IRC channel logs


back to list of logs

<jgart[m]>Should we recommend this book in the docs?
<rekado>lechner: the only discovering is through the code, unfortunately
<sneek>rekado, you have 1 message!
<sneek>rekado, lechner says: Hi, does Mumi offer a way to discover the GraphQL schema? Thanks!
<jgart[m]>I think it is applicable to Guile and Guix
<rekado>it’s all in (mumi web graphql)
<gnucode>Merry Christmas Guix!
<jgart[m]>rekado: what else should be part of the mumi graphql schema?
<rekado>whatever is needed
<jgart[m]>gnucode: Merry Guixmas and a Happy GNU year to you!
<rekado>if there’s no need there’s no point in adding anything
<acrow>jgart +1
<jgart[m]>I'm not sure what I need yet
<gnucode>jgart[m] same to you!
<jgart[m]>from mumi
<jgart[m]>But maybe if I know what's on the menu I might want something
<jgart[m]>I have to study mumi more. I'm not sure how it interacts with it's domain from a mid/high level
<omlet[m]><jgart[m]> "omlet: https://spritely...." <- Toomorrow i use tor browser for use google translate
<omlet[m]>I have learn english fast without traslate
<omlet[m]>Read bews i think help
<omlet[m]>jgart[m]: Happy gnu year for all
<gnucode>omlet[m] what's your native tongue? And congrats for learning english!
<Kolev>qt.qpa.plugin: Could not find the Qt platform plugin "wayland-egl" in ""
<Kolev>This application failed to start because no Qt platform plugin could be initialized. Reinstalling the application may fix this problem.
<omlet[m]><gnucode> "omlet what's your native tongue?..." <- Portuguese
<omlet[m]>But my spanish its better than english
<jgart[m]>Do we have a Portuguese version of the docs?
<civodul>cbaines: hi! guix-qa-frontpage is eating lottsa memory and not responding
<civodul>jgart[m], omlet[m]:
<jgart[m]>civodul: thnx!
<civodul>only 7% is translated, but you can help! :-)
<omlet[m]><jgart[m]> "Do we have a Portuguese version..." <- No
<omlet[m]>Its other person
<omlet[m]><jgart[m]> "Do we have a Portuguese version..." <- I can translate, but i not am the good person for this now
<omlet[m]>Bit os very impportant i see
<omlet[m]><civodul> "jgart, omlet[m]: https://guix...." <- Pt pt
<jgart[m]>Maybe we can translate the other 93% with ****GPT. I had ****GPT explain continuations to me the other day like if I was 5 years old. It's was the deepest yet most lucid explanation of continuations I have ever witnessed. Mind was continually blown. I think I am a better schemer today because of that explanation.
<rekado>why censor “Chat” in “ChatGPT”?
<oriansj>jgart[m]: dangerous thing to do. As bad documentation can easily lead someone to doing something unwise
<jgart[m]>I translated a friend's CLI program from Crystal to Python with it. It even wrote unit tests. My friend didn't code any tests in the Crystal version.
<rekado>and: ChatGPT has been hilariously wrong in explaining bioinfo stuff at work. It’s a good way to test if you truly understand something.
<jgart[m]>rekado: I thought emacs-chatgpt-mode is ok but not ****GPT because it is a proprietary backend
<oriansj>jgart[m]: there is also the problem of non-free training data
<rekado>“Untangling the SaaSS Issue from the Proprietary Software Issue” in is relevant here
<jgart[m]>And the problem of free non-free training data
<jgart[m]>I've read that before but maybe I should revisit it
<jgart[m]>TLDR: Telegram client is ok Telegram is not
<oriansj>jgart[m]: depends if you are ok with a chat app that fails the mud puddle test
<jgart[m]>Ya big bro will be able to recover my telegram data for me when I wake up from the coma: FAILED
<lechner>rekado / thanks!
<omlet[m]>is the guile the only programming language of the gnu project?
<omlet[m]>Or have more?
<oriansj>omlet[m]: guile is the official scripting language for the gnu project. But any programming language which has a free (as in freedom) implementation can be used.
<omlet[m]>oriansj: Not it this
<omlet[m]>my question is if the gnu project has no programming language
<mirai>omlet[m]: a GNU-only programming language?
<lechner>omlet[m] / the GNU project arguably pioneered the GCC compiler collection, which formed the basis of all free Linuxes for a long time. The languages are, as of May 2021, C (gcc), C++ (g++), Objective-C, Fortran (gfortran), Ada (GNAT), Go (gccgo) and D
<omlet[m]>Beyond guile
<mirai>only if the language is "part of the program itself"
<omlet[m]>More programming language beyond guile
<omlet[m]>Its all?
<mirai>Guile is not exactly a language
<mirai>Guile Scheme is
<omlet[m]>mirai: Yes its the schene implementation
<mirai>you can implement other languages with Guile (think of JVM)
<omlet[m]>But have more beyond guile and elisp?
<mirai>gnu make?
<omlet[m]>Itsvis compiler
<omlet[m]>* Its is compiler
<mirai>tbh I don't understand exactly what's being asked
<omlet[m]>omlet[m]: In this, only programming language
<mirai>does gforth count?
<omlet[m]>The objective is learn progrsmmibg lamguage
<omlet[m]>Not others
<lechner>i would start somewhere
<omlet[m]>For developer
<lechner>people have twenty-five different opinions, maybe fewer in this channel
<mirai>are you asking for a general purpose language whose specs are controlled as a GNU project?
<omlet[m]>mirai: Yes
<omlet[m]>* Exactly
<lechner>except for Guile, you may find more exciting languages elsewhere
<mirai>uh, I'm not aware of any that is intended to be truly general purpose (even if they technically are turing-complete)
<mirai>there's some that are focused on their niches such as GNU Poke
<mirai>it has its own scripting language, you can compute things with it
<mirai>there's also VALA
<oriansj>hmmm I wonder what could be causing my GPU's irqs/s to spike
<lechner>bicoin mining?
<oriansj>looks like web browser
<oriansj>as the second that is turned off, it drops to baseline
<lechner>yeah, those are a drag.
<lechner>i have similar issues with cache access on a network drive
<oriansj>thank you igt-gpu-tools for giving me chance to notice
<oriansj>just displaying text, somehow is higher GPU utilization than watching a 1080p video
<lechner>it's probably the JavaScript on that page
<oriansj>I literally have -s content.javascript.enabled false
<oriansj>because I don't want JavaScript running
<lechner>maybe the open source driver ain't the best?
<lechner>or maybe the closed source driver ain't the best?
<oriansj>lechner: well it is a libreboot x200
<oriansj>so I don't need the best; but I do absolutely need as freedom and control over my computing as possible
<oriansj>^as^as much^
<jgart[m]>oriansj: Did you libreboot that yourself?
<oriansj>jgart[m]: nope, purchased from one of the FSF certified suppliers
<oriansj>then update the firmware with a custom build of libreboot after
<jgart[m]>cool, which one? Leah?
<oriansj>jgart[m]: Taurinus from Libiquity (max specs)
<oriansj>took about a month to show up
<omlet[m]>Hoe to install clear tool in guix?
<oriansj>omlet[m]: you mean clear screen (ctrl-l) right?
<sneek>oriansj: Greetings
<oriansj>sneek: botsnack!!
<akirakyle>Is daviid around? I'm trying to get set up with g-golf on guix with the latest 0.8 version which isn't currently packaged so I thought I'd bump the commit, but now building g-golf is failing with a linker error "undefined symbol: gi_type_tag_extract_ffi_return_value" and so here I am seeing if there's anyone who's already tried to do this?
<led-lightbulb>~jgartemat: Open issue )vKg( "[PATCH Draft] gnu: lilypond: Update to 2.24.0" from jgart
<daviid>akirakyle: i don't use guix, so very likely won't be able to help, everything works fine here (ofc, i wouldn't release otherwise, not even an alpha release), but is this the first and only undefined symbol error you get?
<daviid>akirakyle: just to make sure also, the version is 0.8.0-a.1 - you should keep it 'as is' i guix as well, so users know it is alpha ...
<jgart[m]>Does anyone know where mcron writes the logfile to?
<daviid>akirakyle: gi_type_tag_extract_ffi_return_value is part of libgirepository-1.0, since 1.72 - it would seem to me you are compiling against an earlier version, can you check, then if that is the cause, update libgirepository-1.0 to the latest
<akirakyle>daviid: I'm trying to update the package not because I'm a package maintainer or anything, I was just hoping to play around with it and I'm using guix
<akirakyle>I'll check what version of libgirepository I'm using...
<daviid>akirakyle: i don't think guix has 'package maintainers', if you update the g-golf package and submit a patch for revision, the all guix team and users would be happy - it is who ever has free time to do it ...
<daviid>and afaict, take my words with caution as i am not a gix user, but it inded should just be bumping the commit and the version, everything else in the package def should remain the same since its last update -
<akirakyle>daviid: Yeah I know, I just meant more that I'm not really involved in helping to maintain anything in guix, still just trying to learn the whole system
<akirakyle>It looks like you're probably right, guix currently only packages gobject-introspection 1.66.1
<daviid>akirakyle: ok, you need 1.72 - and thanks because i now see i need to update my file as well ...
<akirakyle>I suppose I'll try updating that, hopefully nothing else breakes
<akirakyle>Yeah configure should probably complain first
<daviid>akirakyle: indeed, my bad, good catch! see, you helped already ...
<akirakyle>Also while you're here, what's the difference between g-golf and guile-gi? It seems like guile-gi isn't very active the past year. Also it looks like g-golf uses more guile versus c than guile-gi, but is there some reason to choose one over the other?
<daviid>akirakyle: it is a difficult question to answer as being the author of g-golf - but it's no secret that there are fundamental diffs in the architecture and guile-gi is mostly written in C, g-golf is nearly 100% scheme code - this said, they both try to achieve the same goal, which is to allow users to just import and use any GI typelib from guile scheme
<akirakyle>daviid: I suppose I was hoping for a more biased answer :) What do you think are advantages of g-golf over guile-gi? I think being mostly in guile is one, but I haven't studied either code nearly enough to know what potential downsides there might be if any?
<akirakyle>dang... guix's patches are failing to apply when updating gobject-introspection so trying to get g-golf going on guix will be a bit more work
<daviid>akirakyle: sorry to hear that, but updating gobject-introspection should be very straight forward i would say
<lechner>jgart[m] / on my equipment, /var/log/mcron.log
<akirakyle>do'h I didn't take the 5 seconds to see that gobject-introspection-next is already in guix so I didn't have to do a package override
<akirakyle>daviid: now make is failing with an "Unbound variable: <callable>" error
<akirakyle>daviid: Where's a good place to share this failing build output if it's helpful to you?
<akirakyle>daviid: Looks like it's failing on the makefile rule for g-golf/hl-api/ccc.go
<daviid>akirakyle: that is 'strange', but yes, the class is defined in ccc.scm
<daviid>akirakyle: you can paste, a tor-friendly paste, but i am not sure i'll be able to help, because guix has 'its way' of doing things that i am nor familiar with
<akirakyle>Forgot about the debian pastebin
<daviid>akirakyle: i think the last update was done by rekado, who has a tremendous guix knowledge and experience, i hope he comes to the rescue, meanwhile the backtrace is useless, because it truncates its output - but can you try to clean and try again
<daviid>also, do you have an already installed g-golf earlier version, i'd remove it and then clean/autogen/configure/make
<akirakyle>daviid: there is no cleaning of builds in guix since they're done in pure, completely isolated build environments. Building again will reproduce the exact same output. I only pasted the last part of the build output, here's the whole thing which I don't think contains anything more illuminating:
<akirakyle>I'm noticing that in the guix g-golf build recipe, there's manual patching of several files using substitute* so I should probably check those to make sure there isn't stuff that needs to be changed
<akirakyle>daviid: I'm out of ideas, and g-golf/init.scm look like they're the only two relevant files that guix manually patches and I don't see any way they might be causing this error
<daviid>akirakyle: tx for the paste but i meant to say the guile scheme backtrace are truncated (by default) - but it is difficult as i can't reproduce, i am thinking ..
<akirakyle>daviid: Ah right, how can I get the full backtrace? On that note, I'm trying to build in a guix shell but it won't because it can't find, presumably due to guile's dynamic-link not working which is why guix patches is when packaging. I thought I read somewhere that there was some LD_LIBRARY_PATH to set in a guix shell to get
<akirakyle>this to compile
<akirakyle>Nevermind on the last part, I figured it out. Needed export LD_LIBRARY_PATH=$GUIX_ENVIRONMENT/lib/
<daviid>akirakyle: (g-golf hl-api ccc) is not that new, and the error is not LD_LIBRARY_PATH related, those are pure scheme modules - i'll wait to see if rekado can help, i can't think of why it fails for you, but i'll keep thinking ...
<daviid>akirakyle: i am confused now, is it compiling? and wanted to ask, when you build, it is always 'clean and isolated'?
<akirakyle>The error I've pasted is from the "clean and isolated" build environment when asking guix to build the guile-g-golf package (which is defined here: for git tag v0.8.0-a.1
<akirakyle>I've also separately been trying to build g-golf from a git checkout by using a guix shell to provide the required dependencies, and that's what I was posting about LD_LIBRARY_PATH, since with the git checkout, none of the patches are applied so I either have to manually edit g-golf/init.scm to provide paths into the guix store or change the
<akirakyle>environment var so the linker knows where stuff is
<akirakyle>I'm remembering this issue that guile-gi ran into with guix and I'm thinking this may be related
<akirakyle>Specifically, to change the gobject-introspection version, I changed guile-g-golf's propagated-inputs to gobject-introspection-next, however this doesn't change the gobject-introspection version used by the glib, gtk, or clutter dependencies
<daviid>akirakyle: what i remember is you need to set or unset graft - and another thing is there are other g-golf guix users, one reported a problem that i fixed, in july 2022 - the scheme files involved in the error you are seeing today didn't change since, at least the 'architecture' of g-golf wrt those, so it should compile fine ...
<daviid>here is the ML thread i was refering to, about the other g-golf guix user - - fwiw
<akirakyle>daviid: Hmmm yeah maybe, I think from that guile-gi issue I'm understanding that grafts aren't really compatible with the way libgirepository works. I'm worried that when I bump guile-g-golf from gobject-introspection (v1.66.1) to gobject-introspection-next (v1.73.1) that gobject-introspection is still in the "package closure" of guile-g-golf since
<akirakyle>it's a transitive dependency via glib and gtk, so I'm not sure if that's then messing things up
<daviid>akirakyle: pretty sure this has no influence on the error we are looking at
<daviid>the error is a pure sheme / goops / module error
<akirakyle>daviid: I'm still trying to get to this error in a guix shell, but if I get there, is there a way I get a full traceback from guile?
<daviid>about the backtrace, you could try the guix similar comand to 'export COLUMNS=400' - though someone reported recently it didn't help, it should :)
<daviid>akirakyle: this bug, it happened here on debian as well, not the exact same. but similar, when g-golf is installed
<daviid>akirakyle: so, for the sake of prooving, can you installed the previous g-golf version, and try gain?
<akirakyle>daviid: So I actually just successfully compiled inside a guix shell!
<akirakyle>Look's like we may have a heisenbug
<daviid>hum - these are hard to debug
<akirakyle>I'm getting an error "Unbound variable: g-irepository-require" when trying to run the hello word example though
<akirakyle>daviid: was your message about the "<callable>" error you were able to produce on debian?
<daviid>akirakyle: that is the issue you were refering to, i think, and rekado said and wrote somewhere, i wish i took note, that you need to compile using --no-grafts or something like that
<daviid>akirakyle: ok, i have to go afk now, but you definitely need to talk to rekado about how to use g-golf - he fixed something so all examples could work, this is a guix 'known' problem
<akirakyle>daviid: I recompiled using --no-grafts but I'm still getting this "ERROR: In procedure %resolve-variable: Unbound variable: g-irepository-require"
<akirakyle>daviid: Alright, I'll try to talk to @rek
<akirakyle>rekardo sometime
<akirakyle>daviid: Thanks for all your help though! I'm excited to try to start hacking some gui stuff with g-golf in the future!
<daviid>i am not sure it is g-golf that needs to be compiled using --no-grafts, or just adding this to the example, i have no idea
<daviid>akirakyle: an interesting thing to share with guixers as well is that what you think is 'clean and isolated' isn't as 'clean and isolated' as you think - my 2c
<daviid>i definitely have a g-golf problem to look at and solve wrt this, but it is a guile/goops/module compilation problem 'only' [not a run time problem] that only appears iif compiling g-golf while an earlier version of g-golf is installed ...
<akirakyle>daviid: Sure, I think this quote may be relevant to what I'm interpreting you meaning with that: "As Simon Peyton Jones, a well-known functional programmer, likes to say, "All you can do without side effects is push a button and watch the box get hot for a while." (Which isn't technically true, since even the box getting hot is a side effect.)" —
<akirakyle>From Land of Lisp by Conrad Barski, M.D. and I came across here:
<akirakyle>But in the same way pure functions are a mathematical idealization of computation that makes reasoning about it easier, I think the same may be true of package management :)
<akirakyle>Well I'm glad I could at least help you uncover some bugs with g-golf
<daviid>ok, thanks gobject-introspection version 'catch', i'll push a fix asap -
<daviid>akirakyle: here, i can compile while g-golf is instlled, it raises the bug, then make uninstalled, then make, it resumes the compilation and completes the job ...
<daviid>ok, going afk, bbl
<jgart[m]>Is there a better way to write this?
<jgart[m]>lechner: I should have been clearer I meant home mcron logs
<jgart[m]>They are in ~/.local/var/log/mcron.log
<jgart[m]>Is anyone using guile-raw-strings with guix code?
<zacchae[m]>I mentioned recently in here that network manager nmtui does not support WPA2 enterprise, but actually networkmanager v1.42 will be the first to ship with support for WPA2 Enterprise!
<nckx>This is relevant to my lifestyle. Thanks!
<lilyp>jgart[m]: you could use the pipe function from guile's standard library
<gabber>i get a "guix pull: error: Git error: object not found - no match for id". i am trying to set up my personal channel (for testing/understanding purposes only; what am i missing? i'm invoking guix pull with --url and --allow-downgrades set
<gabber>what does that mean? what is git looking for? some specific commit?
<nckx>Could it be your chosen channel authentication commit? (--disable-authentication)
<gabber>this does indeed give me another error message :) i haven't set up authentication, authorization and the keyring branch (are they necessary?) from reading the manual this seems to be optional ("As a channel author, consider bundling authentication material...")
<nckx>But you said you were using --url.
<nckx>That's for the 'guix channer.
<nckx>You cannot pull without a guix channel. Are you not using a channels.scm?
<gabber>aha! i thought this was an option to try wether i set my channel up correctly
<nckx>Ah, no.
<gabber>i see
<nckx>--url could have been called --guix-url. It overrides the main guix channel, it doesn't add one.
<nckx>That's in the manual ('guix pull') but I can see how it's confusing.
<nckx>ACTION afk, but I think you can take it from here :-)
<gabber>nckx: i sure can, thanks for the clarification!
<mbakke>rekado: the signing key for grunewald is wrong
<mbakke>ACTION updates it in git
<mbakke>nckx, apteryx: anyone comfortable to reconfigure berlin? :-)
<mirai>Should ffmpeg be a tuneable package?
<mirai>given the cpu intensive work it should get sizeable performance gains
<mbakke>ACTION manually updated /etc/guix/acl meanwhile
<mbakke>rekado: kreuzberg is using the default substitute servers instead of
<mbakke>rekado: non-cuirass offloading to pankow and grunewald does not work
<leg7[m]>Hello world!
<leg7[m]>Can someone help me find the size of the grub substitue in guix?
<leg7[m]>I need it because I want to install guix and I'd like to know how big my esp has to be
<leg7[m]>I've looked at the webfrontend but it doesn't have size info nor download links
<pjalsDanielv[m]>the size of grub isn't the only size that matters
<pjalsDanielv[m]>i normally use 1G for my esp but 512M probably also works
<leg7[m]>It is because my kernel will be on a btrfs subvolume in /
<mbakke>ACTION uses 11 / 100 MiB on their ESP
<leg7[m]>I'm going to setup full disk encryption with only the esp unencypted
<leg7[m]>Isn't there a way to download this and see?
<mirai>is asan or ubsan (address sanitizer) available in guix?
<oriansj>leg7[m]: you don't even need your ESP unencrypted depending on the firmware your system has
<leg7[m]>It runs proprietary uefi so it needs to be plain
<leg7[m]>On my x200 I can encrypt everything because it's librebooted
<leg7[m]>Also what is the difference between grub and grub-efi?
<leg7[m]>Is "grub" compiled without uefi support
<oriansj>leg7[m]: grub is if you have a traditional bios (like seaboot or grub). grub-efi is the type needed for UEFI systems
<leg7[m]>Ok ty
<oriansj>and some UEFI systems allow for legacy boot
<leg7[m]>Would legacy be preferred?
<oriansj>leg7[m]: depends if you sign your own kernel
<leg7[m]>I've always used legacy so I'm not sure what's different in practice
<leg7[m]>You mean if I use secure-boot?
<oriansj>and have installed your own keys
<leg7[m]>Nah I don't do that. Would it matter if my kernel is encrypted anyways?
<oriansj>if you can't install your own keys, then there is no point or benefit to it
<oriansj>(to secure-boot)
<leg7[m]>oriansj: Yeah because you could only secure boot with windows probably
<leg7[m]>Or debian
<leg7[m]>I'll check
<oriansj>leg7[m]: well microsoft signed binaries and that isn't something we should *have* to trust
<leg7[m]>I've heard newer laptops also have keys for debian out of the box
<oriansj>leg7[m]: who do you think signs debian's UEFI stub?
<leg7[m]>It says I can install my own keys in the bios but I'm not sure how
<leg7[m]>oriansj: Oh yeah wow I didn't even think about that
<oriansj>consult the documentation which is provided by the people who made the computer.
<leg7[m]>I'm 100% sure it's possible
<oriansj>leg7[m]: sure and having provided it personally are two very different things
<oriansj>a good many sure things tend to be false; only that which are changing underfoot can become false for those who personally proved the nature of what they have.
<cumunculus>can guix be installed efistub-style?
<cumunculus>looks like efibootmgr is included
<Reventlov>Hello, it seems that timeouts a lot is there something wrong with the service ?
<GNUmer>Hey! Really glad to be here and I finally got my RX 480 to work with Guix just by blacklisting the amdgpu driver. GLXgears runs fine, so most 3D rendering should be fine too. My only problem now is resolution, since Xorg is forcing me to use the 1024x768 resolution, which is definitely not the true resolution of my display. How can I inject the `resolutions` declaration into `xorg-configuration`?
<leg7[m]><oriansj> "leg7: sure and having provided..." <- Ok so my computer has a tpm 2.0 which allows me to add keys from the os with efitools
<leg7[m]>Can I encrypt everything with this setup without drawbacks?
<pjalsDanielv[m]>if your using luks2 with something else than pbkdf2 you might need to patch grub
<lechner>leg7[m] / thanks for reminding us the we could add our own boot keys. i am not sure i ever met someone who does. also, i personally think 200-300 MB is a good size for the ESP. I prefer UEFI over legacy on most systems
<oriansj>lechner: the glory of freedom of choice indeed
<lechner>oriansj / does Guix publish kernel signing keys, and do you use them?
<GNUmer>So is there any way to force Xorg/Wayland to use 1080p or 1440p resolutions instead of the 1024x768 resolutions the driver is forcing at the moment?
<oriansj>lechner: well the Guix kernel out of the box isn't signed
<leg7[m]>oriansj: You said even the efi partition can be encrypted in some cases. Does that have anything to do with secure-boot/tpm
<oriansj>leg7[m]: no, that is another security feature UEFI offers but it isn't directly related to encrypted storage
<lechner>all our network cards are probably infected already anyway
<leg7[m]>So with my setup I would have to atleast leave efi unecrypted?
<oriansj>lechner: sounds like you would love a proper #bootstrappable system
<leg7[m]>I read about decrypting a luks volume with the tpm
<oriansj>leg7[m]: yes, TPMs tend to have crypto functions.
<oriansj>"secure-boot" is about checksums and hashing. Encrypted volumes are about symmetric key encryption.
<leg7[m]>Yes but I'm trying to understand in what scenario efi could be encrypted besides libreboot
<leg7[m]><oriansj> "leg7: you don't even need your..." <- .
<lechner>leg7[m] / why do you care so much about encryption?
<leg7[m]>lechner: It's a must for privacy
<leg7[m]>If I loose my laptop or it gets stolen I don't want to deal with identity theft and sensitive information leaks
<leg7[m]>Also if I want to sell my drive the data won't be recoverable
<leg7[m]>It also protects your device against a lot of attack vecrors
<lechner>if you care about security, you should probably not sell your used drive. i would wipe it and then get to work with a hammer
<oriansj>well the biggest advantage of encrypted /boot is it makes it a good deal harder to subvert the operating system (which otherwise can easily be done by editing the initramfs)
<leg7[m]>oriansj: Yes
<pjalsDanielv[m]>also note that guix doesn't support seperate /boot partition
<pjalsDanielv[m]>so unencrypted boot is impossible if you have encrypted root
<leg7[m]>lechner: No need to destroy perfectly good hardware
<oriansj>lechner: actually hammer attacks enable most of the data to be recovered if the data stored wasn't already on an encrypted partition.
<oriansj>So the best defense is just full drive encryption from the start
<lechner>i keep most of my personal data in my home folder, which is encrypted. i also encrypt my swap partition
<leg7[m]>pjalsDanielv[m]: Is that because of the way guix works? (config tied to grub packages)
<oriansj>lechner: I haven't found a good method for getting guix to generate a new swap encryption key on boot, have you?
<Kolev>I can't get KeePassXC to run.
<lechner>i do, but i am not sure it works with suspend
<lechner>most of my equipment runs 24/7
<oriansj>Kolev: I've seen that issue before
<lechner>but if you have LUKS you probably do not need to cryptsetup swap separately
<oriansj>let me try to find how I fixed it
<mbakke>rekado: kreuzberg appears to have file system problems (but can't access it as root and unable to check)
<oriansj>Kolev: do you have qtwayland installed too?
<Kolev>oriansj: I don't know. I just installed keepassxc. I did not install anything else.
<oriansj>lechner: there are very very good reasons to have your swap partition on a different drive than your primary operating system and for that key to frequently cdhange
<Kolev>It still bothers me that systemd systems can encrypt homes on suspend but Guix cannot.
<Kolev>oriansj: Should I install qtwayland? Why wasn't it pulled in as a dep?
<oriansj>Kolev: it shouldn't matter if your full / is encrypted.
<Kolev>oriansj: I heard that encrypted disks are opened when your laptop is on suspend.
<oriansj>Kolev: yes you should, it isn't a build dependency but a runtime dependency
<lechner>oriansj / what are those reasons, please? and how many drives do you folks have in your laptops?
<Kolev>I have only one disk.
<oriansj>Kolev: if you are worried about RAM freezing attacks, I suggest full shutdown to avoid leaking potential key data
<pjalsDanielv[m]>i have 1 disk which is 120g on my thinkpad t400
<pjalsDanielv[m]>though thats probably gonna be changed soon
<oriansj>lechner: swap is easier to do a pre-image attack against
<lechner>you need more space for Guix I think
<Kolev>oriansj: Right, but apparently systemd systems don't need to do a full shutdown to protect the home, thanks to homed.
<oriansj>thus if they share the same encryption key, it become the weak point to decrypting your whole drive
<oriansj>I have an SD card I use for my swap on my x200
<lechner>oriansj / i might use that for my journal instead
<Kolev>oriansj: SD for swap sounds like a great idea!
<pjalsDanielv[m]>poor sd card
<oriansj>pjalsDanielv[m]: let it die, easier to replace than the internal SSD
<lechner>how often does your swap get utilized?
<oriansj>heavily and daily if I am doing builds of things
<oriansj>I only have 8GB of RAM in my x200
<pjalsDanielv[m]>currently never since grub doesn't like encrypted drives so it doesn't boot :D
<oriansj>and rustc requires 24GB of RAM+Swap to be built
<oriansj>pjalsDanielv[m]: grub likes encrypted drives just fine
<pjalsDanielv[m]>including luks2 without pbkdf2?
<oriansj>pjalsDanielv[m]: well no, that is why the default procedure uses luks1
<lechner>well, i use gocryptfs for my home. i back it up into a data center via borg
<mbakke>oriansj: I think the requirements for rust was drastically reduced recently with exclusion of debug symbols FYI
<oriansj>mbakke: well I still have 64GB of swap, just in case
<lechner>mbakke / how about executable size? did they do something about the profiler, as well?
<oriansj>I just wish I knew how to have guix generate a new swap encryption key for the swap on boot, rather than having to routinely replace it manually
<mbakke>lechner: no idea
<Kolev>oriansj: Installing qtwayland did not help.
<oriansj>Kolev: now do: export QT_QPA_PLATFORM="xcb"
<lechner>oriansj / maybe my swap is not encrypted. i only switched to Guix in April, and it was a lot of work
<Kolev>Uh-oh. How do I make that permanent?
<Kolev>oriansj: It works! Thank you!
<oriansj>Kolev: sorry that I don't know the guixy way to make it permanet but I am glad I could help you get it working.
<lechner>Kolev / congratulations on getting rde working! saw it on masto
<lechner>sneek / later ask nckx: is there a safe command sequence in Guix to change the ESP mount point from /boot to /efi. i feel adventurous
<sneek>Got it.
<oriansj>lechner: well base level guix is easy to install, tweaking to the point where you are happy however is a very different story
<oriansj>Kolev: although you may wish to file a bug report as it means the guix package definition for keepassxc needs tweaking as the wayland backend is missing and we are working around it by explicitly enabling the X11 backend
<silicius>I made a working nyxt-prerelease (version 3-prerelease-2) package. Should I send a patch? idk what's the general stance on prerelease/alpha versions in guix.
<silicius>It has some problems like a broken emacs-mode but is usable and has some new features like native support for gopher protocol
<mirai>for some reason this will cause a kernel panic after a guix system reconfigure
<mirai>any idea why?
<mirai>the command can be run as regular or superuser without causing any panics
<lechner>mirai / is it file-append or string-append?
<mirai>lechner: both forms exist
<mirai>string-append is used if you want to create the string at runtime
<lechner>yeah, i think that name always confused me. are you sure your kernel panic is related to this service?
<mirai>I stepped "line by line"
<mirai>this snippet will hang the kernel
<char[m]>Hello guix. Is there a way to disable polkit? I have (delete polkit-service-type), but polkitd still runs after reconfigure and reboot.
<mirai>even if it happened to be malformed scheme code fed to Shepherd I'm not aware that a shepherd failure will trigger a kernel panic
<lilyp>polkit is pulled in by desktops such as gnome
<mirai>worst I've seen happen with shepherd is it just hangs
<lilyp>you'd have to go with one of them minimalist setups
<lechner>mirai / i have the same doubts
<lechner>mirai / it could be called much to early but it also makes no sense to me. is there any context to the panic?
<silicius>char[m]: If you're using %desktop-service then I think you could use the modify-services macro to delete polkit from it
<mirai>lechner: whats the paste debian equivalent for images
<char[m]>If there is not an easy way to remove it, is there a way to give modifying wifi permission to everyone? I have that already silicius.
<char[m]>silicius: I think that doesn't work because whatever desktop environment depends on it.
<lechner>mirai / i'm not sure there is one maybe or
<pjalsDanielv[m]>you could use something like 0x0 for that
<pjalsDanielv[m]>some instances i know are,, and
<rekado>mbakke: I’m on kreuzberg now
<rekado>let me check
<rekado>what file system errors did you see?
<rekado>kreuzberg is the only one with the original disk
<rekado>grunewald and pankow both have had their disk replaced
<rekado>I’ll deploy to grunewald and pankow to update them
<rekado>(had to install a more dated configuration or else I would have had to wait even longer)
<mbakke>rekado: there is a file in /gnu/store/trash that cannot be deleted, try e.g. guix gc -F 1
<rekado>oh, yes. Some I/O errors.
<rekado>if I can get more info from smartctl maybe I can return this disk too
<lechner>mirai / your snippet is getting the Shepherd 'killed' but I could not tell you why. probably a signal
<lechner>mirai / "attempted to kill init"
<mirai>lechner: did you try it as well or is it based on info from the image?
<lechner>mirai / just the image. i might try to pass -x as well
<lechner>it may not do what you want, but could avoid the panic
<rekado>mbakke: managed to delete the files on the second attempt
<mbakke>rekado: oh, great
<lechner>mirai / also, being unfamiliar with the Shepherd it seems to me that the (requirement '(networking)) should ordinarily require that the system is online
<mirai>lechner: should
<mirai>see bug #60030
<led-lightbulb>~mirai: Closed issue )vFg( "Small error in date command" from Malin Freeborn
<mirai>bug #60300
<led-lightbulb>~mirai: Open issue )=Kg( "Premature networking started status with NetworkManager" from mirai
<oriansj>char[m]: I have a basic template and setup procedure for guix if that would help you (which results in a system without polkit or the like being installed)
<rekado>I’m confused… didn’t we have a deploy file for pankow/kreuzberg/grunewald?
<mirai>if you look at nm-online and the wait-online.service pages you'd see that NetworkManager does a few tricks before it signals that it has reached networking target (under systemd)
<mirai>but Guix right now does none of that so the (provides networking) from NetworkManager actually does not work
<rekado>oh… deploy-honeycomb.scm
<char[m]>oriansj: Awesome! want to share a link to it?
<mirai>lechner: very strange
<mirai>the line Connecting.... 30s means that the command really is started
<mirai>lechner: something's up with exec-command
<mirai>for some reason using it will just kernel panic
<mirai>but a (lamda _ (invoke ....)) is fine?
<lechner>mirai / does connman have the same sequencing issue )=Kg( ?
<led-lightbulb>~lechner: Open issue )=Kg( "Premature networking started status with NetworkManager" from mirai
<mirai>lechner: I don't know if connman suffers from the same kind of issue
<mirai>would have to dig into its documentation to see how it expects to be started up
<lechner>mirai / as for exec-command, does it also spawn? otherwise, being connected will result in the Shepherd terminating, because it was overwritten by the 'exec' syscall
<lechner>mirai / sorry, 'fork' is the correct terminoloty
<gabber>any idea why i can clone repo1 from my git-daemon-service but not repo2? i'm like 60% sure i initialized them the same way (`git init --bare`), the permissions look identical, the directory structure (and the contents) seem to be the same, there's an empty file called `git-daemon-export-ok` in both directories. i even restarted the service (for good luck)
<mirai>lechner: ugh, nvm, using a lambda_ invoke just makes it not crash at reconfigure
<mirai>but still craps out shepherd
<mirai>nvm I didn't wrap it in a lambda, I just called invoke directly
<mirai>yeah, that was the problem
<mirai>even though exec-command should have worked?
<mirai>afaik, it doesn't seem to fork
<lechner>so what works, please?
<mirai>it just launches nm-online and waits
<lechner>are any of these functions like invoke or exec-command described in the Guile manual?
<mirai>lechner: this works
<lechner>not sure what happened there but forking would be essential to the Shepherd surviving the call to exec-command
<mirai>invoke is from guix build utils
<lechner>i think you would have wanted fork+exec-command because exec-command did not fork. nm-online overwrote the Shepherd process in memory and took down 'init' (from the kernel's perspective) when it exited because the system went online
<gnucode>howdy guix!
<gnucode>lechner: what are you working on today? A virtual machine that released cached objects at precisely the right time?
<lechner>Hi, not sure i got the reference, but i am packaging up my new bot here and hope to donate it to the maintainer's collective
<gnucode>lechner: the reference was a joke. It is mathematically impossible to garbage collect at precisely the right time. I was saynig that you reaching god-level programming skills. :)
<gnucode>a new bot you say?
<gnucode>Will this be the taking over the world type bot? Or a help humanity live a utopian future?
<lechner>gnucode / this bot #58631
<led-lightbulb>~lechner: Closed issue )bhg( "[Shepherd] Indefinite heap growth (memory leak)" from Ludovic Courtès
<lechner>also, all my aspirations are focused on Guix, not on myself. i really think this OS is going to soar
<gnucode>lechner: guix is definitely moving in an awesome direction!
<lechner>we should all be very proud of it!
<gnucode>lechner: I do have some good news...
<lechner>please tell
<gnucode>my opensmtpd-service-type with proper guix records is currently sitting in guixrus
<gnucode>documentation is here:
<gnucode>and here's the blog post:
<lechner>gnucode / i love it! since my switch to Guix I have been depending exclusively on OpenSMTPD. what is guixrux, please? am i contributing to the wrong project?
<lechner>gnucode / you use Dovecot but deliver mails into each user's ~/Maildir?
<lechner>gnucode / by the way, there is also
<gnucode>lechner guixrus, is a bunch of guix developers using source hut that play around with WIP patches. Then they get those patches merged into guix.
<gnucode>unmatched-paren: is one such guixrus developer. :)
<gnucode>and thanks for the compliment. I've been working on it (off and on) for an embarrassing long amonut of time.
<gnucode>lechner: do you you deliver mails? I had assumed there was a better way of delivering mails, but I do not know what else I should do.
<mirai>lechner: thanks, fork+exec was the trick
<char[m]>I think I can configure polkit with polkit-configuration, but it is not exported 🤒
<mirai>gnucode: interesting
<mirai>I was just looking into a pesky issue I have with opensmtpd here
<mirai>are you using opensmtpd with non-loopback interfaces?
<mirai>for reasons I cannot fathom, smtpd refuses to start automatically even after waiting for network interfaces to finish starting up
<mirai>but a manual herd start smtpd does the job
<lechner>mirai / i had that same problem on one of my cloud instances
<mirai>did you figure out who's this mystery dependency it has?
<mirai>it's not a "full networking" for sure
<lechner>gnucode / i am not sure about how to deliver mails into Dovecot, but i'll soon find out. My ISP gave me a static IP and opened up port 25. In a few weeks I'll be gone from Kaboogle. I cannot wait
<mirai>it needs that but also something else
<lechner>mirai / how do you know being online was not enough?
<mirai>opensmtpd-service-type has been augmented with shepherd-requirement field
<mirai>opensmtpd-configuration I mean
<mirai>even inserting the networking-wait-online from that snippet is not enough
<lechner>mirai / is this for a cloud instance?
<mirai>it's a headless machine I have here
<lechner>i am not sure I was even using network-manager. i might drop it unless you need some fancy wifi features
<gnucode>lechner We should figure out how to get bogofilter or spammassain working. I rarely use my email and I already have 30+ spam emails.
<gnucode>mirai: please bear in mind my code for guixrus is very WIP. :) but I welcome contributions.
<lechner>gnucode / i was looking at Rspamd but i'll take any of them
<gnucode>lechner I suspect bogofilter will be easiest to use. and use the least amount of RAM. I think rspamd recommends 1GB of memory.
<gnucode>ok somehow I broke my haunt configuration. Does anyone understand this guile backtrace?
<gnucode>I feel like that is would be an interesting project: to improve guile's backtraces.
<vagrantc>huh. this can't be right. fludsynth library is size 0 on aarch64-linux:
<vagrantc>with a fairly large list of dependents ... ~807
<gnucode>ah, I think I found the issue.
<lechner>gnucode / what was it?
<nckx>vagrantc: Did you try the good old ‘guix gc --verify=contents,repair’?
<sneek>nckx, you have 1 message!
<sneek>nckx, lechner says: is there a safe command sequence in Guix to change the ESP mount point from /boot to /efi. i feel adventurous
<vagrantc>nckx: i tried guix gc --verify ... but not the fancypants version
<nckx>lechner: I don't see the advantage, but since the ESP isn't used at run time, you should be able to simply edit your system.scm in both places and reconfigure.
<lechner>nckx / i don't have to mount it in both places for the install?
<nckx>I like /efi because /boot/efi demonstrably confuses people, but there's no real practical difference.
<nckx>lechner: You have to ‘move’ it. You can't mount something in two places.
<nckx>umount && mount.
<lechner>nckx / mount knows bind
<nckx>That's not the same thing.
<lechner>should i "move" it before the reconfigure?
<nckx>What you want to do should be trivial, but don't get clever with bind mounts just to tempt fate.
<nckx>It's not used at run time, so there's no point.
<lechner>like you, i like the new /efi location. /boot/efi never made sense to me because EFI is in some ways the higher-level folder
<nckx>( mean, at ‘run time’ it's used when you reinstall GRUB, but GRUB doesn't care about /boot/efi at that point.)
<vagrantc>nckx: fancypants is doing thigns
<nckx>vagrantc: It's 529928 bytes here by the way.
<lechner>nckx / it was precisely that "run-time" use I was concerned about
<nckx>Don't be.
<vagrantc>now that i think about it ... i did have a power loss possibly in the middle of guix operations ...
<lechner>i care about my grub-install
<oriansj>char[m]: here you go: the procedure: and the guix configuration for study:
<vagrantc>so ... guix gc --verify=contents,repair ... seemed to fix a lot of things ... but not for long
<vagrantc>re-running it is fixing the same things
<nckx>phodina[m]1: (kernel-loadable-modules (list `(,(package-for-linux kernel corefreq) "linux-module"))) works for me [the package-for-linux is optional if you're using linux-libre, of course].
<char[m]>oriansj: Thanks
<nckx>vagrantc: I think grafts still confuse it… :-/
<nckx>vagrantc: Surely you don't mean that the file has bytes but then goes back to 0 after a while? That's 2 spooky 4 me.
<lechner>nckx / By the way if we could get rack space from the FSF, I would be happy to look into operating a mirror at Hurricane Electric
<vagrantc>nckx: haven't checked, but running guix gc --verify=contents,repair keeps doing the same fixes ... i haven't checked if they stick
<nckx>I think that might be the grafts bug. It's never affected me personally, but I've heard it reported.
<nckx>Or maybe it's deduplication.
<vagrantc>guix i just guix gc'ed and it cleared out a bunch of things, and now it re-downloaded fluidsynth, but still size 0
<nckx>From which server?
<nckx>Can you report the hash with ‘guix build --no-grafts’?
<vagrantc>it rebuilds the world
<nckx>OK, add ‘-d’ and it should only output the .drv.
<nckx>Strange, because /gnu/store/d2dyyznkr0zciqz7j6lyz9waajp67jdd-fluidsynth-2.2.4 does not exist on ci.guix. So it must be the result of a local graft already…
<nckx>Thanks. → /gnu/store/33jlpcvjc3lxv680v16068yrbmn61bg1-fluidsynth-2.2.4/lib/ on ci.guix is 529928 bytes. So you're not getting a misbuilt substitute.
<vagrantc__> does not seem to have many aarch64 substitutes
<nckx>There's a huge backlog, but the nodes are building ( First one & 2 last ones.
<nckx>Or are they.
<vagrantc>they seem to always have a huge backlog
<nckx>‘Duration 23020 seconds’
<nckx>vagrantc: Not this bad, no. They were down for a long time.
<vagrantc>i wonder if i'm pulling substitutes from bordeaux
<nckx>Well, that's why I asked. I'll check it too!
<nckx>Bogosity alert:
<vagrantc>so it is aggressively using leap seconds. no big deal.
<vagrantc>what are a few hundred thousand seconds between respectible builds?
<nckx>Neither of those fluidsynths are on bordeaux.
<vagrantc>how do i download a .nar directly?
<vagrantc>guix weather fluidsynth says both ci and bordeaux match ... with a different fluidsynth
<vagrantc>or well ... ugh. i can't keep all these hashes clear
<oriansj>vagrantc: guix challenge should be able to keep all of those hashes clear
<nckx>rekado: Are you in the middle of something with the Honeycombs? The two listed at look very stuck, don't accept hydra's public key. pankow does (and has a load average in the twenties), but isn't on that list.
<vagrantc>oriansj: rather, they are all clear, local, ci bordeaux all have the same hash. but i don't know what /gnu/store/HASH-... and the nar hash and the derivation hash ... those are getting confused in my wetware
<nckx>vagrantc: (where 33jl… is the store hash of the output, not the .drv).
<vagrantc>ok, with guix build --no-grafts i seem to get a working fluidsynth
<nckx>Can you GC the broken one?
<vagrantc>yeah, but it comes back if i don't run with --no-grafts
<char[m]>Am I supposed to not be able to do guix system reconfigure from ./pre-inst-env?
<vagrantc>i've certainly done it more than a few times
<char[m]>my config file works with non pre-inst-env, and I just built guix from master branch.
<mirai>lechner: I found out what's up with smtpd
<mirai>it really is just about networking
<lechner>please tell me more
<mirai>using fork+exec for nm-online wasn't correct
<mirai>as nm-online is supposed to wait until the network is ready
<mirai>but with fork+exec it doesn't really block anything
<mirai>its just waiting in the background but the service will be flagged as "started" which isn't what we want
<lechner>i see
<lechner>sheherd needs to wait, too
<mirai>using (system* command) does the trick
<lechner>that's all three in a neat package
<nckx>lechner: Whence the name ‘lightbulb’?
<lechner>nckx / it seeks to shine light on the matter being discussed, but again i'm totally open to suggestions. maybe it's a bit childish
<lechner>by the way, you said something a few days ago about not being happy with sneek. what's wrong with it?
<nckx>No suggestion or objection, I was just curious.
<lechner>i know it's hard to believe but i am only trying to be helpful
<char[m]>ice-9/boot-9.scm:3330:6: In procedure resolve-interface:
<char[m]>no code for module (guix ui)
<nckx><Not happy> Did I say that with those words? Possible, but I don't remember that.
<nckx>sneek is: a C++ bot with some personality written as a Guile extension, maintained for #guile, by someone who isn't active here. It's not the Guix-optimised, Guix-maintained #guix channel bot that many people think it is. That's all.
<nckx>char[m]: How does this happen?
<char[m]>nckx: ./pre-inst-env sudo guix system reconfigure /etc/config.scm . The config file works without pre-inst-env.
<nckx>Are you in a ‘guix shell guix’ ?
<nckx>‘pre-inst-env’ is required but doesn't completely replace it.
<nckx>*guix shell -D guix
<char[m]>Yeah. I'm in the guix shell -D guix
<nckx>And you ran ./bootstrap && configure ARGS && make ? (Even if you did, I'd suggest another run after a ‘make clean-go’.)
<char[m]>I'll try again
<nckx>Yes, that should suffice.
<nckx>Actually: can you git clone guix again, then run all your bootstrap & build commands, up to and including the reconfigure output? Then I can check exactly what you're running, maybe even reproduce it.
<char[m]>I did git reset hard master and git clean -xf
<nckx>That won't delete all generated files.
<char[m]>I mean reset to foreign master.
<nckx>I'm not sure what that is, but git reset in general does not guarantee that all generated files are deleted.
<char[m]>bit doesn't git clean -xf remove generated files?
<char[m]>"This can be used ... to create a pristine working directory to test a clean build." - git clean --help
<nckx>I missed the ‘clean’ after the ‘reset’, sorry.
<nckx>I don't know about the former, I never use it.
<nckx>If you trust it, go ahead.
<char[m]>It definitely deleted my make files and the build seems to be doing everything.
<nckx>You could add --pure to the guix shell as well, to rule out external environment variables.
<nckx>ACTION goes out to get some logs.
<leg7[m]><oriansj> "I just wish I knew how to have..." <- I think crypsetup luksFlush does the trick
<GNUmer>Despite declaring the resolutions with the xorg-configuration statement, GNOME still declines to awknowledge my resolutions. It still sticks to 1024x768. How can I tell the Radeon driver (or GNOME) to use 1080p as the display resolution?
<leg7[m]>leg7[m]: Nvm it's luksSuspend
<PotentialUser-99>Does anyone know who to config nonguix with another locale?
<PotentialUser-99>here's what I have, but it's not working
<lechner>wrong channel
<lechner>no worries
<PotentialUser-99>where should I go though
<oriansj>leg7[m]: luksFlush does not show up in the source code, did you mean a different command?
<lechner>Hi, should #58337 and #58365 be merged?
<led-lightbulb>~lechner: Open issue )hcg( "guile-build-system does not recognise and pass on #:tests?" from Maxime Devos
<led-lightbulb>~lechner: Open issue )Kcg( "[PATCH 0/6] Support #:tests? in guile-build-system" from Maxime Devos
<leg7[m]>oriansj: Yeah luksSuspend, read the last part of the guide I linked
<leg7[m]>Or maybe that's not what you want
<leg7[m]>I just read about what you said earlier wait
<mirai>lechner: what's the 3 letters after Open issue )___ ?
<lechner>mirai /
<PotentialUser-99>Actually I think the issue  belongs here, becuz GNOME's browser is also not working with other languages
<lechner>PotentialUser-99 / which locale do you desire, please?
<PotentialUser-99>Here's my config
<PotentialUser-99>(locale "en_US.utf8")
<PotentialUser-99>  (cons (locale-definition
<PotentialUser-99>    (name "zh_CN.utf8") (source "zh_CN"))
<PotentialUser-99>    %default-locale-definitions))
<lechner>PotentialUser-99 / now you have to wait ten minutes. you were muted automatically. please use a pastebin service
<nckx>PotentialUser-99: That was a bot to prevent flooding. Please use a paste site like
<nckx>lechner: No, they are already unquieted.
<nckx>lechner: Seconds, not minutes.
<lechner>i can never get anything right
<nckx>Scatterbrains of the world, unite.
<nckx>Uh, some time.
<nckx>PotentialUser-99: To be clear: you can talk, but your paste was cut short after 5 lines.
<the_tubular>lechner I know that feels
<PotentialUser-99>Ok here's the code
<oriansj>leg7[m]: yes, I know how to manually change the encryption keys; the question is how to get guix to do that on boot for me
<PotentialUser-99>It's only 5 lines so I didn't expect I should paste it in a bin
<lechner>your bell is turned off
<leg7[m]>oriansj: Can't you do it before shutdown?
<PotentialUser-99>So the problem it's that I don't see chinese characters, what should I do to fix it, plz?
<leg7[m]>Do you have chinese fonts?
<lechner>in your system config?
<PotentialUser-99>font-google-noto and font-adobe-source-han-sans
<leg7[m]>You need noto-cjk
<PotentialUser-99>source-han should work right?
<oriansj>leg7[m]: the idea is on boot a randomly generated password is used to encrypt swap until shutdown
<mroh>hacking on check-system tests on a spinning disk is no fun.
<oriansj>as the contents of swap don't need to be preserved post shutdown
<oriansj>but the password should never be prompted from the user
<lechner>oriansj / do you plan to use the suspend feature?|
<oriansj>lechner: nope
<leg7[m]>Doesn't point n1 of the arch wiki link address this
<PotentialUser-99>Okay it's working, thank you leg7[m]
<oriansj>as any material that needs to be safe from those with physical access to my machine, is encrypted with an entirely separate key then the luks volume itself
<leg7[m]>PotentialUser-99: Np
<oriansj>and closed when not actively in use
<leg7[m]>oriansj: read the first point of
<char[m]>nckx: same things happens. sudo doesn't work in --pure
<lechner>oriansj / please follow section 1 here
<oriansj>leg7[m]: guix does not have /etc/crypttab
<leg7[m]>I still have to install guix I apologize
<nckx>char[m]: Use $(which sudo) for that.
<nckx>But hm.
<oriansj>I know how to do this on gentoo, arch, debian, void, slack and centos; I just don't know how to do it in a guix configuration yet
<lechner>oriansj /
<lechner>nvm, that's not random
<char[m]>which: no sudo in ...
<leg7[m]>Why doesn't guix have the /etc/crypttab?
<char[m]>If I add sudo to guix shell: sudo must be owned by uid 0 and have the setuid bit set
<nckx>Yeah, that's normal.
<oriansj>leg7[m]: because guix doesn't include systemd out of the box
<nckx>char[m]: Wait, are you trying to run which inside the shell? That won't work either. I meant ‘guix shell --pure -D guix -- $(which sudo) …’.
<nckx>Let's take a step back. In this same guix shell, can you (no sudo!) run ‘guix system build …’ instead of reconfigure?
<nckx>If so, the problem is with [your usage of] sudo.
<nckx>If not… hell, I have no idea ☹
<oriansj>or only run reconfigure as root
<nckx>That's what they are doing.
<oriansj>and they did the following: guix pull; GUIX_PROFILE="/root/.config/guix/current" ; . "$GUIX_PROFILE/etc/profile" ; guix system reconfigure /etc/configuration.scm
<nckx>No, just run ‘/run/setuid-programs/sudo ./pre-inst-env guix system reconfigure’ in the shell.
<Gooberpatrol66>afaict, it's impossible to debug a kernel panic with guix because there's no kexec or netdump service
<nckx>ACTION presses doubt.
<nckx>netdump is interesting! I'd never heard of it before, but that's probably because it looks Fedora-specific & unmaintained.
<nckx>I find it hard to imagine someone capable of debugging a kernel panic simultaneously unable to set up kexec, though. A readymade crashkernel service would make it more convenient, but is certainly not required.
<nckx>ACTION → 😴💤
<gabber>(how) can i make cuirass build all things (system configurations, home profiles, manifests)?
<gabber>better question: where can i find an example for the (custom list) build specification for cuirass?
<vagrantc>huh. i swear i've basically done ... guix pull --url=/home/someotherusernotme/src/guix --branch=master before ... but it's erroring out complaining of "guix pull: error: Git error config value '' was not found
<vagrantc>done this before ... without the error
<gabber>maybe an upstream in git?
<vagrantc>could be ... although i didn't think it used git directly (e.g. guile-git)
<gnucode>howdy guix!