gchristensen changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | 18.03 release managers: fpletz and vcunat
<aszlig> hrmpf... race conditions again...
<aszlig> as in the systemd tests i added with that commit
<aszlig> fortunately i can reproduce the keymap test failures
xeji has joined #nixos-dev
xeji has quit [Quit: WeeChat 2.0]
pxc has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 256 seconds]
pxc has joined #nixos-dev
pxc has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
pxc has joined #nixos-dev
pxc1 has joined #nixos-dev
pxc1 has quit [Ping timeout: 252 seconds]
pxc1 has joined #nixos-dev
pxc1 has quit [Ping timeout: 248 seconds]
<aszlig> dtz: regarding the TSS: this is a bit more complicated as the virtualbox code is layouted a bit "all over the place", so it's only a guess that the location is wrong here, need to investigate kernel memory dumps and compare it against the values found by virtualbox in order to confirm
<dtz> zomg eep
<dtz> yeah I've never had a good time exploring that codebase
<dtz> you're a hero <3
<aszlig> the check however results in a guru meditation, but after some time digging i found out that the check correctly fails, because the memory dump of that clearly doesn't look like the TSS
<aszlig> at least like in the intel arch software dev manual
<aszlig> (and the more i read in these manuals the more i want to switch over to something like RISC-V)
<aszlig> dtz: well, the codebase is basically callback hell
pxc has quit [Ping timeout: 256 seconds]
<clever> is there a --option to disable remote build slaves?
<aszlig> clever: for nix 1.x or 2.x?
<clever> 2
<samueldr> thanks Mic92!
<aszlig> clever: there is --builders, but how did you set up remote building?
<clever> aszlig: normal /etc/nix/machines via nixos config
<clever> trying to opt-out without needing root
<clever> my old trick has just been `rm /etc/nix/machines`, nixos will repair that automatically
<aszlig> clever: ah, okay, that is basically populating the "builders" setting
<clever> so maybe nix-store --builders /dev/null or similar, but not sure if a normal user can modify that, i'll play with it later
<aszlig> nah
<aszlig> or maybe...
<aszlig> lemme check
pxc has joined #nixos-dev
jtojnar has joined #nixos-dev
<aszlig> clever: okay, it's only possible if the user is in trusted-users
<clever> ahh
<clever> ssh-auth-sock, what?
<clever> part of an obsolete src/download-via-ssh/download-via-ssh.cc i think
<aszlig> clever: this allowed to pass SSH_AUTH_SOCK to the old SSH substituter, not sure if it's still working
<clever> aszlig: the code right above your link, just causes it to silently ignore that config option, and git history says all other code is toast
<clever> aszlig: however, i have been wanting to implement a very similar thing, that will proxy the SSH_AUTH_SOCK session into the build sandbox, even over the remote-builder links
<aszlig> clever: you mean for something like fetchgit?
<clever> yeah
<clever> so the fetchgit can connect to the $SSH_AUTH_SOCK of the nix-build process, even if git is running on a remote machine
<aszlig> couldn't you use impureEnvVars for that?
<clever> that only works if the sandbox shares /tmp and isnt remote
<clever> and needs ugly socat hacks
<aszlig> mhm
<clever> because ssh-agent knows the uid is wrong, and actively rejects the git process
<clever> the connection must come from the right user, so nix-build has to initiate it
<aszlig> ah, that should still work, IIRC ssh-agent and gpg-agent have an option for that
<clever> then nix can route the bytes around
<aszlig> (to ignore the uid that is)
<clever> i didnt see an option for it in ssh-agent, and you still have the remote builder problems
<aszlig> ah, right... only gpg-agent has that
<aszlig> (just checked)
<clever> you could also add a more restricted mode, where nix-build will ask on stdio for ever host, so you know exactly when its happening and cant leak things
<aszlig> what do you mean by "ask on stdio"?
<clever> print a prompt on stderr, and wait for a yes/no on stdin
<aszlig> but yeah, i know these weird workarounds, (ab)using something like this by myself
<aszlig> something like this?
<clever> lol!
<aszlig> (in a less hacky way of course)
<clever> thats the most complex fixed-output function ive seen
<clever> that also reminds me, php has a built in web-server, that could also have been a simple option
<clever> wait, that has a whole QT GUI frontend? lol
yegortim1 has quit [Remote host closed the connection]
<clever> now your just getting obsene :P
<aszlig> clever: well, i'd be more relieved if humblebundle wouldn't use captchas and use proper oauth, so i can drop that crap
<aszlig> clever: that qt gui is for launching a qwebview and injecting javascript back into it, as said... ugly captchas
<clever> i see
<aszlig> but anyway... back to the topic: so some generalized interface for IPC between the builder process and the nix client?
<clever> i was thinking a channel that can proxy unix sockets from the build env back to a given path, connecting from the nix-build process
<clever> optionally with support to parse the agent protocol and confirm things
<aszlig> hmm... maybe some way of passing a socket fd?
<clever> that works for local, but not remote
pxc has quit [Ping timeout: 276 seconds]
<aszlig> that should also work for remote builds, you can do unix socket forwarding in SSH for example
<clever> aszlig: one minute
pxc has joined #nixos-dev
<aszlig> clever: yah, but you don't need that anymore with Nix 2.x, because you can simply use ssh:// and/or ssh-ng:// store-uris
<aszlig> so basically passing the fd would be on the client and it would be just part of the nix store protocol
<clever> aszlig: one issue though, is that the ssh agent forwarding, connects from the ssh client end, which is still running as root on the client side
<clever> aszlig: and you cant pass it an fd, because it has to connect() a new one for each query
<aszlig> hm, right
<clever> and rather then rely on ssh features, id choose to just mux things into the existing nix protocol
<clever> we already mix stdout/stderr and stuff in there
<aszlig> like adding something like -L/R for ssh?
<aszlig> s/for/in/
<clever> adding -R like options to nix itself
pie___ has joined #nixos-dev
pie__ has quit [Ping timeout: 256 seconds]
mbrgm has quit [Ping timeout: 240 seconds]
mbrgm has joined #nixos-dev
pxc has quit [Quit: WeeChat 2.0]
orivej has quit [Ping timeout: 256 seconds]
pxc1 has joined #nixos-dev
pxc1 has quit [Ping timeout: 256 seconds]
jtojnar has quit [Ping timeout: 256 seconds]
ma27 has joined #nixos-dev
ma27 has quit [Ping timeout: 245 seconds]
orivej has joined #nixos-dev
pie___ has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 255 seconds]
pie___ has joined #nixos-dev
mbrgm_ has joined #nixos-dev
mbrgm has quit [Read error: Connection reset by peer]
mbrgm_ is now known as mbrgm
jtojnar has joined #nixos-dev
taktoa has quit [Ping timeout: 260 seconds]
pie___ has quit [Ping timeout: 245 seconds]
__Sander__ has joined #nixos-dev
<genesis> https://github.com/NixOS/nixpkgs/pull/36343/files i wonder the real interest of let ... in , in this case
<genesis> should i use dontBuild to precise this are compiled binaries ?
risci has joined #nixos-dev
<risci> hi. is this the channel for nix related matters too?
<risci> or just nixos and nixpkgs
<risci> i am nixos user, and wanted to know if there is a roadmap for nix
davidlt_ has joined #nixos-dev
davidlt has quit [Ping timeout: 240 seconds]
<makefu> risci: i am not sure about the "next" roadmap as nix2 was just released. the roadmap for nixpkgs can be found at https://github.com/NixOS/nixpkgs/projects
pie_ has joined #nixos-dev
ciil has quit [Quit: leaving]
ciil has joined #nixos-dev
davidlt_ is now known as davidlt
<risci> thanks
<risci> i don't get it, why do we want overrides to the configuration? isn't that the state we wanted to avoid in the first place?
<aminechikhaoui> risci: also this might be interesting for you https://nixos.org/~eelco/talks/guix-feb-2018.pdf
<risci> @aminechikhaoui i see the slides 4 and 5 are conflicting? is it yes or no? Regardless i don't see any references to how these conclusions were reached. Sorry if i sound rude, i just want to injest this information quickly.
sphalerite has quit [Ping timeout: 276 seconds]
sphalerite_ has joined #nixos-dev
Lisanna_ has quit [Quit: Lisanna_]
pie_ has quit [Ping timeout: 255 seconds]
risci has left #nixos-dev [#nixos-dev]
romildo has joined #nixos-dev
orivej has joined #nixos-dev
Lisanna has joined #nixos-dev
Lisanna has quit [Ping timeout: 240 seconds]
<globin> __Sander__: I'm having an issue with node2nix where it replaces a dependency that requires ^3.2.1 with a version of 2.x, have you seen that before? it seems it's already wrong node-packages.nix although 3.2.1 is in there too
Lisanna has joined #nixos-dev
Lisanna has quit [Remote host closed the connection]
Lisanna has joined #nixos-dev
Lisanna has quit [Ping timeout: 268 seconds]
pie_ has joined #nixos-dev
<__Sander__> globin: hmm, that is not supposed to happen
pie_ has quit [Ping timeout: 256 seconds]
<shlevy> gchristensen: https://hydra.nixos.org/build/70465714 :(
<__Sander__> are you generating from a lock file or directly from a package.json file?
<shlevy> niksnut: Can I get whatever access would be needed to kill builds hanging in "sending inputs"?
<gchristensen> you'd need access to each box
<shlevy> Or access to a bastion ;)
<gchristensen> no... you'd still need access to each box...
<shlevy> Or an on-call pager trigger :P
<shlevy> I mean with keys on the bastion
<gchristensen> the horror
<gchristensen> fixed, shlevy
<shlevy> Thanks :)
<gchristensen> you can page me to get them fixed :)
<shlevy> Some day new glibc-2.27 builds will run :D
<globin> __Sander__: package.json currently
<__Sander__> globin: which version of node2nix are you using? the latest?
<__Sander__> 1.5.2
jtojnar has quit [Ping timeout: 256 seconds]
jtojnar has joined #nixos-dev
Jackneilll has joined #nixos-dev
Jackneill has quit [Ping timeout: 240 seconds]
pie_ has joined #nixos-dev
ma27 has joined #nixos-dev
<globin> __Sander__: yep
<__Sander__> globin: can you provide me a minimal package.json file with the same dependencies?
<__Sander__> then I can have a look at it
<globin> __Sander__: I'll try to narrow it down
pie_ has quit [Ping timeout: 240 seconds]
pie_ has joined #nixos-dev
romildo has quit [Quit: Leaving]
aminechikhaoui has quit [Ping timeout: 256 seconds]
aminechikhaoui has joined #nixos-dev
sphalerite_ is now known as sphalerite
sonarpulse has joined #nixos-dev
Synthetica has joined #nixos-dev
aminechikhaoui has quit [Ping timeout: 240 seconds]
sonarpulse has quit [Ping timeout: 240 seconds]
mbrgm has quit [Quit: ZNC 1.6.5 - http://znc.in]
mbrgm has joined #nixos-dev
aminechikhaoui has joined #nixos-dev
mbrgm has quit [Client Quit]
mbrgm has joined #nixos-dev
sonarpulse has joined #nixos-dev
mbrgm has quit [Quit: ZNC 1.6.5 - http://znc.in]
mbrgm has joined #nixos-dev
stqism has quit [Quit: Like 3 fire emojis lit rn 🔥🔥🔥]
stqism has joined #nixos-dev
sonarpulse has quit [Ping timeout: 256 seconds]
orivej has quit [Ping timeout: 256 seconds]
sonarpulse has joined #nixos-dev
Lisanna has joined #nixos-dev
<Dezgeg> there's a rather large merge conflict in pkgs/os-specific/linux/systemd/default.nix when merging master to staging, could somebody take a closer look who knows better?
__Sander__ has quit [Quit: Konversation terminated!]
jtojnar_ has joined #nixos-dev
jtojnar has quit [Ping timeout: 260 seconds]
jtojnar_ is now known as jtojnar
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
<dtz> looks like the worst of it is the reindent commit
<dtz> which makes everything impossible xD
<shlevy> the sin of plain text
sonarpulse has quit [Remote host closed the connection]
sonarpulse has joined #nixos-dev
Lisanna has quit [Remote host closed the connection]
contrapumpkin has quit [Quit: Textual IRC Client: www.textualapp.com]
orivej has joined #nixos-dev
cbarrett has quit [Ping timeout: 240 seconds]
cbarrett has joined #nixos-dev
pxc1 has joined #nixos-dev
pxc1 has quit [Client Quit]
pxc has joined #nixos-dev
alunduil has quit [Ping timeout: 268 seconds]
contrapumpkin has joined #nixos-dev
cstrahan has joined #nixos-dev
<sonarpulse> that commit
<sonarpulse> I did
<sonarpulse> sort of anticipating your changes
<sonarpulse> you should be familiar with it
<sonarpulse> with two env vars
<sonarpulse> we can add back the echoing in each hardening bash file
<sonarpulse> and also make unknown ones a hard error
<sonarpulse> as the nix should be checking it
romildo has joined #nixos-dev
<shlevy> Sonarpulse: I'm good with reverting isCross by the way
<sonarpulse> shlevy: cool thanks
<sonarpulse> and sorry for the inconvenience
<shlevy> Nah, you're right, I was wrong :D
<shlevy> Sonarpulse: Do you know when you might get started on the better mkDerivation?
<shlevy> I want to make sure I have my proposal ready before then
<sonarpulse> shlevy: no rush
<sonarpulse> for me there's lots of low hanging fruit
<shlevy> OK
<shlevy> Cool
<sonarpulse> like fix the meta
<shlevy> Yeah
<sonarpulse> remove the cross adapter
<sonarpulse> do optionalDep
<sonarpulse> etc
<shlevy> Yeah
<shlevy> By the way
<shlevy> gccCrossStageStatic
<shlevy> Is so annoying
<sonarpulse> yes
<sonarpulse> really want to fix gcc
<shlevy> Just let me build libgcc_s and libstdc++ separately
<sonarpulse> to do that
<sonarpulse> see, rebuilds suck :)
<shlevy> Oh, I didn't run into it due to rebuilds
<sonarpulse> well, it's conceptually a rebuild
<sonarpulse> of gcc itself
<sonarpulse> v annoying
<shlevy> Right
<shlevy> I mean
<shlevy> I'm kind of tempted to just do make gcc or whatever
<shlevy> Then save the build and source dirs in $screwyougcc output
<sonarpulse> hahaha yeah
<shlevy> And then do a full make after glibc
<shlevy> But yeah, this should be doable in gcc itself
<sonarpulse> cding into the library directory first
<sonarpulse> like i did with the lib bfd derivation
<shlevy> Also... What's the point of building multitarget binutils if we can't build gas separately?
<sonarpulse> ought to work
<shlevy> Seems like pointlessly big builds if we're not going to actually share between targets
<sonarpulse> shlevy: basically be a TODO
<sonarpulse> / easter egg for anyone doing bianary analysis
<shlevy> Ah :)
<sonarpulse> / found some bugs we would have hit
<sonarpulse> that orivej kindly fixed
<shlevy> Why is bfd a separate derivation by the way?
<sonarpulse> some libraries needed it
<sonarpulse> and screwy stuff with the outputs
<shlevy> I mean why not just build it with binutils?
<shlevy> Ah
<sonarpulse> ah and also platform specific stuff
<sonarpulse> easier if binutils is just binaries
<sonarpulse> and binutils mashup on darwin is also just binaries
<shlevy> Mm
<shlevy> dtz: By the way, have you tried targeting darwin with the musl stuff?
<dtz> no, don't think it supports non-darwin :(. I did poke at cross-darwin from linux previously, though. Got lost and saved it all in a branch of debugging madness somewhere :D
<dtz> *non-linux
<dtz> hehe
<shlevy> It = the support in nixpkgs, or musl itself?
MichaelRaskin has joined #nixos-dev
xeji has joined #nixos-dev
<dtz> musl itself
<shlevy> Damn
<shlevy> For some reason I was under the impression it worked for darwin :'(
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-dev
jtojnar_ has joined #nixos-dev
romildo has quit [Quit: Leaving]
jtojnar has quit [Ping timeout: 252 seconds]
jtojnar_ is now known as jtojnar
<sonarpulse> shlevy: I'm making some guile fixes btw
<sonarpulse> like I mentioned above
<sonarpulse> to get rid of last build input
<shlevy> OK
<sonarpulse> shlevy: does guile have meaningful target platform?
<sonarpulse> or is it interpreter-y enough that it is always current platform
<shlevy> It's always runtime platform
<sonarpulse> ok
xeji has quit [Quit: WeeChat 2.0]
aszlig_ has joined #nixos-dev
aszlig has quit [Quit: leaving]
aszlig_ has quit [Client Quit]
aszlig has joined #nixos-dev
aszlig has quit [Client Quit]
aszlig has joined #nixos-dev
aszlig has quit [Quit: leaving]
aszlig has joined #nixos-dev
aszlig has quit [Client Quit]
aszlig has joined #nixos-dev
taktoa has joined #nixos-dev
aszlig has quit [Quit: leaving]
aszlig has joined #nixos-dev