aloiscochard has quit [(Quit: Connection closed for inactivity)]
qknight has joined #nixos
<NixOS_GitHub> [nixpkgs] grahamc closed pull request #23084: lynx: 2.8.8rel.2 -> 2.8.9dev.11 (master...lynx) https://git.io/vDhQ1
ibrahims has joined #nixos
kampfschlaefer has quit [(Ping timeout: 240 seconds)]
ibrahims has quit [(Ping timeout: 260 seconds)]
digitus has quit [(Quit: digitus)]
griff_ has quit [(Quit: griff_)]
georges-duperon has quit [(Ping timeout: 255 seconds)]
<NixOS_GitHub> [nixpkgs] ryantm opened pull request #23096: f2fs module: add crc32 dependency to initrd kernel modules, closes #2… (master...f2fs) https://git.io/vDjud
markus1209 has joined #nixos
markus1219 has joined #nixos
ibrahims has joined #nixos
ndowens08 has quit [(Quit: WeeChat 1.7)]
markus1199 has quit [(Ping timeout: 240 seconds)]
markus1189 has quit [(Ping timeout: 240 seconds)]
ibrahims has quit [(Ping timeout: 240 seconds)]
Shou has quit [(Ping timeout: 255 seconds)]
JagaJaga has quit [(Ping timeout: 240 seconds)]
MichaelRaskin has quit [(Ping timeout: 240 seconds)]
ryanartecona has joined #nixos
ibrahims has joined #nixos
AllanEspinosa has quit [(Ping timeout: 240 seconds)]
erasmas has quit [(Quit: leaving)]
nckx has quit [(Quit: ☭ + 🐧 + GNU Guix <https://gnu.org/s/guix>)]
nckx has joined #nixos
ibrahims has quit [(Ping timeout: 240 seconds)]
jmiven has quit [(Quit: co'o)]
jmiven has joined #nixos
AllanEspinosa has joined #nixos
<NixOS_GitHub> [nixpkgs] Mic92 pushed 5 new commits to master: https://git.io/vDjao
<NixOS_GitHub> nixpkgs/master 4689dd2 Thomas Lotze: cmus: enable opus support (re #23051)...
<NixOS_GitHub> nixpkgs/master 744ce7e Jörg Thalheim: cmus: enable aac support
<NixOS_GitHub> nixpkgs/master e868669 Jörg Thalheim: cmus: mp4 support
<NixOS_GitHub> [nixpkgs] Mic92 closed pull request #23092: cmus: enable opus support (re #23051) (master...re23051-cmus-opus) https://git.io/vDjBM
ndowens08 has joined #nixos
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<eacameron> Anyone have a short example of how to write a deeply overridable config?
mkoenig has quit [(Read error: Connection reset by peer)]
mkoenig has joined #nixos
ibrahims has joined #nixos
threshold has quit [(Quit: leaving)]
threshold has joined #nixos
threshold has quit [(Client Quit)]
<gchristensen> eacameron: sorry?
threshold has joined #nixos
<eacameron> gchristensen: I want to build a config with config.override (self: { field = new value; })
<eacameron> gchristensen: I'm still hoping for an example but I may have figured it out.
Rotaerk has joined #nixos
ibrahims has quit [(Ping timeout: 260 seconds)]
<eacameron> gchristensen: An extremely crowded and hard-to-read example, I think: lib.fix' (lib.extends (self: super: { a = 2; }) (self: { a = 1; b = self.a + 1; override = f: lib.fix' (lib.extends f self.__unfix__); }))
_sagitaire has quit [(Ping timeout: 260 seconds)]
<threshold> I am trying to use postgres with the nix package manager on osx
<threshold> $ pg_ctl -D /etc/postgresql.conf start
<threshold> pg_ctl: could not open PID file "/etc/postgresql.conf/postmaster.pid": Not a directory
<eacameron> threshold: -D is the data dir. Not the config.
<gchristensen> threshold: well -D means data directory, and /etc/postgresql.conf is probably not your data directory.
<threshold> $ PGDATA=/etc/postgresql.conf pg_ctl start
<threshold> pg_ctl: could not open PID file "/etc/postgresql.conf/postmaster.pid": Not a directory
peterhoeg has quit [(Remote host closed the connection)]
<gchristensen> yet again PGDATA is your data directory, and /etc/postgresql.conf i probably not your data directory
<threshold> I was just going by some help from yesterday
peterhoeg has joined #nixos
<threshold> If I type in pg_ctl start, I am told: pg_ctl: no database directory specified and environment variable PGDATA unset
mkoenig has quit [(Remote host closed the connection)]
ndowens08 has quit [(Quit: WeeChat 1.7)]
<gchristensen> yeah I mena you do need to set PGDATA to a directory
__sagitaire has joined #nixos
<peterhoeg> threshold: and you are referring to a nixos module which doesn't help you on mac
<threshold> gchristensen: Why does it not default to that directory and ask me to specify that PATH?
<gchristensen> what would the default directory be?
<eacameron> threshold: That's the default when using NixOS modules. You're on mac so you'll have to specify that yourself.
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<threshold> sudo mkdir /var/db/postgresql && PGDATA=/var/db/postgresql pg_ctl start # results in pg_ctl: directory "/var/db/postgresql" is not a database cluster directory
<threshold> I hate mac so much
<gchristensen> you need to call initdb
<threshold> I wish I could develop for iOS in a linux
danharaj has quit [(Remote host closed the connection)]
<eacameron> threshold: try pg_ctl init -D /var/db/postgresql ?
<eacameron> I can't remember the exact command sequence. What you're trying to do is not really unique to mac...it's just that you have to do it manually.
ryanartecona has quit [(Quit: ryanartecona)]
<gchristensen> that said, I share the sentiment of wishing I could use linux for work.
<gchristensen> for my work computer*
<copumpkin> gchristensen: I'm now partially barfy and partially warny
<gchristensen> copumpkin: my platonic ideal for any pumpkin
echo-area has joined #nixos
ibrahims has joined #nixos
Rizy has quit [(Quit: Rizy)]
Rizy has joined #nixos
<gchristensen> copumpkin: jokes aside (sigh) that is great news :)
ibrahims has quit [(Ping timeout: 255 seconds)]
k0001 has quit [(Ping timeout: 260 seconds)]
<threshold> postgres=> ALTER USER postgres WITH SUPERUSER;
<threshold> ERROR: must be superuser to alter superusers
<gchristensen> sorry, threshold , you should try #postgresql
<gchristensen> or #postgres, whatever their channel is
<threshold> Yeah, sorry
<gchristensen> it is okay :)
<threshold> I thought it was relevant at first because most package managers will also go ahead and create a postgres user for you automatically
<threshold> and I can't su - postgres
<threshold> So now I'm confused
<gchristensen> oh
<gchristensen> so installing the package with nix alone doesn't do any of that, it _just_ makes the binary available in the PATH
<threshold> Got it. This is going to be a memorable night
* threshold reaches for some kind of drug to help him
<gchristensen> what's going on?
<threshold> I need a user called postgres that can create a database
<threshold> I think the user needs to be a superuser
<gchristensen> fwiw you don't strictly need that
<threshold> If not, I don't care. I just want a user named postgres that can create a database at this point
<threshold> gchristensen: I figured
<gchristensen> (you don't need a user named postgres)
<gchristensen> #postgres can likely help more
<threshold> answer: createdb; psql; ALTER ROLE postgres CREATEDB; \q
AllanEspinosa has joined #nixos
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vDjiT
<NixOS_GitHub> nixpkgs/master 6c37a92 Graham Christensen: firebird: 2.5.6.27020-0 -> 2.5.7.27050-0 for '2.5.7.27050-0' bypass
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to release-16.09: https://git.io/vDjik
<NixOS_GitHub> nixpkgs/release-16.09 d87a40e Graham Christensen: firebird: 2.5.6.27020-0 -> 2.5.7.27050-0 for '2.5.7.27050-0' bypass...
alanz has quit [(Ping timeout: 240 seconds)]
takle has quit [(Remote host closed the connection)]
ibrahims has joined #nixos
alanz has joined #nixos
ibrahims has quit [(Ping timeout: 255 seconds)]
mudri has quit [(Quit: WeeChat 1.7)]
<NixOS_GitHub> [nixpkgs] grahamc created mark-as-insecure (+2 new commits): https://git.io/vDjiN
<NixOS_GitHub> nixpkgs/mark-as-insecure 38771ba Graham Christensen: nixpkgs: allow packages to be marked insecure...
<NixOS_GitHub> nixpkgs/mark-as-insecure c8859b7 Graham Christensen: libplist: mark as insecure...
<NixOS_GitHub> [nixpkgs] grahamc deleted mark-as-insecure at c8859b7: https://git.io/vDjix
<gchristensen> globin: should we wait on this? https://github.com/NixOS/nixpkgs/pull/22890 I just used it for the first time.
<eacameron> Is there a generic "mkOverridable" function somewhere that does all the fix' extends machinery on a simple initial set "self: { ... }" ?
takle has joined #nixos
<NixOS_GitHub> [nixpkgs] grahamc pushed 2 new commits to release-16.09: https://git.io/vDjP8
<NixOS_GitHub> nixpkgs/release-16.09 1b72afd Peter Hoeg: lynx: 2.8.8rel.2 -> 2.8.9dev.11...
<NixOS_GitHub> nixpkgs/release-16.09 c9e751c Graham Christensen: Merge pull request #23095 from peterhoeg/u/lynx_stable...
takle has quit [(Ping timeout: 260 seconds)]
<clever> copumpkin: oh, i just had an idea on something you can use
<clever> $ nix-store --dump a | nix-store --restore b
<clever> copumpkin: this will serialize a into a NAR, then deserialize it back into b
<clever> copumpkin: boom, i can now copy the closure of things into a given directory, though it completely ignores db.sqlite
<gchristensen> Wizek: are you wizeman?
<Wizek> gchristensen, nope
* eacameron answers himself: lib.makeExtensible
<gchristensen> Wizek: ok, thank you :)
takle has joined #nixos
ibrahims has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
mbrgm has quit [(Ping timeout: 240 seconds)]
ibrahims has quit [(Ping timeout: 260 seconds)]
mbrgm has joined #nixos
ilyaigpetrov has joined #nixos
takle has joined #nixos
derjohn_mob has quit [(Ping timeout: 240 seconds)]
estewei has quit [(Quit: Quit)]
takle has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
echo-area has quit [(Read error: Connection reset by peer)]
s33se has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
s33se_ has quit [(Ping timeout: 268 seconds)]
derjohn_mob has joined #nixos
ibrahims has joined #nixos
takle has joined #nixos
ibrahims has quit [(Ping timeout: 240 seconds)]
justan0theruser has joined #nixos
<NixOS_GitHub> [nixpkgs] dmjio opened pull request #23097: Initial commit of HaLVM support (master...halvm) https://git.io/vDjMd
takle has quit [(Ping timeout: 240 seconds)]
justanotheruser has quit [(Ping timeout: 260 seconds)]
indi_ has quit [(Remote host closed the connection)]
hexagoxel has quit [(Ping timeout: 260 seconds)]
indi_ has joined #nixos
hexagoxel has joined #nixos
indi_ has quit [(Remote host closed the connection)]
indi_ has joined #nixos
alx741 has quit [(Quit: alx741)]
takle has joined #nixos
alx741 has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
ibrahims has joined #nixos
ibrahims has quit [(Ping timeout: 260 seconds)]
indi_ has quit [(Remote host closed the connection)]
takle has joined #nixos
indi_ has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
Rizy has quit [(Quit: Rizy)]
takle has quit [(Ping timeout: 255 seconds)]
indi_ has quit [(Remote host closed the connection)]
indi_ has joined #nixos
indi_ has quit [(Remote host closed the connection)]
indi_ has joined #nixos
ryantm____ has joined #nixos
ryantm____ is now known as ryantm
hamishmack has quit [(Quit: hamishmack)]
<ryantm> is anyone using the latest unstable chromium and having problems with SSL certs?
<ryantm> seems similar to problems like in https://github.com/NixOS/nixpkgs/issues/12298
mguentner has quit [(Quit: WeeChat 1.7)]
mguentner has joined #nixos
ibrahims has joined #nixos
ibrahims has quit [(Ping timeout: 240 seconds)]
Wizek has quit [(Ping timeout: 260 seconds)]
eacameron has quit [(Remote host closed the connection)]
eacameron has joined #nixos
eacameron has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
shanemikel has joined #nixos
hexagoxel has quit [(Ping timeout: 240 seconds)]
hexagoxel has joined #nixos
<ryantm> well, I opened a new issue for it https://github.com/NixOS/nixpkgs/issues/23100
takle has quit [(Ping timeout: 260 seconds)]
mguentner2 has joined #nixos
systemfault has joined #nixos
<maurer> ryantm: Try disabling bearer tokens in chrome://flags
<maurer> err
<maurer> token binding rather
<shanemikel> If I'm using nix-channel unstable, is there a way I can figure out which git commit that would correspond to?
mguentner has quit [(Ping timeout: 240 seconds)]
<ryantm> maurer: that fixes it
<maurer> ryantm: Yes, it's a chromium bug
<maurer> ryantm: It'll be fixed next release, which might be out already
<maurer> but our package hasn't been bumped
<clever> [root@amd-nixos:~]# realpath $(nix-instantiate --find-file nixpkgs)
<clever> /nix/store/18riqb6diaxk5a5bxx5hzh2pyc0jfvv7-nixos-17.03pre99759.f66d782/nixos
<shanemikel> ~/.nix-defexpr/channels/manifest.nix has this for `name`, nixpkgs-17.03pre99245.78c68f2
<clever> shanemikel: my <nixpkgs> resolves to commit f66d782
<ryantm> shanemikel: nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion
<clever> ah, that also works
<ryantm> maurer: Thanks. I updated the issue, but I guess it should be left open until we bump it.
<maurer> Yeah, sorry, I don't have the motivation to look for a patch/bump it today. I can barely manage to get myself to do anything at all.
<ryantm> maurer: No reason to be sorry about that, thanks for helping me, and hopefully other people can find the issue if they are having trouble.
systemfault has quit [(Quit: Bye!)]
ibrahims has joined #nixos
proteusguy has joined #nixos
ibrahims has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
proteus-guy has quit [(Ping timeout: 260 seconds)]
eacameron has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 268 seconds)]
hamishmack has joined #nixos
roconnor has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
ibrahims has joined #nixos
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
ibrahims has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 268 seconds)]
proteusguy has quit [(Remote host closed the connection)]
takle has joined #nixos
ibrahims has joined #nixos
takle has quit [(Ping timeout: 268 seconds)]
ibrahims has quit [(Ping timeout: 240 seconds)]
roconnor has joined #nixos
takle has joined #nixos
Rizy has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
Rizy has quit [(Quit: Rizy)]
sheenobu has joined #nixos
alx741 has quit [(Quit: alx741)]
<pikajude> what should my docker image config.Volumes look like?
takle has joined #nixos
ibrahims has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
ibrahims has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
<LnL> probably a list similar to config.Env = [ "FOO=foo" ];
takle has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
justbeingglad has joined #nixos
justbeingglad has left #nixos []
takle has quit [(Ping timeout: 255 seconds)]
eacameron has quit [(Remote host closed the connection)]
eacameron has joined #nixos
MercurialAlchemi has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
ibrahims has joined #nixos
ibrahims has quit [(Ping timeout: 260 seconds)]
shanemikel has quit [(Read error: Connection reset by peer)]
shanemikel has joined #nixos
takle has joined #nixos
peterhoeg_ has joined #nixos
peterhoeg has quit [(Ping timeout: 255 seconds)]
griff_ has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
freusque has quit [(Quit: WeeChat 1.4)]
freusque has joined #nixos
indi_ has quit [(Remote host closed the connection)]
takle has joined #nixos
ibrahims has joined #nixos
Guest85325 has joined #nixos
griff_ has quit [(Quit: griff_)]
proteusguy has joined #nixos
takle has quit [(Ping timeout: 255 seconds)]
ibrahims has quit [(Ping timeout: 268 seconds)]
takle has joined #nixos
<Ralith> is anyone working on updating to mesa 17?
<Ralith> would be nice to have that for 17.03
xeviox has joined #nixos
eacameron has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
shanemikel has quit [(Quit: Textual IRC Client: www.textualapp.com)]
pchiusano has quit [(Ping timeout: 276 seconds)]
takle has joined #nixos
eacameron has quit [(Ping timeout: 260 seconds)]
pchiusano__ has joined #nixos
takle has quit [(Ping timeout: 240 seconds)]
FRidh has joined #nixos
thc202 has joined #nixos
takle has joined #nixos
takle has quit [(Ping timeout: 268 seconds)]
ibrahims has joined #nixos
reinzelmann has joined #nixos
ibrahims has quit [(Ping timeout: 255 seconds)]
eacameron has joined #nixos
freusque has quit [(Ping timeout: 240 seconds)]
spacekit1eh has joined #nixos
<spacekit1eh> was i dreaming or was there a makefile->nix compiler?
itsN1X has joined #nixos
itsN1X has quit [(Client Quit)]
eacameron has quit [(Ping timeout: 240 seconds)]
takle has joined #nixos
<NixOS_GitHub> [nixpkgs] FRidh force-pushed python-wip from b313a7b to 6c12ffc: https://git.io/vzaOS
<NixOS_GitHub> nixpkgs/python-wip 1044f39 romildo: pygments: 2.1.3 -> 2.2.0
<NixOS_GitHub> nixpkgs/python-wip 6c12ffc Frederik Rietdijk: pythonPackages.pelican: 3.6.3 -> 3.7.1
<Ralith> oh vcunat says he's waiting for 17.0.1
takle has quit [(Ping timeout: 260 seconds)]
teknico has joined #nixos
Itkovian has joined #nixos
<NixOS_GitHub> [nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vDjjc
<NixOS_GitHub> nixpkgs/master 8352e0b sternenseemann: ocaml-ipaddr: 2.6.1 -> 2.7.2...
mguentner2 has quit [(Read error: Connection reset by peer)]
ryantm has quit [(Quit: Connection closed for inactivity)]
ibrahims has joined #nixos
jgertm has joined #nixos
takle has joined #nixos
katyucha has quit [(Killed (verne.freenode.net (Nickname regained by services)))]
katyucha_ is now known as katyucha
katyucha_ has joined #nixos
takle has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
peterhoeg_ has quit [(Quit: http://quassel-irc.org - Chat comfortably. Anywhere.)]
peterhoeg has joined #nixos
nschoe has joined #nixos
jgertm has quit [(Ping timeout: 260 seconds)]
takle has quit [(Ping timeout: 268 seconds)]
FPtje has joined #nixos
<NixOS_GitHub> [nixpkgs] bflyblue opened pull request #23101: unifi: 5.2.9 -> 5.4.11 (master...master) https://git.io/vyev7
takle has joined #nixos
<FPtje> Has anyone experienced an empty /nix/var/nix/profiles/system/bin/switch-to-configuration file before? I've had it three times now (and solved it by generating a new SD card because I was working on something else), but it's starting to creep me out
<FPtje> It's happening on a raspberry like FPGA board, to which I deploy with nixops
<xeviox> can I explicitely make something in a nix expression be a path? seems like it has problems using "./" as path
takle has quit [(Ping timeout: 260 seconds)]
<FPtje> xeviox, have you tried ./. (without quotes)?
<xeviox> FPtje: hell yeah, this one works.. thanks alot o/ :D
<FPtje> Cheers!
<xeviox> could I also reference an existing env var (to be able to extend or modify the path variable)
<FPtje> What do you mean by an env var? Something like $HOME?
<xeviox> yes
<xeviox> I want to extend $PATH
takle has joined #nixos
<FPtje> The PATH variable of your own user?
<xeviox> yes, and I want to extend it when I use "nix-shell" with a nix expression
<xeviox> I know this is not the intention of the whole thing..
<FPtje> Sounds like X Y problem, I guess you want a certain program to be available when you open a nix shell?
<xeviox> but as long as I'm not experienced enough to use it correctly I'll have to use some hacks :/
<xeviox> some kind of, I've created an expression that provides python3 and pip
<xeviox> then I used pip to install the aws-cli but that one ended up in my home folder :/
<FPtje> Nix is actually really clever with PATH. When you build a derivation (package), you need some programs to be in PATH, stuff like make, python, maybe specific python packages
<FPtje> So nix has provisions for that. Basically if you put the programs you need in (I believe) buildDepends, it'll be available when you nix-build the derivation or open a nix-shell into the derivation
<xeviox> now I can start a nix-shell with my expression and have python3 (and some others) in PATH like needed. Only the aws-cli is in the wrong place (because I used pip to get the current version)
<FPtje> alternatively you can open a nix-shell, give it a -p and then some programs
<FPtje> "nix-shell -p python" would open a nix-shell with python
<xeviox> yeah, that works fine
<FPtje> ah, you're trying to install that package using pip
takle has quit [(Ping timeout: 255 seconds)]
<xeviox> the problem is that the aws-cli version in the nix channel is to old
<FPtje> are you aware of pythonPackages?
<FPtje> oh right
<xeviox> the probably correct way is to build a correct nix expression for it
<FPtje> Yeah, the problem with pip is that it works outside the whole nix shell business
<FPtje> the best way would be to override it
<xeviox> but I'm not experienced right now and I have to use the awas-cli for work (so don't have enough time to figure it out)
<xeviox> yeah, I hate those language specific package managers :/
katyucha has quit [(Quit: Lost terminal)]
<xeviox> so, seems I have to look into building packages for nix :D
Itkovian has quit [(Read error: Connection reset by peer)]
goibhniu has joined #nixos
<xeviox> anyways thanks a lot for your help, at least makes my go project usable in nix :D
<FPtje> What version of awscli do you need?
katyucha1 has joined #nixos
<FPtje> If you look in nixpkgs/pkgs/top-level/python-packages.nix, you can find the derivation for awscli
<xeviox> currently I use the latest (it has a lot of new functions for cloud formation). Sadly I don't know when those were added..
<xeviox> ah ok
<xeviox> maybe I can change what I need :D
<xeviox> thanks again
<FPtje> you can go to your configuration.nix and probably override pythonPackages.awscli, changing version and src
<xeviox> hmm, it states "1.11.45" which is pretty up-to-date
<FPtje> Take a look at this for more info on how this works: https://nixos.org/nixpkgs/manual/#python
<xeviox> I will thanks
<xeviox> wonder why my nixos install pulled some 1.10.xx :/
<xeviox> (I tried the one from the channel first)
<FPtje> is the version of nixpkgs you're looking at the same as the version your nixos is using?
<xeviox> how can I verify that?
<xeviox> sorry, I'm pretty new to NixOS :(
<FPtje> What nixpkgs are you looking at?
<FPtje> That's the very latest version
<FPtje> if you run "echo $NIX_PATH" in a terminal, you might find what nixpkgs your system is using
<xeviox> nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
<xeviox> at least updating is something I don't currently understand
<xeviox> somewhere I read that packages in a channel might be updated regularly
<xeviox> but how do I pull in those updates, or at least see if some are available
<FPtje> Well, I have to look up the commands too. At my company, we use a different procedure to update Nix :)
<xeviox> hehe :D
<xeviox> at least you use NixOS (or Nix)
<xeviox> I'm the only one using it in my company
<FPtje> My entire company does, it's absolutely amazing
<xeviox> sounds great :D
<FPtje> Everyone has the same versions of packages, we have several devices in the field that are all NixOS
<FPtje> we can push updates to them using a tool called "nixops", updating a device is as simple as "nixops deploy --include <device here>"
<FPtje> There's how you upgrade
<FPtje> Probably just "nixos-rebuild switch --upgrade"
<xeviox> cool
<xeviox> I see there is a lot to read..
<FPtje> Yeah, Nix has a steep learning curve
ibrahims has quit [(Ping timeout: 240 seconds)]
<FPtje> Here's a set of tutorials that /really/ helped me get the hang of it: http://lethalman.blogspot.nl/2014/07/nix-pill-1-why-you-should-give-it-try.html
<FPtje> The manuals (https://nixos.org/nixos/manual, https://nixos.org/nixpkgs/manual, https://nixos.org/nix/manual) good for reference, but they don't really "teach" Nix
<xeviox> hey, that's the problem ^^
<xeviox> and there is still relatively small content for nix
<xeviox> but that will get better over time :D
<xeviox> thanks for the tutorials
<FPtje> Yeah, it really has the right idea. Cheers
ibrahims has joined #nixos
takle has joined #nixos
nschoe has quit [(Read error: Connection reset by peer)]
nschoe has joined #nixos
derjohn_mob has quit [(Ping timeout: 240 seconds)]
takle has quit [(Ping timeout: 260 seconds)]
bin7me has joined #nixos
bin7me has quit [(Remote host closed the connection)]
takle has joined #nixos
arjen-jonathan has joined #nixos
Itkovian has joined #nixos
<NixOS_GitHub> [nixpkgs] teh opened pull request #23102: Allow directories with a default.nix to be imported as an overlay. Cl… (master...master) https://git.io/vyeTn
<NixOS_GitHub> [hydra] rbvermaa pushed 1 new commit to master: https://git.io/vyeT4
<NixOS_GitHub> hydra/master fd754d6 Rob Vermaas: Do not trigger eval on jobset change when check interval is 0 (disabled).
takle has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub> [nixpkgs] peterhoeg pushed 1 new commit to master: https://git.io/vyeT0
<NixOS_GitHub> nixpkgs/master 84fd5da Peter Hoeg: terragrunt: 0.10.2 -> 0.10.3
<sziszi> FPtje> "Yeah, Nix has a steep learning curve" — holy hell, yes
<sziszi> feeling really dumb using this OS
takle has joined #nixos
ThatDocsLady has joined #nixos
<sziszi> 7years ago arch was a bit steep too for me at least. but this OS is more hard to understand
<sziszi> but also DOPE! :)
<FPtje> sziszi, Yeah, it requires a combination of functional programming skills, system management and even then some understanding on how things are done in nix specifically
takle has quit [(Ping timeout: 260 seconds)]
jgertm has joined #nixos
ibrahims has quit [(Ping timeout: 260 seconds)]
<FPtje> Ah, the nix store of the device has become corrupt, the "nixos-system" store path is also corrupt. On my device that path holds a non-empty switch-to-configuration file. On the broken device it's empty.
<NixOS_GitHub> [nixpkgs] pSub pushed 2 new commits to master: https://git.io/vyekP
<NixOS_GitHub> nixpkgs/master 265a288 Shaun Sharples: unifi: 5.2.9 -> 5.4.11
<NixOS_GitHub> nixpkgs/master f1e5dce Pascal Wittmann: Merge pull request #23101 from bflyblue/master...
__Sander__ has joined #nixos
takle has joined #nixos
xeviox_ has joined #nixos
jensens has joined #nixos
xeviox has quit [(Ping timeout: 240 seconds)]
takle has quit [(Ping timeout: 268 seconds)]
derjohn_mob has joined #nixos
xeviox_ has quit [(Ping timeout: 240 seconds)]
proteusguy has quit [(Remote host closed the connection)]
phreedom has quit [(Quit: No Ping reply in 180 seconds.)]
eacameron has joined #nixos
phreedom has joined #nixos
eacameron has quit [(Ping timeout: 268 seconds)]
takle has joined #nixos
<FPtje> the nix store of the device has become corrupt, the "nixos-system" store path is also corrupt. On my device that path holds a non-empty switch-to-configuration file. On the broken device it's empty. Nix-store --verify --repair cannot download the paths. How do I force copy to the device?
pi3r has joined #nixos
<FPtje> The corruption is very specific it seems. It seems limited to all services of the current configuration, which contain long strings of "^@^@^@...", and the configuration path, which has its "bin/switch-to-configuration" empty.
takle has quit [(Ping timeout: 260 seconds)]
takle has joined #nixos
takle has quit [(Remote host closed the connection)]
takle has joined #nixos
Shou has joined #nixos
mudri has joined #nixos
fadenb has quit [(Quit: WeeChat 1.6)]
fadenb has joined #nixos
roconnor has quit [(Ping timeout: 240 seconds)]
georges-duperon has joined #nixos
xadi has joined #nixos
Shou has quit [(Ping timeout: 255 seconds)]
ibrahims has joined #nixos
<jophish_> isStorePath foo = true; isStorePath (foo + "/bar") = false;
<jophish_> What's up with this!
<jophish_> ah, perhaps I've misunderstood isStorePath to mean isInStore
ixxie has joined #nixos
<sziszi> FPtje: functional programming? why?
<FPtje> sziszi, Nix is a functional programming language
eacameron has joined #nixos
Shou has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
mudri has quit [(Ping timeout: 255 seconds)]
ixxie has quit [(Ping timeout: 260 seconds)]
<sziszi> FPtje: I know, but why I have to code in it?
<FPtje> sziszi, It's not necessary if the built in things in NixOS do what you want. It is necessary if you need things that aren't provided by NixOS
<FPtje> like services that NixOS has no support for, derivations that don't exist in nixpkgs, that kind of stuff
<sziszi> I'm at this point for now :)
<FPtje> That's okay, you have to start somewhere
<sziszi> i've seen some haskell back in the day when I started using Xmonad, and that stuff wasnt a good experience
<sziszi> so functional programming is a bit NONO for me
<FPtje> what wasn't good about it?
<LnL> I'm actually pretty surprised by the contributions of somebody that said he's not a programmer
<sziszi> FPtje: it was weird as hell
<spacekit1eh> functional programming is excellent
<spacekit1eh> i don't understand why people say it's hard
<FPtje> sziszi, It is weird, especially when you're used to imperative programming
spacekit1eh is now known as spacekitteh
<sziszi> nix is not hard, but haskell is
<spacekitteh> haskell isn't hard
<FPtje> I remember being very frustrated about not being able to use mutable variables and for loops
<spacekitteh> monads aren't any harder than learning what inheritence is in OOP, for example
<LnL> it's just a different way of thinking about what you want to do
<FPtje> Not knowing what the right way of doing these things is made it frustrating. I remember thinking "How can you do /anything/ serious if you can't change a variable?"
<spacekitteh> exactly, LnL
<MP2E> you can use mutable variables, they require using the ST type
<FPtje> Eventually I learned, and now my Haskell is pretty fluent, but you have to get over some barrier
<MP2E> it's just not generally recommended because there are lots of other ways of doing things, and you'll find that you don't need a mutable variable as much as you might think..
<spacekitteh> people who say that Haskell is hard fail to realise that the only reason they think it's hard is because they only learned imperitive programming
<FPtje> spacekitteh, Regardless of cause, hard is hard
<spacekitteh> FPtje: sure, but haskell isn't even hard
<spacekitteh> it's just different to what they're used to
MP2E has quit [(Quit: sleep)]
<spacekitteh> they think it's hard because they have to learn it from the fundamentals again
<sziszi> spacekitteh: it's not brainfuck OFC, but i'm somewhat new to programming
<FPtje> Nothing is more frustrating than people telling you how Haskell isn't hard when you can't figure out how to calculate the sum of a simple list
<spacekitteh> FPtje: sum myList
<FPtje> spacekitteh, good job
<Havvy> foldL + myList # ???
<spacekitteh> Havvy: foldL (+) myList
<spacekitteh> you need the ()
<FPtje> and an initial value, 0
<spacekitteh> ^
<FPtje> but that's beside the point
<FPtje> having to relearn the fundamentals is hard
<FPtje> Just like learning your first imperative language is hard
* Havvy hasn't even actually written a real Haskell program.
<Havvy> Or even anything more complex than the previous statement.
<spacekitteh> FPtje: i wouldn't say it's hard, just long
<LnL> I think people that have trouble learning it either underestimate what learning a new paradigm means and try to compare it to much with what they know
<FPtje> But would you understand that someone new to functional programming, breaking their brain over how folds work could potentially consider it difficult?
<spacekitteh> indeed, LnL
<spacekitteh> FPtje: sure, but it's because they're trying to take shortcuts usually, FPtje
<LnL> you sort of have to sed aside what you know about "programming"
<FPtje> spacekitteh, what kind of shortcuts?
phreedom has quit [(Quit: No Ping reply in 180 seconds.)]
<spacekitteh> by starting from the POV of "this is different from imperitive programming in the following ways" rather than "this is a way to program"
<FPtje> Imagine someone staring at the definition of foldl, trying to figure out how it works
<NixOS_GitHub> [nixpkgs] abbradar pushed 5 new commits to master: https://git.io/vyeZU
<NixOS_GitHub> nixpkgs/master fd29b10 Nikolay Amiantov: linuxPackages.lttng-modules: 2.8.3 -> 2.9.1
<NixOS_GitHub> nixpkgs/master ba43d6b Nikolay Amiantov: lttng-tools: 2.5.2 -> 2.9.3
<NixOS_GitHub> nixpkgs/master a435327 Nikolay Amiantov: lttng-ust: 2.5.1 -> 2.9.0
<FPtje> ignorant of how basic things work like currying or pattern matching
<FPtje> I mean it's pretty difficult to understand how foldl works if you don't fully understand these things
<spacekitteh> it's like trying to learn to fly a plane, and trying to think of everything in terms of car metaphors
<spacekitteh> instead of learning it on its own terms
<spacekitteh> flying isn't any harder than driving
<FPtje> how does that analogy apply to the person staring at foldl?
<FPtje> having limited understanding of currying and/or pattern matching?
<LnL> spacekitteh: I like that metaphor
<spacekitteh> (note: i learned to fly before i learned to drive)
<Havvy> spacekitteh: See also, everybody's first time in a plane in Grand Theft Auto games.
* spacekitteh finds driving more difficult than flying TBH
<FPtje> spacekitteh, imagine having trouble parallel parking
<spacekitteh> i can't parallel park
<FPtje> and then your instructor telling you that it's easy
<spacekitteh> i know it's easy
<FPtje> then why isn't it easy?
phreedom has joined #nixos
<FPtje> surely if it were easy, you would be able to do it
<FPtje> but apparently it's not
sheenobu has quit [(Quit: Leaving)]
<spacekitteh> because i have trouble reasoning about reversing
<spacekitteh> planes don't reverse :P
<FPtje> so it's easy, despite the fact that you have trouble reasoning about it
<spacekitteh> sure
<spacekitteh> it's objectively easy
<FPtje> objectively?
<spacekitteh> given a billion people can do it
<FPtje> I thought "easy" was subjective
<FPtje> Some things are easy for some people, yet difficult for others
* spacekitteh shrugs
<FPtje> depending on skill, training, physical ability
<FPtje> knowledge
<FPtje> I guess you can reason objectively about things being easy
<spacekitteh> drinking a glass of water is objectively easy, designing a nuclear reactor is objectively hard. sure, some people can't drink a glass of water due to disabilities, etc
<FPtje> saying "if you have this and that and that skill, then this skill should follow easily"
<spacekitteh> breathing is objectively easy
Wizek has joined #nixos
Itkovian_ has joined #nixos
<spacekitteh> it's much easier to categorise things as easy than as hard
<FPtje> spacekitteh, for all humans that share the part in the brain that controls that yes
<FPtje> but that's still subjective to a majority of humans
<spacekitteh> something something frequentist
<spacekitteh> (had to finish the triad)
<FPtje> frequentist?
<spacekitteh> (objective probability, subjective proability, frequential probability; all related to complexity theory)
Itkovian has quit [(Ping timeout: 260 seconds)]
<FPtje> where is probability involved?
<spacekitteh> it's not
ibrahims has quit [(Ping timeout: 240 seconds)]
ibrahims has joined #nixos
freusque has joined #nixos
iyzsong has joined #nixos
martinb1 has joined #nixos
pi3r has quit [(Ping timeout: 240 seconds)]
eacameron has joined #nixos
pi3r has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
indi_ has joined #nixos
martinb1 is now known as timor
indi_ has quit [(Remote host closed the connection)]
MP2E has joined #nixos
bennofs1 has joined #nixos
xadi1 has joined #nixos
xadi has quit [(Read error: Connection reset by peer)]
<unlmtd[m]> trying to launch nix shell in rust website generator gives:
<unlmtd[m]> error: cannot auto-call a function that has an argument without a default value (‘rustPlatform’)
<bennofs1> unlmtd[m]: use nix-shell -E 'with (import <nixpkgs> {}); callPackage ./cobalt-rs.nix'
Shou has quit [(Ping timeout: 260 seconds)]
<unlmtd[m]> wohha response!
eacameron has joined #nixos
ixxie has joined #nixos
<unlmtd[m]> so I need nixpkgs
arjen-jonathan has quit [(Ping timeout: 260 seconds)]
eacameron has quit [(Ping timeout: 255 seconds)]
<NixOS_GitHub> [nixpkgs] grahamc closed pull request #22890: nixpkgs: allow packages to be marked insecure (master...mark-as-insecure) https://git.io/vD9zs
<unlmtd[m]> so now I found out that I did not write a derivation
pi3r has quit [(Ping timeout: 255 seconds)]
<unlmtd[m]> back to reading then
katyucha1 is now known as katyucha
arjen-jonathan has joined #nixos
MP2E has quit [(Quit: leaving)]
phreedom has quit [(Quit: No Ping reply in 180 seconds.)]
jgeerds has joined #nixos
phreedom has joined #nixos
mariusapo has joined #nixos
<mariusapo> hello every1
<mariusapo> i have a question
<gchristensen> sure
<gchristensen> ask away :)
<mariusapo> i tried to install nixos on my uefi,gpt with the last iso file burned on a usb stick,but when i type the systemctl start display-manager,nothing happen
Havvy has quit [(Quit: Computer Restarted or Restarting IRC)]
Havvy has joined #nixos
<unlmtd[m]> if you got the minimal iso then there's no gui
mkoenig has joined #nixos
<mariusapo> is the graphical iso file
seb_ has joined #nixos
<unlmtd[m]> try going to the tty on f7 maybe
<mariusapo> u mean to change from tty1 to another ?
seb_ has quit [(Client Quit)]
<Profpatsch> Hm, how do I list the libraries in scope in a nix shell?
arjen-jonathan has quit [(Ping timeout: 240 seconds)]
<Profpatsch> ./configure throws a “libz not found” error, but I definitely have zlib in buildInputs
<Profpatsch> So maybe it does strange things.
<Profpatsch> Oh, autoreconfHook was missing
<mariusapo> well,i guess that the graphical iso has a broke graphical display manager,coz is not running ...
davidak has joined #nixos
mariusapo has quit [(Quit: Page closed)]
<Acou_Bass> eey guys, im trying to update my kernel to see if it fixes an issue with my wifi card (spoiler: it does!) but for some reason i no longer have nvidia-drivers... i added line boot.kernelpackages = pkgs.linuxPackages_latest and have the already-existing services.xserver.videoDrivers = [ "nvidia-beta" ]; (i did try 'nvidia' but it gave me a kernel version conflict...) any chance i can get some aid in making this
<Acou_Bass> work? XD
<goibhniu> hi Acou_Bass, in what way does it not work?
<Acou_Bass> well, when i reboot it seems to default back to FOSS drivers (or at least, there is no nvidia-settings GUI and i have very bad gfx performance)
<Acou_Bass> and at no point in the nixos-rebuild switch did it seem to pull in the newer nvidia drivers
<goibhniu> was "nvidia" working for you before?
phreedom has quit [(Ping timeout: 255 seconds)]
<Acou_Bass> with the default kernel yes
<Acou_Bass> but with default kernel my wifi card doesnt work soo... hmm
<Acou_Bass> bearing in mind that with default kernel i was just using "nvidia" not -beta
<goibhniu> cool, so what about this kernel version conflict?
<goibhniu> which kernel are you using?
<Acou_Bass> ok so if i do the linuxPackages_latest line, this happens:
<Acou_Bass> (sec im pastebinning this as its a bit of a long one)
<Acou_Bass> http://termbin.com/t7gw <-- which is why i tried using the beta nvidia hehe
DutchWolfie has joined #nixos
DutchWolfie has quit [(Changing host)]
DutchWolfie has joined #nixos
<goibhniu> cool ... did you see if that's a more common problem?
<goibhniu> on other distros etc.
<goibhniu> which channel are you using?
<Acou_Bass> im using 16.09
<Acou_Bass> i dunno if its a common issue, didnt seem to be... arch for example uses nvidia-beta by default and latest linux kernel, but im not sure how they glue the two together
* goibhniu is using linux 4.9.9 with nvidia 375.26 FWIW
<goibhniu> on unstable
<goibhniu> maybe it's worth bumping the nvidia driver on 16.09? ... I don't know what the policy is for drivers on the stable release
<goibhniu> would be worth testing locally at least
<Acou_Bass> hmmm
<Acou_Bass> ill give it a bash later on then :) gotta shoot! thanks for the help ill bug y'all about it a bit more later on!
<goibhniu> super, good luck!
<gchristensen> Acou_Bass, goibhniu: we shouldn't upgrade the nvidia driver on 16.09 to 375 I think
<goibhniu> ah ok, I was thinking it would make sense to include the latest stable release of a driver in the stable channel, but then again we'd need to be sure it works with the default kernel
abcrawf has quit [(Remote host closed the connection)]
<goibhniu> AFAIK in an ubuntu release, they give you a few options ... maybe we should do it like that, default to whatever was current when the nixos release happened, then also make nvidia-latest available as an option, in addition to nvidia-beta
abcrawf has joined #nixos
eacameron has joined #nixos
<NixOS_GitHub> [nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vyeun
<NixOS_GitHub> nixpkgs/master 0bfbd03 Vladimír Čunát: dnsperf: init at 2.1.0.0
Shou has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
ThatDocsLady is now known as ThatDocsLady_afk
justbeingglad has joined #nixos
justbeingglad has left #nixos []
Shou has quit [(Ping timeout: 240 seconds)]
Havvy has quit [(Remote host closed the connection)]
Havvy has joined #nixos
iyzsong has quit [(Quit: bye)]
xwvvvvwx has joined #nixos
<Profpatsch> Fuuzetsu: I tried using flpsed, it seems to be very broken?
<Profpatsch> The menu doesn’t work
<Profpatsch> gs is not found (is a runtime execvp)
pi3r has joined #nixos
<NixOS_GitHub> [nixpkgs] mdaiter opened pull request #23103: stanchion: added test (master...stanchionTest) https://git.io/vye2S
eacameron has joined #nixos
<NixOS_GitHub> [nixpkgs] dtzWill opened pull request #23104: R/generate-shell: Use R from current tree, fix missing wget dep. (master...fix/generate-shell) https://git.io/vyeVv
Shou has joined #nixos
<NixOS_GitHub> [nixpkgs] vcunat pushed 2 new commits to release-16.09: https://git.io/vyeV0
<NixOS_GitHub> nixpkgs/release-16.09 2adafd9 Vladimír Čunát: fstrm: init at 0.3.1...
<NixOS_GitHub> nixpkgs/release-16.09 05db33f Vladimír Čunát: dnsperf: init at 2.1.0.0...
<gchristensen> nothing like starting a morning with 11 kernel builds
suvash_away has quit [(Ping timeout: 240 seconds)]
abcrawf has quit [(Ping timeout: 240 seconds)]
suvash_away has joined #nixos
abcrawf has joined #nixos
sheenobu has joined #nixos
<NixOS_GitHub> [nixpkgs] mdaiter opened pull request #23105: riak-cs: added test (master...riak_cs_test) https://git.io/vyer3
<NixOS_GitHub> [nixpkgs] jgeerds pushed 1 new commit to master: https://git.io/vyer4
<NixOS_GitHub> nixpkgs/master 11d8672 Jascha Geerds: idea-ultimate: 2016.3.3 -> 2016.3.4
cpennington has joined #nixos
<NixOS_GitHub> [nix] domenkozar pushed 1 new commit to 1.11-maintenance: https://git.io/vyeoI
<NixOS_GitHub> nix/1.11-maintenance 13fe83d Domen Kožar: bail out if macOS 10.9 or lower is used during installer...
mudri has joined #nixos
noctux has quit [(Quit: WeeChat 1.6)]
<NixOS_GitHub> [nixpkgs] Profpatsch opened pull request #23106: flpsed: ghostscript patch, fixes, new url (master...flpsed) https://git.io/vyeo2
xwvvvvwx has quit [(Ping timeout: 240 seconds)]
noctux has joined #nixos
<gchristensen> this is my life now, compiling kernels.
<sphalerite> jeaye: I was hoping on trying Q³, what's the easiest way to get it to build on nixos?
<sphalerite> gchristensen: compiling and assembling by hand? :D
<sphalerite> http://bootstrap-zero.tumblr.com/ comes to mind
<NixOS_GitHub> [nixpkgs] globin pushed 1 new commit to master: https://git.io/vyeKr
<NixOS_GitHub> nixpkgs/master 2749947 Robin Gloster: networking module: remove reference to removed ip-up.target
xeviox has joined #nixos
wizeman has joined #nixos
mkoenig has quit [(Ping timeout: 260 seconds)]
mkoenig has joined #nixos
Shou has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub> [nixpkgs] grahamc created revert-22890-mark-as-insecure (+1 new commit): https://git.io/vyeid
<NixOS_GitHub> nixpkgs/revert-22890-mark-as-insecure 59d61ef Graham Christensen: Revert "nixpkgs: allow packages to be marked insecure"
<NixOS_GitHub> [nixpkgs] grahamc opened pull request #23108: Revert "nixpkgs: allow packages to be marked insecure" (master...revert-22890-mark-as-insecure) https://git.io/vyeiN
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vyePe
<NixOS_GitHub> nixpkgs/master 0cfa40d Graham Christensen: Merge pull request #23108 from NixOS/revert-22890-mark-as-insecure...
<NixOS_GitHub> [nixpkgs] grahamc deleted revert-22890-mark-as-insecure at 59d61ef: https://git.io/vyePU
<gchristensen> oh my gosh, sphalerite
optimus42 has joined #nixos
<optimus42> hi
<gchristensen> hi
<optimus42> any idea if a pkg with golang 1.8 is available somewhere ?
Rotaerk has quit [(Quit: Leaving)]
<NixOS_GitHub> [nixpkgs] dtzWill opened pull request #23109: neo4j: update and fix JVM parameters in NixOS module (master...update/neo4j) https://git.io/vyePK
takle has quit [(Remote host closed the connection)]
<gchristensen> globin: I reverted to light a fire under me :)
Itkovian_ is now known as Itkovian
Seichi has joined #nixos
<globin> domenkozar: actually had one case where a user fixed something in nixos and had never used git \o/
ixxie has quit [(Quit: leaving)]
<globin> domenkozar: whoops was somewhere in a scrollback /o\ answered to something days old probably
<globin> gchristensen: I would have done that early enough \o/
erasmas has joined #nixos
<gchristensen> haha
<gchristensen> fair enough.
<gchristensen> it is okay, it is done now
<gchristensen> hrmm I found a bug in how github highlights nix code, a function can't start with `assert`
MercurialAlchemi has quit [(Ping timeout: 240 seconds)]
<LnL> optimus42: I don't think there is a pr for it yet
<NixOS_GitHub> [nixpkgs] fpletz pushed 3 new commits to master: https://git.io/vyeDM
<NixOS_GitHub> nixpkgs/master 66f5539 Franz Pletz: dhcpcd service: fix network-online.target integration...
<NixOS_GitHub> nixpkgs/master 4905c1c Franz Pletz: prosody service: needs working network connectivity
<NixOS_GitHub> nixpkgs/master a689c7c Franz Pletz: pythonPackages.xdot: fix wrapper
estewei has joined #nixos
takle has joined #nixos
mkoenig has quit [(Ping timeout: 260 seconds)]
mkoenig has joined #nixos
ThatDocsLady_afk is now known as ThatDocsLady
Shou has joined #nixos
<NixOS_GitHub> [nixpkgs] vcunat pushed 1 new commit to master: https://git.io/vye9X
<NixOS_GitHub> nixpkgs/master cb63a0b Vladimír Čunát: knot-resolver: maintenance 1.2.2 -> 1.2.3...
<NixOS_GitHub> [nixpkgs] vcunat pushed 1 new commit to release-16.09: https://git.io/vye9H
<NixOS_GitHub> nixpkgs/release-16.09 7d9e9c7 Vladimír Čunát: knot-resolver: maintenance 1.2.2 -> 1.2.3...
<NixOS_GitHub> [nixpkgs] coissac opened pull request #23111: diamond: init at 0.8.36 (master...diamond) https://git.io/vyeHG
Geraldus has joined #nixos
Geraldus has quit [(Client Quit)]
andsild has joined #nixos
alx741 has joined #nixos
ibrahims has quit [(Ping timeout: 240 seconds)]
Shou has quit [(Ping timeout: 260 seconds)]
ibrahims has joined #nixos
<hodapp> blaaargh. I wish I could find a way to not have to rebuild RStudio every single time I change the packages I make it depend on with the patch I had added (useRPackages)
<hodapp> it's a lot of C++...
<savanni> Have any of you gotten a scanner to work on nixos?
<hodapp> yeah
<hodapp> laptop isn't powered up now but I don't remember having to do anything special aside from adding some SANE drivers like described in https://nixos.org/wiki/Scanners
<savanni> hodapp: Do you have any advice? Google searches aren't giving me any successes. I have a scanner that sane-find-scanner detects, but can't seme to do anything.
<hodapp> likely just need hardware.sane.extraBackends
<domenkozar> globin: via github interface?
mkoenig has quit [(Ping timeout: 268 seconds)]
mkoenig has joined #nixos
<savanni> hodapp: Do you happen to know what the USB backend is?
<hodapp> savanni: it'll depend on the device; you'll likely have to search around
<savanni> okay, thanks
optimus42 has quit [(Remote host closed the connection)]
<copumpkin> niksnut: I improved the barfing behavior in that PR :) let me know what you think!
<goibhniu> savanni: I needed extra firmware for my espon snapscan
<goibhniu> ^epson
dbmikus has joined #nixos
roconnor has joined #nixos
<NixOS_GitHub> [nixpkgs] andsild opened pull request #23112: slock: added documentation to nixpkgs manual (master...wikislock) https://git.io/vyeN3
reinzelmann has quit [(Quit: Leaving)]
ixxie has joined #nixos
arjen-jonathan has joined #nixos
Itkovian has quit [(Ping timeout: 240 seconds)]
<savanni> @goibhniu: do I just need to pull a binary blob from Epson?
xeviox has quit [(Ping timeout: 260 seconds)]
<NixOS_GitHub> [nixpkgs] globin closed pull request #22634: dhparams module: initialize (master...dhparams) https://git.io/vDa8S
<NixOS_GitHub> [nixpkgs] abbradar closed pull request #12912: dhparams service: init (master...dhparams) https://git.io/vggHk
xadi1 has quit [(Ping timeout: 240 seconds)]
xadi has joined #nixos
tlotze has joined #nixos
katyucha has quit [(Quit: leaving)]
suvash_away has quit [(Ping timeout: 240 seconds)]
Shou has joined #nixos
proteusguy has joined #nixos
ryanartecona has joined #nixos
suvash_away has joined #nixos
<NixOS_GitHub> [nixpkgs] fpletz closed pull request #23082: graylog: update + module plugin support (master...graylog_update) https://git.io/vDhg1
griff_ has joined #nixos
<NixOS_GitHub> [nixpkgs] demin-dmitriy opened pull request #23113: opera: 42.0.2393.517 -> 43.0.2442.991 (master...opera) https://git.io/vyvvq
<goibhniu> savanni: I downloaded it and extracted it, and then added it to the config: nixpkgs.config.sane.snapscanFirmware = /firmware/esfw41.bin;
FRidh has quit [(Ping timeout: 240 seconds)]
<gchristensen> LnL: huge kudos on your launchd module
<LnL> I just copy pasted the launchd manpage :p
<gchristensen> I would not have had the fortitude to implement all the options & docs
<gchristensen> but been like "here, pass in your fully-formed perfectly correct plist"
<gchristensen> (in fact, that is what I did do, when I had my crappy version of what you've built.)
jgertm has quit [(Ping timeout: 255 seconds)]
<LnL> getting the nested attributes to work properly was a little harder, pasting the option descriptions in the description wasn't that much work
<LnL> I wish there was something similar for defaults
cpennington has quit [(Ping timeout: 260 seconds)]
danharaj has joined #nixos
MichaelRaskin has joined #nixos
teknico has left #nixos []
FPtje has quit [(Quit: Leaving)]
bennofs1 has quit [(Ping timeout: 240 seconds)]
pi3r has quit [(Ping timeout: 260 seconds)]
cpennington has joined #nixos
kampfschlaefer has joined #nixos
mguentner has joined #nixos
Shou has quit [(Ping timeout: 260 seconds)]
<NixOS_GitHub> [nixpkgs] leenaars opened pull request #23114: sha1collisiondetection: init -> git-20170221 (master...sha1collisiondetection) https://git.io/vyvq8
arjen-jonathan has quit [(Ping timeout: 240 seconds)]
<copumpkin> zimbatm: any reason you're not using the dockerTools to build your docker-nix-builder image itself?
<gchristensen> have you tried to use it? innocent.jpg
<pikajude> I wish buildImage worked on macos
<copumpkin> yeah I've used dockerTools for some simple stuff
<gchristensen> ah I'm thinking pullImage
<copumpkin> yeah, pullImage is kind of an iffy idea
<gchristensen> well and also it doesn't work
griff_ has quit [(Quit: griff_)]
<copumpkin> I thought the main issue was that the upstream hashes could change
<copumpkin> and often did
<gchristensen> it hasn't worked for over a year: https://github.com/NixOS/nixpkgs/issues/21651
<copumpkin> oh okay
<copumpkin> is lethalman okay? I haven't seen him around in ages
<gchristensen> [0__0]: seen lethalman
<[0__0]> Sorry, I haven't seen lethalman.
<gchristensen> :o
<pikajude> 0__0
<pikajude> i'm trying to work out how to set up a development environment using docker
<pikajude> with haskell it's confusing because it seems like you have to run builds in the container
<copumpkin> how else would it work?
<pikajude> all the "tutorials" online are using ruby or javascript
<pikajude> i guess it wouldn't
rodgort` has quit [(Quit: Leaving)]
<pikajude> but isn't building inside a container very slow
<sphalerite> gchristensen: oh your gosh? :p
<gchristensen> sphalerite: sorry?
<copumpkin> nope
<sphalerite> 15:43 < gchristensen> oh my gosh, sphalerite
<gchristensen> oh the bootstrap-zero
katyucha_ is now known as katyucha
roconnor has quit [(Ping timeout: 240 seconds)]
roconnor has joined #nixos
__Sander__ has quit [(Quit: Konversation terminated!)]
jensens has quit [(Ping timeout: 260 seconds)]
digitus has joined #nixos
jgertm has joined #nixos
ambro718 has joined #nixos
<copumpkin> domenkozar: you around? :) care to peek at my PR for friendly option handling in nix? :) :) :)
jgeerds has quit [(Remote host closed the connection)]
mudri has quit [(Ping timeout: 260 seconds)]
<NixOS_GitHub> [nixpkgs] FRidh closed pull request #22863: pygments: 2.1.3 -> 2.2.0 (staging...upd.pygments) https://git.io/vDyRp
Seichi has quit [(Quit: Konversation terminated!)]
rodgort has joined #nixos
timor has quit [(Ping timeout: 255 seconds)]
<NixOS_GitHub> [nixpkgs] globin pushed 1 new commit to master: https://git.io/vyvGO
<NixOS_GitHub> nixpkgs/master b707552 Robin Gloster: phpPackages.xdebug: 2.4.0RC3 -> 2.5.0...
<NixOS_GitHub> [nixpkgs] Profpatsch pushed 1 new commit to master: https://git.io/vyvGB
<NixOS_GitHub> nixpkgs/master 8e54fce Profpatsch: flpsed: ghostscript patch, fixes, new url...
ertesx has joined #nixos
bennofs1 has joined #nixos
endformationage has joined #nixos
ertes has quit [(Ping timeout: 260 seconds)]
ertesx is now known as ertes
andsild has quit [(Quit: leaving)]
athan has quit [(Remote host closed the connection)]
ambro718 has quit [(Ping timeout: 240 seconds)]
kyren_ has joined #nixos
<NixOS_GitHub> [nixpkgs] fpletz pushed 3 new commits to master: https://git.io/vyvnM
<NixOS_GitHub> nixpkgs/master 2da2731 Will Dietz: neo4j: 3.0.6 -> 3.1.1
<NixOS_GitHub> nixpkgs/master bc15b42 Will Dietz: nixos/neo4j: Update to default JVM options from current release....
<NixOS_GitHub> nixpkgs/master 4730993 Franz Pletz: Merge pull request #23109 from dtzWill/update/neo4j...
kyren has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub> [nixpkgs] zx2c4 opened pull request #23116: wireguard: 0.0.20170214 -> 0.0.20170223 (master...patch-1) https://git.io/vyvnS
<NixOS_GitHub> [nixpkgs] abbradar opened pull request #23117: nix service: try to downgrade schema (master...nix-downgrade) https://git.io/vyvnQ
fresheyeball has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub> [nixpkgs] fpletz pushed 1 new commit to master: https://git.io/vyvcu
<NixOS_GitHub> nixpkgs/master 67b4f72 Jason A. Donenfeld: wireguard: 0.0.20170214 -> 0.0.20170223...
<dtz> \o/ ty fpletz
ryanartecona has quit [(Read error: Connection reset by peer)]
ryanartecona has joined #nixos
<jeaye> sphalerite: I'd first try compiling it outside. It's quite old now and requires you to have a certain version of Rust.
<jeaye> sphalerite: It's also not much of a game, since I stopped developing it about 6 months in. It's likely only worth running if you want to tinker, borrow code, etc.
<NixOS_GitHub> [nixpkgs] joachifm pushed 1 new commit to master: https://git.io/vyvWo
<NixOS_GitHub> nixpkgs/master b92501f Joachim Fasting: grsecurity: 4.9.11-201702181444 -> 201702222257
sibi has quit [(Quit: Connection closed for inactivity)]
derjohn_mob has quit [(Ping timeout: 255 seconds)]
DutchWolfie has quit [(Quit: Konversation terminated!)]
<eacameron> Anyone, is it possible to change some of the systemd settings on a nixos module? I want to make the services.mysql systemd service enable auto restart on failure.
johnsonav has joined #nixos
<NixOS_GitHub> [nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyv4L
<NixOS_GitHub> nixpkgs/master be427d6 Vincent Laporte: ocamlPackages.sexplib: init at 113.33.00+4.03
ibrahims has quit [(Ping timeout: 260 seconds)]
ibrahims has joined #nixos
<NixOS_GitHub> [nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyv4r
<NixOS_GitHub> nixpkgs/master 63796fd Vincent Laporte: ocamlPackages.ppx_core: init at 113.33.01+4.03
<LnL> copumpkin: zimbatm: I recently ported part of my nix-docker repositoy to use the dockerTools
<copumpkin> how was it?
<copumpkin> eacameron: systemd.services.mysqld.whateversettingyoucareabout = ...
<eacameron> copumpkin: Aha, that's very neat.
<copumpkin> I think that will work, although there's a section that doesn't work
<copumpkin> we need to make serviceConfig into a submodule for it to merge settings inside it
<eacameron> copumpkin: I'll try it. How can I tell from the source what will and won't work?
takle has quit [(Remote host closed the connection)]
<NixOS_GitHub> [nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyvRs
<NixOS_GitHub> nixpkgs/master d6bc0c9 Vincent Laporte: ocamlPackages.ppx_optcomp: init at 113.33.0[01]+4.03
mog has quit [(Ping timeout: 240 seconds)]
digitalmentat has joined #nixos
goibhniu has quit [(Ping timeout: 240 seconds)]
<mbrock> I have a Hetzner server that I've been using as a Nixops slave, but now I want to stop using Nixops and just keep it as a regular NixOS computer, but it's not clear to me how to do this
ryanartecona has quit [(Quit: ryanartecona)]
pi3r has joined #nixos
bfrog has quit [(Ping timeout: 260 seconds)]
ryanartecona has joined #nixos
vandenoever has joined #nixos
<copumpkin> niksnut: any reason you attach four ephemeral drives to the standard EC2 AMIs?
arjen-jonathan has joined #nixos
mog has joined #nixos
<eacameron> copumpkin: Heh...systemd "Restart" config is in "serviceConfig"
<gchristensen> so when do we get over to sha512...
<eacameron> gchristensen: when sha1024 becomes the new recommendation. ;P
<gchristensen> lol
freusque has quit [(Quit: WeeChat 1.7)]
<gchristensen> LnL: do you use kwm?
<copumpkin> sha512 is not meaningfully more secure than sha256
<copumpkin> it's potentially faster to compute
<LnL> gchristensen: yes, I added it for a reason :)
<gchristensen> you like it?
eacamero_ has joined #nixos
eacameron has quit [(Ping timeout: 240 seconds)]
* gchristensen contemplates
hcury has joined #nixos
<LnL> it has some issues, but yes
<NixOS_GitHub> [nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyv2m
<NixOS_GitHub> nixpkgs/master 7ca9e67 Vincent Laporte: ocamlPackages.ppx_type_conv: init at 113.33.02+4.03
<eacamero_> copumpkin: gchristensen: I got disconnected...
eacamero_ is now known as eacameron
<eacameron> Oh message was never sent.
<eacameron> copumpkin: gchristensen: So is there no way to enable automatic restart on the mysql service? I need to sneak a setting into systemd.services.mysqld.serviceConfig.Restart
<copumpkin> possibly not easily :(
<copumpkin> there should be
<copumpkin> I'd make an issue about serviceConfig being a submodule
<copumpkin> would make a lot of stuff a lot better
<NixOS_GitHub> [nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyva3
<NixOS_GitHub> nixpkgs/master a9b0c95 Vincent Laporte: ocamlPackages.ppx_sexp_conv: init at 113.33.01+4.03
<NixOS_GitHub> [nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vyvaB
<NixOS_GitHub> nixpkgs/master 75b187b Vincent Laporte: ocamlPackages.eliom: adds ocamlbuild as a dependency
<eacameron> copumpkin: I'm not exactly sure what that means, so maybe you could make an issue?
<LnL> gchristensen: it's very unixy, as a vim user I really like khd
<gchristensen> nice
<gchristensen> I miss i3 on osx :/
reinzelmann has joined #nixos
<hcury> you guys should try notion wm, best wm i ve tried so far
wizeman has quit [(Quit: Connection closed for inactivity)]
hcury has quit [(Quit: Page closed)]
georges-duperon has quit [(Ping timeout: 255 seconds)]
suvash_away has quit [(Ping timeout: 240 seconds)]
<eacameron> copumpkin: Hm...yah it's not working.
suvash_away has joined #nixos
<eacameron> copumpkin: I wonder if I can add another service that triggers when mysql dies
sid_cypher has joined #nixos
phreedom has joined #nixos
<gchristensen> eacameron: can you paste what you've tried?
<eacameron> gchristensen: Sure
<eacameron> gchristensen: copumpkin: systemd.services.mysqld.serviceConfig.Restart = "on-failure"; # first attempt - has no effect.
<eacameron> gchristensen: copumpkin: systemd.services.mysqld.serviceConfig = { ExecStart = config.systemd.services.mysqld.serviceConfig.ExecStart; Restart = "on-failure"; }; # second attempt, infinite recursion
<gchristensen> check the journal, see what is says. also, to be sure -- you're `nixos-rebuild switching` between tests?
<copumpkin> eacameron: .mysql it turns out
<copumpkin> but it looks like it's doing a bunch of nontrivial prestart and poststart stuff
<eacameron> gchristensen: This is a nixops machine, but yeah I'm using systemctl show mysql
<copumpkin> that might get lost if you override it
<gchristensen> systemd.services.mysql.serviceConfig.Restart should work I think
<eacameron> gchristensen: copumpkin: Oh you're right, no d
<eacameron> gchristensen: copumpkin: Sure enough, it *appears* to be working. As in, Restart is now "on-failure" and yet ExecStart is still correct.
<copumpkin> oh fun
<copumpkin> I thought it didn't merge options properly
<copumpkin> perhaps that only matters if you have multiple keys of same name
<eacameron> copumpkin: Yah the mysql module doesn't set the serviceConfig.Restart attribute
<eacameron> So we might be lucky. ;)
<eacameron> copumpkin: gchristensen: Thanks very much for the assistance.
<copumpkin> \o/
<NixOS_GitHub> [nixpkgs] jwiegley pushed 1 new commit to master: https://git.io/vyvrK
<NixOS_GitHub> nixpkgs/master 6bbddcf John Wiegley: xcbuild: Guard a glibc-only postPatch with \!isDarwin
phreedom has quit [(Ping timeout: 240 seconds)]
arjen-jonathan has quit [(Ping timeout: 240 seconds)]
<copumpkin> niksnut, ikwildrpepper: I'm seeing some really weird behavior on the new amazon-init.service thing I made the other day
ryanartecona has quit [(Quit: ryanartecona)]
<copumpkin> basically, it switches the configuration successfully, but doesn't seem to start new units...
<copumpkin> I log in afterwards and run `nixos-rebuild switch` again (without changing configuration.nix), it does no nix build work whatsoever but starts new units
<copumpkin> I have no idea what would cause that
phreedom has joined #nixos
mudri has joined #nixos
<Dezgeg> maybe it stops the amazon-init.service as the first thing? :P
<copumpkin> nope, I prevent that from happening
<copumpkin> it does successfully start one "new unit"
<copumpkin> so it prints out "the following new units were started: systemd-vconsole-setup.service"
<copumpkin> "reloading the following units: dbus.service, firewall.service" (because I changed some stuff there)
<copumpkin> actually you might be right
fabian_a has joined #nixos
ronny has quit [(Ping timeout: 240 seconds)]
<copumpkin> nope, it prints out the final message saying "finished switching to system configuration ..."
<copumpkin> which is the last thing in switch-to-configuration.pl
fresheyeball has joined #nixos
Guest85325 has quit [(Ping timeout: 240 seconds)]
pierron has quit [(Ping timeout: 260 seconds)]
octe has quit [(Ping timeout: 260 seconds)]
fresheyeball has quit [(Ping timeout: 240 seconds)]
fresheyeball has joined #nixos
<MarcWeber> Why is using chromium from shell to open a second window so much slower than ctrl-n on an existing window? "reusing same instance" Is it because chrmium executable is 200mb in size?
<MarcWeber> xmessage appears almost instantly.
Khetzal has quit [(Remote host closed the connection)]
octe has joined #nixos
Khetzal has joined #nixos
<alibabzo> Hi guys, has anyone succeeded in using the compton user service?
<alibabzo> For me, it seems like it starts too early, as if I run it with autologin, my screen doesn't render properly.
<alibabzo> But if I disable autologin, and log in normally with LightDM, it seems to work fine.
<ToxicFrog> MarcWeber: if I had to guess, I'd guess because ctrl-N on an existing window just...creates a new window in the existing Chrome process
<ToxicFrog> Whereas running it from the shell starts up a chrome process from scratch, including loading and mapping the entire executable and all of its shared libraries, then checks if there's already a chrome running, finds it, sends an RPC to it, and exits.
<MarcWeber> ToxicFrog: AFAIK chrome does use its own process for each window / tab anyway for security and memory and whatnot reasons. chromium in shell prints: "Created new window in existing browser session"
georges-duperon has joined #nixos
<copumpkin> this is a systemd thing
pierron has joined #nixos
<copumpkin> if I create a user in the new config, it works fine
<LnL> sha1 collisions: https://shattered.it, does this we can use that for chromium and drop md5?
<NixOS_GitHub> [nixpkgs] romildo opened pull request #23119: idea.clion: 2016.3.2 -> 2016.3.3 (master...upd.idea) https://git.io/vyvPY
<copumpkin> LnL: ping aszlig
<copumpkin> okay, so it shows up as inactive and dead
<copumpkin> the service that should start
<copumpkin> something fishy is going on
<copumpkin> there also seems to be a "not-found" postgresql.service in `systemctl -a`, even though this is a brand new machine
arjen-jonathan has joined #nixos
<copumpkin> and I never asked for postgresql
<copumpkin> oh, httpd references postgresql.service in its After section
<copumpkin> o.O
<LnL> why?
jsgrant- has joined #nixos
<greymalkin> Anyone know a good tutorial on setting up a LAMP server configuration.nix? I've got "enablePHP=true;" but going to localhost/index.php wants to download the php file itself, rather than use it.
cpennington has quit [(Ping timeout: 260 seconds)]
<ToxicFrog> MarcWeber: yeah, but fork() is a lot faster than fork()-exec()
<gchristensen> one exec faster
xadi has quit [(Quit: Leaving.)]
<LnL> greymalkin: I have something like this for one of my services https://gist.github.com/LnL7/8717b88dc05a921ecc867ac119446f58
AllanEspinosa has joined #nixos
<MarcWeber> ToxicFrog: xmessage starts up very fast .. I opened an issue @ chromium - maybe it can be fixed easily.
freusque has joined #nixos
<MarcWeber> I guess that opening windows by shortcuts is something many people do - not just me.
<greymalkin> LnL: Thanks, but now it's just giving me a blank page due to -Indexes :(
<ToxicFrog> gchristensen: my point is that in-chrome doesn't need to exec, it just needs to fork
<gchristensen> yeah
<gchristensen> I know :)
<ToxicFrog> Whereas running it from the command line needs to fork the shell, then exec chromium from scratch, which is where all the expense comes in
<ToxicFrog> Aah
<MarcWeber> chromium & xmessage a
<MarcWeber> even though xmessage gets forked later it appears much faster ..
<MarcWeber> ctrl-n in chromium window opens new window almost instanty.
<gchristensen> it has to load all of chromium into ram
<gchristensen> whereas the ctrl-n forks, which does a lazy (copy-on-write?) duplication of the ram, it can be instantaneous
<ToxicFrog> MarcWeber: chrome is 500x as large as xmessage and has 5x as many dependencies
<copumpkin> LnL: I filed a bug
<MarcWeber> ToxicFrog: But maybe it can check for existing sesion before loading all the dependencies ..
<ToxicFrog> It is not at all surprising that xmessage starts up much faster
<ToxicFrog> MarcWeber: I mean DSO dependencies. Those are loaded by the executable loader, before the program starts executing.
<gchristensen> so it'd have to be a teeny loader thing that gets called and then spawns actual-chromium if it isn't running yet
<ToxicFrog> Which might actually be worth having
cpennington has joined #nixos
<ToxicFrog> I mean, chrome already has a launcher script that sets up a bunch of environment variables and stuff
<ToxicFrog> It can't be *that* hard to use dbus or something to check for a running chrome instance first, right?
<LnL> greymalkin: you have an index.php in your document root?
<MarcWeber> ToxicFrog: Yes - there must be a simple solution ..
<gchristensen> ToxicFrog: sorry, we must use different computers. everything easy is hard with my computers.
<greymalkin> LnL, Yes.
<MarcWeber> Even if its "using systemd" as service and writing a byte to a secket file :) or dbus or ...
<greymalkin> It's even 0777.
<LnL> gchristensen: and you changed /var/www to wherever the files are?
<LnL> greymalkin: ^
reinzelmann has quit [(Quit: Leaving)]
<greymalkin> yes [documentRoot = "${website}"]
<LnL> what release are you using?
wangoe has joined #nixos
<greymalkin> nixpkgs-unstable -- deployment via nixops for now.
ixxie has quit [(Ping timeout: 260 seconds)]
<greymalkin> I updated the channel two or three days ago.
<greymalkin> Ah! Typo.
<LnL> my machine uses 16.09 IIRC, maybe it's broken on master?
<greymalkin> Got it.
takle has joined #nixos
<clever> copumpkin: morning
<copumpkin> hi clever
<clever> copumpkin: did you see what i said about nix-store --dump and --restore lastnight?
<copumpkin> nope, but I've played with those separately
pingveno has quit [(Quit: Lost terminal)]
<copumpkin> oh, yeah
<copumpkin> but will /mnt/nix/var/nix/db be updated?
<MichaelRaskin> gchristensen: if you want real hash security, you want multiple hashes (SHA3 — original version — plus one other SHA3 finalist, for example)
<clever> copumpkin: nope
<clever> copumpkin: its pretty much just tar -c and tar -x
<copumpkin> that's generally my issue
<gchristensen> MichaelRaskin: good ol' gentoo style
<copumpkin> yeah
<copumpkin> this is my current stumper right now :) https://github.com/NixOS/nixpkgs/issues/23121
<copumpkin> why do I always get the obscure stuff
<clever> copumpkin: a secondary option is curl http://cache.nixos.org/foo.nar.xz | unxz | nix-store --restore
<MichaelRaskin> By the way, signing git commits has just been turned to ash
<copumpkin> MichaelRaskin: yay
<copumpkin> MichaelRaskin: although...
<copumpkin> it's not a preimage attack, so I can't go and find a collision with a sha1 you signed
<copumpkin> I can claim to sign one thing and then switch it out from under you without you being able to tell
<MichaelRaskin> That's true. For now.
<LnL> clever: I didn't know about --restore, that's useless
<gchristensen> I think I read a reason from #git why it wasn't that big of a problem yet
<LnL> useful I mean :)
<clever> LnL: yeah, you can now unpack any .nar.xz to a non-standard location for debug, without root
<copumpkin> anyone know a lot about how switch-to-configuration works? :) https://github.com/NixOS/nixpkgs/issues/23121 :) :) :)
<gchristensen> copumpkin: oh look, clever *runs away*
takle has quit [(Ping timeout: 260 seconds)]
<copumpkin> :P
<clever> LnL: and i can also see it being usefull as a tar replacement, when you dont care about uid/timestamp, but do care about reproducible hashes
<MichaelRaskin> copumpkin: actually, it's more complicated — I can commit a bait-and-switch and then switch it from underneath _your_ signed commit
<copumpkin> oh, yeah
<copumpkin> that'd work
* copumpkin whistles innocently
<clever> copumpkin: i have read the source for switch-to-configuration before
<copumpkin> I'm just waiting for someone to implement the attack with AWS's FPGA-as-a-service
<MichaelRaskin> For now, it is a million-dollar-attack, of course
<clever> copumpkin: aws has fpga services?
<LnL> clever: yeah, I've wanted a nar command (like tar) a bunch of times before
<MichaelRaskin> (well, between $50000 and $5000000, details are scarce)
<copumpkin> then after the FPGAs, someone's going to make a dedicated ASIC and it'll take a few hours and a a couple thousand dollars :)
<MichaelRaskin> Not how stuff works
<copumpkin> clever: yeah, they announced it at last re:Invent
<copumpkin> :P
<clever> copumpkin: neat, i could see this being of use for osme of my past projects
<MichaelRaskin> Two years later a group of Chinese PhD students release an attack that can be done on a desktop in a week
<copumpkin> yeah, once you find a crack, people start prying it wider and wider
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<MichaelRaskin> Actually, the current collision is an improvement on a long chain of attacks
<copumpkin> clever: anyway, thanks for the thoughts :) the db.sqlite is proving to be the most painful part of it though
<copumpkin> otherwise I can just rsync and so on
<MichaelRaskin> It's just that _usually_ people went on and calculated around a $1000 of computation time, and Google can afford going for hundreds-of-thousands-dollars attacks
pingveno has joined #nixos
<clever> copumpkin: yeah, db.sqlite is the biggest issue, i can check the source to see what turns up
ThatDocsLady has quit [(Quit: Arma-geddin-outta-here!)]
ndowens08 has joined #nixos
<copumpkin> I've been poking around at it, and my fakechroot thing still seems like my best bet
<clever> src/libstore/local-store.cc: string dbPath = dbDir + "/db.sqlite";
<copumpkin> there are some environment variables to tell it where to look for the store and the db
<MichaelRaskin> By the way, Discrete Logarithm, and so Diffie-Hellman key negotiation, is currently experiencing an avalanche of $100000 attacks
<gchristensen> I'm not so sure that signed git commits are useless
ryanartecona has joined #nixos
<clever> gchristensen: ah, one thing about git, is that it doesnt store differences
<copumpkin> gchristensen: you're still signing a particular snapshot of the repo, but history might change from under y ou
<clever> gchristensen: each commit is a snapshot of the entire state of the tree at that point in the commit
<MichaelRaskin> Doesn't mean I cannot swap an entire file
<copumpkin> yeah
<MichaelRaskin> Which your signed commit will inherit
<clever> copumpkin: so even if somebody swaps out a commit before mine, the git log will claim i just undid your changes, enless you can collide a whole file
<copumpkin> well, you'd be modifying a blob referred to by the tree object
<gchristensen> ah, right
<MichaelRaskin> For now the question is just about cost — a million-dollar attack is not something you want to use left and right
<clever> MichaelRaskin: hmmm, if you can swap out a single file within the tree, it would have to be a hash you previously commited, and nobody has since modified
<copumpkin> until we get the FPGAs and dedicated hardware (assuming nobody improves efficiency of algorithm)
<clever> MichaelRaskin: id think git blame would still trace it back to you
<copumpkin> yeah
<MichaelRaskin> With the current attack, yes
<copumpkin> well, I doubt a preimage attack got any likelier as a result of this
<copumpkin> MD5 is still pretty solid against that
<copumpkin> yup
<clever> copumpkin: so if you can change the state directory when the store gets instantiated, you can make it run against a different db.sqlite
<clever> --export and --import might help here
<gchristensen> so there was this tool I saw today (there is a PR for it) that can detect sha1 collisions
<gchristensen> how ...?
<copumpkin> yeah, I tried passing in the relevant environment variables but it didn't seem to like me
<LnL> btw, does anybody know how nix-channel is implemented?
<gchristensen> LnL: stable? perl
<clever> copumpkin: let me try a few things...
<MichaelRaskin> gchristensen: well, this attack requires you to put quite weird junk in some part of the file
<LnL> gchristensen: it's in nix?
<MichaelRaskin> That junk doesn't normally appear out of the blue
<clever> MichaelRaskin: many binary files like pdf have dead space that you can insert the junk into without any effect
<clever> and git doesnt have any way to diff the binary in a meaningfull way, so nobody can tell what happened
<MichaelRaskin> clever: I _know_, but that junk can be _checked for_
<clever> id say, no binary files in git, period
<gchristensen> MichaelRaskin: by being aware of all conceivable file formats?
<clever> commit the latex and a nix file for building it into a pdf
<MichaelRaskin> Nope
<clever> then you dont need special tools to review it
Sonarpulse has joined #nixos
<gchristensen> looking for high entropy sections?
<MichaelRaskin> The attack needs garbage with specific properties
k0001 has joined #nixos
<copumpkin> magic garbage \o/
<MichaelRaskin> I don't think it is just entropy, I think it is interaction with SHA rounds
<gchristensen> huh
<clever> probably has to be aligned to a certain offset at least
<MichaelRaskin> Ouch. We have a lot of SHA1 fetchurl in NixPkgs
<MichaelRaskin> Most of them are generated, of course
<clever> MichaelRaskin: better open a new https://github.com/NixOS/nixpkgs/issues/4491
<gchristensen> the vast, vast majority are generated
<MichaelRaskin> So many that it is hard to see if there are manually written ones
<MichaelRaskin> But — there are _many_ different generators
<gchristensen> incoming paste
<MichaelRaskin> 2 pkgs/applications/audio/cdparanoia/default.nix
<MichaelRaskin> pkgs/applications/graphics/gcolor2/default.nix
<k0001> People, how do I set the `leaveDotGit` seen here to something, from the Hydra jobset config, so that the `.git` folder is not removed? https://github.com/NixOS/hydra/blob/dedcb76bedbb0c2fb43e18a5b7e58f3fcf2db0d6/src/script/nix-prefetch-git#L211
<MichaelRaskin> Sounds like there are manual ones
timor has joined #nixos
<clever> k0001: do you just need the git revision its from, or are you trying to get the git logs?
<k0001> clever: I need the git revision.
<greymalkin> At some point, I ran across a derivation setting that would reproduce the same output hash each time (so that, e.g. during development you don't clog up your drive with transient builds of the same source tree) but I can't find it again.
<clever> k0001: hydra passes that in as an argument
<gchristensen> greymalkin: nix does that by default, same input -> same output
suolrihm has joined #nixos
<MichaelRaskin> Ouch
<suolrihm> hello everyone
<clever> k0001: every input you list in hydra is passed to the main nix file you set in the jobset config, as an attribute set like this
<greymalkin> gchristensen: I know, but this seemed to be different input->overwrite same output or some such.
<MichaelRaskin> Looks like the sollision-detecting sha1 just builds the collision, if the files is one half of a collision
<clever> k0001: so if your release.nix has { nixpkgs }:, you can get the revision at nixpkgs.shortRev
<gchristensen> MichaelRaskin: sorry?
<MichaelRaskin> Well, when you generate a collision, you generate two files which have a very specific pattern of differences and a very specific pattern in each of the files
<MichaelRaskin> Apparently, sha1collisiondetection
<k0001> clever: hmm... ok, this might work. What about outPath and revCount? What are those?
<MichaelRaskin> just tries to build the second file out of the input file
<copumpkin> MichaelRaskin: what's your github username a hash of? :P
<copumpkin> (truncated)
<pikajude> i don't think it's that
<clever> k0001: revCount is the total number of commits i believe, and outPath allows you to treat that nixpkgs attrset as a normal path
derjohn_mob has joined #nixos
<MichaelRaskin> copumpkin: only true randomness, only true madness
<k0001> clever: OK, thanks! I'll give this a try..
<MichaelRaskin> (which is true for more than one my GitHub username)
<copumpkin> :P
<suolrihm> im sorry to interrupt you, but i got a little problem with the steam controller and (i think so) udev. anyone experienced with this?
timor has quit [(Ping timeout: 255 seconds)]
<clever> suolrihm: i had a chance to mess with it a bit, i had to chmod the usb dev node under /dev/bus/usb/ so the user has r/w perms
<clever> suolrihm: but i no longer have access to it, and forgot to make any PR's
<clever> suolrihm: udev rules would automate fixing the permissions every time it gets plugged in
<MichaelRaskin> gchristensen: collision check checks for a very special inner state of the SHA1 procedure
<suolrihm> damn...
<clever> suolrihm: the simple fix is to just find its bus and device number in lsusb, then give yourself read permissions to its entry under /dev/bus/usb/, though that will have to be repeated each time you plug it in or reboot
<MichaelRaskin> copumpkin: by the way, I am not sure that a correctly prepared file cannot be used for generating a collision even after someone edits an unrelated part.
<MichaelRaskin> Not a full preimage
<MichaelRaskin> clever: suolrihm: the simple solution is to give your self +rw on _all_ USB nodes
ibrahims has quit [(Ping timeout: 260 seconds)]
<suolrihm> im just kinda confused: i got a little .nix file, containing the udev rule (copy by forkk13). it worked but after switching to another pc i stopped working. lsusb output and .nix entrys are matching
<clever> suolrihm: can you pastebin that nix file?
<clever> suolrihm: and your in the wheel group on this new machine?
<suolrihm> yes
AllanEspinosa has joined #nixos
<clever> suolrihm: and if you look in /dev/usb/, what are the permissions and user/group of the node for that usb device?
<clever> copumpkin: so if i run nix-store --import and set the right vars, i can see it unpacking to /tmp/mnt/nix/store/nix-22852-0/unpacked, but it then fails to move it to the store for unspecified reasons
takle has joined #nixos
<NixOS_GitHub> [nixpkgs] ixmatus opened pull request #23122: go: Adding a derivation for the 1.8 Go compiler (master...parnell/add-go1.8) https://git.io/vyv7S
suolrihm has quit [(Remote host closed the connection)]
Itkovian has joined #nixos
ilyaigpetrov has quit [(Quit: Connection closed for inactivity)]
takle has quit [(Ping timeout: 240 seconds)]
suolrihm has joined #nixos
<NixOS_GitHub> [nixpkgs] matthiasbeyer opened pull request #23123: [doc] Add example on how to override compile flags for a package (master...doc-override-compileflags) https://git.io/vyv5K
anelson- has joined #nixos
<suolrihm> permissions: crw
<NixOS_GitHub> [nixpkgs] womfoo opened pull request #23124: asterisk: use fetchsvn for vendored library (master...fix/asterisk-build) https://git.io/vyvdY
mudri has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub> [nixpkgs] pSub pushed 1 new commit to master: https://git.io/vyvdW
<NixOS_GitHub> nixpkgs/master 04dcda3 Pascal Wittmann: homebank: 5.1.3 -> 5.1.4
<gchristensen> copumpkin, MichaelRaskin: https://lobste.rs/s/dmmafs/shattered/comments/uktnsg#c_uktnsg
AllanEspinosa has quit [(Ping timeout: 240 seconds)]
ronny has joined #nixos
<gchristensen> https://lobste.rs/s/dmmafs/shattered/comments/ctbspq#c_ctbspq and the reply are interesting too
<NixOS_GitHub> [nixpkgs] bjornfor pushed 1 new commit to master: https://git.io/vyvdd
<NixOS_GitHub> nixpkgs/master 52eab03 Bjørn Forsman: spotify: 1.0.49.125.g72ee7853-83 -> 1.0.49.125.g72ee7853-111
<NixOS_GitHub> [nixpkgs] bjornfor pushed 1 new commit to release-16.09: https://git.io/vyvFe
<NixOS_GitHub> nixpkgs/release-16.09 afd8c9d Bjørn Forsman: spotify: 1.0.49.125.g72ee7853-83 -> 1.0.49.125.g72ee7853-111...
<NixOS_GitHub> [nixpkgs] pSub created mast at c160454 (+0 new commits): https://git.io/vaG0W
mudri has joined #nixos
cgdub has joined #nixos
cgdub has quit [(Remote host closed the connection)]
<viric> gchristensen: nice
<gchristensen> yeah, definitely
AllanEspinosa has joined #nixos
georges-duperon has quit [(Ping timeout: 255 seconds)]
<LnL> I guess that's a valid point, you generally only fetch from thrusted sources
<LnL> and we still verify the result afterwards
<gchristensen> well so they also are saying you should be reviewing everything you pull, which is obviously not realistic
ibrahims has joined #nixos
<viric> gchristensen: I like the sentence in https://mikegerwitz.com/papers/git-horror-story.html : "This means that signing the SHA1 hash of that commit, assuming no security vulnerabilities within SHA1, will forever state that the entire history of the given commit, as pointed to by the given tag, is trusted."
<gchristensen> hehe yes
ambro718 has joined #nixos
<tnks> man... I tried to make a license report all in Nix.
<tnks> and I was so close
<gchristensen> oh?
<tnks> but I ran into an unexpected problem.
<tnks> listToAttrs is very conservative, and won't allow me to use a string form of a derivation as a key for a set.
<tnks> probably to try to assure that Nix expressions are reproducable.
<tnks> but it lets me use them as values, and in other data structures, so I'm really unconvinced this is a safety mechanism of much worth.
k0001 has quit [(Ping timeout: 240 seconds)]
<tnks> it just makes it harder for me to do an efficient lookup.
jgertm has quit [(Ping timeout: 260 seconds)]
<tnks> I can encode a set as a list of lists... it will just be slow.
<gchristensen> tnks: you sure? you can't use `"${toString drv}" = ....`?
suolrihm has quit [(Quit: Leaving)]
<tnks> gchristensen: let me try that.
<tnks> maybe it bybasses this check.
<gchristensen> what is the "check"? I don't know of such a check. what was the error?
<tnks> gchristensen: it's hard-coded into the implementation of listToAttrs as a builtin.
<tnks> gchristensen: yeah, that doesn't work either.
<tnks> (they really covered their bases)
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<tnks> gchristensen: it might even go through the same code path.
<gchristensen> neat...
<gchristensen> I had no idea
<clever> viric: one thing i can see as making the sha1 stuff harder to exploit, "git pull/fetch" wont re-download an object you already have
<tnks> gchristensen: I'm really unconvinced this protection is needed.
hiratara has quit [(Ping timeout: 240 seconds)]
<tnks> can someone explain why it's a good idea?
<clever> viric: so if an attacker replaces an object on the remote git server, your git client wont download it, because you already have an "identical file" on your machine
<clever> viric: but the same applies to github, you cant upload a blob that github already has in the project, so i cant see it being abused easily
<gchristensen> tnks: well it seems not specifically applied to listToAttrs, it is a generic error
<gchristensen> but I don't know why it is there
<viric> clever: all goes through trusting github though
<viric> clever: that can be hacked
<gchristensen> a key part which was missed in the security of git, in linus's eyes is this:
<clever> viric: yeah, if github was somehow hacked, you would have a hard time noticing this issue, because your own git client wont re-download the modified blob
<gchristensen> guh where did it go
<clever> viric: so you can only see it on the web ui, or with a fresh git clone
<viric> clever: be it a new commit
<gchristensen> basically, reading every commit you pull down
<clever> viric: it could be anything from a modified commit, directory, or file
Itkovian_ has joined #nixos
<clever> viric: but in all of those cases, it has the same sha1 as its ID, so the local git client will think its the original you had to begin with, and wont download the modified one
Itkovian has quit [(Ping timeout: 240 seconds)]
bennofs1 has quit [(Ping timeout: 240 seconds)]
hiratara has joined #nixos
roconnor has quit [(Ping timeout: 255 seconds)]
pi3r has quit [(Quit: Nettalk6 - www.ntalk.de)]
<viric> clever: I mean a new commit you don't have, with files you don't have either
<clever> this is also something i noticed that gentoo did differently, every file portage can download has 3 hashes on it, a sha256, a sha512, and a Whirlpool hash
roconnor has joined #nixos
<clever> viric: to keep the chain of commit hashes intact, and to subvert the signatures, you need to hash collide against the sha1 of the commit
<viric> clever: a sha1 hash of the file is enough, isn't it?
<viric> of one file in the tree
<clever> viric: yeah, if you can collide one file in the tree, then you can swap out its contents in every commit that references that exact version of the file
<ibrahims> hello people, i'm getting dropped connections after a connection burst. there doesn't seem to be much contention in memory or cpu but there must be some other limitation that i'm not aware of. i've tried to adjust the file descriptor limit with `serviceConfig.LimitNOFILE` after a suggestion here but it didn't help either. can some one help me identifiy what is going on? the machine is running nginx +
bennofs has joined #nixos
<ibrahims> haproxy. haproxy comes with marathon and knows how to load balance, nginx is there handling the ssl and some other rules that i know how to adjust. after i deploy a new version things go nuts with connection count. nginx manages to survive and returns 502 getting `connection error` with haproxy in upstream. i suspect its about tcp TIMED_WAIT or something related since things settle down in about 3
<ibrahims> minutes. can i please get some help?
<clever> viric: but anybody who already downloaded that version wont re-download it, because git assumes that if the sha1 matches, it already has a copy
<viric> clever: fine
<clever> viric: so an old git clone and a new git clone can produce 2 different trees for the exact same commit
AllanEspinosa has joined #nixos
<viric> clever: as if there weren't nixpkgs clones nowadays
takle has joined #nixos
<viric> clever: yes.
<viric> clever: and whom to blame if that happens?
<clever> and similarly, github shouldnt accept a new version of an object being uploaded
<viric> gpg signing commits does not help
<clever> so it should stick to whatever version it got first
<ibrahims> sorry to barge in again.
<gchristensen> sorry ibrahims, I have no idea how to help. anything in the journal?
<viric> clever: I mean a malicious github or a malicious inside-github person
<gchristensen> can anyone help ibrahims / get back to git security afterward? :P
<clever> viric: yeah, in that event, they can swap things out, and you cant notice by doing a git pull
hopio3151 has joined #nixos
<NixOS_GitHub> [nixpkgs] domenkozar pushed 1 new commit to master: https://git.io/vyvht
<NixOS_GitHub> nixpkgs/master afb7d04 Domen Kožar: elmPackages: fix #22932
<clever> viric: you would have to re-clone the entire project, and compare every blob in the history
<viric> ibrahims: there is always a limit on file descriptor
<viric> clever: so go image. what a mess. That's for any file in any git repository, no matter when it was committed :)
<ibrahims> journal has some rejected connections but i'm not sure if it is related.
<clever> viric: yeah
<ibrahims> viric: can i but it really high?
<ibrahims> set*
<viric> ibrahims: 1024 here
<viric> ibrahims: 4096 hard limit, 1024 soft limit
<gchristensen> that is way too low
<gchristensen> for any reasonably busy server
<viric> that's per process
<gchristensen> yes
<ibrahims> i've tried setting it to something higher than 4096 with security.pam.loginLimits
cpennington has quit [(Remote host closed the connection)]
<ibrahims> but that seems to be max
<ibrahims> ulimit -Hn does not change afterwards
<ibrahims> or -Sn
<ibrahims> there is no way to increase it any further?
<gchristensen> ibrahims: you need to set limits with systemd's service on haproxy / nginx
<viric> I don't know
<viric> cat /proc/sys/fs/file-max
<gchristensen> ibrahims: systemd.services.haproxy.serviceConfig.LimitNOFILE = 8192;
<gchristensen> ibrahims: systemd.services.nginx.serviceConfig.LimitNOFILE = 8192; etc. also look in to tuning nginx and haproxy's configs
<ibrahims> actually haproxy runs inside a docker container. i've tried to increase the limits on the service spawning the haproxy container. namely mesos-slave. but it didn't help either
<ibrahims> is there a limit with docker that you're aware of ?
<copumpkin> I want SAAS, or shlevy-as-a-service
<copumpkin> I guess that has a name
<gchristensen> "work-for
<gchristensen> hire"
<copumpkin> yeah something like that
<copumpkin> dammit, it all keeps coming back to needing to be rich
<viric> clever: is it so hard to change git to a new hash? Everyone can rehash the whole repo and go on from that
indi_ has joined #nixos
<viric> That reminds of "svn upgrade" :)
<gchristensen> copumpkin: or have other goods and services you can exchange for shlevy's time
<copumpkin> shlevy: I have a lot of olives
<copumpkin> like many many giant jars of kalamata olives
<gchristensen> you could hire my wife for several hours in exchange, for sure
<clever> viric: in theory, you could, but it would invalidate every git commit hash out there, and also invalidate all of the existing signatures in the git history
<copumpkin> and it makes all the current forks painful to merge back in
<clever> viric: enless you keep the old sha1 hashes for backwards compat, and then somebody can just insert a sha1 object and exploit away
<copumpkin> all open PRs break, etc.
<clever> viric: same reason all modern servers reject ssl 3.0 connections, you can perform a downgrade attack via mitm, before either end has been verified with certs
<shlevy> :D That was a very confusing notification
<copumpkin> I do my best
<ibrahims> well, sorry if i'm not supposed to be asking this here. you're not supposed spare your time for this, but i really enjoyed setting up this server with nixos 5 months ago, now the business is blooming but this dawned on me like a nightmare. do you think i should give up on juggling this?
AllanEspinosa has quit [(Ping timeout: 255 seconds)]
<gchristensen> ibrahims: (1) please don't use threats to stop using nixos as a way to obligate us to help. (2) I didn't realize you were using nixos to start docker, and haproxy and friends were running inside docker. you should try increasing the open file limits for docker, using systemd.services.docker.serviceConfig.LimitNOFILE
fabian_a has quit [(Ping timeout: 240 seconds)]
<shlevy> clever: The existing signatures in the git history are already invald :P
<clever> shlevy: pretty much
<gchristensen> remember that a single signature on the tip commit is effectively signing _all of the history_
<gchristensen> so the historic commit signatures are not specifically important
<clever> shlevy: i hear there are ways to check files to see if they have signs of being used for a collision, but those signatures may change in the future
<shlevy> What I dont' understand is why this conversation is happening today
<gchristensen> shlevy: a sha1 was created by google
<shlevy> Google's announcement is big news
<shlevy> But it's not at all *surprising*
<gchristensen> yeah it isn't
<copumpkin> sure, I was petitioning to deprecate sha1 a while ago :P
<copumpkin> in nix that is
<copumpkin> but nobody cared
<clever> ive been using sha256 and 512 on things since 2 years ago
<copumpkin> now people care :D
<shlevy> Nah, we've got security through obscurity
<shlevy> We're good
<copumpkin> oh fair enough, let's go home
<ibrahims> well, it wasn't a threat to stop nixos. i meant the friends of docker and haproxy. maybe there is no healthy way to run a server in this configuration and i should simplify that part. but everytime i mention docker people stop responding, i felt like people don't take it seriously and i must be dumb to hope that this would work. whatever. i'll try the docker.serviceConfig.
* gchristensen goes shopping
<copumpkin> ibrahims: I doubt it's a "taking it seriously" thing, as much as we don't use it all that much
<copumpkin> mostly because many of the use cases (not all) people use docker for, nix also does differently
<clever> copumpkin: aha, so nix-store --import goes thru this code path, one step closer to finding out why it fails: https://github.com/NixOS/nix/blob/master/src/libstore/local-store.cc#L912-L923
<copumpkin> clever: thank you so much for exploring :) I'd love to not have to use fakechroot
<shlevy> It would be interesting to leverage the Google approach to create a POC subverted codebase
<gchristensen> also a lot of these issues may be easier debugged by the channels for that project: #docker, #nginx, #haproxy, ##linux
<copumpkin> of course, I'm still being thwarted by not being able to get build-time depenednecies
<copumpkin> but one thing at a time...
<copumpkin> I still think my _approach_ to nixos-install is a lot nicer
<copumpkin> even if it doesn't work yet :P
<gchristensen> no doubt :)
fabian_a has joined #nixos
vandenoever has quit [(Ping timeout: 240 seconds)]
kampfschlaefer has quit [(Ping timeout: 268 seconds)]
<clever> copumpkin: looks like i'll need to build nix to debug this further
<viric> Why are we using hashes so close to the date when they will be cracked?
<copumpkin> don't feel like you have to :) I'll figure it out eventually, but I'm mostly going with fakechroot until someone gives me good reason not to
<viric> there has been md5, sha1, ...
<clever> copumpkin: i still need to figure out why this doesnt work!, lol
AllanEspinosa has joined #nixos
<viric> Don't tell me that a sha256 crack is expected in 5 years :)
sellout- has quit [(Quit: Leaving.)]
kampfschlaefer has joined #nixos
<viric> same applies for rsa 1024, dsa, rsa 2048, ...
fabian_a has quit [(Ping timeout: 240 seconds)]
<shlevy> Thinking about switching to monotone for all my projects until git catches up :P
<shlevy> viric: Are you still a fossil fan?
<viric> shlevy: yes; it uses sha1
sellout- has joined #nixos
<shlevy> :o
<viric> well, I didn't like fossil because of sha1
<viric> I liked it because it was easy to use
<shlevy> My cpu has friggin sha256 instructions
<shlevy> why are we using sha1 :(
<viric> well, anything new you build, prepare it for a cryptohash switch any time in the future
vandenoever has joined #nixos
<clever> shlevy: if something in nix gets compiled to take advantage of that opcode, it will just not run at all on other cpu's, and now the binary cache needs 2 copies of every build
<viric> shlevy: I hate that sha256 is the slowest of all cryptohashes
<viric> twice slower than sha512
<viric> And many people has a big preference for sha256, making all slow
<shlevy> If I were making something new today, I'd start with sha3-512
<shlevy> And make it expect to upgrade hashes
<clever> shlevy: the approach ive seen in gentoo, is to put several hashes on the object at once
<clever> shlevy: it appears to be using sha256, sha512, and whirlpool, for all of its "fixed-output style" downloads
<viric> someone could think of a flexible string that contains one or multiple hashes
sellout- has quit [(Ping timeout: 260 seconds)]
<viric> like some kind of magnet link
<clever> it will be much much much harder to collide 2 or 3 hashes at once
<shlevy> It seems that if by much harder you don't mean "take until the lifetime of the universe" it's not hard enough :P
hiratara has quit [(Quit: ZNC - http://znc.in)]
<viric> Let's replace fetchurl src by a big magnet link full of hashes and urls
<viric> that nix-prefetch-url will provide
<gchristensen> sounds usable :|
<shlevy> Nah
<gchristensen> a big feature of fetchurl is you can see if the root of the URL changed
Itkovian_ has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<shlevy> Just store tarballs on nixos.org
<shlevy> And everyone trust them
hiratara has joined #nixos
<viric> if they can reach THAT nixos.org :)
<shlevy> :)
<gchristensen> makes it easy to approve a PR if all that changed was a version string and the sha256, and nothing in the URL
<shlevy> Ensure all the software on your computer is compiled by a compiler that machine-checks a proof of safe behavior
<gchristensen> lol let's rewrite computers in coq
<shlevy> (of course, you built the CPU by hand and bootstrapped your compiler)
<copumpkin> shlevy: while you're here (yes it's my fault, sorry), perhaps you might have some idea about this super mysterious issue? https://github.com/NixOS/nixpkgs/issues/23121
<copumpkin> :P
<shlevy> copumpkin: not sure, but is it wanted-by the relevanttargets?
<gchristensen> I think the multi-hash option is pretty good, actually, but I suspect nix would be tricky to patch for that
<copumpkin> shlevy: yeah, literally running `nixos-rebuild switch` again with no changes decides to start it
<shlevy> :/
<copumpkin> my one guess is that something about it running early in the boot
<copumpkin> the first time it nixos-rebuild switches
<copumpkin> stops it from noticing that there are units to start
<spacekitteh> gchristensen: my previous job was proving a microkernel formally bug free
<spacekitteh> gchristensen: it's doable
<gchristensen> neat...
<viric> shlevy: isn't monotone using sha1?
<shlevy> viric: is it? I just have it in my head as "that super secure VCS"
wangoe has quit [(Ping timeout: 240 seconds)]
<spacekitteh> gchristensen: one of the things we're eventually gonna look at it using Nix on Genode on seL4 (the microkernel)
<shlevy> MichaelRaskin: You're the monotone fan right?
<gchristensen> neat :D
<gchristensen> that sounds amazing, spacekitteh
<spacekitteh> by eventually i mean like 5 years from now due to the government hating science
<spacekitteh> so our funding is a trickle
<gchristensen> gotcha
<gchristensen> :(
<shlevy> viric: Prescient :D
thc202 has quit [(Ping timeout: 240 seconds)]
<shlevy> Maybe they knew something we didn't
<viric> shlevy: but you were the one saying "not at all surprising" :)
<shlevy> Sure
<viric> the first vcs cracked, monotone
<viric> that'd be nice :)
<shlevy> But that conversation was this week
<NixOS_GitHub> [nixops] NotBrianZach opened pull request #610: Libvirt ip fix (master...libvirtIpFix) https://git.io/vyfT8
<spacekitteh> gchristensen: did i dream it, or is there a makefile -> nix compiler?
<gchristensen> I've never heard of that
<clever> copumpkin: aha, the 1.11.6 source of nix is fairly different in this region
<NixOS_GitHub> [nixops] NotBrianZach closed pull request #610: Libvirt ip fix (master...libvirtIpFix) https://git.io/vyfT8
<viric> shlevy: not only this week - it was a monotone mailing list (10 letters every month). What are the chances?
sellout- has joined #nixos
<viric> shlevy: the most active month. Could be 1 letter every month
<spacekitteh> gchristensen: hmm ok. i wanna look at nix/ninja integration too
<NixOS_GitHub> [nixpkgs] Ma27 opened pull request #23125: nodejs: 7.2.1 -> 7.6.0 (master...update/nodejs-v7) https://git.io/vyfTN
ldng_ has joined #nixos
<copumpkin> ninja already works inside nix builds
<elasticdog> viric: you could use something like ipfs's multihash to self-describe the hash and make it easier to change in the future
<spacekitteh> copumpkin: i mean like, converting nix expressions to ninja files and visa versa
<copumpkin> oh
* spacekitteh is a compiler nerd
<copumpkin> scary :)
<copumpkin> shlevy: is there some sort of debug mode for switch-to-configuration.pl where I can see a transcript of what it does?
<copumpkin> one of the few times I wish it were written in shell, so I could set -x
<spacekitteh> i was looking at the Nix expression library code last night. it's a horrific example of why functional languages should be used to write compilers/interpreters, instead of C++ :P
<copumpkin> yep
<copumpkin> although I'd be fine with rust
<copumpkin> would be a more straightforward trnaslation
<spacekitteh> does rust have pattern matching?
<copumpkin> yeah
<spacekitteh> ADTs?
<copumpkin> yeah
<spacekitteh> huh ok
<copumpkin> algebraic
<spacekitteh> might look into it then
<spacekitteh> yeah
<Nafai> I've used Rust to write an interpreter, it was pretty nice
<shlevy> copumpkin: No idea
<savanni> I'm a dedicated Haskell programmer and am kinda looking for excuses to learn Rust.
<viric> elasticdog: anything would do, yes.
ldng_ has quit [(Client Quit)]
<shlevy> copumpkin: But probably not
* spacekitteh puts on her coding hat
danharaj has quit [(Ping timeout: 255 seconds)]
<clever> copumpkin: aha, its complaining that /tmp/mnt/nix/store isnt a sub-dir of /nix/store
<shlevy> It's right about that!
<copumpkin> :o
<copumpkin> quietly complaining?
<clever> NIX_STORE_DIR=/tmp/mnt/nix/store ... error: path ‘/nix/store/kk71vkqipf30qc165718jmp0s8cggn2y-glibc-2.24’ is not in the Nix store
<shlevy> viric: That monotone article suggesting you just be sure to use a trusted communication channel is silly
<NixOS_GitHub> [nixpkgs] NeQuissimus pushed 2 new commits to master: https://git.io/vyfkd
<NixOS_GitHub> nixpkgs/master 18c2be2 Tim Steinbach: kernel: 4.9.11 -> 4.9.12
<NixOS_GitHub> nixpkgs/master 82aae8f Tim Steinbach: kernel: 4.4.50 -> 4.4.51
* spacekitteh ponders rewriting libexpr in haskell
<shlevy> viric: You *also* have to trust that everyone you're communicating with has the same standards
<shlevy> spacekitteh: hnix
<clever> copumpkin: oh wait, i think i see the problem
<spacekitteh> shlevy: heh
<spacekitteh> shlevy: i'm quite interested in guix
<clever> copumpkin: because of NIX_STORE_DIR, nix believes the store will be at /tmp/mnt/nix/store, at runtime!
<NixOS_GitHub> [nixpkgs] NeQuissimus pushed 2 new commits to release-16.09: https://git.io/vyfkj
<NixOS_GitHub> nixpkgs/release-16.09 ee0cbde Tim Steinbach: kernel: 4.9.11 -> 4.9.12
<NixOS_GitHub> nixpkgs/release-16.09 9ae2c60 Tim Steinbach: kernel: 4.4.50 -> 4.4.51
<copumpkin> hmm
<clever> copumpkin: and its expecting the --export to contain absolute paths, starting with /tmp/mnt/nix/store, that where compiled against that path
<clever> copumpkin: so this variable is to modify a store that will always be at a weird place, not one that is temporarily at a weird place and will become /nix/store later
georges-duperon has joined #nixos
<copumpkin> boo
<copumpkin> :)
<clever> yeah
jsgrant- has quit [(Quit: Peace Peeps. o/ If you need me asap, message me at msg@jsgrant.io & I'll try to get back to you within 36 hours.)]
<clever> copumpkin: you could maybe use nix-store --register-validity and NIX_STATE_DIR to alter db.sqlite, after having rsync (or --restore'd) something in, i'll read some more related source...
<copumpkin> I already rsync to copy the actual store contents
<copumpkin> and I do have an example of NIX_STATE_DIR to look at the database
<copumpkin> haven't tried it to --register-validity
Kendos-Kenlen has joined #nixos
<Kendos-Kenlen> Hi ! :)
AllanEspinosa has quit [(Ping timeout: 260 seconds)]
<pikajude> what do I need to install to give a bare docker container network awareness
<Kendos-Kenlen> Does someone use Noto CJK or Noto Emoji ? I installed them on my user profile but they don't look to be find by font config. When I run "fc-list", this 2 fonts are not listed, same when using the font tool from KDE.
<clever> copumpkin: and further reading shows that with nix 1.11.6, there doesnt appear to be a way to --import into a store mounted at the "wrong" location, you will need to keep fakerooting for now
<copumpkin> alright, that seems fine really
<copumpkin> I'll probably add a feature to nix to support this eventually
ryanartecona has quit [(Quit: ryanartecona)]
<clever> things may be different in nix master
<clever> that code has changed massively
<clever> 1.11.6 is using an external program to check signatures on nar files!
suolrihm has joined #nixos
<gchristensen> really!
mudri has quit [(Ping timeout: 240 seconds)]
<bennofs> does it at least hardcode the PATH?
ryanartecona has joined #nixos
tg has quit [(Quit: Leaving)]
<clever> it appears to be absolute, the openssl that nix was compiled against
bennofs has quit [(Quit: WeeChat 1.6)]
<suolrihm> @clever hey! got my steam controller working, thanks for the help. tmlss i made a stupid mistake, thats why it wasnt working
<clever> suolrihm: ah, what was it?
<Acou_Bass> suolrihm: how ddi you get it to work? i got mine working with some udev trickery in my config.nix
<suolrihm> its emberesing
<Acou_Bass> thats the best kind :)
tg has joined #nixos
ibrahims has quit [(Ping timeout: 255 seconds)]
<suolrihm> damn. i realized i need to change the name of the udev rule (99-steamcontroller.rulez to 99-steam-controller-perms.rules)
<suolrihm> *rules
<pikajude> just put the rules in services.udev.extraRules
<clever> pikajude: the paste he previously linked: http://pastebin.com/TEYCzesS
<pikajude> didn't know about udev.packages
<pikajude> neat
ibrahims has joined #nixos
<suolrihm> well, thanks again for your patience clever. everyone? have a nice evening (or morning) :P
mudri has joined #nixos
suolrihm has quit [(Quit: AtomicIRC: The nuclear option.)]
<Acou_Bass> that pastebin is the one that i used hehe
<MichaelRaskin> shlevy: I am a Monotone user, it uses SHA-1 now, and I wonder how the migration will be done; FAQ claims that there was a migration plan very long ago, but the question was about the target hash for a migration; I guess now they can migrate to SHA3
<MichaelRaskin> It signs all the commits, though, so unlike Git it is hard to commit the attack and frame someone else
arjen-jonathan has quit [(Ping timeout: 268 seconds)]
AllanEspinosa has joined #nixos
lambdamu has joined #nixos
<NixOS_GitHub> [nixpkgs] shlevy pushed 1 new commit to master: https://git.io/vyfmD
<NixOS_GitHub> nixpkgs/master c71bae0 Shea Levy: long-shebang: 1.1.0 -> 1.2.0
sibi has joined #nixos
<peterhoeg> MichaelRaskin: git can sign commits too (that very few people do it is something else)
ryanartecona has quit [(Quit: ryanartecona)]
<lambdamu> when i fetch a package with fetchgit or fetchFromGithub and there are two submodules, only one is needed, should i do something about the superflous one or is it ok to enable fetchSubmodules get everything and forget about it?
<MichaelRaskin> petehoeg: Monotone enforces signatures, so you cannot just use whoever doesn't sign commits for framing
ambro718 has quit [(Ping timeout: 260 seconds)]
<gchristensen> what happens if a new signer comes in to the picture?
<MichaelRaskin> With a new signer someone has to accept their changes
<gchristensen> neat
<MichaelRaskin> I mean, write access is just the list of keys
<gchristensen> gotcha
<gchristensen> that is cool
avn has joined #nixos
<MichaelRaskin> The cool part of Monotone is that it does have levels of abstraction
<MichaelRaskin> Although it is not unique in that…
<MichaelRaskin> More like Git is unique in being such a mess
<gchristensen> how do you mean?
<gchristensen> (not about git)
seanz has joined #nixos
<MichaelRaskin> Well, there is a DAG of commits and that's it. Now there is a notion of a certificate, which is commit-propertyname-value-signature, and that's it. Now there are standard property names like «branch» and «changelog».
<gchristensen> ahh
<gchristensen> hrmm so my dccp patch doesn't apply to 4.10 or 4.4
<gchristensen> need to do more digging ...
<MichaelRaskin> Ouch
<MichaelRaskin> For stable?
<MichaelRaskin> Aren't there point releases for 4.4?
<gchristensen> hmm maybe they don't apply because they were already applied. could be and that fact got lost in the hours of build output
<MichaelRaskin> For 4.10 there has to be a DCCP-fixed point release for sure.
<gchristensen> I'll check
bfrog has joined #nixos
dmj` has quit [(Excess Flood)]
dmj` has joined #nixos
<gchristensen> yep sorry I was totally wrong
<gchristensen> we're good :)
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vyf3I
<NixOS_GitHub> nixpkgs/master 1d68edb Graham Christensen: linux kernels: patch against DCCP double free (CVE-2017-6074)
<gchristensen> oh ...
<gchristensen> hrm.
<gchristensen> *sigh* I did this wrong.
ndowens08 has quit [(Ping timeout: 260 seconds)]
bfrog has quit [(Ping timeout: 240 seconds)]
<NixOS_GitHub> [nixpkgs] grahamc pushed 1 new commit to master: https://git.io/vyf3K
<NixOS_GitHub> nixpkgs/master 53a2baa Graham Christensen: Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"...
<gchristensen> back in a bit, clearing my head, then going for try 2
vandenoever has quit [(Ping timeout: 255 seconds)]
xcmw has joined #nixos
TiltMeSenpai has joined #nixos
<TiltMeSenpai> hello