IRC channel logs
2026-04-22.log
back to list of logs
<ham5urg>I installed xfce via /etc/config.scm but when I lock the screen (even with deactivated xfce-screensaver) I can't unlock. It's flickering as if two mechanisms are fighting for the lock. Moving mouse powers on the monitor, showing the locked desktop for a second. And it get blanked out again. <dajole>I need to copy some files from the store to `/srv/http`. If I want to do this declaratively, is a service the right tool? I suppose perhaps somewhat similar to etc-service-type? <folaht>dajole, why do you need to copy files from the store to /srv/http? <dajole>It's for serving a website. If I point nginx to the package source this works fine, but certbot needs to write to the directory for provisioning ssl certs. <dajole>That's why I thought I'd copy the files, but perhaps there is a more elegant solution? <folaht>dajole, no idea, I'm still just a newbie when it comes to guix. I think most experts are asleep right now until 8 hours from now. <dajole>It does seem like something like this is assumed. E.g. Nginx has `root (default: "/srv/http")` <folaht>Yeah, the one thing I've learned so far is that guix likes to use store item paths instead of the traditional linux ones. <folaht>And it likes to use services. From what package is certbot? <folaht>dajole, What does your nginx service configuration look like? <dajole>The nginx config is basically what's in the docs just with `(root foo-package)`. <ham5urg>folaht, I forgot to add (service xfce-desktop-service-type) <ham5urg>still I got a problem, when I suspend via the suspend-button (in the upper right corner, username->suspend) a legitimate window pops up. is a polkit rule needed? <folaht>ham5urg, alright. I'll check if I have the same issue, since I use xfce as well, but I'll have to change my config.scm myself of an issue I have been struggling with. <folaht>ham5urg, can you screenshot your problem? <ciod>Hey all, probably a quick and simple question, but is it possible to have my guix home embedded somewhere in my system config so that when I do a `guix system reconfigure` or a `guix deploy`, I will also make sure my newest home is also configured at the same time? <ciod>Also just want to say thanks if any of the contributors are in the chat. Really enjoying my time experiementing and learning about guix <ciod>dajole: That is exactly what I was looking for, not sure how I missed that! <dajole>Also, just in case anyone stumbles across these IRC logs in the future, you can define an nginx-location-configuration to point to e.g. /var/www for the certbot challenge and still keep the general root to the package source. <dajole>It's mentioned in the certbot-configuration default-location docs as well. <folaht>ham5urg, I never used the suspend button before. <folaht>I'm gonna try it out. What do you mean by legitimate window popping up? <ham5urg>folaht, I believe it is not the suspend button but the missing rights for suspending or wifi querying etc. <folaht>So when you suspend and get out of suspension, a window pops up? <ham5urg>e.g. when I scan for wifi-networks a window pops out and ask for the password. <ham5urg>which is called by polkit-mate-authentication-agent-1 <ham5urg>which is called by polkit-mate-authentication-agent-1 <ham5urg>does a service exist to allow "such things" to be able for the common user and not just root? <folaht>ham5urg, I have no such issues about being asked for the password, so I assume a yes <folaht>I'll check if I had this issue. I vaguely remember having an issue like this. <switchy>I have polkit-wheel-service, but I also added a specific rule to grant org.freedesktop.NetworkManager.* to users in netdev <switchy>combination of those two gets me power and network management as my (somewhat privileged) user <folaht>ham5urg, what does your .bash_profile look like? <folaht>ham5urg, okay, well that's not it then. But I feel like when I first started using guix two months ago I had the same issue as yours. Many programs would be asking for my password. <folaht>And what I remember is having made changes in ~/.bash_profile in one issue and I think /etc/config.scm in some others. <folaht>I actually see one module that have in /etc/config.scm that's not in yours, but I still don't get what they do or where I could even find them in the manual <ham5urg>anybody added (service polkit-service-type) in config.scm? <folaht>I'll check, I do have (use-modules (gnu system accounts)) in my config.scm <folaht>ham5urg, no, I don't have polkit-service-type in my config.scm and I don't have your issue, which I might have had at first. <folaht>It's the only thing that seems to stand out from comparing our two config.scm files <folaht>In any case, the experts will probably wake up in a couple of hours. I'm gonna check out my own config.scm changes and then hit the sack <ieure>ham5urg, You generally don't need to add polkit-service-type, any service which needs polkit will extend it, which will create an instance of the service if there isn't one already. <ieure>ham5urg, example, if udisks-service-type gets added, it extends polkit-service-type, this will create the service if it's not already there, and add the udisks rules to it (whether it was there before or not). <ham5urg>ieure, I understand but what triggers xfce to ask for rights when suspending? e.g. org.freedesktop.policykit.exec and org.freedesktop.login1.suspend <ieure>ham5urg, No idea. You'd have to look at the polkit rules that come with XFCE. <ham5urg>why do I have this problem but it looks like nobody else does have such a problem with xfce? <ieure>Why do you think nobody else has the problem? <ham5urg>ieure: couldn't find any similar problems. I've found out that the problem is slim, when I use gdm it works <untrusem>folks, the file picker is not showing up for in any applications since last few pulls <apteryx>it currently works for you, e.g. M-x fj-list-issues in Guix? <untrusem>i get fj-repo-tl-entries: Symbol’s function definition is void: symbol-to-string <untrusem>codeberg was updates to forgejo v15 i think <danlitt>Hi! I'm trying to test some changes I made in a guix PR. It's for this issue https://codeberg.org/guix/guix/issues/7795 - I'm trying to run `guix style -S inputs` to check whether I fixed the relevant warning. I'm following the manual and got up to the point of running `make`, but I get thousands of errors in the documentation like this: <danlitt>contributing.de.texi:3468: @ref reference to nonexistent node `Translating Guix' <danlitt>contributing.de.texi:3472: @ref reference to nonexistent node `Running Guix Before It Is Installed' <danlitt>and so on. Does anyone know why that might happen? <apteryx>untrusem: re emacs-fj, is this using the one from guix? <untrusem>i was the one who updated it to 0.34 in guix :p <apteryx>the symbol-to-string bug is a fj.el bug fixed in a very recent commit <apteryx>maybe we can update it to latest commit <apteryx>latest 0.34 seems to be fine, you're probably running an older one <apteryx>I've tentatively added you as reviewer, feel free to remove yourself/let me know if you're not interested <janneke>or has anyone had any success with cadeberg-cli? <apteryx>it can create repo, issues and milestones, but not PRs, going from M-x fj- TAB <janneke>�ACTION tries berg pull create ... every so few months, without any success just yet� <janneke>guix show: error: agit: package not found <apteryx>the only catch with agit is that since it's not backed by real branch, you can't feed it to CI or QA, I think. <apteryx>nor can you easily collaborate if someone else should be able to fixup the PR <untrusem>thanosapollo, is working on a new frontend <jlicht>theesm: oh wow, you got reka working? If you need someone to test things, you can totally ping me :-) <theesm>untrusem: am currently in the process of wrapping the libreka cargo shenenigans into phases of emacs-reka so we would only have one package in the end (instead of two)... think it'll be ready to review later this week (hopefully!) <theesm>jlicht: yup, didn't do much with it yet (plan to use it on my pocket reform as it would be a good fit) <theesm>i'll ping you as soon as there's something to test <jlicht>for me it's the other way around; I'll (try to get) a pocket reform once I know I'll have a usable env for it :-) <theesm>that's the better approach! i mean it's already pretty good (have been daily driving it for a while now as my main computer) but there are still rough edges <untrusem>lavandula, it is a real branch, locally though <apteryx>untrusem: sorry for that, I forced push a fix <apteryx>hm, wait, that's the patch directly from the PR <apteryx>it won't apply since it targets the dev branch <jlicht>�ACTION accepts untrusem how they are � <janneke>�ACTION has a solid distrust for people who think they're smart, always right, hardly ever doubt� <civodul>janneke: fj.el is good for creating issues, replying, etc. <janneke>�ACTION must remember to read patches to the manual better� <folaht>But can you trust your own judgement if you think it's smart, right and solid to distrust people who think they're smart, always right, hardly ever doubt? <kestrelwx>danlitt: When I got these warnings I've redone `./bootstrap && ./configure && make`, so it's probably something about the doc artifacts. <ham5urg>is there a thunderbolt service out there? <folaht>ham5urg, do you have lightdm working? <folaht>ham5urg, why do you need a thunderbolt service? <folaht>Oh wait, I mix up thunderbolt with thunderbird <ham5urg>fohlat, not tried lightdm, I tried slim all the time but I did not succeed. slim does not invoke polkit and this breaks xfce afterwards. I switched to default (gdm) and it works for now. <ham5urg>fohlat, yes, my new machine has 2 tb5 controller, it's the reason I install guix as a desktop. <folaht>ham5urg, well I can only find one page talking about thunderbolt and guix, but you probably found that one already. <kestrelwx>folaht: To save you confusion Mozilla made an LLM client called 'Thunderbolt' themselves. :D <apteryx>uh, weird bug with console 50.0 in gnome; Ctrl-Shift-C some text, then paste in Emacs -> nothing <apteryx>the best feature of emacs-debbugs was getting the whole list of issues in one buffer, so that I could search using emacs ;-) <RavenJoad>I am noticing that libvirt's "virtual machine manager" takes a long time to connect to QEMU/KVM, usually several seconds (5-15). Is that true for other people? <Hamled_>I've seen it take that long as well, yes <RavenJoad>Ok, so it's not just me. Does anyone have any idea why? <janneke>yelninei: ./pre-inst-env guix weather --system=x86_64-gnu has been giving me 0.0% substitutes available (5 out of 23,235) for well over a month now, any idea what's going on? <janneke>you've been making a lot of progress and i'd really like to see the results of that? <yelninei>janneke: gcc-cross-boot0 keeps getting killed on ci (i think because it hits the daily reboot at midnight) <janneke>yelninei: ow...crap; i thought that had been addressed <janneke>the prevent-childhurds-to-hang mechanism has turned against us! <civodul>yelninei: oh yes, and i tried building it manually on one of these machines and got the exact same problem: offloading stops prematurely <civodul>could be a bug in guile-ssh, but i’m skeptical because we’d be seeing it elsewhere <yelninei>it could get killed because of memory exhaustion (I saw the same error recently for all the llvm things). I increaed my memory to 6Gibs <bjc>you need 8gb to compille gcc on hurd64 <bjc>i've tried with less and it always fails <janneke>ah, if it goes into swapping (do childhurds have swap configured at all?) it would prolly come to a standsti <yelninei>I have been recompiling gcc's/gdcs at least 10 times the last few weeks and had no issues with 6 so far <yelninei>how much do the build machines have and how much of that can be moved to qemu? <bjc>6 might work, i can't remember. 4 definitely did not, though <bjc>i wouldn't rely on swap for this either. compiling gcc already takes many hours without it <yelninei>maybe thats because of the -M q35? because i had no issues with 3.5 gb last year (but more than that was broken) <bjc>i can't imagine why q35 would change that, let alone so much <efraim>which version of gcc? I've just built gcc-final on powerpc and it has 4gb total between ram and swap <yelninei>i tested glibc patches etc with that setup (long before there was an option in the childhurd service) <yelninei>efraim: gcc-cross-boot0 (the initial one built with the bootstrap gcc) <efraim>is it still 1 core for the hurd? I'm trying to think why it would suddenly need more ram <efraim>i feel like I know so little about the hurd <efraim>I assume there's no ramdisk for /tmp <efraim>if it compiles with the -pipe flag then it uses more ram but is faster than tempfiles <danlitt>hey, I'm preparing my first MR against guix in codeberg - I've forked the repo, but I can't push to my fork because I also set up the hook to run guix git authenticate. I guess my commits should be signed, and I can see instructions for authorizing my signing key (in my fork), but I figure I should not do that since that makes another commit (which should not go into guix). Should I just disable guix git authenticate in my fork, or somethi <gabber>danlitt: have you checked out the keyring branch and pulled that? <yelninei>The mig change could also increase the needed memory by changing alignment of 64bit types to 8 (instead of 1) <ieure>danlitt, You must disable it in your fork. <danlitt>gabber: yes (but I haven't modified it) <ieure>danlitt, Commits from contributors are signed by the committer who pushes them. You're welcome to sign your commits as a contributor, but it's not required. <efraim>off the top of my head I don't think changing the alignment from 1 to 8 should be enough to use multiple more GB of ram when compiling GCC. I will note that gcc-14 is massive though <efraim>I'm wandering back off for a bit. I'd check what the default machine type is for qemu-system-x86_64 or possibly if an older version of qemu worked better, pointing to a regression. but now I'm really just guessing <bjc>the q35 option is so you can address more than 4gb of ram, iirc, so it's (currently) necessary <bjc>and yes, hurd is 1 core <yelninei>efraim: Thats for all the mach rpcs in the background. So maybe gcc itself is more or less the same but the background is increased but still gigabytes is a bit much <bjc>the stuff that kills it is the genfsa steps <bjc>i think some of the automata are just huge <lavandula>untrustem: that doesn't help with collaboration and CI though, does it? <rogerfarrell>Any guesses as to why module-ref would intermittently fail on '(guix scripts weather)? <rogerfarrell>The big picture is that I want to use substitutes-oracle to check for subsitutes programatically. <gabber>rogerfarrell: is there an error message? <rogerfarrell>scheme@(guix-user)> (module-ref (resolve-module '(guix scripts weather) #f #f) 'substitute-oracle) <rogerfarrell>No variable named substitute-oracle in #<directory (guix scripts weather) 7f1a3783a960> <rogerfarrell>scheme@(guix-user)> (module-ref (resolve-module '(guix scripts weather)) 'call-with-progress-reporter) <rogerfarrell>$11 = #<procedure call-with-progress-reporter (reporter proc)> <rogerfarrell>I have tried with and without optional args for resolve-module. <RavenJoad>rogerfarrell: Just to double-check does (@@ (guix scripts weather) substitute-oracle) work? <rogerfarrell>Hm. I am in over my head. Do you all have a way to find the latest commit with substitues for a given channel? I would like to update my channels.scm accordingly. <ieure>rogerfarrell, "For a given channel" doesn't make sense in the formulation of your question, as substitutes are not directly tied to channels. Any channel is likely to have some things which there aren't substitutes for; if that's your metric, the question is pretty unanswerable. <ieure>rogerfarrell, My usual approach here is to pull, reconfigure, and if I see big stuff building, stop the process and try again in a few hours. <gabber>rogerfarrell: i do the same as ieure, usually <gabber>or: i do it first on my beefy machine, check out the same commits with my other machines and wait until the beefy one builds and provides the substitutes for the others <rogerfarrell>I meant for a package/channel pair on the current system. <untrusem>pull commits 12 hours older that master :P <untrusem>>untrustem: that doesn't help with collaboration and CI though, does it? <rogerfarrell>Sorry. Work call. I am looking at setting up auto-updates for a machine that will be used by a non-programmer. I would like it to be fairly hands-off. (Though, I will be around to fix issues.) <ieure>rogerfarrell, There was a script posted on (I believe) guix-devel recently that did some stuff to get atomic updates, that might be helpful. I don't think you have to be a programmer to use Guix effectively, but it's definitely not the distro I'd choose for, say, my non-technical high school student to do their homework on. <dajole>How do y'all deal with secrets in your configs under version control? Import them from a separate, not version-controlled module? Use SOPS? <ieure>dajole, My private keys are on a hardware token, so I can safely slop my GPG private keyring into version control, as it just has a pointer to the ID of the token and some metadata. <RavenJoad>For me, secrets are provisioned by hand. For example, each machine to add to my wireguard network needs to have the keys provisioned by me manually. <ieure>Yeah, for systems that I offload builds from, I manually put the key in the right place in /etc. <dajole>"so I can safely slop my GPG private keyring into version control" how does that look like? I also use a hardware key for gpg, so I'm intrigued. <ieure>dajole, Literally `cd ~/projects/dotfiles; mv .gnupg files/; git add files/gnupg && git commit -myolo' <ieure>Plus Guix Home configuration to copy stuff back from the repo into ~/.gnupg. <ieure>A consequence of this setup is that all keyrings are read-only, modifying anything requires setting GNUPGHOME to ~/projects/dotfiles/files/gnupg and fixing up permissions, editing, committing, and reconfiguring. <ieure>My keyring changes infrequently, so while this is pretty silly, it's a rare enough silliness that I don't mind it. <dajole>yeah, it seems like a lot of security stuff is about the different trade-offs you make. <ieure>Yes, definitely. The most secure system is one which is unusable for any purpose. <rogerfarrell>ieure, How do you handle services that point to secret files? Are you hard-coding the filepaths in your configs? <ieure>rogerfarrell, The only one I have is the offload service, and yes, I point it to the path on disk where I drop the key.