#nix-darwin on 2018-08-30

00:14 carlosdagos has joined #nix-darwin

00:30 philr has quit [Ping timeout: 246 seconds]

01:00 Lisanna has quit [Ping timeout: 252 seconds]

01:10 alexteves has quit [Remote host closed the connection]

05:53 trcc has joined #nix-darwin

05:53 trcc has quit [Remote host closed the connection]

05:54 trcc has joined #nix-darwin

06:08 hamishmack has joined #nix-darwin

06:10 periklis has joined #nix-darwin

06:13 hamishmack has quit [Ping timeout: 250 seconds]

06:52 periklis has quit [Remote host closed the connection]

06:57 periklis has joined #nix-darwin

07:03 hamishmack has joined #nix-darwin

08:37 jtojnar has quit [Ping timeout: 245 seconds]

08:41 jtojnar has joined #nix-darwin

08:50 __Sander__ has joined #nix-darwin

08:52 philr has joined #nix-darwin

09:54 alexteves has joined #nix-darwin

10:10 philr has quit [Quit: WeeChat 2.2]

11:41 TheAceOfHearts has joined #nix-darwin

12:31 trcc has quit [Remote host closed the connection]

12:32 trcc has joined #nix-darwin

12:33 trcc has quit [Read error: Connection reset by peer]

12:47 qyliss^work has quit [Quit: bye]

12:50 qyliss^work has joined #nix-darwin

12:54 periklis has quit [Ping timeout: 246 seconds]

14:21 carlosdagos has quit [Quit: Connection closed for inactivity]

16:06 zack_moe_ has joined #nix-darwin

16:29 __Sander__ has quit [Quit: Konversation terminated!]

17:46 periklis has joined #nix-darwin

18:04 periklis has quit [Ping timeout: 260 seconds]

19:17 philr has joined #nix-darwin

19:21 trcc has joined #nix-darwin

20:02 trcc has quit [Remote host closed the connection]

20:03 trcc has joined #nix-darwin

20:07 trcc has quit [Ping timeout: 240 seconds]

20:13 jtojnar has quit [Remote host closed the connection]

20:16 jtojnar has joined #nix-darwin

20:20 jtojnar has quit [Remote host closed the connection]

20:26 jtojnar has joined #nix-darwin

20:35 TheAceOfHearts has quit [Quit: TheAceOfHearts]

21:03 johnw_ is now known as johnw

21:41 <elvishjerricco> Hm. `sudo -i nix-channel --remove nixos` -> `libc++abi.dylib: terminating with uncaught exception of type nix::SysError: getting status of /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt: Operation not permitted`

21:41 <clever> elvishjerricco: try with `sudo -i` then `nix-channel --remove nixos`

21:41 <elvishjerricco> clever: Still no good

21:42 <clever> oh

21:42 <clever> its probably the nix-env bug

21:42 <elvishjerricco> I think it thinks this is a single-user install

21:42 <clever> put an older nix into PATH

21:42 <elvishjerricco> oh that might be it

21:42 <clever> nix-env cant manipulate a profile that had symlinks pointing to nothing

21:42 <elvishjerricco> Nope: `which nix-env` -> `/run/current-system/sw/bin/nix-env`

21:42 <clever> and nix-channel just calls nix-env behind the scenes

21:42 <clever> and the current nix has that bug

21:43 <clever> you have to pick an older nix

21:43 <elvishjerricco> Oh, whoops

21:43 <elvishjerricco> how much older?

21:43 <clever> not sure

21:44 <elvishjerricco> clever: Actually, no, the file it's complaining about does exist

21:44 <elvishjerricco> /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt

21:45 <clever> ls -l /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt

21:45 <elvishjerricco> -rw-r--r-- 1 root nixbld 271397 Dec 31 1969 /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt

21:46 <elvishjerricco> And it has contents that root can read

21:46 <clever> not sure then

21:46 <elvishjerricco> Is there any reason nix-channel would be changing users? I can't think of any

21:47 <clever> same

21:47 <elvishjerricco> Does macOS have any equivalent of stroke I could use to track it down?

21:47 <elvishjerricco> strace*

21:47 <LnL> dtruss

21:47 <clever> opensnoop and execsnoop, as root, no args can work

21:48 <clever> the 2 i mentioned are scripts that call into dtruss i believe

21:49 <LnL> yeah, they just filter specific syscalls

21:50 <elvishjerricco> Huh. The command emits its errors and exits before dtruss begins printing anything

21:51 <clever> start dtruss seperately, in its own terminal

21:51 <LnL> apple made execsnoop very useful tho

21:52 <LnL> https://gist.github.com/LnL7/f3902c2c06ffb95d42dede1d80255838

21:52 zack_moe_ has quit [Quit: zack_moe_]

21:55 <elvishjerricco> How am I supposed to see the syscalls of nix-channel by spawning dtruss in another terminal?

21:58 TheAceOfHearts has joined #nix-darwin

21:59 hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]

22:01 TheAceOfHearts has quit [Remote host closed the connection]

22:02 TheAceOf_ has joined #nix-darwin

22:03 <clever> elvishjerricco: dtruss monitors every process on the machine

22:04 <clever> LnL: i think you have to reboot into recovery mode and disable some safeties

22:04 <LnL> yeah

22:04 TheAceOf_ is now known as TheAceOfHearts

22:05 <elvishjerricco> `sudo dtruss -n nix-channel -f |& grep ca-bundle` yields nothing :/

22:05 <elvishjerricco> Despite the error being: `libc++abi.dylib: terminating with uncaught exception of type nix::SysError: getting status of /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt: Operation not permitted`

22:06 <elvishjerricco> Of course, running `nix-channel --remove nixos` in another terminal

22:07 <clever> elvishjerricco: just `opensnoop` and no args

22:07 <elvishjerricco> clever: Absurd amounts of `dtrace: error on enabled probe ID 5 (ID 321: syscall::open:return): invalid user access in action #11 at DIF offset 24`

22:07 <{^_^}> https://github.com/NixOS/nixpkgs/pull/11 (by garbas, 6 years ago, closed): gimp 2.8

22:08 <clever> elvishjerricco: you have to reboot into recovery mode and disable some safeties

22:08 <elvishjerricco> clever: I didn't realize system integrity mode protections broke nix

22:09 <clever> i dont think it does

22:09 <clever> but it does break dtruss

22:09 <clever> which makes it difficult to debug nix

22:09 <elvishjerricco> Oh. So it has nothing to do with this nix-channel problem?

22:10 <clever> correct

22:11 <elvishjerricco> Oh, no I found the problem

22:12 <elvishjerricco> I accidentally imported a module with nix-darwin that turned on Nix sandboxing :P

22:12 <elvishjerricco> Which I guess breaks some stuff like nix-channel, but not actual nix building? Odd

22:12 <clever> sandboxing shouldnt break nix-env

22:12 <LnL> huh, that's disabled by default

22:12 <elvishjerricco> LnL: Yea it was one of my NixOS modules

22:13 <elvishjerricco> clever: Yea I'm surprised, but disabling sandboxing fixed it

22:13 <LnL> clever: it does with until 2.0.5 is released

22:13 <LnL> (or 2.1)

22:13 <elvishjerricco> Sounds like that'll be a good release :P Considering it also has the constant-memory stufc

22:14 <clever> that constant-memory stuff also breaks nix-copy-closure to remotes that lack it

22:15 <clever> i need to get around to filing na issue for that, lol

22:20 <elvishjerricco> Alright, that was an annoying little side quest :P

22:21 <elvishjerricco> Trying to get my nixops deployment working from macOS. Something was using an odd source of nixpkgs, so I was trying to eliminate channels as a suspect

22:22 <clever> you can just export NIX_PATH=nixpkgs=/path/to/something and it will ignore channels

22:22 <elvishjerricco> True. But the existence of the channels bothered me anyway :P

22:23 <elvishjerricco> Anyway, my problem turned out being something else entirely. I forgot to pass the system arguments to my nixpkgs-unstable import. Now I'm building a Linux VM!

22:24 <clever> yeah, thats a common issue

22:24 <clever> ive seen one user deploy mach-o binaries to a nixops box, then they obviously failed

22:25 <elvishjerricco> Ouch

22:27 <elvishjerricco> Is it possible to specify a key file in a ssh:// store URI?

22:29 <clever> elvishjerricco: https://github.com/NixOS/nix/blob/master/src/libstore/ssh-store.cc#L17

22:29 <elvishjerricco> Was just looking there

22:29 <elvishjerricco> https://github.com/NixOS/nix/blob/master/src/libstore/legacy-ssh-store.cc#L17

22:29 <elvishjerricco> I think that's it

22:29 <LnL> I think so

22:30 <LnL> nix-build --builders 'ssh://foo?ssh-key=/tmp/foo_rsa x86_64-linux'

22:31 <clever> oh, remote-store, that would solve a bug i saw

22:31 <LnL> hmm?

22:31 <clever> finding...

22:31 <LnL> there's a ssh:// and ssh-ng:// if you didn't know that

22:31 <clever> https://github.com/NixOS/nix/issues/2138

22:31 <{^_^}> nix#2138 (by lheckemann, 16 weeks ago, open): chroot stores via SSH

22:32 <LnL> the second is a remote store implementation, this works for example

22:32 <LnL> nix-build --option store ssh-ng://foo

22:32 <clever> so, could i do `nix copy --to ssh-ng://mnt /nix/store/foo` to basically install nixos to a 100% blank drive?

22:33 <LnL> huh, how's that related to ssh?

22:33 <clever> copying the entire nixos build from a local machine, to a remote machine, and placing it in /mnt/nix/store on the remote machine

22:34 <clever> so i could boot into the livecd, then nixops deploy, under /mnt/

22:34 <LnL> no you can't configure the root I think

22:34 * clever experiments

22:34 <LnL> unless the remote end spawns a nix-daemon --stdio --store local?root=/mnt

22:34 <clever> const Setting<std::string> remoteStore{this, "", "remote-store", "URI of the store on the remote system"};

22:35 <LnL> huh, where did you find that?

22:35 <clever> https://github.com/NixOS/nix/blob/ed6c646f44e5b9e0fcbc53058491e97875a263c2/src/libstore/legacy-ssh-store.cc#L20

22:35 <LnL> oh, that's not ssh-ng

22:36 <clever> [clever@amd-nixos:~]$ nix copy --to ssh://system76?remote-store=local?root=/home/clever/fakeroot/ /nix/store/188avy0j39h7iiw3y7fazgh7wk43diz1-hello-2.10

22:36 <clever> warning: unknown setting 'remote-store'

22:36 <clever> https://github.com/NixOS/nix/commit/e268bbc05435d8121275136934a594fc70a73da9 27 days ago

22:36 <LnL> I don't remember seeing that before, is it new?

22:36 <LnL> ah!

22:36 <clever> and it basically runs exactly what you said

22:37 <LnL> heh :p

22:37 <LnL> yeah, but the legacy one uses --serve --write instead of the same protocol that's used for client -> nix-daemon

22:37 <LnL> oh, fun fact

22:38 <LnL> the legacy-ssh protocol is v2 and the nix-daemon protocol is v1 :D

22:38 <clever> lol

22:38 <clever> LnL: and have you seen the command 9 unknown bug?

22:38 <LnL> https://gist.github.com/LnL7/f0dcba06365fca1f6ddb2f96e021377f

22:39 <clever> doctor? thats a new one

22:39 <LnL> yeah, working on something... :)

22:39 <LnL> that error sounds very familiar

22:40 <LnL> do you have any more context, can't remember

22:40 <clever> finding it

22:42 <clever> LnL: https://github.com/NixOS/nix/commit/2825e05d21ecabc8b8524836baf0b9b05da993c6

22:42 <clever> LnL: this adds a cmdAddToStoreNar command to the protocol

22:42 <clever> but it doesnt check if the remote end is new enough

22:42 <LnL> oh!

22:42 <clever> so if your versions mismatch, it just fails, claiming command 9 is unknown

22:42 <LnL> yeah I remember now

22:43 <clever> 2 people in #nixos and 1 person in iohk have run into this already

22:43 <clever> i need to file a bug for that

22:43 <clever> enless you want to beat me to it

22:45 <LnL> hmm, looks like it should be handled tho

22:46 <clever> oh, yeah, i do see the check...

22:46 <clever> maybe the protocol wasnt bumped?

22:47 <clever> but i see the bump in the same commit

22:47 <LnL> don't think this is a typo https://github.com/NixOS/nix/commit/2825e05d21ecabc8b8524836baf0b9b05da993c6#diff-2995866b8ed2bbaf6f6fca267e021386R134

22:47 <LnL> is this in 2.0.4?

22:47 <clever> oh, that should be > i think

22:47 <clever> i'm guessing its in nixos-unstable, for it to have hit 3 people already

22:48 <clever> heh, and i just reproduced it, sorta by accident

22:48 <LnL> oh right, probably >= 5 or > 4

22:48 <clever> system76 has 2.1pre6148_a4aac7f

22:48 <clever> i just built master (39f1722f364d7ce95717161cc283e96250c14643) to test remote-store

22:48 <clever> [clever@amd-nixos:~/apps/nix]$ ./result/bin/nix copy --to ssh://system76?remote-store=local?root=/home/clever/fakeroot/ /nix/store/188avy0j39h7iiw3y7fazgh7wk43diz1-hello-2.10

22:48 <clever> copying 2 pathserror: unknown serve command 9

22:48 <clever> but, now i can just test the fix, lol

22:50 <LnL> https://github.com/NixOS/nix/blob/39f1722f364d7ce95717161cc283e96250c14643/src/libstore/remote-store.cc#L418

22:50 <LnL> the current daemon protocol is 1.21 so that's probably it

22:51 <LnL> this is exactly one of the reasons I've been working on that new command :D

22:52 <LnL> there's currently no (nice) way to see what versions are used on both ends

22:52 hamishmack has joined #nix-darwin

22:53 <clever> LnL: i changed >= to > and re-rann ix-build

22:55 <clever> that does fix the error

22:56 <clever> and remote-store does work

22:57 <LnL> nice, pr that then :)

22:58 <LnL> I have a feeling 2.1 is pretty imminent

23:01 <clever> https://github.com/NixOS/nix/pull/2383

23:01 <{^_^}> nix#2383 (by cleverca22, 8 seconds ago, open): fix `error: unknown serve command 9`

23:06 <LnL> fixed my code to show the serve version of the local client instead for ssh:// https://gist.github.com/LnL7/f0dcba06365fca1f6ddb2f96e021377f

23:07 <clever> nice, and it looks like your mismatch should trigger the error

23:07 <clever> oh, should my pr be >4 or >=5 ?

23:08 <LnL> I think it's a bit easier to read

23:09 <clever> which one?

23:09 <LnL> 5

23:10 <clever> forced-pushed

23:22 TheAceOfHearts is now known as TheAceOfHearts_

23:48 TheAceOfHearts_ has quit [Quit: TheAceOfHearts_]