<Kalq[m]>guix home reconfigure works for me now after pulling latest commit <Kalq[m]>seems like Andrew Tropin added a fix <atka>yes, looks like it was pushed ~90 mins ago <bjc>system reconfigure still crashing, though =/ <atka>I'm reverting to commit 975966ba09e24d813cf94a794c4bd6375777372a to see if that fixes it for now <atka>yes, it fixed it but kicked me out of ssh :) <atka>actually I want to go back to before the new shepherd was merged, anyone know what commit that was? <vagrantc>"git log --grep=shepherd" can tell you :) <vagrantc>hrm. guess that tells you where it was introduced, not neccesarily what didn't have it :) <atka>still a cool command, thanks <atka>I just happen to have cloned guix yesterday to poke around, is there a git folder inside guix somewhere you can run it on? <blake2b>i just created a new user, but when i try to login from a tty i get: /home/user/.bashrc: Permission Denied <atka>how did you create the user? through your config.scm? <atka>can you ls -la your home dir? <atka>what do the permissions look like, who is the owner <vagrantc>atka: .cache/guix/checkouts/ has all the various git checkout guix pull uses <atka>vagrantc: thanks for the info <vagrantc>atka: wouldn't recommend mucking around in there, though hopefully there are good safeguards :) <atka>but you can run git log in there etc? <blake2b>atka: the owner of the files for that new user is the group users, which they are a member of <vagrantc>typically i have a git checkout that i use, and then i git pull from there instead of using the default server <atka>blake2b: still I would think it would be "blake2b:users" not users:users <vagrantc>that way i only need to download it from the server once ... there are a few surprises (keeping the local keyring branch up to date) <blake2b>also, when I try to login, after it fails my TTY stops functioning... i get a broken shell <atka>ok, well look at your permissions with ls -la, the group probably has less permissions than the user and you are not user 1002 <atka>I'm not sure what you're doing but you have an interesting user:group setup <blake2b>hmm weird because they are part of the group groups and supplementary groups <atka>but why doesn't the user have its own home folder <atka>with a .bashrc that it owns <atka>guix seems to be espescially picky with permissions at least in my experience <atka>I can't run the same users and permissions on my guix server as I can with my alpine server <blake2b>well they have their own home folder, but i guess when I created the user in my config.scm, something went wrong. strange because i basically just copied the (user-account ...) form, changed their names and home directories, and left everything else the same <blake2b>and there is a .bashrc in there too, but they are owned by 1002 <atka>yes, I'd cross reference your config with that section in the manual and reconfigure <atka>sounds like something isn't right <atka>you might need to remove the old homedir by hand as I don't think it will handle that <blake2b>hmm i just checked that the .bashrc is empty... perhaps thats the problem? <atka>did you change user settings or remake a user that had the same name in the past? <atka>because if the home folder already exists I don't think the new user will take over its ownership with a reconfigure, which might explain why a different user owned it <atka>but anyway, I'd remove offending home dirs after consulting the user config section of the manual <blake2b>no there was no folder there before the reconfigure <atka>ok, then there is a config issue most likely <atka>but I need to go otherwise I'd help troubleshoot <jts>what program do i need to put in profiles to make sure they export desktop files? i'm using Gnome if that matters <blake2b>just wondering if this should be reported as a bug <atka>blake2b: I would do some more testing before reporting <blake2b>does anyone know what the 1001, 1002 user groups are? <blake2b>perhaps that will help me get to the bottom of this <vagrantc>blake2b: i think they're in the dynamically allocated group range; i don't have those groups on any of my guix systems that only have a single user (e.g. uid 1000) <vagrantc>(and i think guix typically does not create one group per user) <vagrantc>blake2b: grep -E '1001|1002' /etc/group ? <blake2b>hey vagrantc, I just tried and that produces no results <vagrantc>well, it seems you have one or more ghosts in the machine <blake2b>but i see that user in /etc/group, listed as member of the same groups as me <blake2b>getting a little spooked over here ngl <zacchae[m]>Is it possible to install guix on a foriegn distro as a user? <zacchae[m]>KE0VVT: Is doing so in the guix manual? I can't seem to find it <KE0VVT>zacchae[m]: Oh, right. You do have to be root, yes. <zacchae[m]>Darn. Seems like it should be possible. Guess it's just not supported ofiicially? <KE0VVT>zacchae[m]: You can install it to a custom dir. I wonder if that is enough. <zamfofex>I wonder whether itâd be possible to allow people to use Guix through chroot with something like âguix pack guixâ and a bit of fiddling. <anadon>nckx: What's Tobias's nick on here? <anadon>I have a question because I'm dumb and can't think apparently. <vagrantc>i definitely read some documentation of installing guix as non-root before, but never tried it <anadon>Oh lordy. User install of guix AFAICT is one of the biggest missing features hindering adoption. "Missing feature" in the sense of first class, just works support. <anadon>If I had that, I'd basically use it everywhere, rather just on my personal dev machines. <vagrantc>might be possible with user namespacing to not make it terrible :) ***regtur_ is now known as regtur
<unmatched-paren>has the guix home issue been fixed yet? i'm in a tty because the problem messed up my sway config <kitty1>unmatched-paren: I assume your reffering to the issue where it displayed rmdir yadayada? I believe it has been fixed ***meena9 is now known as meena
<retropikzel>I have accidentally run out of inodes on boot/efi. I ran sudo guix system delete-generations and then sudo guix gc which helped me get rid of old configurations but I can not reconfigure the system. Any way to gc the efi/boot? <civodul>hi retropikzel! /boot/efi is not getting filled AFAICS <civodul>it has one grubx64.efi file, and that's about it, no? <retropikzel>Hmm, okay. I could be wrong. sudo system reconfigure /etc/config.scm command gives me No space left on device error and "df -i" says: <mroh>Isn't /boot/efi vfat normaly? (which doesn't have inodes?!) <retropikzel>Well it's good to know atleast that it propably is not the inode thing. Some progress at least <civodul>retropikzel: most likely the missing space was either on /tmp or on /gnu/store <mbakke>retropikzel: it's possible the UEFI NVRAM is full, do you have a lot of "dump-XXX" files in /sys/firmware/efi/efivars by any chance? <retropikzel>I think the issue was that /tmp was full. Now when I run "sudo guix system reconfigure /etc/config.scm" it says: error: live-service-transient: unbound variable <sneek>Welcome back zimoun, you have 1 message! <sneek>zimoun, blake2b says: i sent you my blog submission yesterday but it was blocked by gmail for whatever reason. I've tried to resend it from another email address, but its unclear if it reached you. lmk, thanks! <unmatched-paren>retropikzel: that's a known issue (might be fixed in latest master? idk) <yewscion>Hi Guix! Hope You all are doing well. I have a question, and my efforts to find a solution online have been stymied somewhat. Basically, I'm trying to set up cuirass to cross-compile some packages on my home server, because I have an ARM-based laptop that will be arriving at the end of the month and would prefer having everything built beforehand. <yewscion>However, every single `armhf-linux` build fails with a note about a failed dependency. I have qemu setup per the manual, and I was able to compile things using the `--target` flag (but not the `--system` flag). Does anyone have any pointers? <meo>is there no vixie cron <meo>unmatched-paren: trying to figure out why it isnt running <retropikzel>unmatched-paren, its working now. Thank you very much :) <meo>mcron is the default cron, but it doesn't seem to run as an user, and i dont feel like mucking with scheme configuration <meo>i mean i do but i need to get this thing running so that web construction workers go away <meo>which makes me "that guy" I guess <meo>no, the whole thing is provisioned by ansible, I really dont need an adventure right now <meo>i'll manage, thanks for trying <meo>herd: service 'mcron' could not be found ÂŻ\_(ă)_/ÂŻ <meo>i guess it needs additional system level configuration <unmatched-paren>i'm not sure how shepherd finds services; i don't know whether it needs just the guix package to be installed or a service to actually be configured in guix home/system <unmatched-paren>it shouldn't be too hard to get a guix home with just the mcron service running <meo>yeah that's kind of my point, end user should be able to set up cron without explicit system level configuration <unmatched-paren>`/etc/config.scm' is for services that run as root, and `seri `~/.config/guix/config.scm' is for services that run as the user <unmatched-paren>`(services)' in `/etc/config.scm' is for services that run as root, and `(services)' in `~/.config/guix/config.scm' is for services that run as the user <meo>yeah, but again, if I am doing it this way then i need to read a bunch of documentation and edit a bunch of ansible scripts <meo>which i realize is a good idea, just not right now <unmatched-paren>`explicit configuration' is kind of half the point of guix, anyway :P <meo>no one does, it's a pile of slow and confusing garbage <unmatched-paren>Much like every other piece of software with `enterprise' all over the front page. <meo>i guess i'll have to go guix home route, good thing I have emacs and tramp on my admin workstation ***slep is now known as cel_b
<meo>yeah im reading that thanks <Guest28>When packaging, whats the correct way to declare a deepndency to a setuid-program? <meo>yeah im about to figure out the syntax <meo>i mean actually when i figure this out it will make the job _easier_ if anything <meo>oh wow guix home container after import produces a completely broken environment <meo>even grep isn't available <civodul>meo: does your home environment include "grep" in its 'packages' field? <civodul>retropikzel: the live-service-transient error was fixed this morning; a mistake of mine... <civodul>zimoun: i read about GitBOM before and wasn't totally convinced <civodul>as often, it looks at just one aspect of provenance tracking <civodul>i offer both the bug and its fix :-) <meo>civodul: i have much to learn <attila_lendvai>civodul, FYI, a bug crept into the http client redirect code. i have a fix for it, but it depends on a commit that adds a new feature. i'd prefer if they all went in, but if you think it's necessary, then i can reorder the commits: https://issues.guix.gnu.org/54836 *attila_lendvai will soon go AFK for an hour or two <civodul>attila_lendvai: oh, thanks for the heads-up! <meo>unmatched-paren: alright I figured it out, much thanks <zimoun>civodul: yeah for sure, the Git commit hashes of all the dependencies are only one part of the issue â the other is the recipe for building. However, this SBOM approach is somehow what we are doing with âguix pack -f docker --save-provenanceâ. And it could be something to think more⊠I have a vague remembering about something related on LWN. :-) <civodul>fiesh: i hadn't seen it but i've just replied <civodul>notifications always go through, even after closing <meo>guix home import did something weird with my bash scripts, but doesn't matter now <civodul>after a while the issue is "archived", and in that case you can no longer email it <fiesh>civodul: ah ok, thanks for the explanation! got a notification for your reply which I'll get back to tonight when I have access to my home laptop, thank you! <civodul>zimoun: --save-provenance captures the whole build environment, whereas GitBOM captures just the tip of the iceberg: source files <unmatched-paren>anyway... there should be a `<numbers>-guix-home-backup' (or something similar) directory in $HOME that contains the configs that were overrided <meo>unmatched-paren: what it did is parsed .bashrc, wrote a new one, and then put an include for the copy of the old one in it, effectively running the old version inside the new version <meo>anyway the mcron configuration applies in the container but once i do reconfigure, shepherd doesn't start mcron and trying to start it manually says unknown service <meo>although I have multiple sessions and SSH connection cache <unmatched-paren>meo: there is a service to define additional bash configuration like env vars and extra snippets for your bashrc/bash_profile/... <meo>yeah but right now i only care about mcron running <civodul>zimoun: nixbom just creates text (right?), whereas LLVM-GitBOM embeds SHA1s in ELF section <meo>i snipped out everything bash related <civodul>but yeah, --save-provenance is not very different <meo>unmatched-paren: mcron gets started in guix home container, but not in the normal environment <unmatched-paren>i don't think you need "mcron" in your home-configuration's packages, the service will add it automatically <civodul>we may need to rename it to --save-bom to follow the trend <civodul>meo: you can try "guix home extension-graph your-config.scm |xdot -" to get an idea of what's going on <meo>urgh now there's also missing locales <meo>civodul: thanks let's try <meo>sec, now i have to do system reconfigure <meo>unmatched-paren: no i need to allow x11 passthrough in ssh is why <meo>...and it's downloading gnome-backgrounds... <zimoun>civodul, thatâs my understanding. --save-provenance works for pack, gitbom works for binary. Whatever the trend. :-) I think people focused on supply and co. are interested by https://en.wikipedia.org/wiki/Software_bill_of_materials and currenlty our âbillâ is 2 separated files (channels.scm and manifest.scm). Maybe we could do better <civodul>to me, the priority is to successfully convey what Guix permits in terms of provenance tracking <civodul>it should be interesting to those who long into these issues <abrenon>sorry for sending my feedback so late, did you receive it ? <abrenon>you did well to fix an early deadline because again I was much less on time that I hope I'd be <zimoun>civodul: âconveyâ, yes I agree. And maybe if the Guix picture fits the SBOM thing, then people «who long into these issues» could more easily grasp what Guix permits. <abrenon>I feel so called out by the first sentence <abrenon>maybe because I'm doing precisely this by reading it instead of working on my presentation for tomorrow <zimoun>I am doing the exact same right now. ;-) <civodul>zimoun: sorry i meant "who look into these issues", but yeah <zimoun>civodul: since my English is bad, I thought it was a special thing. :-) <civodul>zimoun: in my writing, typos are more likely than sophisticated phrases :-) ***califax- is now known as califax
<Haider>I have packaged my first ever package! (btop) <civodul>Haider: woohoo, welcome on board! :-) <Haider>I am very impressed of Guix's packaging system, It's pretty incredible. <abrenon>Haider: congrats ! yes, it's so amazing <Cassio>I'm guessing that when I run `guix system reconfigure /etc/config.scm`, guix will automatically check all the available substitutes, download them, and then build from source whatever it needs to â am I guessing correctly? <Cassio>If so, what is different when I specify the option `--fallback`? <meo>why does user shepherd exit immediately after start <meo>alright, I got shepherd and mcron to run, so it's a guix home issue ***the-porcupirate is now known as porcupirate
<jab>I'm starting to realize that if I worked for a company that paid me to work on guix...I probably wouldn't last long.... It is taking me super long to write my opensmtpd service definition. <atka>jab: what are you finding to be the hardest part? <jab>atka: I have it in a fairly useful state. I am just striving to make it "perfect", which may not be possible. <rekado>jab: I suggest submitting it for review with a TODO list. <rekado>way back when working on the NFS service I wanted to include kerberos support. It delayed everything. <rekado>eventually I decided to leave that for later so that we could get an NFS service instead of having just the promise of a full-featured service some time in the future. <dlowe>from my experience trying to set up a complicated email configuration (which is still in process), the main issue is just a lack of example configs <dlowe>Right now the documentation is set up in such a way that I have to learn the whole thing before I know I've turned every knob the way it needs to turn. <dlowe>granted, I have a pretty complex setup I'm trying to duplicate. Dovecot + postfix + opendkim + amavis + sieve + managesieve + roundcube + nginx + pam_passwd <dlowe>I can swap out some stuff, like opensmtpd for postfix, but it's a slog <morganw>For mail hosting, is there any VPS hosting that is guix friendly and will let you use an IP address that isn't going to instantly be distrusted? <dlowe>I've been using linode and so far I've been okay. I've been using it for over a decade though, so I may have gotten some special casing <jab>morganw: I also have a linode VPS :) <jab>rekado: will do. I will polish it up and submit it probably with a week or two. <jab>morganw: also check the cookbook. There's a section to show you hot to set up a linode VPS. <jab>dlowe: that does sound like a complicated email set up!!! <fiesh>civodul: does it help to provide my config.scm to create a test case from that possibly? <jab>If roundcube keep becoming too complicated...I know that Drew Devault's team has written a go email web application. It's pretty bare bones, but it is meant to be 0 configuration. <dlowe>roundcube is one of the simplest components. I mostly just pointed it at the mail server and off it went <dlowe>pam_passwd was to have a password for email separated from shell passwords <dlowe>and then postfix runs incoming mail through amavis for virus/spam detection, outgoing mail through opendkim for signatures, using dovecot for local mail delivery and authentication <dlowe>dovecot handles POP, IMAP, and the ManageSieve protocol, and runs Sieve as part of its local delivery <civodul>fiesh: yes, you can provide your config.scm <civodul>i won't be able to test it on the metal, obviously, but that can still help <civodul>perhaps you can test in a VM using the debugging trick i mentioned in that issue? <dlowe>I've been using Gnome Boxes to play with configuring whole systems <dlowe>theoretically once I get it working I can reconfigure right on the linode and it will just unfold into a working thing. <atka>can someone point me in the correct direction? I'm wanting to patch a system file, mapped-devices.scm, I'm not sure about the workflow. I've cloned guix, then I need to set my guile load path to the cloned guix repo and make sure I'm using the correct modules? I would like to add an extra field to (define-record-type*, a boolean option. Depending on that boolean I would like to have a conditional <atka>append a line to the cryptsetup open command. Ideally I would be able to evaluate the output as I play around with the code. <vagrantc>atka: if you're on a foreign distro, you might have to do that from within guix shell <vagrantc>atka: and once you've done all that, ./pre-inst-env guix ... <vagrantc>atka: you can pass -jN to make if you have plenty of CPUs and ram <atka>vagrantc: I'm on guix system and I've just cloned git so far <vagrantc>could sneek learn how to respond to various FAQ-like things? *vagrantc also cheats and often skips "make check" <atka>I'll need to find a way to isolate what I want to evaluate as well <atka>basically I want to see what string comes out the other end, but that's a bit later <atka>this is going to take forever on a core 2 duo and 4G ram probably... <vagrantc>it's kind of a one-time thing, although as you make more edits, it gets slower to the point where you want to re-run it <atka>I just want to enable fstrim for luks devices! <yewscion>Hi Guix! Hope You all are doing well. I have a question, and my efforts to find a solution online have been stymied somewhat. Basically, I'm trying to set up cuirass to cross-compile some packages on my home server, because I have an ARM-based laptop that will be arriving at the end of the month and would prefer having everything built beforehand. <yewscion>However, every single `armhf-linux` build fails with a note about a failed dependency. I have qemu setup per the manual, and I was able to compile things using the `--target` flag (but not the `--system` flag). Does anyone have any pointers? <jab>yewscion: what is the failed dependency? <jab>I am not an expert on this subject really...at all... <jab>you might try looking at the error log that guiz provides. <vagrantc>i daresay armhf on guix is likely suffering from bitrot ... <vagrantc>there aren't enough active users to fix bugs <atka>vagrantc: I'm trying to get there <vagrantc>and upstream bitrot too doesn't help any... <vagrantc>i had a few machines a while back, but then intractible bugs just made me move onto other things <tschilptschilp23>regarding docker-compose -- it looks like the recent python-pyyaml update to version 6.0 breaks the sanity check phase. <tschilptschilp23>with python-pyyaml 5.4.1 from guix 9bd4ed3 everything still seems to be fine. <jab>vagrantc: what would be some examples of upstream bitrot ? <vagrantc>jab: code changes and nobody bothered to test on 32-bit arm, and surprise, it doesn't work anymore, and hasn't for weeks/months/years <vagrantc>architecture-specific bugs happen all the time, and if someone is not testing and fixing them. <jab>vagrantc: what about for 64 bit arm? Is it in a better state there? <vagrantc>jab: there is more active maintenance, sure. it's still a little rough with guix, but not necessarily unbearable <civodul>yeah, we need more people using these architectures <civodul>sort of a chicken-and-egg problem i guess <vagrantc>there's finally some decent 64-bit arm hardware coming out that is affordable for mere mortals <vagrantc>the rk3399, even. but also things like the honeycomb lx2 boards which i think are part of ghuix infrastructure now <atka>I've been looking for an arm sbc for years, but can't bring myself to order from pine, I'd love a 3399 to tinker with <dlowe>I have a pinebook. It's a very nice low-powered laptop but the firmware was half-baked and has been pretty much abandoned in favor of their phone <vagrantc>dlowe: the upstream support is a lot better now, you may not need their weird install <atka>that honeycomb lx2 looks really nice <dlowe>runs everything great except web browsing :p <vagrantc>the kind of web browsing i do works fine too :) *vagrantc fires up a space heater, er, old arm64 server to take the chill off by updating guix <vagrantc>it's actually only a 60 watt space heater, not even very good at that :) <atka>that honeycomb lx2 looks much better than the old macchiatobin boards for the price <rekado>I âdeactivatedâ a specification for wip-r on ci.guix.gnu.org; how can I activate it again? <jgart[m]>What's a good resource for learning to write shepherd services? <jgart[m]>Or more specifically, what directory does shepherd looks for my services in? <atka>vagrantc: should that honeycomb lx2 just work with linux-libre, guix? any idea how open it is, bootloader etc? <vagrantc>atka: mine's still on order, but i get the impression it works from various debian and guix folks using it <vagrantc>i think rekado and cbaines set up the ones guix is using? <atka>do you know roughly what an equivalent x86_64 cpu would be? <atka>I'm guessing its pretty good performance per watt wise <vagrantc>atka: that's pretty much an impossible comparison <vagrantc>rekado: oh, i didn't realize they were using u-boot, i thought that had an EFI implementation <atka>how so? performance per watt should be calculable on any system and there has to be a close enough workload to check, computing pi, foctoring, something <vagrantc>atka: sure, you can get measures of specific metrics, but for real-world use, ... eh. <atka>yeah I would just be interested how fast can it compile its own kernel or a package vs my skylake i5 4c/4t 45W laptop <vagrantc>it'd be ok on workloads with lots of threads, but the individual cpus aren't terribly fast (not terribly slow either) but you have 16 of them <vagrantc>A72 cores, so should be similar to the two fast cores in a pinebook-pro or rockpro64 or any rk3399 <atka>it does have impressive network capabilities as well <atka>curious about that custom kernel though, wonder if mainline is expected, I've heard good things about nxp being good in that regard <vagrantc>atka: doesn't look like any patches, just configuration options <vagrantc>would be nice to get those into guix master if possible <yewscion>I think I've found a bug in the Cuirass UI. Is there somewhere I should report it specifically, like issues.guix.gnu.org? <ss2>yewscion: yes, should be the right place.