<Sonarpulse>
elvishjerricco: bionic libc includes the dynamic linker
<elvishjerricco>
Sonarpulse: Without going through the trouble of packaging non-prebuilt android right now :P
<Sonarpulse>
so I suppose we need to package taht
<Sonarpulse>
elvishjerricco: uh it's the best i got, sorry
obadz has joined #nixos-dev
<Sonarpulse>
you don't need to build compiler
<Sonarpulse>
or even all of bionic
<Sonarpulse>
you can build bionic with pre-built gcc
<elvishjerricco>
Sonarpulse: Theoretically, we'd rather have `bionic` packaged in with android non-prebuilt, and that would work?
<Sonarpulse>
elvishjerricco: I'd hope!
<elvishjerricco>
Sonarpulse: Interesting. What happens right now if you try to use `aarch64-unknown-linux-android` without `useAndroidPrebuilt`? Does it just fail?
mbrgm has quit [Ping timeout: 256 seconds]
<Sonarpulse>
elvishjerricco: it will built libc
<elvishjerricco>
Sonarpulse: Like glibc? Does glibc work on android?
<Sonarpulse>
elvishjerricco: sorry i meant it will built gcc
<Sonarpulse>
and then probably fail with glibc
mbrgm has joined #nixos-dev
<elvishjerricco>
Ah
<Sonarpulse>
i mean it might build glibc
<Sonarpulse>
but i wouldn't use that on android
<elvishjerricco>
... wait :P So it will try to build GCC, then might try to build glibc?
obadz has quit [Ping timeout: 240 seconds]
obadz has joined #nixos-dev
<Sonarpulse>
elvishjerricco: oh it will try
<Sonarpulse>
the question is does it succeed
<Sonarpulse>
("might build" as in "might succeed")
<elvishjerricco>
Sonarpulse: Heh fair enough. Is everything in the ndk open source?
<Sonarpulse>
elvishjerricco: the C bits I think
<Sonarpulse>
but I don't know
<elvishjerricco>
Sonarpulse: Alright. PR opened. Hopefully it helps someone :P
<Sonarpulse>
elvishjerricco: :)
<Sonarpulse>
LGTM!
contrapumpkin has joined #nixos-dev
orivej has joined #nixos-dev
coconnor has joined #nixos-dev
Lisanna has joined #nixos-dev
JosW has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
MichaelRaskin has quit [Quit: MichaelRaskin]
davidlt has joined #nixos-dev
goibhniu has joined #nixos-dev
taktoa has joined #nixos-dev
Lisanna has quit [Quit: Lisanna]
__Sander__ has joined #nixos-dev
davidlt has quit [Ping timeout: 240 seconds]
domenkozar has quit [Ping timeout: 265 seconds]
davidlt has joined #nixos-dev
Synthetica has joined #nixos-dev
andi- has quit [Ping timeout: 276 seconds]
orivej has joined #nixos-dev
taktoa has quit [Read error: Connection reset by peer]
<gchristensen>
niksnut: would you be opposed to importing nixos when evaluating the nixpkgs manual, in order to cross-link the nixpkgs to nixos manual? I'm not sure this is a good idea, but it could let the two manuals to exchange olink DBs
<gchristensen>
another thought is the crosslinks could be one-way to start, just nixos -> nixpkgs
andi- has joined #nixos-dev
Jackneilll has quit [Quit: Leaving]
<michaelpj>
crosslinks between the manuals would be *really* great
<gchristensen>
would one-way be a tolerable start?
Jackneill has joined #nixos-dev
Jackneill has quit [Remote host closed the connection]
<michaelpj>
oh yes
<michaelpj>
it would be super nice if we could link to the nix manual too, but obviously that's harder since it's in another repo
Jackneill has joined #nixos-dev
<gchristensen>
I figure before I forget the xsltproc flags I've learned, I should make hay while the sun is shining
<michaelpj>
I think two way links would also be desirable, partly just because people (e.g. newbie version of myself) frequently end up with the wrong manual, and it would be friendly to at least have a block at the top linking to the other manuals
<gchristensen>
yeah
<michaelpj>
and e.g. it makes sense to link the sections on overlays to each other nixos->nixpkgs "This exposes the mechanism described here", nixpkgs->nixos "This can be used in nixos like so"
<shlevy>
Sonarpulse: ping
taktoa has joined #nixos-dev
<shlevy>
Eehhh why are there 22k builds on trunk?
<shlevy>
Ah, openssl bump :|
<gchristensen>
yeah, hooray CVEs
<shlevy>
gchristensen: is straight-to-master the recommended workflow for this kind of thing?
<gchristensen>
yeah
<shlevy>
OK
<gchristensen>
too important to delay
<gchristensen>
so I think adding daemon support to the linux installer is pretty trivial ... the hardest part would be properly detecting it is supported maybe
ma27 has quit [Ping timeout: 246 seconds]
<shlevy>
And we were so close to staging be mergable :'(
<gchristensen>
so perhaps, then, the solution is to have two separate installers which can be selected, single-user and multi-user
<gchristensen>
well, there is a MR anyway ... why not merge it?
<gchristensen>
cancel the 22k, merge, reschedule
<shlevy>
systemd is broken on aarch64
<gchristensen>
check out the chat with abbradar in #nixos
<aminechikhaoui>
hehe, some people are still excited about centos *hides*
<shlevy>
aminechikhaoui: The idea is systemd-generic I think... But yeah this will be great for my team :)
<aminechikhaoui>
me too, something like that would be useful for our crappy on premise deployment server at work
<gchristensen>
it should work on pretty much anything with systemd
orivej has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
abbradar has joined #nixos-dev
<gchristensen>
but it is much easier to have a teeny tiny scope and expand from there
<gchristensen>
actually, I think it pretty much is cross-distro supportive already, since I'm not linking anything anywhere, just calling `systemctl link` / `systemctl enable`
<shlevy>
gchristensen: does systemctl link/enable work on NixOS?
<gchristensen>
lol no
<shlevy>
It should be possible in principle with /etc/systemd-mutable
<gchristensen>
nixos is definitely out of scope for this installer :P
<shlevy>
Oh, that's not part of the installer
<shlevy>
I'm just thinking in general we could make that working for systemctl
<shlevy>
not sure if we want to of course
<gchristensen>
ah right on
<shlevy>
gchristensen: Is your script worth careful code review before you dedup it?
<shlevy>
Lots of this looks familiar ;)
<gchristensen>
no it isn't worth review
jtojnar_ has joined #nixos-dev
<gchristensen>
just a place to write notes between commits
domenkozar has joined #nixos-dev
<shlevy>
Cool thanks
<niksnut>
gchristensen: no strong feelings on that, but I guess cross-links are already possible by referencing http://nixos.org/nixos/manual#id-bla?
jtojnar has quit [Ping timeout: 252 seconds]
jtojnar_ is now known as jtojnar
<shlevy>
Damn... hydra back to 120k. All andi-'s fault :P
<gchristensen>
thats true, and may be better. if we go with olinks, though, their validity is automatically checked
<gchristensen>
which may not be worth the effort. I'll maybe find out
<andi->
shlevy: the higher the better? :P
<gchristensen>
shlevy: you do get performance perks at 120k... so it isn't all bad
domenkozar is now known as dkozar
phreedom has quit [Quit: No Ping reply in 180 seconds.]
<Sonarpulse>
shlevy: pong
phreedom has joined #nixos-dev
<shlevy>
Sonarpulse: config.allowBroken makes enableIfAvailable change behavior :'(
<shlevy>
We have way overloaded the meta checks... I'm not sure how we can untangle this :|
<Sonarpulse>
shlevy: ah....shiit
<shlevy>
I know this would require significant changes... but I'mkind of tempted to say config.allowBroken is, well, broken
<Sonarpulse>
shlevy: hehe yeah that's a thing
<Sonarpulse>
also
<shlevy>
We should just have more permissive meta fields if it turns out that a lot of people need it
<Sonarpulse>
config.wouldBeAllowed
<Sonarpulse>
*meta.wouldBeAllowed
<shlevy>
and if you're actively hacking, then you should just mark unrboken locally
<shlevy>
Sonarpulse: That's in principle doable
<Sonarpulse>
yeah I say a) see if anyone complains b) do that
<shlevy>
Sonarpulse: But note that it means you have to run all the checks and merge them :D
<Sonarpulse>
well do people do allowBrokwn just for the eval time?
<Sonarpulse>
I see meta.wouldBeBroken not super changing things
<Sonarpulse>
hell we could do it just based off the platform not other things
<shlevy>
Grmp
<shlevy>
This is gonna be a process
phreedom has quit [Ping timeout: 268 seconds]
<Sonarpulse>
shlevy: well waiting for somebody else to complain can be a proxy for "does allowBroken correctness matter?"
<shlevy>
Someone di complain
<shlevy>
that's how I know :D
<Sonarpulse>
haha ok
<Sonarpulse>
oxij made meta.allowed
<Sonarpulse>
I wonder if they have an opinion
<shlevy>
I think this is an ML question
<shlevy>
Bah
<Sonarpulse>
sure
phreedom has joined #nixos-dev
phreedom has quit [Quit: No Ping reply in 180 seconds.]
<shlevy>
niksnut: So if I use copy-tarballs I don't need to change the actual fetchurl call right?
<Sonarpulse>
shlevy: is this a proper fix, or hacking around a cabal bug?
<shlevy>
Sonarpulse: Ask thoughtpolice :)
<Sonarpulse>
hehe fair
<shlevy>
IIUC it's a proper but not yet complete fix
<shlevy>
The not-yet-complete part isn't relevnt to Nix though, since we don't use multiple package dbs
<thoughtpolice>
Right, it doesn't handle sets of package DBs, only a single one. But previously it couldn't handle either case when this bug cropped up.
Synthetica has quit [Quit: Connection closed for inactivity]
<Sonarpulse>
thoughtpolice: ok cool. but just out of curiosity, is it *right* for cabal to compute this wrong?
<Sonarpulse>
should we even store it if both tools can compute on the fly?
__Sander__ has quit [Quit: Konversation terminated!]
<shlevy>
niksnut: I got "uploading ./D4159.diff to sha512/6bfed3352cdf0e0a088ecd72b068d63d26f23d10b6a9ec145a75cef3b4062e81f5fa9e898e7041b0147126348c23702b07ebd49d2ff6796815f61bcb7ecefcac...
<shlevy>
"
<shlevy>
But when I try that URL I get a 403
<shlevy>
and when I try to upload again I get told it's already mirrored
goibhniu has quit [Ping timeout: 248 seconds]
<thoughtpolice>
Sonarpulse: Well, that's what this patch fixes. Essentially. In short, abi-depends was kind of a misdesign, it depends on the tool registering the package to fill it out for a given package. Well, you can work yourself into situations where Cabal will use a cached abi-depends field for some package in the dependency set, rather than recomputing it. This results in a hash mismatch. The patch basically says "ghc-pkg will never look
<thoughtpolice>
at abi-depends written by Cabal, instead, if it needs the ABI hash for a dependent package, it will just go back and look it up in the package database itself"
<thoughtpolice>
IIRC
<thoughtpolice>
So in short, no it is not 'correct' that it's wrong of course, but yes, it should compute it on the fly instead, and that's what this makes it do.
<shlevy>
niksnut: Looks like copy-tarballs.pl doesn't set the object ACL right... trying it manually
<shlevy>
OK got it
<gchristensen>
hmm I think that is only the second thing in nixpkgs which doesn't have a "real" canonical URL
<gchristensen>
shlevy: only in that I've tested centos7 and am keeping my promises limited until I've tested more :)
<shlevy>
:)
<shlevy>
Fair
<Dezgeg>
wasn't there some PR for building RPMs and DEBs? maybe it'd make sense to have multi-user only there by default
<Dezgeg>
frankly the thought of running some shell scripts as root doing user and service management on all those random linux distros terrifies me :P
<shlevy>
It's not like we configure much
<gchristensen>
so ... I _think_ what I have already universally supports systemd systems
<shlevy>
Just give the init system an entry point
<gchristensen>
and I don't think we should work too hard to branch out yet
<shlevy>
Agreed
<shlevy>
Hopefully Nix 4.0 with "service" derivation types will be out before we have to care ;)
<dtz>
yeah, and I was also wondering re:the installer PR
<dtz>
lots of effort put into that, hopefully we can take advantage of it ^_^
<Dezgeg>
it's not the init system stuff that I worry but rather things like NIX_BUILD_GROUP_ID="30000"
jtojnar has joined #nixos-dev
<shlevy>
:'( github lack of rename detection
<shlevy>
Oh
<shlevy>
we should just switch to dynamic uids
<gchristensen>
Dezgeg: fwiw it is pretty careful around those UIDs
<Dezgeg>
I doubt Centos 7 supports such new things from systemd
<shlevy>
The core concept doesn't require systemd
* gchristensen
stops listening while he still has his sanity lol
<shlevy>
We *already* chown everything after the build anyway
<shlevy>
So the Nix version would be much simpler
<Dezgeg>
is there actually a need for the build users anymore with user namespaces?
<Dezgeg>
(probably would need code changes though)
<shlevy>
Hmm fair question
<shlevy>
Anyway at this pointI just throw up my hands and complain about lack of proper capabilities
<shlevy>
But I think niksnut was already looking at dynamic users...
<shlevy>
So the only problem with dynamic users on arbitrary POSIX is builds reading /etc/passwd
<Dezgeg>
you mean in non-sandboxed builds?
<shlevy>
Yeah
<shlevy>
Well, I guess on arbitrary POSIX if multiple things do the dynamic user dance you need some way to globally lock them... Ugh
<shlevy>
I wish systemd were less monolithic... a system daemon for allocating dynamic users would be great, and completely non-Linux specific except for the nss stuff
<gchristensen>
"warning: unable to download 'https://cache.nixos.org/pq7b5mwxqp3mfppf17lgga25kzym6kxd.narinfo': SSL peer certificate or SSH remote key was not OK (51); retrying in 293 ms" hrm. instead of scuttling the build on this, it should probably just decide to build it locally
<zybell_>
I had this great IDEA(tm):Hooks. That are directorys in which every user can drop scripts, which are called with 'su $(dropping user)'(no extra privs) in case of all possible events. I thought even about an sudo entry to run hooks to which root can suscribe. For updates,reboot ...
<zybell_>
One dir per event!
<shlevy>
Bah. This is why I hate plain-text. gchristensen going to have to wait until tomorrow to review your installer stuff, sorry!
<gchristensen>
no worries, it is a doozy
<gchristensen>
it just about drove me mad writing it
abbradar has quit [Remote host closed the connection]
MichaelRaskin has joined #nixos-dev
<zybell_>
I had this great IDEA(tm):Hooks. That are directorys in which every user can drop scripts, which are called with 'su $(dropping user)'(no extra privs) in case of all possible events. I thought even about an sudo entry to run hooks to which root can suscribe. For updates,reboot ...
<zybell_>
One dir per event!
<gchristensen>
we should be good now! thank you for your patience!
<dtz>
globin_: saw you posting about having a prototype for rust-musl w/Nix? Is that still around? :D
<zybell_>
I know;-) Therefore only correct perms will be ever executed. And that perms can't be set other than owner.
<zybell_>
All other is garbage.
<MichaelRaskin>
A typical failure mode for such a system is to forget symlinks exist
<MichaelRaskin>
(stat vs lstat)
<simpson>
zybell_: Okay then. Best of luck; I'll be happy to review your PR when it's ready.
goibhniu has joined #nixos-dev
<zybell_>
Symlinks caNt setuid.
<dtz>
lol not sure what is causing it but apparently lack of sandbox (?!) is causing error resulting in attempts to use dpkg-architecture?? lol o_O
<dtz>
I hope that's user error haha
<MichaelRaskin>
zybell_: why would I want to setuid?
<zybell_>
Only setuid proves owner correct.
<gchristensen>
this sounds fairly off topic for #nixos-dev
<simpson>
gchristensen: I figured that this was Yet Another User/Home Management Tool, and those are on-topic, right?
<gchristensen>
I think #nixos-dev's "mission" is to be a lower-volume channel about longer term nix ecosystem issues
<gchristensen>
I could be wrong about it being off-topic
<MichaelRaskin>
I never got the «longer-term» impression
davidlt_ has joined #nixos-dev
<gchristensen>
ah :) sorry
<MichaelRaskin>
In practice I had an impression that the distinction is more that everyone who speaks is expected to have experience writing nix expressions, and the questions are supposed to be about developing/extending Nix code or code for working with Nix.
<zybell_>
And I thought that a general mechanism of distributing events(going online/offline, changing config...) and asking for action (running update,changing runlevel/packages...)would be a long term development.
davidlt has quit [Ping timeout: 260 seconds]
<MichaelRaskin>
But I could also be wrong.
orivej has joined #nixos-dev
<MichaelRaskin>
zybell_: I think /run/user/ structure of a directory per user (writeable only for that user) should already be simpler to secure.
davidlt_ is now known as davidlt
<zybell_>
The idea is to let everybody interested in an event to subscribe to it. And that as early as possible in the boot process. Or as late in shutdown.
<MichaelRaskin>
Note that delaying shutdown might be a security risk
<simpson>
zybell_: systemd already advertises everything on dbus, doesn't it?
<simpson>
Not that dbus isn't a gaping security hole, but at least it's documented as such~
<zybell_>
Which may necessitate firing the events in background. But who is fast enough to catch them before the killall, who am I to deny the chance?
<MichaelRaskin>
Well, we all know how to hide from killall.
<MichaelRaskin>
FUSE forkbombs are nice
<zybell_>
DBus: I would target shell-scripts, but I can think of a 'dbus-started' event;-)
<zybell_>
Fuse doesn't work after rmmod fuse
<simpson>
zybell_: Well, what does your prototype do right now? Do you have code working with your local systemd yet?
<zybell_>
I try to pb sth
Jackneill has quit [Read error: Connection reset by peer]
jtojnar_ has quit [Remote host closed the connection]
davidlt has quit [Ping timeout: 246 seconds]
jtojnar has joined #nixos-dev
jtojnar has quit [Ping timeout: 240 seconds]
davidlt_ has quit [Ping timeout: 248 seconds]
jtojnar has joined #nixos-dev
<shlevy>
niksnut: Ah, nice!
<dtz>
is ubuntu 14.04 laughably too old for Nix?
<dtz>
the kernel is 4.2 which had me optimistic, but I'm encountering some error-- "permission denied" when trying to mount /proc -- which is not something I've seen before. Anyone know? :)
<dtz>
I see the release.nix has attributes for 1710 haha is that what's needed?
<thoughtpolice>
16.04 should work fine fwiw, we use it at $WORK.
<shlevy>
I should get an SVR4 port going
<dtz>
okay, ty thoughtpolice
coconnor has quit [Ping timeout: 276 seconds]
coconnor has joined #nixos-dev
coconnor has quit [Remote host closed the connection]