00:00
<
gchristensen >
macs :(
01:29
lassulus_ has joined #nixos-dev
01:31
lassulus has quit [Ping timeout: 252 seconds]
01:31
lassulus_ is now known as lassulus
01:40
orivej has quit [Ping timeout: 240 seconds]
02:28
sir_guy_carleton has joined #nixos-dev
03:19
phreedom_ has joined #nixos-dev
03:19
phreedom has quit [Ping timeout: 256 seconds]
04:04
Sonarpulse has joined #nixos-dev
04:40
sir_guy_carleton has quit [Quit: WeeChat 2.0]
04:43
Sonarpulse has quit [Quit: Leaving]
07:59
<
LnL >
niksnut: I think I found another bug with upgrade-nix :/
08:01
<
LnL >
canonPath(profileDir) fails for relative symlinks, error: not an absolute path: 'profile-2-link'
08:03
<
niksnut >
LnL: urgh
08:04
<
LnL >
oh wait, you don't get there in the good case
08:05
<
LnL >
still a bug, but not as bad as I initially thought
08:15
makefu has joined #nixos-dev
09:06
orivej has joined #nixos-dev
09:10
orivej has quit [Ping timeout: 240 seconds]
09:18
<
domenkozar >
hey, could someone proofread new weekly?
09:19
<
domenkozar >
should be on preview in a few seconds
09:19
<
makefu >
sure, i can have a quick look
09:21
<
makefu >
domenkozar: i think it is 'the nix ecosystem docs'
09:21
orivej has joined #nixos-dev
09:21
<
domenkozar >
the title barely fits on my extra-wide lcd :P
09:22
<
sphalerite >
is " There is nothing impossible to they who will try." a specific quote? Sounds rather awkward
09:23
<
domenkozar >
it was "Him" originally
09:23
<
domenkozar >
by alexander the great
09:24
<
makefu >
not sure about "artefact" vs "artifcat"
09:24
<
sphalerite >
domenkozar: maybe "those" or "them" in that case :)
09:24
<
domenkozar >
makefu: well british vs US english
09:24
<
domenkozar >
I left it as original author intended
09:25
<
domenkozar >
sphalerite: good point, that's balkan english :-)
09:25
<
makefu >
but it is ok if its upstream
09:26
<
sphalerite >
"to save some the boilerplate we" there's an "of" missing there, but that error's just carried over from upstream so it might be worth fixing there as well
09:27
<
domenkozar >
corrected
09:27
<
makefu >
there is an extra " at the end of the paragraph
09:32
<
domenkozar >
yikes, sorry for the pain
09:33
<
domenkozar >
makefu: sphalerite: thanks, all good now? :)
09:33
<
sphalerite >
makefu: " there you go it's over now
09:34
<
ekleog >
domenkozar: there's “ now?" I hope this helps!” at the end of “A way to develop software with Nix” ?
09:34
<
makefu >
sphalerite: thanks!
09:35
<
domenkozar >
today is one of those days isn't it :)
09:37
<
domenkozar >
ok all fixed.
10:11
obadz has quit [Ping timeout: 246 seconds]
10:19
<
domenkozar >
:blushes:
10:19
<
domenkozar >
thank you niksnut :)
10:20
<
niksnut >
domenkozar: do you know why that NAR is corrupt?
10:22
<
domenkozar >
not yet, going to investigate now
10:24
<
domenkozar >
it's strange because they are referenced by hash
10:25
<
domenkozar >
so it could be something like interrupted connection
10:25
<
domenkozar >
and both client and server got the wrong hash
10:25
<
domenkozar >
but how would that corrupt the header?
10:43
<
niksnut >
I'm guessing that something got truncated from the start of the NAR prior to compression
11:00
<
domenkozar >
yeah it's truncated
11:05
<
domenkozar >
will release cachix that actually checks exit code of the streaming process :-)
11:06
MichaelRaskin has left #nixos-dev [#nixos-dev]
11:15
<
niksnut >
but how do you truncate from the start?
11:15
<
niksnut >
I mean, it a process gets interrupted you would expect it to be truncated at the end
11:17
<
domenkozar >
diffing newly created nar and extracting the corrupted one they have the same contents in the begining
11:17
<
domenkozar >
but it's also unclear to me why is then nar header different, still looking into that
11:18
<
niksnut >
so the file size is the same?
11:19
<
domenkozar >
nah, the original file is about 5 times longer
11:21
<
domenkozar >
$ du -sh /home/ielectric/Downloads/a8d3c42efa059d0ebdfdae7f1c8fe98935dbe293c960c7507d462bac85f6c610.nar
11:21
<
domenkozar >
26M /home/ielectric/Downloads/a8d3c42efa059d0ebdfdae7f1c8fe98935dbe293c960c7507d462bac85f6c610.nar
11:21
<
domenkozar >
$ du -sh src.nar
11:22
<
domenkozar >
169M src.nar
11:51
orivej has quit [Ping timeout: 252 seconds]
11:53
obadz has joined #nixos-dev
14:32
<
andi- >
Who can I ping regarding the box `ike`? It is stalling jobs big time.. The longest job is running for >12days :/ It keeps on stalling more jobs.
14:35
<
LnL >
not sure who else can update the machines list
14:57
<
gchristensen >
andi-: yeah I was looking at that this morning
15:04
ekleog has quit [Quit: back soon]
15:08
<
gchristensen >
andi-: niksnut is looking in to why they're stalled
15:09
<
andi- >
gchristensen: thank you for the update (& thanks niksnut ;-))
15:27
<
domenkozar >
gchristensen: I forgot again. What's your method to access nixos tests vm?
15:29
<
domenkozar >
although foobar password is something you've setup right?
15:32
<
domenkozar >
I wonder if we can just put that into base image for nixos tests
15:33
<
domenkozar >
it has rootkit anyway installed
15:33
<
domenkozar >
so why not have another
15:35
<
domenkozar >
gchristensen: I'd like to get this upstream
15:35
<
domenkozar >
but first, think if the other solution is better
15:36
<
domenkozar >
I think this method gives a bit better UX, since you don't need to do anything to access those machines
15:36
<
domenkozar >
it just exposes by default
15:36
<
domenkozar >
the whole network
15:36
<
gchristensen >
I agree
15:37
<
domenkozar >
the drawback is that it's a bit impure
15:37
<
domenkozar >
probably existing tap0 would fail the test
15:38
<
gchristensen >
yeah that is tough :/
15:38
<
domenkozar >
might be an issue on machines that run multiple tests at the same time
15:38
<
gchristensen >
the "foobar" thing is a silly thing, doesn't feel good
15:38
<
domenkozar >
well vms have rootkit anyway
15:38
<
domenkozar >
but it's network isolated from the host
15:39
<
domenkozar >
could offer this as a flag
15:43
ekleog has joined #nixos-dev
15:57
goibhniu has joined #nixos-dev
16:30
<
gchristensen >
andi-: so those jobs should be restarted now
16:31
<
andi- >
gchristensen: ok
16:32
<
gchristensen >
found a cyclical deadlock in the download :)
18:08
<
domenkozar >
that's x,y, and z?
18:10
<
gchristensen >
each vertical slice is a histogram of the duration builds have been running for
18:15
<
aszlig >
hm, is my reality distorted at some point or do staging merges occur less frequently these days?
18:23
<
aszlig >
gchristensen: regarding entering the test vm: this would also imply that sshd needs to be running in the VM, right?
18:23
<
aszlig >
which for almost all tests isn't the case
18:25
<
domenkozar >
aszlig: btw thanks so much for letsencrypt nixos tests
18:25
<
domenkozar >
I'm using the infra to fake S3 :P
18:25
<
aszlig >
domenkozar: :-D
18:26
<
domenkozar >
like cachix functional test is 150 lines in total, testing the whole api against a real backend
18:26
<
domenkozar >
crazy :)
18:26
<
domenkozar >
api==cli
18:27
<
domenkozar >
really cool :)
18:28
<
domenkozar >
yeah had similar thoughts
18:28
<
domenkozar >
but nowadays I'd inverse logic
18:28
<
domenkozar >
service.mymodule.privateIP
18:28
<
domenkozar >
and then set that with nixops
18:28
<
domenkozar >
and dummy values in tests
18:28
<
aszlig >
domenkozar: yeah, i started with something like that
18:29
<
domenkozar >
it can get hairy :)
18:29
<
aszlig >
domenkozar: but i'm using encryptedLinksTo, which is why i've written that module
18:31
<
domenkozar >
right now I'm trying to ssh into nixos test vm
18:31
<
domenkozar >
but my old hack doesn't work
18:31
<
domenkozar >
vde_switch: Failed to open /dev/net/tun No such file or directory
18:31
<
aszlig >
at some point i thought about making VM tests more modular so that you can have "infrastructure" modules or something like that
18:31
<
domenkozar >
vde_switch: ERROR OPENING tap interface: tap0
18:31
<
domenkozar >
this does run on host right?
18:32
<
Dezgeg >
you can get almost-as-good vm debugging experience by passing a serial console over a unix domain socket
18:32
<
aszlig >
domenkozar: the vde_switch?
18:32
<
domenkozar >
Dezgeg: I remember there are some issues with that
18:33
<
domenkozar >
hmmm, why would it fail opening tun then?
18:33
<
Dezgeg >
terminal size is probably wrong yes, and you don't get scp
18:33
<
aszlig >
domenkozar: what are you trying to do?
18:33
<
domenkozar >
Dezgeg: do you have a diff how to integrate that?
18:33
<
domenkozar >
aszlig: access qemu vm
18:33
<
domenkozar >
well mainly come up with something we can have in nixos
18:33
<
aszlig >
domenkozar: i mean, what was the command where you got that error?
18:34
<
domenkozar >
for debugging tests
18:34
<
Dezgeg >
but on the plus size, no configuration, just as root locate the correct nix-build-foo directory and connect to the socket
18:34
<
Dezgeg >
for nixos tests no, I've used it for runInLinuxVM stuff
18:34
<
domenkozar >
well sure, should be almost the same
18:34
<
domenkozar >
aszlig: passed -tap tap0 to vde_switch
18:35
<
aszlig >
Dezgeg: i think the main issue with attaching a serial device is that you need to set environment seperately
18:35
<
Dezgeg >
on nixos you can rely on starting an actual getty as a systemd service instead of some manual hack
18:35
<
Dezgeg >
what environment?
18:35
<
aszlig >
Dezgeg: like TERM, LANG, etc...
18:36
<
Dezgeg >
how is it different from any normal serial console login to nixos?
18:36
<
aszlig >
Dezgeg: the difference is that you get the environment of the test vm instead of the local environment
18:37
<
aszlig >
Dezgeg: ssh on the other side sets those variables
18:37
<
Dezgeg >
well sure there are some minor differences
18:38
<
aszlig >
Dezgeg: those can get pretty annoying, especially when you have a very minimal test machine
18:39
<
domenkozar >
hmm, maybe /dev/net is not allowed anymore in sandbox
18:39
orivej has joined #nixos-dev
18:39
<
aszlig >
also when you CTRL+c an application, SIGINT is sent to the corresponding pid
18:40
<
domenkozar >
yes :(
18:40
<
Dezgeg >
anyway, what I do here is pass this to qemu: -serial unix:$TMPDIR/ttyS1,server,nowait
18:40
<
Dezgeg >
then connect with something like: socat STDIO,raw,echo=0,escape=0x11 UNIX:/var/tmp/nix-build-vm-drv.drv-0/ttyS1
18:40
<
aszlig >
domenkozar: ah, yes, it's not available within the builder
18:41
<
domenkozar >
it used to be 2 years ago :D
18:41
<
domenkozar >
Dezgeg: thanks, let me try that.
18:41
<
Dezgeg >
and on nixos side you need a getty running on that port, that one I can't remember how to do offhand
18:41
<
aszlig >
Dezgeg: if i'm not mistaken this should kill socat on CTRL+c
18:41
<
Dezgeg >
no, it's in raw mode
18:42
<
Dezgeg >
with CTRL-Q to exit (escape=0x11)
18:47
<
aszlig >
Dezgeg: ah, right
18:47
<
aszlig >
Dezgeg: hm... let me try that... i still have the suspicion that SIGINT is then not delivered...
18:48
<
domenkozar >
Dezgeg: is it something like
18:48
<
domenkozar >
boot.kernelParams = [ "console=ttyS0" ];
18:48
<
domenkozar >
I remember the problem was you can't have multiple consoles
18:48
<
domenkozar >
at tests use one
18:52
<
Dezgeg >
but certainly it's possible to have multiple consoles with one taken by the testing stuff
18:53
<
domenkozar >
well it's the same console as for testing
18:56
<
gchristensen >
I really appreciate how incredibly talented and smart our community is ^.^
18:56
<
Dezgeg >
no, adding a second one will add ttyS1
19:02
<
domenkozar >
hmm, hoped that
19:02
<
domenkozar >
boot.kernelParams = ["console=ttyS1"];
19:02
<
domenkozar >
would add one :)
19:11
<
domenkozar >
systemd.services."serial-getty@ttyS1".enable = lib.mkForce true;
19:13
<
aszlig >
Dezgeg: okay, SIGINT is getting delivered correctly
19:18
<
domenkozar >
aszlig: with tests infra?
19:18
<
aszlig >
domenkozar: i used the build-vm.nix posted before
19:19
<
aszlig >
something like SIGWINCH propagation and copying terminal attributes plus a few environment variables would be nice, but other than that it's preferable to the ssh-variant
19:20
<
domenkozar >
what's not clear to me is how to attach a serial console to that socket on the guest side
19:21
<
Dezgeg >
for nix-build ./nixos/release.nix -A tests.firewall.x86_64-linux you get in with socat STDIO,raw,echo=0,escape=0x11 UNIX:/tmp/nix-build-vm-test-run-firewall.drv-0/vm-state-walled/backdoor
19:22
<
domenkozar >
Dezgeg: thanks, testing
19:30
<
domenkozar >
it works
19:30
<
domenkozar >
this is really good :)
19:32
* gchristensen
refers back to my message from 45min ago
19:32
<
domenkozar >
Dezgeg: do you mind if I make a PR and document this?
19:42
sir_guy_carleton has joined #nixos-dev
19:42
<
Mic92 >
fpletz: is it possible to configure rspamd with the rspamd.conf or do I have to use these includes?
19:43
<
aszlig >
domenkozar, Dezgeg: hm, maybe it makes sense to expose the device only when running in a nix shell
19:45
<
domenkozar >
aszlig: why not just always
19:46
<
aszlig >
domenkozar: to avoid allocating that tty every time a machine is spun up
19:47
<
domenkozar >
to avoid due to security or something else?
19:48
<
aszlig >
domenkozar: nah, security shouldn't be an issue, it's just a (very) little more overhead
19:49
<
domenkozar >
shouldn't make a difference with the long running times of just vm spinning up
19:49
<
samueldr >
aszlig: then the conditions in which the test executes changes (additional tty vs none) most shouldn't fail then, but the moment it does it would be a pain :)
19:52
<
aszlig >
samueldr: agreed
19:52
<
domenkozar >
so the good news is, this setup is very nice
19:52
<
aszlig >
s/^/domenkozar, /
19:53
<
domenkozar >
the bad news is, the reason why test was failing is a stupid PEBKAC
19:54
<
Dezgeg >
domenkozar: go ahead
19:54
<
aszlig >
hm, i'm searching a while now and i wonder why there isn't something very minimal that does exactly the same as SSH does (minus encryption, etc...)
19:54
<
Dezgeg >
yeah, I couldn't find anything either
19:54
<
aszlig >
Dezgeg: so maybe it's time to hack something together then
19:55
<
Dezgeg >
I mean telnet would work if only any of the clients accepted unix domain sockets
19:55
<
aszlig >
or we're just to stupid to search
19:55
<
aszlig >
Dezgeg: telnet already is too much, because it uses a different protocol
19:56
<
aszlig >
IMHO it should just be like: connect -> allocate pty -> set termattrs, env, whatnot and relay everything unchanged
19:57
<
aszlig >
probably in a different order though :-D
19:57
<
Dezgeg >
yes, but you need an out-of-band channel to deliver that information
19:57
<
aszlig >
yah, of course, just a serial device doesn't necessarily work
19:58
<
aszlig >
basically searching for something like mosh, minus udp+encryption
19:58
<
cransom >
would socat with a ton of options thrown at it do?
19:59
<
aszlig >
cransom: not really, because you would need signal handling on the client side etc... (as mentioned above)
20:00
<
aszlig >
as far as i can see socat doesn't support that
20:00
<
aszlig >
the signals need to be communicated OOB though
20:00
<
aszlig >
and/or multiplexed
20:04
<
aszlig >
Dezgeg: hm, that looks promising
20:04
<
aszlig >
it even has file transfer
20:08
<
aszlig >
but other than that it looks like something we can use
20:16
<
aszlig >
and that hardcoded bash should probably fetched using getpwent
20:23
<
aszlig >
Dezgeg: okay, thanks... i think i'm going to fix those things and package it for nixpkgs
20:30
<
aszlig >
another thing is that it uses AF_VSOCK, so it shouldn't collide with other things in the guest
20:43
<
aszlig >
damn... there is currently no way to use AF_VSOCK in the guest and expose it via unix domain socket to the host :-/
20:46
<
aszlig >
so it's all done via an id (CID) assigned to a specific guest and you need /dev/vhost-vsock on the host as well
20:55
phreedom_ has quit [Ping timeout: 256 seconds]
21:09
phreedom has joined #nixos-dev
21:12
phreedom has quit [Remote host closed the connection]
21:12
phreedom has joined #nixos-dev
21:54
Lisanna has joined #nixos-dev
21:56
Lisanna has quit [Client Quit]