<gchristensen>
if anyone is willing and able, could they look in to https://lwn.net/Vulnerabilities/707363/ to see if we're vulnerable to this on master and release-16.09?
ilja_kuklic has quit [(Ping timeout: 260 seconds)]
eacameron has quit [(Remote host closed the connection)]
eacameron has joined #nixos
aneeshusa has joined #nixos
RchrdB has quit [(Quit: Leaving)]
markus1199 has joined #nixos
glines has quit [(Ping timeout: 265 seconds)]
markus1189 has quit [(Ping timeout: 245 seconds)]
ilja_kuklic has joined #nixos
<NixOS_GitHub>
[nixpkgs] rasendubi closed pull request #18737: secp256k1: configure with more feature flags (master...secp256k1-flags) https://git.io/viXhc
erasmas has quit [(Quit: leaving)]
eacameron has quit [(Remote host closed the connection)]
eacameron has joined #nixos
<NixOS_GitHub>
[nixpkgs] grahamc created rollup-12 (+5 new commits): https://git.io/v1zjR
<NixOS_GitHub>
nixpkgs/rollup-12 76ef70a Graham Christensen: imagemagick: 6.9.6-2 -> 6.9.6-7 for CVE-2016-9556 and CVE-2016-9559
<NixOS_GitHub>
nixpkgs/rollup-12 e42f6a1 Graham Christensen: gstreamer: 1.10.1 -> 1.10.2 for multiple CVEs...
<NixOS_GitHub>
nixpkgs/rollup-12 e0b8501 Graham Christensen: openafs: 1.6.17 -> 1.6.20 for CVE-2016-9772...
<gchristensen>
oops wrong server :)
Shoue has quit [(Ping timeout: 250 seconds)]
<NixOS_GitHub>
[nixpkgs] grahamc deleted rollup-12 at 4c5a198: https://git.io/v1zjr
acertain has quit [(Read error: Connection reset by peer)]
acertain has joined #nixos
AllanEspinosa has quit [(Ping timeout: 246 seconds)]
vandenoever has quit [(Ping timeout: 250 seconds)]
redmq has joined #nixos
sigmundv has joined #nixos
redmq has quit [(Ping timeout: 260 seconds)]
sigmundv has quit [(Client Quit)]
ilja_kuklic has quit [(Ping timeout: 245 seconds)]
herzmeister has quit [(Quit: Leaving)]
herzmeister has joined #nixos
digitalmentat has joined #nixos
eacameron has joined #nixos
marusich has quit [(Ping timeout: 258 seconds)]
mizu_no_oto has joined #nixos
AllanEspinosa has joined #nixos
eacameron has quit [(Ping timeout: 256 seconds)]
nh2_ has joined #nixos
glines has joined #nixos
mudri has quit [(Ping timeout: 244 seconds)]
thc202 has quit [(Ping timeout: 246 seconds)]
<spacekitteh>
gchristensen: :P
<gchristensen>
:)
<spacekitteh>
now to fix nodejs so it actually builds under grsec
jsgrant has quit [(Read error: Connection reset by peer)]
taktoa has quit [(Ping timeout: 244 seconds)]
jsgrant has joined #nixos
<gchristensen>
kmicu: what was that paradox you referenced the other day?
<gchristensen>
ah, fallacy, not paradox
<spacekitteh>
:P
ixxie has joined #nixos
<spacekitteh>
replying to me? :P
echo-area has joined #nixos
taktoa has joined #nixos
<gchristensen>
yeah :)
<spacekitteh>
i'll have you know sir that i'm a professional logician :P
<gchristensen>
:o
<spacekitteh>
you've insulted my honour
<spacekitteh>
i challenge you to a duel
* gchristensen
runs away
<spacekitteh>
(i just binge watched Outlander)
<gchristensen>
:)
<gchristensen>
one thing you may find interesting is researching how long it takes between a CVE to be announced, a patch to be provided, ... and when the NVD database has information about it.
<spacekitteh>
i just woke up and am waiting for my amphetamines to kick in, got any links?
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
mizu_no_oto has joined #nixos
mizu_no_oto has quit [(Client Quit)]
aneeshusa has quit [(Ping timeout: 245 seconds)]
acertain has joined #nixos
alx741 has quit [(Quit: alx741)]
Acou_Bass has quit [(Ping timeout: 265 seconds)]
rardiol has quit [(Ping timeout: 268 seconds)]
Wizek has quit [(Ping timeout: 244 seconds)]
Acou_Bass has joined #nixos
mizu_no_oto has joined #nixos
mguentner2 has joined #nixos
mguentner has quit [(Ping timeout: 250 seconds)]
jsgrant has quit [(Quit: Konversation terminated!)]
<NixOS_GitHub>
[nixpkgs] tari opened pull request #20996: libdwarf: version the shared object (master...libdwarf-soname) https://git.io/v1gG6
AllanEspinosa has quit [(Ping timeout: 245 seconds)]
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
mizu_no_oto has joined #nixos
uralbash has joined #nixos
mizu_no_oto has quit [(Quit: Computer has gone to sleep.)]
Kingsquee has joined #nixos
henrytill_ is now known as henrytill
henrytill has quit [(Changing host)]
henrytill has joined #nixos
stepcut has quit [(Remote host closed the connection)]
MightyJoe is now known as cyraxjoe
jedai42 has joined #nixos
jsgrant has joined #nixos
jedai has quit [(Ping timeout: 250 seconds)]
schneefux has joined #nixos
zagy has joined #nixos
sdothum has quit [(Quit: ZNC - 1.6.0 - http://znc.in)]
sdothum has joined #nixos
jacob_ has joined #nixos
jacob_ is now known as Guest29979
eacameron has joined #nixos
sdothum has quit [(Client Quit)]
eacameron has quit [(Ping timeout: 245 seconds)]
Wizek has joined #nixos
sheenobu has joined #nixos
<sheenobu>
nixos-install is being a very long process.. lost of failures at cache.nixos.org
justan0theruser has joined #nixos
ebzzry has quit [(Ping timeout: 244 seconds)]
justanotheruser has quit [(Ping timeout: 258 seconds)]
vandenoever has joined #nixos
wkennington has joined #nixos
marusich has joined #nixos
Maxdamantus has joined #nixos
sheenobu has quit [(Ping timeout: 245 seconds)]
marusich has quit [(Ping timeout: 258 seconds)]
sheenobu has joined #nixos
Itkovian has joined #nixos
newhoggy_ has joined #nixos
newhoggy2 has quit [(Ping timeout: 245 seconds)]
newhoggy_ has quit [(Ping timeout: 250 seconds)]
katyucha has joined #nixos
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
MercurialAlchemi has joined #nixos
vandenoever has quit [(Ping timeout: 260 seconds)]
johann__ has joined #nixos
<srhb>
Is there a way to make nix-shell use zsh instead of bash? All my setup is in zsh, so I feel rather limited in bash.
<spacekitteh>
nix-shell --run "zsh" ?
amarsman has joined #nixos
johann__ has quit [(Quit: Leaving.)]
eacameron has joined #nixos
griff_ has joined #nixos
jsgrant has quit [(Quit: Konversation terminated!)]
johann__ has joined #nixos
eacameron has quit [(Ping timeout: 250 seconds)]
griff_ has quit [(Ping timeout: 248 seconds)]
blahdodo has quit [(Remote host closed the connection)]
zagy has quit [(Quit: Leaving.)]
blahdodo has joined #nixos
aneeshusa has joined #nixos
aneeshusa has quit [(Ping timeout: 250 seconds)]
civodul has joined #nixos
Guest350 has joined #nixos
abrar has quit [(Ping timeout: 250 seconds)]
<srhb>
spacekitteh: I meant always, instead of bash. I know I can run anything available with --run :)
<srhb>
(Though it should probably be --command instead of --run)
<spacekitteh>
srhb: look at users.defaultUserShell or environment.shells
<kmicu>
gchristensen: mornin’. Nirvana fallacy. It’s a very common thing in IT industry. Aka ‘your solution/patch *improves* current state of affairs, but it’s worse than my idealized, perfect, *non–existent* solution so you are a bad person’ Current ‘hilarious’ instance: ‘the portable dumper’ ‘dispute’ on emacs-devel.
<srhb>
spacekitteh: No dice, still bash.
teknico has joined #nixos
derjohn_mob has joined #nixos
<srhb>
I suppose an alias will do if the default behaviour really just is nix-shell . --command bash
abrar has joined #nixos
Itkovian has joined #nixos
phreedom has quit [(Remote host closed the connection)]
rly has joined #nixos
Guest350 has quit [(Ping timeout: 260 seconds)]
anelson has joined #nixos
anelson_ has quit [(Ping timeout: 258 seconds)]
vandenoever has joined #nixos
ckauhaus has joined #nixos
<LnL>
srhb: that should work but you won't have access to the buildPhase and such
<manveru>
srhb: i use direnv for that...
ThatDocsLady has quit [(Ping timeout: 245 seconds)]
echo-area has quit [(Remote host closed the connection)]
adev has joined #nixos
m` has joined #nixos
redmq has joined #nixos
dgn has joined #nixos
redmq has quit [(Ping timeout: 250 seconds)]
iyzsong has joined #nixos
dgn has quit [(Ping timeout: 244 seconds)]
<NixOS_GitHub>
[nixpkgs] joachifm pushed 1 new commit to master: https://git.io/v1gD0
<NixOS_GitHub>
nixpkgs/master f39d13c Joachim Fasting: grsecurity doc: describe work-around for gitlab...
jgeerds has joined #nixos
eacameron has joined #nixos
<sphalerite>
how can I prefetch a github repo to get the appropriate hash? nix-prefetch-git yields a sha256 that apparently has the wrong length (and isn't specialised for github like fetchFromGitHub)
<sphalerite>
Never mind, I'm an idiot and just can't copy and paste right. Was missing the last character >_>
eacameron has quit [(Ping timeout: 250 seconds)]
newhoggy2 has joined #nixos
newhoggy2 has quit [(Remote host closed the connection)]
[0x4A6F] has quit [(Ping timeout: 258 seconds)]
m` has quit [(Ping timeout: 248 seconds)]
[0x4A6F] has joined #nixos
christine_ has quit [(Ping timeout: 258 seconds)]
ckauhaus has quit [(Quit: Leaving.)]
<NixOS_GitHub>
[nixpkgs] joachifm pushed 1 new commit to master: https://git.io/v1gS9
<NixOS_GitHub>
nixpkgs/master 5fd4ffe Joachim Fasting: grsecurity: 4.8.12-201612031658 -> 201612062306
ekleog has joined #nixos
<NixOS_GitHub>
[nixpkgs] FRidh force-pushed python3 from 0bec21a to 81dc67c: https://git.io/vPPX6
<NixOS_GitHub>
nixpkgs/python3 7e16d0a Frederik Rietdijk: pythonPackages.docker: support python3
<NixOS_GitHub>
nixpkgs/python3 a805a98 Frederik Rietdijk: zbar: use python2
<NixOS_GitHub>
nixpkgs/python3 45f98c9 Frederik Rietdijk: linuxband: use python2
<NixOS_GitHub>
[nixpkgs] joachifm pushed 1 new commit to release-16.09: https://git.io/v1g9l
<NixOS_GitHub>
nixpkgs/release-16.09 c509f7b Joachim Fasting: grsecurity: 4.8.12-201612031658 -> 201612062306...
wangoe has joined #nixos
griff_ has joined #nixos
systemfault has joined #nixos
derjohn_mob has quit [(Ping timeout: 246 seconds)]
<LnL>
sphalerite: note that fetchFromGitHub uses fetchurl instead of fetchgit
<sphalerite>
yeah I noticed that too, it's neat
stepcut has joined #nixos
hamish_ has joined #nixos
hamish_ is now known as Guest99226
stepcut has quit [(Ping timeout: 268 seconds)]
<Guest99226>
is there a way to blacklist certain mirrors for nixos-install?
<Guest99226>
some mirrors are blocked by my corporate proxy
<LnL>
as in fetchurl mirrors?
rardiol has joined #nixos
gunface has quit [(Ping timeout: 244 seconds)]
<gchristensen>
domenkozar: right
<gchristensen>
domenkozar: I know :(
gunface has joined #nixos
<Guest99226>
LnL: I believe so yes
Guest99226 is now known as hamish__
derjohn_mob has joined #nixos
<gchristensen>
domenkozar: but with cvePatches in the code itself you can't properly indicate when the issue was fixed, if you discover the issue was fixed after the original commit.
<LnL>
not sure if you can without changing it in nixpkgs
<spacekitteh>
pkg-override
<gchristensen>
kmicu: yes that is definitely the same thing
<hamish__>
will have a look into pkg-override
<hamish__>
cheers
newhoggy2 has joined #nixos
newhoggy2 has quit [(Client Quit)]
hotfuzz_ has joined #nixos
hotfuzz has quit [(Read error: Network is unreachable)]
jensens has joined #nixos
griff__ has joined #nixos
griff_ has quit [(Ping timeout: 250 seconds)]
griff__ is now known as griff_
christine_ has joined #nixos
Shoue has joined #nixos
<spacekitteh>
gchristensen: did u see my reply re: v8/nodejs
<gchristensen>
thanks, tagged :)
<NixOS_GitHub>
[nix] edolstra pushed 1 new commit to master: https://git.io/v1gAJ
<NixOS_GitHub>
nix/master 8df1a3b Eelco Dolstra: Drop unused dblatex reference
rardiol has quit [(Ping timeout: 260 seconds)]
goibhniu has quit [(Read error: Connection reset by peer)]
goibhniu1 has joined #nixos
<gchristensen>
ugh I have multiple terabytes of /nix/store to garbage collect
<spacekitteh>
yikes
<spacekitteh>
gchristensen: any chance you could merge 8c2244c?
<gchristensen>
I'm focusing on other issues right now, sorry, trying to get roundup 12 finished
* spacekitteh
nods
<spacekitteh>
this annoying issue is preventing me from updating my system ):
<spacekitteh>
because cjdns depends on nodejs to build
<joachifm>
hm, it'd be nice if the maintainers could comment
wangoe has left #nixos []
wangoe has joined #nixos
<joachifm>
spacekitteh: why does the marking need to be guarded by a version check?
<spacekitteh>
mksnapshot was only introduced in that verison
<joachifm>
okay
<joachifm>
could you use versionAtLeast instead? it's a little clearer
<spacekitteh>
kk
<joachifm>
other than that I guess we can integrate the marking at least, if nobody complains soon
<joachifm>
the nodejs using v8 thing I won't touch
<spacekitteh>
yeah.
<joachifm>
in general, I'm a little hesitant to merge pax stuff without maintainers approval; I'm trying to not be too invasive, given that it's a niche feature
<joachifm>
just so you understand why I'm not integrating immediately
ebzzry has quit [(Ping timeout: 245 seconds)]
<joachifm>
esp. if it's to get stuff to *build* on a pax enabled host
eacameron has joined #nixos
<spacekitteh>
done
<spacekitteh>
why more hesitatnt re: biulding?
Seichi has joined #nixos
<joachifm>
because it's even more niche :)
<spacekitteh>
ah :P
glines has joined #nixos
<joachifm>
spacekitteh: oh, optional should strictly speaking be optionalString
<joachifm>
optional expands to a singleton list
eacameron has quit [(Ping timeout: 260 seconds)]
<joachifm>
not that it makes any difference once it reaches bash, but still
<joachifm>
(at least I think it normalizes to pretty much the same thing)
<spacekitteh>
ok fixed
ckauhaus has joined #nixos
<joachifm>
for 4.5.nix I think we know versionAtLeast 4.3 is always going to be true
<joachifm>
feels like that for default.nix too, really; a version check might be appropriate for generic.nix
<joachifm>
dunno
civodul has quit [(Quit: ERC (IRC client for Emacs 25.1.1))]
* spacekitteh
shrugs
<spacekitteh>
trust but verify?
<joachifm>
I favour simplicity; but see, this is why maintainer feedback would be nice
<joachifm>
:)
<joachifm>
no idea what they prefer in this situation
<gchristensen>
ugh I should have GC'd ages ago :| this is the wrong time
<spacekitteh>
hmm
glines has quit [(Ping timeout: 256 seconds)]
<gchristensen>
hrm.... running nix-collect-garbage, it says `finding garbage collector roots...` but it definitely isn't just finding them. it has deleted about 10GB of data without indicating anything has outputted
<spacekitteh>
gotta run with -D
<gchristensen>
-D?
<spacekitteh>
i think
<gchristensen>
usually it outputs lines like "deleting ‘/nix/store/m7zjaz5cnn04q78zys1hq76krwdaif0n-atop-2.2-3'
RchrdB has joined #nixos
<spacekitteh>
oh i misunderstood you
<gchristensen>
ah ok :)
<joachifm>
spacekitteh: are you aware that the cjdns test has been failing for over a month?
<dtzWill>
i often do 'nix-store --gc --print-roots' and similar lol
<spacekitteh>
joachifm: which?
<joachifm>
since you seem to be using it, maybe you could look into it?
<joachifm>
spacekitteh: also, I'd consider granting cap_{sys_chroot,setgid,setuid} to allow cjdns to drop privs
<joachifm>
as it is now, it is forced to run at higher privs than necessary
<spacekitteh>
iirc i tried doing that but was told to take it out
<joachifm>
spacekitteh: why? that doesn't make too much sense to me
<spacekitteh>
i can't remember, it was when i had just started on ritalin
<spacekitteh>
that whole couple of weeks was a blur
<joachifm>
oh ... okay
<spacekitteh>
XD
nh2_ has joined #nixos
<spacekitteh>
it looks like it's not creating tun0 o.O
<gchristensen>
hah! nix-collect-garbage (I cancelled it in the middle) outputted "0 store paths deleted, 0.00 MiB freed" but according to df, it freed 20GB.
<spacekitteh>
yeah i get that sometimes
<gchristensen>
O.o
<spacekitteh>
try running with -d
<gchristensen>
I did
<spacekitteh>
huh ok
<gchristensen>
this is def. a bug of some sort
<gchristensen>
where it is deleting things but the UI isn't aware
<spacekitteh>
any unusual filesystem?
<gchristensen>
ext4
<gchristensen>
I mean, I ran `strace` on it and it outputted thousands of lines of unlink/rmdir
<dtzWill>
lol
<dtzWill>
busted.
<gchristensen>
dtzWill: print-roots will delete?
MinceR has quit [(Ping timeout: 260 seconds)]
nh2_ has quit [(Ping timeout: 260 seconds)]
<NixOS_GitHub>
[nixpkgs] edolstra pushed 1 new commit to master: https://git.io/v12fT
<NixOS_GitHub>
nixpkgs/master 5743506 Eelco Dolstra: aws-sdk-cpp: Use multiple outputs
MinceR has joined #nixos
<rly>
I created a docker image based off Ubuntu, but there is no apt-get on it or anything. Does that make sense to anyone?
<rly>
I am using the dockerTools API in Nix.
asymmetric has joined #nixos
hotfuzz_ is now known as hotfuzz
<zimbatm>
so you used the fromImage = "ubuntu" ?
<zimbatm>
what do you have when you run the image with `ls -la /bin` ?
<dtzWill>
with 'isDeterministic=true' opt-in for making non-determinism an error
<dtzWill>
but mostly excited to see nix move more in this direction, it's so close to not take the next couple of steps... at least to do things like produce reports on what's deterministic/not
<dtzWill>
seems wrong for Debian to take reproducible builds more seriously than Nix, given the nature of Nix :)
<gchristensen>
good thing they are, though
<gchristensen>
we can borrow all their patches
<gchristensen>
:D
<dtzWill>
:D
<dtzWill>
yeah it /is/ a good thing, they're quite the heavy-weight org to be pushing for it.... to everyone's benefit :)
<gchristensen>
exactly
c0bw3b has left #nixos []
angerman has quit [(Quit: Gone)]
<NixOS_GitHub>
[nix] edolstra pushed 2 new commits to master: https://git.io/v12I0
<gchristensen>
Biappi: should that printed copy be encrypted or decrypted? :) I don't have a satisfactory answer to that. :(
<Biappi>
you can give a sealed envelope to a notary with the decrypted one =D
<gchristensen>
hrmm ok
* gchristensen
has spent the past few weekends reading up on PGP
fritschy has quit [(Quit: Leaving.)]
<NixOS_GitHub>
[nixpkgs] edolstra pushed 1 new commit to reproducibility: https://git.io/v12C5
<NixOS_GitHub>
nixpkgs/reproducibility c0c8ee3 Eelco Dolstra: Another gratuitous whitespace commit to force a rebuild
<joachifm>
gchristensen: I still think we need to coordinate to maintain our own keyring, if we're going to trust github implicitly, we might as well not sign anything (imo)
<gchristensen>
joachifm: but starting to sign now means if we ever build up that keyring, all the history is valuably signed
<joachifm>
gchristensen: sure sure
edvorg has joined #nixos
griff_ has quit [(Ping timeout: 256 seconds)]
<gchristensen>
niksnut: the problem I have with this article is you have to bootstrap trust somehow, and that is not a solved problem. The general practice I know about for bootstrapping trust is "put all your eggs in one basket, and then protect that basket very well." that ... that is what the offline GPG key is for.
saintromuald has quit [(Ping timeout: 256 seconds)]
<gchristensen>
he's offloading the bootstrapping to 1. his telco (protect his number) and 2. whatsapp who presumably have long-term keys for communicating the keys of users.
zraexy has joined #nixos
<clever>
gchristensen: one reason to still sign things even with github, ive heard of an incident where somebody got into the dev box of a linux maintainer
<clever>
gchristensen: and they added an extra commit under his name, that introduced a privledge escalation exploit
<gchristensen>
also ye
<clever>
gchristensen: and then waited until he pushed it up
<clever>
with commit signing, that commit wouldnt be signed, and it would set off more alarms
<gchristensen>
well, heh
<gchristensen>
it could have set off alarms if those alarms are set to alarm.
<clever>
yeah, thats another issue
<gchristensen>
but: signing any particular commit implicitly signs all history
stepcut has joined #nixos
<gchristensen>
so inject a bad commit and then they don't notice, and commit on top? busted
<clever>
that only works if you review the git history your signing, somebody could have yeah
<gchristensen>
but I do it with the hopes of better tooling down the road :)
saintromuald has joined #nixos
mudri has quit [(Ping timeout: 258 seconds)]
LuMint has quit [(Remote host closed the connection)]
stepcut has quit [(Ping timeout: 244 seconds)]
<gchristensen>
also it is actually just signing the hashes, not the whole contents of the patch or anything, so it depends on the security of the hash
stepcut has joined #nixos
jgeerds has quit [(Remote host closed the connection)]
seanz has joined #nixos
ebzzry has quit [(Ping timeout: 248 seconds)]
<spacekitteh>
hmm
<spacekitteh>
i wonder how i can disable pax at next reboot if i can't build my configuration.nix
<clever>
why is it unable to rebuild?
<spacekitteh>
nodejs
<clever>
comment it out temporarily?
<spacekitteh>
that takes down cjdns :( trying to figure out a way around that
<clever>
you can also replace derivations in systemPackages and similar, with raw strings pointing into the store
erasmas has joined #nixos
<clever>
then it just uses the version you put in the string, exactly as its built
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to master: https://git.io/v129g
<NixOS_GitHub>
nixpkgs/master 469e5e7 Peter Marheine: libdwarf: version the shared object (#20996)...
glines has joined #nixos
fiddlerwoaroof has left #nixos ["ERC (IRC client for Emacs 25.1.1)"]
andymandias has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
[0x4A6F]1 has quit [(Ping timeout: 245 seconds)]
hotfuzz has quit [(Read error: Connection reset by peer)]
hotfuzz has joined #nixos
mudri has joined #nixos
ryanartecona has quit [(Quit: ryanartecona)]
seanz has quit [(Quit: Leaving.)]
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to release-16.09: https://git.io/v127I
<NixOS_GitHub>
nixpkgs/release-16.09 f52eaf4 Peter Marheine: libdwarf: version the shared object (#20996)...
FRidh has quit [(Remote host closed the connection)]
<chattered>
Cheers christine_ and clever. I'll take a look.
amarsman has joined #nixos
<chattered>
I guess we're not particularly deficient compared to other package managers here? Do most other package managers just let Java take care of itself?
nh2_ has joined #nixos
Itkovian has joined #nixos
cpennington has joined #nixos
glines has quit [(Ping timeout: 260 seconds)]
christine_ has quit [(Ping timeout: 258 seconds)]
Itkovian has quit [(Client Quit)]
redmq has quit [(Ping timeout: 256 seconds)]
Itkovian has joined #nixos
<roconnor>
Any Haskellers around? Why is the default package for diagrams-core 1.3.0.8 rather tahn 1.4?
<roconnor>
peti: how is the hackage-packages.nix generated to cause this?
<stepcut_>
How would I package up this library, https://github.com/hercules-team/python-augeas, is there something like cabal2nix I should use? I tried python2nix but it died with some error
<anelson__>
I just want to execute a build inside of a container so that I have a sandbox to play in
<anelson__>
LnL: I don't really want to use docker, in fact I'd rather not. But either way that stuff uses runInLinuxVM, it doesn't quite do what I want
<simpson>
anelson__: Wait, so I don't understand, you *do* or *don't* want running in a container?
<LnL>
^^
aneeshusa has joined #nixos
latk has joined #nixos
<anelson__>
I would like to execute the build of a derivation inside of a container
<anelson__>
I don't want a long-running process
<simpson>
I know that the Nix store is reused inside NixOS containers. I'm not sure what happens if you nix-build inside a container though.
<simpson>
I *think* that the build would happen under the container's cgroups?
<anelson__>
I don't want to nix-build inside of a container
<LnL>
containers can't write to the store
<anelson__>
I want the nix build internally to start up a container, and then execute the command that it would run inside of that container
<anelson__>
this is what runInLinuxVM does
bennofs1 has joined #nixos
<anelson__>
but it requires some system resources (qemu-kvm) which might be being used
<simpson>
I don't think that there's anything like that, no. Now that I think of it, I'm not sure how runInLinuxVM stays pure.
<anelson__>
yeah I don't know much about runInLinuxVM internals, I know it uses qemu
<anelson__>
it can't be run when I'm running VirtualBox, which is pretty much all the time :( hence the problem
<stepcut_>
LnL: so is pkgs/top-level/python-packages.nix maintained by hand then?
wangoe has quit [(Ping timeout: 245 seconds)]
cpennington has joined #nixos
<anelson__>
stepcut_: yes it is
<LnL>
oh that does something different then I thought, looks pretty strange to use in a normal nix-build
<simpson>
anelson__: Interesting.
<LnL>
stepcut_: sadly yes
<stepcut_>
anelson__: cool. I just didn't want to manually edit an autogenerated file :)
<stepcut_>
I am trying to get the certbot-apache plugin working
<LnL>
a bunch of people have tried to write generators to automate it but python packaging is to much of a pain
FRidh has joined #nixos
<anelson__>
fortunately python dependency trees are much more manageable than e.g. haskell or node
<anelson__>
also it's bootstrapped pretty well at this point so it's not as hard to maintain
<anelson__>
not that it's a perfect system though
Shoue has joined #nixos
<NixOS_GitHub>
[nixops] rbvermaa pushed 1 new commit to master: https://git.io/v12pK
<NixOS_GitHub>
nixops/master d4eb7b8 Rob Vermaas: Add r4 as hvm instances.
<NixOS_GitHub>
[nixops] rbvermaa pushed 1 new commit to master: https://git.io/v12pH
<NixOS_GitHub>
nixops/master 833595f Rob Vermaas: Add f1 as hvm instances.
RchrdB has quit [(Quit: Leaving)]
<anelson__>
simpson: yeah, I hope I can figure it out. Fortunately I can run a runInLinuxVM *on* my VM, lol. Just not my host machine, if I'm running virtualbox
<LnL>
anelson__: euh...
bennofs2 has joined #nixos
Guest87276 has joined #nixos
Guest87276 is now known as christine_
bennofs1 has quit [(Ping timeout: 245 seconds)]
rardiol has joined #nixos
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<NixOS_GitHub>
[nixops] rbvermaa pushed 1 new commit to master: https://git.io/v12jR
<NixOS_GitHub>
nixops/master fcbc94c Rob Vermaas: Fix deployments when no .ec2-keys and .aws is available in HOME.
aneeshusa has quit [(Ping timeout: 268 seconds)]
redmq has joined #nixos
stepcut_ has quit [(Remote host closed the connection)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<peti>
roconnor: We follow LTS Haskell 7.x from stackage.org.
Itkovian has joined #nixos
hotfuzz has quit [(Read error: Connection reset by peer)]
christine_ has joined #nixos
hotfuzz has joined #nixos
<Guest57484>
Can i install nixos from my usb stick on a thinkpad without any os on it ? isn't a issue ?!
<simpson>
Guest57484: I imagine it'd be fine, yes.
<maurer>
Guest57484: I did this with a gen-2 x1 carbon
<maurer>
I expect it will work on other models as well
<Guest57484>
Can i install nixos from my usb stick on a thinkpad without any os on it ? isn't a issue ?! mounting /dev/root on /iso... mount: mounting /dev/root on /mnt-root/iso failed no such file or directory
<Guest57484>
anyone has an idea ?
<Guest57484>
it propose me to i) interactive shell, f) start in interactive with pid1 r)reboot, *) continue with no error
danharaj has quit [(Remote host closed the connection)]
<simpson>
I haven't ever encountered that problem, sorry.
civodul has joined #nixos
<BlessJah>
is that normal for nix-env to consume 1GiB of memoery (and growing)
Seichi_ has joined #nixos
Seichi has quit [(Ping timeout: 250 seconds)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<roconnor>
peti: got it. Thanks everyone for explaining.
<kmicu>
BlessJah: Yes, if you are using -i flag instead of -iA.
<BlessJah>
error: unable to fork: Cannot allocate memory
<BlessJah>
kmicu: that was exactly the case
<BlessJah>
-i tries to evaluate whole channel first?
<kmicu>
Yes, or even multiple channels if you have more than one.
phreedom has quit [(Ping timeout: 245 seconds)]
Guest29979 has quit [(Quit: Lost terminal)]
<BlessJah>
that's the case then, I've added unstable recently
oida has joined #nixos
Shoue has quit [(Ping timeout: 258 seconds)]
Guest57484 has quit [(Quit: Quitte)]
zagy has joined #nixos
christine_ has quit [(Ping timeout: 245 seconds)]
christine_ has joined #nixos
Itkovian has joined #nixos
justbeingglad has joined #nixos
justbeingglad has left #nixos []
zagy has quit [(Ping timeout: 258 seconds)]
m0rphism has quit [(Quit: WeeChat 1.4)]
Shoue has joined #nixos
magnetophon has quit [(Ping timeout: 245 seconds)]
goibhniu has joined #nixos
<BlessJah>
I have nixos-16.09-small channel, which nixos-unstable or nixpkgs-unstable should I add for unstable packages?
<gchristensen>
nixos-unstable
<anelson__>
anyone familiar with the vmTools.runInLinuxImage function?
<anelson__>
I'm giving it an iso for its diskImage argument
<c74d>
When I run a NixOS-built NixOS-running QEMU VM, my HDD makes a constant high-pitched noise, only occasionally dropping down to its normal level of noise. Why would a VM use the HDD more than the host, and what can I do to stop it?
<anelson__>
maybe the problem is that the fs is read-only and I'm trying to modify it?
<c74d>
(other than terminating the VM, which stops the noise)
<Dezgeg>
loop is not a filesystem driver
<Dezgeg>
I'd guess iso9660 or isofs
glines has quit [(Ping timeout: 268 seconds)]
<anelson__>
oh ok, maybe that's what I need
<anelson__>
sweet, adding isofs worked
<anelson__>
problem now is that it's read-only
<anelson__>
so it can't mount the nix store
cpennington has quit [(Remote host closed the connection)]
Seichi has joined #nixos
<c74d>
clever: do you know why the sort of VM you showed me how to make would make my HDD sound constantly in use?
<clever>
c74d: if you write a 1 to /proc/sys/vm/block_dump with echo, the kernel will list EVERY filesystem/block access to dmesg
<clever>
you can then grep that to track down any kidn of usage
<NixOS_GitHub>
[nixpkgs] joachifm opened pull request #21007: ndiswrapper: mark as broken (master...ndiswrapper) https://git.io/v1aBQ
<gchristensen>
haha yeah
<clever>
gchristensen: one thing of use, if you have the room, is ddrescue
<clever>
gchristensen: it will skip over the bad sectors, and read as much data as it can, then return to the bad sectors when its done, and re-read them repeatedly
<gchristensen>
nah
<clever>
gchristensen: its best to also give it a path to a log file that will survive a reboot, so you can resume the copy
<gchristensen>
I'm pretty sure I can get better hardware for cheaper :)
<clever>
this is mainly to recover the data from the drive
<gchristensen>
I have no data on there that matters
t-bone has quit [(Remote host closed the connection)]
t-bone has joined #nixos
<gchristensen>
just a bunch of old nixos builds, I was actually thinking about just replacing it anyway instead of running the garbage collection
latk has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
saintromuald has quit [(Ping timeout: 250 seconds)]
<clever>
lol
<LnL>
that's one way to gc all unreferenced paths :p
saintromuald has joined #nixos
<LnL>
is that the machine where you test the rebuilds or something?
phreedom has joined #nixos
<gchristensen>
yeah
<LnL>
ah that's why you have so much data there
<gchristensen>
filled up 1.5tb worth with nix-build
<gchristensen>
forgot to cron the GC
<clever>
i recently put that hydra thing into my desktop as well
<clever>
so it always goes to 10gig free at midnight
<LnL>
gchristensen: we have a service module for that nnow