Acou_Bass has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
cwre has quit [(Quit: Aliens ate me. I'm not good for them.)]
cwre has joined #nixos
Acou_Bass has joined #nixos
Acou_Bass has quit [(Client Quit)]
alesguzik has quit [(Quit: Leaving)]
corpix has quit [(Ping timeout: 248 seconds)]
corpix has joined #nixos
python476 has quit [(Ping timeout: 248 seconds)]
<andrewrk>
what is the nixpkgs equivalent of libmysqlclient-dev from debian?
raulraja has joined #nixos
<andrewrk>
found it. mysql55
<raulraja>
Hi there! Does anyone know why `sddm` on plasma5 shows the default blue login screen when booting up?. Any way to change it so it shows the same as when you lock the session or customize the sddm theme somehow?
truh has quit [(Ping timeout: 240 seconds)]
sigmundv has joined #nixos
pxc has quit [(Ping timeout: 240 seconds)]
<Ralith_>
arghnope,
<Ralith_>
nix is *still* clobbering my gcc flags somehow or other
efx has joined #nixos
efx has quit [(Client Quit)]
<joepie91>
raulraja: no solution, but I can confirm that I get the same blue screen on sddm
<joepie91>
light blue
<joepie91>
(on boot)
<joepie91>
I thought it was intentional though :P
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peterhoeg closed pull request #30050: pykms: init at 20170719 and corresponding NixOS module (master...p/pykms) https://git.io/vdCQz
NixOS_GitHub has left #nixos []
<kkini>
<MichaelRaskin> Or just put every object file as its own store path.
iqubic has quit [(Remote host closed the connection)]
<kkini>
Hmm! This is an idea :)
iqubic has joined #nixos
lewo` has quit [(Remote host closed the connection)]
<kkini>
My actual problem is not about C compilers so this could actually work... hmm... unfortunately the compiler is currently hard-coded to require in-tree builds, but I might be able to hack around that
iqubic has quit [(Remote host closed the connection)]
<pie_>
does firefox not take environment variables?
iqubic has joined #nixos
bbsl has joined #nixos
<kkini>
Now I'm wondering, is there any problem with putting a huge number of things in the store? I'd mainly thought of each store path as representing a piece of software, but if I start putting build artifacts in there, large numbers of store paths will result
fragamus has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<kkini>
I know that in git, which also stores things in hash-based filenames, there is a directory structure where the first two digits of the hash provide a subdirectory and the rest of the hash provides the filename
<kkini>
I guess this is an attempt to make sure that you don't use too many inodes in a single directory
<kkini>
How does Nix handle such a possibility?
<iqubic>
How do I get zsh to offer to correct slightly incorrect commands.
<iqubic>
Like if I accidently type "sl", I'd like zsh to offer to correct that.
<clever>
kkini: there isnt much point in trying to limit the number of files within the /nix/store/ listing, because of how --optimize works
<bbsl>
I cant for the life of me get powerline (or nerd fonts in my case) working on nixOs for the terminal. Im using st. and Iv set fontconfigDefautl fonts to one of the nerd font ones. Anything else I can try?
<clever>
kkini: every single file, recursively, in the entire store, gets hardlinked under /nix/store/.links/, so the problem is already 20 times worse then you thought
<kkini>
cripes
<kkini>
Maybe on NixOS the kernel is hacked to have a much larger inode limit? :P
<clever>
kkini: though optimize is an optional thing, purely to de-dup the store
<iqubic>
kkini: No. NixOS uses a standard kernal
<pie_>
oh ffs With Firefox the features seems to be disabled by default and is only available in debug builds.
<kkini>
Huh, apparently inode limits aren't per directory, they're per filesystem... TIL
<clever>
kkini: also, try "df -i"
fragamus has joined #nixos
<ison111>
Inside a derivation how can I specify environment variables for a makefile?
<clever>
ison111: every attribute on the derivation becomes an environment variable during the build
<kkini>
Yeah, I was just trying that :) On the XFS root filesystem on my work laptop there's only 50 million or so, but on an NFS share backed by ZFS it's listing 44 billion or so (idk whether that's an illusion because of NFS or what)
<clever>
kkini: zfs is wonky, because used + free != size
<kkini>
it's conceivable that I could hit 50 million files on disk one day, but 44 billion seems pretty far fetched lol
<kkini>
well yeah, but this is about the number of inodes, not about "space", so I didn't think that would come into it...
<iqubic>
Why isn't zsh offering to correct stuff for me?
<pie_>
is there a way to install the developer version of firefox?
<clever>
kkini: i did "df -i -t zfs" and i see 5 different numbers for used and total, and a single number (repeated 5 times) for free
<kkini>
ha, I see
bbsl has quit [(Quit: WeeChat 1.9.1)]
anderslundstedt has quit [(Quit: leaving)]
<adisbladis>
Iirc zfs (and btrfs) does not have this classical problem of inodes, they will dynamically allocate new inodes when needed.
<adisbladis>
I know it's true for btrfs
<kkini>
beautiful -- if so, then there's no need to worry about too many store paths
anderslundstedt has joined #nixos
jb55 has joined #nixos
Oida has quit [(Ping timeout: 240 seconds)]
<clever>
anderslundstedt: and xfs will spread the inodes over the entire disk, and use an inode near the data, which can easily result in it skipping inode slots, and going over the 32bit border
<clever>
anderslundstedt: 32bit userlands then barf if they try to readdir() an xfs directory where an inode is over 32 bits long
mithsv has quit [(Quit: mithsv)]
<adisbladis>
kkini: Yes, just confirmed it's also true for zfs. As long as there is still disk space you'll be fine.
mudri has quit [(Ping timeout: 240 seconds)]
pie___ has joined #nixos
pie_ has quit [(Remote host closed the connection)]
cwre has quit [(Quit: Aliens ate me. I'm not good for them.)]
oida has joined #nixos
<iqubic>
I'm having an issue where glirc only compiles if I tell nix to skip the testing phase
<iqubic>
But that's because stable doesm
garbas has quit [(Quit: WeeChat 1.9.1)]
<iqubic>
stable doesn't have the nix expressions to build version 2.24 of glirc
<iqubic>
glirc is a irc client written in Haskell
<vaibhavsagar>
I have heard of glirc :)
<iqubic>
If I'm using glirc, I can ignore the global warning to update my textual version, right?
cwre has joined #nixos
<vaibhavsagar>
iqubic: if you're not using Textual, you can safely ignore it
<iqubic>
What is Textual? Is that a specific client?
<vaibhavsagar>
yes, did you click on the link?
_rht has joined #nixos
<iqubic>
No.
<iqubic>
I decided to ignore the message because I don't use Textual
athan has quit [(Remote host closed the connection)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] pvgoran opened pull request #30339: filesystems: use non-interactive formatOptions by default (master...fileSystems-silentFormatOptions) https://git.io/vdKuf
schoppenhauer has quit [(Ping timeout: 248 seconds)]
gandreani has quit [(Ping timeout: 258 seconds)]
schoppenhauer has joined #nixos
<ison111>
Say I've built a custom derivation from a .nix file. How can I add it to a script using nix-shell? It doesn't seem to find the name of the package, says it's an undefined variable
<adisbladis>
ison111: You import it or do something like "let myPackage = callPackage ./myPackage.nix {};"
rmarko has joined #nixos
rmarko is now known as srk
<ison111>
Sorry I still can't get it. Are you saying I would use the -E option on nix-shell with that?
zzamboni has joined #nixos
<ison111>
ok I think I got it "nix-shell /path/to/my.nix -i guile"
iqubic has quit [(Ping timeout: 258 seconds)]
fragamus has joined #nixos
<ison111>
Actually nevermind, that's not quite working either
phreedom has quit [(Quit: No Ping reply in 180 seconds.)]
reinzelmann has joined #nixos
Havvy has joined #nixos
b has quit [(Quit: Lost terminal)]
<sirkha>
in the nix manual, ch 14, it says perl is a dependency for hello... does that mean its a build-time dependency or a run-time dependency, or both?
phreedom has joined #nixos
<adisbladis>
ison111: Yes either -E or create a shell.nix like so https://ptpb.pw/Furu and run nix-shell (without args) in that directory
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peterhoeg opened pull request #30340: cryfs: init at 0.9.7 and minor updates to dependencies (scrypt and spdlog) (master...p/cryfs) https://git.io/vdKau
NixOS_GitHub has left #nixos []
iqubic has joined #nixos
iqubic has quit [(Remote host closed the connection)]
iqubic has joined #nixos
<iqubic>
So I can't easily get zsh to correct things?
CHIPPY has joined #nixos
<ison111>
adisbladis: That gives me "error: attempt to call something which is not a function but a set, at /nix/store/...../nixos/lib/customization.nix"
<adisbladis>
ison111: Can you paste exactly what you are running?
zzamboni has quit [(Quit: Leaving.)]
_rht has quit [(Quit: Connection closed for inactivity)]
<ison111>
adisbladis: actually I just got it by replacing the contents of shell.nix with the contents of the derivation I was trying to add. All I wanted to do though was the same thing but from a file located in /etc/nixos/myderivation.nix
kuznero has joined #nixos
<ison111>
But thanks for the help, I'm just glad I have something that works
ixxie has joined #nixos
kuznero has quit [(Remote host closed the connection)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peterhoeg pushed 2 new commits to master: https://git.io/vdKV7
<NixOS_GitHub>
nixpkgs/master 5b53ebd dupgit: Adds dupgit to the maintainers
<NixOS_GitHub>
nixpkgs/master 615582a Peter Hoeg: Merge pull request #30325 from dupgit/patch-1...
NixOS_GitHub has left #nixos []
proteusguy has quit [(Remote host closed the connection)]
<sirkha>
is there a way to switch profiles in just one terminal?
kuznero has joined #nixos
kuznero_ has joined #nixos
kuznero has quit [(Read error: Connection reset by peer)]
kuznero_ has quit [(Read error: Connection reset by peer)]
CHIPPY has quit [(Ping timeout: 248 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vdKwg
<NixOS_GitHub>
nixpkgs/master 00e27a2 Vincent Laporte: ocaml-gettext: dont strip
NixOS_GitHub has left #nixos []
CHIPPY has joined #nixos
CHIPPY has quit [(Max SendQ exceeded)]
CHIPPY has joined #nixos
CHIPPY has quit [(Max SendQ exceeded)]
CHIPPY has joined #nixos
CHIPPY has quit [(Max SendQ exceeded)]
CHIPPY has joined #nixos
CHIPPY has quit [(Max SendQ exceeded)]
CHIPPY has joined #nixos
CHIPPY has quit [(Max SendQ exceeded)]
CHIPPY has joined #nixos
CHIPPY has quit [(Max SendQ exceeded)]
CHIPPY has joined #nixos
CHIPPY has quit [(Max SendQ exceeded)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] matthewbauer opened pull request #30341: Update CODEOWNERS to use darwin-maintainers team (master...patch-4) https://git.io/vdKwK
<pikajude>
how do i override the haskell builder's shell environment
<pikajude>
in my config.nix
<pikajude>
e.g. the one it produces for nix-shell
<pikajude>
i tried overriding ghcWithPackages but that doesn't really seem to do anything
Baughn has quit [(Ping timeout: 246 seconds)]
<kini>
I have a few machines that all mount the same nfs volume at /some/path , and I'd like them to share (multi-user, non-nixos) nix stores. Would it work to bind mount /some/path/nix to /nix on all the machines, or is that likely to break nix?
Baughn has joined #nixos
kalebo has quit [(Ping timeout: 264 seconds)]
jbgi has joined #nixos
lewo has joined #nixos
<Ralith>
kini: having /nix on NFS is likely to have severe performance consequences; you might consider setting up a binary cache on the NFS host instead
zzamboni has joined #nixos
<pikajude>
all the machinery is confusing me
<pikajude>
so "ghc" is referenced multiple times in the generic-builder.nix
<pikajude>
the shell env uses ghc.withPackages
kalebo has joined #nixos
vaibhavsagar has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
vaibhavsagar has joined #nixos
<hyper_ch>
still can't get realtek wifi to work :(
Ivanych has joined #nixos
vaibhavsagar has quit [(Client Quit)]
vaibhavsagar has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl pushed 1 new commit to master: https://git.io/vdKr0
<NixOS_GitHub>
nixpkgs/master 42541c4 Vincent Laporte: obliv-c: make explicit the ocamlbuild dependency
NixOS_GitHub has left #nixos []
griff_ has joined #nixos
pxc has quit [(Ping timeout: 240 seconds)]
kuznero_ has joined #nixos
<pikajude>
lol, this is so weird
Arcaelyx has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
kuznero_ is now known as kuznero
<pikajude>
ghc = { inherit (super.ghc) meta version name outPath; };
<pikajude>
this makes the generic builder work
<pikajude>
even though ghc.withPackages is referenced in that file
<pikajude>
and i added a trace to that line to print ghc's attrNames and it's all the ones from a regular nix package
<pikajude>
so
<pikajude>
the file is evaluated multiple times? or an override is applied somewhere in the file and not somewhere else?
<pikajude>
i hate this language
griff_ has quit [(Ping timeout: 264 seconds)]
rct has joined #nixos
phreedom has quit [(Remote host closed the connection)]
<vaibhavsagar>
why do you want to override the ghc?
<fearlessKim[m]>
Is there a way to sudoedit /nix/store/XXX ? network-manager l2tp needs to write in a file (usually /etc/ipsec.secrets but on nixos it's /nix/store/4b15381yxcychsiaip2cwrr923k03x07-strongswan-5.6.0/etc/ipsec.secrets) owned by strongswan and I wanted to quickly hack /nix/store/4b15381yxcychsiaip2cwrr923k03x07-strongswan-5.6.0/etc/ipsec.secrets to check a theory
kuznero has joined #nixos
<fearlessKim[m]>
(because obviously l2tp can't write into strongswan store
<TimePath>
fearlessKim: there's a setting to mount the whole /nix/store as rw iirc, forget what it is though
<TimePath>
`nix.readOnlyStore`
<clever>
fearlessKim[m]: if you turn the above off and edit the store, you can seriously break many things, so its best to avoid it whenever possible
<fearlessKim[m]>
TimePath: splendid
MercurialAlchemi has joined #nixos
<TimePath>
fearlessKim: alternatively, you could run strongswan directly with -config pointing somewhere you can write to
* clever
heads to bed
<fearlessKim[m]>
clever: I suppose so. I will jsut add a few lines to try then disable it
<kini>
Ralith: hmm, I see... people's home directories are also shared across the machines though so I'm afraid that if the nix store gets out of sync between the machines, people's symlinks will get screwed up somehow
zraexy has quit [(Ping timeout: 246 seconds)]
<sphalerite>
Wait so apple are straight up denying the security aspect of the bug that matthewbauer, shlevy and copumpkin discovered? Wow.
<kini>
I was more worried about what would happen if two machines tried to build the same store path at the same time, i.e. are there lock files in the store itself?
<fearlessKim[m]>
TimePath: I don't think -config is useful in that case
<fearlessKim[m]>
sphalerite: what bug ?
<clever>
fearlessKim[m]: the same one they previously told nixos to stop talking about
<clever>
fearlessKim[m]: multi-user nix on high siera can kill the entire machine
jmeredith has quit [(Quit: Connection closed for inactivity)]
* clever
heads to bed
<Ralith>
get a librem 5 instead
<fearlessKim[m]>
sphalerite: scary (good night clever :D )
<adisbladis>
sphalerite: Wow that is an incredibly shitty response from apple..
<adisbladis>
Ralith: Takes a while before that is an option
<fearlessKim[m]>
Ralith: I would have but my hardware still works and money doesn't grow on trees (at not least in my garden). Anyway I had installed lineageos recently so that is now fixed
<Ralith>
that works too
<sphalerite>
fearlessKim: didn't know about that. I have a 1+1, but I've been running cyanogenmod then lineageos on it since I've had it thankfully
zzamboni has joined #nixos
<hyper_ch>
oh dammit... too later... clever just went to bed
<hyper_ch>
living in denial leads to a happy life
<TimePath>
I can't even disagree with that
<sphalerite>
fearlessKim: so I'm guessing for most people it's only okay for google to do that sort of thing :D
truh has joined #nixos
<fearlessKim[m]>
I only agree to share my dirty private stuff with Cortana. who can't say no to such a sexy voice
zzamboni has quit [(Read error: Connection reset by peer)]
ertes has quit [(Ping timeout: 240 seconds)]
odi has quit [(Ping timeout: 260 seconds)]
kkini has quit [(Remote host closed the connection)]
kkini has joined #nixos
orivej has joined #nixos
<mankyKitty[m]>
If nix-build is yelling at me for not having <foo> on the NIX_PATH, am I able to just provide a '-I foo/default.nix' as part of the nix-build command or is there a bit more ceremony involved ?
<sirkha>
which does give me what i orignally asked for, it just doesn't make scons work
<srhb>
ikwildrpepper: Does it exist somewhere online yet?
goibhniu has joined #nixos
thc202 has joined #nixos
<sirkha>
added a couple comments to that gist to explain the output
MP2E has quit [(Remote host closed the connection)]
Itkovian has joined #nixos
rosa has joined #nixos
<rosa>
Is NixOS secure?
<hyper_ch>
define "secure"
<adisbladis>
rosa: How long is a piece of string?
<TimePath>
ikwildrpepper: nixops for non-nixos hosts would be handy for server providers that don't run nixos (most of them)
<rosa>
like, can impliment chmod 775 in a way that doesnt fk up the system
<steveeJ>
Mic92: hey, do you think nix2aci is still relevant for building OCI images?
<rosa>
on /* recursive
<rosa>
Or some alternative to chmod 775
<hyper_ch>
why do you want 775 on / ?
<adisbladis>
rosa: What problem are you trying to solve?
<etu>
rosa: Name a distro where you *can* do that and everything (including openssh) works as expected.
jasom has quit [(Ping timeout: 252 seconds)]
<hyper_ch>
etu: Windows :)
<rosa>
I dont know
<hyper_ch>
rosa: why do you want to 775 on /* ?
<rosa>
like say a user gained access to an account other than your account and other than the root account, is there a way to prevent tampering with any file or removing it will still being able to read and execute as normal?
<rosa>
While*
<hyper_ch>
if user gains access to root, he can just dd if=/dev/zero of=/dev/sda
ison111 has quit [(Ping timeout: 248 seconds)]
<hyper_ch>
I fail to comprehend
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] lheckemann opened pull request #30344: nixos-generate-config: use mkDefault for governor (master...genconfig-cpufreq-mkdefault) https://git.io/vdKMV
NixOS_GitHub has left #nixos []
<goibhniu>
rosa: FWIW packages and system configuration are mounted read-only, so they can't be tampered with
<goibhniu>
I believe it's fair to say that NixOS takes a bit longer to get security patches, especially if you use the unstable channel
<hyper_ch>
even for root its not quite trivial to alter /nix (not impossible but not as trivial as on other systems)
<rosa>
Ok
<goibhniu>
and since it's a much less widely used distro than debian et. al. ... the amount of people looking at security issues is far less
<rosa>
Anyway assume that someone logs into a regular account names standard
<rosa>
named*
<hyper_ch>
(in addition: if you have your configuration.nix, hardware-configuration.nix and partition layoust stored, you can easily rebuild the system without needing to back system info... just backup /home)
<rosa>
and that account is not in sudoers not can access sudo nor can become root
<rosa>
Would there be a way to prevent standard from being able to write to any file or directory at all
<hyper_ch>
normal user can only write to it's home dir and /tmp I think... everything else would need to be explicitely set
<TimePath>
I don't see how this differs from any other distro? you're as vulnerable as the services you run, and any kernel privilege escalation bugs that may be present
bkchr has joined #nixos
phreedom has joined #nixos
<bkchr>
Hi, I want to use builtings.fetchgit in my configuration.nix, but it does complain that fetchgit is an undefined variable
fragamus has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<ikwildrpepper>
TimePath: I usually only work on stuff that I would use myself, so doubt I'd go there ;)
<ikwildrpepper>
TimePath: also, that would require a lot of work wrt running services on other type of hosts
<rosa>
So if a user did rm -rf /* nothing would get deleted except for tmp and there home directory right?
goibhniu has quit [(Ping timeout: 258 seconds)]
<TimePath>
ikwildrpepper: looks like I'll have to stick to building docker containers with nix then :/
<ikwildrpepper>
TimePath: that's not too bad though, right?
<TimePath>
they wouldn't be able to delete /tmp unless they can write to /
goibhniu has joined #nixos
<rosa>
ok
<hyper_ch>
rosa: set up a vm, test it :)
<TimePath>
they'd probably be able to delete most things within it though
<TimePath>
ikwildrpepper: well, it's better than using docker to build docker containers :)
<rosa>
ok
<TimePath>
it doesn't get me declarative service management though
<hyper_ch>
rosa: a normal user (not using exploits or anything) can't really harm a nixos installation.. at most, he can wreck his user's home
<rosa>
ok
<rosa>
ill try that on another distro
<rosa>
as i havnt installed nix yet
<hyper_ch>
should be the same there
civodul has joined #nixos
<hyper_ch>
should be the same on other distros... or something went horribly wrong
<rosa>
Ok
oida has quit [(Ping timeout: 258 seconds)]
<sphalerite>
or use up all the space, unless filesystem quotas are in place
<rosa>
well it works
<sphalerite>
or otherwise consume too many resources. Nothing you can't do on any other distro without appropriate controls in space though.
<TimePath>
same for other resources
<hyper_ch>
zfs datatset per user with quota ;9
<rosa>
only /home/test/.bash_history got deleted
oida has joined #nixos
periklis has quit [(Ping timeout: 260 seconds)]
rosa has quit [(Quit: rosa)]
<bkchr>
clever: online?
<hyper_ch>
bkchr: no, asleep
<hyper_ch>
well, his computer is still online
<bkchr>
okay :D
<bkchr>
hyper_ch: do you know how to use fetchgit in configuration.nix?
<hyper_ch>
bkchr: [08:46] * clever heads to bed --> 2h agot
<fearlessKim[m]>
strongswan has the "ipsec" binary in its bin folder. How to add it to PATH from the package ?
mithsv has quit [(Client Quit)]
mithsv has joined #nixos
<Mic92>
fearlessKim[m]: add it to environment.systemPackages
chakerbenhamed has joined #nixos
mithsv has quit [(Read error: Connection reset by peer)]
<Mic92>
steveeJ: not sure, dockerTools catched up
<Mic92>
also I think nix2aci is faster
mithsv has joined #nixos
Ross has quit [(Ping timeout: 258 seconds)]
Wizek has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] peterhoeg pushed 1 new commit to master: https://git.io/vdK9t
<NixOS_GitHub>
nixpkgs/master 2935f6f Peter Hoeg: pykms: previous homepage requires registration
NixOS_GitHub has left #nixos []
<Mic92>
At the moment I don't have a use case for both of them
roconnor has quit [(Ping timeout: 240 seconds)]
freusque has joined #nixos
<fearlessKim[m]>
mic92, ohh that fixed it. And here I thought I was getting better at nixos. So much to grok yet :( (btw nixos-rebuild should trigger a rehash when zsh installed IMO)
<Mic92>
fearlessKim[m]: you mean a rehash in zsh? you can configure zsh do it automatically
<fearlessKim[m]>
how automatically ? on debian I had disabled it because it would run too often IIRC. Like it's needed only after nix-env -i and rebuild
mudri has joined #nixos
csingley has joined #nixos
<adisbladis>
fearlessKim[m]: How would you even do that? Isn't that a per-process state?
mithsv has quit [(Remote host closed the connection)]
<bkchr>
sphalerite: Thx, but I get some weird infinite recursion error with your solution. I also know why fetchgit does not work, this comes with nix 1.12 and that is still unstable. I also can not switch to nixUnstable, because I get another infinite recursion error...
<CrazedProgrammer>
is there any way i can make a zfs partition from the nixos minimal/graphical iso? it doesn't seem to include the zfs kernel modules
<sphalerite>
bkchr: coul dyou share your config?
<sphalerite>
CrazedProgrammer: edit /etc/nixos/configuration.nix to add boot.supportedFileSystems = ["zfs"]; then nixos-rebuild switch
<rosa>
Where u can mount multiple directories on top of another directory in a combined way
<rosa>
Like mount /bin and /sbin into /unibin where it would contain the contents of both bin and sbin
<sphalerite>
rosa: not sure about overlayfs specifically but there is unionfs-fuse which is used by the installer amongst other things
<sphalerite>
bkchr: I mean the config with dwarffs added
<rosa>
Yea that
Itkovian_ has joined #nixos
<rosa>
Does nix support union fs
Wizek_ has quit [(Ping timeout: 258 seconds)]
anderslundstedt has joined #nixos
Itkovian has quit [(Ping timeout: 248 seconds)]
<sphalerite>
rosa: unionfs-fuse is used by the installer system, so it definitely works. As for others I'm not sure, but overlayfs is in the mainline kernel now isn't it?
<rosa>
I dont know
<goibhniu>
rosa: do you have a particular use in mind?
<rosa>
Would it be possible to impliment it?
<rosa>
and yes
truh has joined #nixos
<sphalerite>
rosa: yes, it's in the kernel used by nixos so you should be able to use it at least imperatively (by manually running the mount command)
<sphalerite>
I think once you've done that nixos-generate-config should be able to generate the appropriate fileSystems entries into /etc/nixos/hardware-configuration.nix to have it mount on every boot, but I'm not sure
<rosa>
Ok
truh has quit [(Remote host closed the connection)]
truh has joined #nixos
zunk has joined #nixos
Wizek_ has joined #nixos
proteusguy has joined #nixos
<rosa>
does Nix have any... unique c/c++ extentions that other os's do not have
<sphalerite>
What do you mean?
<infinisil>
i have no idea what you mean, but I'm pretty sure the answer is no
<sphalerite>
The answer is probably no, but I'm not sure if I'm understanding the question right
<sphalerite>
haha
<infinisil>
:P
<bkchr>
sphalerite: You just need to add nix.package = nixUnstable; to my configuration
jensens has joined #nixos
truh has quit [(Ping timeout: 260 seconds)]
<Mic92>
rosa: no, just what gcc or clang provides.
<rosa>
Like, any specific capabilites that cna be added with header files designed specifically for nix
<rosa>
can*
<rosa>
Or at
<Mic92>
rosa: you can run nix on top of overlayfs/mergerfs
<rosa>
or similar*
<Mic92>
rosa: I am not sure, what you mean
<sphalerite>
rosa: well nix itself is written in a pretty modular fashion and you can build against parts of it
mortum5 has joined #nixos
<sphalerite>
not sure if any of it is "public API" per se but you can write your own code against it
<sphalerite>
also not sure what the state of its documentation is, but you can find all the source code at https://github.com/NixOS/nix/
<sphalerite>
it does seem well organised to me at elast
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
<Mic92>
I think the perl bindings are now external so there must be something like an api.
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
<Mic92>
header files are provided
erictapen has joined #nixos
<rosa>
like for example compile an application to have a certain capability of nix that will work on nix (or anywhere provided that capability can be provided on other distro's)
<sphalerite>
https://github.com/edolstra/nix-repl and here's a tiny program that uses the APIs (although it's been integrated into nix itself now)
ShalokShalom has joined #nixos
<sphalerite>
rosa: like what?
<rosa>
i dont know
<rosa>
whatever nix can provide
<sphalerite>
also — nix is the package manager, and can run on many linux distros
<sphalerite>
NixOS is the operating system based on it
<rosa>
ALSO is there a way to change the folder naming convention in nix
<sphalerite>
not really
<rosa>
like say i get nix to install zsh, can it just put it in zsh instead of something like 83748383748ndudn83748/zsh
<sphalerite>
having the hash in the path is kind of fundamental to how nix works
<rosa>
83748383748ndudn83748zsh *
mudri has quit [(Ping timeout: 248 seconds)]
<rosa>
why
<sphalerite>
you can do for instance `nix-build '<nixpkgs>' -A zsh -o zsh` which will give you a symlink called zsh to the store path
<rosa>
it makes it confusing asf to locate packages
<infinisil>
Then you're probably doing something wrong, you shouldn't ever have to deal with the hashes directly
<sphalerite>
^
<Yaniel>
It also makes it possible to have multiple almost-but-not-quite identical versions of the same package installed at the same time
<rosa>
true
<rosa>
although u could split by version
<rosa>
like zsh/1.0 zsh/1.1 etc
<Yaniel>
What if it’s built straight from git
<Yaniel>
From a non released commit
<Mic92>
what if you apply a patch
<Yaniel>
Or from a feature branch
<alp>
and what if you change the version of a dependency, or a ./configure flag or something
<alp>
nix's hashes is basically its way to "split by everything"
<sphalerite>
rosa: the hash is based on *everything* that goes into the build — the exact byte-for-byte contents of the source tarball/checkout, the instructions for building, and the hashes of all the dependencies
<alp>
you change a single one of those parameters => different hash
<rosa>
So it serves for different builds of the same version aswell?
<sphalerite>
yes
<rosa>
Like one for say -g and one without
<sphalerite>
yes
<rosa>
what if u just did /program/hash instead of hashprogram
<Yaniel>
The point of an immutable system is that if it works once it will work forever
<Yaniel>
Unlike your average windows installation that you need to wipe once a year because it accumulates too much cruft everywhere
<rosa_>
wait assuming two different versions of bash read and write to the exact same file path what would stop them from doing the same for there config assuming it is version dependent for example, for syntax compatibility with a higher version that is incompatible with a lower version and whats to stop them from reading from the same lib .so file even though it is likely incompatible
<rosa_>
like wouldnt it defeat the entire point of having them seperate
<Yaniel>
And wrappers that tell them where to look for their config etc
<rosa_>
Ok
<Yaniel>
Anyway so with nix when you want to change something, instead of poking the running system and eventually losing track of all your changes shortly before everything collapses, you make a new build of the system with your new changes
<Yaniel>
If it’s good you keep it, if not, you go back to the previous build
<Yaniel>
And because the changes can be very small, the best way to identify a build is by its hash
<rosa_>
and what if a change should prevent the entire os from booting
<TimePath>
in other words, it's git for your OS
<zigschots20[m]>
rollbacks are kept in the bootloader
zzamboni has quit [(Quit: Leaving.)]
<TimePath>
the bootloader has a list of every 'commit'
<rosa_>
for example a change to libc for example (as it affects almost every single application)
<zigschots20[m]>
(provided you don't delete the generations and reprovision)
<rosa_>
or even a replacement of it accidentally with a incompatible libc
<gchristensen>
rosa_: it would create a new of each
<goibhniu>
rosa_: not to discourage your questions, but I think you'd really enjoy the papers sphalerite linked to above
<rosa_>
i know but assuming it always uses the most recent whatever, and that happens to be the incompatible libc, how would u recover from that if everything depemds of that lib
<gchristensen>
it doesn't rosa
ThatDocsLady has joined #nixos
<TimePath>
the bootloader doesn't
<rosa_>
depends on*
<adisbladis>
rosa_: The entire previous system state is still around
<adisbladis>
rosa_: Also that libc thing is unlikely to happen since that would change the inputs and therefore hash of everything depending on it
<gchristensen>
it uses exactly the one it was built with
ThatDocsLady has quit [(Client Quit)]
<rosa_>
ok
<rosa_>
so if it DID happen it can easily be undone?
<adisbladis>
rosa_: If you do screw something up so you cant even boot you just boot the previous generation.
<gchristensen>
the problem you're proposing will not happen
Myrl-saki has joined #nixos
<zigschots20[m]>
I guess, in principle, you could package the bootloader in such a way that it breaks the booting of the system...
<gchristensen>
but if your system gets screwed up in _another_ way, yes, it is easy to roll back
<rosa_>
ok
<gchristensen>
zigschots20[m]: this is why we have the nixos- channels :) we test the bootloader extensively
<rosa_>
ill try nix os later
<etu>
rosa_: I have screwed up my system by configuring it with drivers that didn't work. I just chose an older generation in my bootloader, fixed it and booted into a new generation.
<gchristensen>
zigschots20[m]: if that happens,s follow the install steps with a slightly older version of nixos and it'll fix your bootloader
<rosa_>
also just for confirmation it can use different versions of ANY application at the same time right?
<Myrl-saki>
On the topic of bootloaders, I booted NixOS on my father's laptop and did a `nixos-rebuild`, and almost rewrote my father's drive..
<etu>
rosa_: yes.
<TimePath>
well, you need a derivation for them
<TimePath>
but yes
<infinisil>
Myrl-saki: Why so?
<zigschots20[m]>
gchristensen: I don't doubt it 🙂 - yeah I'd just use a usb stick to boot instead and mount chroot and rollback
<rosa_>
like for example kdevelop 2.x and kdevelop 1.x
<gchristensen>
zigschots20[m]: exactly:)
<Myrl-saki>
infinisil: "/dev/sda" often refers to the internal hard drive.
<rosa_>
at the same time without needing to close one to start the other
<gchristensen>
rosa_: probably
<Myrl-saki>
infinisil: And my bootloader settings were set to "/dev/sda"
<rosa_>
Ok
<gchristensen>
Myrl-saki: haha yeah that'll do it :D
<zigschots20[m]>
gchristensen: but nix doesn't exlcude it, even though it's extremely unlikely to happen (and not hard to fix)
<TimePath>
I only see one packaged
<Myrl-saki>
gchristensen: Thank god GRUB errored out.
<TimePath>
otoh, there are multiple versions of gcc
<Myrl-saki>
gchristensen: My father would have been pissed.
<TimePath>
you can use multiple of them in different nix-shells
<adisbladis>
Myrl-saki: I like to point my boot loader to /dev/disk/by-id/... for exactly that reason ;)
<Myrl-saki>
adisbladis: Yeah, I think I did that. :(
<Myrl-saki>
adisbladis: After the fact.
anderslundstedt has quit [(Quit: leaving)]
<Myrl-saki>
adisbladis: Rebooted the computer so fast.
<rosa_>
by the way is it possible to boot into grub legacy from gub2?
<zigschots20[m]>
rosa: off the cuff, chainloading should do it
simukis_ has joined #nixos
ThatDocsLady has joined #nixos
<sphalerite>
Any Dutch speakers here who would care to explain "nix moet, alles kan!"?
<gchristensen>
it feels good having security patches arrive promptly and my system work day to day
<Myrl-saki>
I've always used bleeding edge, but not for the bleeding, but for the rolling release, so yeah.
<aminechikhaoui>
Hi, I'm a bit confused regarding NixOS latest release, was it officially releases (nixos-17.09) ? as the homepage is updated but there was no announcement in the mailing list
<Myrl-saki>
(I've had times where I don't update for 2 months or so.)
<Myrl-saki>
gchristensen: Wouldn't bleeding edge have security patches even earlier?
simukis has joined #nixos
griff_ has joined #nixos
<Mic92>
Myrl-saki: we push both out at the same time
<gchristensen>
Myrl-saki: no, typically the stable branches release changes faster
<adisbladis>
domenkozar: Ahh it works fine in the shell itself but not with --run
<Mic92>
but as we have more stuff to build on unstable they are probably faster on stable.
toppler has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] edolstra closed pull request #1595: docker: ensure that the installation works for users other than 'root' (master...master) https://git.io/vdupd
NixOS_GitHub has left #nixos []
pxc has joined #nixos
<gchristensen>
and the unstable channel may become blocked by failing packages for indeterminate amounts of time
<NixOS_GitHub>
[nix] edolstra pushed 1 new commit to 1.11-maintenance: https://git.io/vd6Jc
<NixOS_GitHub>
nix/1.11-maintenance 3c52567 Shea Levy: darwin installer: Fix on systems where sudo -i is disabled....
NixOS_GitHub has left #nixos []
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] edolstra closed pull request #1592: darwin installer: Fix on systems where sudo -i is disabled. (1.11-maintenance...darwin-installer-no-sudo-i-1.11-maintenance) https://git.io/vdRt8
NixOS_GitHub has left #nixos []
<niksnut>
gchristensen: I was waiting for a compile to finish :p
<copumpkin>
niksnut: thanks!!!
<gchristensen>
nice :)
<copumpkin>
niksnut: let me know if you get annoyed with the timeout behavior and I'll fix it
<copumpkin>
assuming we have a good notion of what to do about it :)
<zigschots20[m]>
without wanting to kick off any kind of insane ideological war, if I wanted to run a libre nixos install, would it suffice (leaving allowUnfree = false) to build and run a libre kernel?
<copumpkin>
zigschots20: what kernel would you run? the main issue is that assumptions of systemd are baked into the nixos config modules pretty deeply right now, so if systemd was unacceptable to you, you'd be starting not quite from scratch, but it would be a lot of work
<copumpkin>
switching kernels between linux-flavored things is pretty easy
<zigschots20[m]>
copumpkin: I've alredy got a libre kernel built and running, and I don't take much issue with systemd
<copumpkin>
then I think you'll be fine :)
iyzsong has joined #nixos
<rosa_>
ok
<zigschots20[m]>
cool, thanks :)
jbgi has quit [(Ping timeout: 255 seconds)]
griff__ has joined #nixos
<pie_>
scroll down to symbol map: https://github.com/m4b/rdr this might provide a way to improve automatic patchelf-ing?
griff_ has quit [(Ping timeout: 255 seconds)]
griff__ is now known as griff_
<hyper_ch>
sphalerite: still here?
<sphalerite>
And packages with no specified licence are assumed to be free
<sphalerite>
I also don't think we have linux-libre
<sphalerite>
zigschots20: I daresay nixpkgs is a little sloppy in that respect, for a more hardline stance on freedom (that is, no nonfree software at all) you may prefer guix
<zigschots20[m]>
sphalerite: no, I wrote an little expression for libre myself
<sphalerite>
hyper_ch: yeah that's where I found it. I don't have any more ideas, sorry
<zigschots20[m]>
sphalerite: yeah, I might try and override the firmware license to make it non-free (which I guess should work). Despite liking scheme, I'm not sure I can get along with guix and really prefer nix, but I might try again. I don't mind there being non-free stuff kicking about, nixpkgs makes it reasonable to distinguish them, and I don't mind taking responsibility for what runs on my systems
<gchristensen>
zigschots20[m]: if you find licensing issues, please send patches :)
<sphalerite>
right, fair enough
<rosa_>
i should make a command logging module for my irc so i can track what commands where last executed before someone happened to crash my irc (or my pc)
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] k0001 opened pull request #30347: electrum: add support for LedgerHQ hardware wallet (master...el-btchip-master) https://git.io/vd6TR
NixOS_GitHub has left #nixos []
<zigschots20[m]>
gchristensen: that would be my preferred solution :)
nh2 has joined #nixos
pie_ has quit [(Ping timeout: 260 seconds)]
doertedev has joined #nixos
<zunk>
rosa_: someone crashes your irc client? or what do you mean?
Thra11 has joined #nixos
Mateon2 has quit [(Ping timeout: 264 seconds)]
rosa_ has quit [(Quit: rosa)]
<noam>
what should i do if when i try to update nixpkgs with "nix-channel --update nixpkgs" i get the error "imported archive of '...nixpkgs-unstable' lacks a signature'?
Myrl-saki has quit [(Ping timeout: 260 seconds)]
andymandias has quit [(Quit: ZNC 1.6.5 - http://znc.in)]
andymandias has joined #nixos
doertedev has left #nixos []
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Write error: Broken pipe)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
rosa_ has joined #nixos
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
<infinisil>
rosa_: Pretty much any irc client has that functionality with a setting
erictapen has joined #nixos
ShalokShalom has quit [(Ping timeout: 260 seconds)]
hc_ has joined #nixos
rosa_ has quit [(Client Quit)]
<sphalerite>
noam: are you on nixos?
<noam>
sphalerite: yes
slyfox has quit [(Ping timeout: 248 seconds)]
<infinisil>
noam: Should be: sudo nix-channel --update nixos
hc has quit [(Ping timeout: 240 seconds)]
slyfox has joined #nixos
<noam>
infinisil: that does work i think (no error), but when i do nix-channel --list as a regular user i have it listed "nixpkgs ...url..."
<noam>
which i think i added myself
hc_ has quit [(Ping timeout: 260 seconds)]
hc has joined #nixos
<infinisil>
yeah you don't need that, you can remove that
<infinisil>
nix-channel --remove nixpkgs
efx has joined #nixos
<noam>
infinisil: so nix-channel lets you update a channel as a regular user, but does not show channels on --list? isn't that a bit weird?
<yrashk>
I am trying to figure what could be wrong with my systemd user service for dropbox. When I start dropbox manually, it starts fine, however, when started through a service, it fails with ` (Qt:Fatal) This application failed to start because it could not find or load the Qt platform plugin "xcb"`. The [generated] service looks like this https://gist.github.com/yrashk/586ebf3f4770fee395f91031494fd40f (it points to dropbox
<yrashk>
wrapper script which sets up LD_LIBRARY_PATH (including xcb). Any ideas?
Myrl-saki has joined #nixos
<infinisil>
noam: Channels are per-user
<infinisil>
I'm not sure how to use a non-root users channel though, i've never seen a usecase
<infinisil>
Well no, I've seen usecases, but you need to edit $NIX_PATH for it to even use the users channel afaik
<noam>
i don't mind using root for the channels, the weird thing is that i can as a regular user do "nix-channel --update nixos" but "nix-channel --list" shows no channels
<noam>
it's somewhat inconsistent
<tilpner>
noam - What's the content of your ~/.nix-channels?
Mateon2 has joined #nixos
Guillaum has joined #nixos
<noam>
actually maybe it doesn't update the channel like i thought. it just writes "unpacking channels..." and as root it also says it created some symlinks
<symphorien>
yrashk: IIRC qt depends on some environment variable to work correctly
truh has joined #nixos
<infinisil>
noam: Yeah that's what it does. What did you expect?
<symphorien>
You have to import them into the unit env
<infinisil>
noam: When updating the system it uses the new channel
<yrashk>
symphorien: QT_PLUGIN_PATH?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] NeQuissimus pushed 2 new commits to master: https://git.io/vd6LO
<NixOS_GitHub>
nixpkgs/master 8940265 Tim Steinbach: linux: 4.9.54 -> 4.9.55
<NixOS_GitHub>
nixpkgs/master 5a8f9a8 Tim Steinbach: linux: 4.13.5 -> 4.13.6
NixOS_GitHub has left #nixos []
<infinisil>
noam: And you don't need to mess with nix-channel at all if you just want to upgrade the channel: `nixos-rebuild switch --upgrade` does that for you
<symphorien>
Honnestly I don't know
<symphorien>
Probably :°
abcrawf has quit [(Remote host closed the connection)]
<NixOS_GitHub>
nixpkgs/release-17.09 c823a9c Tim Steinbach: linux: 4.9.54 -> 4.9.55...
<NixOS_GitHub>
nixpkgs/release-17.09 c5b5155 Tim Steinbach: linux: 4.13.5 -> 4.13.6...
NixOS_GitHub has left #nixos []
<noam>
infinisil: i understand what it does, just a bit unsure of what happens when i use it as a non root user
<sirkha>
okay, i have made a lot of progress on gem5, but i need some help... nix-shell gives me a few good vars such as nativeBuildInputs, NIX_CFLAGS_COMPILE and $NIX_LDFLAGS, but I am trying to integrate them into a scons SConstruct, which would rather just have directories to work with
<sirkha>
NIX_CFLAGS_COMPILE and NIX_LDFLAGS have all the paths i need, but it is hard to separate them into the right direcotry sets
abcrawf has joined #nixos
<sirkha>
nativeBuildInputs is for somereason missing the actual zlib library, instead just giving me the dev headers
<sirkha>
is there anything i can do about that in shell.nix?
<sphalerite>
sirkha: it may make sense to write a proper expression for building gem5
<noam>
infinisil: if just to experiment i run "nix-channel --upgrade gjfidogjfoi" (a name of a channel that does not exist / not defined) it just says "unpacking channels..." and than does nothing. not the most user friendly. i'd expect some form of an error?
dieggsy has joined #nixos
<sphalerite>
then you can just pass the paths to scons directly by doing something like
Tucky has joined #nixos
<sirkha>
sphalerite, the problem is you don't really build gem5, its really meant to be built over and over again (its a hardware simulator)
<sirkha>
so the shell environment is actually better suited to using it, i think
<sphalerite>
huh
<sphalerite>
ok
<sirkha>
yeah, its weird
rosa_ has joined #nixos
<rosa_>
not yet but they can
<sirkha>
you essentially recompile the simulator and get different hardware parameters (cache sizes frequency, and all sorts of other things)
<rosa_>
At the moment all commands are admin only
<sirkha>
at least that is what i gather from reading ahead in this assignment
phreedom has quit [(Remote host closed the connection)]
<sphalerite>
anyway, you can put arbitrary stuff in your derivation and it becomes env vars
<sirkha>
thats what i figured
<sirkha>
i guess i'll read harder into the nix manual
<sphalerite>
so you may want to do something like zlib-dev = lib.getDev zlib; zlib-lib = lib.getLib zlib;
ThatDocsLady_ has joined #nixos
ThatDocsLady has quit [(Read error: Connection reset by peer)]
<sphalerite>
Then you can just access it as ${zlib-dev} in the shell
<sphalerite>
err, that is if dashes are valid in env var names
<sirkha>
sphalerite, yeah, i think that is going to work
<sphalerite>
Alling: you can do it now by cherry-picking the commit onto your own nixpkgs checkout
<sphalerite>
if the expression works, that is
<sirkha>
sphalerite, its building now, thanks
<sphalerite>
sirkha: great!
<noam>
infinisil: for the unsuspecting user it really looks like it just worked. hopefully nix 1.12 will improve things, i hope.
<sphalerite>
hyper_ch: you could try manually loading the driver by doing sudo modprobe rtl8192ce but I doubt it'll help
michiel_l has joined #nixos
<hyper_ch>
sphalerite: and what should happen if I do that?
<infinisil>
I just tried it out, but it doesn't look like nix 1.12 has a channel subcommand
<infinisil>
(with nix-shell -p nixUnstable)
<sphalerite>
hyper_ch: my guess is: the kernel module gets loaded. Nothing else.
<hyper_ch>
but how to check if the wifi works?
<Alling>
sphalerite: I'm not sure I know how to do that. When do you think it will be in the stable branch (if that's the correct word)?
<sudoreboot[m]>
When I attempt to run an unpatched, standalone binary with steam-run the binary can't find the libraries that are included locally. How can I include them in the environment?
<sphalerite>
Alling: Oh, for it to be in stable that probably won't be until the next release (18.03 presumably)
<Alling>
sphalerite: D
<sirkha>
if i get a good product going, where would be a good place to post the recipie?
<Alling>
sphalerite: Do you know when 18.03 will be released?
<sphalerite>
Alling: in 03 (March) of 20(18)
pie_ has joined #nixos
<sphalerite>
Or maybe at the beginning of April, if 17.09 is anything to judge by :)
<infinisil>
sirkha: You mean not yet building nix packages?
<Alling>
sphalerite: Oh! Well that's quite a while. Is cherry-picking the commit the easiest way to get Borg 1.1.0 within, say, a week?
<sirkha>
infinisil, something, i haven't decided where to go with this, for now I am happy to be able to do my homework assignment
<sphalerite>
Alling: within a week it should probably be in unstable, so you could also add the unstable channel and install it from there once it's merged and the channel has advanced appropriately
<infinisil>
sirkha: Then just a github repo would be nice
dieggsy has quit [(Remote host closed the connection)]
<sirkha>
infinisil, that works
<slyfox>
for some reason today's pull from master tries to build firefox from source instead of using binary substitution
<sirkha>
i may end up turning it into a full blown nix-expression derivation once i figure out how it works
<sphalerite>
slyfox: master might be broken at any point, even very badly (as in will break nixos including bootloader). nixpkgs-unstable has package builds tested, nixos-unstable is the newest that's safe to use for nixos
<slyfox>
i only use nix as package manager (don't run nixos) thus i don't care about any sort of breakages
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] joachifm pushed 1 new commit to release-17.09: https://git.io/vd6qT
<NixOS_GitHub>
nixpkgs/release-17.09 ab7a32f Piotr Bogdan: newsbeuter: fix CVE-2017-12904...
NixOS_GitHub has left #nixos []
<Alling>
sphalerite: It downloads, but:
<Alling>
undefined variable ‘guzzle_sphinx_theme’ at /nix/...-borgbackup.tar.gz/pkgs/tools/backup/borg/default.nix:16:12
<Alling>
(error right after "installing borgbackup-1.1.0")
<Alling>
Should I comment on the PR?
<sphalerite>
slyfox: fair enough. In that case I'd still recommend nixpkgs-unstable rather than master, simply for the sake of not having packages breaking spontaneously and having binaries available. Up to you of course, but yeah the reason you're building locally is that hydra hasn't built it yet
<sphalerite>
Alling: I'm guessing it's because it depends on PR #30334
<Alling>
sphalerite: The last chain of commands you sent seemed to work as intended, except that I got Borg 1.0 and not 1.1.
fendor has joined #nixos
<sphalerite>
weird
<sphalerite>
and you definitely did the fetch and merge part?
<Myrl-saki>
Is it only me, or is Discord unavailable in the latest LTS?
<sphalerite>
Myrl-saki: discord LTS?
<maiksen>
hey, anyone got a vagrant based nixos install at github? Google only found vagrant plugins and the nixos build for vagrant so far. I just want to see some examples, doesnt need to be anything complicated
<sphalerite>
Alling: it works for me
<Myrl-saki>
sphalerite: NixOS LTS.
<gchristensen>
Myrl-saki: fwiw we usually don't call it LTS, just "stable"
<Myrl-saki>
gchristensen: Oh.
<sphalerite>
yeah that
<Myrl-saki>
gchristensen: Whoops.
<gchristensen>
but maybe we should call it LTS, good marketing!
<Myrl-saki>
Lmao
<sphalerite>
6 months doesn't really qualify as LTS IMHO :D
<Alling>
sphalerite: If I just do nix-env -f . -iA borgbackup:
<Alling>
replacing old ‘borgbackup-1.0.11’ installing ‘borgbackup-1.0.11’
<Alling>
sphalerite: Gonna try a reboot.
<gchristensen>
sphalerite: a long time compared to rolling :)
peacememories has joined #nixos
<Myrl-saki>
LTS became kinda synonymous with stable nowadays. :P
<sphalerite>
Alling: thaat won't help
<Myrl-saki>
*cough cough* stackage *cough*
<mbrock>
sorry for offtopic, but: how do some programs read from stdin only when something is piped into them, without blocking otherwise?
<gchristensen>
mbrock: IIRC they can tell if they have a pty?
<makefu>
or write a comment or something. not sure how hackernews calculates ranking
reinzelmann has quit [(Quit: Leaving)]
griff__ has joined #nixos
griff_ has quit [(Ping timeout: 240 seconds)]
griff__ is now known as griff_
<Myrl-saki>
Mic92: adisbladis: "We have not reserved a CVE for this issue as Apple is a CNA and does not see it as a security issue."
<Myrl-saki>
Mic92: adisbladis: What does CNA mean?
chakerbenhamed has quit [(Quit: WeeChat 0.4.2)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] joachifm pushed 5 new commits to master: https://git.io/vd637
<NixOS_GitHub>
nixpkgs/master ed6c85c Michael Alan Dorman: elpa-packages: 2017-10-09
<NixOS_GitHub>
nixpkgs/master 2ad1754 Michael Alan Dorman: org-packages: 2017-10-09
<NixOS_GitHub>
nixpkgs/master 5e1c5b8 Michael Alan Dorman: melpa-stable-packages: 2017-10-09...
NixOS_GitHub has left #nixos []
<sphalerite>
Myrl-saki: CVE Numbering Authority
<Myrl-saki>
Ah, thanks.
tmaekawa has joined #nixos
<nh2>
can I upgrade dbus to 1.11 easily?
tmaekawa has quit [(Client Quit)]
<sphalerite>
Got to love them nested abbreviations
<sphalerite>
nh2: I find that the easiest way to find out is to try. Just update version and sha256 in pkgs/development/libraries/dbus/default.nix and see if it still builds
<nh2>
OK, trying it now
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<Guillaum>
My system is totally unresponsive when there is high IO (such as during a nixos-rebuild switch). btrfs on SSD, nixos 17.09. too much ram to be honest. Do you know how I can try to understand what happen?
<Myrl-saki>
nh2: Use nix-prefetch-url to get the sha256..
peacememories has joined #nixos
simukis has joined #nixos
<adisbladis>
Mic92: I submitted it to r/netsec on reddit as well
<nh2>
Guillaum: desktop or remote machine?
<sphalerite>
adisbladis: upvoted :)
<adisbladis>
=)
<Guillaum>
nh2: desktop
<nh2>
Guillaum: and what does unresponsive mean, screen freezes?
<Guillaum>
nh2: slow as hell. chromium / firefox does not even refresh their content. I can type some command in an already opened terminal, but if theses command are doing IO, they will freeze. my editor (emacs) works, as long as there is no IO, and then it freeze.
<nh2>
Guillaum: hmm, I'd try 2 things: run htop and in F2, display options enable "detailed CPU time", sometimes the colours indicate if something is wrong. Also if possible, `ionice` what's going on, e.g. the way CrazedProgrammer says if you're building with the daemon
<adisbladis>
Guillaum: I have had similar issues with btrfs
<Guillaum>
CrazedProgrammer: it may be a solution for this specific IO, but does not solves other issues with any other IO (such as uncompressing a big file)
<Guillaum>
nh2: I'll try these two things, thank
<Guillaum>
adisbladis: did you solve the issues or did you switch away from btrfs ?
Myrl-saki has quit [(Quit: WeeChat 1.9)]
iyzsong has quit [(Read error: Connection reset by peer)]
<adisbladis>
Guillaum: I switched away. I did see some people had success with disabling quotas though.
<adisbladis>
Overall my experience with btrfs is a mixed bag..
freusque has quit [(Quit: WeeChat 1.7.1)]
iqubic has quit [(Ping timeout: 258 seconds)]
<Guillaum>
adisbladis: simalar experience here ;(
<etu>
Guillaum: I haven't experienced that kind of IO issues on btrfs. But I have experienced dataloss so I'm actually on ext4 at the moment. Will probably go the zfs route some day.
<hodapp>
I had dataloss on btrfs (~4 TB worth), but that was in 2011
Myrl-saki has joined #nixos
<hodapp>
and luckily, I had decided that I would have an ext4 filesystem keeping regular snapshots of (almost) everything
<etu>
hodapp: ouch :/
ShalokShalom has joined #nixos
gandreani has joined #nixos
<hyper_ch>
well, running encrypted zfs now... after getting a new notebook
<disasm>
hyper_ch: how's that working for you?
<hyper_ch>
disasm: more than 24h without corruption ;)
<adisbladis>
\o/
<adisbladis>
Ship it!
<hyper_ch>
something was bad with zfs and the old notebook.... but no idea what
<etu>
:D
<hyper_ch>
but still can't get wifi to run on new notebook :(
<adisbladis>
hyper_ch: I've had that happen before. Turned out to be bad hardware :P
<disasm>
hyper_ch: what's the chipset?
<hyper_ch>
btw, how can you test how big ram sticks you can put in?
<hyper_ch>
disasm: realtek 8821ce Wireleass Lan 802.11ac PCI-E
<nh2>
how would I go about locally patching systemd? When I use pakcageOverrides with pkgs.systemd.overrideAttrs to add some `patches`, I get "attribute udev missing"
<csingley>
hyper_ch: if it works under windows, open up the driver detail (I think under "hardware manager"?) & copy some details.
<csingley>
Your lspci output doesn't contain much version info
<hyper_ch>
csingley: works perfectly fine in windows
<hyper_ch>
what more details?
<hyper_ch>
already back in nix
ona has joined #nixos
<csingley>
like the card version #. You gotta have the wrong driver under linux, no?
<hyper_ch>
I still think it's prbobably easiest to buy a windows wifi card
<hyper_webirc>
back in windows... what to check now for in the hardware manager?
efx is now known as efx2
cement has joined #nixos
efx2 has left #nixos []
<tilpner>
gchristensen - Hey, does the firefox-overlay re-download Firefox often for you too?
<gchristensen>
yeah
<gchristensen>
every build
<tilpner>
:(
<csingley>
I don't have access a Windows box - look for network interface, right click, properties... that kind of thing.
<pyhelp>
Hi, hoping for help building a custom python package. One of the dependencies in requirements.txt is "argparse>=1.3.0", but that's causing issues when I try to build, as there's no argparse nix package, since argparse was moved into the python standard library
<csingley>
But check goibhniu's link to bbs.archlinux.org above, that looks like your same card
<goibhniu>
hyper_webirc: it sounds like you need a newer module for it
<hyper_webirc>
ahhhh, goibhniu that link that you posted is evil
<hyper_webirc>
why would it only boot with whitelisted wifis
<disasm>
pyhelp: either patch setup.py to not require argparse or if the thing only works with python 2.x disable for python 3
<pyhelp>
when I run `sudo nix-rebuild build` I get this error:
<pyhelp>
No matching distribution found for argparse>=1.3.0 (from my_app==0.8.7)
<hyper_webirc>
gotta get home now... bbl
hyper_webirc has quit [(Quit: Page closed)]
<pyhelp>
disasm, how can i disable for python 3?
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] fpletz pushed 3 new commits to master: https://git.io/vd6Bi
<NixOS_GitHub>
nixpkgs/master 3df126d Franz Pletz: nixos/modules: clean up wireless firmware options...
<NixOS_GitHub>
nixpkgs/master 3855b79 Franz Pletz: nixos: clean up kernel modules...
<NixOS_GitHub>
nixpkgs/master e13d0c3 Franz Pletz: Merge pull request #30172 from mayflower/cleanup/firmware-modules...
NixOS_GitHub has left #nixos []
<disasm>
err wait, python 2.7 has argparse as well now
<disasm>
pyhelp: so yeah, arparse = null; now in pythonPackages
<disasm>
pyhelp: if this is something custom, can you just remove argparse from the requirements in setup.py?
<pyhelp>
disasm: there actually aren't any references to argparse in setup.py, only in requirements.txt. Oh, and an "import argparse" statement in my_app/main.py
fendor has joined #nixos
<csingley>
Just comment it out in requirements.tx. The import statement won't be a problem
<disasm>
pyhelp: so that should just work then. nix isn't going to use requirements.txt with buildPythonPackage
<pyhelp>
disasm: it's little complicated because it's a tarball hosted by my work, and something I need to build for my work environment
<disasm>
pyhelp: as for disabling on python 3.x disabled = isPy3k;
<tilpner>
gchristensen - This is annoying. To install CUPS I need to uninstall Firefox or wait a few hours. I'm having the hash mismatch, and I saw the issue about caching. There's not by any chance a way to either say "I don't care about the hashes", or bypass the CDN?
<disasm>
pyhelp: if you can share the nix derivation (masking anything sensitive/proprietary) I'd be happy to help
<gchristensen>
yeah
<gchristensen>
there isn't, tilpner
<tilpner>
Well, guess I'm uninstalling Firefox...
<tilpner>
:/
<pyhelp>
disasm: that would be great! let me put up a gist...
<zzamboni>
Hi - what is the easiest way of knowing which package installed a particular binary? So far I have nix-store -q --tree $(which foo) | head -1, but I think there must be an easier way.
<pierron>
grahamc: Is the wordpress service of apache maintained?
<disasm>
pyhelp: just by the buildInputs that looks like something really cool :) so what do you get when you build the thing? I'm guessing it throws some error?
<disasm>
pyhelp: or is it at runtime it throws the error?
<pierron>
grahamc: is it safe to use for setting up a self-hosted blog?
<sphalerite>
zzamboni: readlink -f $(which foo)
<pyhelp>
disasm: i get an error at build time
<disasm>
pyhelp: what's the error?
peacememories has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<gchristensen>
pierron: it is not well maintained, no
<gchristensen>
pierron: I don't think wordpress gets updated frequently enough for the number of issues it has
<disasm>
pyhelp: so fakecompany-cli probably has that requirement in setup.py
<disasm>
I would presume at least
zzamboni has quit [(Read error: Connection reset by peer)]
zzamboni has joined #nixos
<disasm>
what I would probably do is try building this outside of nixos-rebuild and use nix-shell to get an interactive shell to debug
<zzamboni>
sphalerite: of course - thanks!
<sphalerite>
:)
<disasm>
pyhelp: then cd into a temp dir somewhere and run unpackPhase cd into new dir and run grep -r arparse *
zzamboni has quit [(Client Quit)]
<disasm>
I am 99.999% certain buildPythonPackage completely ignores requirements.txt
<disasm>
so it's gotta be in setup.py or somewhere included by setup.py that has the requirement.
<disasm>
other option is just wget the tarball, extract and do the same, but I like debugging in a nix-shell myself :)
* tilpner
.oO( Alright, printing works. Can I have firefox back now? )
<pierron>
gchristensen: Thanks, I will fallback to something else then.
<gchristensen>
pierron: you could use the standard wp installer and have it be mutable
Arcaelyx has joined #nixos
mortum5 has quit [(Ping timeout: 240 seconds)]
<gchristensen>
pierron: also, updating WP in nixpkgs is not hard
lsyoyom has quit [(Quit: WeeChat 1.8)]
Phillemann has joined #nixos
<pyhelp>
disasm: i'd like to debug, but is there a quick and dirty way i can get it installed, if temporarily, so i have a working environment. you mentioned wget
lsyoyom has joined #nixos
<gchristensen>
w00t as of today, the nixpkgs-unstable channel contains a .git-revision file
<sphalerite>
\o/
<disasm>
pyhelp: wget the tarball, tar -zxvf tarball; cd yourdir; nix-shell -p pypi2nix; pypi2nix -V 2.7
<Phillemann>
I'm using NixOS to develop Haskell packages. According to the nixpkgs repository, the "brick" package is on version 0.18, which is fairly old. What's the easiest way to work with the latest version?
<pierron>
gchristensen: I am honestly not willing to install anything which expose a large surface of attack, and I would prefer anything which pre-compile static pages as much as possible.
<gchristensen>
pierron: I 100% agree
<pyhelp>
disasm: great, let me try that. thank you :)
<sphalerite>
clever: I created it previously, it was working fine, then I destroyed it and after recreating it it didn't appear in /dev
<sphalerite>
I'll try redoing the destroy/create
<sphalerite>
worked this time… weird
roconnor has joined #nixos
<clever>
weird
<disasm>
pyhelp: what's the error you're getting?
<pyhelp>
disasm: i forget, i'll need to repro. also though, i looked at the contents of the extracted tarball and there's this line in fakecompany_cli/egg-info/requires.txt,
<pyhelp>
`argparse>=1.3.0`
ertes-w has quit [(Ping timeout: 260 seconds)]
<pyhelp>
disasm: i'm attempting to remove that reference, create a new tarball locally, and rebuild pointing to that local src. not sure how to compute the new sha256 checksum though
pie___ has joined #nixos
pie_ has quit [(Ping timeout: 240 seconds)]
<disasm>
pyhelp: just build, it will say sha doesn't match and grab the new sha from that message
<SusWombat>
If i compile something and install it without the nix package manager under nixos is there something i have to additionally?
<gandreani>
Is there an option in configuration.nix to run some commands at boot up? I wanna run 'powertop --auto-tune' at boot up. I found https://nixos.org/nixos/manual/options.html#opt-environment.interactiveShellInit but I don't think that's what I'm looking for
<clever>
gandreani: thats best put into a systemd unit
<gandreani>
clever: that page is new to me! Thank you. Gonna be digging around. Would be cool if I can get good enough with NixOx to deploy web servers :)
pyhelp has left #nixos ["ERC (IRC client for Emacs 25.3.1)"]
<Myrl-saki>
What's the recommended way of making patches for a source?
<gchristensen>
add an attribute called `patches` with a list of patch files
<Myrl-saki>
gchristensen: I mean generating the patch file.
<Myrl-saki>
gchristensen: How about for a non-git package?
<Myrl-saki>
gchristensen: I'm thinking grab tar file, make git?
<Myrl-saki>
s/make git/git init/
<clever>
Myrl-saki: one method i use, is to cp -r the entire source to a -orig version when i unpack, then diff -ru the orig and modified
<gchristensen>
lol, so, I `git init; git add .; git commit -m ":)"; <make my changes> git add .; git commit -m 'my patch!'; git format-patch -1` :D
<clever>
Myrl-saki: another is to just make a dummy git commit after unpackPhase
<Myrl-saki>
clever: gchristensen: Thanks. :D
<gandreani>
clever: Oh dang. That reminds me I have a laptop in the living room I could use as a guinue pig. An acer too!
<gandreani>
clever: You also beat me to the `diff -u` suggestion ;)
<clever>
gandreani: when using targetEnv = "none"; you just install nixos normally, and then give nixops the requiered info to keep the machine booting in the future, and ssh access
civodul has quit [(Remote host closed the connection)]
<disasm>
Myrl-saki: I do the git thing too for initial commit, but then don't commit for the changes. Just git diff > ~/nixpkgs/wherever/foo.patch
<gandreani>
clever: Neat! Also you keep that eeepc pretty lean XD. No man pages or nix manual!?
<disasm>
makes it a whole lot quicker to add one thing, then another, then another... also usually will commit everything before configurePhase/buildPhase and then create a .gitignore that ignores any dirs/extensions I don't wnat in the diff
<taktoa>
does anyone have a working emacs / ghc-mod setup on nixos? if so, would you be willing to share some details about your setup
<clever>
gandreani: the SSD is only 4gig, and i currently cant deploy anything because there isnt enough room to copy the build over
<clever>
gandreani: currently, its just a spare monitor for irc, and occasional resue ssh for when xorg dies
<disasm>
or stage my changes using git add <file> and then do git diff --cached to just show staged changes. lots of options.
<gandreani>
clever: X.X good god thats tiny. But works well as xorg server. Not a bad idea hmmm
<clever>
gandreani: not sure if xorg would even fit right now, lol
pyhelp has joined #nixos
<pyhelp>
disasm: if you're still around, this is the error I get when trying to build with pypi2nix in a nix-shell,
<pyhelp>
Failed to build cryptography cffi
<Myrl-saki>
disasm: Thanks. :D
efx2 has joined #nixos
<taktoa>
gandreani: hah, I remember giving clever that old eee pc at bayhac (I hadn't used it in years and he had the same model before, though it broke)
<gandreani>
clever: LOL I see so not even that. Just using irssi in a vconsole?
<clever>
gandreani: just ssh into another machine that already runs irssi
<gandreani>
taktoa: That's very kind! And yes one of my old GF's had one of those and they were fickle things
<gandreani>
clever: Living up to your name I see XD
<taktoa>
gandreani: considering the help he's given to people on this channel, I figured he had earned it :-)
<clever>
i converted that eeepc from arch to nixos in under an hour, without any install media
<taktoa>
^ can confirm, it was frighteningly efficient
<gandreani>
taktoa: Without a doubt. He literally responded to me in 30s
nix-gsc-io`bot has quit [(Client Quit)]
<gandreani>
clever: What!? Did you replace arch while it was running ?!
griff_ has quit [(Ping timeout: 258 seconds)]
griff__ is now known as griff_
<gchristensen>
gandreani: clever's moniker is well earned
<clever>
gandreani: you can run nix on any linux distro, and nix-build can technicaly build a copy of nixos within /nix/store/
<clever>
gandreani: and if you run the right script, it will just overwrite the bootloader and grub.conf
<clever>
gandreani: then it boots nixos, on the arch rootfs
<clever>
then you just need to delete all the arch related files
anderslundstedt has quit [(Quit: leaving)]
<gandreani>
gchristensen: goddam you weren't kidding XD
<gandreani>
clever: bravo!
<clever>
the main limitation of the above method, is that you are stuck keeping whatever partition layout the machine had to begin with
<SusWombat>
Ok so i did read a bit and according to some irc logs when i want to compile something like a library i need to use nix-shell and nix-build?
<clever>
so my / partition is 3.5gig
<taktoa>
gandreani: I was the one who got clever into NixOS; he was a gentoo guy and I was having an issue with clicking links in teamspeak; after stracing for a few years, he just said "okay, I'll install your operating system to help you fix this bug".
anderslundstedt has joined #nixos
<tilpner>
gchristensen - nixos-unstable has FF57, if that'd work for you
<taktoa>
*a few hours
<taktoa>
not a few years lol
<clever>
lol
<gchristensen>
tilpner: I did a janky thing where I sometimes take firefox out of my systempackages, rebuild, and then put it back in, but never close FF so it stays running :)
<tilpner>
D:
<clever>
gchristensen: i move things to nix-env at that point
<infinisil>
i have a latest pinned firefox nightly in my home packages and a small update script if i want to update the pin
<gchristensen>
I won't use nix-env
<gandreani>
clever: Right I was just mulling over that. But there's not many ways to organize 4GB lol
<gandreani>
taktoa: That's a great anecdote. Do you remembner what was the solution?
<tilpner>
gchristensen - Well, your choice. I was worried downgrading from 58 might damage my profile, but it seems fine
pxc has quit [(Ping timeout: 240 seconds)]
fendor has quit [(Ping timeout: 255 seconds)]
<clever>
gandreani: teamspeak wants to read files in /usr, and nixpkgs used LD_PRELOAD to activate libredirect to fix that
lsix has quit [(Quit: Konversation terminated!)]
<gandreani>
gchristensen: What's wrong with nix-env?
<clever>
gandreani: and when chromium is ran as a child of teamspeak, it inherits the LD_PRELOAD, which breaks chrome
<gchristensen>
gandreani: it is a very user unfriendly tool
<gandreani>
clever: Holy moly. Solution was to path team speak and remove the hard coded /usr paths?
pxc has joined #nixos
<tilpner>
How did I not know about "nix to-base16"... that could have saved trouble
<clever>
gandreani: nope, change the wrapper script for chromium, to clear LD_PRELOAD before running the binary
<gandreani>
gchristensen: 100% agreed. Querying is slowwwww. First thing I did was dump all packages to a file that I could grep at my leasure lol
erictapen has quit [(Ping timeout: 240 seconds)]
<clever>
gandreani: i just tab-complete under nix-repl '<nixpkgs>'
<gandreani>
clever: Nice. Was it a security feature of chrome to crash when LD_PRELOAD was set? or just a bug
<tilpner>
clever - If you have zsh and an alias, nis -p fire<TAB> is a little faster for a single lookup
<clever>
gandreani: looks like a bug
<gandreani>
clever: Also, this is like the 5th time in 20 minutes I've wanted to say "dam that's clever...'
<SusWombat>
Anyone in here using sdl-gpu? and could help me compile it under nixOs im new in that distro?
<asdfoiawe>
Hi, I'm trying to run a 32bit binary (there is no package on nix) that fails with "no such file or directory".
<asdfoiawe>
What options/packages do I need to run 32bit programs on a 64bit machine?
<clever>
asdfoiawe: did you download that binary from a website and just unpack the tar?
<asdfoiawe>
Yea
<clever>
the problem isnt that its 32bit
<asdfoiawe>
That linkage path thing?
<clever>
yeah, patchelf has to be ran on it
<asdfoiawe>
Ahh, thought the error message would be different in this case
<infinisil>
asdfoiawe: Is the source available/
<infinisil>
?*
<asdfoiawe>
No
<disasm>
pyhelp: do you have any other details, like why it failed to build?
<disasm>
guessing missing lib or something
<infinisil>
asdfoiawe: Then you need patchelfing, I haven't ever done this, but you can look at how other packages in nixpkgs have done it
<rosa>
Someone please go out of your way to try to break my irc client
voice_ftp has joined #nixos
<infinisil>
rosa: ?
digitus has joined #nixos
<rosa>
!commands
<Code>
rosa: The commands i accept are: !modules, !null, !pid, !channel, !line, !me, !languages, !(language suffix (note usually it is the 1st letter or 1st two letters of the language name (or 3 for specific languages like c++) that make up the language prefix, for example: custom built perl (preloaded with modules) is !p (system standard default perl is !p2) and python2.7 is !p2))
<rosa>
break it
<gchristensen>
Code: this isn't an appropriate place to test or use your IRC bot
<infinisil>
rosa: This is not the channel for it
<gchristensen>
rosa: this isn't an appropriate place to test or use your IRC bot
jsgrant_ has quit [(Remote host closed the connection)]
jsgrant_ has joined #nixos
<Code>
oki
<tilpner>
rosa - No need to break it, it's already broken by not replying to PMs
<Code>
i dont see any pm's
voiceftp has quit [(Ping timeout: 248 seconds)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nix] edolstra pushed 1 new commit to master: https://git.io/vd6Sp
<NixOS_GitHub>
nix/master 1dd29d7 Eelco Dolstra: Add option to disable the seccomp filter...
NixOS_GitHub has left #nixos []
<Code>
or at least cant correctly parse there raw irc syntax yet
<tilpner>
That's more broken than I expected if you don't even see them, but let's not talk about this here
et4te has joined #nixos
<Code>
is this it? :gchristensen!~gchristen@unaffiliated/grahamc PRIVMSG #nixos :rosa: this isn't an appropriate place to tes
<gchristensen>
Code, rosa: please take your testing elsewhere.
<tilpner>
No, "but let's not talk about this here"
<Alling>
sphalerite: Thank you so much for helping me out with Borg 1.1.0 before! Thanks to you I could create the backup today over USB instead of having to do it over SSHFS over the Internet.
<Code>
ok
jb55 has joined #nixos
Code has left #nixos []
pie___ has quit [(Remote host closed the connection)]
pie___ has joined #nixos
<sphalerite>
Alling: :)
leat has quit [(Ping timeout: 240 seconds)]
<elvishjerricco>
TIL: you can just build an iso for installing NixOS with `nix-build '<nixpkgs/nixos/release.nix>' -A iso_graphical`. NixOS never ceases to amaze me...
<taktoa>
elvishjerricco: not only that, but you can change the configuration.nix
<taktoa>
custom ISOs!
<elvishjerricco>
That's exactly what I was hoping to use it for ;)
<taktoa>
I can't remember which file you need to mess with for that, but it's pretty straightforward
leat has joined #nixos
<sirkha>
I have to run, so I will catch the answer to this later (if there is one), but how does one install libm (glib c math library)? didn't see it in the package search. is it part of glibc? some special option there?
<clever>
elvishjerricco: create a custom configuration.nix that contains { ... }: { imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-graphical-kde.nix> ]; }
jmeredith has joined #nixos
<clever>
elvishjerricco: and then just nix-build '<nixpkgs/nixos>' -I nixos-config=./configuration.nix -A system.build.isoImage
drakonis has joined #nixos
<hyper_ch>
tilpner: testing now qemu :)
__Sander__ has quit [(Quit: Konversation terminated!)]
<taktoa>
sirkha: I think stdenv.cc.libc has $out/lib/libm-2.25.so
cwre has joined #nixos
<elvishjerricco>
clever: incredible. Thanks. How do other distros get by without this incredible composability??
<clever>
elvishjerricco: impurities and imperative operations everywhere!!
<clever>
elvishjerricco: with chroots thrown in to try and isolate it maybe
<gandreani>
The debian reproducibility project seems so dated compared to nix XD. At least they're making upstream packages more deterministic tho :)
<gandreani>
NixOs*
<asdfoiawe>
infinisil: It seems that my binary is statically linked (ldd shows nothing and I cant find an rpath in objdump -x)
<joepie91>
gandreani: wasn't that mostly about build reproducibility?
<joepie91>
rather than system reproducibility
<joepie91>
(ie. different goals)
<elvishjerricco>
The nice thing about the debian thing is that they're going for bit-for-bit reproducibility
<elvishjerricco>
something Haskell projects would much appreciate..
<taktoa>
gandreani: there was some talk on the debian mailing list a few years ago about adopting nix. unfortunately they succumbed to FUD and didn't do it.
<gandreani>
joepie91: Yes, but I think if you follow that train of thought you will eventually arrive at system reproducibility
<joepie91>
I don't know about that :)
<joepie91>
the goal of the Debian project, afaik, is to prove that a given build originated from a given source
<joepie91>
ie. auditability of binary builds
<joepie91>
which is very different from the goals that NixOS has (or that you'd generally see in reproducible-system projects)
<elvishjerricco>
i.e. `nix-build --check` =P
<taktoa>
honestly if Debian were looking at adopting nix, the only changes I'd want to push through before that happened would be 1) some changes to the nix syntax and 2) recursive nix
<joepie91>
elvishjerricco: I don't think that does the same thing
<gandreani>
Hmm that's true. I supposed you could draw the line at the deterministic builds, for the sake of security
<joepie91>
gandreani: right, that's pretty much what Debian are doing. there *is* separately interest in Nix though, I believe
<joepie91>
just not in the context of build repro
<joepie91>
(from the Debian people, I mean)
<elvishjerricco>
joepie91: If you `--check` everything, it would be the same.
<gandreani>
I was thinking more from my use cases, of not just security but deployment and management of the whole system
<gandreani>
joepie91: That's a cool flag/option!
tempeh has joined #nixos
<sphalerite>
taktoa: link?
<joepie91>
elvishjerricco: it wouldn't, though - it verifies that the builds haven't changed since build time, but it doesn't necessarily prove that it originated from a given source
<joepie91>
elvishjerricco: which is, afaik, why adding binary caches is still a privileged operation
<joepie91>
(because you have to trust that the binary cache provider is serving you correct builds)
<elvishjerricco>
joepie91: Sorry, I don't think I understand what you mean by proving that it originates from somewhere. `--check` actually rebuilds the derivation, and then checks if the output is bit-for-bit identical. This doesn't check where it came from, but it does verify that the build is what your nix expression expects.
<taktoa>
lol @ this quote "As I said right at the beginning: this nightmare [the NixOS symlink farm] is useful, but should be wholly elective and not a core part of dpkg/apt."
erictapen has joined #nixos
<copumpkin>
elvishjerricco: if our builds were 100% deterministic that would be a reasonable strategy
<elvishjerricco>
copumpkin: yea that's the problem. Though I've found a surprisingly large number of non-Haskell derivations to be deterministic.
<copumpkin>
yeah
<joepie91>
elvishjerricco: ah, crap, sorry, I was misreading what you said
<joepie91>
I was thinking of nix-store --verify --check-contents
* joepie91
backtracks
<elvishjerricco>
joepie91: ah. Yea `--check` is sweet =P
<joepie91>
elvishjerricco: right, then I get what you mean :P
<joepie91>
but that still requires the build process to actually be deterministic
<joepie91>
Nix just does the checking bit
<elvishjerricco>
I'm building a new machine, and I'm gonna use `--check` for benchmarking compile times lol
hellrazo1 has quit [(Ping timeout: 240 seconds)]
<elvishjerricco>
speaking of: does anyone know if you can `--check` an entire hierarchy of a build? Say I wanted to `--check` a Haskell derivation and all its dependencies up to but not exceeding GHC.
<elvishjerricco>
Of course the `--check`s would fail, but I'd get to see how well the nix jobs can parallelize
<gandreani>
taktoa: That discussion in the debian list is interesting!
tempeh has quit [(Quit: WeeChat 1.9)]
<pxc>
hey, what happened with the SSL cert for NixCon?
<joepie91>
taktoa: I get a pretty distinct "this is not what I'm used to therefore it's bad!" vibe from that thread...
tempeh has joined #nixos
charlycoste has quit [(Quit: Leaving.)]
<pxc>
nixcon2017.org used to have an SSL cert my browser didn't complain about. now it looks like it is for the wrong domain (github.com)
<sphalerite>
taktoa: thanks!
cwre has quit [(Quit: Aliens ate me. I'm not good for them.)]
sigmundv__ has quit [(Ping timeout: 246 seconds)]
<pxc>
joepie91: lol the level of hostility toward using Nix for configuration management is kinda funny to me
<pxc>
'[making] it completely useless in serious production cases'
<hyper_ch>
is there a way for qemu to have seamless mouse integration?
<joepie91>
it's a bit odd, especially considering that if it really bothers you you can just drop pre-written config files in there anyway? it's not like you're forced to use Nix for config management
<joepie91>
hyper_ch: doesn't it have that by default?
<pxc>
yeah. IMO it's one of the things that makes NixOS wonderful
<hyper_ch>
joepie91: you have to ctrl-alt out of it or seomthing
<gandreani>
joepie91: Well, they have good points. Debian is a mostly "just works" distro. They mentioned specifically that packages are build with configs hardcoded, and that other packages expect those to be there. I can see how that would make porting, really tough
<joepie91>
hm
<hyper_ch>
also sharing clipboard would be nice
cwre has joined #nixos
<joepie91>
gandreani: I mean, sure? of course porting things to a fundamentally different model of system management is going to be tough... but that has little to do with presenting optional features as dealbreakers
<pxc>
gandreani: 'porting' would mean rewriting thousands upon thousands of package definitions, or replacing them with the ones in Nixpkgs. I don't think it has much to do with config; there's plenty of work involved just in committing toa new build system
<gandreani>
joepie91: pxc: But yeah, they are pretty hostile to nice features I bet lots of people would love
<joepie91>
gandreani: I don't really consider the points to be good at all, because they read like they've only had a cursory look at Nix without really trying to understand what can and cannot be represented with it
<joepie91>
the only valid-looking point I saw was the disk space one
hellrazo1 has joined #nixos
<joepie91>
I'm not saying that adding Nix to Debian is an easy or even desirable thing, but there are far more valid points to be made there than what's being said in that thread :P
<pxc>
I love Debian, and I think it's important to view them as allies in the broad free software effort to get reproducible builds, but it's clear from this mailing list that some people in Debian who _could_ 'get' Nix don't
tempeh has quit [(Quit: WeeChat 1.9)]
<joepie91>
ie. I possibly agree with their conclusion, I just think that they way they got there is completely wrong
<joepie91>
the way*
tempeh has joined #nixos
<joepie91>
I'm a big fan of rejecting ideas for the right reasons :P
andromeda has joined #nixos
<gandreani>
Yeah, but can you blame them for not being too interested? They probably see Nix as unstable and "immature" as arch ( which I don't think it is, just relaying their opinion)
<gandreani>
Too interested to dig deep and understand*
<gandreani>
joepie91: LOL me too, me too
pie___ has quit [(Ping timeout: 240 seconds)]
<joepie91>
I can blame them for drawing a definitive conclusion on something that they don't fully understand, yes - now if it were "this is not currently worth exploring as it requires too much work to understand", that I'd have no issue with
<joepie91>
but they're speaking authoratively on something they clearly don't fully understand
<pxc>
gandreani: I find it baffling, tbh. How can people who dedicate so much of their lives to solving package management problems not be interested in novel approaches to solving those same problems?
fragamus has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<joepie91>
and that's absolutely on them :P
<joepie91>
again: rejecting ideas for the right reasons etc.
<andromeda>
did anyone of you ever had the issue that typing was not possible when nixos asks for the luks passphrase?
<pxc>
is the thing they're debating whether to add a Nix package to the Debian repos?
<gandreani>
pxc: YES! completely agree
<joepie91>
pxc: no, rather Nix-y integration with dpkg it seems
<joepie91>
ie. as a part of the system's package management
<joepie91>
though it seems to have turned in the direction of cherry-picking features, which I'm not convinced is going to work, given that Nix uses a fundamentally different model
<joepie91>
and that its features are designed around that model
<joepie91>
you can't really shoehorn that into an imperative global system without losing most of the guarantees and benefits
<gandreani>
andromeda: Perhaps it's hidden on purpose? Try typing the password and press enter, it might just work
<pxc>
joepie91: I was just thinking the same thing as I read the complaints in that email about disk usage
<gandreani>
andromeda: Kinda like putting in the ssh key pass in the terminal
<andromeda>
gandreani: thanks but nothing happens when i do this
<pxc>
disk usage on NixOS is actually really easy to control, because you don't just accidentally build up cruft
<gandreani>
Bummer :/
<andromeda>
gandreani: i can select a nixos version to boot with the keyboard before though
<pxc>
my NixOS machines have less wasted storage than my openSUSE machines
<pxc>
but you get that benefit by embracing the declarative approach
<joepie91>
pxc: there are some scenarios in which disk use can be an issue with NixOS
<joepie91>
compared to centrally sanctioned package sets
<pxc>
joepie91: I'm sure. what are the worst ones?
<joepie91>
(Debian-style)
<zigschots20[m]>
It's the classic power curve problem in a way - it's hard to see how something more powerful than you know is actually better until you take the plunge completely, and then look back at where you were before. I find traditional distros relatively intolerable now... Trying to keep track of all the crap I've configured...
<joepie91>
pxc: small embedded systems, mostly; they benefit from Debian doing patches to make software run on library versions that they were never designed for
<joepie91>
pxc: because it means that maintainers put in the effort to converge everything onto single versions
jgertm has joined #nixos
<joepie91>
which, in Nix, you'd have to do at least partially yourself
<pxc>
joepie91: that has little to do with Nix or dpkg, though. Just the good work that maintainers have to do on every distro
<taktoa>
what really scares me tbh is the 50% solutions like flatpak
ertes has joined #nixos
<taktoa>
because they reduce the marginal benefit of switching to nix
<joepie91>
well, not exactly - it's a necessity in a global package management system, but in Nix it's easier and more attractive for maintainers to just add a new library version to the package set because it won't conflict *anyway*
<taktoa>
without actually giving the same level of utility
<pxc>
taktoa: ironically I feel like it takes something like Nix underneath to make me confident that a solution like flatpak will work reliably for me
<joepie91>
the result is that to an embedded system user, Debian is going to be less net effort to get running under constrained resources
<joepie91>
zigschots20[m]: I have a weird permutation of that problem, where my now-familiarity with NixOS makes me more irritated at the pockets of impurity and state that remain, than I have ever been with traditional distros before :)
tempeh has quit [(Ping timeout: 240 seconds)]
<taktoa>
pxc: right, I'm just saying that if flatpak becomes the norm, people will have less reason to care about nix and adoption will suffer, even though flatpak is significantly worse than nix
<joepie91>
(eg. desktop environment config)
<pxc>
joepie91: that's a good observation. the flexibility of Nix reduces informal pressures in the community to isolate those redundancies
* joepie91
agrees with taktoa
<pxc>
taktoa: yeah. the tech world often settles on bad solutions because they're more convenient for incidental reasons
<pxc>
I guess the whole world
<pxc>
heh
<SusWombat>
Anyone a idea why this happens? "-- Found SDL2: /nix/store/im7ma1cx1fk9kkrr3h1qw0i66q7z2q80-SDL2-2.0.5/lib/libSDL2.so
<SusWombat>
CMake Warning at CMakeLists.txt:123 (message):
<SusWombat>
SDL2MAIN_LIBRARY is NOTFOUND
<SusWombat>
"
<zigschots20[m]>
joepie91: haha, I know... I've started wrapping all my tools with their dotfiles in nix expressions to try and get around that - I love to just pull an expression, install, and go
<joepie91>
pxc: right, pretty much that. *theoretically* it would be possible to accomplish the same in Nix, it's just less likely to happen without a concerted focused effort :D
<SusWombat>
im trying to make a package
<joepie91>
SusWombat: that's... weird. have you verified that it's the right SDL2 version?
<joepie91>
the former check may just look for a filename whereas the latter may try to actually load symbols or such
<SusWombat>
joepie91, no .. i thought it shouldnt matter
tester123 has joined #nixos
<joepie91>
SusWombat: iirc applications tend to be pretty particular about SDL versions
<joepie91>
SusWombat: is the `cmake` command what it fails on?
<SusWombat>
and i try to build it with nix-build name.nix
cwre has quit [(Quit: Aliens ate me. I'm not good for them.)]
<taktoa>
speaking of strace, does anyone know if there's nixos support for dtrace yet?
<SusWombat>
joepie91, yeah i think so
<joepie91>
SusWombat: try changing it to something like this:
<pxc>
joepie91: I just saw that that thread was from 2013. I wonder if their views might be different if they actually tried Nix+Nixpkgs, especially a current version
<taktoa>
somewhere in the source of that they run `nix-env`
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] NeQuissimus pushed 4 new commits to release-17.09: https://git.io/vd6bc
<NixOS_GitHub>
nixpkgs/release-17.09 d7a2637 Tim Steinbach: linux-copperhead: 4.13.5.a -> 4.13.6.a...
<NixOS_GitHub>
nixpkgs/release-17.09 9a7dbfc Tim Steinbach: atom: 1.20.0 -> 1.20.1...
<NixOS_GitHub>
nixpkgs/release-17.09 c834d10 Tim Steinbach: atom: 1.20.1 -> 1.21.0...
NixOS_GitHub has left #nixos []
voice_ftp has quit [(Read error: Connection reset by peer)]
<joepie91>
SusWombat: ah, that one I don't know
<taktoa>
SusWombat: you need to remove the `buildPhase` you set
<taktoa>
you shouldn't need to set any phases
<SusWombat>
joepie91, ok still thank you :)
<SusWombat>
taktoa, but how does it know to use cmake?
<taktoa>
just adding `cmake` to the `buildInputs` is enough to get it to run `cmake`
<SusWombat>
oh ok
<taktoa>
because it has a setup hook
<SusWombat>
so much magic O:
<SusWombat>
"magic"
<taktoa>
SusWombat: try reading `$(nix-build '<nixpkgs>' -A cmake)/nix-support/setup-hook`
<taktoa>
it's a bash script that gets sourced during the execution of the stdenv.mkDerivation builder
<SusWombat>
taktoa, ok ill do. Btw it builds now O:
<SusWombat>
Is there a easy way to confirm that the libs are really installed?
<taktoa>
take a look at the output directory
erictapen has quit [(Ping timeout: 255 seconds)]
griff__ has joined #nixos
<SusWombat>
taktoa, theres a include and lib folder does nix know that i need these in "path"?
<taktoa>
that should be fine, nix will automatically add -I arguments to the gcc wrapper
<taktoa>
and linker flags
griff_ has quit [(Ping timeout: 255 seconds)]
griff__ is now known as griff_
sigmundv__ has joined #nixos
endformationage has joined #nixos
pie___ has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] mimadrid opened pull request #30359: unrar: 5.5.7 -> 5.5.8 for multiples CVEs (master...update/unrar-5.5.8) https://git.io/vd6NO
NixOS_GitHub has left #nixos []
erictapen has joined #nixos
<taktoa>
SusWombat: IIRC that's controlled by $NIX_CFLAGS_COMPILE and $NIX_LDFLAGS
<taktoa>
you can nix-shell into the derivation you're developing and check those environment variables
<srhb>
Hum, I have some containers that I've created essentially by creating a list of { name = "..."; value = "..."; } for each container, that I add to my containers attrset with // builtins.listToAttrs thatlist -- but when I nixos-rebuild switch only the first container gets updated. They all get created (which I can verify by destroying them by hand) but only the first is updates subsequently. How might this be?
<SusWombat>
taktoa, sry another question i try to install it now via "nix-env -f sdl-gpu.nix -i sdl-gpu" but i get "error: selector ‘sdl-gpu’ matches no derivations" any idea what i did wrong?
ixxie has joined #nixos
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] dezgeg pushed 1 new commit to master: https://git.io/vd6Al
<NixOS_GitHub>
nixpkgs/master 00078af Tuomas Tynkkynen: f2fs-tools: 1.8.0 -> 1.9.0
NixOS_GitHub has left #nixos []
MichaelRaskin has joined #nixos
jbgi has joined #nixos
erictapen has quit [(Ping timeout: 240 seconds)]
<taktoa>
SusWombat: just do `nix-env -i -f ./sdl-gpu.nix`
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] FRidh pushed 2 new commits to master: https://git.io/vd6xC
<NixOS_GitHub>
nixpkgs/master 71ee475 geistesk: pypcap: init at 1.1.6
<NixOS_GitHub>
nixpkgs/master 959a5b2 Frederik Rietdijk: Merge pull request #30226 from geistesk/pypcap-1.1.6...
NixOS_GitHub has left #nixos []
Neo-- has joined #nixos
pyhelp has quit [(Quit: ERC (IRC client for Emacs 25.3.1))]
<SusWombat>
taktoa, that worked! my script cant find the library tho.
<SusWombat>
can i echo some "path" variable to see if it is known to the system?
oida has quit [(Ping timeout: 264 seconds)]
<symphorien>
by design it is not available outside of a nix-shell or a nix-derivation
<symphorien>
"installing a library" doesn't really make sense with nix
<SusWombat>
symphorien, im not sure if i understand that
<SusWombat>
symphorien, but if i install sdl2 it finds that?
<srhb>
Can I somehow mount /sys/module/nf_conntrack/parameters in a nixos-container?
oida has joined #nixos
<srhb>
I think systemd-nspawn is tripping me up here.
<symphorien>
to make a library available to the compiler, just use nix-shell -p mylib
<symphorien>
and use gcc -lmylib from this shell
<symphorien>
nix-env -i is only useful for putting binaries in the $PATH
<SusWombat>
im kinda confused right now. I dont want to do anything with nix packages right now. Just use some librarys in my nix unrelated code. I still have to use nix shell?
<taktoa>
SusWombat: NIX_CFLAGS_COMPILE and NIX_LDFLAGS don't get set if you `nix-env -i` a package; that's why your compiler can't find the libraries
<taktoa>
SusWombat: yes, if you want to compile code "imperatively" that depends on a nix package, you use a nix shell
Judson has joined #nixos
<symphorien>
SusWombat: ah sorry for SDL it is `nix-shell -p SLD gcc`
<symphorien>
for the same reason as the cmake magic
<gleber_>
Anyone using `zprezto` for `zsh` with `sorin` or `paradox` prompt theme? Do you know which fonts are required and how to install them on NixOS?
tempeh has quit [(Ping timeout: 248 seconds)]
<SusWombat>
taktoa, that should be the one you did send
<infinisil>
I'm currently recompiling the world for git bisecting.. :(
<disasm>
gleber_: I believe it's powerline-fonts
<disasm>
infinisil: yup, did that a month ago, that was fun...
<infinisil>
I want a nix integrated git bisect, which prefers stuff that's available in the cache, and which knows if a nix expression changed so it doesn't have to try identical ones
Denommus has joined #nixos
<gleber_>
disasm: I have it in my systempackages, but some characters do not render
<Denommus>
guys, on the discussion about using IPFS with Nix
<gleber_>
disasm: mainly a character acting as a prompt - i.e. a character in place of standard $
<Denommus>
how would Nix guarantee that a binary was generated from a given script?
<infinisil>
with every symbol you can think of, and you can see them all on the webpage: http://nerdfonts.com/
<disasm>
actually, that is the powerline we point at in nixpkgs
<gleber_>
disasm: ah, I might be using unpatched Terminus actually
<gleber_>
infinisil: I'll give it a try
reinzelmann has joined #nixos
<infinisil>
Denommus: No idea, but I bet you could get an answer by reading stuff about data integrity and/or thinking about it
<infinisil>
I'd love to get IPFS integration, but it's currently not in my power to help with that
voiceftp has joined #nixos
Itkovian has joined #nixos
iqubic has joined #nixos
<infinisil>
You must first understand how nix hashes work and how ipfs hashes work, because they're different
<iqubic>
How do I get zsh to offer to correct things?
<iqubic>
That seems simple, but it really isn't
<infinisil>
iqubic: I don't get your question
<disasm>
Denommus: I would think we'd still have a hash for the file downloaded even if it comes from ipfs right? But I'm no expert here.
<iqubic>
zsh: correct 'sl' to 'ls' [nyae]?
<Denommus>
disasm: but in Nix's case you only have a hash for the file after you compiled, and the idea of IPFS integration is not needing to compile if someone else already compiled the same derivation
<iqubic>
I want someting like that to occure in my zsh
<infinisil>
Denommus: With Nix you have the hash before you start building the derivation at all
<iqubic>
Also, has nix been updated to use Java 9?
<infinisil>
Denommus: What ends up being built then and put into the output has no impact on the hash
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] vbgl opened pull request #30362: ocamlPackages: default to 4.04 (master...ocaml-4.4) https://git.io/vdifj
NixOS_GitHub has left #nixos []
<infinisil>
Denommus: IPFS however would use the hash from the output
<srhb>
iqubic: What do you mean? Nix doesn't use java, but unstable certainly does have some java 9 jres available.
<disasm>
iqubic: if you use prezto/oh-my-zsh there's a "utility" module that enables the CORRECT option.
<disasm>
Denommus: oh, binary caches
<iqubic>
disasm: I thought that the correct with [nyae] options were availible in standard zsh.
<iqubic>
However, I do use oh-my-zsh.
<disasm>
iqubic: yeah, just set CORRECT then
<iqubic>
Where I put that? In zshShellInit?
<disasm>
iqubic: I believe it's setopt correct
<srhb>
or correct_all
tmaekawa has joined #nixos
tmaekawa has quit [(Client Quit)]
oida has quit [(Ping timeout: 255 seconds)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
oida has joined #nixos
<asdfoiawe>
Does anyone have a nice way to handle python virtualenvs with dependencies to the system (for example PyQt5) in a nice way?
<asdfoiawe>
I dont really want to include every dependency of python packages from a virtualenv in my configuration.nix.
<asdfoiawe>
One way would be something like a vagrant, but this has some other downsides
<Denommus>
infinisil: I understand how both work
mkoenig has quit [(Ping timeout: 255 seconds)]
<Denommus>
infinisil: that's exactly why I'm wondering about the security implications of a integration
mkoenig_ has joined #nixos
rosa has quit [(Quit: rosa)]
<disasm>
asdfoiawe: I think the general suggestion is not to use virtualenv and use nix-shell for the deps
sigmundv__ has quit [(Ping timeout: 240 seconds)]
<gchristensen>
Denommus: there would have to be a trusted "lookup table" that mapped nix store paths to ipfs paths
Neo-- has quit [(Remote host closed the connection)]
<ldlework>
Yeah I read that but I had no idea that the 'in' was connecting the following expression with the let clause.
<gchristensen>
yeah, let always pairs with an in
<asdfoiawe>
disasm: Thanks, that was exactly what I was looking for :)
bennofs has quit [(Ping timeout: 264 seconds)]
<disasm>
asdfoiawe: yeah, much more powerful than virtualenv :)
<asdfoiawe>
And I can handle my C and my Python dependencies in one place :)
<disasm>
yessir!
<disasm>
node to if you your using something like react/webpack :)
<infinisil>
gchristensen: Denommus: Could it be an option to have an alternate hashing mode for nix? Such that it works the same way as IPFS, and everything needs to be deterministic that uses it
<asdfoiawe>
I just have to find a way to include the environment into clion/pycharm
ixxie has joined #nixos
<gchristensen>
infinisil: I don't think so, but I dunno, you'll have to talk to the guy with the PhD
<ixxie>
If I add a machine to my known hosts and put "myboxname" as one of the host names, I should be able to just ssh user@myboxname no?
<LnL>
infinisil: that won't work without some kind of indirection
<gchristensen>
known hosts or /etc/hosts?
<disasm>
ixxie: .ssh/config
sigmundv__ has joined #nixos
<disasm>
or /etc/hosts as gchristensen said
<gchristensen>
but .ssh/config is probably what you want
<ixxie>
well I was hoping to set it in configuration.nix
<disasm>
which would be networking.extraHosts if you're using nixos :)
<Ralith>
infinisil: it's kinda central to Nix that you can determine the hash of a thing based on its inputs and definition, without having its actual data
<zigschots20[m]>
looks like you can use it with a blockchain, but its not itself a blockchain
<infinisil>
Okay, but one more idea regarding the using-its-own-hash-in-the-build problem: How about using multiple outputs to circumvent having to refer to its own hash
<zigschots20[m]>
suddenly it seems much less magic 😋
<infinisil>
.foo-wrapped would reference foo which would be in a different output -> different hash and not cyclic
<gchristensen>
infinisil: I think, in general, it would be much easier for us to use something that is distributed but isn't a content-addressed store
civodul has joined #nixos
<infinisil>
But then you don't get the benefit of content addressing stuff
<gchristensen>
what benefits?
<infinisil>
data integrity, automatic deduplication
<gchristensen>
dedupe can be applied on the disk and transport algorithms, data integrity is ensured by the signing of NARs
<gchristensen>
(but sure, those are benefits)
<gchristensen>
(but I think the cost of trying to avoid self-references is too high)
<infinisil>
By dedup i mean that if somebody needs to build <hash> then he can check if that hash is already available in IPFS, and doesn't have to build it
<gchristensen>
how would he know to build <hash>?
erictapen has joined #nixos
<infinisil>
And the problem with signatures is of course the centralized nature
<infinisil>
gchristensen: Because something depends on <hash>
<gchristensen>
how do they know it depensd on <hash>?
<gchristensen>
hmm you know what, I'd really like to upgrade my emacs, I guess I'll go build c4xvhpdzsp5k9bpp3by3mgiipj17y9nw
<gchristensen>
c4xvhpdzsp5k9bpp3by3mgiipj17y9nw is probably emacs
<infinisil>
Heh
<infinisil>
Thinking about it
jensens has joined #nixos
<infinisil>
Dependency chain from the channels nixpkgs
<infinisil>
oh that doesn't work
<infinisil>
damnit you're right, I didn't realize
* infinisil
's dream slowly crushes
<gchristensen>
this is why the paths <-> ipfs list seems semireasonable
MP2E has joined #nixos
<zigschots20[m]>
IPNS perhaps to name the hash with the derivation hash? (caveat: hack, caveat': 5 minutes ago I was confused as to how IPFS actually worked)
Nobabs27 has joined #nixos
<gchristensen>
publishing ~40,000-120,000 IPNSs every day seems unwise :)
<zigschots20[m]>
yeah, fair...
<Denommus>
I think nix would need its own protocol, where the build of the package is the proof of work
<infinisil>
Okay, another (not-fleshed-out) idea: Having an ipfs lookup that maps from input hashes to output hashes
<MichaelRaskin>
Can't you batch updates per 5 minutes, updating the root of the tree?
<infinisil>
So you calculate the input hash on your inputs, then get the output hash if it's available and download it from IPFS
<Denommus>
then the network can verify that the transaction was really legitimate
<gchristensen>
infinisil: "2017-10-12 19:00:50gchristensena much more realistic solution would be to upload an ipfs <-> output mapping with the channel"
<infinisil>
Well, I'd be damned
<Denommus>
does my solution make sense?
<infinisil>
Is there a drawback to this?
<gchristensen>
well right now there is the "it'd delay every channel update by a compounding 24hrs"
<Denommus>
infinisil: the only drawback is that there's no point on using IPFS in this case. The calculations must already be centralized anyway
<infinisil>
Denommus: I have no idea how such a proof would look like
<gchristensen>
Denommus: the calculations of the output are centralized anyway
<gchristensen>
this is important because you want it to be, you want to trust the builder
reinzelmann has quit [(Quit: Leaving)]
<infinisil>
Okay, so if we'd want the perfect solution, a proof of the build being correct is needed
<gchristensen>
you have that in the signature
<Denommus>
gchristensen: I know, but I'm wondering if there's a way for a network to agree that a given binary really is the correct binary. Then we could have "miners" in the network perform the build and check the hash of the generated output compared to the proposal. When the network agrees that the build is correct it is accepted into the blockchain
<Denommus>
gchristensen: this would be a different protocol, not IPFS
<Denommus>
gchristensen: though I have no idea what kind of "reward" a miner would expect in such a system
<gchristensen>
your best bet would be a consensus algorithm
<infinisil>
Blockchain here we come?
<gchristensen>
no
<gchristensen>
lol
<gchristensen>
please no
<Denommus>
gchristensen: my idea is a consensus
<infinisil>
I mean... That is kinda what blockchains are good at, decentralized trust
<gchristensen>
please, instead of running 300 competing builders all trying to agree on what is the right build, just contribute money for those builders to the nixos foundation
<gchristensen>
also:
<zigschots20[m]>
can the mapping not just be put on ipfs too?
<Denommus>
but it requires a network of machines that perform the compilations when they appear, which don't seem something viable
<gchristensen>
this requires 100% perfectly reproducible builds, so its a pipe-dream
<Denommus>
gchristensen: I do contribute money to NixOS whenever I can
<gchristensen>
great!
<infinisil>
We're living in a perfect world now, with deterministic builds and no hackery :)
<MichaelRaskin>
Doesn't Debian have a majority of builds as bit-perfect reproducible?
mortum5 has quit [(Ping timeout: 240 seconds)]
<gchristensen>
great! I can quit computers
<LnL>
oh! does that mean we can remove this nixpkgs repository with all those workarounds?
<gchristensen>
yep
<Denommus>
MichaelRaskin: but that's a merit of the packagers, not of the package system itself XD
<infinisil>
We can?
<MichaelRaskin>
That's true
<Denommus>
it's like doing purely functional programming in Java
<zigschots20[m]>
im pretty sure ghc doesnt produce bit perfect builds
Nobabs25 has joined #nixos
<infinisil>
It makes me sad that maybe not even in a perfect world such a thing could exist :/
jsgrant_ has quit [(Remote host closed the connection)]
<MichaelRaskin>
LnL: well, we need all those search path modification machinery to install multiple glibc versions at once
<gchristensen>
nope, computers are solved MichaelRaskin
m0rphism has joined #nixos
<MichaelRaskin>
Solving computers is actually easy.
<gchristensen>
rm -rf /
<infinisil>
--no-preserve-root*
Nobabs227 has joined #nixos
* gchristensen
moves to the forest
<MichaelRaskin>
No, that's solving one computer
<nh2>
zigschots20[m]: that depends a bit on what you do. For many builds you can already get byte-reproducible build outputs in ghc
<gchristensen>
MichaelRaskin: sorry, our distributed trust block-chain algorithm will distribute the rm -rf --no-preserve-root / to all the builds
sigmundv__ has quit [(Ping timeout: 240 seconds)]
<infinisil>
I'm going to look into proofable build systems
<infinisil>
provable*
Nobabs27 has quit [(Ping timeout: 248 seconds)]
<MichaelRaskin>
Ha ha
<infinisil>
I have a slight hope that such a thing isn't impossible
<MichaelRaskin>
Well, you need P≠NP first
<MichaelRaskin>
And a bit more, because Heuristica is still a possible world.
<nh2>
to me it seems the most practical way is to combine reproducible inputs (nix) with reproducible outputs (debian style "fix everything that generates nondeterministic output), and after some time when many packages build reproducibly, it can be turned into a hard error when one doesn't
<infinisil>
brb, solving P=NP
Nobabs25 has quit [(Ping timeout: 240 seconds)]
<MichaelRaskin>
And then it will have just a 1000000× overhead
<MP2E>
doesn't even GHC have issues with deterministic output?
<MP2E>
from what I remember, we had quite a bit of trouble with that
<zigschots20[m]>
nh2: interesting. what kind of stuff breaks it? when I first heard about it, it kind of surprised me. It's a problem for cloud haskell from what I recall, which is sad
<nh2>
MP2E: some are still left but many improvements were made, for some inputs you can generate bit-reproducible binaries (at least it worked for me last time I tried)
<gchristensen>
so how about just a ipfs <-> nix store lookup table
<gandreani>
Why the ipfs? I tuned in only recently
<gchristensen>
gandreani: people really really really really really really really really really like IPFS I guess
<gandreani>
gchristensen: Ah, so no reason besides it's cool and we should use it?
ThatDocsLady_ has quit [(Ping timeout: 246 seconds)]
<MichaelRaskin>
That, and cache.nixos.org connection problems popping up a few times a month
<gandreani>
I thought it was served by cloudfront?
<nh2>
MichaelRaskin: but those can be trivially solved by just using a different hoster
<gchristensen>
gandreani: it is :)
<MichaelRaskin>
nh2: for some values of trivially
<gandreani>
So cloudfront is unreliable or the hosts?
<gandreani>
MichaelRaskin: lol so true
<jb55>
we could always replace the internet with content-centric networking and be done with it
<gchristensen>
gandreani: the last set of issues that cropped up were due to a person's ISP had a broken connection to cloudfront
<MichaelRaskin>
gandreani: the host is S3, and it looks like both sides are sometimes performing suboptimally
<nh2>
MichaelRaskin: just having CloudFlare sit in front of cache.nixos.org solved all connection problems for me, globally. For the last 6 months I haven't had a single download failure with this
<gchristensen>
and also we serve enough traffic that the # of failures is not insignificant
<MichaelRaskin>
jb55: oh the pendulum
anderslundstedt has quit [(Quit: leaving)]
<nh2>
MichaelRaskin: so I'd call that trivially
<gchristensen>
we're well within CF's availability
mortum5 has joined #nixos
<MichaelRaskin>
jb55: I mean, let's take the web, designed for documents, and make it apps.
<gchristensen>
yes!
<gandreani>
No please
anderslundstedt has joined #nixos
<gandreani>
I'm a full time web dev. It's hellll
<gandreani>
MichaelRaskin: gchristensen: In my short time (2 weeks) using cache.nixos.org it has been rock solid and fast :)
<gchristensen>
me too :)
<infinisil>
gandreani: IPFS is decentralized and content addressed, which (very very very certainly) means no downtime and guarantees that you get the correct data
anderslundstedt has quit [(Client Quit)]
<gchristensen>
well unless people decide not to host it
<gandreani>
That's assuming there's always gonna be someone connected
<gchristensen>
or the one host that keeps your favorite drv is still up
<infinisil>
yeah, but that's not a problem in our case
<gandreani>
Yup same issues as torrenting old...torrents
<gchristensen>
also it is going to be comparatively slow, IPFS is slow even for well distributed files
<gchristensen>
and the signatures ensure you get the correct data
Guest86466 has quit [(Quit: Lost terminal)]
griff_ has joined #nixos
<infinisil>
but signatures aren't decentralized, a compromised CA and there goes your trust
<gchristensen>
it isn't a CA
<gandreani>
I'd trust the dedicated servers internet connections than people's house connections. Especially the upload of these said connections
<gchristensen>
it is the nix binary cache signature key
<infinisil>
and it never changes?
<nh2>
infinisil: the current cache.nixos.org packages signed with said key, and do not need transport security
<gchristensen>
hasn't since I've been around
<infinisil>
hmm, i guess the cache is centralized anyways..
<gandreani>
You can just hash the contents of the downloaded drv and it should match the hash in the URL right?
<nh2>
gchristensen: why is the default cache.nixos.org https btw? It seems http could be much better cached by proxies in the middle and would need less roundtrips to start each download
<gchristensen>
nh2: privacy
<tilpner>
But IPFS would allow me to offer substitutes for packages I provide via a public overlay, without anyone adding my cache manually, right?
<nh2>
ah I see
<infinisil>
And I'm pretty sure the https overhead is negligible
<gchristensen>
tilpner: only if they manually added your signing key
<gandreani>
For the servers yeah, but if you're far from the servers, then there's some latency setting up the connections
<nh2>
infinisil: no, https can add significant slowdown, because with that you have >= 5 roundtrips to download a 100 KB package
<infinisil>
Is that really significant on the scale of nix download
<infinisil>
s?
<gandreani>
We could only know if we profile :)
<MichaelRaskin>
We have many 100 KiB packages
<MichaelRaskin>
Does Nix reuse the same connection?
<SusWombat>
taktoa, Are you there?
<nh2>
infinisil: yes, with my gigabit Internet 100 KB download take 1ms, while one roundtrip takes 20
<nh2>
MichaelRaskin: in the current nix in current nixos, no, it's a perl downloader that can't reuse connections as far as I can tell. The C++ nix 1.12 can share I think
<SusWombat>
taktoa, i just tried usin patcheld to set a rpath containing the sdl librarys that works for me. Anything wrong about that?
<infinisil>
Well that problem's solved then :)
* gandreani
is extremely jealous of nh2's giga connection
<gchristensen>
nh2: people interested in local caches can safely setup read-through caches
<gchristensen>
and it is safe to point to an http cache, due to the signatures, but the HTTPS is good for privacy
* infinisil
is jealous of anyone having stable internet with > 10Mbit/s
darlan has joined #nixos
darlan has quit [(Client Quit)]
<gandreani>
gchristensen: how can you verify the signatures of a drv. I'm still confused what the inputs are for that
<gchristensen>
the signing key is trusted on your system
<gandreani>
So the contents of the tar are signed with the private key and each NixOs install has the public key?
<copumpkin>
not quite a tar, but yes
<gchristensen>
yeah
<gandreani>
It's not a tar but a...?
<MichaelRaskin>
nar
<gchristensen>
yarrr
<gandreani>
Drats, I actually googled that
<gchristensen>
yarrr?
<gandreani>
So didn't someone mention that derivations and their sigs are distributed with the channels?
<gandreani>
Is there anyway to know which url maps to which drv?
<infinisil>
I should bookmark this chat so whenever I feel like exclusively using IPFS could work I can look here :)
<gchristensen>
copumpkin: god, what a responsiblyfreesoftwarepackage
<copumpkin>
gandreani: if you have the hash of the package, stick .narinfo on the end of it and hit the binary cache
<copumpkin>
that'll tell you the .nar path
<gandreani>
copumpkin: Thank you
<copumpkin>
not sure if you can easily go from the .nar to the package hash
<clever>
infinisil: the main issue i can see is that the .narinfo files are addressed by a hash of the build instructions
<clever>
infinisil: but the .nar is addressed by a hash of its contents
<clever>
ipfs cant handle the .narinfo half of the equation
<copumpkin>
there's been lots of discussion on the tracker about how to integrate ipfs into nix
<copumpkin>
it flares up every few months
<infinisil>
yeah, we had a discussion an hour or so ago about it clever
tester123 has quit [(Quit: Page closed)]
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Moredread opened pull request #30366: profanity: enable python and gpg support, parallel builds and enforcement of enabled features (master...profanity-options) https://git.io/vdiGH
NixOS_GitHub has left #nixos []
<infinisil>
My conclusion is that if you want a perfect solution you need a provable build system, that generates proofs that it really built what the inputs specified
<infinisil>
While it's nice to think of that, it's so very very far from being practical
<infinisil>
and maybe not even possible
<MichaelRaskin>
Possible, but with insane overhead.
<MichaelRaskin>
(with current state-of-theoretical-art crypto)
<copumpkin>
doesn't need to be crypto
<copumpkin>
but still a ton of effort
<MichaelRaskin>
copumpkin: how else can you do a provable build?
<gchristensen>
so how about just a ipfs <-> nix store lookup table :P
<MichaelRaskin>
The proof is shorter than the full trace, so there are collisions
* gchristensen
stops beating that drum
<copumpkin>
type systems :P proof carrying code, basically ship evidence (in the type theoretic sense) that the build came from the source in question
<MichaelRaskin>
copumpkin: this is empty statement.
<copumpkin>
have you played with Agda?
<copumpkin>
or something like it?
<MichaelRaskin>
If your proof will be verifiable, verification will be longer than the build.
<copumpkin>
not necessarily, but probably :)
<gleber_>
Let's say I have a tiny bash script living in my ~/bin/, what's the best shebang format to use on NixOS?
<MichaelRaskin>
#! /usr/bin/env bash
<copumpkin>
basically if you can factor out your common compiler transformations and "precompile" them, you can just invoke their respective proofs without typechecking the entire compilation process
<copumpkin>
(proofs of your common compiler transformations, that is)
<MichaelRaskin>
copumpkin: you still need to check they are correctly applied.
<gleber_>
MichaelRaskin: thanks!
<MichaelRaskin>
Which ends up being applying them
Oida has quit [(Ping timeout: 260 seconds)]
<MichaelRaskin>
You could save _a bit_ by saying that compiler _optimises_ some decisions, but _any_ decision would be _correct_.
<copumpkin>
yeah
<copumpkin>
that's sort of what I'm getting at
<MichaelRaskin>
But I don't believe you will save enough to compensate for the proof overhead.
<copumpkin>
probably not :)
<MichaelRaskin>
Note, that such a saving would mean we are not proving faithful compilation anymore.
Oida has joined #nixos
<gleber_>
I am trying to set fonts for `zsh` with `zprezto` for either `sorin` or `paradox` prompt theme, and this is the best I get: https://imgur.com/a/mvHsu . I can't figure out the prompt char :/
<gleber_>
Any ideas how to debug it?
<MichaelRaskin>
A simple strace will help you find out what the character code is.
<asdfoiawe>
I nearly got my nix based python to work the way I want it to. Is there a way to turn the result symlink created by nix-build into a directory containing the output including the output of its dependencies? E.g. result/bin/ containing a link to the python interpreter needed by the package?
<Moredread>
I'd like to enable testing for profanity, but one of them fails (on some systems). There is a patch available, but is pulling a patch just for testing a good idea?
<clever>
asdfoiawe: just use #!/usr/bin/env python and allow the fixupPhase to run (it should be on by default)
<clever>
asdfoiawe: nix will replace that with an absolute path
<gleber_>
MichaelRaskin: I see fonts it tries out. Any pointers how to find relevant lines specifically about the replacement character?
<MichaelRaskin>
I think zsh should write the missing character at some point.
<MichaelRaskin>
Either to fd 1 or to fd 2
<asdfoiawe>
clever: The intention is to use result as python environment for my ide (pycharm), so this wouldnt work, or would it?
mudri has joined #nixos
<clever>
asdfoiawe: ah, then you would want to either buildEnv it against the python, or just symlink the python binary in postInstall
sigmundv__ has joined #nixos
<infinisil>
MichaelRaskin: copumpkin: Regarding the proving: How about combining that with a consensus algorithm to distribute the verifications so that not everybody needs to verify everything?
isidore has joined #nixos
<MichaelRaskin>
infinisil: then you can just have a quorum mechanism for independent build replication
pie___ has quit [(Ping timeout: 246 seconds)]
<infinisil>
Hmm..
* infinisil
tries to remember how quorums work
<gandreani>
More than a majority have to agree for the action to be accepted
<MichaelRaskin>
Well, you don't want all builders to reproduce everything
<MichaelRaskin>
But a majority of those who do a build, should agree, and this majority should have many enough independent members
<infinisil>
Ah I see, but the entire point of using proofs was that only 1 would have to build it
<MichaelRaskin>
But if verification is just as expensive as a rebuild, skip the dance and do the rebuild.
<infinisil>
Oh right :/
NixOS_GitHub has joined #nixos
<NixOS_GitHub>
[nixpkgs] Ma27 opened pull request #30367: weechat-xmpp: init at 2017-08-30 (master...init-weechat-xmpp) https://git.io/vdiWm
NixOS_GitHub has left #nixos []
<MichaelRaskin>
And there are ways to make verification cheap, but then server-side overhead starts having menacing amount of digits.
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<infinisil>
server-side?
csingley has quit [(Ping timeout: 264 seconds)]
<gandreani>
MichaelRaskin: Well, isn't it hard to pick who will build when the nodes can't be trusted? I.e. whatever partitioning scheme you choose, it will fail when n members are malicious
<MichaelRaskin>
You can make proof verification cheap, but proof generation explodes.
<infinisil>
I see
<MichaelRaskin>
gandreani: it's a tradeoff
jtojnar_ has joined #nixos
<MichaelRaskin>
But system compromise of multiple targets is less likely to happen simultaneously and quietly (of course, it is still possible)
jtojnar has quit [(Ping timeout: 240 seconds)]
<infinisil>
the more nodes the better
<infinisil>
like with blockchains
<MichaelRaskin>
At some point you start thinking about the source repo.
<MichaelRaskin>
It's not like Nixpkgs code is so simple you cannot possibly hide malicious code there.
<infinisil>
Yeah I thought about that too..
<infinisil>
verified pull requests :P
<MichaelRaskin>
Won't help anything
<infinisil>
but you can't verify it
<Ralith>
is there a more concise way to override both the arguments to and attrs of a package than `(foo.override { ... }).overrideAttrs { ... }`?
<MichaelRaskin>
If the menace against Hydra is a targeted compromise, there is the same risk of targeted compromis of a couple of developer accounts.
<gandreani>
Man, security is such a rabbit hole...
<infinisil>
Ralith: Can it get any more consice?
<MichaelRaskin>
Then you have Trusting Trust, then you have modern CPUs being proprietary hellholes with known backdoors…
<Ralith>
infinisil: that is my question, yes
Nobabs227 has quit [(Quit: Leaving)]
Neo-- has joined #nixos
<infinisil>
Ralith: I don't think so, it's pretty concise already
<gandreani>
MichaelRaskin: I was looking into that yesterday! Intel ME is scary. Makes me wanna buy an ARM laptop :)
<gandreani>
But then compiling anything would take soooooo long
<Dezgeg>
no escape from that either in many socs
<gandreani>
Noooo, whyy?
<gandreani>
Is nothing relatively safe?!
<MichaelRaskin>
Abacus?
<infinisil>
you have to boostrap trust somehow
<MichaelRaskin>
With physical stones, you know.
<gandreani>
Heh
Itkovian has joined #nixos
eric[m]1 has joined #nixos
erictapen has quit [(Ping timeout: 255 seconds)]
erictapen has joined #nixos
erictapen has quit [(Remote host closed the connection)]
erictapen has joined #nixos
Ivanych has quit [(Ping timeout: 255 seconds)]
bennofs has quit [(Ping timeout: 255 seconds)]
notdaniel has joined #nixos
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<Dezgeg>
that one doesn't require any signed code apparently, just some blobs
eric[m]1 has left #nixos ["User left"]
cwre has quit [(Quit: Aliens ate me. I'm not good for them.)]
JosW has quit [(Quit: Konversation terminated!)]
Lisanna has joined #nixos
cwre has joined #nixos
<sphalerite>
hyper_ch: don't know if your question was otherwise answered, but in case it wasn't — use -usbdevice tablet to get proper mouse integration with qemu
<Lisanna>
I've got a derivation where I need to fixup the rpath for a binary, but the binary links to a shared library that lives in the same derivation, so the derivation itself needs to be in this binary's rpath. How do I do this without causing an infinite recursion?
isidore has quit [(Quit: WeeChat 1.9.1)]
corpix has quit [(Remote host closed the connection)]
Itkovian has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<Lisanna>
I want to do something like this: patchelf --set-rpath "${stdenv.lib.makeLibraryPath [ $out ]}" $out/bin/badprogram in the preFixup phase
<Lisanna>
but I know that I can't evaluate $out as an argument to makeLibraryPath
<symphorien>
just use --set-rpath $out/lib
<infinisil>
and you can evaluate $out like that, just not directly
<Lisanna>
...oh yeah, I guess I could do that
<Lisanna>
another rpath related question: it also links against a bunch of stuff provided by stdenv, like libpthread.so, do I have to include all that as well?
cement has quit [(Ping timeout: 260 seconds)]
<Lisanna>
the stdenv tools seem kind of hand wavy about how that kind of stuff is dealt with (I never have to specify any of it in nativeBuildInputs)
<Lisanna>
is there a pretty way in Nix to inherit the required attributes of your children? e.g., /default.nix imports nixpkgs and builds /app1, and /app1/default.nix asks for callPackage as input and builds /app1/app1.nix, which requires stdenv, fetchurl, and python
<Lisanna>
but I don't want to have to list stdenv, fetchurl, and python in /app1/default.nix as required attributes in its argument
<tilpner>
If /app1/default.nix already has callPackage, you can use that to provide the arguments to app1.nix
<Lisanna>
right but /app1/default.nix looks like { callPackage }: { app1 = callPackage ./app1.nix {} }
<Lisanna>
and app1.nix wants stdenv, but default.nix doesn't know that, so it doesn't but stdenv in its arguments
<Lisanna>
just callPackage
<tilpner>
callPackage will still provide them, app1/default.nix doesn't have to be called with them
<Lisanna>
I'm trying to avoid /app1/default.nix looking like { callPackage, stdenv, fetchurl, python, perl, <all of app2's requirements>, <some weird go stuff> }: {...}
jtojnar_ is now known as jtojnar
<Lisanna>
how will callPackage provide them if they're not in scope in /app1/default.nix?
<tilpner>
callPackage has access to all of nixpkgs
<tilpner>
It does not use your scope
<Lisanna>
I thought all callPackage did was automagically transport symbols that are in scope that match symbols requested by an expression
<MichaelRaskin>
It's an ordinary function
<clever>
Lisanna: pkgs.callPackage will only be able to use other attributes of pkgs
<Lisanna>
because I know for a fact that it at LEAST does that, since I use it for that
<LnL>
no the magic part is that it looks at the arguments of the function and tries to provide those
<MichaelRaskin>
It doesn't know where it is called
<Lisanna>
LnL: yeah I know that's how it's implemented
<Lisanna>
so if callPackage inspects app1.nix and sees that it wants something called stdenv, but stdenv is not in scope in default.nix nor is nixpkgs, what does it do?
<Lisanna>
I'm not importing nixpkgs in /app1/default.nix
<tilpner>
callPackage does not see your scope
<clever>
Lisanna: pkgs.callPackage will then use pkgs.stdenv
<Lisanna>
so it does both then? Because I know for a fact that it does pull things from my scope
<tilpner>
Please show an example that demonstrates callPackage using your scope
<LnL>
no, it only pulls things from the cope it's bound to
fragamus has joined #nixos
<Lisanna>
tilpner: oh wait, sorry, I'm dumb, I was explicitly inheriting those
<tilpner>
:)
<Lisanna>
...followup question: is there something like callPackage which does what I *THOUGHT* callPackage does? ^^
<tilpner>
Where is callPackage defined actually, I couldn't find it? splice.nix?
<tilpner>
I don't know of anything that collects your current scope as an attrset
<LnL>
and since pkgs.callPackage is part of pkgs it knows about itself so you can use it again in the function
iqubic has quit [(Remote host closed the connection)]
iqubic has joined #nixos
mudri has quit [(Ping timeout: 255 seconds)]
<Lisanna>
so, I'm still interested in my original question, since even though I can use callPackage with things in nixpkgs, that won't work for things that I've either overridden or custom things I've defined. But I guess I can define my own callPackage at the very top level that is bound to everything I want?
<clever>
Lisanna: any you add with packageOverrides is added to pkgs, and will work with callPackage
<Lisanna>
packageOverrides would work too I guess, it just feels a little gross to muck around with nixpkgs to add mown custom stuff
<CrazedProgrammer>
callPackage works with custom derivations, it's using callPackage within packageOverrides which resulted in infinite recursions for me
<clever>
yeah, most of the interesting stuff is in that area
<Lisanna>
LnL: that's an interesting example, so which version of callPackage will that custom callPackage use?
<clever>
Lisanna: line 155 defines a new callPackage, that will search within the new set, made by merging 3 others
<Lisanna>
right, so for the packages being called on line 156, if they themselves invoke callPackage internally, will it be the one defined on line 155?
<tilpner>
How do I make mkDerivation call autogen.sh again?
<clever>
Lisanna: only if they have callPackage as an argument to the default.nix
<clever>
tilpner: add the autoreconfhook to the inputs
<tilpner>
It already is in nativeBuildInputs :/
<clever>
autoreconfHook
<clever>
it doesnt directly run autogen.sh
<tilpner>
Oh...
<clever>
it runs automake and autoconf, with the right args to make it work under nixpkgs
<Lisanna>
clever: oh, is autoreconfhook the *right way* to run autotools for non-source dist sources?
mitchty has joined #nixos
<clever>
Lisanna: yeah
<Lisanna>
that's good to know :)
fragamus has quit [(Quit: My MacBook has gone to sleep. ZZZzzz…)]
<ryantm>
Is there some other way people specify an out-of-nixpkgs-tree file like nixos/modules/modules-list.nix ?
<clever>
ryantm: another option is to create an extra file, that has many things under its imports, or to use imports directly, how are you loading eval-config?
csingley has quit [(Ping timeout: 255 seconds)]
<ryantm>
clever: It's getting called nixops/nixos somehow.
fragamus has joined #nixos
<clever>
ryantm: what expression/command are you using?
<Lisanna>
clever: so if one of the packages called on line 156 has callPackage in its input attrset, then it will also get the custom version of callPackage on 155? but if it doesn't, and a child package wants callPackage, it'll instead get the regular nixpkgs version?
<clever>
Lisanna: depends, on how that child package is loaded
<Lisanna>
ah, yeah, you're right
<ryantm>
clever: `nixops deploy -d mydeploy` I have NIXOS_EXTRA_MODULE_PATH set in my env
<clever>
ryantm: ah, you might want to use the defaults for nixops instead
<Lisanna>
okay, but as long as it gets the custom one and I can propagate that to all the children that ask for callPackage, that's all I need
<Lisanna>
just as long as it's in the input attrset
<ryantm>
clever: defaults?
<ryantm>
clever: Do you agree that line 31 of eval-config.nix is wrong?
<clever>
ryantm: basicaly, if define a "machine" called defaults in your nixops deployments, that config is applied to every machine in the deployment
<ryantm>
clever: cool, I can do defaults.imports = (import ./modules/module-list.nix);
<Lisanna>
haha, now all my mid-level default.nix expressions are going to have { callPackage ? (import <nixpkgs> {}).callPackage }: as the input attrset
<clever>
Lisanna: in this case, its better to not make the mid level files directly loadable
<clever>
Lisanna: make a root default.nix, that imports nixpkgs, and then loads everything with callPackage
<Lisanna>
clever: I sometimes have to distribute mid-level files without a top-level, and doing this makes it easy for them to build it without having to know anything about Nix :)
<clever>
ah
<ryantm>
clever: Thanks; that totally worked. I should submit a PR to fix line 31 of eval-config.nix though, right?
obadz has quit [(Ping timeout: 248 seconds)]
<Lisanna>
by the way, the <nixpkgs> syntax is how you refer to a channel?
<tilpner>
Look at how llvmPackages.libcxxStdenv is done and try to plug llvmPackages.libstdcxxClang in :/
erictapen has quit [(Ping timeout: 258 seconds)]
<tilpner>
Okay, I don't know :(
dbmikus has joined #nixos
markus1199 has joined #nixos
<Ralith>
llvmPackages.stdenv uses *a* libstdc++ but it's the one from gcc 6, not 7, and simply rebuilding the clang with gcc 7 doesn't seem to be the necessary magic, unfortunately
fragamus has joined #nixos
asdfoiawe has quit [(Ping timeout: 258 seconds)]
markus1189 has quit [(Ping timeout: 258 seconds)]
<tilpner>
How do I make buildGoPackage not build every top-level .go file?
<tilpner>
Or build them separately...
Wizek_ has quit [(Ping timeout: 260 seconds)]
* tilpner
finds subPackages
kp__ has joined #nixos
<ryantm>
clever: I figured out that I could also specify the path to a single module with NIXOS_EXTRA_MODULE_PATH and inside the module have the imports. I'm asking about this on GitHub issues: https://github.com/NixOS/nixpkgs/issues/30376