IRC channel logs
2026-07-03.log
back to list of logs
<eikcaz>I just got a hash mismatch on a git-checkout build. How is that even possible? <eikcaz>I point to a repo and clone to a specific commit. Seems pretty deterministic to me... <vagrantc>there is no network in between you and the repository you are cloning from? :) <eikcaz>it clones, fails to find the commit, then pulls the full git, checks out the commit (it reports that I'm in a detatched head, so seems like that succeeds), then complains that the hash doesn't match <eikcaz>I have existing builds on other machines that built getting that hash. Let me try and rebuild from another machine (I'll gc it and try again locally) <eikcaz>gah, "guix build -S -f package.scm" gives the same output as "guix build -f package.scm"? I suspect the issue comes from guix inferior. <jmes>Has anyone had trouble with starting the wireguard shepherd service recently? I'm getting an invoke-error for wg-quick up. Maybe something changed in the upstream configuration that I'm not aware of? <folaht>Hey, I need to resize my vm, where can I find virt-resize? <switchy>folaht: I think it's in guestfs-tools which I'm not sure is packaged yet? <folaht>switchy, yeah, well I found my solution by starting the VM in recovery mode and then resize the disk there. <csantosb>I'm running a "sudo -i guix pull" right now <csantosb>test202020: can you share the error log ? <ngz>Hello. I just guix pulled and tried to restart guix-daemon (on a Foreign distribution, using the unpriviledged daemon). I now get the following error: Failed to start guix-daemon.service: Transaction order is cyclic. See system logs for details. There is apparently an issue with gnu-store.mount/start. How can I fix this? <qzdl>even double time-machine cannot mitigate <csantosb>Haskell people, is a `guix refresh -u ghc-PACKAGE` enough to upgrade the package ? something else is needed ? <csantosb>test202020: No idea about the log error; you'd better of sending opening an issue. <MichaelGame_Dev>Hey all, I was going to run the guix install script on my current distro. With the security notice, should I let it enable substitute at the beginning? Would I have a ffresh daemon if I am running it this morning? <futurile-afk>MichaelGame_Dev: check where the guix daemon is coming from in your guix systemd file <futurile>MichaelGame_Dev: so if it's the root one, you can then guix pull that one to update it, then restart the guix daemon <MichaelGame_Dev>futurile I'm not even that far. I'm in the initial setup, just ran ./guix-install and it's asking me the initial set of questions. Current one is asking if I want to enable substitutes. <futurile>MichaelGame_Dev: ah OK, yeah so answer yes if you're willing to download binary packages from the guix servers. _After_ the install you'll need to do an immediate 'guix pull' (it will take a long time) to get up to the tip of the repo. <futurile>MichaelGame_Dev: up to you if you think you're sufficiently at risk due to the daemon issue. If you're not (a) particularly at risk of attack (b) on a shared network with a bunch of guix using jokers who would think it funny to backdoor you - then I would switch substitutes on and do the pull. <futurile>I honestly don't know how long it will take without substitutes as I always have them on <MichaelGame_Dev>Thanks, yeah that's my concern. I'm just getting an env spun up to look at it more and prepare an iso for a laptop. But felt like I'm in this weird in-between due to the timing. No other Guix servers on the LAN. <futurile>I think if you're not particularly at risk then the best thing is to get past the vulnerability as fast as possible. It's *kinda* similar when you initially install any distro - until you run "apt update" (or whatever) you have old security vulns. Not to downplay it <futurile>no worries, tell us how you go with preparing your ISO and stuff. Always interesting to hear how people's install experience is <MichaelGame_Dev>Will do. Beyond being able to write lisp over a language like Nix, the docs seem to be a big plus for Guix from what I've read in them. <futurile>if you have Nix experience it's actually very interesting, because quite a few of us don't, even though it's all part of the same thing. So ironically people ask me "how do you do X in guix compared to Y in Nix" and I never really know teh answer heh heh <MichaelGame_Dev>so no huge investment, I've just been looking at setups like nix/guix for a while primarily for my laptop to start then if I like it servers and maybe even my main machine. I'm mostly messing with some development stuff here, but more game dev, luckily my needs aren't crazy. So I think a system like nix/guix will do what I need and give me some <futurile>MichaelGame_Dev: yeah the most difficult part will probably be if you need any particular proprietary tooling from the gamedev world which I guess won't be packaged. There's a nix service in Guix, so sometimes that's a solve. Or commonly people will run flatpak for that part <MichaelGame_Dev>futurile yeah, what I use is just a zip you download and run, proprietary, but pretty easy to work with and I think I can create a manifest for any system stuff. Someone had posted a nix dev setup they used, it's pretty basic. I honestly wonder if I'll even need the manifest now, but we will see. <noxi>> people ask me "how do you do X in guix compared to Y in Nix" and I never really know teh answer heh heh <noxi>one thing I've come to envy from nix (possibly the only thing) is the nix flakes thing where you can pull someone else's configuration <noxi>i wonder if there's something planned like that for guix <noxi>anyways I didn't come for this at all- I'm using elogind-service-type and when I try to logout with loginctl, with any loginctl kill- or terminate- subcommand, nothing really happens, and in the syslog I get "Failed to execute /run/current-system/profile/bin/pkttyagent". So I assume polkit is supposed to be present in the profile <noxi>which leads me to two questions- why isn't '/run/current-system/profile/bin/pkttyagent' a path pointing directly to the store path, with polkit as a dependency of elogind, and the second one is what service is supposed to add the polkit package to your system? <Sneed1911>I'd have to trace through the source a bit more, but right away I see that elogind is found in desktop services, and polkit in dbus services. elogind calls polkit as a service extension. <Sneed1911>This is honestly one of the reasons why I just stick with %desktop-services, I rarely have time/want for mucking with dbus lol <sham1>Guix technically has everything you'd need for a flakes-like solution. You can pin your packages to a particular commit, and then you can get your packages from those pinned channels e.g. with inferiors. Really the only thing that flakes have over the current state of Guix is that flakes are self-contained in that you can have both your "inputs" (i.e. channels) and then your manifests etc. in the same file, unlike in Guix where they need to be in separate files. <sham1>Really all you'd need is to somehow separate the channel declaration from the channel locking -- so you could for example generate your glake.lock out of the glake.scm, which could have the same form as `guix describe -f channels` -- and then just make a CLI that can consume the glake.scm which could probably evaluate to some lambda or whatever producing your operating-system, home-environment, manifest, what have you <noxi>interesting, I had sort of an intuition that guix already has all "the right pieces" for this kind of thing. would there be interest? <jlicht>great stuff wrt the recent vulnerabilities <jlicht>as in, the fixes, explanation and reproduction script, not the vuln itself :') <futurile>noxi: yes, I think there's some interest in it. No-one has figured out the "interface" that would achieve the same results as Nix but in a guix way. <futurile>nice - I just boosted it on the guix account <sham1>I have thought about the idea of basically having something like `guix flake` (name pending) which would do the same thing as nix flakes. As implied, the technology wouldn't need all that much. It's really more about figuring out how to make it nice for users and integrate it into the existing guix ecosystem <futurile>sham1: if you're interested in implementing something, I'd encourage you to put the idea into guix devel mailing list and see what others think. There's often good feedback <sham1>The way that flakes work really take advantage of some of the things that the nix language has, for example the kind of "destructuring" of attribute lists they do for the parameter to the "output" function is one of these, because there you can just do `{ nixpkgs, ...}@inputs : foo` and not need to do an extra layer of define or let or whatever <sham1>futurile: maybe I should. Actually how active is the mailing list still, given that the development has moved to codeberg <futurile>sham1: pretty active for general discussion about ideas, policy and so forth. Codeberg may well get interest, but I think most people monitor teams - the flow's too much to follow the whole repo (I think) <futurile>either way, it would be a cool contribution <ryanprior>I have Guix installed via apt on a debian system. After yesterday's security advisory I tried to run guix pull as root, but it's failing. <gabber>ryanprior: how so? is there an error? <ryanprior>Running guix pull as my normal user succeeds. Any ideas? The error I'm getting is: <ryanprior>ERROR: In procedure %resolve-variable: error: spawn: unbound variable <csantosb>I got the same error as test202020 this morning, see !9686 <test202020>csantosb: hm, interesting. i not see permission denied warnings. i am not try sudo <csantosb>I don't think this relates to the bind mount of /gnu, but still; test202020 got the same this morning <csantosb>test202020: Try to `guix build --check hello` <csantosb>How did you get exactly the previous log ? <csantosb>No; when I run `guix build --check hello`, I get !9686 <test202020>long awarting dor compute-guix-derivation after jimctl warning give that error <test202020>before i upgrade my home profile? maybe or that new changes in repo <Nameless-user-fo>Hey there, I just installed guix system and I'm having a few configurations issues (not really bugs) and I'm wondering where I can ask questions and get advice on that kind of thing <test202020>Nameless-user-fo: here. But you can look at guix texinfo manuals too <Nameless-user-fo>Ok well I've already gone through the manual so I'll ask here. I have a guix system (fresh install) which I'm using with KDE. So I have an issue with the wifi where I can only connect using the command `nmcli con up "name" --ask`. This seems to be because I have an issue with how secrets are stored. I tried to use the KDE interface and it didn't <Nameless-user-fo>work, tried to save the passkey with nmcli directly and it didn't work either so I'm not exactly sure how I'm supposed to get it to work <jresich>hi guix, does anyone know what package contains `StatusNotifierItemQt5Config.cmake`? <csantosb>As for its synopsis, maybe "gnome-shell-extension-appindicator" <bdunahu>Nameless-user-fo: I don't use KDE, but it kind of sounds like a permission issue? I thought KDE was supposed to handle that, but can you save a configuration with `sudo nmtui` or something? <csantosb>jresich: Forget about, `fd . -t f $(guix build gnome-shell-extension-appindicator) | grep cmake` returns nothing <Nameless-user-fo>bdunahu: I tried the command went into my connection edited the password field to add the passkey but when i saved and went back the passkey wasn't there and when i tried to deconnect reconnect the nm didn't remember the passkey. So I think it's really a saving the passkey problem <old>is bordeaux down? Trying to pull and update system for the CVE but I just get an endless loop of: substitute: looking for substitutes on 'https://guix.bordeaux.inria.fr'... 0.0% <bdunahu>Nameless-user-fo: so if this is a fresh install, have you yet run `guix pull` and then reconfigured? <Nameless-user-fo>bdunahu: nope not yet. That might've been the first i should've tried though <bdunahu>I would pull and reconfigure, restart, and then try again, and then open an issue on codeberg if it's still broken since it sounds like a bug to me <csantosb>Substitutes from recent commits are not available <sham1>Everyone is panic-pulling me thinks <bdunahu>is pulling a bad idea right now? I was pulling for the patches <sham1>Yeah. It's not a bad idea per se, it's just that the servers might be taking beating for a bit <Nameless-user-fo>bdunahu: Ok thanks I'll try that later if the servers are struggling atm <csantosb>Not related to the daemon itself, or latest update. <csantosb>I guess that systemd scripts are unable to umount /gnu/store correctly when the store is away <csantosb>Say a /etc/fstab with something like "/home/me/gnu /gnu none defaults,bind 0 0" <csantosb>On every update of the systemd service unit, when restarting, it fails to umount. That's it. <csantosb>That being said, keeping the store not directly under / is a huge benefit on remote servers, would be nice to handle it properly <graywolf>I am trying to update to address the CVEs, is it expected I see "Looking for substitutes..." messages even when I pass --no-substitutes flag to guix pull? <sneek>graywolf, you have 1 message! <sneek>graywolf, apteryx says: re git histogram algo, it made a world of differences when importing hundreds of node.js packages with 'guix import -i gnu/packages/node-xyz.scm npm-binary -r something'; the packages hunks would otherwise be intermingled. With the new -i switch for guix import I expect this would happen more. <graywolf>And, since despite my best efforts, I apparently did expose myself to these CVEs, is there a way to detect whether some "bad" substitute was downloaded? <RavenJoad>I am doing a system rebuild after pulling 2ish hours ago. My system rebuild fails with "guix/channels.scm:373:6: definition in expression context, where definitions are not allowed, in form (define cache (string-append cache-dir "/authentication/"))". <csantosb>You need to update as `sudo -i guix pull` <ryanprior>csantosb: directed at me? If so, that's what I'm doing. <csantosb>Ok; I see you have a "error: spawn: unbound variable" <ryanprior>>If you installed Guix on a foreign distro with guix-install.sh <ryanprior>Maybe I should remove it and re-install using the script? <csantosb>This is what usually do, I'm using the script <ryanprior>I tried uninstalling it using apt and then installing using the script, but it fails with "[1783109352.042]: [ FAIL ] Missing commands: newgidmap." <ryanprior>So, I'm going to want to run this with GUIX_ALLOW_OVERWRITE=1 I assume? <csantosb>Never tried; but I'd rather remove completely previous install <ryanprior>Is there a standard procedure for that? "apt-get remove --purge" only does so much. <csantosb>Don't forget to keep a manifest with your profiles / home config, etc., to redeploy it afterwards <csantosb>This depends on Debian package; you can give `guix-install.sh --uninstall` a try <ryanprior>After uninstalling the Guix deb, then installing using the script, then running `guix pull` (as root shell), I'm getting: guix pull: error: creating log file `/var/log/guix/drvs/b8//2cggd14k9d8k12kzga8spikk6zbs29-config.scm.drv.gz': Permission denied <ryanprior>I tried clearing out the whole /var/log/guix directory and creating a new one, no improvement <RavenJoad>My question would be: Who is the owner and do they have read/write permissions in that directory? Because despite that directory being owned by root on Guix system, I would expect the guixbuilderXX users to be the ones that actually write to that. <ryanprior>I can (as root) write to that exact path it's saying permission denied for, and read from it. I'm guessing the Guix daemon is using a different user. <ryanprior>How do I check? There's a user called guix-daemon, in group guix-daemon. Maybe I need to set guix-daemon group permission for /var/log/guix <csantosb>I did same install this morning on Alma Linux, I can check <csantosb>/var/log/guix is owned by guix-daemon:guix-daemon <csantosb>The install script takes cares of it all <RavenJoad>That makes sense. You probably just need to change the owner:group of the /var/log/guix directory (and its subdirectories), ryanprior. <ryanprior>Okay, I'm guessing that's another holdover from the previous install. Looks like I'm cooking now, for the time being <ryanprior>Aaaand done, guix pull succeeded for root. Now to run again as my regular user and do a little smoke testing. <ryanprior>Okay, as a smoke test I just reproduced the workflow from my recent Guix blog post, so I'd say I'm out of the woods now. Thanks for the support folks =D <csantosb>"Note: sudo guix runs your user’s guix command and not root’s, because sudo leaves PATH unchanged. " <ryanprior>csantosb: that has never been in question for me personally. <csantosb>This is why I always run `guix pull` as user, then `sudo -i guix pull` <ryanprior>From the beginning I've been careful to say "running as root" and not "running sudo guix pull," because I know you have to start a root login shell and run guix pull, which is what sudo -i guix pull does. <ryanprior>So not correcting you, just reassuring you that I'm on top of that particular detail :) <csantosb>Sure; for as much as `guix describe` and `sudo -i guix describe` provide the same commit, you're on rails <ieure>csantosb, You should not run `sudo guix pull'. <ieure>It isn't used for anything, it just wastes time/space/bandwidth. <graywolf>? Isn't it used for `guix shell' on root user? <ieure>It would be if you did that. What reason would you have for doing that, though? <graywolf>I want to run some program I do not have installed under root, so I often sudo to root and then use guix shell -C as the root user. <ieure>graywolf, `guix shell something -- sudo something'