worldofpeace changed the topic of #nixos-dev to: NixOS Development (#nixos for questions) | NixOS 20.09 Nightingale ✨ https://discourse.nixos.org/t/nixos-20-09-release/9668 | https://hydra.nixos.org/jobset/nixos/trunk-combined https://channels.nix.gsc.io/graph.html | https://r13y.com | 20.09 RMs: worldofpeace, jonringer | https://logs.nix.samueldr.com/nixos-dev
alp has quit [Ping timeout: 272 seconds]
<infinisil> Requires `./result` to be a runnable script. Attempts to remove dependencies one-by-one, only printing the deps that are really needed in the end
<infinisil> (uses bubblewrap to create an empty mount namespace)
<infinisil> For curl the exact same result as above though
supersandro2000 has quit [Disconnected by services]
supersandro2000 has joined #nixos-dev
<abathur> between nix#3630 and picking at install/uninstall issues I've been wondering if /nix should have some sort of metadata (or maybe a structured log?) documenting how it was installed/created... is there some obvious reason it's a dumb suggestion? maybe multiple systems sharing a /nix mount?
<{^_^}> https://github.com/NixOS/nix/issues/3630 (by lilyball, 25 weeks ago, open): Unified profile script that detects single-user vs multi-user
<samueldr> NixOS' own /nix could have a single entry like "is NixOS"
<samueldr> hmm, what about (for Linux) lustrating NixOS?
orivej_ has quit [Ping timeout: 260 seconds]
ris has quit [Ping timeout: 240 seconds]
rajivr has joined #nixos-dev
supersandro2000 has quit [Quit: The Lounge - https://thelounge.chat]
supersandro2000 has joined #nixos-dev
andi- has quit [Remote host closed the connection]
andi- has joined #nixos-dev
stoile has quit [Ping timeout: 240 seconds]
orivej has joined #nixos-dev
orivej has quit [Ping timeout: 260 seconds]
orivej_ has joined #nixos-dev
orivej has joined #nixos-dev
orivej_ has quit [Ping timeout: 260 seconds]
orivej has quit [Read error: Connection reset by peer]
orivej has joined #nixos-dev
<Mic92> samueldr: using the same arguments you would need to remove `/usr/bin/env` from NixOS
<Mic92> But we don't because we have a sandbox on NixOS.
<Mic92> So it does not affect for build output.
<samueldr> /usr/bin/env and /bin/sh are part of POSIX, and I'd removed them
<samueldr> it does not affect the build output, but it could affect the results of testing the build output
<samueldr> reducing confidence
<samueldr> as I said, I understand how it's needed by some, and a good project
<Mic92> In that case it should be rather a check in stdenv
<Mic92> in fixup phase
orivej has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
<samueldr> it creates a different "class" of NixOS systems, where things work differently in non-trivial ways, that's my main worry
<samueldr> even though that's a negative thing I say, I still think it's a great thing to see exist
<Mic92> Any non-trivial binary will need library dependencies, in which case one needs https://github.com/Mic92/nix-ld/blob/63e8ed3686d4c08da61745ba4cfd220b5d3fd17c/examples/masterpdfeditor.nix#L4
<Mic92> In the next iteration it will also need a NIX_LD environment variable
<Mic92> So it's not that automatic.
<Mic92> It will be similiar to how fhs userenv works now but with less limitations of it.
<samueldr> though NIX_LD will be inherited by child processes, I wonder if another method that don't get inherited can be better
<samueldr> I don't know the limitations
<Mic92> usernamespaces break suid binaries and it removes executables from PATH that are not in the fhsuservenv.
<Mic92> I also only getting started. I thought about having a fuse that symlinks /sbin/$executable /usr/bin/$executable to /usr/bin/env
<samueldr> yeah, I know that fhs user envs have limitations too, and annoying too :/
<samueldr> could the required libs be described in a file you put next to the executable rather than through environment variables?
<samueldr> I have a general aversion about "fixing" things using the environment; definitely not specific to your use :)
<Mic92> The way I want to build it, I will have to re-create functiontionality that usually comes from libc
<Mic92> So I try to keep the things it does to a minimum.
<Mic92> I need to re-implement a minimal link-loader and a syscall abstraction.
<Mic92> samueldr: well, it's a lot of effort and not always feasible. If you work with in teams without Nix you will be lost.
<Mic92> You cannot re-compile even the linux kernel from source without fhs userenv or patches.
<samueldr> I don't follow
orivej has quit [Ping timeout: 260 seconds]
orivej has joined #nixos-dev
supersandro2000 has quit [Quit: The Lounge - https://thelounge.chat]
supersandro2000 has joined #nixos-dev
alp has joined #nixos-dev
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 264 seconds]
orivej_ has quit [Ping timeout: 256 seconds]
orivej has joined #nixos-dev
orivej_ has joined #nixos-dev
orivej has quit [Ping timeout: 256 seconds]
alp has quit [Ping timeout: 272 seconds]
<Mic92> Patching binaries and scripts is not always feasible if you work on some projects and fhs-userenv also sucks sometimes.
stoile has joined #nixos-dev
kcalvinalvin has quit [Quit: ZNC 1.7.4 - https://znc.in]
kcalvinalvin has joined #nixos-dev
jonringer has quit [Ping timeout: 260 seconds]
kalbasit has quit [Ping timeout: 256 seconds]
alp has joined #nixos-dev
cole-h has quit [Ping timeout: 264 seconds]
kfound has joined #nixos-dev
kfound has quit [Remote host closed the connection]
FRidh has joined #nixos-dev
Jackneill has quit [Ping timeout: 240 seconds]
Jackneill has joined #nixos-dev
saschagrunert has joined #nixos-dev
teto has joined #nixos-dev
zarel has quit [Read error: Connection reset by peer]
zarel has joined #nixos-dev
<teto> I would like to replace the archive in nixos.rog/nix/install with an archive for nixUnstable. How can I generate that ?
zarel has quit [Ping timeout: 256 seconds]
zarel_ has joined #nixos-dev
FRidh has quit [Ping timeout: 265 seconds]
<{^_^}> nix#4224 (by zimbatm, 1 week ago, open): installer: simplify the per-build installation
alp has quit [Ping timeout: 272 seconds]
alp has joined #nixos-dev
kfound has joined #nixos-dev
<teto> regnat: awesome thanks
__monty__ has joined #nixos-dev
kfound has quit [Remote host closed the connection]
alp has quit [Ping timeout: 260 seconds]
alp has joined #nixos-dev
<qyliss> One reason to want some sort of fhs-run that isn't steam-run is that steam-run includes non-free graphics libraries, which I assume most programs on most systems would be fine without
<qyliss> It would also be nice if it was built from source and could be patched if required and stuff
<gchristensen> has anyone experimented with SystemCallFilter and other systemd directives to restrict nix-daemon some?
<ajs124> qyliss it does? which libraries are those?
<qyliss> nvidia something I think
<qyliss> error: Package ‘steam-runtime’ in /run/current-system/nixlib/nixpkgs/pkgs/games/steam/runtime.nix:21 has an unfree license (‘unfreeRedistributable’), refusing to evaluate.
<spacekookie> Mic92: there's a meeting in 10, right?
<raboof> when would we want to point `python` to `python3` rather than `python2`? or do we want to avoid using `python` and prefer using `python3` explicitly?
<Mic92> spacekookie: it's 15:00 your time zone
<spacekookie> But it was 13:00 UTC and now there's no more daylight savings?
<spacekookie> I hate time
<ajs124> qyliss: interesting. according to the comment, which I just verified is still true, it's the nvidia-cg-toolkit
<das_j> gchristensen: yes, and it's unsurprisingly painful
<gchristensen> I thought maybe so ...
<mkaito> is ssh-ng an order of magnitude slower than ssh for anyone else when checking closure availability?
<mkaito> ~2s per closure
__monty_1 has joined #nixos-dev
__monty__ has quit [Ping timeout: 240 seconds]
<Mic92> niksnut: spacekookie sphalerite meeting in 10 min.
<sphalerite> Mic92: argh, sorry, forgot to let you know in advance. I'm on-site with a client again
<spacekookie> Mic92: ill be about 5 minutes late but the pad is already prepared with updated notes on all the rfcs
<Mic92> sphalerite: should be fine if niksnut and spacekookie are present
<sphalerite> Also, the FCP for RFC32 ends today, so if you want to merge it in this meeting go ahead :)
<sphalerite> otherwise I'll do it this evening
<Mic92> sphalerite: ok
<gchristensen> nixos-install in 20.09: if I have mutableUsers=false and I set a password for root, it shouldn't prompt for a root password, right? and: it keeps trying and failing: mktemp: failed to create direcotry via template '/mnt/tmp/.F89Pwu.../tmp.XXXXXXX': no suchfile or directory.
<gchristensen> anyone seen these?
<adisbladis> Can peti be reached on irc?
<qyliss> adisbladis: rarely
<niksnut> https://discourse.nixos.org/t/rfc-steering-committee-rotation-2020-21/9365 <-- we're still looking for volunteers!
<adisbladis> qyliss: I suspected that was the case. Thanks.
<maralorn> adisbladis: The most reliable way to get his attention is joining his twitch stream on friday evenings.
<maralorn> I actually collect my questions over the week and bring them there.
<maralorn> I am not sure, who cares but mercurial is broken on master: https://github.com/NixOS/nixpkgs/issues/104275
<{^_^}> #104275 (by maralorn, 39 minutes ago, open): pythonPackages.dulwich: Tests segfault on master
Jackneill has quit [Read error: Connection reset by peer]
Jackneill has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
<Mic92> infinisil: niksnut rycee we have a meeting in 1/2h on https://meet.jit.si/nixos-rfc-42
__monty_1 has quit [Quit: leaving]
<infinisil> Mic92: Got it
<rycee> Aye.
<infinisil> Btw, is jit.si for anybody else giving "400 Bad Request"? I can get around it by running it in a private window, but it's a bit annoying
<Mic92> infinisil: don't know. I am using the App.
<siraben> jit.si cannot be resolved for me
<infinisil> I mean https://meet.jit.si/
<siraben> 200
<infinisil> It's probably some add-on I have
<gchristensen> nice
<maralorn> are rfc-discussions like that thought of to be (read-only) public?
FRidh has joined #nixos-dev
justan0theruser has quit [Ping timeout: 272 seconds]
kalbasit has joined #nixos-dev
justan0theruser has joined #nixos-dev
alp has joined #nixos-dev
jonringer has joined #nixos-dev
kalbasit has quit [Ping timeout: 240 seconds]
cole-h has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
avn has quit [Ping timeout: 260 seconds]
alp has joined #nixos-dev
avn has joined #nixos-dev
kalbasit has joined #nixos-dev
<gchristensen> I think it'd be really interesting to find a way to sometimes add safety checks to critical scripts, like shellcheck on stage-1 and make it mandatory for contributions, but without making shellcheck part of the normal userbuild closure
<gchristensen> if you're curious, stage1 does not cleanly shellcheck right now
<FRidh> gchristensen: using mypkg.tests ?
<gchristensen> that could be useful, though not sure stage1 would be noticable for checking like that
avn has quit [Read error: Connection reset by peer]
avn has joined #nixos-dev
alp has quit [Ping timeout: 272 seconds]
<hexa-> good idea
ris has joined #nixos-dev
rajivr has quit [Quit: Connection closed for inactivity]
saschagrunert has quit [Quit: Leaving]
<gchristensen> of course a better option would be to not use shell, probably
<samueldr> there's systemd
<hexa-> systemd-stage1d
tilpner has quit [Quit: tilpner]
andi- has quit [Ping timeout: 272 seconds]
andi- has joined #nixos-dev
<gchristensen> jonringer, worldofpeace: a review of backporting AMI patches to stable, if you please :): https://github.com/NixOS/nixpkgs/pull/104302
<{^_^}> #104302 (by grahamc, 1 hour ago, open): [20.09] NixOS EC2 AMI: Support IMDSv2
jonringer has quit [Ping timeout: 260 seconds]
alp has joined #nixos-dev
justan0theruser has quit [Ping timeout: 240 seconds]
FRidh has quit [Quit: Konversation terminated!]
tdeo has joined #nixos-dev
<worldofpeace> gchristensen: thx for adding it as a channel blocker
<gchristensen> =
<gchristensen> )
tilpner has joined #nixos-dev
<worldofpeace> merged
<gchristensen> thank you!
<das_j> ah is that `aggregate job 'tested' references non-existent job 'nixos.amazonImage.x86_64-linux'`?
<das_j> cc worldofpeace gchristensen
<samueldr> das_j: where?
<samueldr> (hydra is slow to look at each project :))
<das_j> we have our own hydra which sends me mails because of this exact error
<samueldr> which branch is it failing for, at which commit?
<das_j> c68e739300d551a755e04dcca6fca1f3dbb21421 (master) and bbcbc4eddfb8b1a6859053110d5b865ee9552b93 (20.09)
<das_j> Nix expression: nixos/release-small.nix in input nixpkgs
justanotheruser has joined #nixos-dev
lightbul_ has joined #nixos-dev
lightbul_ has left #nixos-dev [#nixos-dev]
<das_j> weeeeell
<das_j> shouldn't that go into release-combined?
jonringer has joined #nixos-dev
justanotheruser has quit [Ping timeout: 272 seconds]
<gchristensen> :/
<gchristensen> just stepped away from dinner, if you could PR a fix that would be ideal but otherwise back in a bit
<samueldr> eval'd on the org's hydra and yeah https://hydra.nixos.org/jobset/nixos/release-20.09-small#tabs-errors
<gchristensen> PRing
<gchristensen> das_j, samueldr rfr https://github.com/NixOS/nixpkgs/pull/104322
<{^_^}> #104322 (by grahamc, 15 seconds ago, open): nixos/release-small: add amazonImage
justanotheruser has joined #nixos-dev
<samueldr> das_j: tested or visually?
<das_j> Thank you :) Don't worry about it
<das_j> visually
<das_j> with the motto being "It cannot get worse than no eval"
<{^_^}> #104323 (by grahamc, 8 seconds ago, open): [20.09] nixos/release-small: add amazonImage
<samueldr> verified with `env -i nix-build ./nixos/release-small.nix -A nixos.amazonImage`
<gchristensen> great
<gchristensen> thanks, das_j
<das_j> those were amazingly fast response time. thank you all!
<das_j> s/time/times/
* gchristensen wistfully remembers a time that ofborg checked these things
* gchristensen waits for ofborg to finish
justanotheruser has quit [Quit: WeeChat 2.9]
andi- has quit [Ping timeout: 272 seconds]
andi- has joined #nixos-dev
<cole-h> gchristensen: ofborg finished on the backport before the PR to master lol.
<cole-h> Is there a merge method that keeps the current hash? Otherwise the "cherry-picked from xyz" won't point to the commit to master after it's been merged.
<samueldr> yes, merging as in a merge commit
<samueldr> sure, it makes "the history all ugly", but that's not a concern
<gchristensen> hah...
<gchristensen> sigh, the temptation to merge is strong
costrouc has quit [Read error: Connection reset by peer]
costrouc has joined #nixos-dev