<raghavgururajan>apteryx: We could remove all the gst inputs from gtk, but that would disable building gtk's gstreamer media-backend. May be we could disable the feature in gst-plugins-bad that removed dependency on qt?
<attila_lendvai>apteryx, oh, hrm... that's a good idea. i thought that i'll not touch the binary as per reproducibility, etc... but the package authenticates it from the official download, so i guess i can patchelf it
<apteryx>dragestil: no, it won't hurt to have both (python-wrapper is just a symlink to python3)
<podiki[m]>that's what I've used on arch (with encrypted boot before grub gets loaded)
<robin>but haven't evaluated whether that kind of setup is as secure as passphrase-entry or not
<podiki[m]>in my case you couldn't get to the boot loader, there is just a prompt to decrypt boot (and if you fail it is a super minimal grub like shell thing); but after that is unlocked it does the root partition via the keyfile
<dragestil>is there a way to build binaries without hardcoded ld interpreter?
<dragestil>say i build emacs in `guix shell --development emacs`, then doing ldd src/emacs gives me /gnu/store/fa6wj5bxkj5ll1d7292a70knmyl7a0cr-glibc-2.31/lib/ld-linux-x86-64.so.2 => /gnu/store/ksy2b6fwfmz40gjajvspl87ia4vsfzj7-glibc-2.31/lib/ld-linux-x86-64.so.2 (0x00007f9e99ec2000)
<florhizome[m]>Can s.o. explain what is core-updates-frozen? Or how the process is going? It seems many packages/fixes I potentially could need are in there (esp meson). Does it make sense to make a guix Shell with one of those branches, and which one?
<florhizome[m]>Or does it make more sense to make a local updated meson-for-build?
<civodul>florhizome[m]: core-updates-frozen is a branch being stabilized that integrates months worth of "core updates" and assorted important changes
<civodul>it's not ready for production use, but you can test it if you want
<civodul>the goal is to merge it in 'master' Real Soon Now
<vivien>I’m not sure guix shell has been merged into core-updates-frozen yet, so you will only be able to use guix shell from master.
<jpoiret>some people here (incl me) are running on a c-u-f system and it's working ok (if you ignore the fact that your timezone is always UTC, the bug is fixed in c-u-f-batched-changes which should be merged into c-u-f at some point)
<jpoiret>dissent: the thing is that you can't really put the kernels on the boot partition since they're in the store
<jpoiret>sneek: later tell dissent the problem is that the kernels and initramfs are in the store so you'd still need to unlock that partition in the bootloader
<florhizome[m]><vivien> "I’m not sure guix shell has been..." <- I think i would invoke guix shell from my normal system and then change my channels or profile in there, wouldn't that work?
<florhizome[m]>I haven't worked with environments and Profiles yet tbh, just a lot of concepts there^^
<florhizome[m]><jpoiret> "some people here (incl me) are..." <- which bug 👀 the one that froze?
<minikN>civodul: I probably didn't catch your answer, but regarding `search-patches`, if u remember, I tried your suggestion with (apply search-patches my-patches) where my-patches is (define my-patches (list "1" "2" "...")) but I'm getting
<minikN>(exception syntax-error (value #f) (value "source expression failed to match any pattern") (value #f) (value search-patches) (value #f))
<nckx>dragestil: <is there a way to build binaries without hardcoded ld interpreter> I don't think so, because it's kind of a bootstrapping point: ld.so is what does all the fancy dynamic stuff, not the kernel.
<nckx>Every ELF binary I've ever looked at hard-codes it.
<dragestil>nckx: ok then how do I port the built binary to another system?
<nckx>Change that hard-coded directory to that expected by the distribution, almost certainly /lib, using patchelf.
<nckx>jonsger: Slow compared to the equivalent Thunderbird build? That's weird.
<dragestil>so I built emacs in guix with ./configure --prefix=/usr and make install --DESTDIR=/tmp/emacs. I copied /tmp/emacs to the other system also under /tmp/emacs. the paths emacs is complaining about missing are all under /tmp/emacs, for example we have /tmp/emacs/usr/share/emacs/29.0.50/etc/charsets/, just not /usr/share/emacs/29.0.50/etc/charsets/
<nckx>configure --prefix=/usr && make install DESTDIR=/tmp/emacs means: I'm going to install you under /usr, so expect your stuff to be there, but for now install your stuff to /tmp/emacs instead of / for $reasons.
<nckx>If your $reasons aren't well-defined maybe you didn't mean to use DESTDIR?
<nckx>If you want the software to run from /tmp/emacs in ‘production’, use --prefix=/tmp/emacs .
<dragestil>uh, I guess i should do --prefix=/tmp/emacs too
<dragestil> I thought --prefix=/usr would also make things relative path. On the other hand I think I also concerned about the weird directory hierarchy in guix, and just wanted something familiar (/usr).
<nckx>Since I know many of you use Android telephones with Guix: I've got one from which I'd need to copy some files to my laptop, but plugging it in over USB doesn't seem to create a device node or anything else useful. How can I mount it?
<nckx>Ah, I don't have android-udev-rules installed, that's probably it.
<nckx>singpolyma: Does MTP just expose a file system though? It sounds, well, media-oriented.
<singpolyma>nckx: you can use it for stuff other than pictures, yeah, it's basically yet another file transfer protocol
<singpolyma>I think the gvfs client is based on jmtpfs as well
<nckx>I love learning things just not when I have n minutes to e-mail files… :-/ This should have been as simple as ‘mount /dev/phone /mnt && cp /mnt/foo’. It wasn't. If a multi-billion company can't even get that to work, I get angry.
<singpolyma>The claim is that you can't have two computers use usb mass storage in the same storage at once. Of course, you can write a gadget to wrap a virtual file system and sync from there, but they didn't want the bother. They don't expect anyone to use MTP they expect them to use Google photos
<nckx>singpolyma: Interesting, and… true, but when/how do two computers ever do that? Do people hook up two laptops to a 'phone? What a fascinating use case.
<nckx>Mmm. I'm starting to see why they just couldn't find the time to get around to writing a USB gadget service too busy so sorry.
<singpolyma>I've had blackberry engineers try to tell me a host os and a client sharing a disk with the client over mass storage is impossible. Most devices that support mass storage require a special data partition that the host unmounts when the mass storage client connects. But I feel like the "fake it" is just somehow a thing that doesn't occur to some people as an option?
<nckx>I feel like my 12-y-o Nokia manages that just fine tho.
<nckx>It prompts me on connection, which is probably the OS remounting things ro, or something, but it works.
<singpolyma>Nokias I've seen do the data partition + unmount thing
<nckx>(Does debug mode lower the security assuming the user isn't going to be the target of malicious evil maids? I'm tempted to leave it on when giving it back, if the only access is over USB, which won't be abused.)
<Noisytoot>nckx: My telephone runs GNU/Linux, not Android
<apteryx>nckx: if your phone is 12 yo, you shouldn't have much to worry about security (it's already doomed)
<nckx>Yeah, it's probably closest to my workflow. I appreciate all the KDE/gvfs/udisks suggestions but I'd be using software I don't really understand, and that would go wrong eventually.
<nckx>apteryx: I think it's called ‘Files’ now but the binary/package is still nautilus.
<apteryx>raghavgururajan: I've let go of gtk not depending on qtbase for now; perhaps to be revisited, or perhaps we could create an output for the gstreamer related gtk libs so that at least substitute users would not need to pull qt unless they install such output
<apteryx>still feels wrong that GTK depeds on qtbase though; I understand it's probably optionally through gstreamer, but if the big GNU/Linux distributions enable such support, then the optional point is kinda moot.
<nckx>The build is still running, I wouldn't want it killed.
<nckx>I expect the system to be slow without swap, I just didn't expect building IceCat to use 16 gigs of RAM. I see now that it uses clang (has it always?), maybe it's partly to blame.
<nckx>jorge[m]1234: You need to ‘make clean-go’ and then run ‘make’ again. That's what ‘recompilation needed’ means. Maybe it could be made more explicit, if there aren't other valid workflows.
<nckx>apteryx: I'm ambivalent about earlyoom. Yes, Linux's OOM killer is notorious (to the point of being a laughing stock amongst other kernel communities), but running a daemon that polls multiple times a second(!) just feels like a punchline, not an improvement.
<nckx>Writing general solutions at such a low level is hard, but having a suite of ‘should never do x’ tests seems like a start.
<dstolfa>nckx: i think there's no real solution other than allowing user-configured policies and lifting the functionality, but just killing the process is a really silly thing to do
*nckx AFK to emulate trick-or-treating candies-handing-outing a day early in a foreign land.
<dstolfa>then again, a lot of linux functionality is really silly
*dstolfa wishes that it wasn't... free software would be in a much better state if programming for it wasn't a complete nightmare
<singpolyma>My biggest issue right now is that some apps see a lot of free memory and think "mine!" I can build Android apps on a machine with 4gb ram, but now that I have 16 the Android build system still consumes most of it somehow?
<nckx>lilyp: We were talking (I was ranting, the rest was talking) about the OOM killer specifically, but there are several things in Linux that just don't… do the design done very good?
<lilyp>oh yeah, Linux' own OOM killer is very conservative
<jorge[m]1234><nckx> "jorge: Can you run ‘rm -r ~/...." <- Cual es la orden ?
<nckx>It's just interesting how Linux seems to have this internal ‘code quality is king’ image of itself, to the point of intimidating newbies, when outside of that community its reputation is rather the opposite.
<M6piz7wk[m]>which is all deployed through `nixos-rebuild switch` that is invoked remotely and build on distributed network that deploys the configuration based on domain and hostname
<florhizome[m]>I think its basically a matter of time until we have more community channels where more Specialized services and variants could be fetched and deployed. But i don't really think it's the responsibility of maintenance to do that.
<M6piz7wk[m]>why not? Maintainer should maintain the package including the configuration assuming that being standardized
<nckx>vivien: Thanks! I agree that this should be possible, but can't your extending service simply turn `(("root" ,key1)) into `(("root" ,key1 ,key2))? Why is it limited to appending to the list only?
<florhizome[m]>I mean you basically want to extend gitea and/or nginx and tor ?
<M6piz7wk[m]>example: Build and deploy gitea with onion-service configured
<vivien>My extension does not know about the base list, it just extends the ssh service to add new keys from a GPG key. The base list is the first keys that are defined in the openssh-configuration, and I don’t think I can get them from the extension.
<vivien>The function that collect the base openssh configuration (including the first keys) and the extensions (additional keys) is in gnu/services/ssh.scm
<lilyp>shouldn't the merger be compose or append or something like that?
<nckx>How can you extend a service without having access to it?
<vivien>I don’t have access to the configuration, but I can still extend it.
<vivien>lilyp, yes, the merger appends all keys, but in the wrong sense of "append"
<vivien>It does not transform `(("root" ,key1) ("root" ,key2)) into `(("root" ,key1 ,key2))
<vivien>nckx, In your operating-system definition, you would have: (service openssh-service-type (openssh-configuration (authorized-keys `(("root" ,a ,b) ("bob" ,c))))), and the `(("root" ,d)) would be computed by another service that would extend the ssh service
<florhizome[m]>Of course you can have similar stuff in guix, i don't see the problem^^ but you need those extensions to be defined somewhere.
<roptat>I think the only example of something similar is how set-xorg-configuration works
<vivien>nckx, the openssh-service has a non-trivial extension function, that builds a new openssh configuration from the configuration you passed in your config.scm and the extensions that are computed by other services (see extend-openssh-authorized-keys in gnu/services/ssh.scm). I’ll slightly rewrite this one.
<florhizome[m]>Little question, why would a git-reference field be incorrect?
<florhizome[m]>I split forge/repoowner/repo/commit/hash into (git-reference (url "Forge/repoowner/repo.git") (commit "hash")) right?
<nckx>Guix service composition is extremely flexible (at times it can even feel to powerful), you really shouldn't have to mangle your data structures' integrity just to appease it.
<lilyp>florhizome[m]: That's typically correct for most forges, but not e.g. for savannah
<florhizome[m]><nckx> "florhizome: I'm guessing you can..." <- I m logging in via Emacs rn... just forgot my keyphrase again lok
<lilyp>Didn't we add a patch to make Guile (and therefore Guix) reproducible?
<M6piz7wk[m]>like it's just declaring dependency metadata to ensure reproducibility..
<apteryx>M6piz7wk[m]: about guix iself, that's a good question; we'd have to try but I think a current Guile bug would prevent it from working (building with parallel jobs causes non-reproducibily in the compiled .go objects)
<roptat>you have to make sure packages don't record other stuff too, like the time of day, the state of /dev/random or the order of files on your filesystem
<nckx>If reproducibility were as simple as ‘record exact dependencies’ Guix (and Nix) would have been reproducible from day 0.
<M6piz7wk[m]>roptat: why is that even a concern? are those build not done in a jail?
<nckx>M6piz7wk[m]: Building in a jail/container/whatever doesn't fix any of that. Files can still contain the same things in seemingly random order, for example, simply depending on which thread got where first during a particular build.
<nckx>Native-inputs means they have to be able to run at build time on the build machine, but aren't needed at run time on the target machine (which might have a different architecture when cross-compiling).
<nckx>I think something got misunderstood here. What did guix lint say?
<davidl>GNUHacker: personally I don't daemonize emacs, I just start and restart it. If you change your emacs packages you probably need to restart emacs in a new shell (should probably just be needed the first time you install a user emacs-package but anyway). So I would suggest to just do that - restart emacs in a new shell.
<katco>hey all. i'm really struggling to understand the usage of gexp. i've defined a service configuration with `define-configuration`. for brevity, let's say it only contains one field `(foo (string "my-default") "my-doc")`. i'm trying to pass the path to `#$(local-file "foo")` in an `operating-system`, but i can't figure out at what stage it gets `ungexp`? the guix CLI suggests it never gets passed to ungexp and says the struct type isn't a string...
<davidl>GNUHacker: you could ofcourse inspect the emacs env variables again before starting emacs.
<GNUHacker>where is env value EMACSLOADPATH? where I can change?
<katco>lilyp: i thought that since the issue was with the configuration, i could narrow the scope of the issue to that, but is it the service scaffolding that would be responsible for expanding any gexprs?
<davidl>GNUHacker: by the way: you should run: cat ~/.guix-profile/etc/profile to get a better idea how GUIX works with environment variables.
<nckx>'T was just a cool badge of serious government scienceness.
<nckx>podiki[m]: That is/was surprisingly common, although I don't understand what's happening then.
<katco>no, i don't think it's the service. if i do nothing but declare the configuration with a gexp, it complains.
<lilyp>Probably some serious engineering decision over at mozilla.org
<lilyp>katco what exactly does "declare the configuration with a gexp" mean here?
<florhizome[m]>so guix doesn't do fc-cache -rv without guix home? that explains a lot lol
<katco>lilyp: in the file where i define all the service/config stuff, i just have `(foo-configuration (foo #~(begin #$(local-file "foo")))`
<katco>and my configuration complains "Invalid value for field foo: $<gexp ..."
<katco>is the `define-configuration` macro perhaps calling `string?` before it can be expanded?
<lilyp>which straightforwardly means that your foo does not take a gexp as configuration
<katco>mm, not straightforward to me anyhow. it is not clear to me when in the pipeline gexp are expanded.
<nckx>florhizome[m]: Guix doesn't do anything like that (munging ~) at all.
<katco>i know that `local-file` will be expanded to the path of the file in the store, being a string, so i thought this should work
<katco>it made sense to me that the configuration should be defined in terms of the types it requires at runtime, and not the types it can expect at declaration time. i thought guix was supposed to expand gexps before evaluating the instantiation of the config, much like macros?
<florhizome[m]>i thought it recomposes fontconfig, forthe user too, bc on the systemlevelit kind of doesn't makesense after installing stuff as user
<katco>otherwise, wouldn't all config fields need to be a "gexp" type or whatever, in case someone wants to pass one in?
<podiki[m]>nckx: if I remember it happened when I didn't have any (extra) fonts installed and it was probably trying to fallback to something that didn't exist? or maybe was just a caching issue. was odd that letter but not numbers showed
<lilyp>katco guix does no such automagic expansion of g-expressions
<lilyp>what are you even trying to solve using gexps?
<florhizome[m]>ok so now (after skipping tests -.^) the build fails at "reset-gzip-timestamps", exactly where the original cairo-dock fails too. i can paste the backtrace if s.o. wants to have a look...
<GNUHacker>I cant edit ~/.guix-profile/etc/profile, say read-only
<GNUHacker>I want add export EMACSLOADPATH=/home/user/.guix-profile/share/emacs/site-lisp:"$EMACSLOADPATH" in this file
<lilyp>Is emacs not installed in your guix profile? If so, install it
<nckx>Run (for-each make-file-writable (find-files ".")) in a phase before 'reset-git-timestamps.
<vagrantc>"guix time-machine --disable-authentication --url=/path/to/guix --commit=xyz... -- build X" is in some cases much faster than doing the whole "guix shell --development guix guix git" "./bootstrap && ./configure --localstatedir=/var && make -jN && build X" dance
<jgart>> Create manifest with 2 packages: python, python-requests. Run guix shell. Decide you want python-lxml instead: exit shell, edit manifest to add python-lxml, re-run guix shell. Type import lxml, it says no module named lxml.
<podiki[m]>if a program (a python one) tries to find shared libraries by running ldconfig, what's the way we deal with that? do we just disable?
<nckx>M6piz7wk[m]: There are some (very) frequently-used Guix helper procedures, syntax, etc. Alas, I don't think most of these are documented, but reading docstrings in e.g. guix/build/utils.scm will get you far. In your case, it sounds like you just need if and getenv, so plain old Guile ☺