carlosdagos has joined #nix-darwin
philr has quit [Ping timeout: 246 seconds]
Lisanna has quit [Ping timeout: 252 seconds]
alexteves has quit [Remote host closed the connection]
trcc has joined #nix-darwin
trcc has quit [Remote host closed the connection]
trcc has joined #nix-darwin
hamishmack has joined #nix-darwin
periklis has joined #nix-darwin
hamishmack has quit [Ping timeout: 250 seconds]
periklis has quit [Remote host closed the connection]
periklis has joined #nix-darwin
hamishmack has joined #nix-darwin
jtojnar has quit [Ping timeout: 245 seconds]
jtojnar has joined #nix-darwin
__Sander__ has joined #nix-darwin
philr has joined #nix-darwin
alexteves has joined #nix-darwin
philr has quit [Quit: WeeChat 2.2]
TheAceOfHearts has joined #nix-darwin
trcc has quit [Remote host closed the connection]
trcc has joined #nix-darwin
trcc has quit [Read error: Connection reset by peer]
qyliss^work has quit [Quit: bye]
qyliss^work has joined #nix-darwin
periklis has quit [Ping timeout: 246 seconds]
carlosdagos has quit [Quit: Connection closed for inactivity]
zack_moe_ has joined #nix-darwin
__Sander__ has quit [Quit: Konversation terminated!]
periklis has joined #nix-darwin
periklis has quit [Ping timeout: 260 seconds]
philr has joined #nix-darwin
trcc has joined #nix-darwin
trcc has quit [Remote host closed the connection]
trcc has joined #nix-darwin
trcc has quit [Ping timeout: 240 seconds]
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nix-darwin
jtojnar has quit [Remote host closed the connection]
jtojnar has joined #nix-darwin
TheAceOfHearts has quit [Quit: TheAceOfHearts]
johnw_ is now known as johnw
<elvishjerricco> Hm. `sudo -i nix-channel --remove nixos` -> `libc++abi.dylib: terminating with uncaught exception of type nix::SysError: getting status of /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt: Operation not permitted`
<clever> elvishjerricco: try with `sudo -i` then `nix-channel --remove nixos`
<elvishjerricco> clever: Still no good
<clever> oh
<clever> its probably the nix-env bug
<elvishjerricco> I think it thinks this is a single-user install
<clever> put an older nix into PATH
<elvishjerricco> oh that might be it
<clever> nix-env cant manipulate a profile that had symlinks pointing to nothing
<elvishjerricco> Nope: `which nix-env` -> `/run/current-system/sw/bin/nix-env`
<clever> and nix-channel just calls nix-env behind the scenes
<clever> and the current nix has that bug
<clever> you have to pick an older nix
<elvishjerricco> Oh, whoops
<elvishjerricco> how much older?
<clever> not sure
<elvishjerricco> clever: Actually, no, the file it's complaining about does exist
<elvishjerricco> /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<clever> ls -l /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<elvishjerricco> -rw-r--r-- 1 root nixbld 271397 Dec 31 1969 /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
<elvishjerricco> And it has contents that root can read
<clever> not sure then
<elvishjerricco> Is there any reason nix-channel would be changing users? I can't think of any
<clever> same
<elvishjerricco> Does macOS have any equivalent of stroke I could use to track it down?
<elvishjerricco> strace*
<LnL> dtruss
<clever> opensnoop and execsnoop, as root, no args can work
<clever> the 2 i mentioned are scripts that call into dtruss i believe
<LnL> yeah, they just filter specific syscalls
<elvishjerricco> Huh. The command emits its errors and exits before dtruss begins printing anything
<clever> start dtruss seperately, in its own terminal
<LnL> apple made execsnoop very useful tho
zack_moe_ has quit [Quit: zack_moe_]
<elvishjerricco> How am I supposed to see the syscalls of nix-channel by spawning dtruss in another terminal?
TheAceOfHearts has joined #nix-darwin
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
TheAceOfHearts has quit [Remote host closed the connection]
TheAceOf_ has joined #nix-darwin
<clever> elvishjerricco: dtruss monitors every process on the machine
<clever> LnL: i think you have to reboot into recovery mode and disable some safeties
<LnL> yeah
TheAceOf_ is now known as TheAceOfHearts
<elvishjerricco> `sudo dtruss -n nix-channel -f |& grep ca-bundle` yields nothing :/
<elvishjerricco> Despite the error being: `libc++abi.dylib: terminating with uncaught exception of type nix::SysError: getting status of /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt: Operation not permitted`
<elvishjerricco> Of course, running `nix-channel --remove nixos` in another terminal
<clever> elvishjerricco: just `opensnoop` and no args
<elvishjerricco> clever: Absurd amounts of `dtrace: error on enabled probe ID 5 (ID 321: syscall::open:return): invalid user access in action #11 at DIF offset 24`
<{^_^}> https://github.com/NixOS/nixpkgs/pull/11 (by garbas, 6 years ago, closed): gimp 2.8
<clever> elvishjerricco: you have to reboot into recovery mode and disable some safeties
<elvishjerricco> clever: I didn't realize system integrity mode protections broke nix
<clever> i dont think it does
<clever> but it does break dtruss
<clever> which makes it difficult to debug nix
<elvishjerricco> Oh. So it has nothing to do with this nix-channel problem?
<clever> correct
<elvishjerricco> Oh, no I found the problem
<elvishjerricco> I accidentally imported a module with nix-darwin that turned on Nix sandboxing :P
<elvishjerricco> Which I guess breaks some stuff like nix-channel, but not actual nix building? Odd
<clever> sandboxing shouldnt break nix-env
<LnL> huh, that's disabled by default
<elvishjerricco> LnL: Yea it was one of my NixOS modules
<elvishjerricco> clever: Yea I'm surprised, but disabling sandboxing fixed it
<LnL> clever: it does with until 2.0.5 is released
<LnL> (or 2.1)
<elvishjerricco> Sounds like that'll be a good release :P Considering it also has the constant-memory stufc
<clever> that constant-memory stuff also breaks nix-copy-closure to remotes that lack it
<clever> i need to get around to filing na issue for that, lol
<elvishjerricco> Alright, that was an annoying little side quest :P
<elvishjerricco> Trying to get my nixops deployment working from macOS. Something was using an odd source of nixpkgs, so I was trying to eliminate channels as a suspect
<clever> you can just export NIX_PATH=nixpkgs=/path/to/something and it will ignore channels
<elvishjerricco> True. But the existence of the channels bothered me anyway :P
<elvishjerricco> Anyway, my problem turned out being something else entirely. I forgot to pass the system arguments to my nixpkgs-unstable import. Now I'm building a Linux VM!
<clever> yeah, thats a common issue
<clever> ive seen one user deploy mach-o binaries to a nixops box, then they obviously failed
<elvishjerricco> Ouch
<elvishjerricco> Is it possible to specify a key file in a ssh:// store URI?
<elvishjerricco> Was just looking there
<elvishjerricco> I think that's it
<LnL> I think so
<LnL> nix-build --builders 'ssh://foo?ssh-key=/tmp/foo_rsa x86_64-linux'
<clever> oh, remote-store, that would solve a bug i saw
<LnL> hmm?
<clever> finding...
<LnL> there's a ssh:// and ssh-ng:// if you didn't know that
<{^_^}> nix#2138 (by lheckemann, 16 weeks ago, open): chroot stores via SSH
<LnL> the second is a remote store implementation, this works for example
<LnL> nix-build --option store ssh-ng://foo
<clever> so, could i do `nix copy --to ssh-ng://mnt /nix/store/foo` to basically install nixos to a 100% blank drive?
<LnL> huh, how's that related to ssh?
<clever> copying the entire nixos build from a local machine, to a remote machine, and placing it in /mnt/nix/store on the remote machine
<clever> so i could boot into the livecd, then nixops deploy, under /mnt/
<LnL> no you can't configure the root I think
* clever experiments
<LnL> unless the remote end spawns a nix-daemon --stdio --store local?root=/mnt
<clever> const Setting<std::string> remoteStore{this, "", "remote-store", "URI of the store on the remote system"};
<LnL> huh, where did you find that?
<LnL> oh, that's not ssh-ng
<clever> [clever@amd-nixos:~]$ nix copy --to ssh://system76?remote-store=local?root=/home/clever/fakeroot/ /nix/store/188avy0j39h7iiw3y7fazgh7wk43diz1-hello-2.10
<clever> warning: unknown setting 'remote-store'
<LnL> I don't remember seeing that before, is it new?
<LnL> ah!
<clever> and it basically runs exactly what you said
<LnL> heh :p
<LnL> yeah, but the legacy one uses --serve --write instead of the same protocol that's used for client -> nix-daemon
<LnL> oh, fun fact
<LnL> the legacy-ssh protocol is v2 and the nix-daemon protocol is v1 :D
<clever> lol
<clever> LnL: and have you seen the command 9 unknown bug?
<clever> doctor? thats a new one
<LnL> yeah, working on something... :)
<LnL> that error sounds very familiar
<LnL> do you have any more context, can't remember
<clever> finding it
<clever> LnL: this adds a cmdAddToStoreNar command to the protocol
<clever> but it doesnt check if the remote end is new enough
<LnL> oh!
<clever> so if your versions mismatch, it just fails, claiming command 9 is unknown
<LnL> yeah I remember now
<clever> 2 people in #nixos and 1 person in iohk have run into this already
<clever> i need to file a bug for that
<clever> enless you want to beat me to it
<LnL> hmm, looks like it should be handled tho
<clever> oh, yeah, i do see the check...
<clever> maybe the protocol wasnt bumped?
<clever> but i see the bump in the same commit
<LnL> is this in 2.0.4?
<clever> oh, that should be > i think
<clever> i'm guessing its in nixos-unstable, for it to have hit 3 people already
<clever> heh, and i just reproduced it, sorta by accident
<LnL> oh right, probably >= 5 or > 4
<clever> system76 has 2.1pre6148_a4aac7f
<clever> i just built master (39f1722f364d7ce95717161cc283e96250c14643) to test remote-store
<clever> [clever@amd-nixos:~/apps/nix]$ ./result/bin/nix copy --to ssh://system76?remote-store=local?root=/home/clever/fakeroot/ /nix/store/188avy0j39h7iiw3y7fazgh7wk43diz1-hello-2.10
<clever> copying 2 pathserror: unknown serve command 9
<clever> but, now i can just test the fix, lol
<LnL> the current daemon protocol is 1.21 so that's probably it
<LnL> this is exactly one of the reasons I've been working on that new command :D
<LnL> there's currently no (nice) way to see what versions are used on both ends
hamishmack has joined #nix-darwin
<clever> LnL: i changed >= to > and re-rann ix-build
<clever> that does fix the error
<clever> and remote-store does work
<LnL> nice, pr that then :)
<LnL> I have a feeling 2.1 is pretty imminent
<{^_^}> nix#2383 (by cleverca22, 8 seconds ago, open): fix `error: unknown serve command 9`
<LnL> fixed my code to show the serve version of the local client instead for ssh:// https://gist.github.com/LnL7/f0dcba06365fca1f6ddb2f96e021377f
<clever> nice, and it looks like your mismatch should trigger the error
<clever> oh, should my pr be >4 or >=5 ?
<LnL> I think it's a bit easier to read
<clever> which one?
<LnL> 5
<clever> forced-pushed
TheAceOfHearts is now known as TheAceOfHearts_
TheAceOfHearts_ has quit [Quit: TheAceOfHearts_]