IRC channel logs

<kkremitzki>Regarding the not-so-recent CVEs and the proof of concept script for the abstract socket vuln, I was able to bisect its reporting 'open' vs 'closed'. I was gonna follow up with my results on the Debian bug tracking the issue for the 1.4.0 package, but is there anywhere else I ought to post? Somewhere guix security specific?

<kkremitzki>If anyone's interested the bisect is on 4cf1acc7f30 + cherry-picked 71171538e12 + 1c78f71beb3 + a49536e3200 + 7f237f3e6ca

<bdju>I hit the issue again where my Sway session freezes, inputs aren't working, can't change to a TTY or anything, clock and everything visual stopped moving. Can still ssh in. Grabbed some log from dmesg: https://0x0.st/Ki3A.txt This seems to be happening approximately every 2 months, I think this was the third time. I had 57 days uptime. Rebooting fixes it, but I had to hold the power button in, the initial

<bdju>reboot command I did never completed successfully.

<bdju>I found IRC logs of me having the same issue last time on June 26th.

<bdju>I get the feeling this is one of those things that will never be solved, but I thought I would report it anyway.

<bdju>I was in the middle of trying to watch a movie when it happened, so am in a hurry to get back to that now, but if anyone has ideas, I'll check back here later.

<cqst>bdju: did you try killing sway?

<bdju>Yeah, I could kill it with `pkill -9 sway` to get to a TTY but then I couldn't start sway again, `exec sway` would hang and I'd have to pkill it again. Same every time.

<cqst>bdju: its better to go to upstream sway/wlroots then here

<cqst>it can also just be an unfortunate hardware issue

<cqst>next time it happens you could try starting X or another WM or try to kill with sway with less destructive signals

<untrusem>So I have one pull request opened to add a package, I want to open another one for a different package but in the same file, I think this would just update the already opened pull req, how can I make a pull req specifically for the new package??

<corvvs>How do I mount an external USB hard drive?

<untrusem>I can use a different branch, but wanted to use the agit workflow

<corvvs>Tried `sudo mount /dev/sdb1 /mnt` and it throws this error: "mount: /mnt: mount(2) system call failed: No such file or directory."

<corvvs>But /mnt exists!

<bdju>cqst: Well, I'm not sure if it's a Sway issue or not, the visual and input stuff is just the most obvious symptom.

<bdju>Honestly I assumed it was something funky with Guix System or linux-libre.

<cqst>bdju: sway is an entire wayland compositor and controls everything except the drm stack which is controlled by the kernel

<bdju>Yeah, I guess it does handle input stuff itself. Hm.

<cqst>mostly what linux-libre does is strip out firmware loaders responsible for loading non-free-firmware

<bdju>Not being able to change TTYs until I kill it over ssh is crazy, though. You really think that could just be Sway being locked up and not letting my inputs through?

<cqst>ive seen it when memory is low

<cqst>you can try using sysrq but I dont know if the default guix kernel has it enabled

<cqst>with X i used to set raw mode and switch to TTY when it locked up

<bdju>I think I've got earlyoom set up.

<bdju>Okay, thanks for the ideas. I'll note this down for when it inevitably happens again in 2 months, heh.

<bdju>I don't know if I even have another wm/compositor installed, so I guess I should also install a backup.

<cqst>bdju: what cpu do you have?

<bdju>i7-4710MQ, I'm using a ThinkPad T440p.

<bdju>I'm docked with a million things plugged in and treating it like a desktop, though.

<cqst>then linux libre shouldn't be a problem, its skylake and above that needs nff for the igpu

<cqst>i use a t480 w/ guix

<untrusem>cqst: same

<untrusem>though i have yet to remove the nonfree blobn

<cqst>t480 is very easy to libreboot

<cqst>well id say easy, dell e6400 is very easy

<Deltafire>bdju: i have the same issue, but using gnome instead of sway.

<Deltafire>I thought it could be a hw issue, but who knows

<Deltafire>Ati gfx

<bdju>Oh, that's interesting.

<bdju>I did also consider it being bad RAM in my case from some stuff I looked up, but I haven't been in the mood to do a memory test yet as it'd mean a lot of downtime, and I'm usually in the middle of stuff when the problem occurs.

<bdju>Any chance your hardware is similar to mine? Maybe we're using a drive in common and the kernel had a regression.

<bdju>Deltafire: ^

<Deltafire>bdju: will check tonight, im pretty sure its q gpu problem, maybe overheating

<Deltafire>bdju: this is what i get in dmesg when it locks up:

<Deltafire>2025-08-18 15:16:56 localhost linux: [26018.644681] radeon 0000:01:00.0: ring 0 stalled for more than 10020msec

<Deltafire>2025-08-18 15:16:56 localhost linux: [26018.644701] radeon 0000:01:00.0: GPU lockup (current fence id 0x00000000000bcbbe last fence id 0x00000000000bcbcc on ring 0)

<noe>Anyone else has this error? guix lint: warning: failed to get list of CVE vulnerabilities from 'https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2025.json.gz': 403 (Forbidden)

<noe>Seems like I’m blocked by a cloudflare filter

<Deltafire>yes, some other people mentioned that yesterday or the day before

<noe>I blame Trump for this

<noe>Is there another url we can use instead?

<bawbzw>hi all, is it a known issue that guix doesn't work as it says in the manual when installed on debian using official script?

<Rutherther>doesn't work... how?

<bawbzw>basically if i do a pull as normal user it doesn't update package list

<bawbzw>i think it has something to do with path but i thought it would work straight away

<Rutherther>so it didn't show you a warning when you pulled? Did you relog?

<bawbzw>there is a warning but i thought it was unrelated. I have to get back to you with details. I haven't tried a relog, I will look into it. Admittedly I haven't looked at the manual much. I installed guix first from apt, had the issue. After I installed it from official script even running with --uninstall first I had the same issue.

<Rutherther>this is normal, you have to source the ~/.config/guix/current/etc/profile. This is done by the shell profile scripts on login. I am pretty sure this is documented in the manual, and there should be a warning message about it printed when you pull.

<Rutherther>this of course has to be done only the first time, as there is no ~/.config/guix/current when logging in and as such, you cannot get the env vars

<bawbzw>ok I will look at it now, I did suspect it was something to do with path because I can install the application as user after pulling as root though I have to launch it manually from /gnu somewhere

<bawbzw>I had a look at /etc/profile/profile.d and there is guix.sh there already

<Rutherther>yes, it is part of the guix install script

<bawbzw>I don't get any errors on pull BTW just something about glibc-locales

<bawbzw>oh ok there is an error lol

<bawbzw>more specifically a hint

<abralek>Hi guix

<bawbzw>thanks Rutherther, application is coming up now after I add to path with the script in ~/.config/guix/current/etc/profile

<levenson>does anyone worked/think on guile-netlink to transpile netlink spec?

<ekaitz>levenson: not me, but hi! it's been a long time

<levenson>ekaitz: Hi! Yeah, true.

<jlicht>guix inferiors don't seem to respect flags like --fallback or --no-substitutes if those are used /w the 'superior' guix cli invocation, it seems

<jlicht>at least not in getting substitutes for the inferior itself AFAICT

<attila_lendvai>can i refer to the source of a package in a manifest? i want to keep it in a profile to protect it against guix gc. kinda like $(guix build --source ...) in a shell

<Rutherther>attila_lendvai: probably not directly, if it is a file, definitely not, because profiles don't support adding files, and if it is directory, then yes, but you probably don't want to have the root of the profile polluted with source. So better to make a gexp to symlink the source somewhere below output

<attila_lendvai>hrm... my ultimate goal is to keep it in the /gnu/store, and my current strategy is to `guix package --manifest=manifest.scm --profile=.guix-profile`. maybe there's a better way than this?

<attila_lendvai>i have a script that uses $(guix build --source llvm) and i want it to "work on the plane"...

<Rutherther>I don't know, I would probably choose that option as well as it seems most convenient if you already have a manifest for that project, to keep it in one place.

<Rutherther>like this for example https://paste.debian.net/1393042/, to symlink it to srcs/<source>, not directly under root by just putting the source to the manifest directly

<attila_lendvai>Rutherther, not sure i follow... this is the standard guix LLVM package. i need access to its source.

<attila_lendvai>ACTION looks

<Rutherther>attila_lendvai: You asked if there is a better option and I answered that I think the option you mentioned is fine and I can't think of better option, especially if you already use a manifest for the project

<attila_lendvai>Rutherther, this seems to work, thank you!

<hugohugo>If I try to do `./pre-inst-env guix shell python-urllib3` (4e2e5c71), it tries to rebuild quite a lot of things. E.g. about 10 different rust, that is not normal right?

<hugohugo>Think I figured it out, so that rebuild-everything situation was due to me making an innocent change to sanitize.py . That probably changes some signature of guix itself, so everything needs to be rebuild?

<hugohugo>gnu/packages/aux-files/python/sanity-check.py I meant

<hugohugo>That makes kinda sense, because if I would replace that file with `sys.exit(123)`, then indeed every Python package ever build becomes invalid

<hugohugo>I'll experiment by rewriting the sanity-check phase of only a few packages then, that might work

<redacted>Despite having apparently correct config, I'm having some mDNS problems.

<redacted>I've got a machine that switchs IPs from time to time

<redacted>When it does, `avahi-resolve -n <hostname>` shows the new IP, but `getent ahost <hostname>` gives the old IP

<redacted>And I can't connect via SSH anymore

<redacted>Two warnings in the avahi log

<redacted>"No NSS support for mDNS detected, consider installing nss-mdns!"

<redacted>And "Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended."

<redacted>I've got (name-service-switch %mdns-host-lookup-nss) and %desktop-services in the config

<redacted>Hmm, if nss-mdns really isn't there, it's not clear why mDNS would work in the first place.

<redacted>nscd --help gives these supported tables: passwd group hosts services netgroup

<redacted>Hmmmmmm

<redacted>Not even clear whether avahi *would* detect nss-mdns, since it extends nscd

<redacted>if it's checking the load path for libnss_mdns_minimal.so, it may not find that

<redacted>Looks like the service definition for nscd sets LD_LIBRARY_PATH for nscd, presumably for plugins. Maybe I need to check that

<redacted>wait, the nscd binary is in my home profile? That doesn't seem right.

<redacted>oh nscd is in the glibc package

<redacted>Looks like it might just be a caching problem. I'm not sure why the cache isn't updated.

<redacted>I turned up the debugging level and added a log file. Now I can't reproduce the problem.

<redacted>no wait I can but ssh is working anyway?

<redacted>what

<redacted>yeah the cache isn't updated

<redacted>zero docs on the avahi daemon. wooo

<redacted>aight, well, I guess I'll just invalidate the cache when this happens

<redacted>`sudo herd invalidate nscd hosts` for anybody searching for this topic later

IRC channel logs

2025-08-23.log