<daniele->
i wonder why nixos decided to recompile the world…
<Glenn_S>
I'd like to lock a project to a specific (latest version of stable) version of NixOS. Is it a sensible thing to do to just use the most recent commit on the release-18.09 branch, and then manually update that on a regular (say, monthly) basis?
<dermetfan>
daniele-: For reproducible builds but you can also patch binaries
aleph- has joined #nixos
goibhniu has quit [Ping timeout: 240 seconds]
<Glenn_S>
Thanks, that's a useful link, and it looks like I am doing the right thing (although I shall swithc to fetchGit from fetchTarball). Thanks.
<infinisil>
Glenn_S: You'll want to use the nixos-18.09 branch on github.com/NixOS/nixpkgs-channels
<infinisil>
And note that every 6 months a new stable versions is released, which will end support for the previous stable
<srhb>
Glenn_S: fwiw fetchTarball and friends are usually quite a lot faster.
<Glenn_S>
srhb: I guess it's ok it it's slow the first time if it means people don't have to use the `nix-prefetch-url` command to lookup a hash.
<srhb>
Glenn_S: I never use that anyway. With recent nix versions the failed path will still be stored and registered.
<Glenn_S>
Even then it's an extra thing for people to understand and debug. I am in danger of being pushed back into Docker + Ubuntu + shell script hackery land, so I want to make Nix as easy as possible for my coworkers to use in order to head that off.
jhillyerd has quit [Quit: WeeChat 2.2]
rcshm has quit []
<srhb>
Glenn_S: Sounds good :)
endorphin has joined #nixos
<gchristensen>
jq's run-time closure is huge :o
<endorphin>
hi all
drakonis has quit [Quit: WeeChat 2.3]
<clever>
gchristensen: only 32mb on my end
hamishmack has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<daniele->
is anyone familiar woith the configuration of the nextcloud package?
<daniele->
i specified the postgres user and password in the configuration, but when i access the web app for the first time it asks for those again
<daniele->
ideas?
gh0l has quit [Quit: Konversation terminated!]
<clever>
WilliButz: 46
<clever>
oops
rpifan has quit [Remote host closed the connection]
drakonis has joined #nixos
freeman42x has joined #nixos
eadwu has quit [Quit: WeeChat 2.3]
fragamus has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
eadwu has joined #nixos
o1lo01ol1o has quit []
<{^_^}>
[nixpkgs] @andrew-d opened pull request #55156 → corretto8: init at 8.202.08.2 → https://git.io/fhSMD
revtintin has joined #nixos
o1lo01ol1o has joined #nixos
<{^_^}>
[nixpkgs] @delroth opened pull request #55157 → nixos/tests/postgresql: fix regression from #55106 → https://git.io/fhSMS
vk3wtf has quit [Ping timeout: 240 seconds]
sigmundv_ has quit [Ping timeout: 245 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
<rcshm>
hi, i am trying to update sudo nixos-rebuild switch --upgrade and i am getting this error: Failed to start local-fs.target: Unit -.mount is masked.
o1lo01ol1o has quit [Ping timeout: 250 seconds]
<rcshm>
not really sure if this is related to allocating new hd on gparted prior to this.
<rcshm>
now what should i do? thanks for your help.
<glesica>
hi everybody, i'm modifying a nix package to include a mac version, the package uses patchelf, will that work for a mac binary? i assume not since the mac uses mach binaries (right? maybe i'm wrong)
<endorphin>
answering my own question above, i think the error is because i am referencing pkgs.emacs inside the derivation for pkgs.emacs itself, which shouldn't be possible
<endorphin>
not sure what the best way to avoid this is, though
<lezed1>
I'm in the process of installing NixOS on a Raspberry Pi and it looks like llvm timed out while building on aarch64. Can that package be retried, or the build item limit increased? Building these packages on a rpi is awful
<daniele->
it seems some php library is not build correctly but i have no idea of where to start looking for the cause
<daniele->
and i’m not a php programmer
<clever>
daniele-: its more of a c level problem, not a php problem
freeman42x has quit [Ping timeout: 252 seconds]
<daniele->
clever: looks like so, but i have no idea why the module is not built correctly nor why php looks for a strange object with a .so.so extension
<jackdk>
lezed1: I do not know. Perhaps the people at #nixos-aarch64 may be able to help?
<clever>
daniele-: i only see a single .so on the ifles you pasted above
<clever>
daniele-: its common for extensions to try to add themself to the dir of the host app
<clever>
so if php was in /usr/local/bin, then the extensions go to /usr/local/lib/
<clever>
that breaks, when nixos requires that php be in /nix/store/hash-php, and the extension be in /nix/store/hash-extension
sicklorkin has quit [Ping timeout: 268 seconds]
<daniele->
i understand but all php extensions are defined in a very similar way, so either they are all broken or this specific one has a bug in the build scripts
<clever>
yeah, you would need to check the logs of others, and unpack the src for this one, to see
<daniele->
i don’t have a clue of how php extensions are built
<clever>
i would start by checking for a configure script
<daniele->
or maybe leave it to someone else
lassulus_ has joined #nixos
iqubic has quit [Remote host closed the connection]
lassulus has quit [Ping timeout: 250 seconds]
lassulus_ is now known as lassulus
fusion809 has quit [Quit: Leaving]
iqubic has joined #nixos
pie___ has joined #nixos
<pie___>
this seems strange?:
<pie___>
nix-repl> a.python35Packages.wxPython30
<pie___>
error: wxPython-3.0.2.0 not supported for interpreter python3.5m
<pie___>
ah sorry, a = import <nixpkgs> {}
<pie___>
oh it looks like wxpython just doesnt support python 3, i thought it did
<endorphin>
my first thought is to write a derivation that lists the desired packages as dependencies, but that's not equivalent to installing them all individually
rauno has quit [Ping timeout: 240 seconds]
o1lo01ol1o has joined #nixos
<Yaniel>
that is what many do AFAIK
<Yaniel>
mm in context it seems this would be a derivation that depends on $programs and overrides their config with your desired setup
o1lo01ol1o has quit [Ping timeout: 240 seconds]
<daniele->
has anyone installed nixos in a systemd-nspawn container?
<dramforever>
Hi! I'm trying to fix this fact in nixpkgs: pulseaudio-dlna depends on pythonPackages.zeroconf (python 2), but some time ago zeroconf was updated it no longer supports python 2, and therefore pulseaudio-dlna is broken
<colemickens>
Git embeds data into exported archives, this includes the ones exported from GitHub.
<colemickens>
I'd like to use fetchTarball but also be able to run `git get-tar-commit-id` with the raw tarball (it can be gunzip'd), is this possible? I guess I could use fetchUrl and then extract it myself or something
<clever>
colemickens: fetchzip is poorly named, and will just unzip (or untar) whatever you point it at
<clever>
oh, but you want the tar itself
jackdk has quit [Ping timeout: 250 seconds]
<colemickens>
yeah git embeds something into the tar metadata
<clever>
then it would need to be fetchurl, or a modified version of fetchzip
<colemickens>
ok
<clever>
have a look at the definition of fetchFromGitHub and fetchzip
lezed1 has quit [Quit: Connection closed for inactivity]
griff_ has joined #nixos
random_yanek has joined #nixos
simukis has quit [Quit: simukis]
iqubic` has joined #nixos
iqubic has quit [Ping timeout: 264 seconds]
vk3wtf has quit [Ping timeout: 240 seconds]
dejanr has joined #nixos
dramforever has quit [Quit: Leaving]
ddellacosta has quit [Ping timeout: 246 seconds]
rauno has joined #nixos
upsaday_ has quit [Remote host closed the connection]
<colemickens>
there we go, I got the full system toplevel build to be identical when using either a local nixpkgs checkout or a fetchTarball by setting nixos.version manually. neat :)
<sphalerite>
so I'm using the aarch64 community box as a remote builder, and started building something, and it's copying some paths there… extremely slowly
<{^_^}>
[nixpkgs] @MostAwesomeDude opened pull request #55182 → Unbreak many PyPy packages → https://git.io/fhSHY
<clever>
sphalerite: i cant remember the exact flag, but you can set something to make the remote machine use its own binary cache config
<clever>
then it will fetch what it can, rather then you uploading it all
<sphalerite>
as in, I run tcpdump and I see the individual packets trickling up, maybe 10 per second
<sphalerite>
oh yeah, forgot about that one. But most of the stuff it's uploading isn't in the binary cache nayway
<clever>
sphalerite: tcp window size? upload cap?
<sphalerite>
any ideas why it might be so slow?
<sphalerite>
tcp window size?
<clever>
it can upload one tcp-window per round-trip, so if the window is low
<sphalerite>
Not an upload cap
<clever>
tcpdump -v and/or wirehsark should show the window size
<dramforever>
Repost from 4h ago: Hi! I'm trying to fix this fact in nixpkgs: pulseaudio-dlna depends on pythonPackages.zeroconf (python 2), but some time ago zeroconf was updated it no longer supports python 2, and therefore pulseaudio-dlna is broken. I I have a wip pull request here https://github.com/NixOS/nixpkgs/pull/54880 .
<{^_^}>
#54880 (by dramforever, 5 days ago, open): pulseaudio-dlna: downgrade dep zeroconf to 0.19.1
<dramforever>
I'm wondering what would be the best way to do it
jasongrossman has quit [Quit: ERC (IRC client for Emacs 26.1)]
<sphalerite>
clever: 350
marcusr has joined #nixos
<dramforever>
Like, should we just downgrade it in pythonPackages? How do we handle the two versions of zeroconf in nixpkgs?
<sphalerite>
that seems small? I think?
<clever>
sphalerite: sounds like there is high packet loss to the builder, so linux has scaled the window size back, to throttle things
<dramforever>
(by dotlambda) Maybe use separate expression for Python 2 and 3, like if isPy3k then new else old?
<clever>
sphalerite: what does `ping builder -c 100` say at the end?
<sphalerite>
clever: hm, mtr doesn't report any packet loss
bpa has joined #nixos
<sphalerite>
yeah no packet loss on 100 pings, no erratic RTT either
nikola_i has quit [Ping timeout: 245 seconds]
<clever>
sphalerite: is it many short-lived tcp conns or one long-lived one?
<sphalerite>
clever: pc /dev/urandom | ssh lheckemann@aarch64.nixos.community 'cat >/dev/null' hovers at about 1MByte/s so it seems to be a nix issue
<sphalerite>
s/pc/pv/
<clever>
ah, it could be IO bottlenecks at either end
<clever>
what does `top` and `iostat -x 30` show, on both ends?
<teto>
sphalerite: the kernel caches some informations see tcp_save_metrics
<sphalerite>
teto: surely that won't affect a connection 12 hours later?
<{^_^}>
[nixpkgs] @shmish111 opened pull request #55188 → nixos/bazel-remote: init at 57a18163783d3d0cb199ad93bcc788c864ec4140 → https://git.io/fhSQv
<{^_^}>
[nixpkgs] @shmish111 closed pull request #54996 → add bazel-remote as a go package and a nixos module → https://git.io/fhymA
<teto>
sphalerite: not sure how long the cache lasts but if you had a poor wifi connection, it might later start with a smaller congestion window. But it should be replaced with better stats fast I believe, and the correct name is tcp_no_metrics_save (man tcp)
<sphalerite>
clever: so yeah the nix-copy-closure actually finished. Idk what's wrong with ssh-ng
<chross>
So NIXOS, EFI boot with default systemd-boot
<chross>
Yes, i use that package
<chross>
and I think that the boot.initrd.prepend is not respected by systemd-boot
<clever>
chross: grub also has efi support, so you could just ditch a bit of systemd
<dramforever>
chross you mean that there is still just one initrd to boot from?
<sphalerite>
chross: it's independent of the bootloader, the prepend option just makes it get included in the initrd
<sphalerite>
it's still a single initrd
<chross>
Yeah, I know i can switch over. I just wanted to bring it to attention. Without the intel-ucode.img almost everyone is vulnerable to spectre/meltdown
<teto>
gives you the value of $out within nix, without needing a shell
<Taneb>
lassulus: any major pitfalls with it? It looks a lot more approrpiate to my usecase than nixops but I haven't yet been able to experiment with it
reinhardt has quit [Ping timeout: 244 seconds]
<azazel>
teto: ah, nice, didn't know
<lassulus>
hmm, none I can think of. I don't know your usecase. For use the major factor was to have multiple parties deploy easily to multiple systems.
<Taneb>
srhb: is it getting confused because services.vmwareGuest is modifying pkgs?
<srhb>
Taneb: That was my first assumption, but it isn't in any obvious way
<srhb>
Maybe transiently through xserver, which I'm looking through now
Ariakenom has quit [Ping timeout: 250 seconds]
<srhb>
It's not xserver..
<srhb>
Or, hm, maybe, but not xserver config
<Taneb>
srhb: does it error with headless set to false, out of curiousity?
<srhb>
I didn't think so, but it does indeed!
<srhb>
enable = false as well
<srhb>
Maybe the red herring is bigger than I thought
<srhb>
:-)
krav1 has joined #nixos
<teto>
hum not sure I got the meaning of placeholder right, I have some code g:python3_host_prog='${placeholder "out"}/bin/nvim-python3'" which generates let g:python3_host_prog='/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9/bin/nvim-python3'
<teto>
was expecting a /nix/store path instead
reinhardt has joined #nixos
<clever>
teto: how does that string compare to $out?
<clever>
teto: and did you view it at nix or bash time?
<clever>
teto: ah, its only right when in an attr of the derivation
<clever>
but, runCommand puts it into the buildCommand attr ...
<clever>
the above magically prints /nix/store/f2y39wr94xbz0abxlcv9saqlaqzq72k8-name
Ariakenom has joined #nixos
<teto>
clever: I have let generatedVimrc = " ${placeholder "out"} " in mkDerivation { ... writeToFile generatedVimrc }; so that's normal it fails ?
<srhb>
Ok, found it.
<srhb>
amdgpu-pro.nix and ati.nix set nixpkgs.config.xorg.abiCompat, which induces the infinite loop on pkgs.
<{^_^}>
[nixpkgs] @guibou opened pull request #55196 → Introduce the primesieve package → https://git.io/fhS5J
Tucky has quit [Ping timeout: 272 seconds]
Tucky has joined #nixos
<srhb>
I feel like we must be introducing some accidental strictness somewhere for this to be a problem.
<srhb>
Surely lib shouldn't be affected even if part of the config attrset has been modified here..
agander__ has joined #nixos
inkbottle has joined #nixos
gagbo has joined #nixos
Tucky has quit [Ping timeout: 250 seconds]
<ejpcmac>
Hi! Is it normal that TMPDIR is set in Nix shells but not outside of them? I am facing issues with `emacsclient` due to this.
<ejpcmac>
Out of the box, `emacsclient` cannot work inside a Nix shell, since the server socket is created in `/tmp`.
o1lo01ol1o has joined #nixos
Tucky has joined #nixos
<ejpcmac>
So, to get it work, I have set `TMPDIR` to `/run/user/$UID`. But when doing that, `nixos-rebuild switch` complains that `/run/user/0` does not exist (so I must create it after each reboot).
<ejpcmac>
This is quite annoying.
<ejpcmac>
I could prefix my `emacsclient` aliases with `TMPDIR=/tmp`, but I do not feel comfortable with this hack.
<__monty__>
Would emacsclient even work, the daemon doesn't inherit any of the shell's variables so it wouldn't be able to find any of the things you put on the PATH.
<__monty__>
I think direnv is *a* solution?
Ariakenom has quit [Ping timeout: 268 seconds]
<__monty__>
I could be completely off base though.
<ejpcmac>
I do use direnv.
<ejpcmac>
The daemon is started via systemctl, so it uses the environment defined in `environment.variables`
o1lo01ol1o has quit [Ping timeout: 272 seconds]
<ejpcmac>
When I define `environment.variables.TMPDIR`, `emacsclient` and the emacs daemon both use the same TMPDIR
<ejpcmac>
So does `nixos-rebuild`
simukis has joined #nixos
<ejpcmac>
When using the default behaviour, the emacs daemon uses the default environment, in which `TMPDIR` is not definded (thus creating its socket under `/tmp`). `emacsclient` then works properly outside of a Nix shell, but not inside becauses it looks for the socket in `/run/user/$UID`.
dermetfan has joined #nixos
Tucky has quit [Ping timeout: 272 seconds]
<ejpcmac>
So, my main question was: is it intended that the `TMPDIR` is different inside and outside Nix shells? If so, why? If not, what should we do to have a consistent behaviour?
agander__ is now known as agander
<__monty__>
Pretty sure that's intended yes. Otherwise /tmp can corrupt your supposedly "reproducible" environment.
griff_ has joined #nixos
<__monty__>
Keep in mind that nix-shell's first and foremost supposed to provide a shell to make creating/testing nix expressions for packages easier.
<ejpcmac>
__monty__: Yep, I thought so initially, but since it is the same between all Nix shells, this seems not to be the case.
<chross-q>
Hello again, I was on this morning regarding an intel-ucode issue.
<chross-q>
I found that the microcode I need is included int the tgz downloaded from Intel as part of intel.nix
<chross-q>
but it is in a special folder, intel-ucode-with-caveats
<chross-q>
microcode here require to be late loaded instead of early loaded as described here:https://wiki.archlinux.org/index.php/microcode#Enabling_late_microcode_updates
<chross-q>
So to protect these processors from SpectreMeltdown there has to be a system-d job to reload the microcode during initialization. I'm not sure if this is an issue for NixOS as its an edge case
<chross-q>
but just FYI
hedning has quit [Quit: hedning]
<{^_^}>
[nixpkgs] @Shou opened pull request #55203 → openapi-generator-cli: init at 3.3.4 → https://git.io/fhSFI
reinhardt has quit [Ping timeout: 250 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
<__monty__>
chross-q: Systemd specifically or whatever init system? Also, protecting against exploits after boot doesn't sound very satisfying.
mmlb08 has quit [Quit: Ping timeout (120 seconds)]
<gchristensen>
chross-q: we do already support updating microcode
mmlb08 has joined #nixos
o1lo01ol1o has joined #nixos
<chross-q>
So the context of the issue is that I have activated all of the microcode update and it is behaving as expected in appending intel-ucode.img to the initrd
<chross-q>
and at initialization I see that the microcode updating service attempts to run
<chross-q>
but on my CPU, there was no update
<chross-q>
After some troubleshooting I found that for my specific CPU the intel.nix file does not package up the intel-ucode-with-caveats also contained within the .tgz from intel
<chross-q>
The reason for that is because my specific CPU can hang for early microcode loading as described by the Intel release notes
<chross-q>
Because of this, the only alternative is to create a late microcode initialization (i agree undesireable), but it is the only alternative
<chross-q>
for this family of CPU
<chross-q>
and when I say "microcode updating service" i mean the microcode kernel module that loads at early initialization
<symphorien>
you could add this config to nixos-hardware
<chross-q>
you mean enable a systemd service to perform the ucode reload?
<chross-q>
or that one already exists (that would be nice!)
<symphorien>
I mean, if you write the systemd service to late load the microcode, you could then make a PR to nixos-hardware
brejoc has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
<symphorien>
It seems unfit for nixpkgs (there is no way to know why a microcode file is named *with-caveat)
<symphorien>
but since nixos-hardware is designed for hardware specific quirks, this seems relevant
dkibi has joined #nixos
<chross-q>
Forgive me, I'm very new to nixos, but there already exists a nixpkgs/pkgs/os-specifc/linux/microcode/intel.nix
<chross-q>
Is that part of nixpkgs or the hardware you describe
<gchristensen>
yeah, it does seem like it should "just work"
<symphorien>
gchristensen: if I understand correctly, this microcode has a different naming scheme because if you treat it normally you can make the cpu hang
<chross-q>
Yep, symphorien, that is correct
<chross-q>
So wrong that the microcode doesnt update, but not wrong in not updating ;)
<chross-q>
its a special case, and it seems nixos-hardware may be appropriate as it would be a very different intel.nix
<chross-q>
may there could exist a intel-ucode.nix option to preload vs lateload
<chross-q>
but this would be the only CPU specific profile listed on nixos-hardware
<chross-q>
I'm back again. So late loading of firmware requires the firmware files to be in a specific path defined in the kernel config option EXTRA_FIRMWARE_DIR and it is default /lib/firmware
mmlb08 is now known as mmlb
<clever>
chross-q: typically, the kernel will execute a udev related binary (or write to a special pipe) to request that udev do the firmware loading
hedning has quit [Read error: Connection reset by peer]
<clever>
chross-q: nixos udev will then use /run/current-system/firmware/
hedning has joined #nixos
<chross-q>
aha, thanks. i will continue digging
<jophish>
What does this mean: modprobe: ERROR: could not insert 'crc32_arm_ce': No such device
<tobiasBora>
(I installed jre8 as asked by the program)
<tobiasBora>
and I run it with java -jar JFLAP7.1.jar
<clever>
tobiasBora: id say, get a backtrace first, so do `ulimit -c unlimited` like it said, then open the coredump in gdb
<tobiasBora>
clever: and then?
<clever>
tobiasBora: then we can look at the backtrace and see whats going on
<dckc>
I am once again considering production deployment of some nix packages and looking at the state of the art in managing vulnerabilities. Nexpose and spacewalk are typically used around here. Any similar experience to report using nix?
ryantrinkle has joined #nixos
<tobiasBora>
clever: so I typed "gdb JFAP7.1.jar /tmp/j/core"
<clever>
tobiasBora: the 1st arg to gdb needs to be the java binary, not the elf file
iqubic` has left #nixos ["ERC (IRC client for Emacs 26.1)"]
<tobiasBora>
something like that gdb $(which java) /tmp/j/core
<tobiasBora>
clever: so first I don't know if it's linked but I've an error "(java:10693): Gtk-WARNING **: 16:46:39.434: Impossible de trouver le moteur de thème dans module_path : « adwaita »
<tobiasBora>
which translates into "impossible to find the theme engine in module_path
<samueldr>
tobiasBora: your backtrace pretty much shows the gdk_pixbuf thing gdk-pixbuf-2.36.12 and gdk-pixbuf-2.38.0
<samueldr>
both on the trace
<tobiasBora>
clever: oh sorry I'm not very good at using strace. The new output does not contain png either: https://paste.debian.net/1065171/
<samueldr>
clever: be on the lookout, this is a recurring issue :(
<vikingman>
:(
<tobiasBora>
samueldr: and do I have any fix for that?
<clever>
samueldr: oh, i see it now
<clever>
tobiasBora: i'm guessing an env var or /run/current-system is being searched, to find modules for loading things like png
<samueldr>
wrapGAppsHook on everything using gdk_pixbuf, if we want to stay compatible with 2.36 systems on newer nixpkgs checkouts
<samueldr>
clever: that's exactly it
<clever>
tobiasBora: and thats technically an impurity, which causes gdk to load modules across versions
<samueldr>
the module is even ABI compatible
<samueldr>
but an internal *thing* between 2.36 and 2.38 changed and a field, whilc still technically ABI compatible, has a different meaning
<gchristensen>
10% through checking the reproducibility of the nixos minimal ISO, and the only things which have failed to reproduce are 3 perls and 1 gcc
<clever>
samueldr, tobiasBora: ahhh, so wrapGAppsHook has to be used, over a bash script thats ran `java -jar foo.jar`, to force the gdk its linking against, into also looking at matching versions of gdk png modules
<dckc>
hm. not quite my use case... that blog article uses nixos; my goal is just one nix package on top of SLES or RHEL or CentOS
<samueldr>
and a really short test on a few of the attributes show that it's generally right, either a direct crash or something further along the line
<tobiasBora>
clever: samueldr: hum I neved used wrapGAppsHook, it is something I should install?
<samueldr>
e.g. google-chrome from unstable on 18.09, you need to open something like an open/save dialog or the print dialog, which in turn would use a png
<clever>
samueldr: but only if your mixing nixpkgs revs? (nix-env + nixos, or nix-shell+nixos)?
<samueldr>
clever: right
<clever>
tobiasBora: its a bash function you run at nix-build time
<samueldr>
there needs to be the impurity, which dumps in the same class of bugs than the Qt issue with the plugin paths
<clever>
samueldr: so as long as the things in that list are installed via systemPackages, its not likely to be an issue
<samueldr>
no need to, just putting it into buildInputs automatically wraps IIRC
<clever>
ahh
<samueldr>
clever: unless you somehow use another channel in your systemPackages
<tobiasBora>
clever: samueldr: but this jar package is just something I run "manually" after downloading the jar online
<gchristensen>
clever: nix-build and then nix-build --check
<clever>
gchristensen: the build-repeat option makes nix build every single derivation N times, and fail if they are not bit-identical to eachother
<clever>
gchristensen: so it tests the entire closure for you, at every step
<clever>
if your feeling crazy, you could just throw it into your nix.conf, and leave it on :P
<gchristensen>
yeah
<clever>
youll never make a bad derivation again!
<samueldr>
tobiasBora: hmmm
<samueldr>
ah!
<gchristensen>
clever: I want it to succeed while knowing it isn't valid
<samueldr>
it might be java which needs it
<samueldr>
oh boy
<clever>
samueldr: ive seen this problem before, with java and python
<clever>
samueldr: libraries that java/python load, need special wrappers
dbmikus has quit [Quit: WeeChat 2.3]
<samueldr>
though in my case, a java app (dbeaver) is fixed when using wrapGAppsHook on the derivation
<samueldr>
so you might want to make a derivation for your jar
<tobiasBora>
clever: samueldr ahah looks funny but why not ^^
<dckc>
using nix on top of ubuntu or whatever works fine for dev tools and stuff, but for services, my mental model makes me think nixos is required. Does anyone see an alternative? For example, a way to use nix to deploy systemd units while most of systemd is handled by RHEL?
<gchristensen>
dckc: it *could* be done, but there is nothing that I know of ready to go
<{^_^}>
[nixpkgs] @benwaffle opened pull request #55211 → hub: update to 2.8.4 → https://git.io/fhSbH
<symphorien>
it somewhat fits the description of disnix
<dckc>
does it seem straightforward? I sort of have the nix language swapped in just now (it leaks out after a couple months of non-use)
<dckc>
ugh... "./configure; make ; make install" on each of the target machines.
<dckc>
ideally, a compiler wouldn't be needed on the target machine
hedning has joined #nixos
lfish has joined #nixos
iqubic has joined #nixos
<lfish>
Hello! By any chance does anyone have code for customizing the shell prompt so that it shows the directory from which nix-shell was called and/or the root git directory?
Makaveli7 has joined #nixos
<lfish>
(or a good resource for learning how to do it myself)
<dckc>
my bran is too tiny to grok disnix. Well, more to the point: it looks like too many moving parts to get through our security / regulatory regime.
<samrose>
If you create a custom nix package, does nix/nixos use the name of the file as the name of the package?
<dckc>
(too many new / different moving parts)
<gchristensen>
no, the name of the package is what you put in the `name` attribute
<samrose>
for instance, I have a custom package using 'buildGoPackage' where the 'name' is 'mypackage-${version}' however the package installs with 'mypackage'
<samrose>
*although* I have assigned it to a variable like `mypackage = callPackage ./modules/holoport-mypackage/mypackage.nix {};` in my overlay, and maybe *that* is where the name is getting picked up from
<gchristensen>
samrose: ah, yes, Nix doesn't actually use "names" for package resolution, that is a variable reference.
<samrose>
otherwise, I guess the name would be `mypackage-version`
<gchristensen>
samrose: you could do fizzle-foo = callPackage... and then refer to the variable fizzle-foo where you right now use mypackage, and it'd be the same
erasmas has joined #nixos
<samrose>
gchristensen: that solves the riddle
<samrose>
thank you
<gchristensen>
yep :)
<gchristensen>
this trips people up -- people are used to magic behind their package resolution
<samrose>
I totally forgot about adding this var
Makaveli7 has joined #nixos
<samrose>
so far, adding my custom packages in overlay, and then turning them on and off in modules works really well for both building and running ISO, and autoupgrading previous releases on the same channel
rauno has joined #nixos
rauno has quit [Remote host closed the connection]
iqubic has quit [Remote host closed the connection]
<dckc>
this is my situation: "because mainstream distros like RHEL have third party tools available to verify that instances meet standards such as CIS. NixOS might be a great design, but that isn't going to matter to $InfoSecDepartment when they lack the ability to audit." -- https://news.ycombinator.com/item?id=12250947
<tobiasBora>
gchristensen: I tried but it says "unpacker appears to have produced no directories"
<tobiasBora>
should I just create a dirty and empty directoty?
<gchristensen>
so, fetchurl isn't unpacking
<gchristensen>
sorry -- I have to finish lunch quickly
<symphorien>
tobiasBora: what if you override the whole unpackPhase ?
<tobiasBora>
so I guess cp $src $out/share/java/jflap.jar is enough
<matthewbauer[m]>
dckc: you could try running lynis on your systems
reinhardt has joined #nixos
<matthewbauer[m]>
I think NixOS passes most of those kinds of tests (a few more are configurable)
<tobiasBora>
symphorien: hum, looks better
<immae>
tobiasBora: you can specify the phases, here you’re only interested in installPhase (correct me if I’m wrong), so you can add phases="installPhase" and forget about the unpackCmd
<dckc>
so... I ran vulnix on a package I built this past week, and a whole pile of CVEs are showing up; about a dozen on binutils-2.30.
<ottidmes>
tobiasBora: in that case you could also just use buildCommand
<andi->
I just started looking at the "CIS Benchmark" for Debian 9.. If you must stick to those bulletpoints there NixOS will be no fun.. Not because NixOS is bad but the benchmark seems to be stupid with some of their requirements. They require you to run crond for abitrary reasons.
<tobiasBora>
ottidmes: interesting
<tobiasBora>
ok thanks, the derivation finished without errors!
<tobiasBora>
clever: samueldr : however it does not fix the issue we mentionned before
<dckc>
so... if #47122 is closed, why is vulnix still reporting a vulnerability? Help me build a mental model of the workflow? What state am I in? Did I neglect to apply a patch somehow?
__Sander__ has quit [Quit: Konversation terminated!]
<dckc>
deemed... did anybody leave an audit trail that vulnix could be taught to follow?
<immae>
tobiasBora: is the logfile content quoted in the message helpful?
alex`` has joined #nixos
<immae>
(also, does it work if you run it in a jvm outside of nix? I don’t know much about java, but how does it handle missing libraries, or different versions incompatible with the jar file?)
<tobiasBora>
immae: not to me, maybe for you ;) clever and samueldr was saying that it could be linked with gtk and problems with environment that loads two different versions
<tobiasBora>
and they were mentionning things linked with wrapGAppsHook
<tobiasBora>
but not sure I used it appropriately
<ottidmes>
tobiasBora: it does not crash for me
<ottidmes>
tobiasBora: doesn't show anything either, is it supposed to launch some GUI?
<andi->
dckc: just because vulnix (or whatever tool) reports an issue does not mean that it can and must be fixed. There are things that simply are not feasible to fix. It is fun to look at https://security-tracker.debian.org/tracker/source-package/binutils where they decided to a majority of things to ignore it and others are just fixed because there was a major version bump in a newer releaes channel :-)
<tobiasBora>
ottidmes: it's the first time I used this program, but I guess it's supposed to launch a gui yes
<ottidmes>
tobiasBora: when I launch it I see something appear and dissappear real quick, so guess that is the window
<samueldr>
tobiasBora: [citation needed] using buildCommand removes any magic done in phases
<ottidmes>
samueldr: tried that just now, same problem
gagbo has joined #nixos
gagbo has quit [Client Quit]
<tobiasBora>
samueldr: thanks!... but still the same error :(
<samueldr>
ottidmes: the issue only happens if you have mixed gdk_pixbuf 2.36/2.38 AFAIUI
<immae>
tobiasBora: you have a buildDependency on wrapGAppsHook but as far as I see it has no consequence on the output, did you maybe forget something in the mkWrapper?
<dkibi>
andi-: huh wrong name completion? I think miss context for this
<tobiasBora>
immae: samueldr sayed it was part of the magic
<andi->
dkibi: sorry, meant dckc
<tobiasBora>
maybe nativeBuildInputs/buildInputs?
<samueldr>
immae: wrapGAppsHook hooks into the build and it does affect the build
<ottidmes>
samueldr: ah, so its unrelated to the GUI not showing up, but should fix the issue tobiasBora is having with his segfault?
<dkibi>
andi-: np
<samueldr>
ottidmes: possibly
<immae>
samueldr: I don’t see where it appears, do you have a hint?
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fhSND
<immae>
the wrapper doesn’t mention it, and the jar file is the original downloaded one
nikola_i has quit [Remote host closed the connection]
<samueldr>
wrapGAppsHook doesn't know it has to wrap gdk_pixbuf otherwise
<tobiasBora>
amazing!
<tobiasBora>
it works :D
<samueldr>
it's possible there are better ways, but I was able to reproduce the segfault without wrapGappsHook, with wrapGAppsHook (without gdk_pixbuf) had the segfault, then adding gdk_pixbuf works
<tobiasBora>
that's perfect!
<samueldr>
I'm guessing (total guess) that if gdk_pixbuf had been propagated by whatever built with it, it would have picked it up
<tobiasBora>
but I don't get it, I thought you had no segfault before
nikola_i has joined #nixos
lfish has quit [Quit: Page closed]
<tobiasBora>
just a question, nixpkgs does not accept derivations made from jar instead of sources?
<samueldr>
tobiasBora: I was accidentally building against 18.09
<clever>
tobiasBora: ive seen a few jar based packages
maximiliantagher has quit [Ping timeout: 244 seconds]
<samueldr>
tobiasBora: for it to fail it has to go against an upgraded gdk_pixbuf compared to what would be found using their plugins infra
<samueldr>
tobiasBora: prefer building it, but sometimes it's waaaay hard
<{^_^}>
[nixpkgs] @peti pushed 5 commits to haskell-updates: https://git.io/fhSNp
johanot has quit [Quit: WeeChat 2.2]
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fhSNh
ensyde has quit [Quit: Leaving]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « all-cabal-hashes: update to Hackage at 2019-02-04T16:43:55Z »: https://git.io/fhSNj
<{^_^}>
[nixpkgs] @peti merged pull request #55208 → ghc: use system `libffi` → https://git.io/fhSFy
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fhSAJ
<tobiasBora>
samueldr: clever ok thanks, I may give it a try at some point, if not I may propose this ;) Thanks very much for your help
<tobiasBora>
Just one more question
<tobiasBora>
is this gdk_pixbuf bug supposed to be solved at some point, or it's just impossible to solve it?
<tobiasBora>
(I mean without modifying all exising packages)
<samueldr>
the only way to safely fix it without adding the wrapper everywhere would be to *somehow* ensure it never loads the mismatched version plugins, which might only be fixable by patching the thing that loads it (might be outside of gdk_pixbuf) and would mean managing a patch
nikola_i has quit [Ping timeout: 244 seconds]
<samueldr>
and it looks like it's not the direction nixpkgs wants to go
<samueldr>
(understandably, managing patches that intrusive is hard)
blumenkranz has joined #nixos
ddellacosta has joined #nixos
<blumenkranz>
Hello. Do you happen to know why is tor-browser-bundle-bin recommended over tor-browser-bundle?
<samueldr>
one could argue "fix 2.36 with the same internal changes" which has been reported to work on the issue; but doing this would break older 2.36 with the fixed 2.36
sigmundv_ has quit [Ping timeout: 250 seconds]
<buckley310>
blumenkranz, I am guessing the reason is that if your goal is anonymity, it helps if you are using the same binary as everyone else. It reduces the possibility of fingerprinting
<gchristensen>
I have a nixos system where services don't really come up, and I can never log in. I restarted with systemd.unit=rescue.target and then got to the rescue terminal and ran `systemctl default` and it booted fine ... any thoughts?
maximiliantagher has quit [Ping timeout: 240 seconds]
<blumenkranz>
buckley310: I imagined so. I guess I will go with the tor-browser-bundle anyway, since I am just looking to access onion sites without reconfiguring my Firefox.
goodwill has quit [Quit: ...]
<tobiasBora>
samueldr: ok thank you
reinhardt has quit [Ping timeout: 268 seconds]
cswl has joined #nixos
<cswl>
I just installed nix on my arch.. and I have no idea what I'm doing :O
<Mic92>
flokli: this is problematic because the nss modules in /run/nss-modules might be incompatible with the current glibc used in a program.
dermetfan has quit [Ping timeout: 240 seconds]
<Mic92>
flokli: btw. does nscd supports systemd sockets?
<Mic92>
*socket activaiton
<buckley310>
I would imagine btrfs would have very little impact on the speed of copying paths
<flokli>
Mic92: It's a file socket
<Mic92>
flokli: it is a unix socket. This is support by systemd
<flokli>
That's a valid point, but I'm not sure if the other issues are more problematic
<symphorien>
systemd socket activation has high latency, so if timeouts are problematic it might be best to avoid it
<flokli>
Wrt socket activation, if I understood it correctly, the timeout problem is more about waiting too long for a reply from nscd, as it might reach out to link-local DNS or whatnot, than a broken nscd
<clever>
symphorien: but socket activation also has 2 modes, one where systemd will accept() each connection, and fork out one child per connection
<clever>
symphorien: and a 2nd,where systemd will fork out a single daemon, and pass it the listening socket
<symphorien>
on the first connection you will still have high latency
<clever>
nix-daemon.socket uses the 2nd mode, so nix-daemon doesnt start until first use, but then remains running, for lower latency
<flokli>
It's not about a broken nscd, but a nscd taking long time to answer
<clever>
sshd has an option to use the 1st mode, so ssh is fully stopped once you DC
<flokli>
And then glibc thinking "screw it, I'll try it on my own"
<dckc>
andi-, sure, vulnix turns up some false-positive CVEs... but am I supposed to judge each and every one for myself? Is there not an audit trail where someone else made a judgement?
gagbo has joined #nixos
teehemka_ has joined #nixos
xkapastel has joined #nixos
<dckc>
I wish the Vulnerability roundup tickets linked to some page describing the process.
<andi->
dckc: not entirely on your own.. The whole thing isn't really where it should be IMO. It takes someone to (finish) implement(ing) it...
maximiliantagher has joined #nixos
<dckc>
I was involved in the conversation when some of these processes were set up, but I haven't paid attention for some time and I'm struggling to get swapped back in
<andi->
the patch issue (at least the one I remember) doesn't really apply when used within nixpkgs (with sandbox enabled). It ofc is a valid concnern when using `patch` manually. zip is debatable. Read the details on that issue.
<andi->
not saying that is true for all of them.. I am not familiar with the binutils issue internals right now
<dckc>
ah... backporting is still part of the discussion "Each ticket is intended to track updating, patching and backporting of that specific package independently." -- discourse stuff
rauno has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @worldofpeace pushed commit from @r-ryantm to master « python37Packages.rasterio: 1.0.13 -> 1.0.15 »: https://git.io/fhSxP
<dckc>
well... I _think_ that's what it is... though the only clue is "whitelist". Ideally I'd find some notes about _why_ a CVE was whitelisted...
maximiliantagher has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @thefloweringash opened pull request #55224 → nixos/prometheus: use append instead of insert for opening firewalls → https://git.io/fhSxM
maximiliantagher has joined #nixos
<andi->
dckc: I had a draft for that some time ago.. Haven't had the time & motivation to work on it again.. If you have ideas on how WE should do that let me know. I'd love to get into that again - once I find more motivation.
<dckc>
a draft of which?
<dckc>
re motivation: what are the major in-person events related to nix? I think I saw videos from a whole event devoted to nix not too long ago.
<dckc>
I see (glowing) reports here and there of production use of nix... it's a little hard for me to believe that none of these people have security patch SLAs they have to adhere to.
<dckc>
I guess one such report did mention applying "lots of patches on our own"
<andi->
dckc: draft of how to store that information / classification / judgement / "audit trail".
maximiliantagher has quit [Remote host closed the connection]
<andi->
I also have some tooling around continously checking for issues but that is of little use before there is a proper (accepted) way to classify issues IMO.
<simpson>
dckc: It's kind of an open secret that many corporate environments blatantly flaunt those requirements. Not sure how that affects Nix users specifically. (And yeah, IIRC you have much higher requirements here than most folks!)
<dckc>
safeguarding ~200M patient records. yeah.
<dckc>
(and satisfying requirements from Medicare and such e.g. NIST-800-53...)
<Unode>
dckc: thanks the last one is more along the lines of what I'm after
maximiliantagher has joined #nixos
ddellacosta has quit [Quit: WeeChat 2.2]
<freusque>
is there a way to nix-shell into a store derivation's environment?
<freusque>
I'm specifically looking to build a nix-shell environment on one machine, copy-closure it to a remote machine and nix-shell into it from there.
<gchristensen>
nix-shell /path/to/the.drv
realrokka has joined #nixos
<rain1>
I made a container with lxd but i haven't been able to get networking in it, i have a bridge device and the virtual eth interface appears when I start the container but im kinda lost beyond that
dermetfan has joined #nixos
<freusque>
gchristensen: thanks - one more thing, how to find that .drv? I only have the path to the result when doing nix-build -A <my package name>.env
<mdash>
rain1: interesting. what motivated piking lxd instead of nixos-container?
<mdash>
c
<rain1>
I didn't know about nixos-container
<mdash>
rain1: i only recently used it, it's fairly nice
kumikumi has joined #nixos
<kumikumi>
I'm trying to run a game server for the game Starbound, but something strange is going on. Bash can't apparently find the game executable even though it clearly exists, is readable and bash autocompletes to it, and also steam-run is not helping. Here's my bash output: https://gist.github.com/kumikumi/01c83d280b3801577a404f08c13134d9 Any ideas?
<Alling>
Hello! If I want a certain shell script to always exist at a specific location (/home/build) on my server, how would I go about describing that in my config file?
<Alling>
I can create it manually of course, but I would like it so that it is automatically created if I reinstall NixOS.
<kumikumi>
Alling: not sure if this is close to answering your question, but have you considered home-manager?
<Alling>
kumikumi: I haven't. I checked it out now and it looks somewhat overkill and complicated for this task.
<buckley310>
its fairly easy to make sure your file is always available in /run/current-system/sw/share/
<Alling>
buckley310: It doesn't need to be that exact location, but it has to be a location I know and where I can do git clone and npm install every night.
<Alling>
I.e. automatically using cron.
<buckley310>
so you need a writable directory, that will always have this script inside of it?
<Alling>
buckley310: I guess so, yeah.
rauno has joined #nixos
<Alling>
cransom: Looks promising, I'll give it a try!
dermetfan has quit [Ping timeout: 246 seconds]
<kumikumi>
Also worth considering is that there may be a more nixos-like way of achieving what you're doing. I don't know what your use case is but maybe you could define [whatever it is you're cloning from github] as a nix package
<Alling>
kumikumi: Yes, that's certainly worth thinking about. What I really want to do is to provide a nightly build of the develop branch of a repo I manage.
<Alling>
The built file must then be copied to /var/www/...
<cransom>
Alling: that's probably better then as a systemd task on a timer, unless you fetch that branch nightly via your nixos configuration.
ThatDocsLady has quit [Ping timeout: 240 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
<Alling>
I could probably put the entire script (~10 lines) directly into the cronjob.
teehemka_ is now known as teehemkay[away]
o1lo01ol1o has joined #nixos
<Alling>
cransom: The script is basically rm -rf repo; git clone https://.../repo; cd repo; npm install; npm run build; cd ..; rm -rf repo
<buckley310>
does the script operate based on its current directory, or based on the path in which the script resides? because you can just put the script in $PATH using nix and then not worry about it
<cransom>
I'd suggest, unless you need specific cron functionality, to go with a systemd task. it's already built in and has some niceties you can't get in cron.
<Alling>
And I must also find out a way to copy the resulting file to /var/www.
<buckley310>
yeah if the script is just a list of commands, just name it something distinct, put it in $PATH, and call it like any other command
<Alling>
buckley310: But then I would have to modify my PATH somehow in configuration.nix.
<Alling>
cransom: One reason to prefer cron would be that I have managed to get it to work. I have no idea how to create a systemd task.
_kwstas has joined #nixos
<buckley310>
not really. if you declare an expression inside of systempackages and the derivation has a bin/ folder, nix will take care of $PATH for you
<gchristensen>
can a non-trusted user set --cores ?
<Alling>
buckley310: Hm, I think you might be assuming greater Nix skills than I actually have.
agander has joined #nixos
<freusque>
is there a way to access the /share directories of buildInputs when using nix-shell?
<Alling>
I basically just want to run a sequence of shell commands every night in a writable directory and copy the results to another directory. It works fine today but I had to create the script and directory manually.
<buckley310>
Ill see if i can come up with a quick example
<cransom>
Alling: https://nixos.org/nixos/options.html#systemd.services+startat . It really is better than cron. You can pass in the depends of the script (git/curl/etc) whereas cron can't do that unless you are doing nix-shell stuff.
<cransom>
but cron will also work.
agander_ has joined #nixos
agander has quit [Killed (rajaniemi.freenode.net (Nickname regained by services))]
agander_ is now known as agander
_kwstas has quit [Ping timeout: 268 seconds]
<ottidmes>
Alling: I use systemd timers with a corresponding service to run stuff at specified times, like certain backups
<Alling>
cransom: Problem is I don't know how to set it up, and I don't have too much time to spare.
teehemkay[away] has quit [Quit: ZZZzzz…]
<Alling>
I have never been able to make services work, but I did get cron to work.
realrokka has quit [Ping timeout: 250 seconds]
EffSquared has joined #nixos
<EffSquared>
Good evening.
<ottidmes>
Alling: never managed to get a systemd service working? if you were able to, this is what I used for backup service: https://gist.github.com/ottidmes/750de075d81ddb7165901e58d41afc66 so backup.service is a normal systemd service, and the bit pasted there is the timer that starts it at the specified time
<EffSquared>
Does anybody know where config.pulseaudio inside all-packages.nix is defined?
<EffSquared>
I am not talking about config.hardware.pulseaudio
<buckley310>
if you update the SRC to point to your script, or just include the script itself, and call this expression from systemPackages, your script will be added to your $PATH as my_script
realrokka has joined #nixos
<ottidmes>
EffSquared: its not, AFAIK Nixpkgs config is defined outside the NixOS module system and thus there will be no option defining it, if you meant that
<kumikumi>
In case my message got buried, I'll ask again. I was trying to run a game server and kind of hit a brick wall. Can anyone take look at this? Ever seen anything like this? What is even going on? https://gist.github.com/kumikumi/01c83d280b3801577a404f08c13134d9
bbarker has joined #nixos
<ottidmes>
EffSquared: regarding your second question, I just answered that, see the link I gave to the manual, it should be described in that chapter
<EffSquared>
kumikumi: You will have to fix up the binaries for nixos.
<buckley310>
(how to embed the script in the nix file)
<EffSquared>
kumikumi: patchelf can help you with that. There are some examples on the web, often in the context of using debs on NixOS
<Alling>
buckley310: Cool, thanks!
<kumikumi>
EffSquared: alright that explains it, thanks. Maybe I'll find another way (some kind of virtualization maybe)
_kwstas has joined #nixos
<ottidmes>
EffSquared: I am not aware of any documentation that has an exhaustive list of the available options, but most of them are explained in the same chapter I linked, although pulseaudio does not seem among them. In practice I only ever needed allowUnfree and overlays myself
<EffSquared>
kumikumi: It is not to hard to do, if you install it with a nix expression, there is even an autopatch hook for it, that does it all for you.
<kumikumi>
okay I'll take a look :)
realrokka has quit [Ping timeout: 246 seconds]
<EffSquared>
ottidmes: Ok, thanks. So you are saying that enabling pulseaudio on NixOS is not enough. I will also have to enable pulseaudio in the nixpkgs config to build with pulseaudio support by default, but it is undocumented.
<EffSquared>
ottidmes: Build packages that support it with pulseaudio support by default, I meant
<kumikumi>
ottidmes: You rock! Thanks man
_kwstas has quit [Client Quit]
<ottidmes>
EffSquared: I guess that if you want pulseaudio support outside of NixOS (i.e. nix-env), then you have to set pulseaudio = true via your Nixpkgs config.nix file, I have that at least
<EffSquared>
ottidmes: The whole concept still seems weird to me. There seems to be configs for cudaSupport, slock, wine, ghostscript, storeDirs, etc.
<ottidmes>
infinisil: break? no, it would remove the need for that particular workaround, so I welcome it
<EffSquared>
ottdimes: And only a few of them are documented, and none of the are inferred from NixOS config variables, but they have to be set seperatly.
<infinisil>
ottidmes: Wait, what is that hack useful for anyways?
<ottidmes>
infinisil: why even call it a "hack" using that word for just a normal thing, does not do the word justice, that is if you mean: environment.variables.NIXPKGS_CONFIG = mkForce (toString cfg.nixpkgsConfig);
<EffSquared>
ottidmes: Thanks for your help, btw.
bpa has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @volth opened pull request #55229 → perlPackages.GeoIP2: init at 2.006001 → https://git.io/fhShw
<infinisil>
ottidmes: Okay wait, why does just `sessionVariables.NIXPKGS_CONFIG = toString cfg.nixpkgsConfig` not work?
<ottidmes>
EffSquared: no problem, I found it confusing as well (still is, sometimes), but the reason for this divide is clear, namely that Nix has to work outside NixOS as well
tilpner has joined #nixos
ikitat has joined #nixos
ikitat has quit [Remote host closed the connection]
<ottidmes>
infinisil: its been years since I wrote that, but from what I remembered, using the command line non-interactively (or was it login shells, cannot remember exactly) caused it to use the old nixpkgs config location
ikitat has joined #nixos
<ottidmes>
infinisil: and like I said, some of it is not necessary and just overkill to just make sure everything everywhere is set the same
<infinisil>
Understandable
<infinisil>
These `variables*` options could be a bit better done probably
ikitat has quit [Remote host closed the connection]
<infinisil>
The implementation i mean
<infinisil>
Possibly
<ottidmes>
infinisil: just like the shell init stuff, I dislike how it is right now
ikitat has joined #nixos
<infinisil>
Ohh the shell init stuff is really bad
<ottidmes>
infinisil: I have to write my own workarounds on top of the current options to make them behave like I expect
<ottidmes>
but still make sure I don't break other modules in the progress, bah!
<infinisil>
Yeah..
<tilpner>
Hey, any Hetzner users around? Did anyone get that weird JNLP KVM viewer working?
<ikitat>
What's the most common/easy approach to pointing a package at a newer version of package source while waiting for that newer version to land in unstable? For example, odpic is currently at 2.4.2 but pythonPackages.cx_oracle currently depends on odpic-3.1.0 and the build breaks.
<EffSquared>
tilpner: You mean the rescue console?
<ikitat>
It's being held up because haskellPackages has a dependency on odpic that breaks when it's upgraded to 3.1.0
<tilpner>
EffSquared: Kind of, but not for Hetzner Cloud
<tilpner>
(Were you talking about Hetzner Cloud?)
<aminechikhaoui>
tilpner I think you can set the console in the settings to HTML5, so you don't have to use the Java console
<EffSquared>
tilpner: Yes, for a dedicated machine. Did you maybe run out off time?
<ottidmes>
ikitat: managing your own nixpkgs checkout or overlays, of those two I think overlays are the most popular to handle the case of having a version bump until its ready
<aminechikhaoui>
(for servers that have iDRAC at least)
<tilpner>
aminechikhaoui: I looked through the settings last time, I don't think any of them were accessible :/
<tilpner>
EffSquared: Yes, I asked for 3 hours, and I gave up last time after 30 minutes of trying
<ottidmes>
ikitat: I do that for any package I make a PR for, I make it first as an overlay, and then copy it over to a nixpkgs checkout to make a PR, that way I can already start using it immediately
<ikitat>
ottidmes: is there an approach for managing overlays in my shell.nix, or should it just be under ~/.config/nixpkgs
<EffSquared>
tilpner: Last time I used it, it just worked™.
<tilpner>
aminechikhaoui: That would require a Dell server, right? I don't have one
<tilpner>
EffSquared: Did it require you to download a file, that you then started with icedtea javaws to get the viewer?
<ottidmes>
ikitat: there are many ways to get the overlay in, I manage them through my configuration.nix, but if you want them only local to a shell.nix, you can just use: import <nixpkgs> { overlays = [ (self: super: ...) ]; }, or you can also use one of the standard locations as defined in the manual, which it defaults to if you do not specify it explicitly as I just did now, i.e. import <nixpkgs> { }; will default to
<ottidmes>
the logic in impure.nix that checks for those file locations
<EffSquared>
tilpner: Yes, it did. Now that think about it, I might have done that on Ubuntu though... sorry.
<ikitat>
ottidmes: thank you
<tilpner>
EffSquared: I'm actually desperate enough that I might boot up an Ubuntu VM/livestick for that
<tilpner>
Good to hear that it works somewhere at least
<ottidmes>
ikitat: personally I have defined a module in which I have an option wherein I define my overlay files, which I then symlink to a directory and I set nixpkgs-overlays in NIX_PATH to that directory, which is as you can see in the logic I just linked, is one of the first things it checks: https://gist.github.com/msteen/a696f198694c0053390a0bae096c4f58#file-system-nix-L46-L51
xkapastel has quit [Quit: Connection closed for inactivity]
<EffSquared>
tilpner: Just imagine, Cisco forces you use similar Java utils to manage all their ASA firewalls.
<tilpner>
Please don't make me, this is enough broken JNLP for today :/
<EffSquared>
tilpner: A quick grep throug nixpkgs shows that there is a config setting for firefox to enable java: config.firefox.icedtea
<EffSquared>
Maybe try adding that to your nixpkgs config first
o1lo01ol1o has quit [Remote host closed the connection]
<EffSquared>
tilpner: (or config.firefox.jre for the Oracle implementation)
<tilpner>
I'll try something like that, thanks
cswl has quit [Quit: Connection closed for inactivity]
WilliButz has quit [Read error: Connection reset by peer]
<tilpner>
EffSquared: Firefox just offers to download spider.jnlp, it doesn't do anything with it
sputny[m] has joined #nixos
<tilpner>
And all the settings are forbidden, so no switching to html5
o1lo01ol1o has joined #nixos
maximiliantagher has quit [Remote host closed the connection]
maximiliantagher has joined #nixos
<ottidmes>
makes me remember needing to run some Oracle application in freaking Netscape to get it working properly, that was the only way to get it stable, so we just ran it in Netscape in a VM
<gchristensen>
I used to have a windows laptop running winxp just so I could use idrac back in the day
<ottidmes>
gchristensen: I still have such a laptop laying around just in case I need to run some old stuff, its a really old laptop with old connections like those insertion cards to add functionality and a floppy drive
<hodapp>
I have a craptop with 32-bit NixOS on it, though probably years old by now
<hodapp>
new enough for CardBus at least, though I've only a few cards for that
maximiliantagher has quit [Ping timeout: 268 seconds]
dermetfan has joined #nixos
<EffSquared>
gchristensen: Alcatel will make you do that stuff too. Unless you buy some overpriced update it will only works under a certain JVM version from the dinosaur age.
<gchristensen>
yeah......
agander has quit [Quit: Leaving]
troydm has joined #nixos
<EffSquared>
tilpner: If you packaged firefox with some form of JVM, it should show up in the extensions list. As a result you should be able to run jnlp in your browser.
srghma has joined #nixos
<EffSquared>
tilpner: I also remeber that you could open the jnlp with icedtea directly without a browser, at least the Cisco ASA crap.
upsaday_ has joined #nixos
<tilpner>
EffSquared: That's what I tried last time: bin/javaws -jnlp ./spider.jnlp -nosecurity
<tilpner>
And it starts, but then it fails to connect
<EffSquared>
tilpner: That, or might be the mimetype mapping, There are some useful resources online, can not find the one I used, but something like this: https://stuffivelearned.org/doku.php?id=apps:firefox:jnlpfix
srghma has quit [Quit: Page closed]
<tilpner>
Ubuntu finally finished installing, so I'll try it there to rule out any nixpkgs bugs
<EffSquared>
tilpner: Hetzner might also pass some args to the jnlp, so maybe also check the html code for arguments to pass to javaws
<Henson>
if I want to run a command contained in a derivation in a pure environment, should I use nix-shell with the "--command" flag, or is there a more proper way to do that? Once deploying a derivation, I want to make sure when it runs on various systems its operation is not influenced by the various settings of the machine on which it's running. nix-env would be easiest, but that would expose the...
<EffSquared>
tilpner: Classic. :-D Good luck with the rescue.
<Henson>
program to whatever environment variables were in the shell that runs the command from the profile.
<tilpner>
EffSquared: I should have seen this coming, my ISP likes to block things it shouldn't have any business blocking. Thanks for your help! :)
<sphalerite>
Henson: for hardcore mode, env -i it ;)
<Henson>
sphalerite: that's a good suggestion.
<sphalerite>
Henson: that still doesn't prevent side effects like programs determining HOME from /etc/passwd lacking a $HOME envvar or otherwise reading/writing files.
<sphalerite>
Henson: nix-shell --pure still preserves a few impure envvars
<Henson>
sphalerite: yes, that's not a problem. I just want a reproducible execution environment.
<sphalerite>
Henson: for a really really pure environment, you could use namespacing to make a completely clean-slate filesystem. But it depends on how much effort you want to go to.
<sphalerite>
Or build a docker image and run it in the runtime of your choice, which is basically that but without reinventing the wheel.
ikitat has quit [Ping timeout: 250 seconds]
<Henson>
sphalerite: I don't think I need to go to that extreme. I'm going to be starting some commands from an init script, and want any successes or failures in the execution of the software to be due to how the software is actually built and written, and not because of environment variable or LD_CONFIG differences between systems.
<sphalerite>
yeah that sounds fair
peacememories has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
dejanr has joined #nixos
<EffSquared>
tiplner: Sure, no problem. Always learn something too. ;-)
_kwstas has quit [Quit: _kwstas]
elgoosy has quit [Remote host closed the connection]
drakonis has joined #nixos
EffSquared has quit [Quit: Leaving]
tilpner has quit [Quit: WeeChat 2.3]
<{^_^}>
[nixpkgs] @svanderburg pushed to master « xcodeenv: enable Xcode 10.1 support »: https://git.io/fh9eP
upsaday_ has quit [Remote host closed the connection]
upsaday_ has joined #nixos
dejanr has quit [Ping timeout: 246 seconds]
eadwu has quit [Quit: WeeChat 2.3]
<tobiasBora>
Hello,
eadwu has joined #nixos
<tobiasBora>
There is one thing that is retaining me to move my main laptop to nixos is that I'm affraid at some point to find a program that I cannot run on nixos at all even if I've a binary because of the way nix deals with libraries.
<tobiasBora>
So I'd like to know, is there a way to "simulate" for a given process a "usual distribution"?
<tobiasBora>
an*
<tobiasBora>
so that in order to run my binary I can just untar and exec the file?
<symphorien>
there is buildFHSUserEnv
<simpson>
Sure, there's the FHS user environment, for packages like Steam that really can't be modified.
<symphorien>
that's the basis of steamrun
<simpson>
But those sorts of binaries are blessedly rare.
<tobiasBora>
amazing
<tobiasBora>
you guys have solution to everything :-)
<tobiasBora>
I can also compile "manually" libraries using this trick?
<tobiasBora>
well
upsaday_ has quit [Remote host closed the connection]
<simpson>
Why would you want to?
upsaday_ has joined #nixos
<infinisil>
tobiasBora: If you really find such a program (and you need it), feel free to open an issue for it in nixpkgs asking for it getting packaged
<tobiasBora>
well I guess what I'm talking about is in fact nix-shell
<{^_^}>
[nixpkgs] @svanderburg pushed to master « titaniumenv: fix broken function header »: https://git.io/fh9vI
<tobiasBora>
infinisil: ok thanks. Actually I used to have a problem with sagemath at some point. Now it's kind of fixed (actually I still need a trick to use the good token because jupyter is loaded with the wrong token by default)
<tobiasBora>
but I'm affraid to find another problem like that later on. But thank you very much!
<tobiasBora>
Also if I have, say, a .deb package (imagine that I downloaded the latest teamviewer and that I need it quite quickly, and that for some reason I have no access to the tarball), can I load a "lightweight debian-like environment" to install the deb? Or my best try is to manually extract the .deb and plug it into buildFHSUserEnv? Or to use docker/virtualisation?
<symphorien>
depends on the .deb
<symphorien>
the only thing I had problems with because of nixos is printer drivers
<symphorien>
installing a printer driver .deb in a vm or container won't help :)
<tobiasBora>
symphorien: hum, so what is your solution?
<infinisil>
Everything should get packaged with Nix, because Nix works flawlessly on other Distros, whereas other distros PMs mostly don't work at all on NixOS (or any other distro really)
<infinisil>
Ideally
<simpson>
tobiasBora: That sounds like three variations on whether you can avoid learning how to debug NixOS when it doesn't do what you want.
<symphorien>
usually patchelf and libredirect can solve most driver related problems
<tobiasBora>
infinisil: that's the point, I know that ideally != reality. Especially when I'm in a hurry :P
<simpson>
tobiasBora: To look at things another way: Suppose that you're on Debian and you need the latest teamviewer but it's only available as a tarball without a debian/ directory. What would you do? Is that a question about Debian's abilities or about your desires?
<symphorien>
*most printer driver
<simpson>
tobiasBora: Why should software change its behavior merely because you're in a hurry?
<{^_^}>
[nixpkgs] @worldofpeace pushed commit from @r-ryantm to master « notejot: 1.5.3 -> 1.5.4 »: https://git.io/fh9vo
<tobiasBora>
Well I'm not blaming nixos for anything, it's an amazing OS, really, and I love it. Like functionnal programming. But sometimes, "clean solutions" require time, and often knowledge, and I know that usually when I need a new tool I'm in a hurry. Like, I'm talking to someone, I need to update (or why not downgrade) my teamviewer in 10mn so that my collegue don't run away, I want to know if I have a
<tobiasBora>
dirty-but-easy solution to fix things quickly, even if later on I can spend more time to write it properly in nix's spirit. It's a bit like in haskell: usually a pure fonction cannot write on the stdin. But to debug, I *love* printing stuff, so I'm happy to be able to "hack" temporary the purity with some debug tools (that should not even exist in theory).
vk3wtf has joined #nixos
<simpson>
Sure, bringing new technology to the workplace is usually a frictionful event.
<tobiasBora>
And to give a more practical example, 5 hours ago I had an issue with a .jar that was not working as intended, and if samueldr and clever was not here to help me, I would have some troubles for tomorrow... So without them I'd have loved to have a dirty-but-easy solution ;)
<simpson>
Understandable. Nix is not really about those.
<{^_^}>
[nixpkgs] @worldofpeace pushed commit from @r-ryantm to master « gnome3.orca: 3.30.1 -> 3.30.2 »: https://git.io/fh9vy
<tobiasBora>
simpson: well nix have lot's of great solution, and I'm just trying to explore ;-) Actually buildFHSUserEnv may be part of the answer.
<bbarker>
I'm attempting to use vsftpd, and I guess this is my first time trying to use a module; how do I import and enable it (located at nixpkgs/nixos/modules/services/networking/vsftpd.nix)? `services.networking.vsftpd.enable = true;` is not sufficient
orivej has joined #nixos
<buckley310>
I do online CTFs fairly frequently, so I always keep something like this around for when I need to run an unmodified binary. just `nix-shell [filename].nix` and then raw binaries just work. http://ix.io/1A3V
<buckley310>
though of course your milage may varry depending on how picky the software in question is...
<infinisil>
tobiasBora: Yeah, buildFHSUserEnv works often, but it's not a panacea
<infinisil>
tobiasBora: There are some little tricks here and there to get around the purity
<infinisil>
Like, turning off the sandbox, using forbidden builtins
jackdk has joined #nixos
xkapastel has joined #nixos
<infinisil>
Oh, and some other forbidden stuff, like, dare I say it, a writable /nix/store (pls don't do this)
<simpson>
I feel like it's not worth speculating without a particular problem package in mind.
<infinisil>
Maybe, but they asked for nasty escape hooks, and there are indeed some, which might work
<bbarker>
a more general question regarding my above question: the appendix cleared it up, i should be using services.vsftpd.enable (omit the networking)
<tobiasBora>
ahah thanks! Not sure what you mean by forbidden builtins though ^^
<buckley310>
now i am curious in what situations a writable nix store would be useful xD
<gchristensen>
good for nothing
<gchristensen>
good for breaking your tools
<infinisil>
buckley310: There's lots of packages that think it's alright to store their data where they're installed..
<ottidmes>
infinisil: the writable store, I guess that is all or nothing, not on a per package basis?
iqubic` has left #nixos ["ERC (IRC client for Emacs 26.1)"]
<gchristensen>
all or nothing
<infinisil>
Yeah
<infinisil>
Really, it shouldn't even be considered an option
<simpson>
infinisil: So why do you consider it an option?
<infinisil>
A writable store will void any support from me lol
<infinisil>
simpson: I guess I don't really, but they asked for dirty things :P
<infinisil>
bbarker: Gonna take a look..
drakonis has quit [Quit: WeeChat 2.3]
<bbarker>
infinisil, oh sorry, i'm an idiot - i solved it mid question and forgot to edit it rephrase as an answer, not a question
<infinisil>
bbarker: It's `services.vsftpd.enable = true;`, it's probably best to look at the options from either `man configuration.nix` or https://nixos.org/nixos/options.html
<bbarker>
yeah ... and thanks
<infinisil>
Ah, you did mention services.vsftpd.enable already sorry
<bbarker>
incidentally, is there a standard ftp client of sorts in nixos?
<bbarker>
i feel like I'm traveling to the past
<simpson>
I don't know what's popular with the kids. Classic tools like ncftp are available, as well as some others that I don't recognize. Which client were you hoping for?
simukis has quit [Quit: simukis]
<infinisil>
bbarker: Try the one in inetutils
<bbarker>
Someone from astronomy suggested lftp as it allows parallel streams and chunking up of files, which seems to be in nixpkgs
<infinisil>
I see
doyougnu has quit [Ping timeout: 245 seconds]
<infinisil>
Hmm, what's the modern day ftp though?
<infinisil>
Ah, sftp
<bbarker>
i typically just use sftp yeah
<gchristensen>
depends on the use case
<bbarker>
but, i guess some folks with large amounts of data (and some folks behind the times) use ftp
<gchristensen>
a previous place used netcat a lot to send a big file to multiple destinations at once
<gchristensen>
there is evidently a proprietary tool which uses udp and streams data much faster than other protocols
<bbarker>
it seems like i heard google was trying to create an alternative to TCP that does this for the web
<infinisil>
gchristensen: But like, with guarantees that it actually arrived?
<gchristensen>
yea
<bbarker>
i'm sure it will be great if Google replaces the TCP protocol with their own stack they control ...
<infinisil>
Ah, that QUIC thing maybe
<bbarker>
oh right
<gchristensen>
I'm not talking about QUIC, but yeah
<{^_^}>
[nixpkgs] @veprbl pushed commit from @r-ryantm to master « pythia: 8.235 -> 8.240 »: https://git.io/fh9fH
tdbgamer has joined #nixos
<Unode>
__monty__: not quite. ndn is more like transparent proxy
garbas has joined #nixos
{^_^} has quit [Remote host closed the connection]
iqubic has joined #nixos
{^_^} has joined #nixos
<Unode>
there's some interesting videos from netflix explaining how they use an NDN-like solution to distribute their content without bringing the entire internet to its knees.
<iqubic>
So some steam games just don't want to run on nixos.
<Unode>
iqubic: to be expected, some don't run even on Ubuntu :P
<iqubic>
Right. I have a game that runs on Ubuntu, but fails on Nixos.
<Unode>
run steam from the console so you get maximum debug info
<iqubic>
Trying to get `SpaceChem' to run is a big pain.
<Unode>
other than that, it's possibly a missing library
<iqubic>
Unode: I have been doing that.
garbas has quit [Client Quit]
<iqubic>
Unode: It is.
ryantrinkle has quit [Ping timeout: 268 seconds]
<Unode>
I have space chem as well, let me check
garbas has joined #nixos
<iqubic>
I think I need the 32 bit version of Mono.
<iqubic>
Either that or I need the 64 bit version. Something about Mono.
<Unode>
iqubic: yup it's mono alright
<iqubic>
Alright.. So how can I fix this?
<Unode>
just tried it and fails as well. I also get: System.DllNotFoundException: libnative.so
<iqubic>
Yeah. libnative.so is a library written for this game and is incuded in the download.