IRC channel logs
2023-03-24.log
back to list of logs
<minima>hiya, i finally found the time to look into a bash completion issue that's been troubling me for a while - basically bash completion not completing any "composed" command e.g. git or pass or similar <minima>there's something i'm not sure about though, about the proposed solution <minima>eval'uing all scripts in ~/.guix-home/profile/share/bash-completion/completions/ produces many errors in my case - so i wonder if one should rather only use the first of the two folders, namely ~/.guix-home/profile/etc/bash_completion.d/ <jgart[m]>guix pull: error: Git error: failed to resolve address for git.savannah.gnu.org: No address associated with hostname <xelxebar>Looks like subversion package has an error in its description or something? `guix show subversion' throwing an error for me. <xelxebar>Wait, what... cvs and mercurial also surfacing the same error. O.o <sarg>Man, that was scary... my SSD with the root partition just disconnected during Guix reconfigure. Idk what caused this, it was in the middle of the check phase of building subversion. Root had remounted ro and I was unable to do sudo to check messages. Luckily, I'd just set up backups, and the drive wasn't completely dead - it came back on when I turned off the laptop (but not when I rebooted). <sarg>and the following question - is CI alright? I see it stuck somewhere at HEAD~10. <bumble[m]>when trying to open cloned guix repo directories and files, emacs shows message about local variables list that may not be safe... what is the recommended way to deal with this? <bumble[m]>emacs shows a prompt with an option to permanently ignore the unsafe variables... when that option is selected, emacs fails --tries to write to afile int he store and does not have write access <sarg>bumble[m] which file is it? afaik this goes to `custom-file` <bumble[m]>it shows the message any time a new file or directory is opened w/ dired regardless of which option I follow at the prompt <sarg>.dir-locals is the file in your checked out repo. But what file emacs tries to write to? <xelxebar>apteryx: Ah, my checkout is probably a few days old. <cbaines>civodul, it's not, but the guix-build-coordinator keeps eating all the RAM <civodul>looks like that leads to DNS problems <civodul>or maybe that's something else, weird <cbaines>bayfront is involved with DNS, so that's possible I guess <civodul>sarg: looks like Cuirass went awry; i restarted it <minima>not particularly critical, but is there a sensible way for me to apply the bash completion fix from 675c5c9bbd28e5e666903aa81efaec25b1573811 before it gets merged? <jpoiret>civodul: only a couple of minor packages failed to build! <civodul>so right now debbugs.el shows me like 20 patches in total on guix-patches <civodul>is something wrong with debbugs.gnu.org or did we catch up? :-) <civodul>"soap-parse-server-response: Server response is not an XML document" <sarg>obsolete in a sense that the proposed additions are already in guix <civodul>sarg: excellent, thanks! could you share more widely so i'm not a single point of failure? :-) <civodul>if you're unsure whether to close them, you can Cc: the relevant teams <sarg>yeah, but i'm reluctant as I am not known in this community <civodul>and people will appreciate this work, i can tell you :-) <sarg>yeah, I've already mentioned it here that I can spare some time cleaning the backlog. (inspired by Lars' emacs 10% cleanups) <civodul>cbaines: it'll happen "when we do it"; if you need this fix urgently, then maybe you can apply #62243 <civodul>please make sure to refer to the upstream bug report/commit in there <cbaines>I want to look soon at upgrading some/all of the guix-build-coordinator agents, so it would be good to include this fix. I'll see about merging it later today :) <meo>oh wrong channel sorry <ngz>Hmm. It looks like subversion update broke a lot of builds. <Guest3730>What is the guix equivalency of doing sudo apt update and then sudo apt upgrade (and vise versa for red hat systems) on guix? <jpoiret>and `sudo guix system reconfigure /some/path/to/config.scm` <jpoiret>and `guix home reconfigure ...` if you're using guix home <Guest3730>For multiple reasons including security and stability, does guix only allow admins or those in wheel group to install or upgrade packages? <next4th>and `guix system reconfigure ...` for the system <ngz>Also, `guix upgrade` is an alias for `guix package -u` <sarg>Guest3730 system reconfiguration requires sudo to a) switch generations b) install bootloader. Home profiles are managed by the users themselves <Guest3730>But how does setting up a software source work on guix? Is it possible to stop the user from allowing software from totallynotmalwaretrustmebro.com? Just wondering about this hypothetical scenario. I like the traditional unix package model because it gives the administrator more refined control over the system packages that are installed. <sarg>Guest3730 how would that be solved by debian? <Guest3730>I'm not sure what the question is. Can you clarify? <sarg>but then, you're asking about system packages. In guix you need sudo to install/update them <Guest3730>Yes, but I am assuming that if you use a home configuration, you can install packages without sudo to bypass any security measurements. <sarg>they're installed only in your user environment and not visible to other users on the same machine (unless they explicitly add the same packages to their profiles) <sarg>in guix everything is put in `/gnu/store` and what is actually visible to a user is based on what is symlinked into user's profile <Guest3730>Even if you have a user profile, said user *still* needs sudo access to install it? <sarg>no, sudo is only for `guix system reconfigure` which is well, updating the system-level profile <Guest3730>Hmmm... I guess one criticism I have with say flatpak, is that it's way too bloody easy to install random junk slowing down the system or even a malicious package that could be doing something nasty. I was hoping it would be more difficult to do said thing under guix. <jpoiret>Guest3730: tbh there's nothing you can do except not letting people run a shell <jpoiret>as long as you have a shell you can bootstrap a whole compiler and build whatever you want <jpoiret>I don't think the solution is to prevent real use-cases by restricting users, but rather inform them of what is/is not fair use of the system <jpoiret>cgroups/limits on Linux are another good solution <Guest3730>I guess informing users they'll lose the privilege to use said system if they start breaking the rules. Might be the best thing to do, once a malicious user has access to the system no amount of security will stop them from harming things. <jpoiret>cgroups and ulimits will limit how much system resources they can take up <jpoiret>but if they're locally exploiting some priv escalation bug, then yeah, there's nothing you can do (except maybe hardening using SELinux and friends) <Guest3730>Someone incompetent enough to just mindlessly click yes yes yes to everything that asks for approval probably shouldn't be using said system to begin with. <oriansj>jpoiret: actually it is worse than that. if they have the ability to write to memory and run the code at those memory addresses, then they could run anything they want. One can do a full bootstrap in Memory only. <oriansj>Guest3730: if you want to limit what can run on a system, whitelisting of binaries is the best you can do but even that will not save you when the attacker has enough brains to go after W^X is enabled. <gabber>(how) can i only match a single field (i.e. the first one) with match-record? <mirai>(match-record VAR <record-type-name> (FIELD) ...) <gabber>huh :) i thought that raised my cryptic error, but i guess that wasn't it <gabber>so i've created this patch https://termbin.com/lxap which doesn't work yet. invoking `guix home container night-time-test.scm` i get a "unbound variable(#f "Unbound variable: ~S" (wayland?) #f) <gabber>" but i'm not sure where that's coming from. maybe you can tell me what i'm doing wrong? <vv0r>guix pull: error: Git error: failed to connect to git.savannah.gnu.org: Network is unreachable <gabber>vv0r: can you ping git.savannah.gnu.org? <gabber>vv0r: i think this works for me. can you reproduce that error? <vv0r>ping gives me uknown host hmm <gabber>is it the same machine you're on IRC right now? <gabber>that is interesting (: can you traceroute? have you configured something special? do you have gnu.org blacklisted in your firewall? <vv0r>i'll try rebooting this machine, i dual boot this with arch linux, never had this problem before. <mirai>if that didn't work, "make clean-go" and rebuild again <gabber>doesn't Guile auto-recompile when files change? <jpoiret>it doesn't recompile dependents unfortunately <gabber>unfortunately re-building still raises that "unbound variable wayland?" message <civodul>cbaines: i've had other reports of intermittent name lookup failures for *.guix.gnu.org <civodul>do you think we could renice the coordinator or something? <cbaines>civodul, we could potentially make the earlyoom service more aggressive. I think there's some FSF tech issues though, so there could be DNS problems from that as well. <civodul>DNS entries not propagating well, somehow <mirai>gabber: did you make clean-go? <gabber>yes, i had to rebuilt the whole thing <mirai>is the patch in the link up to date? <gabber>is the correct access to the config fields through match-record or with a (in my case) home-night-time-configuration-wayland? <gabber>mirai: yes, that's the one i am trying <mirai>I think you're missing serialize-boolean <mirai>try opening the repl in a pre-inst-env <mirai>,m (gnu home services desktop) <gabber>i thought the `empty-serializer` in the wayland? field took care of that <mirai>try opening the repl in any case <gabber>i'm in the repl -- what can i do now? <mirai>,m (gnu home services desktop) <mirai>(home-night-time-configuration) <mirai>,build (mixed-text-file "foo" <GEXP HERE>) <gabber>it results in a valid looking redshift config <mirai>unrelated, but instead of (if #$(home-night-time-configuration-wayland? config) "[general]" "[redshift]") <mirai>your problem is within the shepherd-service <mirai>(if wayland? ... ) needs ungexp <mirai>#$(if wayland? (file-append ...) ... ) <mirai>it could have been (if #$wayland ...) but that's a bit of a waste <papapanda[m]>Anyone having issues the Guix website? Can't connect to it. <gabber>mirai: where's that file-append going to go? <mirai>Do this: #$(if wayland? (file-append gammastep "/bin/gammastep") (file-append redshift "/bin/redshift")) <gabber>that was my question :) thanks for the clarification <gabber>i need to test this by reconfiguring my home-env. but `./pre-inst-env guix home reconfigure my-home-config.scm` gives me a "failed to load my-home-config.scm [...] In procedure module-variable: Wrong type argument in position 1 (expecting module): #f" ? <civodul>jpoiret: i haven't been able to do anything on core-updates so far as debbugs and Savannah are failing me <mirai>apteryx: re extensible define-configuration, the docstring comment refers to normalize-extra-args? <mirai>or is it about define-configuration-helper <cbaines>I wonder if we should set longer TTLs for most/all guix domains, that might help to reduce the impact of DNS problems <cbaines>we can always drop the TTL if we know there's going to be change coming up <mirai>> This 'every' call result is not acted upon. <mirai>It's supposed to fire if you hand it a "deprecated" serializer <mirai>that'd be a bug missed in a test-case <apteryx>mirai: based on my reading the code alone <apteryx>perhaps there's a useful side effect I missed <apteryx>is someone working on updating ffmpeg to version 6? <apteryx>every would return #t if all the items are #f; is there anything more? <apteryx>I guess it was missing a 'when'; but my suggestion to use unless + filter-map seems a tad nicer <apteryx>(if you use when/unless you also do not need a (begin ...) block to group multiple statements) <civodul>SELinux question: "semodule -i guix-daemon.cil" fails with "Failed to resolve permission watch" <apteryx>not sure what's this :-) I always disable selinux to get guix-daemon running <civodul>that's what i had in mind but my coworker is reluctant :-) <apteryx>I think rekado was our selinux champion <mirai>it checks that whatever was in extra-args is not in the new style <mirai>so it must be a plain serializer <mirai>the check is done in the guard <apteryx>shows how much familiar I am with syntax-case <apteryx>I'd put the guard next to the pattern, like the manual examples seems to do, as a hint to the reader <mirai>and IMO it would make it even harder to see the difference <mirai>right now it's more or less evident what is pattern, what is guard and, what is exp <mirai>hmmm... it's not the practice in guix/records.scm <mirai>perhaps it's a matter of taste? 😄 <mirai>if the pattern isn't overly elaborate, either is fine with me <apteryx>I guess if I was more familiar with guards I wouldn't need a cue! I suppose many readers won't be, but yes, it's just stylistic so not overly important. <mirai>apteryx: #; is documented, but with one layer of indirection <apteryx>mirai: C-s #; doesn't return anything <drakonis>editing on matrix will simply repost the message with the changes <f3n1x>i'm having issues with a package ('dino' xmpp chat application ( for the curious xD) , for the matter ) ... in an attempt to fix the application problem , may i re-install it ? does guix provide a specific command for that purpose ? thanks, thanks, thanks <rekado>f3n1x: reinstallation likely won’t do anything useful <rekado>f3n1x: installing a package means two things: it’s added to /gnu/store and then you get a new profile generation that contains a link to that location <rekado>reinstalling just means to essentially remove the link and add the link again <rekado>that’s not a useful operation in Guix <rekado>bleh, I just accidentally pushed commit 6d132c5ebf51205decf75377a33c82c113688b02 which contains automatically applied indentation changes to python-scikit-allel <rekado>(the commit was supposed to only add python-scikit-optimize) <mirai>what's the right behaviour if guix fails to mount a drive with (mount? #t)? <apteryx>that's the current behavior at least <mirai>at least, it hangs with a nfs volume <mirai>but anything that is absent works as well <apteryx>what do you mean by "anything that is absent" <mirai>define a filesystem that mounts at /srv, anything really, as long its not "critical" to boot <mirai>it could be fictional (use a random uuid) <rekado>I would define an extra drive to mount somewhere, later remove it (physically and from the configuration), and then I would no longer be able to boot that older system generation <mirai>perhaps mount? was already #f <mirai>huh, interestingly #39551 suggests that "nfs" doesn't care about mount? <mirai>perhaps I'm conflating with something else, I was also figuring out how to get the host-name part right back then <mirai>it wasn't very fun figuring out how to coerce nfs to work with ipv6 LLAs <mirai>ah, nvm, further down in #39551 it does say that extra things still had to be done <Guest19>isnt libpulse.so in pulseaudio package? <mirai>what's the file-systems shepherd service supposed be “used for” ? <mirai>must every file-system mount be part of this? <mirai>or are we free to define file-systems that are independent of this? <Guest19>jpoiret having pulseaudio in inputs would be enough for the application to find it? since I don't see it in strace that it actually finds it and therefore sound is not working <jpoiret>depends on how the application is looking for it <jpoiret>is it linked against it at build time? <jpoiret>strace should show you all the dlopen misses in any case <Guest19>yea and I only see misses and never that it actualy goes for something-pulseaudio <Guest19>it is not directly linked to pulseaudio itself since it uses cubeb which uses pulseaudio <ellysone[m]>anyone knows what's going on with python-pre-commit error when I guix pull? I think I saw something about this on the mailing list but can't find it <lilyp>there should be nothing going on with python-pre-commit, that bug ought to already have been fixed <nutcase>Why is linux being built and not being downloaded from substitute servers? with sudo guix system reconfigure... I get: The following derivation will be built: /gnu/store/mr5ff4rljxlm3hwmm8sxzr4am7rjzcnn-linux-6.2.8.drv <sarg>nutcase: because it's not built by CI yet? <nutcase>sarg: ok, that is the obvious reason. I should wait for tomorrow, then? Or is the delay even longer? <sarg>honestly idk. But today there were some issues with the CI, maybe it has to catch up <Guest19>guix build glibc gives me 3 dirs but i just want that from out. how can i specify glibc:out in the cmd line? <sarg>afaik you can't build just one output. This separation happens *after* the build <sarg>but you can `guix shell glibc:out` <ellysone[m]><lilyp> "there should be nothing going on..." <- guess I'm stuck on an older revision where it is not fixed, what are you supposed to do in that case? <Guest19>I added hicolor-icon-theme as input but the package still does not find the icons. But it searches in Emacs for icons. Does it require additional steps so a package finds icons? <sarg>Guest19 afaik you need to apply the icon theme. try `lxappearance` <ellysone[m]>woops I misread, the python-pre-commit unbound variable bug happens on the guixrus channel not guix <lfam>nutcase: Looks like you are using Linux rather than linux-libre. To be clear, Guix doesn't package Linux or build substitutes for it <nutcase>lfam: yes, you're right, I additionally use nonguix. <jonsger>nutcase: I answered your questions in the respective IRC channel :) <nutcase>jonsger: thank you very much! You're right, I should've asked there before <lilyp>ellysone[m]: raise that bug with guixrus then