(zacque: —x, or I won't hear you.)
<zacque>nckx: Sorry, what is -x? I'm very new to IRC
<nckx>How so what?
<nckx>My nick is nckx, not ncks.
<zacque>nckx: Sorry! I swear it's a typo =D
<nckx>It's a substring of my name, and it was intended to be relatively unique when I chose it (and, of course, ‘cool’ & unusual — sincere apologies from my 11y.o. self) but the protein lobby ruined that.
<nckx>zacque: IRC is a very simple protocol, and clients just scan each line for your nick (or another configurable text string) and will highlight/notify you based on that. So if you write ncks mine won't ring a ding.
<nckx>Most clients, even Web ones, tab-complete nicks by the way.
<lilyp>nckx: your github account is the fourth thing that pops up in DDG
<lilyp>(that's DuckDuckGo, not Data Dependency Graph)
<nckx>It used to be higher :'(
<nckx>I need to out-SEO science.
<zacque>nckx: Ha! Same goes to my nick, I just made it up, still loving it =D
<zacque>nckx: Whoosh, TAB works like wonder, thanks!
<zacque>nckx: Now I can type so much faster
<nckx>I just tupled you productivity. How will you repay me?
<zacque>nckx: Point you to another Today-I-Learned post?
<nckx>OTOH I made you look at that pipeline earlier without protective eyewear so I guess we're even.
<nckx>zacque: That is very acceptable, thanks!
<nckx>/r/TIL is a pretty great weakness of mine.
***jonsger1 is now known as jonsger
<jpoiret>mhm, trying to package, i'm getting this backtrace
<jpoiret>apparently it's trying to reset the timestamp of a gzip it doesn't have the rights to
<foomar>Any hints about running X using sx or xinit? I added `xorg-server-service-type' to my configuration, I can get to a graphical screen but neither the mouse nor the keyboard work
<lilyp>wouldn't it be easier to create a guix environment that has the right packages?
<lilyp>foomar bluetooth maybe?
<foomar>lilyp: what do you mean?
<lilyp>are your peripherals connected via bluetooth?
<foomar>lilyp: Nop
<foomar>lilyp: I just noticed that xorg is complaining about not finding 'systemd-logind'
<lilyp>well, we do have elogind so things ought to work
<foomar>lilyp: I disabled elogind on purpose, is there a way to make this work without it
<lilyp>I don't even know how related that is to the issue at hand tbh
<foomar>lilyp: Every other error is about evdev not having permissions to open input devices
<lilyp>How'd you suppose it gets those permissions without elogind?
<foomar>lilyp: I'm looking into Xwrapper.config, it should have an option for that
<foomar>lilyp: Maybe I need to put my user in the 'input' group
<foomar>lilyp: devices under /dev/input are owned by input:input
<foomar>lilyp: Adding my user to the input group worked!
<orang3>Hello guixers, I'd like to use guix to build a Docker image which bundles an application scheduled by an mcron job. Am I supposed to use %base-services or can I just use an mcron service type + extension for the job?
<razor[m]><lilyp> "please refrain from such..." <- soyboi
<lilyp>Joke's on you, I'm not a boy.
<mekeor>orang3: taking a look at the definition of %base-services might be helpful to decide whether you need it
<mekeor>orang3: so if i understood you correctly, i.e. if your question was whether you need to use %base-services, then my impression is: yes, you probably do
<orang3>@mekeor thank you for your help, I think I failed to explain myself. What I meant was: I have a cli application which does a REST call, stores it's result and dies. I need the fetching to happen regularly, like once every hour. I need to deploy it via Docker so I was trying to build the minimal image that allows me to have mcron and my application
<orang3>My question was, since mcron is included in %base-services, will the mcron service be able to function correctly without the other base services?
<lilyp>missing services will be instantiated
<lilyp>so if mcron itself refers to those (e.g. shepherd) then they'll be there
<orang3>@lilyp thank you i'll try then
<mekeor>orang3: do you need to log into that operating system? if so, you need the terminal-related services listed in %base-services (or you need to include them yourself in your operating-system declaration).
<mekeor>orang3: does your script need "/bin/sh" do exist? if so, you'll need the special-files-service from base-services (or put it in your os-declaration yourself)
<orang3>@mekeor: I'm not sure I need to go through the actual login, but it might be useful to be able to spawn a shell inside the container for debug purposes
<mekeor>orang3: do you need "" to be a loop-back? if so, you need the static-networking-service defined there...
<orang3>@mekeor not sure i'll need, I plan to use docker compose and I believe it uses the host network stack
<orang3>actually i'm not sure I'll check
<mekeor>i can well imagine that omitting base-services might lead to strange errors which are difficult to understand
<orang3>that was one of the points that made me doubt, but for sure I won't need a dhcp client for example
<mekeor>orang3: where do you see a dhcp-client defined in base-services?
<singpolyma>Do do you build a docker image that uses services? I imagine that's no guix pack, so other docker aware command?
<orang3>I'm using guix system docker-image
<orang3>@mekeor i was wrong, of course there's no
<orang3>dhcp client in %base-services
*mekeor restarts emacs and continues to read per matrix / mekeor[m]
***sam__ is now known as Guest6168
***janneke is now known as janneke[cm]
***janneke[cm] is now known as janneke_
***janneke_ is now known as janneke
***ChanServ sets mode: +b *!*razormone@*
***razor[m] was kicked by ChanServ (User is banned from this channel)
***ChanServ sets mode: +o litharge
***litharge sets mode: -o litharge
***ChanServ sets mode: +o litharge
***litharge sets mode: -qo *!razormone@* litharge
<paxton>hi, all. i dropped by the other day trying to figure out why i don't have spellcheck in ungoogled-chromium on guix system. i've got hunspell and hunspell-dict-en installed, and now libreoffice has spellcheck (which i think also relies on hunspell) - no dice on chromium yet
<paxton>looks like DICPATH is set so i'm not quite sure what's left to experiment with or what could be missing
<lilyp>it appears ungoogled-chromium does not build against hunspell
<lilyp>if you have a spare machine and two days to waste, you could try adding it
<paxton>oh, hmm. that's interesting. i wonder what it's using. i have ungoogled-chromium on another machine running guix system (same version & generation) where spellcheck is working, and i don't think it's running that through google servers or whatever
<paxton>i'll look into what it usually uses on gnu/linux
<lilyp>I'm simply observing that our ungoogled-chromium doesn't have a hunspell inputs
<lilyp>so if it needs that for spellcheck, we'd have to add it
<attila_lendvai>anyone knows which package installs sphinx-build?
<slyfox>attila_lendvai: probably python-sphinx
<attila_lendvai>slyfox, indeed, thank you!
<attila_lendvai>if anyone's interested, i've sent my idris2 patch:
<attila_lendvai>is this a packaging error, or am i missing something? guix environment --ad-hoc python-sphinx python-sphinx-rtd-theme and yet, i get: ModuleNotFoundError: No module named 'sphinx_rtd_theme'
<attila_lendvai>or it will only work if i install them both into my profile?
<civodul>attila_lendvai: you need to have both python and python-sphinx & co. in the profile, otherwise Guix doesn't know PYTHONPATH must be set
<civodul>so: guix environment --ad-hoc python python-sphinx ...
<attila_lendvai>civodul, so, then guix environment --ad-hoc is not an anonymous profile, but something less, right?
<attila_lendvai>nm, i think i see now
*attila_lendvai tries
<attila_lendvai>civodul, yep, it works that way, thank you!
<civodul>it might sound confusing; the reason is that PYTHONPATH is associated with the "python" package
<attila_lendvai>civodul, without thinking much i implictily assumed that the other packages bring in python, too, and the magic happens.
<itd>Hi. What would be an appropriate module for tmate server? Thanks.
<nckx>itd: (gnu packages ssh) and (gnu services ssh), I guess, since this seems to depend on and work similarly to an ssh command?
<itd>ok, thank you
<roptat>I did some changes to the way we build the translated manual:
<roptat>it ensures we don't translate fuzzy node names in the POXREF rules