orivej_ has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-aarch64
jtojnar has joined #nixos-aarch64
jtojnar has quit [Ping timeout: 260 seconds]
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 264 seconds]
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 265 seconds]
vcunat has joined #nixos-aarch64
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 265 seconds]
<arianvp> Question you probably know
orivej has joined #nixos-aarch64
<arianvp> so the ODROID XU4 has a custom fork of the kernel (like raspberry pi) that I want to use
<arianvp> So this first of all would involve creating a new linuxPackages package which is easy
<arianvp> but I also need to change the linux defconfig, which seems to depend on builtins.currentSystem
<arianvp> but that just poops our arm-v7l causing it to select the generic kernel
<arianvp> kernel defconfig* for armv7l
<arianvp> how does Nixos decide what ends up as `pkgs.stdenv.platform` basically and how can I steer that?
<arianvp> because that seems to contain all the custom kernels flags etc
orivej has quit [Ping timeout: 265 seconds]
<andi-> arianvp: lib/systems/platforms.nix ?
<arianvp> oh I guess I need to override pkgs.localSystem ?
<andi-> mhm
<andi-> lib/default.nix tries to extract that using lib/parse.ni
<andi-> x
<andi-> still trying to grasp what it is doing
<arianvp> It parses the uname format I think
<andi-> arianvp: ah, you just describe the system in lib/systems/platforms.nix and then the attributes like the cpu family are being matched
<andi-> see lib/systems/inspect.nix
<arianvp> aha, so I just need to make a "specific enough" description
<arianvp> and then it will match?
<andi-> maybe
<arianvp> but I don't get it. beaglebone and armv7l-hf-multiplatform have exactly the same description
<arianvp> I think for now I just need to manually override localSystem and select the system I Defined manually
<andi-> arianvp: the name is different ;-)
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 248 seconds]
<arianvp> Lol the USB3 not working turned out not to be a kernel issue
<arianvp> so no need for a custom kernel. woohoo
<arianvp> Some alcohol and a cotton swab did the job
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 240 seconds]
<andi-> finally some progress on the aarch64, gcj & kodi front: https://gist.githubusercontent.com/andir/bfdd1f87e4fbd95a17438b6ce93e8e1f/raw/978d55c63e3cac275e20832d2e8aae6211dc70e0/gistfile1.txt Any java experts here can tell me why it complains about a missing class (org.codehaus.groovy.reflection.ReflectionCache) after it was found?
<vcunat> I'm afraid Java experts are rare among Nixpkgs contributors.
<andi-> :D
<andi-> maybe that is even a good thing...
<andi-> imagine having to mirror maven..
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 276 seconds]
<vcunat> BTW, gcj is slowly dying apparently (removed upstream from gcc-7).
<andi-> i know
<andi-> but it is the only option to get a jre bootstrapped somehow :/
<andi-> i am not sure how the java people imagine bootstrapping for different archs..
<vcunat> Oh. I don't know that.
<andi-> the path I discovered so far is: gcj -> icedtea flavored openjdk6 -> openjdk7 -> openjdk8 ...
<andi-> icedtea for openjdk6 is no longer maintained.. so just matter of years before that dies out as well
<vcunat> On x86 Linux we use binaries from dropbox :-)
<andi-> yes.. i've been trying to get rid of them as well
<vcunat> I suppose bigger languages often do this - eventually relying on compilers written in the same language, and that makes them more difficult to bootstrap from other languages...
<andi-> yes, but look at go they at least try to stay bootstrappable from an earlier version + gcc
jtojnar has joined #nixos-aarch64
<vcunat> It does have advantages. Especially it isn't good when you only can bootstrap a compiler by the same compiler (vendor lock-in, kind of).
<vcunat> Maybe it would be worth to boostrap some platform-language pairs via cross-compilation from x86_64
<andi-> yep, but not like now with some images that can't really be reproduced
<gchristensen> it would be ideal to have some sort of docs on how to rebuild bootstraps
<arianvp> I'm really kind of surprised the bootstrapping story for java is so crappy
<arianvp> it being advertised first and foremost as "CROSS PLATFORM!"
<andi-> m(
<andi-> and it runs on a scary number of devices
<arianvp> There's a JRE in Intel ME!
<andi-> are you kidding me?!?
<arianvp> Nope. there's an entire java virtual machine in the ME
* andi- goes back to soldering transitors
<arianvp> Also, there's a java virtual machine in every gemalto smartcard
<andi-> that I know
<andi-> so someone ported a jre to minix...
<andi-> slightly off-topic: https://github.com/lgeek/spec_poc_arm
<gchristensen> NixOS on the ME
<arianvp> Remember that splash screen when you used to install Sun/Orcale Java?
<arianvp> "1.8 billion devices run Java!"
<arianvp> You think they took into account the ME ones?
<arianvp> :P
<andi-> i would prefer an ME that does for(;;) (*nullptr) = 0; in it's own address space...
<arianvp> tried me_cleaner?
<arianvp> it works on my motherboard (T430s) afaik
<andi-> should work on my machines but havent tried
<gchristensen> I'm not sure I "get" the ME
<gchristensen> I feel I should be able to do neat things with it
<andi-> well it used to be useful for things like remote locking, tracking of your devices
<arianvp> I actually used ME rather actively at work
<andi-> arianvp: you mean AMT?
<arianvp> yes AMT
<andi-> AMT I get
<andi-> ME I also do not really crasp yet
<gchristensen> a JTAG to my CPU? sounds like fun, honestly. I mean, a security nightmare evidently but sounds like something I could have fun with
<arianvp> Also used other goodies like TPM, BootGuard etc;
<andi-> that goes back to the topic of "owning" your hardware
<arianvp> So according to Intel. ME is "just" AMT, TPM + BootGuard + DRM
<andi-> mhm
<arianvp> which are all quite useful
<arianvp> but yeh there are also "features" like the fact that it is a network connected coprocessor with Ring -2 access
<andi-> I actually do not care about the ME that much.. I just hate it that there is virtually no option for a proper personal computer that doesn't run Intel foo
<gchristensen> arianvp: does that let you do things like iLO / DRAC but ... in the cPU?
<andi-> thats AMT
<andi-> power cycle, serial, maybe even remote screen/monitor and media (haven't checked that in a few years)
<andi-> btw. arianvp are you coming to FOSDEM this year?
<gchristensen> whoa
<gchristensen> I should look in to AMT :)
<andi-> gchristensen: keep in mind that AMT had the track record of accepting zero-byte length passwords
<andi-> gchristensen: they messed the strncmp parameter up
<gchristensen> then I should _definitely_ look in to AMT :)
<andi-> :D
orivej has joined #nixos-aarch64
orivej has quit [Ping timeout: 248 seconds]
orivej has joined #nixos-aarch64
<gchristensen> sphalerite, jtojnar, MoreTea, flokli: ping
<gchristensen> ...
<gchristensen> flokli: ping again
<jtojnar> ¿qué?
<gchristensen> jtojnar: I've written security guidelines about how to safely use the builder, can you read them and let me know when you've finished? I want to be sure everyone who already has access understands them: https://github.com/nix-community/aarch64-build-box#notes-on-security-and-safety
<andi-> grml.. running the RPi with maxJobs = 96 causes it to download 96 files at a time... causing OOM m(
<gchristensen> LOL :$
<andi-> and then it spends 30min in recovering itself..
<andi-> could power-cycle but that means moving..
<gchristensen> gotta get a networked power strip
<andi-> actually no, you just have to add a transitor to the reset pin
<gchristensen> Dezgeg: ping, too: I've written security guidelines about how to safely use the builder, can you read them and let me know when you've finished? I want to be sure everyone who already has access understands them: https://github.com/nix-community/aarch64-build-box#notes-on-security-and-safety
<andi-> that should work
<andi-> and a diode probably + an esp8266 thats somewhere here
orivej has quit [Ping timeout: 252 seconds]
orivej has joined #nixos-aarch64
<flokli> gchristensen: The guidelines look good for me.
<flokli> Thanks for writing this together :-)
<gchristensen> yeah :) I've been meaning to, I'd hate for someone to get hurt
<jtojnar> gchristensen: If I understand it correctly, the issue is just about aarch64 derivations? For example, I want to build a Pull Request to test it on my RPi but before another trusted user places a built output with a trojan horse into the store.
<jtojnar> Or can they somehow inject another x86_64 dependency and poison my local store that way?
<gchristensen> hmm
<jtojnar> I am not familiar with the low level Nix details yet
<gchristensen> I ... don't know
orivej has quit [Ping timeout: 256 seconds]
<gchristensen> let me ask around
<sphalerite> gchristensen: pong. Will read :)
<flokli> gchristensen: regarding the tracking aarch64-issue, do we already have a checklist what's missing?
<sphalerite> gchristensen: I don't think the bit about it requiring trusted-users is correct, I've built stuff through the daemon using the community box as a remote builder
<gchristensen> you are a trusted user, sphalerite
<andi-> thats exactly it, isn't it?
<gchristensen> you have to be trusted on the remote builder, and you are
<gchristensen> make sense, sphalerite?
<sphalerite> gchristensen: oooh I misread it then, I thought I needed to be in trusted-users locally to use it
* gchristensen will clarify
<gchristensen> updated, make more sense sphalerite?
<gchristensen> oops, not updated yet
<gchristensen> ok now updated
orivej has joined #nixos-aarch64
<sphalerite> Yep that's clearer :)
<gchristensen> good :D
<gchristensen> on one hand, the readme is getting a bit long.
<gchristensen> on the other hand, it is critical to know almost literally everything in it
orivej has quit [Ping timeout: 240 seconds]
<arianvp> andi-: yeh i'll be at FOSDEM
<arianvp> :)
<andi-> arianvp: nice, see you there then ;-)
<arianvp> will try not to outdrink myself during the pre-party this time ...
<arianvp> that damn delirium cafe
<arianvp> :)
<andi-> hrhr
<sphalerite> gchristensen: you can tick me off on the issue as well :)
<gchristensen> ah thank you :)
<gchristensen> there is something heart-warming and nostalgic about operating these little systems over serial
<Dezgeg> gchristensen: yup, read
orivej has joined #nixos-aarch64
<gchristensen> great, thanks!
<gchristensen> if anyone here is ready to make bootstrap images that are going to be used long-term, I can arrange for you to have access to a safe version of the remote builder for that purpose, for a short time
<Dezgeg> what do you mean by bootstrap?
<gchristensen> like bootstrap-tools that are used to bootstrap nixpkgs on the architecture
<gchristensen> or the bootstrap files for java
<Dezgeg> right, there is already a hydra job for bootstrap tools
<gchristensen> great
<Dezgeg> perhaps they should be hosted on nixos.org, btw :P
<gchristensen> I would like that
orivej has quit [Ping timeout: 264 seconds]
<gchristensen> true - do nothing, successfully
<LnL> aren’t they stored on tarballs.nixos.org?
<vcunat> java boostrap tools are on dropbox
<vcunat> (openjdk, I mean)
<sphalerite> Yeah... Feels nasty
<sphalerite> I guess there's not *really* anything wrong with it since we pin the contents, but it's still not nice
<Dezgeg> arm/aarch64 bootstraps are on nixos-arm.dezgeg.me
<gchristensen> w00t I got my odroid here netbooting by default, now to generate that image ..
<samueldr> \o/
<arianvp> nice
<arianvp> I'm typing this on my odroid now :)
<arianvp> what do you mean by generating an image? I just used the arm7l image
<samueldr> a netboot image I gues
<gchristensen> yeah, I like using netboot because it feels like magic
<gchristensen> I think I lied, I didn't get it working. it seems the setup is quite a bit more complex than I thought
<arianvp> fwiw
<arianvp> dnsmasq comes built in with an iPXE server
<gchristensen> I have a bunch of machines here booting with ipxe :)
grahamc has quit [*.net *.split]
vcunat has quit [Quit: Leaving.]
grahamc has joined #nixos-aarch64
* andi- is sufficiently annoyed by java
<andi-> I started re-using the debian jdk's now
<andi-> seems promising
<andi-> at least to create a "reproducible" chain of derivations to get a bootstrap output
<andi-> but now I am having fun with paxmark (still testing on x86) m(
<arianvp> gchristensen: do your USB3 ports work? They work on Ubuntu but not on Nixos for me. On odroid
<gchristensen> I haven't tried I stopped trying to boot it for a bit
<andi-> surprising how bad the single-thread xz performance on the community box is :/
<gchristensen> its only 2.0ghz
<andi-> yeah, but I mean more like it is 2-3x from what my ~3y old notebook takes
<andi-> but not complaining :D
<andi-> if this works out we have java on aarch64..
<gchristensen> nice :D
<andi-> for whatever reason
<arianvp> niiice
<gchristensen> might have other deficites
<gchristensen> like apparently the community builder is an in-order processor
<andi-> not pretty but we might get there
<andi-> mhm failed.. back to tinkering
<andi-> $ nix-shell -p file --run "file /nix/store/fkkks4rqkj6hm02v8f2vihn62kampvhh-openjdk-bootstrap/bin/java"
<andi-> /nix/store/fkkks4rqkj6hm02v8f2vihn62kampvhh-openjdk-bootstrap/bin/java: ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=8cdf33b24fffd2050ca46065a725c8f94354d0ec, stripped
<andi-> but "No such file or directory"
<gchristensen> the interpreter is wrong
<andi-> ah
<andi-> shouldn't have patchelf --set-interpreter ${glibc.out}... have fixed that?
<gchristensen> should :) but it didn't do it
<andi-> ok, so my assumtion is correct (at least)