<NixOS_GitHub>
[nixpkgs] Mic92 pushed 5 new commits to master: https://git.io/vDjao
<NixOS_GitHub>
nixpkgs/master 4689dd2 Thomas Lotze: cmus: enable opus support (re #23051)...
<NixOS_GitHub>
nixpkgs/master 744ce7e Jörg Thalheim: cmus: enable aac support
<NixOS_GitHub>
nixpkgs/master e868669 Jörg Thalheim: cmus: mp4 support
<NixOS_GitHub>
[nixpkgs] Mic92 closed pull request #23092: cmus: enable opus support (re #23051) (master...re23051-cmus-opus) https://git.io/vDjBM
ndowens08 has joined #nixos
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<eacameron>
Anyone have a short example of how to write a deeply overridable config?
mkoenig has quit [(Read error: Connection reset by peer)]
mkoenig has joined #nixos
ibrahims has joined #nixos
threshold has quit [(Quit: leaving)]
threshold has joined #nixos
threshold has quit [(Client Quit)]
<gchristensen>
eacameron: sorry?
threshold has joined #nixos
<eacameron>
gchristensen: I want to build a config with config.override (self: { field = new value; })
<eacameron>
gchristensen: I'm still hoping for an example but I may have figured it out.
Rotaerk has joined #nixos
ibrahims has quit [(Ping timeout: 260 seconds)]
<eacameron>
gchristensen: An extremely crowded and hard-to-read example, I think: lib.fix' (lib.extends (self: super: { a = 2; }) (self: { a = 1; b = self.a + 1; override = f: lib.fix' (lib.extends f self.__unfix__); }))
_sagitaire has quit [(Ping timeout: 260 seconds)]
<threshold>
I am trying to use postgres with the nix package manager on osx
<gchristensen>
yeah I mena you do need to set PGDATA to a directory
__sagitaire has joined #nixos
<peterhoeg>
threshold: and you are referring to a nixos module which doesn't help you on mac
<threshold>
gchristensen: Why does it not default to that directory and ask me to specify that PATH?
<gchristensen>
what would the default directory be?
<eacameron>
threshold: That's the default when using NixOS modules. You're on mac so you'll have to specify that yourself.
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<threshold>
sudo mkdir /var/db/postgresql && PGDATA=/var/db/postgresql pg_ctl start # results in pg_ctl: directory "/var/db/postgresql" is not a database cluster directory
<threshold>
I hate mac so much
<gchristensen>
you need to call initdb
<threshold>
I wish I could develop for iOS in a linux
danharaj has quit [(Remote host closed the connection)]
<eacameron>
I can't remember the exact command sequence. What you're trying to do is not really unique to mac...it's just that you have to do it manually.
ryanartecona has quit [(Quit: ryanartecona)]
<gchristensen>
that said, I share the sentiment of wishing I could use linux for work.
<gchristensen>
for my work computer*
<copumpkin>
gchristensen: I'm now partially barfy and partially warny
<gchristensen>
copumpkin: my platonic ideal for any pumpkin
echo-area has joined #nixos
ibrahims has joined #nixos
Rizy has quit [(Quit: Rizy)]
Rizy has joined #nixos
<gchristensen>
copumpkin: jokes aside (sigh) that is great news :)
ibrahims has quit [(Ping timeout: 255 seconds)]
k0001 has quit [(Ping timeout: 260 seconds)]
<threshold>
postgres=> ALTER USER postgres WITH SUPERUSER;
<threshold>
ERROR: must be superuser to alter superusers
<gchristensen>
sorry, threshold , you should try #postgresql
<gchristensen>
or #postgres, whatever their channel is
<threshold>
Yeah, sorry
<gchristensen>
it is okay :)
<threshold>
I thought it was relevant at first because most package managers will also go ahead and create a postgres user for you automatically
<threshold>
and I can't su - postgres
<threshold>
So now I'm confused
<gchristensen>
oh
<gchristensen>
so installing the package with nix alone doesn't do any of that, it _just_ makes the binary available in the PATH
<threshold>
Got it. This is going to be a memorable night
* threshold
reaches for some kind of drug to help him
<gchristensen>
what's going on?
<threshold>
I need a user called postgres that can create a database
<threshold>
I think the user needs to be a superuser
<gchristensen>
fwiw you don't strictly need that
<threshold>
If not, I don't care. I just want a user named postgres that can create a database at this point
<threshold>
gchristensen: I figured
<gchristensen>
(you don't need a user named postgres)
<gchristensen>
#postgres can likely help more
<threshold>
answer: createdb; psql; ALTER ROLE postgres CREATEDB; \q
AllanEspinosa has joined #nixos
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vDjiT
<NixOS_GitHub>
nixpkgs/master 6c37a92 Graham Christensen: firebird: 2.5.6.27020-0 -> 2.5.7.27050-0 for '2.5.7.27050-0' bypass
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to release-16.09: https://git.io/vDjik
<NixOS_GitHub>
nixpkgs/release-16.09 d87a40e Graham Christensen: firebird: 2.5.6.27020-0 -> 2.5.7.27050-0 for '2.5.7.27050-0' bypass...
alanz has quit [(Ping timeout: 240 seconds)]
takle has quit [(Remote host closed the connection)]
ibrahims has joined #nixos
alanz has joined #nixos
ibrahims has quit [(Ping timeout: 255 seconds)]
mudri has quit [(Quit: WeeChat 1.7)]
<NixOS_GitHub>
[nixpkgs] grahamc created mark-as-insecure (+2 new commits): https://git.io/vDjiN
<NixOS_GitHub>
nixpkgs/mark-as-insecure 38771ba Graham Christensen: nixpkgs: allow packages to be marked insecure...
<NixOS_GitHub>
nixpkgs/mark-as-insecure c8859b7 Graham Christensen: libplist: mark as insecure...
<NixOS_GitHub>
[nixpkgs] grahamc deleted mark-as-insecure at c8859b7: https://git.io/vDjix
<FPtje>
Has anyone experienced an empty /nix/var/nix/profiles/system/bin/switch-to-configuration file before? I've had it three times now (and solved it by generating a new SD card because I was working on something else), but it's starting to creep me out
<FPtje>
It's happening on a raspberry like FPGA board, to which I deploy with nixops
<xeviox>
can I explicitely make something in a nix expression be a path? seems like it has problems using "./" as path
takle has quit [(Ping timeout: 260 seconds)]
<FPtje>
xeviox, have you tried ./. (without quotes)?
<xeviox>
FPtje: hell yeah, this one works.. thanks alot o/ :D
<FPtje>
Cheers!
<xeviox>
could I also reference an existing env var (to be able to extend or modify the path variable)
<FPtje>
What do you mean by an env var? Something like $HOME?
<xeviox>
yes
<xeviox>
I want to extend $PATH
takle has joined #nixos
<FPtje>
The PATH variable of your own user?
<xeviox>
yes, and I want to extend it when I use "nix-shell" with a nix expression
<xeviox>
I know this is not the intention of the whole thing..
<FPtje>
Sounds like X Y problem, I guess you want a certain program to be available when you open a nix shell?
<xeviox>
but as long as I'm not experienced enough to use it correctly I'll have to use some hacks :/
<xeviox>
some kind of, I've created an expression that provides python3 and pip
<xeviox>
then I used pip to install the aws-cli but that one ended up in my home folder :/
<FPtje>
Nix is actually really clever with PATH. When you build a derivation (package), you need some programs to be in PATH, stuff like make, python, maybe specific python packages
<FPtje>
So nix has provisions for that. Basically if you put the programs you need in (I believe) buildDepends, it'll be available when you nix-build the derivation or open a nix-shell into the derivation
<xeviox>
now I can start a nix-shell with my expression and have python3 (and some others) in PATH like needed. Only the aws-cli is in the wrong place (because I used pip to get the current version)
<FPtje>
alternatively you can open a nix-shell, give it a -p and then some programs
<FPtje>
"nix-shell -p python" would open a nix-shell with python
<xeviox>
yeah, that works fine
<FPtje>
ah, you're trying to install that package using pip
takle has quit [(Ping timeout: 255 seconds)]
<xeviox>
the problem is that the aws-cli version in the nix channel is to old
<FPtje>
are you aware of pythonPackages?
<FPtje>
oh right
<xeviox>
the probably correct way is to build a correct nix expression for it
<FPtje>
Yeah, the problem with pip is that it works outside the whole nix shell business
<FPtje>
the best way would be to override it
<xeviox>
but I'm not experienced right now and I have to use the awas-cli for work (so don't have enough time to figure it out)
<xeviox>
yeah, I hate those language specific package managers :/
katyucha has quit [(Quit: Lost terminal)]
<xeviox>
so, seems I have to look into building packages for nix :D
Itkovian has quit [(Read error: Connection reset by peer)]
goibhniu has joined #nixos
<xeviox>
anyways thanks a lot for your help, at least makes my go project usable in nix :D
<FPtje>
What version of awscli do you need?
katyucha1 has joined #nixos
<FPtje>
If you look in nixpkgs/pkgs/top-level/python-packages.nix, you can find the derivation for awscli
<xeviox>
currently I use the latest (it has a lot of new functions for cloud formation). Sadly I don't know when those were added..
<xeviox>
ah ok
<xeviox>
maybe I can change what I need :D
<xeviox>
thanks again
<FPtje>
you can go to your configuration.nix and probably override pythonPackages.awscli, changing version and src
<xeviox>
hmm, it states "1.11.45" which is pretty up-to-date
<xeviox>
and there is still relatively small content for nix
<xeviox>
but that will get better over time :D
<xeviox>
thanks for the tutorials
<FPtje>
Yeah, it really has the right idea. Cheers
ibrahims has joined #nixos
takle has joined #nixos
nschoe has quit [(Read error: Connection reset by peer)]
nschoe has joined #nixos
derjohn_mob has quit [(Ping timeout: 240 seconds)]
takle has quit [(Ping timeout: 260 seconds)]
bin7me has joined #nixos
bin7me has quit [(Remote host closed the connection)]
takle has joined #nixos
arjen-jonathan has joined #nixos
Itkovian has joined #nixos
<NixOS_GitHub>
[nixpkgs] teh opened pull request #23102: Allow directories with a default.nix to be imported as an overlay. Cl… (master...master) https://git.io/vyeTn
<NixOS_GitHub>
[hydra] rbvermaa pushed 1 new commit to master: https://git.io/vyeT4
<NixOS_GitHub>
hydra/master fd754d6 Rob Vermaas: Do not trigger eval on jobset change when check interval is 0 (disabled).
takle has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub>
[nixpkgs] peterhoeg pushed 1 new commit to master: https://git.io/vyeT0
<NixOS_GitHub>
nixpkgs/master 84fd5da Peter Hoeg: terragrunt: 0.10.2 -> 0.10.3
<sziszi>
FPtje> "Yeah, Nix has a steep learning curve" — holy hell, yes
<sziszi>
feeling really dumb using this OS
takle has joined #nixos
ThatDocsLady has joined #nixos
<sziszi>
7years ago arch was a bit steep too for me at least. but this OS is more hard to understand
<sziszi>
but also DOPE! :)
<FPtje>
sziszi, Yeah, it requires a combination of functional programming skills, system management and even then some understanding on how things are done in nix specifically
takle has quit [(Ping timeout: 260 seconds)]
jgertm has joined #nixos
ibrahims has quit [(Ping timeout: 260 seconds)]
<FPtje>
Ah, the nix store of the device has become corrupt, the "nixos-system" store path is also corrupt. On my device that path holds a non-empty switch-to-configuration file. On the broken device it's empty.
<NixOS_GitHub>
[nixpkgs] pSub pushed 2 new commits to master: https://git.io/vyekP
proteusguy has quit [(Remote host closed the connection)]
phreedom has quit [(Quit: No Ping reply in 180 seconds.)]
eacameron has joined #nixos
phreedom has joined #nixos
eacameron has quit [(Ping timeout: 268 seconds)]
takle has joined #nixos
<FPtje>
the nix store of the device has become corrupt, the "nixos-system" store path is also corrupt. On my device that path holds a non-empty switch-to-configuration file. On the broken device it's empty. Nix-store --verify --repair cannot download the paths. How do I force copy to the device?
pi3r has joined #nixos
<FPtje>
The corruption is very specific it seems. It seems limited to all services of the current configuration, which contain long strings of "^@^@^@...", and the configuration path, which has its "bin/switch-to-configuration" empty.
takle has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
takle has quit [(Remote host closed the connection)]
<jophish_>
ah, perhaps I've misunderstood isStorePath to mean isInStore
ixxie has joined #nixos
<sziszi>
FPtje: functional programming? why?
<FPtje>
sziszi, Nix is a functional programming language
eacameron has joined #nixos
Shou has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
mudri has quit [(Ping timeout: 255 seconds)]
ixxie has quit [(Ping timeout: 260 seconds)]
<sziszi>
FPtje: I know, but why I have to code in it?
<FPtje>
sziszi, It's not necessary if the built in things in NixOS do what you want. It is necessary if you need things that aren't provided by NixOS
<FPtje>
like services that NixOS has no support for, derivations that don't exist in nixpkgs, that kind of stuff
<sziszi>
I'm at this point for now :)
<FPtje>
That's okay, you have to start somewhere
<sziszi>
i've seen some haskell back in the day when I started using Xmonad, and that stuff wasnt a good experience
<sziszi>
so functional programming is a bit NONO for me
<FPtje>
what wasn't good about it?
<LnL>
I'm actually pretty surprised by the contributions of somebody that said he's not a programmer
<sziszi>
FPtje: it was weird as hell
<spacekit1eh>
functional programming is excellent
<spacekit1eh>
i don't understand why people say it's hard
<FPtje>
sziszi, It is weird, especially when you're used to imperative programming
spacekit1eh is now known as spacekitteh
<sziszi>
nix is not hard, but haskell is
<spacekitteh>
haskell isn't hard
<FPtje>
I remember being very frustrated about not being able to use mutable variables and for loops
<spacekitteh>
monads aren't any harder than learning what inheritence is in OOP, for example
<LnL>
it's just a different way of thinking about what you want to do
<FPtje>
Not knowing what the right way of doing these things is made it frustrating. I remember thinking "How can you do /anything/ serious if you can't change a variable?"
<spacekitteh>
exactly, LnL
<MP2E>
you can use mutable variables, they require using the ST type
<FPtje>
Eventually I learned, and now my Haskell is pretty fluent, but you have to get over some barrier
<MP2E>
it's just not generally recommended because there are lots of other ways of doing things, and you'll find that you don't need a mutable variable as much as you might think..
<spacekitteh>
people who say that Haskell is hard fail to realise that the only reason they think it's hard is because they only learned imperitive programming
<FPtje>
spacekitteh, Regardless of cause, hard is hard
<spacekitteh>
FPtje: sure, but haskell isn't even hard
<spacekitteh>
it's just different to what they're used to
MP2E has quit [(Quit: sleep)]
<spacekitteh>
they think it's hard because they have to learn it from the fundamentals again
<sziszi>
spacekitteh: it's not brainfuck OFC, but i'm somewhat new to programming
<FPtje>
Nothing is more frustrating than people telling you how Haskell isn't hard when you can't figure out how to calculate the sum of a simple list
<spacekitteh>
FPtje: sum myList
<FPtje>
spacekitteh, good job
<Havvy>
foldL + myList # ???
<spacekitteh>
Havvy: foldL (+) myList
<spacekitteh>
you need the ()
<FPtje>
and an initial value, 0
<spacekitteh>
^
<FPtje>
but that's beside the point
<FPtje>
having to relearn the fundamentals is hard
<FPtje>
Just like learning your first imperative language is hard
* Havvy
hasn't even actually written a real Haskell program.
<Havvy>
Or even anything more complex than the previous statement.
<spacekitteh>
FPtje: i wouldn't say it's hard, just long
<LnL>
I think people that have trouble learning it either underestimate what learning a new paradigm means and try to compare it to much with what they know
<FPtje>
But would you understand that someone new to functional programming, breaking their brain over how folds work could potentially consider it difficult?
<spacekitteh>
indeed, LnL
<spacekitteh>
FPtje: sure, but it's because they're trying to take shortcuts usually, FPtje
<LnL>
you sort of have to sed aside what you know about "programming"
<FPtje>
spacekitteh, what kind of shortcuts?
phreedom has quit [(Quit: No Ping reply in 180 seconds.)]
<spacekitteh>
by starting from the POV of "this is different from imperitive programming in the following ways" rather than "this is a way to program"
<FPtje>
Imagine someone staring at the definition of foldl, trying to figure out how it works
<NixOS_GitHub>
[nixpkgs] abbradar pushed 5 new commits to master: https://git.io/vyeZU
<NixOS_GitHub>
nixpkgs/master fd29b10 Nikolay Amiantov: linuxPackages.lttng-modules: 2.8.3 -> 2.9.1
<NixOS_GitHub>
nixpkgs/master ba43d6b Nikolay Amiantov: lttng-tools: 2.5.2 -> 2.9.3
<NixOS_GitHub>
nixpkgs/master a435327 Nikolay Amiantov: lttng-ust: 2.5.1 -> 2.9.0
<FPtje>
ignorant of how basic things work like currying or pattern matching
<FPtje>
I mean it's pretty difficult to understand how foldl works if you don't fully understand these things
<spacekitteh>
it's like trying to learn to fly a plane, and trying to think of everything in terms of car metaphors
<spacekitteh>
instead of learning it on its own terms
<spacekitteh>
flying isn't any harder than driving
<FPtje>
how does that analogy apply to the person staring at foldl?
<FPtje>
having limited understanding of currying and/or pattern matching?
<LnL>
spacekitteh: I like that metaphor
<spacekitteh>
(note: i learned to fly before i learned to drive)
<Havvy>
spacekitteh: See also, everybody's first time in a plane in Grand Theft Auto games.
* spacekitteh
finds driving more difficult than flying TBH
<FPtje>
spacekitteh, imagine having trouble parallel parking
<spacekitteh>
i can't parallel park
<FPtje>
and then your instructor telling you that it's easy
<spacekitteh>
i know it's easy
<FPtje>
then why isn't it easy?
phreedom has joined #nixos
<FPtje>
surely if it were easy, you would be able to do it
<FPtje>
but apparently it's not
sheenobu has quit [(Quit: Leaving)]
<spacekitteh>
because i have trouble reasoning about reversing
<spacekitteh>
planes don't reverse :P
<FPtje>
so it's easy, despite the fact that you have trouble reasoning about it
<spacekitteh>
sure
<spacekitteh>
it's objectively easy
<FPtje>
objectively?
<spacekitteh>
given a billion people can do it
<FPtje>
I thought "easy" was subjective
<FPtje>
Some things are easy for some people, yet difficult for others
* spacekitteh
shrugs
<FPtje>
depending on skill, training, physical ability
<FPtje>
knowledge
<FPtje>
I guess you can reason objectively about things being easy
<spacekitteh>
drinking a glass of water is objectively easy, designing a nuclear reactor is objectively hard. sure, some people can't drink a glass of water due to disabilities, etc
<FPtje>
saying "if you have this and that and that skill, then this skill should follow easily"
<spacekitteh>
breathing is objectively easy
Wizek has joined #nixos
Itkovian_ has joined #nixos
<spacekitteh>
it's much easier to categorise things as easy than as hard
<FPtje>
spacekitteh, for all humans that share the part in the brain that controls that yes
<FPtje>
but that's still subjective to a majority of humans
<spacekitteh>
something something frequentist
<spacekitteh>
(had to finish the triad)
<FPtje>
frequentist?
<spacekitteh>
(objective probability, subjective proability, frequential probability; all related to complexity theory)
Itkovian has quit [(Ping timeout: 260 seconds)]
<FPtje>
where is probability involved?
<spacekitteh>
it's not
ibrahims has quit [(Ping timeout: 240 seconds)]
ibrahims has joined #nixos
freusque has joined #nixos
iyzsong has joined #nixos
martinb1 has joined #nixos
pi3r has quit [(Ping timeout: 240 seconds)]
eacameron has joined #nixos
pi3r has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
indi_ has joined #nixos
martinb1 is now known as timor
indi_ has quit [(Remote host closed the connection)]
MP2E has joined #nixos
bennofs1 has joined #nixos
xadi1 has joined #nixos
xadi has quit [(Read error: Connection reset by peer)]
<unlmtd[m]>
trying to launch nix shell in rust website generator gives:
<unlmtd[m]>
error: cannot auto-call a function that has an argument without a default value (‘rustPlatform’)
arjen-jonathan has quit [(Ping timeout: 260 seconds)]
eacameron has quit [(Ping timeout: 255 seconds)]
<NixOS_GitHub>
[nixpkgs] grahamc closed pull request #22890: nixpkgs: allow packages to be marked insecure (master...mark-as-insecure) https://git.io/vD9zs
<unlmtd[m]>
so now I found out that I did not write a derivation
pi3r has quit [(Ping timeout: 255 seconds)]
<unlmtd[m]>
back to reading then
katyucha1 is now known as katyucha
arjen-jonathan has joined #nixos
MP2E has quit [(Quit: leaving)]
phreedom has quit [(Quit: No Ping reply in 180 seconds.)]
jgeerds has joined #nixos
phreedom has joined #nixos
mariusapo has joined #nixos
<mariusapo>
hello every1
<mariusapo>
i have a question
<gchristensen>
sure
<gchristensen>
ask away :)
<mariusapo>
i tried to install nixos on my uefi,gpt with the last iso file burned on a usb stick,but when i type the systemctl start display-manager,nothing happen
Havvy has quit [(Quit: Computer Restarted or Restarting IRC)]
Havvy has joined #nixos
<unlmtd[m]>
if you got the minimal iso then there's no gui
mkoenig has joined #nixos
<mariusapo>
is the graphical iso file
seb_ has joined #nixos
<unlmtd[m]>
try going to the tty on f7 maybe
<mariusapo>
u mean to change from tty1 to another ?
seb_ has quit [(Client Quit)]
<Profpatsch>
Hm, how do I list the libraries in scope in a nix shell?
arjen-jonathan has quit [(Ping timeout: 240 seconds)]
<Profpatsch>
./configure throws a “libz not found” error, but I definitely have zlib in buildInputs
<Profpatsch>
So maybe it does strange things.
<Profpatsch>
Oh, autoreconfHook was missing
<mariusapo>
well,i guess that the graphical iso has a broke graphical display manager,coz is not running ...
davidak has joined #nixos
mariusapo has quit [(Quit: Page closed)]
<Acou_Bass>
eey guys, im trying to update my kernel to see if it fixes an issue with my wifi card (spoiler: it does!) but for some reason i no longer have nvidia-drivers... i added line boot.kernelpackages = pkgs.linuxPackages_latest and have the already-existing services.xserver.videoDrivers = [ "nvidia-beta" ]; (i did try 'nvidia' but it gave me a kernel version conflict...) any chance i can get some aid in making this
<Acou_Bass>
work? XD
<goibhniu>
hi Acou_Bass, in what way does it not work?
<Acou_Bass>
well, when i reboot it seems to default back to FOSS drivers (or at least, there is no nvidia-settings GUI and i have very bad gfx performance)
<Acou_Bass>
and at no point in the nixos-rebuild switch did it seem to pull in the newer nvidia drivers
<goibhniu>
was "nvidia" working for you before?
phreedom has quit [(Ping timeout: 255 seconds)]
<Acou_Bass>
with the default kernel yes
<Acou_Bass>
but with default kernel my wifi card doesnt work soo... hmm
<Acou_Bass>
bearing in mind that with default kernel i was just using "nvidia" not -beta
<goibhniu>
cool, so what about this kernel version conflict?
<goibhniu>
which kernel are you using?
<Acou_Bass>
ok so if i do the linuxPackages_latest line, this happens:
<Acou_Bass>
(sec im pastebinning this as its a bit of a long one)
<goibhniu>
cool ... did you see if that's a more common problem?
<goibhniu>
on other distros etc.
<goibhniu>
which channel are you using?
<Acou_Bass>
im using 16.09
<Acou_Bass>
i dunno if its a common issue, didnt seem to be... arch for example uses nvidia-beta by default and latest linux kernel, but im not sure how they glue the two together
* goibhniu
is using linux 4.9.9 with nvidia 375.26 FWIW
<goibhniu>
on unstable
<goibhniu>
maybe it's worth bumping the nvidia driver on 16.09? ... I don't know what the policy is for drivers on the stable release
<goibhniu>
would be worth testing locally at least
<Acou_Bass>
hmmm
<Acou_Bass>
ill give it a bash later on then :) gotta shoot! thanks for the help ill bug y'all about it a bit more later on!
<goibhniu>
super, good luck!
<gchristensen>
Acou_Bass, goibhniu: we shouldn't upgrade the nvidia driver on 16.09 to 375 I think
<goibhniu>
ah ok, I was thinking it would make sense to include the latest stable release of a driver in the stable channel, but then again we'd need to be sure it works with the default kernel
abcrawf has quit [(Remote host closed the connection)]
<goibhniu>
AFAIK in an ubuntu release, they give you a few options ... maybe we should do it like that, default to whatever was current when the nixos release happened, then also make nvidia-latest available as an option, in addition to nvidia-beta
abcrawf has joined #nixos
eacameron has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vyeun
<NixOS_GitHub>
nixpkgs/master 0bfbd03 Vladimír Čunát: dnsperf: init at 2.1.0.0
Shou has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
ThatDocsLady is now known as ThatDocsLady_afk
justbeingglad has joined #nixos
justbeingglad has left #nixos []
Shou has quit [(Ping timeout: 240 seconds)]
Havvy has quit [(Remote host closed the connection)]
Havvy has joined #nixos
iyzsong has quit [(Quit: bye)]
xwvvvvwx has joined #nixos
<Profpatsch>
Fuuzetsu: I tried using flpsed, it seems to be very broken?
<Profpatsch>
The menu doesn’t work
<Profpatsch>
gs is not found (is a runtime execvp)
pi3r has joined #nixos
<NixOS_GitHub>
[nixpkgs] mdaiter opened pull request #23103: stanchion: added test (master...stanchionTest) https://git.io/vye2S
eacameron has joined #nixos
<NixOS_GitHub>
[nixpkgs] dtzWill opened pull request #23104: R/generate-shell: Use R from current tree, fix missing wget dep. (master...fix/generate-shell) https://git.io/vyeVv
Shou has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 2 new commits to release-16.09: https://git.io/vyeV0
<NixOS_GitHub>
nixpkgs/release-16.09 2adafd9 Vladimír Čunát: fstrm: init at 0.3.1...
<NixOS_GitHub>
nixpkgs/release-16.09 05db33f Vladimír Čunát: dnsperf: init at 2.1.0.0...
<gchristensen>
nothing like starting a morning with 11 kernel builds
suvash_away has quit [(Ping timeout: 240 seconds)]
abcrawf has quit [(Ping timeout: 240 seconds)]
suvash_away has joined #nixos
abcrawf has joined #nixos
sheenobu has joined #nixos
<NixOS_GitHub>
[nixpkgs] mdaiter opened pull request #23105: riak-cs: added test (master...riak_cs_test) https://git.io/vyer3
<NixOS_GitHub>
[nixpkgs] jgeerds pushed 1 new commit to master: https://git.io/vyer4
MercurialAlchemi has quit [(Ping timeout: 240 seconds)]
<LnL>
optimus42: I don't think there is a pr for it yet
<NixOS_GitHub>
[nixpkgs] fpletz pushed 3 new commits to master: https://git.io/vyeDM
<NixOS_GitHub>
nixpkgs/master 66f5539 Franz Pletz: dhcpcd service: fix network-online.target integration...
<NixOS_GitHub>
nixpkgs/master 4905c1c Franz Pletz: prosody service: needs working network connectivity
<NixOS_GitHub>
nixpkgs/master a689c7c Franz Pletz: pythonPackages.xdot: fix wrapper
estewei has joined #nixos
takle has joined #nixos
mkoenig has quit [(Ping timeout: 260 seconds)]
mkoenig has joined #nixos
ThatDocsLady_afk is now known as ThatDocsLady
Shou has joined #nixos
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vye9X
<NixOS_GitHub>
nixpkgs/master cb63a0b Vladimír Čunát: knot-resolver: maintenance 1.2.2 -> 1.2.3...
<NixOS_GitHub>
[nixpkgs] vcunat pushed 1 new commit to release-16.09: https://git.io/vye9H
<NixOS_GitHub>
nixpkgs/release-16.09 7d9e9c7 Vladimír Čunát: knot-resolver: maintenance 1.2.2 -> 1.2.3...
<NixOS_GitHub>
[nixpkgs] coissac opened pull request #23111: diamond: init at 0.8.36 (master...diamond) https://git.io/vyeHG
Geraldus has joined #nixos
Geraldus has quit [(Client Quit)]
andsild has joined #nixos
alx741 has joined #nixos
ibrahims has quit [(Ping timeout: 240 seconds)]
Shou has quit [(Ping timeout: 260 seconds)]
ibrahims has joined #nixos
<hodapp>
blaaargh. I wish I could find a way to not have to rebuild RStudio every single time I change the packages I make it depend on with the patch I had added (useRPackages)
<hodapp>
it's a lot of C++...
<savanni>
Have any of you gotten a scanner to work on nixos?
<hodapp>
yeah
<hodapp>
laptop isn't powered up now but I don't remember having to do anything special aside from adding some SANE drivers like described in https://nixos.org/wiki/Scanners
<savanni>
hodapp: Do you have any advice? Google searches aren't giving me any successes. I have a scanner that sane-find-scanner detects, but can't seme to do anything.
<hodapp>
likely just need hardware.sane.extraBackends
<domenkozar>
globin: via github interface?
mkoenig has quit [(Ping timeout: 268 seconds)]
mkoenig has joined #nixos
<savanni>
hodapp: Do you happen to know what the USB backend is?
<hodapp>
savanni: it'll depend on the device; you'll likely have to search around
<savanni>
okay, thanks
optimus42 has quit [(Remote host closed the connection)]
<copumpkin>
niksnut: I improved the barfing behavior in that PR :) let me know what you think!
<goibhniu>
savanni: I needed extra firmware for my espon snapscan
<goibhniu>
^epson
dbmikus has joined #nixos
roconnor has joined #nixos
<NixOS_GitHub>
[nixpkgs] andsild opened pull request #23112: slock: added documentation to nixpkgs manual (master...wikislock) https://git.io/vyeN3
reinzelmann has quit [(Quit: Leaving)]
ixxie has joined #nixos
arjen-jonathan has joined #nixos
Itkovian has quit [(Ping timeout: 240 seconds)]
<savanni>
@goibhniu: do I just need to pull a binary blob from Epson?
<NixOS_GitHub>
[nixpkgs] abbradar opened pull request #23117: nix service: try to downgrade schema (master...nix-downgrade) https://git.io/vyvnQ
fresheyeball has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub>
[nixpkgs] fpletz pushed 1 new commit to master: https://git.io/vyvcu
<NixOS_GitHub>
nixpkgs/master 67b4f72 Jason A. Donenfeld: wireguard: 0.0.20170214 -> 0.0.20170223...
<dtz>
\o/ ty fpletz
ryanartecona has quit [(Read error: Connection reset by peer)]
ryanartecona has joined #nixos
<jeaye>
sphalerite: I'd first try compiling it outside. It's quite old now and requires you to have a certain version of Rust.
<jeaye>
sphalerite: It's also not much of a game, since I stopped developing it about 6 months in. It's likely only worth running if you want to tinker, borrow code, etc.
<NixOS_GitHub>
[nixpkgs] joachifm pushed 1 new commit to master: https://git.io/vyvWo
<NixOS_GitHub>
nixpkgs/master b92501f Joachim Fasting: grsecurity: 4.9.11-201702181444 -> 201702222257
sibi has quit [(Quit: Connection closed for inactivity)]
derjohn_mob has quit [(Ping timeout: 255 seconds)]
DutchWolfie has quit [(Quit: Konversation terminated!)]
<eacameron>
Anyone, is it possible to change some of the systemd settings on a nixos module? I want to make the services.mysql systemd service enable auto restart on failure.
johnsonav has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyv4L
<NixOS_GitHub>
nixpkgs/master be427d6 Vincent Laporte: ocamlPackages.sexplib: init at 113.33.00+4.03
ibrahims has quit [(Ping timeout: 260 seconds)]
ibrahims has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyv4r
<NixOS_GitHub>
nixpkgs/master 63796fd Vincent Laporte: ocamlPackages.ppx_core: init at 113.33.01+4.03
<LnL>
copumpkin: zimbatm: I recently ported part of my nix-docker repositoy to use the dockerTools
<copumpkin>
I think that will work, although there's a section that doesn't work
<copumpkin>
we need to make serviceConfig into a submodule for it to merge settings inside it
<eacameron>
copumpkin: I'll try it. How can I tell from the source what will and won't work?
takle has quit [(Remote host closed the connection)]
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyvRs
<NixOS_GitHub>
nixpkgs/master d6bc0c9 Vincent Laporte: ocamlPackages.ppx_optcomp: init at 113.33.0[01]+4.03
mog has quit [(Ping timeout: 240 seconds)]
digitalmentat has joined #nixos
goibhniu has quit [(Ping timeout: 240 seconds)]
<mbrock>
I have a Hetzner server that I've been using as a Nixops slave, but now I want to stop using Nixops and just keep it as a regular NixOS computer, but it's not clear to me how to do this
ryanartecona has quit [(Quit: ryanartecona)]
pi3r has joined #nixos
bfrog has quit [(Ping timeout: 260 seconds)]
ryanartecona has joined #nixos
vandenoever has joined #nixos
<copumpkin>
niksnut: any reason you attach four ephemeral drives to the standard EC2 AMIs?
arjen-jonathan has joined #nixos
mog has joined #nixos
<eacameron>
copumpkin: Heh...systemd "Restart" config is in "serviceConfig"
<gchristensen>
so when do we get over to sha512...
<eacameron>
gchristensen: when sha1024 becomes the new recommendation. ;P
<gchristensen>
lol
freusque has quit [(Quit: WeeChat 1.7)]
<gchristensen>
LnL: do you use kwm?
<copumpkin>
sha512 is not meaningfully more secure than sha256
<copumpkin>
it's potentially faster to compute
<LnL>
gchristensen: yes, I added it for a reason :)
<gchristensen>
you like it?
eacamero_ has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
* gchristensen
contemplates
hcury has joined #nixos
<LnL>
it has some issues, but yes
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyv2m
<NixOS_GitHub>
nixpkgs/master 7ca9e67 Vincent Laporte: ocamlPackages.ppx_type_conv: init at 113.33.02+4.03
<eacamero_>
copumpkin: gchristensen: I got disconnected...
eacamero_ is now known as eacameron
<eacameron>
Oh message was never sent.
<eacameron>
copumpkin: gchristensen: So is there no way to enable automatic restart on the mysql service? I need to sneak a setting into systemd.services.mysqld.serviceConfig.Restart
<copumpkin>
possibly not easily :(
<copumpkin>
there should be
<copumpkin>
I'd make an issue about serviceConfig being a submodule
<copumpkin>
would make a lot of stuff a lot better
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyva3
<NixOS_GitHub>
nixpkgs/master a9b0c95 Vincent Laporte: ocamlPackages.ppx_sexp_conv: init at 113.33.01+4.03
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyvaB
<NixOS_GitHub>
nixpkgs/master 75b187b Vincent Laporte: ocamlPackages.eliom: adds ocamlbuild as a dependency
<eacameron>
copumpkin: I'm not exactly sure what that means, so maybe you could make an issue?
<LnL>
gchristensen: it's very unixy, as a vim user I really like khd
<gchristensen>
nice
<gchristensen>
I miss i3 on osx :/
reinzelmann has joined #nixos
<hcury>
you guys should try notion wm, best wm i ve tried so far
wizeman has quit [(Quit: Connection closed for inactivity)]
hcury has quit [(Quit: Page closed)]
georges-duperon has quit [(Ping timeout: 255 seconds)]
suvash_away has quit [(Ping timeout: 240 seconds)]
<eacameron>
copumpkin: Hm...yah it's not working.
suvash_away has joined #nixos
<eacameron>
copumpkin: I wonder if I can add another service that triggers when mysql dies
sid_cypher has joined #nixos
phreedom has joined #nixos
<gchristensen>
eacameron: can you paste what you've tried?
<eacameron>
gchristensen: Sure
<eacameron>
gchristensen: copumpkin: systemd.services.mysqld.serviceConfig.Restart = "on-failure"; # first attempt - has no effect.
<copumpkin>
but it looks like it's doing a bunch of nontrivial prestart and poststart stuff
<eacameron>
gchristensen: This is a nixops machine, but yeah I'm using systemctl show mysql
<copumpkin>
that might get lost if you override it
<gchristensen>
systemd.services.mysql.serviceConfig.Restart should work I think
<eacameron>
gchristensen: copumpkin: Oh you're right, no d
<eacameron>
gchristensen: copumpkin: Sure enough, it *appears* to be working. As in, Restart is now "on-failure" and yet ExecStart is still correct.
<copumpkin>
oh fun
<copumpkin>
I thought it didn't merge options properly
<copumpkin>
perhaps that only matters if you have multiple keys of same name
<eacameron>
copumpkin: Yah the mysql module doesn't set the serviceConfig.Restart attribute
<eacameron>
So we might be lucky. ;)
<eacameron>
copumpkin: gchristensen: Thanks very much for the assistance.
<copumpkin>
\o/
<NixOS_GitHub>
[nixpkgs] jwiegley pushed 1 new commit to master: https://git.io/vyvrK
<NixOS_GitHub>
nixpkgs/master 6bbddcf John Wiegley: xcbuild: Guard a glibc-only postPatch with \!isDarwin
phreedom has quit [(Ping timeout: 240 seconds)]
arjen-jonathan has quit [(Ping timeout: 240 seconds)]
<copumpkin>
niksnut, ikwildrpepper: I'm seeing some really weird behavior on the new amazon-init.service thing I made the other day
ryanartecona has quit [(Quit: ryanartecona)]
<copumpkin>
basically, it switches the configuration successfully, but doesn't seem to start new units...
<copumpkin>
I log in afterwards and run `nixos-rebuild switch` again (without changing configuration.nix), it does no nix build work whatsoever but starts new units
<copumpkin>
I have no idea what would cause that
phreedom has joined #nixos
mudri has joined #nixos
<Dezgeg>
maybe it stops the amazon-init.service as the first thing? :P
<copumpkin>
nope, I prevent that from happening
<copumpkin>
it does successfully start one "new unit"
<copumpkin>
so it prints out "the following new units were started: systemd-vconsole-setup.service"
<copumpkin>
"reloading the following units: dbus.service, firewall.service" (because I changed some stuff there)
<copumpkin>
actually you might be right
fabian_a has joined #nixos
ronny has quit [(Ping timeout: 240 seconds)]
<copumpkin>
nope, it prints out the final message saying "finished switching to system configuration ..."
<copumpkin>
which is the last thing in switch-to-configuration.pl
fresheyeball has joined #nixos
Guest85325 has quit [(Ping timeout: 240 seconds)]
pierron has quit [(Ping timeout: 260 seconds)]
octe has quit [(Ping timeout: 260 seconds)]
fresheyeball has quit [(Ping timeout: 240 seconds)]
fresheyeball has joined #nixos
<MarcWeber>
Why is using chromium from shell to open a second window so much slower than ctrl-n on an existing window? "reusing same instance" Is it because chrmium executable is 200mb in size?
<MarcWeber>
xmessage appears almost instantly.
Khetzal has quit [(Remote host closed the connection)]
octe has joined #nixos
Khetzal has joined #nixos
<alibabzo>
Hi guys, has anyone succeeded in using the compton user service?
<alibabzo>
For me, it seems like it starts too early, as if I run it with autologin, my screen doesn't render properly.
<alibabzo>
But if I disable autologin, and log in normally with LightDM, it seems to work fine.
<ToxicFrog>
MarcWeber: if I had to guess, I'd guess because ctrl-N on an existing window just...creates a new window in the existing Chrome process
<ToxicFrog>
Whereas running it from the shell starts up a chrome process from scratch, including loading and mapping the entire executable and all of its shared libraries, then checks if there's already a chrome running, finds it, sends an RPC to it, and exits.
<MarcWeber>
ToxicFrog: AFAIK chrome does use its own process for each window / tab anyway for security and memory and whatnot reasons. chromium in shell prints: "Created new window in existing browser session"
georges-duperon has joined #nixos
<copumpkin>
this is a systemd thing
pierron has joined #nixos
<copumpkin>
if I create a user in the new config, it works fine
<LnL>
sha1 collisions: https://shattered.it, does this we can use that for chromium and drop md5?
<copumpkin>
okay, so it shows up as inactive and dead
<copumpkin>
the service that should start
<copumpkin>
something fishy is going on
<copumpkin>
there also seems to be a "not-found" postgresql.service in `systemctl -a`, even though this is a brand new machine
arjen-jonathan has joined #nixos
<copumpkin>
and I never asked for postgresql
<copumpkin>
oh, httpd references postgresql.service in its After section
<copumpkin>
o.O
<LnL>
why?
jsgrant- has joined #nixos
<greymalkin>
Anyone know a good tutorial on setting up a LAMP server configuration.nix? I've got "enablePHP=true;" but going to localhost/index.php wants to download the php file itself, rather than use it.
cpennington has quit [(Ping timeout: 260 seconds)]
<ToxicFrog>
MarcWeber: yeah, but fork() is a lot faster than fork()-exec()
<copumpkin>
but will /mnt/nix/var/nix/db be updated?
<MichaelRaskin>
gchristensen: if you want real hash security, you want multiple hashes (SHA3 — original version — plus one other SHA3 finalist, for example)
<clever>
copumpkin: nope
<clever>
copumpkin: its pretty much just tar -c and tar -x
<copumpkin>
that's generally my issue
<gchristensen>
MichaelRaskin: good ol' gentoo style
<MichaelRaskin>
Two years later a group of Chinese PhD students release an attack that can be done on a desktop in a week
<copumpkin>
yeah, once you find a crack, people start prying it wider and wider
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<MichaelRaskin>
Actually, the current collision is an improvement on a long chain of attacks
<copumpkin>
clever: anyway, thanks for the thoughts :) the db.sqlite is proving to be the most painful part of it though
<copumpkin>
otherwise I can just rsync and so on
<MichaelRaskin>
It's just that _usually_ people went on and calculated around a $1000 of computation time, and Google can afford going for hundreds-of-thousands-dollars attacks
pingveno has joined #nixos
<clever>
copumpkin: yeah, db.sqlite is the biggest issue, i can check the source to see what turns up
ThatDocsLady has quit [(Quit: Arma-geddin-outta-here!)]
ndowens08 has joined #nixos
<copumpkin>
I've been poking around at it, and my fakechroot thing still seems like my best bet
<copumpkin>
there are some environment variables to tell it where to look for the store and the db
<MichaelRaskin>
By the way, Discrete Logarithm, and so Diffie-Hellman key negotiation, is currently experiencing an avalanche of $100000 attacks
<gchristensen>
I'm not so sure that signed git commits are useless
ryanartecona has joined #nixos
<clever>
gchristensen: ah, one thing about git, is that it doesnt store differences
<copumpkin>
gchristensen: you're still signing a particular snapshot of the repo, but history might change from under y ou
<clever>
gchristensen: each commit is a snapshot of the entire state of the tree at that point in the commit
<MichaelRaskin>
Doesn't mean I cannot swap an entire file
<copumpkin>
yeah
<MichaelRaskin>
Which your signed commit will inherit
<clever>
copumpkin: so even if somebody swaps out a commit before mine, the git log will claim i just undid your changes, enless you can collide a whole file
<copumpkin>
well, you'd be modifying a blob referred to by the tree object
<gchristensen>
ah, right
<MichaelRaskin>
For now the question is just about cost — a million-dollar attack is not something you want to use left and right
<clever>
MichaelRaskin: hmmm, if you can swap out a single file within the tree, it would have to be a hash you previously commited, and nobody has since modified
<copumpkin>
until we get the FPGAs and dedicated hardware (assuming nobody improves efficiency of algorithm)
<clever>
MichaelRaskin: id think git blame would still trace it back to you
<copumpkin>
yeah
<MichaelRaskin>
With the current attack, yes
<copumpkin>
well, I doubt a preimage attack got any likelier as a result of this
<copumpkin>
MD5 is still pretty solid against that
<clever>
k0001: do you just need the git revision its from, or are you trying to get the git logs?
<k0001>
clever: I need the git revision.
<greymalkin>
At some point, I ran across a derivation setting that would reproduce the same output hash each time (so that, e.g. during development you don't clog up your drive with transient builds of the same source tree) but I can't find it again.
<clever>
k0001: hydra passes that in as an argument
<gchristensen>
greymalkin: nix does that by default, same input -> same output
suolrihm has joined #nixos
<MichaelRaskin>
Ouch
<suolrihm>
hello everyone
<clever>
k0001: every input you list in hydra is passed to the main nix file you set in the jobset config, as an attribute set like this
<greymalkin>
gchristensen: I know, but this seemed to be different input->overwrite same output or some such.
<MichaelRaskin>
Looks like the sollision-detecting sha1 just builds the collision, if the files is one half of a collision
<clever>
k0001: so if your release.nix has { nixpkgs }:, you can get the revision at nixpkgs.shortRev
<gchristensen>
MichaelRaskin: sorry?
<MichaelRaskin>
Well, when you generate a collision, you generate two files which have a very specific pattern of differences and a very specific pattern in each of the files
<k0001>
clever: hmm... ok, this might work. What about outPath and revCount? What are those?
<MichaelRaskin>
just tries to build the second file out of the input file
<copumpkin>
MichaelRaskin: what's your github username a hash of? :P
<copumpkin>
(truncated)
<pikajude>
i don't think it's that
<clever>
k0001: revCount is the total number of commits i believe, and outPath allows you to treat that nixpkgs attrset as a normal path
derjohn_mob has joined #nixos
<MichaelRaskin>
copumpkin: only true randomness, only true madness
<k0001>
clever: OK, thanks! I'll give this a try..
<MichaelRaskin>
(which is true for more than one my GitHub username)
<copumpkin>
:P
<suolrihm>
im sorry to interrupt you, but i got a little problem with the steam controller and (i think so) udev. anyone experienced with this?
timor has quit [(Ping timeout: 255 seconds)]
<clever>
suolrihm: i had a chance to mess with it a bit, i had to chmod the usb dev node under /dev/bus/usb/ so the user has r/w perms
<clever>
suolrihm: but i no longer have access to it, and forgot to make any PR's
<clever>
suolrihm: udev rules would automate fixing the permissions every time it gets plugged in
<MichaelRaskin>
gchristensen: collision check checks for a very special inner state of the SHA1 procedure
<suolrihm>
damn...
<clever>
suolrihm: the simple fix is to just find its bus and device number in lsusb, then give yourself read permissions to its entry under /dev/bus/usb/, though that will have to be repeated each time you plug it in or reboot
<MichaelRaskin>
copumpkin: by the way, I am not sure that a correctly prepared file cannot be used for generating a collision even after someone edits an unrelated part.
<MichaelRaskin>
Not a full preimage
<MichaelRaskin>
clever: suolrihm: the simple solution is to give your self +rw on _all_ USB nodes
ibrahims has quit [(Ping timeout: 260 seconds)]
<suolrihm>
im just kinda confused: i got a little .nix file, containing the udev rule (copy by forkk13). it worked but after switching to another pc i stopped working. lsusb output and .nix entrys are matching
<clever>
suolrihm: can you pastebin that nix file?
<clever>
suolrihm: and your in the wheel group on this new machine?
<suolrihm>
yes
AllanEspinosa has joined #nixos
<clever>
suolrihm: and if you look in /dev/usb/, what are the permissions and user/group of the node for that usb device?
<clever>
copumpkin: so if i run nix-store --import and set the right vars, i can see it unpacking to /tmp/mnt/nix/store/nix-22852-0/unpacked, but it then fails to move it to the store for unspecified reasons
takle has joined #nixos
<NixOS_GitHub>
[nixpkgs] ixmatus opened pull request #23122: go: Adding a derivation for the 1.8 Go compiler (master...parnell/add-go1.8) https://git.io/vyv7S
suolrihm has quit [(Remote host closed the connection)]
Itkovian has joined #nixos
ilyaigpetrov has quit [(Quit: Connection closed for inactivity)]
takle has quit [(Ping timeout: 240 seconds)]
suolrihm has joined #nixos
<NixOS_GitHub>
[nixpkgs] matthiasbeyer opened pull request #23123: [doc] Add example on how to override compile flags for a package (master...doc-override-compileflags) https://git.io/vyv5K
anelson- has joined #nixos
<suolrihm>
permissions: crw
<NixOS_GitHub>
[nixpkgs] womfoo opened pull request #23124: asterisk: use fetchsvn for vendored library (master...fix/asterisk-build) https://git.io/vyvdY
mudri has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub>
[nixpkgs] pSub pushed 1 new commit to master: https://git.io/vyvdW
<NixOS_GitHub>
[nixpkgs] pSub created mast at c160454 (+0 new commits): https://git.io/vaG0W
mudri has joined #nixos
cgdub has joined #nixos
cgdub has quit [(Remote host closed the connection)]
<viric>
gchristensen: nice
<gchristensen>
yeah, definitely
AllanEspinosa has joined #nixos
georges-duperon has quit [(Ping timeout: 255 seconds)]
<LnL>
I guess that's a valid point, you generally only fetch from thrusted sources
<LnL>
and we still verify the result afterwards
<gchristensen>
well so they also are saying you should be reviewing everything you pull, which is obviously not realistic
ibrahims has joined #nixos
<viric>
gchristensen: I like the sentence in https://mikegerwitz.com/papers/git-horror-story.html : "This means that signing the SHA1 hash of that commit, assuming no security vulnerabilities within SHA1, will forever state that the entire history of the given commit, as pointed to by the given tag, is trusted."
<gchristensen>
hehe yes
ambro718 has joined #nixos
<tnks>
man... I tried to make a license report all in Nix.
<tnks>
and I was so close
<gchristensen>
oh?
<tnks>
but I ran into an unexpected problem.
<tnks>
listToAttrs is very conservative, and won't allow me to use a string form of a derivation as a key for a set.
<tnks>
probably to try to assure that Nix expressions are reproducable.
<tnks>
but it lets me use them as values, and in other data structures, so I'm really unconvinced this is a safety mechanism of much worth.
k0001 has quit [(Ping timeout: 240 seconds)]
<tnks>
it just makes it harder for me to do an efficient lookup.
jgertm has quit [(Ping timeout: 260 seconds)]
<tnks>
I can encode a set as a list of lists... it will just be slow.
<gchristensen>
tnks: you sure? you can't use `"${toString drv}" = ....`?
suolrihm has quit [(Quit: Leaving)]
<tnks>
gchristensen: let me try that.
<tnks>
maybe it bybasses this check.
<gchristensen>
what is the "check"? I don't know of such a check. what was the error?
<tnks>
gchristensen: it's hard-coded into the implementation of listToAttrs as a builtin.
<tnks>
gchristensen: yeah, that doesn't work either.
<tnks>
(they really covered their bases)
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<tnks>
gchristensen: it might even go through the same code path.
<gchristensen>
neat...
<gchristensen>
I had no idea
<clever>
viric: one thing i can see as making the sha1 stuff harder to exploit, "git pull/fetch" wont re-download an object you already have
<tnks>
gchristensen: I'm really unconvinced this protection is needed.
hiratara has quit [(Ping timeout: 240 seconds)]
<tnks>
can someone explain why it's a good idea?
<clever>
viric: so if an attacker replaces an object on the remote git server, your git client wont download it, because you already have an "identical file" on your machine
<clever>
viric: but the same applies to github, you cant upload a blob that github already has in the project, so i cant see it being abused easily
<gchristensen>
tnks: well it seems not specifically applied to listToAttrs, it is a generic error
<gchristensen>
but I don't know why it is there
<viric>
clever: all goes through trusting github though
<viric>
clever: that can be hacked
<gchristensen>
a key part which was missed in the security of git, in linus's eyes is this:
<clever>
viric: yeah, if github was somehow hacked, you would have a hard time noticing this issue, because your own git client wont re-download the modified blob
<gchristensen>
guh where did it go
<clever>
viric: so you can only see it on the web ui, or with a fresh git clone
<viric>
clever: be it a new commit
<gchristensen>
basically, reading every commit you pull down
<clever>
viric: it could be anything from a modified commit, directory, or file
Itkovian_ has joined #nixos
<clever>
viric: but in all of those cases, it has the same sha1 as its ID, so the local git client will think its the original you had to begin with, and wont download the modified one
<viric>
clever: I mean a new commit you don't have, with files you don't have either
<clever>
this is also something i noticed that gentoo did differently, every file portage can download has 3 hashes on it, a sha256, a sha512, and a Whirlpool hash
roconnor has joined #nixos
<clever>
viric: to keep the chain of commit hashes intact, and to subvert the signatures, you need to hash collide against the sha1 of the commit
<viric>
clever: a sha1 hash of the file is enough, isn't it?
<viric>
of one file in the tree
<clever>
viric: yeah, if you can collide one file in the tree, then you can swap out its contents in every commit that references that exact version of the file
<ibrahims>
hello people, i'm getting dropped connections after a connection burst. there doesn't seem to be much contention in memory or cpu but there must be some other limitation that i'm not aware of. i've tried to adjust the file descriptor limit with `serviceConfig.LimitNOFILE` after a suggestion here but it didn't help either. can some one help me identifiy what is going on? the machine is running nginx +
bennofs has joined #nixos
<ibrahims>
haproxy. haproxy comes with marathon and knows how to load balance, nginx is there handling the ssl and some other rules that i know how to adjust. after i deploy a new version things go nuts with connection count. nginx manages to survive and returns 502 getting `connection error` with haproxy in upstream. i suspect its about tcp TIMED_WAIT or something related since things settle down in about 3
<ibrahims>
minutes. can i please get some help?
<clever>
viric: but anybody who already downloaded that version wont re-download it, because git assumes that if the sha1 matches, it already has a copy
<viric>
clever: fine
<clever>
viric: so an old git clone and a new git clone can produce 2 different trees for the exact same commit
AllanEspinosa has joined #nixos
<viric>
clever: as if there weren't nixpkgs clones nowadays
takle has joined #nixos
<viric>
clever: yes.
<viric>
clever: and whom to blame if that happens?
<clever>
and similarly, github shouldnt accept a new version of an object being uploaded
<viric>
gpg signing commits does not help
<clever>
so it should stick to whatever version it got first
<ibrahims>
sorry to barge in again.
<gchristensen>
sorry ibrahims, I have no idea how to help. anything in the journal?
<viric>
clever: I mean a malicious github or a malicious inside-github person
<gchristensen>
can anyone help ibrahims / get back to git security afterward? :P
<clever>
viric: yeah, in that event, they can swap things out, and you cant notice by doing a git pull
hopio3151 has joined #nixos
<NixOS_GitHub>
[nixpkgs] domenkozar pushed 1 new commit to master: https://git.io/vyvht
<NixOS_GitHub>
nixpkgs/master afb7d04 Domen Kožar: elmPackages: fix #22932
<clever>
viric: you would have to re-clone the entire project, and compare every blob in the history
<viric>
ibrahims: there is always a limit on file descriptor
<viric>
clever: so go image. what a mess. That's for any file in any git repository, no matter when it was committed :)
<ibrahims>
journal has some rejected connections but i'm not sure if it is related.
<clever>
viric: yeah
<ibrahims>
viric: can i but it really high?
<ibrahims>
set*
<viric>
ibrahims: 1024 here
<viric>
ibrahims: 4096 hard limit, 1024 soft limit
<gchristensen>
that is way too low
<gchristensen>
for any reasonably busy server
<viric>
that's per process
<gchristensen>
yes
<ibrahims>
i've tried setting it to something higher than 4096 with security.pam.loginLimits
cpennington has quit [(Remote host closed the connection)]
<ibrahims>
but that seems to be max
<ibrahims>
ulimit -Hn does not change afterwards
<ibrahims>
or -Sn
<ibrahims>
there is no way to increase it any further?
<gchristensen>
ibrahims: you need to set limits with systemd's service on haproxy / nginx
<gchristensen>
ibrahims: systemd.services.nginx.serviceConfig.LimitNOFILE = 8192; etc. also look in to tuning nginx and haproxy's configs
<ibrahims>
actually haproxy runs inside a docker container. i've tried to increase the limits on the service spawning the haproxy container. namely mesos-slave. but it didn't help either
<ibrahims>
is there a limit with docker that you're aware of ?
<copumpkin>
I want SAAS, or shlevy-as-a-service
<copumpkin>
I guess that has a name
<gchristensen>
"work-for
<gchristensen>
hire"
<copumpkin>
yeah something like that
<copumpkin>
dammit, it all keeps coming back to needing to be rich
<viric>
clever: is it so hard to change git to a new hash? Everyone can rehash the whole repo and go on from that
indi_ has joined #nixos
<viric>
That reminds of "svn upgrade" :)
<gchristensen>
copumpkin: or have other goods and services you can exchange for shlevy's time
<copumpkin>
shlevy: I have a lot of olives
<copumpkin>
like many many giant jars of kalamata olives
<gchristensen>
you could hire my wife for several hours in exchange, for sure
<clever>
viric: in theory, you could, but it would invalidate every git commit hash out there, and also invalidate all of the existing signatures in the git history
<copumpkin>
and it makes all the current forks painful to merge back in
<clever>
viric: enless you keep the old sha1 hashes for backwards compat, and then somebody can just insert a sha1 object and exploit away
<copumpkin>
all open PRs break, etc.
<clever>
viric: same reason all modern servers reject ssl 3.0 connections, you can perform a downgrade attack via mitm, before either end has been verified with certs
<shlevy>
:D That was a very confusing notification
<copumpkin>
I do my best
<ibrahims>
well, sorry if i'm not supposed to be asking this here. you're not supposed spare your time for this, but i really enjoyed setting up this server with nixos 5 months ago, now the business is blooming but this dawned on me like a nightmare. do you think i should give up on juggling this?
AllanEspinosa has quit [(Ping timeout: 255 seconds)]
<gchristensen>
ibrahims: (1) please don't use threats to stop using nixos as a way to obligate us to help. (2) I didn't realize you were using nixos to start docker, and haproxy and friends were running inside docker. you should try increasing the open file limits for docker, using systemd.services.docker.serviceConfig.LimitNOFILE
fabian_a has quit [(Ping timeout: 240 seconds)]
<shlevy>
clever: The existing signatures in the git history are already invald :P
<clever>
shlevy: pretty much
<gchristensen>
remember that a single signature on the tip commit is effectively signing _all of the history_
<gchristensen>
so the historic commit signatures are not specifically important
<clever>
shlevy: i hear there are ways to check files to see if they have signs of being used for a collision, but those signatures may change in the future
<shlevy>
What I dont' understand is why this conversation is happening today
<gchristensen>
shlevy: a sha1 was created by google
<shlevy>
Google's announcement is big news
<shlevy>
But it's not at all *surprising*
<gchristensen>
yeah it isn't
<copumpkin>
sure, I was petitioning to deprecate sha1 a while ago :P
<copumpkin>
in nix that is
<copumpkin>
but nobody cared
<clever>
ive been using sha256 and 512 on things since 2 years ago
<copumpkin>
now people care :D
<shlevy>
Nah, we've got security through obscurity
<shlevy>
We're good
<copumpkin>
oh fair enough, let's go home
<ibrahims>
well, it wasn't a threat to stop nixos. i meant the friends of docker and haproxy. maybe there is no healthy way to run a server in this configuration and i should simplify that part. but everytime i mention docker people stop responding, i felt like people don't take it seriously and i must be dumb to hope that this would work. whatever. i'll try the docker.serviceConfig.
* gchristensen
goes shopping
<copumpkin>
ibrahims: I doubt it's a "taking it seriously" thing, as much as we don't use it all that much
<copumpkin>
mostly because many of the use cases (not all) people use docker for, nix also does differently
<copumpkin>
clever: thank you so much for exploring :) I'd love to not have to use fakechroot
<shlevy>
It would be interesting to leverage the Google approach to create a POC subverted codebase
<gchristensen>
also a lot of these issues may be easier debugged by the channels for that project: #docker, #nginx, #haproxy, ##linux
<copumpkin>
of course, I'm still being thwarted by not being able to get build-time depenednecies
<copumpkin>
but one thing at a time...
<copumpkin>
I still think my _approach_ to nixos-install is a lot nicer
<copumpkin>
even if it doesn't work yet :P
<gchristensen>
no doubt :)
fabian_a has joined #nixos
vandenoever has quit [(Ping timeout: 240 seconds)]
kampfschlaefer has quit [(Ping timeout: 268 seconds)]
<clever>
copumpkin: looks like i'll need to build nix to debug this further
<viric>
Why are we using hashes so close to the date when they will be cracked?
<copumpkin>
don't feel like you have to :) I'll figure it out eventually, but I'm mostly going with fakechroot until someone gives me good reason not to
<viric>
there has been md5, sha1, ...
<clever>
copumpkin: i still need to figure out why this doesnt work!, lol
AllanEspinosa has joined #nixos
<viric>
Don't tell me that a sha256 crack is expected in 5 years :)
sellout- has quit [(Quit: Leaving.)]
kampfschlaefer has joined #nixos
<viric>
same applies for rsa 1024, dsa, rsa 2048, ...
fabian_a has quit [(Ping timeout: 240 seconds)]
<shlevy>
Thinking about switching to monotone for all my projects until git catches up :P
<shlevy>
viric: Are you still a fossil fan?
<viric>
shlevy: yes; it uses sha1
sellout- has joined #nixos
<shlevy>
:o
<viric>
well, I didn't like fossil because of sha1
<viric>
I liked it because it was easy to use
<shlevy>
My cpu has friggin sha256 instructions
<shlevy>
why are we using sha1 :(
<viric>
well, anything new you build, prepare it for a cryptohash switch any time in the future
vandenoever has joined #nixos
<clever>
shlevy: if something in nix gets compiled to take advantage of that opcode, it will just not run at all on other cpu's, and now the binary cache needs 2 copies of every build
<viric>
shlevy: I hate that sha256 is the slowest of all cryptohashes
<viric>
twice slower than sha512
<viric>
And many people has a big preference for sha256, making all slow
<shlevy>
If I were making something new today, I'd start with sha3-512
<shlevy>
And make it expect to upgrade hashes
<clever>
shlevy: the approach ive seen in gentoo, is to put several hashes on the object at once
<clever>
shlevy: it appears to be using sha256, sha512, and whirlpool, for all of its "fixed-output style" downloads
<viric>
someone could think of a flexible string that contains one or multiple hashes
sellout- has quit [(Ping timeout: 260 seconds)]
<viric>
like some kind of magnet link
<clever>
it will be much much much harder to collide 2 or 3 hashes at once
<shlevy>
It seems that if by much harder you don't mean "take until the lifetime of the universe" it's not hard enough :P
<elasticdog>
viric: you could use something like ipfs's multihash to self-describe the hash and make it easier to change in the future
<spacekitteh>
copumpkin: i mean like, converting nix expressions to ninja files and visa versa
<copumpkin>
oh
* spacekitteh
is a compiler nerd
<copumpkin>
scary :)
<copumpkin>
shlevy: is there some sort of debug mode for switch-to-configuration.pl where I can see a transcript of what it does?
<copumpkin>
one of the few times I wish it were written in shell, so I could set -x
<spacekitteh>
i was looking at the Nix expression library code last night. it's a horrific example of why functional languages should be used to write compilers/interpreters, instead of C++ :P
<copumpkin>
yep
<copumpkin>
although I'd be fine with rust
<copumpkin>
would be a more straightforward trnaslation
<Nafai>
I've used Rust to write an interpreter, it was pretty nice
<shlevy>
copumpkin: No idea
<savanni>
I'm a dedicated Haskell programmer and am kinda looking for excuses to learn Rust.
<viric>
elasticdog: anything would do, yes.
ldng_ has quit [(Client Quit)]
<shlevy>
copumpkin: But probably not
* spacekitteh
puts on her coding hat
danharaj has quit [(Ping timeout: 255 seconds)]
<clever>
copumpkin: aha, its complaining that /tmp/mnt/nix/store isnt a sub-dir of /nix/store
<shlevy>
It's right about that!
<copumpkin>
:o
<copumpkin>
quietly complaining?
<clever>
NIX_STORE_DIR=/tmp/mnt/nix/store ... error: path ‘/nix/store/kk71vkqipf30qc165718jmp0s8cggn2y-glibc-2.24’ is not in the Nix store
<shlevy>
viric: That monotone article suggesting you just be sure to use a trusted communication channel is silly
<NixOS_GitHub>
[nixpkgs] NeQuissimus pushed 2 new commits to master: https://git.io/vyfkd
<NixOS_GitHub>
nixpkgs/master 18c2be2 Tim Steinbach: kernel: 4.9.11 -> 4.9.12
<NixOS_GitHub>
nixpkgs/master 82aae8f Tim Steinbach: kernel: 4.4.50 -> 4.4.51
* spacekitteh
ponders rewriting libexpr in haskell
<shlevy>
viric: You *also* have to trust that everyone you're communicating with has the same standards
<shlevy>
spacekitteh: hnix
<clever>
copumpkin: oh wait, i think i see the problem
<spacekitteh>
shlevy: heh
<spacekitteh>
shlevy: i'm quite interested in guix
<clever>
copumpkin: because of NIX_STORE_DIR, nix believes the store will be at /tmp/mnt/nix/store, at runtime!
<NixOS_GitHub>
[nixpkgs] NeQuissimus pushed 2 new commits to release-16.09: https://git.io/vyfkj
<NixOS_GitHub>
nixpkgs/release-16.09 ee0cbde Tim Steinbach: kernel: 4.9.11 -> 4.9.12
<NixOS_GitHub>
nixpkgs/release-16.09 9ae2c60 Tim Steinbach: kernel: 4.4.50 -> 4.4.51
<copumpkin>
hmm
<clever>
copumpkin: and its expecting the --export to contain absolute paths, starting with /tmp/mnt/nix/store, that where compiled against that path
<clever>
copumpkin: so this variable is to modify a store that will always be at a weird place, not one that is temporarily at a weird place and will become /nix/store later
georges-duperon has joined #nixos
<copumpkin>
boo
<copumpkin>
:)
<clever>
yeah
jsgrant- has quit [(Quit: Peace Peeps. o/ If you need me asap, message me at msg@jsgrant.io & I'll try to get back to you within 36 hours.)]
<clever>
copumpkin: you could maybe use nix-store --register-validity and NIX_STATE_DIR to alter db.sqlite, after having rsync (or --restore'd) something in, i'll read some more related source...
<copumpkin>
I already rsync to copy the actual store contents
<copumpkin>
and I do have an example of NIX_STATE_DIR to look at the database
<copumpkin>
haven't tried it to --register-validity
Kendos-Kenlen has joined #nixos
<Kendos-Kenlen>
Hi ! :)
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<pikajude>
what do I need to install to give a bare docker container network awareness
<Kendos-Kenlen>
Does someone use Noto CJK or Noto Emoji ? I installed them on my user profile but they don't look to be find by font config. When I run "fc-list", this 2 fonts are not listed, same when using the font tool from KDE.
<clever>
copumpkin: and further reading shows that with nix 1.11.6, there doesnt appear to be a way to --import into a store mounted at the "wrong" location, you will need to keep fakerooting for now
<copumpkin>
alright, that seems fine really
<copumpkin>
I'll probably add a feature to nix to support this eventually
ryanartecona has quit [(Quit: ryanartecona)]
<clever>
things may be different in nix master
<clever>
that code has changed massively
<clever>
1.11.6 is using an external program to check signatures on nar files!
<suolrihm>
well, thanks again for your patience clever. everyone? have a nice evening (or morning) :P
mudri has joined #nixos
suolrihm has quit [(Quit: AtomicIRC: The nuclear option.)]
<Acou_Bass>
that pastebin is the one that i used hehe
<MichaelRaskin>
shlevy: I am a Monotone user, it uses SHA-1 now, and I wonder how the migration will be done; FAQ claims that there was a migration plan very long ago, but the question was about the target hash for a migration; I guess now they can migrate to SHA3
<MichaelRaskin>
It signs all the commits, though, so unlike Git it is hard to commit the attack and frame someone else
arjen-jonathan has quit [(Ping timeout: 268 seconds)]
AllanEspinosa has joined #nixos
lambdamu has joined #nixos
<NixOS_GitHub>
[nixpkgs] shlevy pushed 1 new commit to master: https://git.io/vyfmD
<peterhoeg>
MichaelRaskin: git can sign commits too (that very few people do it is something else)
ryanartecona has quit [(Quit: ryanartecona)]
<lambdamu>
when i fetch a package with fetchgit or fetchFromGithub and there are two submodules, only one is needed, should i do something about the superflous one or is it ok to enable fetchSubmodules get everything and forget about it?
<MichaelRaskin>
petehoeg: Monotone enforces signatures, so you cannot just use whoever doesn't sign commits for framing
ambro718 has quit [(Ping timeout: 260 seconds)]
<gchristensen>
what happens if a new signer comes in to the picture?
<MichaelRaskin>
With a new signer someone has to accept their changes
<gchristensen>
neat
<MichaelRaskin>
I mean, write access is just the list of keys
<gchristensen>
gotcha
<gchristensen>
that is cool
avn has joined #nixos
<MichaelRaskin>
The cool part of Monotone is that it does have levels of abstraction
<MichaelRaskin>
Although it is not unique in that…
<MichaelRaskin>
More like Git is unique in being such a mess
<gchristensen>
how do you mean?
<gchristensen>
(not about git)
seanz has joined #nixos
<MichaelRaskin>
Well, there is a DAG of commits and that's it. Now there is a notion of a certificate, which is commit-propertyname-value-signature, and that's it. Now there are standard property names like «branch» and «changelog».
<gchristensen>
ahh
<gchristensen>
hrmm so my dccp patch doesn't apply to 4.10 or 4.4
<gchristensen>
need to do more digging ...
<MichaelRaskin>
Ouch
<MichaelRaskin>
For stable?
<MichaelRaskin>
Aren't there point releases for 4.4?
<gchristensen>
hmm maybe they don't apply because they were already applied. could be and that fact got lost in the hours of build output
<MichaelRaskin>
For 4.10 there has to be a DCCP-fixed point release for sure.
<gchristensen>
I'll check
bfrog has joined #nixos
dmj` has quit [(Excess Flood)]
dmj` has joined #nixos
<gchristensen>
yep sorry I was totally wrong
<gchristensen>
we're good :)
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vyf3I
<NixOS_GitHub>
nixpkgs/master 1d68edb Graham Christensen: linux kernels: patch against DCCP double free (CVE-2017-6074)
<gchristensen>
oh ...
<gchristensen>
hrm.
<gchristensen>
*sigh* I did this wrong.
ndowens08 has quit [(Ping timeout: 260 seconds)]
bfrog has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub>
[nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vyf3K
<NixOS_GitHub>
nixpkgs/master 53a2baa Graham Christensen: Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"...
<gchristensen>
back in a bit, clearing my head, then going for try 2
vandenoever has quit [(Ping timeout: 255 seconds)]