<lrabbt>hey, yesterday I asked for help with `rbw` packaging, since 1.4.1 wasn't working, I built it, but the version itself is not working (arjan tried to warn me, but I was a little overwelmed by the whole build process and didn't get the memo)
<lechner>NewUser-Basic-Qu / I am not sure I totally follow
<NewUser-Basic-Qu>i have a user that comes with a service. service does not work as it should(throws pam-erros and others). When i switch to user via "su - <username>" and isse "env" i see that sone env variables are missing. this is only with the account that came with service. The user i defined manually in system-configuration shows the global envs i set via
<NewUser-Basic-Qu>sway...greetd was not setuid root... at least i have not set anything sounding like this in config.scm
<lechner>I have not examined it on my own equipment, but i am also not trying to run it by hand. Greetd may not be able to access /etc/shadow. Linux-PAM is a shared library. It can never elevate the calling process or grant greater Linux permissions
<TristanCottam[m]>Hi everyone! I'm planning to run a home server on Guix System, and would like to separate services from the underlying structure (e.g.`file-systems`, `bootloader`, etc.) in my config. Is there an "obvious" way of doing this?
<evilsetg[m]>hmm booting on an lvm root seems to have worked without loading the module. Strange, last time I had to add 'insmod lvm' to be able to boot.
<gabber>is `apt purge guix` not supposed to delete /gnu/store? i am getting a "A previous Guix installation was found. Refusing to overwrite." when trying a binary install -- the debian package is sadly unable to `guix pull`
<civodul>gabber: soudns like a question for fellow Debian packagers :-)
<gabber>civodul: i'm just wondering whether we should treat this as a bug -- since `sudo apt install guix` is mentioned in the manual (section 2.1) and does not work(?) (currently?). i had the issue reported as #62055
<abrenon>after building a package with the haskell-build-system, guix build prints two lines (same package name, but one is suffixed with -static)
<abrenon>I thought these were different outputs, but displaying the package's information with guix search I see only one output
<gabber>but maybe `sudo apt install guix` only doesn't work for small-ish systems like the one i had it tested on
<abrenon>so I'm wondering what they are, and whether one in particular can be selected for the build (I often see bash snippets with the output of guix build expanded to access the directory containing the build products, and I wonder how that would break with my two-lines-of-output package)
<arjan>anyone else here using pounce as IRC bouncer on Guix System? I made a personal service definition that I could try to make more configurable for upstreaming
<jpoiret>abrenon: well, guix build definitely needs support for output selection
<civodul>arjan: i don't use it (yet), but a system service would be sweet!
<civodul>i think maintenance.git now has a system service for znc
<rekado>civodul: we’re no longer using znc for logging
<rekado>the service we have is for goggles-bot, which provides znc-style logs
<rekado>I guess there could be a simple guix home service for znc, though
<arjan>I noticed there are no existing services extending the certbot-service-type, is that policy or coincidence?
<gabber>is the go-to way for a fine-grained (e.g. per network interface) configuration of the network-manager-service by providing files under /etc/NetworkManager ? would you consider it an improvement to have an extra field in <network-manager-configuration> where one could provide file-like objects for further configuration?
<arjan>I could at least make it optional in the configuration, but that might still create a dependency on the certbot service
<mirai>for instance, the email contact field should be in certificate-configuration; it's not obvious how to use certbot with other providers, iirc it only supports letsencrypt and you have to "know" which path the certificate is saved to
<mirai>this should be revamped to something more flexible
<mirai>do note that these files can contain secrets
<gabber>aarghh, so i can skip trying to fix my current setup (which made me wonder why it didn't work)
<mirai>that's why NM is fussy with their permissions
<gabber>i get that. this is more or less ok since we have to (!) store wpa configuration in clear text on our machines anyways (and nobody cares). neither good practice nor an example for the youngens, but at least we get our machines to work
<civodul>ACTION surprised by the output of "guix graph --path guix clisp"
<mirai>lechner: I've seen some lines in dmesg before
<ArneBab>Why can it be so hard too get mesa 22 :-( — I’ve now been failing for three days to get that updated and core-updates looked so good, but had many failures, that occupied me for more than half that time.
<lechner>actually, my CPU is too old for both, i think
<ArneBab>lechner: sady the work I put in isn’t that high quality. I failed a lot and did not find out why those tests failed. Just wanted to get something working to I can investigate on the much faster new CPU whose on-board graphics need mesa-22 …
<arjan>lechner: pounce and related programs are very modular and most are optional, you can run multiple instances on separate ports without anything else or add calico to serve multiple instances on one port
<lechner>arjan / i know. it sounded like a zoo. maybe you an mirai can "herd" the cats
<lechner>ArneBab / you should leave that judgment to others. we just need the best of everyone's work. like nckx used to say, sometimes social solutions can help with a nearly intractable technical problem
<arjan>guix service configuration definitely helps to herd the modular components
<lechner>arjan / being new, i haven't seen your work, but mirai is truly fearless. maybe he will become a shepherd maintainer at some point, or at least our service specialist
<mirai>civodul: Is there some reason for AUX_FILES (gnu/packages/aux-files) to reside in Makefile.am rather than gnu/local.mk ?
<mroh>lechner: I think, decentralized substitution with ipfs and/or eris (#52555) would help here, if people would try to build this branches (which most don't). But yeah, the brave soul(s) that merge core-updates needs a big machine for sure ;) idk, I have the impression that merging the 2 branches regulary burns people to much...
<lechner>ACTION has ignored all warnings since Y2000
<jpoiret>I've never had any downgrade issues with pull, if there are i'd say it's a bug to be fixed
<lfam>I think if you use time-machine to test some branch, then later those commits land on master by cherry-picking or similar, then you pull from master, Guix will complain. The Git history of the provenance of the profile generations will not be linear
<ArneBab>A large part of the build time is being consumed by tests … could we separate those phases so a package whose tests succeeded once does not have to be rebuild just because its package got garbage collected?
<ArneBab>(⇒ keep the test result (boolean) longer than the build result)
<lfam>Would the tests package somehow be protected from garbage collection?
<lechner>lfam / don't wait for Gocryptfs though, please. it's a new package so i have a working local version
<ArneBab>lfam: that’s what I thought — not even a real tests package, just a boolean that says whether the tests for a given hash succeeded.
<lfam>I've heard similar ideas before, but this is more compelling
<lfam>It does raise some questions about the functional model. Or rather, forces the idea of the model :) As you may know, some test suites are flaky, but we have never had a consensus about how to handle those
<lfam>And there are things not accounted for by the model, like the filesystem on which the builds are performed, kernel versions, etc
<lfam>lechner: What's the primary goal of the branch? In terms of Go-language packages, how do you measure success?
<lechner>lfam / well, i only tried to add Gocryptfs but some of those Golang packages were ancient. i'm not sure how to answer. we ought to look at the most commonly used Golang packages, I think. We don't even have Hugo though, I don't think
<lfam>Okay, so it's mainly about Gocryptfs. And that's working for you based on the branch?
<lechner>lfam / can you rebase wip-go-updates to get around my downgrade problem?
<lechner>lfam / no, i do not wish to appear to focused on myself
<lechner>what are the popular packages based on Golang in Guix?
<lfam>I understand. I'm just looking for a basic "does it work at all?" heuristic that you can test with
<lfam>Good question, I don't know. I use Syncthing
<lechner>if you rebase wip-go-updates onto the current master, i think my deploy will work
<lechner>or on savannah, delete branch and push again
<lfam>I've rebased and pushed the branch, for your convenience. In general, it's best if you can use allow-downgrades so you can be a little more self-sufficient in testing
<lfam>At least until we develop a better worfklow for feature branches
<lfam>It would be nice to work at baseball games. That would be a career advancement for me
<lechner>we could have entire classes of contributors. many people could do nothing but accept patches with new version hashes
<lfam>My hope is that qa.guix.gnu.org can increase its capacity enough that interested contributors can largely self-manage their work until it comes time to push. There wouldn't be a difference between "branches" and "patch series", in practice
<vagrantc>i have wondered about splitting commit access vs. merge access ... e.g. "anyone" can commit to a branch or set of branches, and then someone else actually merges the branch
<lechner>we can assign another person to merge all pending commits into master in accordance with what people should be doing
<lfam>But I agree, there's way too much friction now. The social realities are largely informed / determined by the technical limitations of the infrastructure and, over time, they have reinforced themselves. As we improve our infrastrucure, we'll have to deliberately rethink our ideas about what's okay
<lechner>we have too few checks and balances, but the envisioned solutions rely on intelligence rather than duty
<lfam>I wish that the Guix Days happened more often. There's always a burst of cooperation and boldness afterwards
<lfam>I've drank too much coffee and need to step away for a while. I'll find the go-build-system manifest and share it, we can use it to test the branch a little more concretely. Unless something big is broken, let's push by Friday
<lfam>And we'll summarize our findings about the workflow
<lechner>it's because strengthening the social relationships reduces the fear or messing up
<lechner>mirai / if you have an extra moment, i'd love to track down this warning from the user-homes service, but could not find it (even through there are a few chmods there). it presumably occurs on my system because my home folder is mounted via FUSE, which denies the premission to root http://paste.debian.net/1273925
<lechner>it is, but not necessary. instead, i would like to change that chmod to either assume my uid, if needed, or to check permissions before trying to set them. mine are correct all along (I am logged in)
<lechner>i also think folder creation should probably be left to PAM on login
<lechner>although I don't mind it if it ensures that folks can log in
<mirai>but there's setuid,setgid and its many cousins
<lechner>i does not actually need to touch my folder at all. guix assumes in many places that root can do anthing, but that is not so with FUSE. for example, i cannot use 'sudo guix' or any sudo with commands in my personal profile, because that path is stored in my home folder and not visible to root
<lechner>that's also why i use guix deploy even on my local machine
<winter>can someone highlight me in like, a minute or two? trying to repro a client bug that only got triggered in this channel, thanks
<Guest7188>Anyone can recommend an image upload site? I am not sure if my system is hanging at boot or just takes a really long time after upgrade
<NewUser-Basic-Qu>okioki...I am getting "guix system: error: service 'console-font-tty1' requires 'term-tty1', which is not provided by any service" ... there is most probably no service term-tty1. what is this reffering to?
<lechner>NewUser-Basic-Qu / i have not seen that. it would be helpful if you could share your config, please
<NewUser-Basic-Qu>nah...had wlgreet first enabled on tty1 but my sway wlgreet config holds itself "vt = 7" so removed reference to wlgreet terminal for any tty. i do not have to include specific ttys starting with tty1 do it?
<lechner>well, something in %desktop-services (and possibly %base-services, as well) clearly expects "term-tty1" to be present
<NewUser-Basic-Qu>lechner wow...added (terminal-vt "1") and indeed error is gone...oki...thanks. am a little bit puzzled now..
<lechner>NewUser-Basic-Qu / it won't be the last time
<lechner>and for the benefit of any reader, i just booted with kernel 6.2.2
<lechner>NewUser-Basic-Qu / for the "support" user I warmly recommend the Guix Home service. some folks can do without, but i think life it too short
<NewUser-Basic-Qu>will get a home service. already experimented with that yesterday but is not first priority. Still feeling alien on Guix. Need more time to get familiar with the logic. Yesterdays home-service tests were purely for env-variables
<lechner>the beginning is really hard, but it all pays off when a piece of equipment fails and you can spin up an exact copy within a few minutes via 'guix deploy'. or i love transferring services between machines with a simple copy and paste
<mfs5173>It does not work, `guix shell` doesn't accept the target argument
<lechner>apteryx / restarted. i hung on Throw to key `psql-connect-error' with args `(connection-bad "connection to server at \"wallace-server.local\" (fd8d:f6a5:5f27:0:c723:1fef:b33c:e949), port 5432 failed: FATAL: remaining connection slots are reserved for non-replication superuser connections\n")'.
<lechner>headaches are probably similar to python, but there is no byte-compilation to disk
<apoorv569[m]>Does base-services not include xorg-xserver or something? I can't seem to get the lightdm login manager ever since I remove desktop-services and moved to base-services.
<lechner>cbaines / i don't have them. my options would be either to provide a nar importer (and I hardly know what a nar is) or being able to enumerate and download substitutes to my equipment for local processing
<lechner>i'd be happy to rsync, if that's available
<lechner>civodul / whoever is working on guix index
<apoorv569[m]>reconfigure? I already did several times I don't get lightdm login can't start dwm from tty either
<civodul>lechner: i started "guix index" and Antoine picked it up (discussions on the ML), so maybe we've been working on it concurrently? :-)
<mfs5173>apoorv569[m]: I assume you also included a lightdm-service-type ?
<lechner>i have a second version coming up that allows traversal via hyperlinks (including our symbolic links). i also plan to collect file information (magic) if that's not too much of an intrusion for people. the idea is to collect anything people have locally like my own packages or channels. it can really help to avoid duplicated effort, i think
<rekado>my problem now is that I can’t seem to see packages that have been installed after Emacs was launched.
<rekado>I used guix-set-emacs-environment, but it doesn’t seem to have any effect
<rekado>I always need to restart Emacs, which is unfortunate
<rekado>does anyone here have a similar set up? If so, how do you sidestep this issue?
<arjan>I have all Emacs packages directly in my home profile and in the rare case I want to add stuff without restarting I just build it and add the output to load path
<Guest74>since upgrading my system I get a BUG: kernel NULL pointer dereference, address: 0000000000000000 (can't make paste it says I should not spam) and also my system hangs upon shutting down at 'kvm: exiting hardware virtualization'
<Guest74>If I go back to my old system (5.16 I think) everything runs normally
<bjc>huzzah! with seatd/greetd i finally have rootless podman. we really need to clean up the cgroups stuff so it can be configured without contortions