* infinisil
trying to figure out how it works again
<azazel>
infinisil: :-) yes, I see... btw, I've still to understand when the pipefail set comes in handy in bash
<azazel>
I see that you used it in the server
<catern>
azazel: wow, very neat, thanks!
<catern>
I see more and more that Nix has a lot of inspiration from autotools
<catern>
since that's the same syntax that autoconf uses
<catern>
another question: what's the appropriate directory organization for a big Nixpkgs overlay in its own repo? I'm going to try and mirror the organization of Nixpkgs itself, with a pkgs/top-level/all-packages.nix, python-packages.nix, etc, does that make sense?
<nDuff>
azazel, re: pipefail, that's something I can speak to -- basically, anywhere you're running some-important-command | logger (| tee, | gzip > output, etc), you care about some-important-command's exit status, not just the logger's. By default, only the last command in a pipeline's exit status is used to determine whether the pipeline as a whole is considered successful, but that's not always appropriate.
<trevthedev>
looks like the steam package may have been fixed...
<trevthedev>
listening to hanz zimmer while installing it makes it infinitely more intense, haha
<nDuff>
azazel, ...the default (POSIX-defined) behavior is sometimes appropriate -- if you're running foo | head -n 5, you don't want that pipeline to be considered a failure because foo got an EPIPE after writing 5 lines -- but it's often not.
aleph- has quit [Ping timeout: 268 seconds]
<infinisil>
azazel: I'm slowly using more and more Haskell instead of bash wherever possible so I don't have to deal with this crap :P
<azazel>
nDuff: yes, I undrerstand, I will pay more attention to it
<infinisil>
This script is however supposed to be very minimal, so I'm trying to keep it to bash and python
mayhewluke has quit [Ping timeout: 246 seconds]
carlosdagos has joined #nixos
Ariakenom_ has quit [Quit: Leaving]
mayhewluke has joined #nixos
Cheery has joined #nixos
<infinisil>
But now I regret it, because it totally doesn't work anymore for some reason, actually outputs random garbage, and I have no idea why..
<azazel>
catern: really Nix doesn't impose any structure, but it hasn't an elaborate import mechanism either, so I would avoid splitting the stuff in too much files if that's not really necessary.. for packages one will use import/callpackage and "inherit (fooSet) bar zoo"
<trevthedev>
does steamplay work yet? i know it didnt before due to outdated runtime
<azazel>
catern: but I haven't had the need to manage hundreds of packages myself so maybe I'm not the best person to ask to... from my experience usually the language with its build tools together with your "flexibility requirements" will be the drive of you organization
drakonis has joined #nixos
<azazel>
infinisil: I never used haskell until some weeks ago when I was trying to convert nixos docs to sphinx and so I had to try out a "filter" for pandoc that required a recompilation of all pandoc... It took longer than I expected, but the sources were understandable at least ;-)
oida has joined #nixos
<azazel>
... unfortunately the filter thing didn't work well and so I built a new converter in python
jperras_ has quit [Ping timeout: 250 seconds]
drakonis1 has quit [Ping timeout: 252 seconds]
jluttine has quit [Ping timeout: 245 seconds]
<{^_^}>
[nixpkgs] @LnL7 opened pull request #49845 → qt5.qtbase: add cf-private on darwin → https://git.io/fpJtn
jluttine has joined #nixos
iyzsong has joined #nixos
jluttine has quit [Ping timeout: 252 seconds]
<Unode>
clever: still around?
jluttine has joined #nixos
<clever>
Unode: yep
<Unode>
ok so I managed to build everything with callPackage, but I'm unsure how to use it
<clever>
Unode: the result symlink should be pointing to a ~40mb "bash script", can you confirm that?
<Unode>
I don't see a result
<clever>
nix-build should create a result when it finishes
<Unode>
I used 'callPackage ./nix-installer.nix {}'
<Unode>
in repl
<clever>
ah, then when you :b it
<clever>
it should give a path
<Unode>
I tried :b it but it tells me expression does not evaluation to a derivation, so I can't build it
<Unode>
Arahael: some haskell packages require access to third party libraries, like C components. Often these aren't bundled and configuration expects to find the necessary libraries in the system. Once you are at this last point then you have to integrate things with nix or else packages won't find the dependencies.
<Arahael>
Ah, that does make perfect sense.
<Arahael>
Eg, http-client requires zlib.
<Unode>
basically, anything that assumes 'standard unix locations' anywhere as a way to find dependencies needs nix. And even when they don't do this, in order to ensure they pick a specific version you need nix.
<Unode>
Basically you always need nix :P
<Unode>
the one exception is static binaries or dynamic binaries. For those you can go around by using patchElf to 'fix' them.
<Unode>
(but if I'm correct, patchElf was created by Nix people :P )
<drakonis1>
patchelf is a cool thing
<Unode>
once you go nix, nix is the only way to go
<Unode>
patchelf is awesome!
<azazel>
:-D
<Unode>
If you hate LD_LIBRARY_PATH breakage, patchelf saves the day.
<azazel>
you know someone that loves them :-P
<Unode>
I hate LD_LIBRARY_PATH (or better its excessive use in the wild) and therefore patchelf is on the other end of that gradient closer to love indeed :x
capisce has quit [Read error: Connection reset by peer]
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
leothrix has quit [Remote host closed the connection]
romanofskiWork has quit [Ping timeout: 244 seconds]
Xal has quit [Ping timeout: 246 seconds]
leothrix has joined #nixos
Xal has joined #nixos
sigmundv has quit [Ping timeout: 268 seconds]
freeman42x has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fpJOi
<ekleog>
Anyone here already used TLS certs in a NixOS test? I can't figure out how to make nixos/tests/common/letsencrypt/ actually “work” :/
<colemickens>
I <3 NixOS.
<colemickens>
And <3 Nix.
<colemickens>
Running nixpkgs pkgs on Ubuntu with NixGL feels like freaking magic.
orivej has joined #nixos
<alienpirate5>
How do I get nixos to run a binary compiled for not-NixOS?
<alienpirate5>
Do I have to write a derivation to build the binary in the Nix build system
<alienpirate5>
or is there some magic that lets me patch it or something
EarlDeLaWarr has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
trevthedev has quit [Quit: WeeChat 2.2]
reinzelmann has joined #nixos
<{^_^}>
[nixpkgs] @dingxiangfei2009 opened pull request #49855 → Use closureInfo for building system tarballs and Docker container → https://git.io/fpJ8i
hamishmack has joined #nixos
<{^_^}>
[nixpkgs] @andrew-d opened pull request #49856 → calibre: remove references to podofo to reduce closure size → https://git.io/fpJ4T
<yl[m]>
this is pretty bad, especially for those testing a lot in VirtualBox
<yl[m]>
I'm astonished with his tone though, I don't think either of his arguments to release 0 day are worth it
<colemickens>
You missed lots of discussion about it in -chat ;)
<yl[m]>
busy work day :)
<yl[m]>
getting back to Nix :) Say I run `nix-env -f '<nixpkgs>' -iA vimPlugins.acp` how do I find where the package is in the store? It has no binary for me to easily readlink it
* ekleog
thinks it's still better to 0-day-release than to sell on the black market :p
o1lo01ol1o has quit [Ping timeout: 260 seconds]
* yl[m]
nods
o1lo01ol1o has joined #nixos
<ekleog>
you should `nix-build '<nixpkgs>' vimPlugins.acp` to find the package in the store
<ekleog>
but you likely want `vimWithPlugins` or I forgot the name instead
maximiliantagher has joined #nixos
<yl[m]>
ekleog: I'm trying to hand over a set of zsh functions to my team mates and I don't want them to manage zsh with nix simply because they don't work with it yet (well not knowingly anyway lol). So I want to give them a zsh script that automatically finds where the package installed is and source it
<yl[m]>
I think I'll just set it up from the setup script I have
<ekleog>
now yeah, if you can control everything, you can just symlink from /var/most-recent-package into the store and link to it from the .zshrc
<yl[m]>
should be easy to insert some markers and put the source in between them
<yl[m]>
that's another interesting idea
<ekleog>
this way you only nix-build if there's no /var/most-recent-package yet
o1lo01ol1o has quit [Ping timeout: 252 seconds]
<yl[m]>
nice, yea I'll do that instead
<yl[m]>
thx
<ekleog>
yw
o1lo01ol1o has joined #nixos
maximiliantagher has joined #nixos
maximiliantagher has quit [Ping timeout: 245 seconds]
cinimod has joined #nixos
slack1256 has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @peterhoeg opened pull request #49858 → matrix-synapse: prepare for python3 switch → https://git.io/fpJRZ
cinimod has quit [Ping timeout: 244 seconds]
vk3wtf has quit [Ping timeout: 252 seconds]
o1lo01ol1o has quit [Ping timeout: 250 seconds]
maximiliantagher has joined #nixos
o1lo01ol1o has joined #nixos
maximiliantagher has quit [Ping timeout: 252 seconds]
orivej has quit [Ping timeout: 272 seconds]
endformationage has quit [Ping timeout: 268 seconds]
o1lo01ol1o has quit [Read error: Connection timed out]
<{^_^}>
[nixpkgs] @andrew-d opened pull request #49859 → ncurses: upgrade from 6.1 -> 6.1-20181027 → https://git.io/fpJ0E
eeva has quit [Remote host closed the connection]
eeva has joined #nixos
Nadrieril has quit [Remote host closed the connection]
hyper_ch2 has joined #nixos
ciil has quit [Ping timeout: 246 seconds]
ciil has joined #nixos
o1lo01ol1o has joined #nixos
dweller has quit [Ping timeout: 246 seconds]
dweller has joined #nixos
phreedom_ has joined #nixos
<hyper_ch2>
so, I need to know how to correctly set a static ip in nixos.... I've used dhcp assignment for a long time but lately, after 24h, the home server fails to resolve and dns
phreedom has quit [Ping timeout: 256 seconds]
<hyper_ch2>
I have no idea why
<hyper_ch2>
I did set dns servers in the config, but /etc/resolv.conf doesn't contain anything
fendor has quit [Ping timeout: 272 seconds]
maximiliantagher has joined #nixos
<teto>
I've deployed a minimal nextcloud config. I did a quick scan on the machine and there seems like no webserver is running. Should I reboot the machine/enable a specific item ?
maximiliantagher has quit [Ping timeout: 245 seconds]
o1lo01ol1o has quit [Ping timeout: 260 seconds]
hyper_ch has joined #nixos
cinimod has joined #nixos
<jasongrossman>
teto: I don't know, but there are services that need a reboot, so yes, try that.
mayhewluke has quit [Ping timeout: 268 seconds]
mayhewluke has joined #nixos
<Lisanna>
The sha256 for a fetchFromGitHub is changing between downloads.... why?
<ekleog>
I'm saying the sha256 argument was ill-computed
<ekleog>
in the issue
<Lisanna>
Yes, but there's a second issue discussed in there
<Lisanna>
"I also noticed that the sha256 checksum for the file changed at least once upon newly downloading the same archive from GitHub."
maximiliantagher has joined #nixos
<Lisanna>
copumpkin addresses this with "fetchFromGitHub uses fetchzip to hash the contents of the tarball as opposed to the tarball itself, which as you noted will vary between downloads."
<ekleog>
that was stated before the person understood that the contents' hash should be hashed
<ekleog>
the tarball's hash changes, and it was the hash the person was speaking about
<Lisanna>
WHy does the tarball hash change
<ekleog>
the contents' hash doesn't change exactly because fetchFromGitHub uses fetchzip
<ekleog>
<ekleog> (because the sha256 of the tarball changes from time to time on github, because github being github)
<ekleog>
<ekleog> but as the contents' hash doesn't change, the sha256 hash in fetchFromGitHub shouldn't change
<Lisanna>
Well, it does for me
lonokhov has joined #nixos
<Lisanna>
I've had the sha256 of a fetchFromGitHub change out from underneath me several times
<ekleog>
with your patched nix or with the actual nix? :p
<Lisanna>
even though I'm using a git hash in the rev
<ekleog>
like, if the sha256 of fetchFromGitHub changed several times, nixpkgs would just never work
<Lisanna>
ekleog regular nix
<Lisanna>
ekleog yes it would
<Lisanna>
since everything gets cached / substituted
scribbler has quit [Quit: scribbler]
<ekleog>
I've spent a while without binary cache (armv7)
<ekleog>
the failures weren't due to hashes changing :p
lopsided98 has joined #nixos
<Lisanna>
failures?
<ekleog>
now, if you encounter the case, there must be something somewhere
<Lisanna>
Yes, I am encountering the sha256 changing for a fetchFromGitHub
<ekleog>
can you try diffing the download from your store and a fresh fetchFromGitHub?
maximiliantagher has quit [Ping timeout: 252 seconds]
<ekleog>
to know whether it's a nix bug or just github being even more stupid than usual and changing the *contents* of the tarball (which would be outside of what it's supposed to do, and nix could likely do nothing against it…)
<teto>
jasongrossman: thx, tried rebooting to no avail. I wonder if anything needs to be done to get the UI running
o1lo01ol1o has joined #nixos
<ekleog>
if nix computes two different hashsums for the same directory, it's a nix bug. if there is an irrelevant change between the two tarballs' contents, it's a nixpkgs bug. if there is a non-negligible change between the two tarballs' content, it's a github bug
<ekleog>
(arguably if there is an irrelevant change it's *also* a github bug… but well…)
Ariakenom has joined #nixos
<Lisanna>
yeah, give me a minute
* ekleog
needs to afk, please hl, I'll read when I come back
peterHK has quit [Ping timeout: 256 seconds]
<{^_^}>
[nixpkgs] @rnhmjoj opened pull request #49861 → nixos/manual: move syncthing notice in the right position → https://git.io/fpJu9
<Lisanna>
OK, it's stuff in the .git directory changing
<Lisanna>
I guess that makes sense?
<MasseR>
Does anyone know what 'markBroken' actually does on nix haskell package definitions? Checking the impl it sets the 'broken' attr to true, but what's the effect of this
fendor has joined #nixos
Itkovian has joined #nixos
<Lisanna>
I was setting leaveDotGit
vk3wtf has joined #nixos
Itkovian has quit [Read error: Connection reset by peer]
maximiliantagher has quit [Ping timeout: 268 seconds]
johanot has joined #nixos
goibhniu has joined #nixos
elgoosy has joined #nixos
<{^_^}>
[nixpkgs] @oxij opened pull request #49862 → introduce and use `repoToName` → https://git.io/fpJVA
<elgoosy>
hi, i got a message that heroku package broken. :/ can i somehow install it?
<{^_^}>
[nixpkgs] @oxij opened pull request #49863 → metrics.nix: add a metrick for the current number of packages as seen by nix-env → https://git.io/fpJw4
PolarIntersect has joined #nixos
<PolarIntersect>
yo
<lukego>
Is there a way to rewrite 'import <nixpkgs/lib>' such that it uses the path corresponding to an already-imported copy ('pkgs' variable) instead of the <nixpkgs> path lookup?
<{^_^}>
[nixpkgs] @oxij opened pull request #49864 → trivial: tiny cleanups and fixes → https://git.io/fpJrL
<PolarIntersect>
You essentially just want to hoist an object into your scope?
o1lo01ol1o has quit [Ping timeout: 264 seconds]
sigmundv has joined #nixos
<lukego>
I want to get a cross-compiling copy of the nixpkgs I am already using. The examples I see online import nixpkgs with the 'crossSystem' attribute set. But they all use <nixpkgs> on the import and I'm concerned that this exposes me to the environment too much i.e. value of NIX_PATH
<lukego>
basically I want to rewrite this line:
<lukego>
with import /home/luke/git/nixpkgs { crossSystem = (import /home/luke/git/nixpkgs/lib).systems.examples.musl64; };
<hyper_ch2>
Mic92: when using root encrypted zfs, how can I make sure the initrd wasn't tinkered with by an evil 3rd party?
<lukego>
such that it uses the same path as the 'pkgs' variable was loaded from, rather than an absolute path, and rather than <nixpkgs>
<elgoosy>
https://nixos.org/nixos/packages.html#nodejs says it's 8.11.4 but once installed the version is 6. do i have to update something on my machine to get the version announced in this website?
<elgoosy>
im trying to install heroku using nodejs but now i get only the outdated version of nodejs
elgoosy has quit [Remote host closed the connection]
b1000101 has joined #nixos
<b1000101>
Is a build fail on aarch64-linux currently an issue? Should I try to resolve it? I don't even know, if the previous version has been built for aarch64-linux https://github.com/NixOS/nixpkgs/pull/49832
<ptotter[m]>
any ideas on how to run nixos on arm under lxc?
<ptotter[m]>
I have this arm router (turris omnia) that has lxc support
vk3wtf has quit [Ping timeout: 276 seconds]
<ptotter[m]>
so I'd need a template file for lxc to create a nixos container
o1lo01ol1o has joined #nixos
<ptotter[m]>
I read that nixos on arm is hit and miss based on board support
<hyper_ch2>
I also have a TO :)
<Ke>
isn't that true for any distro?
<ptotter[m]>
but since turrisos (basically openwrt) takes care of booting, nixos would only need to run in the glorified chroot
<Ke>
also often SoC is more descriptive term than board
<ptotter[m]>
uname says armv7l
<ptotter[m]>
board shouldn't matter in this case
<sphalerite>
ptotter[m]: have you got nix running on the board?
__Sander__ has joined #nixos
<ptotter[m]>
no
<ptotter[m]>
raspberry pi also reports armv7l, so since there's already a booting linux, it shouldn't be a problem
<ptotter[m]>
no worries about hardware, other than ABI
Boomerang has joined #nixos
vk3wtf has joined #nixos
talyz has quit [Ping timeout: 276 seconds]
etu has quit [Ping timeout: 260 seconds]
livh has left #nixos [#nixos]
ckauhaus has joined #nixos
<joko>
Is there something special with the /nix/store mount? The stat system call inside an application returns that a directory there is not a directory
<joko>
It's actually an application running another application which has actually the stat() call
<joko>
If I run the stat() application on a nix shell, then it seems to work as intended
Boomerang has quit [Client Quit]
__monty__ has joined #nixos
<sphalerite>
ptotter[m]: yeah, the annoying bit is that the official binary cache doesn't cover armv7
<ptotter[m]>
bugger, that would really make it annoying
<sphalerite>
ptotter[m]: you can use Dezgeg's binary cache, if the router takes a removable medium or something you can install nix using another computer with nix on it by running nix build --store /mnt/usb nixpkgs.nix --argstr system armv7l-linux --substituters http://nixos-arm.dezgeg.me/channel --trusted-public-keys 'nixos-arm.dezgeg.me-1:xBaUKS3n17BZPKeyxL4JfbTqECsT+ysbDJz29kLFRW0=%'
<sphalerite>
then put the resulting `nix` directory into the root of the router's fs (using a bind mount probably?), then you can bootstrap a nixos container from there
<sphalerite>
dezgeg's binary cache does cover the most essential bits like stdenv, so at least you won't be building gcc and stuff
<sphalerite>
but yeah, it's not as much fun as with aarch64 which is properly supported :)
<sphalerite>
Is simple-nixos-mailserver still alive? There hasn't been a release in a long time and the nixos rmilter module is complaining about being used in 18.09
sg2002 has quit [Ping timeout: 240 seconds]
<jasongrossman>
sphalerite: I think it's got a new person on the maintenance team, FWIW.
sg2002 has joined #nixos
<schopp0r>
hi. I have now been trying for *days* to compile the Nix package manager in a way that can be used on a computer 1. without root access, 2. without the possibility to access or create /nix. So I need different dirs for nix-store, etc. What I was trying is to compile nix inside a nix-shell to use some /tmp-dir as a store directory, then copy this directory to the computer, and then compile it there again with a store directory in my
<sphalerite>
jasongrossman: that's good, where would I find this out?
<schopp0r>
But it just doesn't work. It always finds *some* reason not to work.
<{^_^}>
[nixpkgs] @FRidh pushed commit from @flokli to master « lark-parser: 2017-12-18 -> 0.6.5 »: https://git.io/fpJPH
voiceftp has quit [Ping timeout: 244 seconds]
<schopp0r>
The last two problems were that it couldn't compile m4 for no apparent reason (installing m4 just hanged, no error message), and the AWS tests failed (I would prefer to compile it without AWS support since I do not need it, but this is not a package option for nix)
<schopp0r>
sphalerite: ok, but how do I get nix in the first place?
PolarIntersect has quit [Ping timeout: 245 seconds]
PolarIntersect has joined #nixos
<schopp0r>
ach gah
<PolarIntersect>
O_O
* PolarIntersect
needs to decide what laptop to get
<schopp0r>
ok, I'm done. at this point I just have to accept that it is impossible to compile nix.
<PolarIntersect>
Can you look at how the official one is built?
<PolarIntersect>
For reference?
<symphorien>
schopp0r: you said a few days ago that it is impossible to disable tests
<symphorien>
how do you *exactly* compile nix ?
TweyIII has joined #nixos
<jasongrossman>
PolarIntersect: Do you want advice about laptops?
<{^_^}>
[nixpkgs] @FRidh pushed commit from @flokli to release-18.09 « lark-parser: 2017-12-18 -> 0.6.5 »: https://git.io/fpJ1Z
<PolarIntersect>
ya
<PolarIntersect>
if it's ok to ask here
<jasongrossman>
PolarIntersect: Might be better to ask on #nixos-chat, but that's almost all the same people anyway.
<PolarIntersect>
oh wow
cinimod has joined #nixos
<PolarIntersect>
You'd think I'd know that existed by now
<jasongrossman>
PolarIntersect: Do you have any parts or peripherals you want to re-use in it? I ask because I have a bunch of old parts and that restricts my choices a lot (but I still do fine).
<gchristensen>
PolarIntersect: I think the dell xps 9560 is quite nice, but if I were to get one today I'd go for a smaller one - 13" since I travel much more now than I used to.
<cinimod>
Someone(s) last week very kindly helped me with setting up nix in single user mode so that I could use an up-to-date version of sundials on a machine where I do not have sudo / root
<cinimod>
I just thought I'd let you all know how I am now using it
<PolarIntersect>
gchristensen: Is the build quality pretty good?
<schopp0r>
symphorien: yes, it is impossible to disable tests. even some docs said it. what do you mean by "exactly". I can paste the default.nix file and everything. But not sure how that would help?
<symphorien>
yes paste the relevant nix files and the command you use on some pastebin of your choice please
<gchristensen>
PolarIntersect: which is slightly annoying, because I want a reason to get a 13".
<ekleog>
<Lisanna> I was setting leaveDotGit <-- (sorry for being slow) hm… it kind of makes sense (at least explains why nixpkgs isn't having this issue), but it's really not nice :/ I guess there's not much that can be done from a nix/nixpkgs point of view, though
<Lisanna>
ekleog yeah, luckily I didn't actually need leaveDotGit
<cinimod>
I think it may have been symphorien who helped (possibly among others)
<sphalerite>
PolarIntersect: I have some build quality problems myself
<gchristensen>
sphalerite: oh! what are you seeing?
<gchristensen>
to put it in to perspective, my apple laptops have lost keys and dead pixels. other laptops have had broken plastic and worse
<cinimod>
Also clever helped
ilikeheaps has quit [Ping timeout: 252 seconds]
<cinimod>
So I can install packages without being admin which are then available to folks operating outside of the nix world
<cinimod>
sphalerite: thanks
mayhewluke has joined #nixos
<schopp0r>
PolarIntersect: I still like older lenovo laptops, and I know a person who uses a Lenovo Yoga Tablet with nixos
<schopp0r>
PolarIntersect: but that is rather expensive
<sphalerite>
gchristensen: well my work laptop for comparison is a thinkpad, 2 years old, I'm not the first user, and it's nothing like it
<gchristensen>
cool
<schopp0r>
sphalerite: do you see any obvious mistakes?
<sphalerite>
gchristensen: the screen is also a bit damaged, although that might be my fault, I'm not sure
<Mic92>
hyper_ch2: you would need to use something like secure boot.
<Mic92>
apart from that you can't
phreedom_ has quit [Ping timeout: 256 seconds]
phreedom has joined #nixos
<schopp0r>
ah, out of interest, does nixos run on the linux subsystem for windows (this new interix-like thingy m$ invented)
<hyper_ch2>
Mic92: how about kitten security? placing lots of cute kittens in front of my home server, so that every intruder loses interested in tampering with the initrd and plays with the kitten instead?
<__monty__>
Is a creaky hinge a high bar? I'm still using a T400 and there's no sign of any hinge creakage.
<hyper_ch2>
schopp0r: I doubt it'll work but feel free to try it
<schopp0r>
hyper_ch2: I *tried* it with several minor changes. *why* will it not work and *what* can I do about it?
<Mic92>
hyper_ch2: I guess this all depends on your thread model.
cinimod has quit [Ping timeout: 244 seconds]
sb0 has quit [Quit: Leaving]
<schopp0r>
sorry that I am a bit annoyed sometimes, but I really try this for a *week* now
<Mic92>
*threat
<hyper_ch2>
schopp0r: never use pure nix on another distro
<srk>
I'm about to try nixos-infect on WSL :D
<schopp0r>
hyper_ch2: what else?
<TweyIII>
schopp0r: My understanding is that you can do Nix on Ubuntu on WSL
<gchristensen>
srk: ghuntly is almost done putting nixos in the windows app store
<hyper_ch2>
schopp0r: sorry, I meant is that I've never used pure nix on another distro
ThatDocsLady has joined #nixos
<hyper_ch2>
just nixos
<hyper_ch2>
there's a windows app store now?
<srk>
gchristensen: cool! I've stumbled upon that last week
<srk>
hyper_ch2: yeah and you can install linux distros from there :D
<hyper_ch2>
next step is that windows will ship with linux kernel?
<symphorien>
schopp0r: hum I am thinking, those are the tests of aws-sdk-cpp you want to disable, right ?
<{^_^}>
[nixpkgs] @edolstra closed pull request #49862 → introduce and use `repoToName` → https://git.io/fpJVA
<Lisanna>
is there any way for remote building to not have to download all of the build inputs to the local machine before the derivation can be built remotely?
<Lisanna>
closest thing I know of is to use --store instead of remote building, but that has its own problems
akaWolf has joined #nixos
IRCsum has quit [Ping timeout: 252 seconds]
<Lisanna>
10G build input + remote building from laptop on garbage internet is *not* fun
<hyper_ch2>
why not?
<__monty__>
Because it takes ages.
<__monty__>
I share the pain.
<__monty__>
Often resort to sshing to the remote to build and then nix-copy-closure.
pxc has quit [Ping timeout: 252 seconds]
rprije has quit [Ping timeout: 240 seconds]
o1lo01ol1o has joined #nixos
<TweyIII>
What sets NIX_TARGET_CXXSTDLIB_COMPILE ?
<joko>
Lisanna: can't you connect to the remote machine via SSH and build your stuff there directly?
<Lisanna>
joko remote machine doesn't have my nix expressions
<Lisanna>
so, no, that's not really a solution
<joko>
Lisanna: if your nix expressions are less than 10G, then maybe it is faster :D
IRCsum has joined #nixos
<Lisanna>
joko I'm referring to a very specific behavior of nix where it requirs that all build inputs of a remote build be downloaded locally before starting the build. I guess this is necessary in order to calculate the hash of the derivation, but it sucks that this can't be done on the remote builder itself
<Lisanna>
ah, but, then I guess if it was already built, it would perform remote actions unnecessarily
<Lisanna>
wait, no, it doesn't need them to be downloaded to compute the derivation hash?
<joko>
exactly
<joko>
I think it needs them to compute the hash
<joko>
Or, actually no, that would imply that we need to download all the sources
<Lisanna>
joko no, it doesn't. because I can do nix-instantiate and get the derivation
reinzelmann has quit [Remote host closed the connection]
<Lisanna>
without the inputs being downloaded
<gchristensen>
makethe massive files fixed output drvs? like a fetchurl
reinzelmann has joined #nixos
<Lisanna>
so, I have no idea why nix requires that all the inputs be present on the local host
<Lisanna>
gchristensen how would that help?
<gchristensen>
it'll help on subsequent evaluations since it won't have to rehash the massive file
<Lisanna>
gchristensen I don't think rehashing is the issue here... it's the fact that my laptop does not want to download 10G, let alone upload 10G
<gchristensen>
right
<gchristensen>
yeah that is weird / frustrating
<gchristensen>
the build distributer could be smarter
<{^_^}>
nix#1993 (by volth, 33 weeks ago, open): Add option to disable upload to builders
<betaboon>
any suggestions how to deal with this situation: the block-device that holds /nix/store has 0 free inodes therefore i can not even run nix-collect-garbage ?
<gchristensen>
is /nix on the same device?
<symphorien>
schopp0r: so you may be interested in removing aws-sdk-cpp like this http://xelpaste.net/vokDKc
<rawtaz>
betaboon: curious, how come it's so low on inodes? is it nix's fault?
<betaboon>
gchristensen: yeah seems like it. it's the nixos-demo-virtualbox-image
<gchristensen>
betaboon: can you delete any single file on the system at all?
<TweyIII>
What's the deal with NIX_TARGET_CXXSTDLIB_COMPILE ? What sets it?
<betaboon>
gchristensen: doesnt seem like it
<gchristensen>
betaboon: I mean even in /home
<betaboon>
gchristensen: i could rw-remount the nix store and delete stuff by hand i guess
<betaboon>
gchristensen rawtaz i have the nixos-demo-virtualbox setup as a buildslave on a macos system and i guess i have forgotten to `nix.gc.automatic = true;` ...
<gchristensen>
betaboon: how about a file in /nix/var/log/nix/...
<TweyIII>
Ooo
<betaboon>
gchristensen: will chec
<TweyIII>
So for context — I'm trying to build something with a llvmPackages.libcxxStdenv, but somehow libstdc++ include files get put onto my include path, which breaks everything
<TweyIII>
I've checked the environment and this is the only thing that refers to it
<rawtaz>
betaboon: ah, so it's not something that would normally happen as long as one clean up now and then :) good to know!
<betaboon>
gchristensen: removing those logs resulted in freeing enough inodes to run `nix-collect-garbage -d`
<betaboon>
rawtaz: yeah seems like it
<rawtaz>
ha. gchristensen for president, then
<gchristensen>
lol plz no
<rawtaz>
:D
<rawtaz>
you are right. you do more good in here helping nix users :P
<betaboon>
gchristensen: i bet you can build a better wall on budget
* betaboon
hides
<jasongrossman>
You might like to consider which country gchristensen is eligible to be President of. I don't believe it's the USA.
phreedom has quit [Remote host closed the connection]
<hyper_ch2>
jasongrossman: what if he's from a country without president?
phreedom has joined #nixos
<betaboon>
on the subject of build-slaves on macos machines: does PR#27934 mean it might not be required to use a build-slave to nixops-deploy linux machines from a macos machine anymore ?
<jasongrossman>
hyper_ch2: I was thinking that he's from somewhere with no interest in building "the wall", but yes, you have a good point there too.
<gchristensen>
jasongrossman: I am from the USA :)
<betaboon>
gchristensen: but are you _born_ in the usa ? XD
o1lo01ol1o has quit [Ping timeout: 276 seconds]
maximiliantagher has joined #nixos
<schopp0r>
symphorien: thx, I will try that
<jasongrossman>
gchristensen: Damn.
<rawtaz>
jasongrossman: a man of his caliber and charisma can be president anywhere ;)
<hyper_ch2>
he can't be president in the UK
<rawtaz>
if the UK would appoint him president he would be :)
ottidmes has joined #nixos
<hyper_ch2>
btw, what are the build farms actually good for? I mean doesn't hydra already build all stuff for nixos?
<srhb>
hyper_ch2: Not understood. What build farms?
<hyper_ch2>
that's what I'm trying to understand... e.g. what Lisanna is doing
maximiliantagher has quit [Ping timeout: 240 seconds]
<gchristensen>
Lisanna is doing crazy-cool stuff building crazy custom stuff.
<Lisanna>
*blinks*
<Lisanna>
hyper_ch2 yeah, tons of custom stuff
<hyper_ch2>
but why?
v0|d has quit [Remote host closed the connection]
<Lisanna>
hyper_ch2 not sure I understand :p nix is a general-purpose build specification and pipelining tool, you can use it to automate builds of tons of stuff - like custom disk images, internal software, testing
<Lisanna>
I use it for work
<hyper_ch2>
Lisanna: I've never used nix on its own. Just Nixos
<gchristensen>
Lisanna is not building a nixos system :)
<hyper_ch2>
:)
<Lisanna>
I'm stubborn and continue to try to command my linux nix cluster from my mac... being able to edit my nix code in a local editor is very nice...
<schopp0r>
symphorien: this will probably compile till tomorrow. is it ok to highlight you then?
<Lisanna>
...without having to have crazy rsync / sshfs stuff
<hyper_ch2>
Lisanna: good luck
<hyper_ch2>
(but why use a mac?)
<symphorien>
schopp0r: huh it should use dependencies you already had built, no ?
elgoosy has quit [Remote host closed the connection]
<Lisanna>
hyper_ch2 only alternative is some crappy work-issued PC running winblows
<Lisanna>
work lets you BYO mac :)
<schopp0r>
symphorien: I am on a VM that was wiped in the meantime … and on the target computer, there is no valid nix-infrastructure anyway, so I need to recompile it (and this computer is shit, which doesn)
<schopp0r>
t make it easier …
<hyper_ch2>
Lisanna: and you can't upgrade winblows to nixos?
<TweyIII>
gchristensen: Turns out somebody had put `clang` in buildInputs, which inserted that into the environment…
<gchristensen>
ah
<hyper_ch2>
at least Mac comes with bash :)
<Lisanna>
hyper_ch2 I *might* be able to... but I'd be largely on my own in terms of corporate tool support. I might look into it someday
<Lisanna>
TweyIII .override will let you override what inputs callPackage passed in to the package's .nix file
<jgt>
simpson: something is broken on nixpkgs unstable; it _might_ be to do with the most recent MacOS security update
<simpson>
jgt: Maybe. Darwin's not exactly a good platform. I don't have a Darwin setup available right now, so all I can do is test on NixOS. *How* does it not build?
<simpson>
jgt: I can't find anything interesting out there; it would seem that both Apple and Stack produce mighty piles of shit.
<TweyIII>
Lisanna: But I want to override it for the whole of nixpkgs
<Lisanna>
TweyIII use an overlay
<TweyIII>
Lisanna: I know I can do it on a per-package basis, but that is tricky since we have a whole dependency tree going on
<{^_^}>
[nixpkgs] @marsam opened pull request #49867 → pgmetrics: init at 1.5.0 → https://git.io/fpJ77
<TweyIII>
Lisanna: Yeah, that's what I'm asking — can I just apply an overlay to pkgs somehow?
<Lisanna>
(I *think* overlay is the right answer here)
<TweyIII>
I think so too
<jgt>
simpson: yeah :(
<jgt>
but is there a way to download a binary from the nixpkgs cache or something?
sb0 has quit [Ping timeout: 276 seconds]
<TweyIII>
I want to make something like pkgsi686Linux
<TweyIII>
But I don't really understand how that works v.v
<simpson>
Sure, if the binary matches. I suspect that the problem is that GNUStep no longer works with your version of Apple's OS libraries, although we'd need to see the actual build errors to confirm it.
<TweyIII>
It refers to something called nixpkgsFun that doesn't seem to be in scope elsewhere
<jgt>
simpson: how can I go looking for the binary?
<simpson>
jgt: If a binary existed, it would have been built under the same conditions as your system. Nix isn't the kind of system where the binary cache's builders are better than your setup at building packages.
<jgt>
ah, ok
<jgt>
well I guess at this point, I'll have to try building my projects without stack2nix
<jgt>
and even cabal2nix doesn't work with nixpkgs-unstable master, so I've had to use an old revision for that too
<simpson>
I'm still waiting for this shit to build here on NixOS. Nearly 4GiB of requirements had to be downloaded, and it's burning a hole in my lap.
<lukego>
I am now very confused. I have a statically-linked setuid-root executable. I have stored this on a filesystem that doesn't have 'nosetuid' set. I have passed this filesystem into the Nix sandbox. I have enabled '--allow-new-privileges'. and yet: setuid doesn't seem to take effect - uid doesn't change. (it works fine outside the sandbox.) any ideas?
<{^_^}>
[nixpkgs] @c0bw3b pushed commit from @noneucat to master « polar-bookshelf: init at 1.0.11 (#48610) »: https://git.io/fpJbt
<lukego>
The 'whoami' after running this executable is 'root' from outside the sandbox and 'nixbld' from inside
<tilpner>
lukego - libstore/build.cc mentions seccomp for setuid
johann__ has joined #nixos
<lukego>
can it be something extreme e.g. the build is running in a userns where root doesn't even exit or something?
erictapen has joined #nixos
<avn>
lukego: probably you shouldn't attempt setuid bit, but use setuid-wrappers later
<lukego>
I'm hoping that 'allow-new-privileges' is suppressing that seccomp magic. hard to be sure though. I'm not sure what process to strace to see those calls?
<avn>
(or I misunderstand, what you try to achieve)
<lukego>
avn: I'm on this track because security.wrappers is not working for me (but I start to suspect for the same root case)
<tilpner>
throw SysError("unable to set 'no new privileges' seccomp attribute");
<tilpner>
That's the only use of allow-new-privileges I found
<tilpner>
It does not affect the previous setuid seccomp calls
<lukego>
avn: the wrappers program seems to die with an assertion failure, on reflection I think it is detecting the same problem that I see i.e. the uid did not change to match that of the setuid executable
scribbler has joined #nixos
<lukego>
So e.g. if I run /run/wrappers/bin/sudo inside nix-build I see an assertion failure from wrappers.c
<avn>
lukego: you try to call something suid inside build sandbox?
<lukego>
yep. uid doesn't change.
johann__ has quit [Read error: Connection reset by peer]
<avn>
why you need call sudo insode nix-build? It probably wrong
<avn>
provide fake sudo via fakeroot to builder
<lukego>
I have good reasons, I promise, have explained them to edolstra in the past and he appreciated it made sense
johann__ has joined #nixos
<lukego>
tilpner: thanks, I'll delve into the nix sources
<symphorien>
lukego: maybe you can use breakpointhook to debug what happens
erictapen has quit [Ping timeout: 252 seconds]
<avn>
lukego: can you show, why you need real root inside builder?
<lukego>
I don't need to create a setuid binary here, only to run one that already exists and is visible
<avn>
setuid-wrappers should be not visible inside builder
<lukego>
avn: I'm maintaining a Hydra cluster that we use for benchmarking open source telco network equipment. the benchmarks have to run things like userspace device drivers for 10G/100G network cards. that requires root. can't use virutalization because it's benchmarks.
<lukego>
we have been running this successfully for years, but on 16.03, and now I'm trying to port it all to 18.09. thought it would take a couple of hours but here I am on week #2
<symphorien>
lukego: do you really need the sandbox, then ?
orivej has joined #nixos
<avn>
lukego: I see. So probably you should just set `no-sandbox` clause on derivation
<lukego>
symphorien: no, it's a bit on a sunk cost thing at this point. the sandbox is nice to have, and worth spending some hours on preserving, but probably not worth the time I have already spent.
<avn>
So I feel you need do all preparations (like generation of test script) in one derivation (sandboxed), then a run which produce log -- in non-sandboxed one
<lukego>
symphorien: I do see a risk of stuff breaking randomly in the future if our builds are accidentally accessing random files on the machine
* lukego
eyes HAVE_SECCOMP...
<avn>
probably, maybe we can have more fine grained seccomp settings for sandboxing ;)
erictapen has joined #nixos
<symphorien>
well disabling seccomp support is not much better than disabling the sandbox, I guess
<lukego>
what's the downside to disabling seccomp?
<avn>
lukego: you do some eth softswitches, right?
<lukego>
avn: yes
<symphorien>
I think most of the sandbox is based on seccomp
<avn>
well, then I know what the project, one my good friend collaborated on this ;)
<lukego>
guess I have to understand all this seccomp, etc, deeply to get anywhere here
<lukego>
I'm guessing at the moment the issue is actually a kernel user namespace where root doesn't exist. looking for a /proc or /sys file that can test that hypothesis
juliendehos has quit [Quit: Leaving]
<lukego>
I do see seccomp calls blocking the *creation* of setuid binaries but not blocking their use
<domenkozar>
maybe Mic92 can help here :)
<domenkozar>
or niksnut
iyzsong has joined #nixos
abcrawf has quit [Remote host closed the connection]
<lukego>
Have to run now. Ideas welcome, will pursue when I get a chance to bang my head on this some more :)
<hyper_ch2>
banging your head can lead to CTE
<{^_^}>
[nixpkgs] @Mic92 merged pull request #49684 → buildDunePackage: add support function and use it in a few packages → https://git.io/fxhTM
<srhb>
Unode: Throw in some debug prints or set -x to see if what you think is getting run is actually getting run :)
<Unode>
I don't get anything from set -x. It's building through nix-daemon. --verbose adds more text but nothing next to the actual error
<srhb>
Unode: Share your nix expression?
crmlt has joined #nixos
<Unode>
srhb: I don't have one. I'm literally doing nix-build -p gitAndTools.git-annex
<srhb>
Unode: Oh!
<TweyIII>
Lisanna: But how do I reevaluate pkgs with the new overlay?
<Unode>
srhb: sorry, I thought I included that in the paste
<TweyIII>
Lisanna: I have `pkgs` which is my packageset, and I'd like to modify it by applying that overlay
<TweyIII>
Lisanna: I think this is what pkgsi686Linux uses `nixpkgsFun` for
<srhb>
Unode: You probably did and I'm just blind. :) I guess cabal2nix is doing something bad for git-annex then. it does look bizarre, but that's probably because the package itself is bizarre.
<srhb>
Unode: installPhase = "make PREFIX=$out BUILDER=: install"; -- wat
<srhb>
Unode: configuration-common has a comment about the special handling of it..
<Unode>
I was able to add it to my environment with nix-env though
<Unode>
so it seems only nix-build fails
<Unode>
first time I've seen this
<srhb>
Unode: Presumably there's two different drvs
<Unode>
srhb: any suggestion on how to proceed?
<Unode>
hum...
<Unode>
I just tried nix-build -p hello and it also failed at the end
<srhb>
Well -p hello is wrong
<srhb>
Did you do that all the time?
<Unode>
maybe too used to nix-shell. I might
<srhb>
I don't even know what -p is.
<srhb>
(For nix-build)
cinimod has joined #nixos
cinimod has left #nixos [#nixos]
o1lo01ol1o has joined #nixos
crmlt has quit [Remote host closed the connection]
o1lo01ol1o has quit [Ping timeout: 276 seconds]
o1lo01ol1o has joined #nixos
<Unode>
srhb: oh that was the problem. And somehow going through it I recall being bitten by this in the past
<Unode>
I guess one more thumbsup for having consistent UI between the different nix toolings
<srhb>
Unode: Sorry I didn't notice earlier. problem with skimming :P
<Unode>
srhb: you pointed in the right direction. that's all that matters ;)
<{^_^}>
[nixpkgs] @wucke13 opened pull request #49871 → getdp: init at 3.0.3 → https://git.io/fpJxY
carlosdagos has quit [Quit: Connection closed for inactivity]
reinzelmann has quit [Quit: Leaving]
o1lo01ol1o has quit [Ping timeout: 276 seconds]
<{^_^}>
[nixpkgs] @globin merged pull request #49812 → gimp: get rid of compiler from the runtime closure → https://git.io/fpvmA
<{^_^}>
[nixpkgs] @globin pushed commit from @pbogdan to master « gimp: get rid of compiler from the runtime closure »: https://git.io/fpJpi
<{^_^}>
[nixpkgs] @globin merged pull request #49704 → make-derivation: enable pie hardening with musl → https://git.io/fxhlk
<{^_^}>
[nixpkgs] @globin pushed commit from @matthewbauer to master « make-derivation: enable pie hardening with musl »: https://git.io/fpJpd
maximiliantagher has joined #nixos
<Aleksejs>
Hello, I'm trying to compile ycm library and I'm getting an error "Could NOT find PythonLibs (missing: PYTHON_LIBRARIES PYTHON_INCLUDE_DIRS)". Google suggests that I need to install python-dev pachage but I can't find that package
steshaw has quit [Quit: Connection closed for inactivity]
<asymmetric>
azazel: isn't it in the store path? e.g. /nix/store/mqcvclzvbjd2cg8c2xzaczm367axqy2g-python3.6-slither-analyzer-0.2.0/bin/slither
<avn>
Aleksejs: for first -- check, that your buildInputs have python, for second -- it can depend from your buildsystem, sometimes pass extra flags to cmake/whatever can helps
<asymmetric>
azazel: /nix/store/3rywkpkhncg3slkra8rkd241bjg3p78y-xonsh-0.6.8/bin/.xonsh-wrapped says 3.6 on my machine, but i think there's a default set on all of nixpkgs for what "python" means
<asymmetric>
hopefully it's python3 :)
<azazel>
I was hoping to find something less...hacky.. my goal is to add the package of a python library (click), but just that package built for the same interpreter used for xonsh, so that I can use it from xonsh scripts
sanscoeur has quit [Ping timeout: 246 seconds]
<asymmetric>
since xonsh uses python3Packages, if you define your expression using that you'll have the same python version
<azazel>
yes, but it uses python3Packages now, what if it changes to a more specific python version in the future, to overcome some incompatibilities? I would rather not having to verify it manually
johann__ has quit [Ping timeout: 252 seconds]
hyper_ch2 has joined #nixos
romildo has quit [Quit: Leaving]
erasmas has joined #nixos
stepcut has quit [Remote host closed the connection]
stepcut has joined #nixos
stepcut has quit [Remote host closed the connection]
asymmetric has quit [Ping timeout: 252 seconds]
aitch_ has quit [Quit: Page closed]
Itkovian has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<{^_^}>
[nixpkgs] @rafaelgg opened pull request #49873 → flashplayer: add libglvnd dep → https://git.io/fpULL
<TweyIII>
So why does the clang derivation export a NIX_TARGET_CXXSTDLIB_COMPILE that includes gcc headers
<TweyIII>
?
<symphorien>
on linux ?
<TweyIII>
symphorien: Yes
<TweyIII>
symphorien, b1000101: Looking at your build output it looks like something went screwy with ofborg's build attempt, rather than the package actually being broken…
<b1000101>
thanks
erictapen has quit [Quit: leaving]
<symphorien>
because on linux clang is told to use libstdc++ to be able to link to gcc-built libraries
<b1000101>
TweyIII can I re-run borg by making another comment (sorry for stupid questions, I'm quite new to Nix)?
<TweyIII>
Probably you can't, but samueldr can
<TweyIII>
symphorien: Ahh
<TweyIII>
It's a feature then
<b1000101>
TweyIII thanks a million
<TweyIII>
No problem
<TweyIII>
b1000101: You can see the build output by clicking the link ofborg produces, BTW
<samueldr>
b1000101: ofborg had a hiccup yesterday, the result might be wrong
<b1000101>
basically the same thing, I've updated udev rules for 18.03,18.09 and master few days ago so this should be just fine, not breaking anything, just better security.
<b1000101>
should I ask someone to try to build it when I open a new PR next time?
jtojnar has quit [Remote host closed the connection]
sanscoeur has joined #nixos
sanscoeur has quit [Remote host closed the connection]
Ariakenom has quit [Ping timeout: 240 seconds]
EarlDeLaWarr has joined #nixos
ghusbands has joined #nixos
Tucky has quit [Quit: WeeChat 2.2]
<ghusbands>
So, following recent advice, I've found a way of getting an environment others can exactly copy is to install any nix and run: nix-shell -p git python36Packages.pygit2 -I nixpkgs=https://github.com/nixos/nixpkgs/archive/18.09.tar.gz
hyper_ch has joined #nixos
<ghusbands>
Do you think that's a good way of allowing people to reproduce an environment for running the software for a paper or blog post?
<simpson>
That seems like a remarkable improvement compared to the typical paper's reproducibility.
<hyper_ch>
so, how do I properly assign a static ip to my home server and also provide nameserver entries?
<hyper_ch>
because my /etc/resolv.conf is empty and after 24h, dns resolution just stops working
<ghusbands>
Cool, thanks. Then a silly perfectionist question - is there any way I can get rid of the "6" in "Python36Packages.pygit2" for future-proofing reasons (for users who remove the -I option to run the latest).
<hyper_ch>
I've tried with dhcp, I've tried with network manager, I've tried with assigning the ipv4 address
johnw has quit [Remote host closed the connection]
<clever>
hyper_ch: networking.nameservers
<__monty__>
ghusbands: Isn't pythonPackages the most recent?
<hyper_ch>
clever: with this config, /etc/resolv.conf is empty except for 127.0.0.1 and options edns0
mayhewluke has joined #nixos
<hyper_ch>
setting useDHCP now to false
<clever>
hyper_ch: oh, you turned on something that overrides the nameservers
<__monty__>
ghusbands: Yep, you're right. It uses the default python which is python2 which is python27. It'd be python 3 if you overrode it in an overlay of course. Does python3Packages not work actually?
<clever>
hyper_ch: do you have bind or dnsmasq enabled?
<hyper_ch>
clever: which is? preferrably I'd like to only use dhcp though
<__monty__>
ghusbands: It should. It's defined in all-packages.nix.
<clever>
hyper_ch: run `nixos-option networking.nameservers`, what does it output?
<ghusbands>
__monty__: pythonPackages worked fine. I was just surprised it didn't show up in nix search (which is why I hadn't tried it)
<hyper_ch>
clever: no bind and no dns mask, but at bootup I noticed knot to be installed
<hyper_ch>
I don't have that in my config
<__monty__>
ghusbands: Yeah but it'll use python 2.x, not python 3.x until nixpkgs changes the default python.
<clever>
hyper_ch: turning off localDnsResolver would stop it
<ghusbands>
__monty__: You pointed me in the right direction, though. python3Packages.Pygit2 works and gets rid of the overspecific version specifier I was concerned about.
selaux has quit [Remote host closed the connection]
scribbler has quit [Quit: scribbler]
tolt has joined #nixos
mutantmell has quit [Quit: WeeChat 2.0]
<hyper_ch>
clever: I'll open a ticket at mail-server and point them that they might want to include nameserver provided from the configuration.nix as well and not just overwrite everything
<hyper_ch>
and I forgot that I require useDHCP = true; for having dhcp in the initrd and hence be able to remote unlock encryption
mtjmullen has joined #nixos
aleph- has quit [Ping timeout: 244 seconds]
sanscoeur has joined #nixos
oida has quit [Ping timeout: 256 seconds]
oida has joined #nixos
slack1256 has quit [Remote host closed the connection]
oida has quit [Remote host closed the connection]
ubert has joined #nixos
sg2002 has quit [Ping timeout: 252 seconds]
sg2002 has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to master « haskell.packages.ghc843: drop obsolete package set »: https://git.io/fpUB1
<Myrl-saki>
copying path '/nix/store/z00a6p3y4p7iq1fx8kw40njn3bpln6ck-emacs-26.1' from 's3://####' to 'ssh://root@####'...
<nDuff>
Is there a way to remove something from scope? I'm accepting an argument I don't want accessible past the let block at the top of my function (think {bar}: let oldBar=bar; in with foo; doSomethingWith bar -- where I want the "bar" to be "foo.bar", not the top-level argument aliased to oldBar)
<Myrl-saki>
And I'm not sure what happened, but it seems pretty slow.
<Myrl-saki>
I'm guessing what's happening is that it's using my own computer as a proxy for the nix-copy-closure, which is a Bad Thing TM.
<gchristensen>
nDuff: you can just set bar in the inner scope
<clever>
Myrl-saki: you want to ssh into the remote machine, and then use a similar command, with local
<nDuff>
Hmm. Not quite as elegant as keeping the same access method everywhere (for foo.bar as all the other foo.* items), but it *does* work.
<Myrl-saki>
clever: I'm trying to find a way to patch Nixops without writing too much code.
<azazel>
nDuff: or you can move the code into a new file , that you import, filtering the arguments
<gchristensen>
or just a function
<Myrl-saki>
clever: That's why I'm experimenting with nix-copy-closure and --store.
<clever>
Myrl-saki: ah
<gchristensen>
ack, the function has the bar in scope :)
<{^_^}>
[nixpkgs] @kalbasit opened pull request #49884 → Nixpkgs neovim build with nodejs → https://git.io/fpUw8
<aminechikhaoui>
Myrl-saki: maybe you can use --use-substitutes/-s
<Myrl-saki>
aminechikhaoui: We already do!
<aminechikhaoui>
not sure if that will work but in theory if the target machine has access to the bucket and it's a in substituters in the config it should be able to pull it directly
<Myrl-saki>
aminechikhaoui: Actually, that's a good idea.
<clever>
aminechikhaoui: a common problem i run into, is that i have a custom binary cache, but on the first deploy, nix.conf doesnt contain it yet
<Myrl-saki>
aminechikhaoui: That's actually a really good idea.
<Myrl-saki>
aminechikhaoui: I mean, it's hacky, but it should theoretically work.
<aminechikhaoui>
clever: ah right, I think I've seen that also :/
<Myrl-saki>
aminechikhaoui: If I use nix-copy-closure -s --store FOO, and have FOO as a substituter in the remote machine, it should theoretically just download directly from FOO, without requiring anything on my local /nix/store.
<aminechikhaoui>
yeah I think so
<Myrl-saki>
clever: aminechikhaoui: One last question. Remote builders can be specified with an external file. Can the same thing be done with trusted-public-keys?
shabius has quit [Read error: Connection reset by peer]
shabius has joined #nixos
sg2002 has quit [Ping timeout: 252 seconds]
{^_^} has quit [Read error: Connection reset by peer]
{^_^} has joined #nixos
fractal has joined #nixos
sg2002 has joined #nixos
aleph- has joined #nixos
illegalprime has joined #nixos
<illegalprime>
I have a tough one, I'm trying to introduce nix at work to build our embedded images. Issue is that yocto calls out to /usr/bin/env (which is not managed by nix on non-nixos systems) and that causes a segfault with the linker when there are different glibc versions around. Can I intercept the call to /usr/bin/env and replace it with the nix variant? Or should I patch the yocto's source?
<clever>
illegalprime: patchShebangs will replace #!/usr/bin/env foo, with the path of foo from $PATH
stepcut has joined #nixos
mayhewluke has quit [Ping timeout: 246 seconds]
stepcut has quit [Remote host closed the connection]
mayhewluke has joined #nixos
m0rphism has joined #nixos
<illegalprime>
clever: woah! neat. to be clear this isn't a package I'm just keeping a git repo in the nix store. Does this mean, to apply the patch, I need to make a new derivation with the source as input and the patch as a build step?
<clever>
illegalprime: in postPatch phase, you can run that, to patch it every time nix runs on it
random_yanek has quit [Read error: Connection reset by peer]
<catern>
is there a way to enter a nix-shell, do unpackPhase, manually patch some things, and then run the rest of the build?
<srhb>
catern: You'll have to define "rest of the build" yourself, but yes, exactly thus.
<srhb>
(Well, minus inserting into the store)
<srhb>
catern: You may want to see the nixcon video on the topic for anything more advanced than that.
<rihardsk>
hi, i'm seeing something weird in nixpkgs haskell packages - currently there's no stm package. theres only stm_2_5_0_0 available despite stackage nightly having stm-2.4.5.0
<rihardsk>
is this a bug? shouldn't nix haskell packages contain all stackage packages?
<jonge>
hey there, i have a problem with my hydra... if a job configuration input value points to a git repository with submodules, it won't check it out correctly. i get "command `nix-prefetch-git /var/lib/hydra/scm/git/123...51924 125...6f1e7' failed with exit status 256". and that although i have the latest submodule-fixing patch from oct 3. any ideas?
<rihardsk>
this is a problem because jsaddle fails to build which has a dependency on stm >=2.1 && <2.5
<rihardsk>
i'll submit a bug on github, if that makes things easier. just wanted to know if i'm not misunderstanding anything on how nix haskell packages are built
<catern>
srhb: hmm, avoiding defining "rest of the build" myself is exactly what I want to avoid
<catern>
I'd rather be able to just do "unpackPhase", do some patching, then run "genericBuild"
Ariakenom has quit [Quit: Leaving]
<simpson>
catern: Then put it in your patch phase? The nix-shell phases-by-hand functionality is mostly useful for debugging a build, but I don't think it's meant to become a part of a regular workflow.
<catern>
debugging a build *is* a regular workflow :)
<catern>
when you package a lot...
<{^_^}>
[nixpkgs] @worldofpeace opened pull request #49889 → lollypop-portal: drop → https://git.io/fpUKB
<johnw>
i'm using this in an expression, but I can't find ccache mentioned anywhere in the 'clang' script: stdenv = overrideCC llvmPackages_7.stdenv ccacheWrapper;
Lisanna has joined #nixos
romanofskiWork has joined #nixos
rihardsk has quit [Quit: rihardsk]
sanscoeur has quit [Read error: Connection reset by peer]
sanscoeur has joined #nixos
_d0t has quit [Quit: Leaving]
__monty__ has quit [Quit: leaving]
Guanin has joined #nixos
<johnw>
hmm.. even using hiPrio, I can't get it to take priority over gcc-wrappe
<clever>
johnw: ccache likely wont help you any even if you can get it into the path, because it wont have access to any persistant cache dir
<johnw>
even with impure builds?
<johnw>
this is only needed for local development nix-build'ing
<johnw>
ccacheWrapper seems to only make 'cc' and 'gcc' wrapper scripts, not 'clang'
<clever>
johnw: if your on a multi-user nix install, then it will be running as a different user every time, and wont play nicely with a shared cache
genesis has quit [Remote host closed the connection]
<johnw>
we can build it single user
genesis has joined #nixos
<clever>
johnw: and $HOME is /homeless-shelter, so it will fail to write to $HOME/.ccache/
<johnw>
we can set the CCACHE_DIR
<johnw>
just assume I can fix those problems
<johnw>
my problem is getting Nix to wrap clang
<clever>
you may need to modify ccache to output a clang "binary"
<johnw>
ah, hmm
<aleph->
When setting up mpd what settings do you use to allow say ncmpcpp to interact with the mixer?
<aleph->
Been fiddling with it to no avail.
<infinisil>
Arghhh, everything I put in services.udev.packages doesn't get applied for some reason
stepcut has quit [Remote host closed the connection]
<infinisil>
Just a simple runCommand with ` echo 'KERNEL=="uinput", SUBSYSTEM=="misc", MODE="0666"' > $out/lib/udev/rules.d/60-test.rules` doesn't work either
<infinisil>
I can't find the resulting file in /run/current-system/sw/lib/udev/rules.d after rebuilding
<clever>
infinisil: is it in the runCommand output
<infinisil>
I'm just trying to debug this not working, `services.udev.packages = [ pkgs.steamPackages.steam ]` really doesn't work, and that's what I'm trying to figure out
<clever>
infinisil: i'm using an xbox one usb<->wireless receiver, and it shows up as a normal input device (evtest can use it), xorg also seems to treat it as an input, and it mostly follows focus in the window manager and just works
<{^_^}>
ValveSoftware/steam-for-linux#4794 (by smcv, 1 year ago, open): uaccess ACL not applied to /dev/uinput without OPTIONS+="static_node=uinput"
<clever>
infinisil: but oddly enough, steam claims i lack a controller, despite the ui responding to the controller!
<infinisil>
Well a steam controller is something more than just a controller to steam
<clever>
yeah
<infinisil>
Oh it doesn't even say you have any controller?
<infinisil>
Odd
<clever>
yep
<samueldr>
and controllers with some default X11 configs (at the time) would emulate enough of a mouse and keyboard to fool yourself into using it
<samueldr>
jstest/jstest-gtk, what do they say?
stepcut has quit [Remote host closed the connection]
<infinisil>
I'm thinking I might need to reboot to get the ACL's, because it might be used by something now so it can't change it?
<samueldr>
looks like we don't have jstest-gtk
<infinisil>
Because I've seen the ACL's before at some point
<samueldr>
infinisil: unplugged and replugged?
_d0t has joined #nixos
<samueldr>
oh right, uinput, duh
<infinisil>
No luck
<samueldr>
it won't be unplugged
<clever>
samueldr: rmmod
<infinisil>
rmmod what?
<clever>
*looks*
<infinisil>
There is hid_steam and hid
<infinisil>
And I need to blacklist those to be able to use the steam controller
<clever>
jgt: that happens if you run add as the wrong user, you usually only want channels on root
<samueldr>
but yeah, it all depends :)
<infinisil>
samueldr: There is already hardware.steam-hardware.enable :)
<infinisil>
But if this works (testing it now, the PR mentioned above should work)
<infinisil>
But if this works (testing it now), the PR mentioned above should work
<samueldr>
infinisil: I have a steam controller, can test
<samueldr>
did you test wired/wireless, I think there were differences when I set that up ages ago on another distro
<infinisil>
Seems to work \o/
<infinisil>
Only wired
civodul has quit [Quit: ERC (IRC client for Emacs 26.1)]
<clever>
infinisil: i believe uinput allows steam to fake input devices, and that could be used to trick evtest into thinking you have an xbox controller
jperras has quit [Ping timeout: 246 seconds]
stepcut has joined #nixos
_d0t has quit [Quit: Konversation terminated!]
stepcut has quit [Remote host closed the connection]
<clever>
infinisil: oh, ive been having a problem with steam lately
<infinisil>
Maybe a driver update could fix that for amd too
<clever>
ive also checked nix-channel a few times, but nixos-unstable hasnt gotten a fix yet
<clever>
/nix/store/k95jhvx43xsl287s07dd75r6pn6cjly1-mesa-noglu-18.2.1-drivers is where my gl stuff comes from
stepcut has joined #nixos
<clever>
infinisil: giving strace a spin...
<jgt>
is there a way to see which revision of nixpkgs contains a package at a specific version?
<mdash>
clever: oh good, it wasn't just me
<mdash>
jgt: git grep probably
<infinisil>
clever: mdash: Is there an issue for it?
<clever>
mdash: strace generated 900mb of log files!
<mdash>
clever: voluminous!
<clever>
infinisil: glXChooseVisual is mentioned in 3 issues on the steam-for-linux github
stepcut has quit [Remote host closed the connection]
<nDuff>
Is there a straightforward way to make attempted requests to cache.nixos.org trigger an error (with a stack trace)? I've tried overriding stdenv.mkDerivation and pkgs.runCommand to fold in {preferLocalBuild=true; allowSubstitutes=false;} when building proprietary bits to avoid leaking in the cache misses (while still using it when building unmodified upstream OSS components), but I'm seeing requests to the cache in the logs all the same; trying to figure
<nDuff>
out how to track down the means by which they're being triggered.
<clever>
nDuff: --option substituters ''
jperras has joined #nixos
<jgt>
mdash: I tried `git grep 'stack2nix-0.1.3.1'` in the nixpkgs repo and it finished with no results very quickly. How would you do this?
acarrico has joined #nixos
<clever>
nDuff: also, the only thing it leaks via a cache miss, is the hash of the derivation
<nDuff>
hash and the name
<clever>
nDuff: name is never sent to the cache
<nDuff>
oh? oh. Then that's a lot less need to worry.
<clever>
nDuff: /nix/store/k95jhvx43xsl287s07dd75r6pn6cjly1-mesa-noglu-18.2.1-drivers results in a request to cache.nixos.org/k95jhvx43xsl287s07dd75r6pn6cjly1.narinfo
<clever>
and if there is a cache-hit, the name will be in the narinfo
<clever>
the name is part of what is hashed as well
<{^_^}>
[nixpkgs] @magnetophon opened pull request #49891 → liquidsoap: make it find ladspa plugins → https://git.io/fpUyv
<clever>
nDuff: allowSubstitutes=false; is mainly to just speed things up, such as when your just going to echo a string to a file
<clever>
nDuff: similar for preferLocalBuild=true;, why copy 5gigs of deps to a build slave, when your just writing a string to a file?
maximiliantagher has quit [Remote host closed the connection]
<clever>
infinisil: i think steam was trying to load libGLX_indirect.so
<clever>
,locate libGLX_indirect.so
<{^_^}>
Couldn't find in any packages
<clever>
:S
aanderse has joined #nixos
<illegalprime>
how would I run the patchShebangs script in my own builder & derivation (since I don't need all the stages of stdenv)?
<clever>
illegalprime: stdenv.mkDerivation { buildCommand = "patchShebangs . ; make install"; name = "foo"; }
<clever>
illegalprime: you almost never want to use builder, that just makes things harder
<illegalprime>
clever: I don't have a makeflile or anything I just downloaded some scripts and want to store them in nix store with patched she-bangs
maximiliantagher has joined #nixos
<illegalprime>
but thanks for the tip on never doing a plain builder
stepcut has quit [Remote host closed the connection]
<mdash>
probably
sir_guy_carleton has quit [Quit: WeeChat 2.2]
<emily>
you can't so much with gnome 3, i don't think
<hexa->
yeah, it just boots into gnome
erictapen has joined #nixos
halfbit has quit [Ping timeout: 250 seconds]
romanofskiWork has quit [Ping timeout: 272 seconds]
<jasongrossman>
They've changed the architecture of gnome a couple of times; at the moment, I think you can use various gnome programs with i3 but not gnome-session.
nDuff has quit [Quit: zzz]
<jasongrossman>
You can set DesktopManager.gnome3.enable = true.
<jasongrossman>
ottidmes: Interesting. I haven't been able to make anything similar work with NixOS, but what you've linked to must work at least as a proof of concept.