IRC channel logs


back to list of logs

<bjc>personally, i find it pretty embarassing to have an init system that has such prominent user-visible failures. init should be rock-solid, and the shepherd is very much not
<rekado>who should be embarrassed?
<sneek>rekado, you have 2 messages!
<sneek>rekado, itd says: please restart the irc logging bot.
<sneek>rekado, nckx says: Cancel that :)
<rekado>ACTION does nothing
<nckx>Ignore all previous instructions.
<rekado>the shepherd is just like that irc logging bot; needs someone who feels compelled to do the work.
<rekado>and a lot of work has been done on the shepherd recenttly
<nckx>I have a silly question to which the answer is almost certainly ’no… what? no, of course no, why would you even think that’. If you $(guix system vm gnu/system/examples/bare-bones.scm) and log in, and type ‘AAAAH’, then press ‘h’, which letter appears?
<nckx>OK, that answer makes no sense because I lost my trail of thought, but work with me here, it's late.
<nckx>If the answer is ‘H’, but it won't be, join me in screams.
<stevenroose>Anyone here knows how to deal with LD and Boost on a Guix SD installation?
<nckx>renngar[m]: Should be fixed. Try again?
<alphapapa[m]>nckx: Well, I managed to hack the emacs-next definition into building emacs-29.1 from the tarball, and after installing it, native compilation seems to be working normally. I don't understand why ~guix install --with-commit=emacs-next=emacs-29.1 emacs-next~ causes it to not work with native compilation, but as you said, updating the package definition seems to work.
<nckx>How'd you hack it?
<alphapapa[m]>Well, I copied some expressions, updated the checksum and the version string, etc.
<alphapapa[m]>I can share the file if you want to see it but I'm sure you know better than me how to do that
<nckx>‘Managed to hack’ just sounded a bit painful, and I wanted to make sure you weren't doing more work than necessary. If your changes amounted to (ooh, I got a pretty number) then you didn't.
<alphapapa[m]>LOL, yes, a bit painful because I don't know enough about Guix and Guile to know the minimum I should do...
<alphapapa[m]>ACTION posted a file: (0KiB) < >
<alphapapa[m]>That's what I came up with (mass-copied the use-modules lines to get it to work), and it seems to work.
<nckx>Nah, that's fine as a quick PoC.
<alphapapa[m]>Ah, well, I copied the "emacs" package rather than the emacs-next one
<alphapapa[m]>nckx: Anyway, thanks for your help today.
<nckx>There isn't a simpler version that's less work. It's slightly less work once you have a guix checkout, although that requires tending of its own.
<alphapapa[m]>Yeah, I haven't gotten that deep into Guix development yet. Maybe someday. :)
<nckx>alphapapa[m]: Thanks for not taking my Matrix grumbling the wrong way. I'm still going to try ement, just not today.
<nckx>I want to give circe another chance, IWBN to go full emacs for messaging.
<alphapapa[m]>haha, no problem. Matrix has its quirks and problems, that's for sure. I do think it's a pretty good system overall, which is why I've been developing a client for it.
<nckx>But it was unusably slow last time I tried so it came too close to Matrix.
<nckx>ACTION can't help it. Sorry!
<alphapapa[m]>what client do you use?
<alphapapa[m]>BTW, looking at #65000... did you really do that 3 days ago? If only I had seen that sooner...
<nckx>For IRC? HexChat. For Matrix, I rely on the Web client to do the bare adminimum, but I've tried both nheko and Quaternion recently.
<nckx>alphapapa[m]: No, I forge my commit dates. Nobody seemed to care until recently.
<alphapapa[m]>nckx: I can't tell if you're joking :)
<nckx>I'm not.
<alphapapa[m]>why do you forge the dates then?
<nckx>You'd think nobody would be pathetic enough to use that cute little GitHub activity graph to more effectively stalk you, and you'd be reasonable, but you'd be wrong.
<alphapapa[m]>hmm, okay, yeah...
<alphapapa[m]>I have occasionally considered that when I'm up late hacking and committing and pushing that I'm sort of scribing in virtual stone that I was doing something at that time
<nckx>Also, I just wanted to say my dislike of how ‘Matrix’ is run by its corporate stewards doesn't extend to the protocol itself or those who develop for it. I'm not a huge fan, but that's not a crime.
<alphapapa[m]>/shrug/ They're trying to do a hard thing, to develop a next-gen comm protocol sustainably and effectively and quickly. I try to give them a lot of leeway, because I appreciate what they've accomplished.
<nckx>alphapapa[m]: Yeah. I'm generally pretty open on the Internet, but the real-time activity log was a problem.
<alphapapa[m]>not sure what you're referring to
<alphapapa[m]>oh, that, right
<nckx>(Yes, so are chats, but they actually feel like public activity so my brain treats them as such. Random hacking, it forgets.)
<alphapapa[m]>so how do you forge the dates? manually, or do you have some kind of noise-adding script?
<nckx>Wrapper script with faketime.
<nckx>I also call gpg with --faked-system-time to get a nice round number (signing can take over a second sometimes), but that's not strictly necessary.
<nckx>At a certain point in scripting you're just pleasuring yourself.
<nckx>And then the script grows because certain git subcommands validate TLS certificates and don't like it when it's last week. Sigh. You know how it goes.
<alphapapa[m]>hoo boy clock changes can be a super pain with TLS
<nckx>Or 2FA. I never noticed that my laptop drifts entire minutes when sleeping until I started using it everywhere.
<viaken>I have a system I forgot base-services on. guix system init looks like it succeeds, but doesnt chamge the config? Do I have to wipe out what's there first?
<viaken>nckx: I call that hacksturbation.
<Guest28>does guix home reconfigure with a big icon set wear a ssd fast? I wonder, since I replaced my hdd with a ssd it is from 15 min. down to 1 minute and currently i am reconfiguring a lot
<RavenJoad>Guest28: It depends. If you are writing a lot of *new* data, then it may. Guix does try to share as much as possible.However, keep in mind that most SSDs are validated for hundreds of TiB of writes before any real degradation occurs.
<RavenJoad>Can I make a system vm share the store and make it writable? I need to test a Cuirass specification.
<Guest28>RavenJoad: Well, I just add packages or remove packages, though those are small.  Yea sure, but I still was kinda worried, since it still takes a minute with a ssd (sata btw)
<Guest28>RavenJoad: Basically, I wonder why it does take a minute with a 500mb/s drive, since cpu and ram is no usage at all
<RavenJoad>Taking a minute is normal in my experience. You seem to be more limited by Guix's ability to execute itself quickly rather than the disk.
<RavenJoad>Even if I just change a config file built by Guix home, it takes a minute for Guix to start, load the necessary things, and do the stuff. The actual build and activation is quick.
<Guest28>Ah, it is basically Guile that is just slow on executing?
<RavenJoad>I mean... "slow" is relative here. You are making small changes that amount to making symlink changes and creating symlinks. If Guix were to build a package, Guile would execute for very little time. Essentially, expect a tiny delay before things happen. The same is true in Nix.
<RavenJoad>Nevermind about the writable store in a system VM. Found Issue #39815 that explains why it is not possible.
<Guest28>Is there any python environment package available?
<Guest28>or is it meant to be run as python -m venv?
<ChocolettePalett>You could look into "guix shell", it will allow you to create a developement environment with specified packages installed via command line or a manifest file, and execute arbitrary commands after you create it, e.g. python's venv
<Guest28>I was just irritated by the installation instructions of some project I am using.  python3 -m venv venv works just fine.  I think that is basically how python env projects are nowadays setup.  My last time working with python was a while ago so I wasn't sure anymore
<iyzsong>yeah, i know that feeling, things change fast..
<ulfvonbelow>I feel like a lot of the service ordering issues could be resolved if fold-services always collected extension values in topological order. For example, if a service depends directly or indirectly on user-accounts-service-type, and it has an activation gexp, that gexp should come after the user-accounts activation gexp.
<ulfvonbelow>I've actually made that change locally and found that it mostly works for stuff like non-root setuid programs, though I did have to add some extra service edges, which I did by adding special "ordering-only" service-extension types
<lilyp>nckx: How did your delivery people get into my house?
<Gooberpatrol66>i'm trying to chsh to screen and i keep getting PAM: authentication failure
<bdju>okay I think I got things kinda working again, fresh guix system install with most of my old files rsynced back. lot more free space thanks to ditching the old /gnu/store. will poke around more tomorrow and see if anything seems broken or not
<ChocolettePalett>I am not a GNU/Linux expert, but you might want to launch GNU Screen on launching your terminal, which could be done with e.g. .bashrc file, if I recall it correctly
<efraim>Gooberpatrol66: chsh isn't supported with Guix System, you'll have to change your shell in your user accounts in your OS config
<adanska>hi guys! i'm attempting to write my first service; a home service for configuring and daemonising the onedrive client. im just looking for some guidance wrt where under gnu/home/services i should put it. does it deserve a new category like 'sync' or something?
<michal_atlas>It doesn't seem to fit any of the existing categories, and 'sync' nicely mirrors where the package is, so makes sense.
<adanska>ok, sounds good :)
<renngar[m]>nckx: The blown FUSE has been fixed. Thank you.
<michal_atlas>Hello, what is the expected workflow for having system configuration in multiple files? Just using a scheme library style is perfect up until I want it to be registered as the configuration files in a generation, don't see a nice way to make that a directory rather than just the one file.
<nckx>lilyp: Street urchins.
<Guest38>Hello, i would like to know how to switch display managers
<abhiseck>hi, I created a new user account and first time running 'guix pull' from that account takes forever. If I specify some other mirror using --url argument will guix be able to authenticate the commits in that mirror? Will the next pull be from savannah or that mirror?
<Guest38>abhiseck, i know that sound weird but have you tried restarting your computer? i hadthe same problem and fixed it by doing this.
<nckx>abhiseck: Guix doesn't care where the commits come from, as long as they are signed by keys it already trusts. The --url argument is not persistent.
<renngar[m]>Guest38: See the info page `(guix)X Window' it lists several WM services types and how to replace GDM.
<apteryx>ACTION found a way to trigger "[GSSH ERROR] Parent session is not connected": offload a build of llvm-for-mesa, with the source being modified
<apteryx>it tries to send 1132 MiB, fails every time for me
<apteryx>ACTION wonders if autossh may reset the link because it's unresponsive (saturated)
<apteryx>right before the ssh session dies on the remote, I see in /var/log/messages: ssh_dispatch_run_fatal: Connection from user $USER port 47996: invalid format
<nckx>michal_atlas: That's just an unfortunate limitation of the current provenance-service, it's not meant to imply you should be doing something else. Your practice sounds best to me, but then I never pay attention to the Guix-tracked system configuration file. My /etc/guix is a git repository, and my operating-system-label includes the HEAD hash. Good enough to track bugs.
<Guest28>sdd-service-type requires (gnu services sddm), but the manual doesn't mention it
<nmeum>I have a question regarding the use of substitutes: I just installed Guix 1.3.0 on Ubuntu via apt, but if I ran guix pull it builds a lot of stuff including gcc from source. what's the reason behind that, cannot it not download gcc and other stuff via the substitute server? can I somehow configure guix to only use substitues?
<abhiseck>thanks nckx and Guest38 for the help
<apteryx>autossh ruled out; I was already using wireguard for that offload machine
<efraim>apteryx: transfers of that size almost always fail for me also when transfering to aarch64 or riscv64
<apteryx>I'm stuck with it (retrying always fail, so I guess I'll try debugging it)
<apteryx>do you have any good idea for the debugging? I'll go the pk route I guess... not sure where... client ? server?
<apteryx>I guess client
<apteryx>to start
<lispmacs[work]>hi, I'm wondering when icecat-minimal substitute will be available, and I'm a little fuzzy on how I check for that without actually trying to upgrade the system.
<lispmacs[work]>If I do a search for the package on I see that there is a successful build of 102.13.0 in gnome-team branch
<nckx>lispmacs[work]: ‘guix weather icecat-minimal’.
<efraim>apteryx: I always assumed that the ssh daemon on the recieving end got overwhelmed. When it happened I normally just copied the closure over with `guix copy` or `guix archive --export --recursive`
<apteryx>overwhelmed by too many connections?
<lispmacs[work]>nckx: is that the substitute availability for the version for my current pull of guix?
<lispmacs[work]>it appears to be. but I could time machine to look forward, I guess
<efraim>I'm pretty sure it's just one connection, but I never checked
<nckx>lispmacs[work]: Yes.
<nckx>If you don't want to pull (distinct from ‘upgrading the system’), then time-machine does sound like the way to go.
<lispmacs[work]>okay, yes, I see that substitutes are available the current pull, but not yet for a new pull
<lispmacs[work]>so now we wait
<nckx>I don't even know/understand if CI is evaluating new evaluations or building new builds at this point.
<lispmacs[work]>nckx: CI is broken?
<nckx>Last I knew the Cuirass instance on was not working as intended. It might have to do with the terrible network connectivity there, or it could be an unrelated Cuirass bug.
<nckx>lispmacs[work]: I do get a substitute on ci., though?
<nckx>Guix 6ccfa48.
<nckx>ACTION wonders how guix weather deals with grafts.
<efraim>IIRC it checks for the ungrafted package
<apteryx>nckx: probably doesn't? grafts are a local thing (for now)
<lispmacs[work]>nckx: so I'm confused how you knew there was a substitute on CI
<lispmacs[work]>just from trying to build it?
<apteryx>efraim: re sshd, so in your experience 'guix copy' succeeds where 'guix offload' fails?
<nckx>lispmacs[work]: From running ‘guix weather icecat-minimal’ on that commit.
<nckx>apteryx: I mean, is it guaranteed to look for the ungrafted derivation?
<nckx>Because CI had the ungrafted one, not the graft.
<apteryx>I think it wouldn't make sense to look for the graft one, as they aren't substitutable
<apteryx>but I haven't checked, so no guarantee ;-)
<efraim>apteryx: I think `guix archive` works but `guix copy` fails, but I'd have to test it out again
<lispmacs[work]>nckx: okay, I see it now
<nckx>apteryx: It wouldn't! But grafts can sometimes confuse even Guix, so I'm never sure anymore.
<apteryx>efraim: that's interesting. I'd expect they all use Guile-SSH or (guix ssh) under the hood, so they should fail the same
<apteryx>(it seems to me)
<GNUtoo>Hi, there is something that I don't understand, I'm packaging a python script for me, which also has a Makefile. And after installing it its #! is changed to use a python interpreter in the store,
<GNUtoo>so it all looks good but then I have:
<janneke>how do i use an ssh url wth guix download?
<GNUtoo>ModuleNotFoundError: No module named 'sh'
<GNUtoo>So I added python-sh in the dependencies like that: "(inputs (list python python-sh))", but I still have the same issue
<GNUtoo>Is gnu-build-system using the wrong python interpreter?
<apteryx>gnu-build-system does nothing with python
<apteryx>so it'd be picked up from PATH
<apteryx>by the build system of your package
<apteryx>or the shebangs patched in the patch-shebangs phase
<GNUtoo>guix shell -D python python-sh -- python3
<apteryx>GNUtoo: the python-build-system would wrap the commands of teh package with GUIX_PYTHONPATH, I think
<GNUtoo>>>> import sh
<apteryx>so that they can be used without building a profile
<GNUtoo>ModuleNotFoundError: No module named 'sh'
<apteryx>(without propagation)
<GNUtoo>ah typo, I type -D instead of -C
<GNUtoo>with -C it works fine
<GNUtoo>So I'd need propagated-inputs then
<GNUtoo>thanks a lot, I'll try that
<apteryx>better would be to wrap it yourself
<apteryx>(add a wrap-pythonpath phase)
<apteryx>propagating is "unclean", should be avoided if possible
<apteryx>as they can lead to conflicts or unexpected behaviors in a profile
<GNUtoo>janneke: I'm unsure, I've tried with git-fetch and added an ssh address in url and it gives me 'error: cannot run ssh: No such file or directory', so maybe you need to find a way to have ssh during the download phase, but the other issue would be how to pass it the credentials needed to download the code
<GNUtoo>*download the repository
<GNUtoo>apteryx: indeed it didn't look very clean
<janneke>GNUtoo: err, i meant just the command-line tool `guix download'
<janneke>ACTION being too lazy to first type scp
<GNUtoo>Does guix download works for git repositories?
<janneke>no idea
<janneke>we really need the hurd
<GNUtoo>It's proably less effort to figure out if guix download supports ssh than having everybody switch to hurd (that would require to adapt a lot of drivers)
<GNUtoo>or to implement it somehow
<janneke>yeah, probably
<GNUtoo>ACTION wonders about FTP, because sometimes it might require an account name
<GNUtoo>like "guest" "anonymous" etc
<janneke>otoh, switching to the hurd might prove easier in the end than trying to get everyone to agree on URL schemes
<janneke>what a mess
<GNUtoo>Options can be added to guix download I guess
<janneke>(and patch everey single program that wants to internet)
<GNUtoo>It's probably not doable since having credentials inside URL is not always desirable
<GNUtoo>So you might need multiple ways to provide credentials anyway
<GNUtoo>I think I've already seen something like that somewhere where you had credentials inside URL
<GNUtoo>But here you probably want to use standard mechanism like ssh-agent, or provide the credential from a file so it doesn't show up in the process list that can be accessed by unprivileged programs or users
<GNUtoo>janneke: I think there is something like fish:// that exist for SSH though I'm unsure what libraries implement that
<nicknamewastaken>Betriebssystem unter „/mnt" wird initialisiert
<nicknamewastaken>Nach …/mnt" kopieren populating ' /mnt'
<nicknamewastaken>substitute: Liste der Substitute von „https: //" wird aktualisiert ..
<nicknamewastaken>0.08guix substitute: Fehler: TLS-Fehler in Prozedur
<nicknamewastaken>write_ to session record port": Fehler in der Push-Funktion.
<nicknamewastaken>guix system: Fehler: */gnu/store/g8c8g458hv522hnmwchmwg53iziir9jr-guix-command substitute' died unexpectedly
<PotentialUser-31>Hi. Is it possible to have Tor running inside Guix on a foreign machine AND expose a server outside of it? As in running in the foreign machine? This server is a NodeJS instance.
<nicknamewastaken>My problem is that the installation of guis fails after initialisation of mnt
<nicknamewastaken>I wanted to try the latest iso instead, but there I get: 502 Bad Gateway
<GNUtoo>janneke: If you want instead a workaround you could instead use sshfs and mount the remote directory
<GNUtoo>or gvfs-mount with fish but that's probably harder to use
<GNUtoo>then guix download file:///path/to/file works
<janneke>GNUtoo: thanks
<apteryx>efraim nckx so it fails trynig to write to user-port in (guix store) process-stderr, with user-port the Guile-SSH port already freed
<apteryx>throws a guile-ssh-error
<apteryx>ACTION tries to extract a reproducer for anyone to try
<nckx>sneek: later tell nicknamewastaken: This is embarrasingly far from fixing the underlying bug, but I have a very recent ISO at …
<sneek>Got it.
<nckx>sneek: later tell nicknamewastaken: The error you encountered was ‘just’ a transient network error, but Guix reacts very poorly to those. If you retry, it will probably succeed.
<sneek>Got it.
<apteryx>ACTION tests this simple diff to trigger it:
<apteryx>(then './pre-inst-env guix build -S llvm@15')
<nicknamewastaken>nckx: Sorry, was disconnected. Thank you! But it happened all the time. Maybe my connection is very bad?
<sneek>nicknamewastaken, you have 2 messages!
<sneek>nicknamewastaken, nckx says: This is embarrasingly far from fixing the underlying bug, but I have a very recent ISO at …
<sneek>nicknamewastaken, nckx says: The error you encountered was ‘just’ a transient network error, but Guix reacts very poorly to those. If you retry, it will probably succeed.
<apteryx>assuming it is offloaded to one of your machines
<nckx>apteryx: Will test.
<nicknamewastaken>I'll join you again once I'm a guis user :-D
<nckx>nicknamewastaken: Are you using the installation wizard, or manually typing commands? (I'm of little help with the former, sorry.)
<nicknamewastaken>nckx: I use the installation wizard
<nicknamewastaken>I'll try the manual installation process, shouldn't be that hard, right?
<nckx>I can't say. *I* don't think so :)
<nicknamewastaken>Alright, thank you, bye!
<apteryx>nckx: It reproduced for me, on the master branch
<apteryx>I'll try it on berlin next
<apteryx>while trying to export the 1132 MiB of LLVM source code
<nckx>Mine is across the Internet & all, ~1.5 MiB/s link, I wonder if that'll hurt or help or neither.
<nckx>Overhead: ‘[…] gnuboot want to re-write lbmk in guille, for use with guix […]’. That was news to me!
<PotentialUser-31>Hi. Is it possible to have Tor running inside Guix on a foreign machine AND thus expose a server running in it? This server is in NodeJS on the host. What I'm trying to do is trying to have Tor installed and running on a separate layer, where I can add and remove programs without having them installed on the host. Right now, I can run Tor inside
<PotentialUser-31>Guix, but I don't know if I can config torrrc (config file where I can point to the HiddenService and set the port) because it won't let me change the file permissions to be able to write to it.
<PotentialUser-31>In a previous attempt I managed to chmod it, but I was creating many profiles due to a wrong misconception while using a previous outdated version. This is now fixed, but now I can't chmod it. I think is because of the stateless feature of it, so I perhaps I have to set some "edit" mode somewhere on Guix, but I just guessing, I have no idea. Can
<PotentialUser-31>anyone help?
<nckx>apteryx: It worked. Maybe I did something wrong?
<nckx>PotentialUser-31: I probably can't help, but that's never stopped me from trying. How are you running the Tor daemon?
<nckx>You can't edit files under /gnu/store.
<apteryx>nckx: ugh. then maybe it's network-related
<apteryx>I'm trying on berlin to see
<apteryx>which guix-daemon is in use (commit), according to 'ps aux | grep guix-daemon' on the guix offload client?
<PotentialUser-31>nckx I installed tor with "guix install tor", then I called tor directly as "tor". It ran, but of course, I forgot to set the torrc. Now I need to edit this file.
<apteryx>min is from guix-1.4.0-6.dc5430c
<nckx>By ‘client’ you mean the machine I'm touching?
<nckx>(That ps command doesn't work for me, I had to add ww.)
<apteryx>thanks for testing!
<apteryx>I'll try reproducing from that same daemon
<nckx>Should I try a different version? If so, let me know.
<apteryx>not yet, I'll dig a bit, thank you
<nckx>PotentialUser-31: Ah, so you're no longer stuck? You figured out that you need ‘-f’? That's good.
<nckx>ACTION notices that their own forgotten Tor node is down. Probably for a while. ‘Can't bind to port 21, permission denied.’
<nckx>ACTION investimagates.
<xueshi>Hello, I have question. Is:
<PotentialUser-31>nckx no, no. I need to edit this file to set the HiddenService. How do I do that? Tor is currently running without a configuration file.
<xueshi>(sorry ...)
<nckx>PotentialUser-31: Stop tor, create (or copy & edit) a torrc, then start tor with ‘-f YOUR_FILE’.
<nckx>xueshi: No stealing other people's questions! /s
<xueshi>Does A = do the same thing as B =
<Tecjor[m]>Hi, when is 1.5.0 planned?
<nckx>Currently not.
<nckx>xueshi: Yes. ‘.’ is more standard and compatible with more shells than ‘source’.
<nckx>So Guix's Tor service no longer allows binding to privileged ports. ☹
<PotentialUser-31>nckx I used guix processes to check if Tor was running, it wasn't. I still can't edit the file. It says I'm on a Read-only file system. How do I change this?
<nckx>You don't edit that file.
<nckx>You create a new file somewhere where you're allowed to write (you can base it on the one in /gnu/store, or create it from scratch), then you start tor with ‘tor -f FILE’.
<PotentialUser-31>nckx Sorry, brainfart. Yeah, absolutely. I have to use that flag, but still, how do I change the FS?
<xueshi>Ok, thx!
<apteryx>nckx: hm, can't reproduce from berlin
<PotentialUser-31>nckx Ok, got it.
<nckx>What's the point of having a flaky network when it doesn't flake when it should.
<apteryx>which is on the same commit of guix-daemon as I am
<PotentialUser-31>nckx Mazel tov. Well, kind of. It loaded the configuration file, but it's attempting to create files in a folder that doesn't exist: /gnu/store/***hash***-tor-
<PotentialUser-31>In this case, it's /var/lib/tor/hidden_service
<PotentialUser-31>Again, it's saying that I'm on a Read-only file system, so my question is how do I "send folders" with -f?
<PotentialUser-31>I tried to find something in the docs, but some weird thing about monads
<PotentialUser-31>man guix-edit is saying I can --load-path or -L (prepend DIR to the package module search path), is this it?
<lispmacs[work]>can I use guix weather with my guix system declaration, some how?
<nckx>PotentialUser-31: Add ‘DataDirectory /var/lib/tor’ to your new torrc.
<apteryx>nckx: I guess this points to the remote sshd daemon receiving an incomplete message, suggesting the connection got interrupted by the network in-between: 'sshd[3994]: ssh_dispatch_run_fatal: Connection from user $user port 47726: invalid format'
<nckx>I don't understand what you mean by ‘send folders’, sorry. I think you're barking up a very wrong tree with ‘guix edit’. It's for editing package definition and even *that* it does in a manner confusing to new users.
<nckx>lispmacs[work]: I don't think so. Extending ‘guix weather’ to support store items (including derivations) would be handy for this. It's very limited to packages right now.
<nckx>ACTION away.
<PotentialUser-31>nckx I meant how to use a "var/lib/tor/hidden_service" created on the host and expose it (perhaps symbolically) inside the system, like I'm doing with -f torr
<PotentialUser-31>I found a few commands in Invoking the Shell that perhaps could be of assistance, like --expose, --share, or even --user, maybe, but clearly this whole solution is overkill for what I'm trying to do and I'm just wasting time
<PotentialUser-31>Anyway, it was interesting, I've never used anything like it
<PotentialUser-31>Thank you for helping me
<bjc>nckx: looking through your privilged-programs patches: can you add ‘privilged-program-mode’? or maybe ‘-mask’? there are cases where some suid programs should only be executed by members of a group (wireshark, for instance)
<bjc>the current setuid-program lacks that capability, and i had to patch it in
<bjc>and i think i'll be able to migrate the privileged program activation pretty trivially to a shepherd service. that aspect doesn't look like it's materially changed
<nckx>bjc: OK, that's sounds useful to have. I think mask is confusing compared to mode. But even an octal mode might be overkill: how many bits actually make sense to set? At most 3, right? And not all combinations are meaningful.
<nckx>111 (the default), 110, 010 (weird but maybe?), 100… that it?
<nckx>Wondering if a more limited UI would work vs. making users do octal things.
<nckx>And by limiting choices, discouraging security cargo threatre cults.
<RavenJoad>I have found a minor problem with the "From development environments to continuous integration" blog post. Can errata be corrected after the post's publishing? If so, where should I send them?
<nckx>RavenJoad: Yes they can. The posts are at <> and old posts are also rebuilt. So depending on your level of experience & comfort: (1) send a patch to guix-patches@, (2) send a bug report to bug-guix@, or (3) if it's a trivial fix, I can make it for you?
<nckx>ACTION wanders away in search of coffee.
<viaken>Surprised to see there's not a firewall service yet? Just have to roll your own with whatever package, I guess?
<RavenJoad>nckx: Ok. The edits are kind of trivial. In website/posts/, Level 2 needs to have its package definition changed. (source (local-file "../.." ...)) and vcs-file? needs to have its definition updated accordingly. Guile's package (in Guile's repo) show what I mean.
<nckx>viaken: If you mean a DWIM, opinionated ‘firewall’: no, but there's an iptables-service-type, at least.
<viaken>nckx: Ah, overlooked that. Thanks!
<bjc>nckx: in my patch i went with ‘mask’, because ‘mode’ doesn't make a lot of sense in this context. i thought about using individual slots ‘setgid-bit’ ‘setuid-bit’ ‘sticky-bit’, but felt that was too cumbersome, and anyone who needs to use the feature probably understands masks anyway
<nckx>viaken: Mind you, it might be shit, I've not used it.
<nckx>bjc: Why wouldn't it make sense? To me, it's just another inversion the user has to first perform.
<nckx>s/it/mode/, s/it/mask/, s/igh.
<bjc>the ‘x’ is implied, and everything is ‘-w’, so you can't set arbitrary modes. masks are easily composed, though
<nckx>Well, nonsensical masks are silently (and correctly) ignored vs. nonsensical modes which would error out, so that's true. I'm not convinced but we can discuss that another time 😉
<viaken>nftables-service-type, too
<nckx>OK mister modern space-age man.
<bjc>i'm not married to it, but if not masks i'd just go with individual slots, because they're always going to be correct (and, frankly, sticky-bit doesn't make sense either, so it's just 2 slots)
<viaken>You just pass file-likes to them as rulesets. Could be worse. :)
<viaken>pass rulesets as file-likes*
<nckx>bjc: That's what I was planning to do after double-checking it covered all (sane) use cases!
<nckx>We'll see.
<nckx>I have a 1259-line file with a ‘)’ missing ‘somewhere’ (thank you Guile) that I have to go babysit.
<juli>wait can irc still go to matrix?
<viaken>Until the 11th:
<juli>does anyone know how to build a gcc-toolchain that uses musl? i'm doing some testing of some code with a friend and they're running musl Void
<juli>at the commandline i should clarify
<nckx>This channel is (all #guix* channels are) bridged to Matrix and will remain so after the 11th.
<twilken>Heya! I hope this is alright to ask here: I'm vaguely considering getting a Framework laptop (a 13" one, AMD CPU, not the new 16" model). Does anyone have experience with running Guix System on it? Is there anything to look out for? Does it run fine with the default Linux-libre kernel in Guix and without nonfree stuff?
<vagrantc>the built-in wifi requires non-free firmware
<juli>wait i'm silly there's make-gcc-toolchain exposed by (gnu packages commencement)
<vagrantc>but presumably swappable with another if you can find it
<vagrantc>twilken: or rather ... the wifi module ... it is not built-in ...
<vagrantc>twilken: might also have bluetooth on it, if that matters...
<bjc>as a general issue: guix doesn't get cpu microcode updates, and amd cpus have a serious bug on linux that can leak secret keys even from javascript
<vagrantc>oh yeah. heh. mine is an intel based one.
<vagrantc>full disclosure, i have not run Guix System on it yet.
<bjc>honestly, the lack of microcode updates on any platform is pretty bad. amd just drew the short straw this time
<vagrantc>it is a tricky, thorny issue ...
<bjc>i agree. it deserves more nuance than it currently gets
<vagrantc>e.g. microcode can fix nasty things, it could also introduce them, and without being able to review the code ...
<bjc>yep. we live in a terrible world
<vagrantc>though my understanding there were at least partial mitigations in software for the zenbleed cpu flaws
<bjc>iirc it relates to the way linux uses avx to speed up crypto. openbds isn't vulnerable because it uses “normal” cpu instructions
<bjc>so it might be fixed by the kernel? but i'd bet they're just going to tell you to update your microcode and keep the optimizations
<twilken>Thanks vagrantc and bjc! Oh yes, you're right about the microcode, that's a very good point. There seem to be multiple wifi modules around (Intel AX210 and AMD RZ616), I'll have to take a closer look...
<t400[m]><twilken> "Heya! I hope this is alright..." <- Hey, I’m thinking of putting Guix on my intel framework 13, from what I can tell it needs the nonfree kernel for things like Bluetooth but I do not have a ton of knowledge of Linux and stuff. Here’s a blog post from the framework community post you might be interested in:
<t400[m]>The main thing holding me back is that I need to be able to do android development on the system and I have no clue if I can rely on the Android Studio flatpak version.
<bjc>imho, if you need a dev environment that guix doesn't easily provide, you can encapsulate it in a container running a more mainstream distro
<twilken>Oh lovely, thanks t400! I must've missed that when searching
<bjc>that's what i did even when i was on a mainstream distro, just to keep things isolated
<futurile>evening Guix people and bots
<vagrantc>twilken: very few wifi modules work with linux-libre
<t400[m]>Because of Guix’s reproducibility I would really love to get a group of framework users together and hack on a stable reproducible build of guix for framework devices.
<vagrantc>i would really like to do more reproducible builds work on guix in general ... kind of back-burnered that lately...
<t400[m]>bjc: Is there anywhere I can read more about this? I didn’t know such a thing was possible besides running VM’s
<bjc>guix supports docker and podman, which you can use to install a vanilla base distro and add what you need to it
<bjc>it supports lxd, too, for that matter, which is easier to understand from a sysadmin viewpoint, imho
<bjc>fwiw, before containers existed, i did the same thing with vms; it was just more heavyweight. the day-to-day interaction was basically identical, though: mount a shared directory with the project files (so i wouldn't have to worry about it if i needed to re-create the vm), and use emacs+tramp to do development
<t400[m]>Neat, I’m wondering how well I/O and stuff would work between docker and the USB ports and local network because I need to pair w physical devices to test.
<t400[m]>I’m sure people have figured out nice ways of doing that though.
<bjc>that can be more of a pain, but possible
<bjc>i haven't used docker to act as the host for my embedded work, but i used systemd-nspawn to do it
<bjc>i'm pretty sure you can make docker do the same things, but i have no experience with it
<t400[m]>Does guix do anything that might interfere with a flatpak? Because im actually testing the intellij IDEA on fedora right now and it’s working great.
<t400[m]>I know that it’s connecting to a Java runtime somehow but not sure if it’s because I have a “regular” version of intellij already downloaded or if it’s all bundled in the flatpak.
<lilyp>not really, as long as you keep running your flatpaks with --user
<bjc>i don't even pass the ‘--user’ flag
<RavenJoad>nckx: The blog post does include the final guile-package.scm file with these edits, but the inline code does not reflect the changes made to enable using a project as a channel.
<Vieta[m]>I did not update my guix pkg since 46 days and my update ( on guix does work (it says that the hash of mine is not the hash of ). Do you have a solution for it?
<Vieta[m]> * I did not update my guix pkg since 46 days and my update ( on guix does work (it says that the hash of mine is not the hash of ). Do you have a solution for it? (Would be happy to have the solution as a documentation)
<Vieta[m]> * I did not update my guix pkg since 46 days and my update ( on guix does work (it says that the hash of mine is not the hash of ). Do you have a solution for it? I Would be happy to have the solution as a documentation when the solution excist
<Vieta[m]> * I did not update my guix pkg since 46 days and my update ( on guix does work (it says that the hash of mine is not matched with the hash of ). Do you have a solution for it? I Would be happy to have the solution as a documentation when the solution excist
<nckx>Hi Vieta[m]. Each tiny edit sends a new message to IRC, so no need to fix typos, we get your drift.
<Vieta[m]> * I did not update my guix pkg since 46 days and my update ( on guix does work (it says that the taf of mine is not matched with the tag of ). Do you have a solution for it? I Would be happy to have the solution as a documentation when the solution excist
<nckx>…please ☺
<nckx>Could you share the exact error message? I'm not sure what you mean by hash/tag(?)/…
<nckx>RavenJoad: I'll take a look. Thanks.
<Vieta[m]>Oh, I forgot that it is bridged XD. Sry. here is my Message again: I did not update my guix pkg since 46 days and my update ( on guix does work (it says that the taf of mine is not matched with the tag of ). Do you have a solution for it? I Would be happy to have the solution as a documentation when the solution excist
<nckx>By ‘exact error message’ I meant what Guix prints. Sorry if I was unclear.
<nckx>You can send it as a Matrix message. The bridge *will* do the right thing there. It just handles edits very poorly.
<Vieta[m]>I ran it again. I can give you the message in few min.
<nckx>There was a brief period where it was quite clever and created a sed-style s/foo/bar/ diff, but now it's gone back to sending 5(!) almost-identical copies of your original.
<Vieta[m]>In the mean time I can give you some warning outputs ```gnu/packages/video.scm:4610:14: Warnung: no tags were found für subdl gefunden... (full message at <>)
<nckx>that looks like ‘guix refresh’ output.
<nckx>I'm confused as to what you are trying to do.
<nckx>You mentioned updating an old Guix and linked to documentation on ‘guix pull’.
<nckx>The two commands are very different.
<nckx>If you're familiar with apt: ‘guix pull’ is like ‘apt update’.
<Vieta[m]>here is from the guix pull Kanal „guix“ wird vom Git-Repository auf „“ aktualisiert …
<Vieta[m]>guix pull: Fehler: Git-Fehler: object not found - no match for id (182be30fb1a8b847c30492462ec22c08ec7a9849)
<nckx>OK, that's… different.
<nckx>Could you ‘rm -rf ~/.cache/guix/checkouts’ and try again?
<Vieta[m]>it works but not with "sudo -i "
<nckx>Did you remove root's cache too?
<nckx>That commit definitely exists upstream.
<nckx>(Why is it always my commits that do weird unrelated junk.)
<Vieta[m]>It does not work with sudo -i. I have remove ".cache/guix/checkouts/" from root
<nckx>I should have asked you to remove all of /root/.cache/guix, just to be sure.
<nckx>(Nothing there is valuable.)
<Vieta[m]>Ok looks good now
<nckx>Has anyone reported Shepherd hangs when running ‘herd status’ or ‘herd restart’? Because this VPS is having them.
<nckx>write(10, "(shepherd-command (version 0) (a"..., 105) = 105
<Vieta[m]>Thx I am uptodate now
<bdju>gajim is telling me I can't enable the omemo plugin because I'm missing python3-axlotl or using an outdated version. did something go wrong in an upgrade or is this on my end somehow?
<nckx>02/08/23 23:39:26 (E) gajim.p.omemo No module named 'axolotl'
<nckx>Despite it being installed. So I don't think it's a version mismatch unless the message is misleading.
<bdju>nckx: my swap is definitely working now, thanks again for the help with my config before
<bdju>so for axolotl do I need to install that manually or should gajim be pulling it in? I don't see it in my manifest so maybe I really don't have it. although omemo worked before. hm.
<nckx>Oh, I have an idea…
<nckx>ACTION install python.
<nckx>ACTION spell installs good.
<nckx>Yep, that worked.
<nckx>So, it seems the problem is two-fold: gajim-omemo requires python-axolotl, and should probably be wrapped with it (assuming that works—there might be some interaction with gajim proper that requires propagation), but even when python-axolotl is installed there's no GUIX_PYTHONPATH consumer by default. Installing python ‘fixed’ that for me.
<nckx>So if you want a ‘fix it now’ solution: guix install python{,-axolotl}
<nckx>bdju: You're welcome! I'm going to assume your swap file was previously sitting unused.
<bdju>probably the case, yeah
<nckx>gajim-omemo already propagates python-axolotl, so the issue is only the search path. However, IWBN to fix the latter *and* get rid of the former in one swoop.
<bdju>hmmm I installed python-axolotl and restart gajim but I still can't enable the omemo plugin
<nckx>Note the {}. You need python as well, it's what introduces the search path.
<nckx>And all four need to live in the same profile.
<bdju>well I assume I have python already
<nckx>Well, don't.
<nckx>(But do tell me if you do.)
<bdju>it's in my manifest file at least
<bdju>and python --version works
<nckx>That's not necessarily relevant.
<nckx>Let's back up: how did you ‘install python-axolotl’ above?
<nckx>And how did you install gajim and gajim-omemo, now we're at it?
<bdju>`guix install python-axolotl`, also threw it in my manifest for later
<nckx>Yeah, don't.
<bdju>and gajim and gajim-omemo are in my manifest
<bdju>so what should I be doing exactly?
<nckx>Just a sec.
<bdju>gonna go eat but will be back in a bit