<{^_^}>
[nixpkgs] @xzfc opened pull request #60399 → waifu2x-converter-cpp: init at 5.2.4 → https://git.io/fjGgt
nD5Xjz has quit [Ping timeout: 258 seconds]
qubasa_ has joined #nixos
Qubasa has quit [Ping timeout: 244 seconds]
nD5Xjz has joined #nixos
shibboleth has quit [Quit: shibboleth]
pingveno[m] has joined #nixos
Guanin has quit [Quit: Leaving]
aszlig has quit [Quit: Kerneling down for reboot NOW.]
<ivan>
hmm, any idea why hydra always gives me 'Bad username or password.' for my admin user created with `hydra-create-user admin --full-name 'admin' --email-address "admin@localhost" --password admin --role admin`?
aszlig has joined #nixos
<Gopal[m]>
Thanks!
<infinisil>
ivan: I dunno, but admin is a pretty bad password, so maybe that's why :P
<ivan>
infinisil: I tried better passwords first
Supersonic has quit [Disconnected by services]
Supersonic112 has joined #nixos
Supersonic112 is now known as Supersonic
<{^_^}>
[nixpkgs] @romildo opened pull request #60401 → mate.mate-control-center: look up keyboard shortcuts in system data dirs → https://git.io/fjGg4
polman has joined #nixos
gyroninja_ has quit [Read error: Connection reset by peer]
o1lo01ol1o has quit [Remote host closed the connection]
<{^_^}>
[nixos-homepage] @domenkozar pushed to mobile-improvements « Mobile friendliness »: https://git.io/fjG2G
<{^_^}>
[nixos-homepage] @domenkozar opened pull request #273 → Mobile friendliness → https://git.io/fjG2Z
justanotheruser has quit [Quit: WeeChat 2.4]
parsnip0 has joined #nixos
polman has joined #nixos
ggpeti has joined #nixos
<iqubic>
Why is Pavucontrol so confusing to use?
tmaekawa has quit [Quit: tmaekawa]
justanotheruser has joined #nixos
polman has quit [Ping timeout: 245 seconds]
stepcut has quit [Remote host closed the connection]
<ivan>
do you actually need pulseaudio?
stepcut has joined #nixos
ggpeti has quit [Ping timeout: 268 seconds]
rooke has quit [Ping timeout: 246 seconds]
ddellacosta has quit [Ping timeout: 245 seconds]
stepcut has quit [Ping timeout: 246 seconds]
MichaelRaskin has quit [Ping timeout: 245 seconds]
o1lo01ol1o has joined #nixos
<ivan>
qyliss: yeah, the same thing just happened to my Rust application
<ivan>
I wonder what your PEBKAC was?
o1lo01ol1o has quit [Ping timeout: 246 seconds]
sakalli has quit [Remote host closed the connection]
ggpeti has joined #nixos
tboston_ has joined #nixos
<ghostyy>
i actually rather like pulseaudio, or at least, i find it more useful than alsa
<ghostyy>
i use a lot of containers and i can get sound in my container by just bind mounting the pulseaudio session directory
polman has joined #nixos
<{^_^}>
[nixpkgs] @strager closed pull request #57220 → folly: build and run tests → https://git.io/fhhMX
polman has quit [Ping timeout: 245 seconds]
rauno has joined #nixos
polman has joined #nixos
<iqubic>
Is there a way to restart the pulse audio daemon?
Rusty1 has quit [Quit: Konversation terminated!]
tboston_ has quit [Ping timeout: 245 seconds]
Jetien has joined #nixos
<ghostyy>
pulseaudio -k or systemctl restart pulseaudio
<{^_^}>
[nixos-homepage] @follower opened pull request #274 → Clarify supported Mac OS X versions → https://git.io/fjG2i
<ghostyy>
the latter if you use a system-wide pulseaudio configuration, the former if you dont
Jetien has quit [Ping timeout: 250 seconds]
shabius has joined #nixos
shabius_ has quit [Ping timeout: 258 seconds]
wfranzini has quit [Remote host closed the connection]
jasongrossman has joined #nixos
justanotheruser has quit [Ping timeout: 246 seconds]
<ivan>
I have a configuration repo and a nixpkgs repo, can I make hydra do a new build if either repo changes, or do I need to use submodules / reference a nixpkgs commit in configuration?
marusich has joined #nixos
<ivan>
I guess this might just work if I have two input repos?
<{^_^}>
[nixpkgs] @jonringer opened pull request #60405 → vscode-extensions.formulahendry.auto-close-tag: init at 0.5.6 → https://git.io/fjG2h
cfricke has joined #nixos
anpryl has joined #nixos
Myhlamaeus has quit [Ping timeout: 258 seconds]
<{^_^}>
[nixos-homepage] @domenkozar merged pull request #274 → Clarify supported Mac OS X versions → https://git.io/fjG2i
<{^_^}>
[nixos-homepage] @domenkozar pushed commit from @follower to master « Clarify supported Mac OS X versions (#274) »: https://git.io/fjGat
lstanley has joined #nixos
<{^_^}>
[nix] @domenkozar merged pull request #2750 → docs: Mention `--max-jobs 0` to build remotely only → https://git.io/fjkgI
<{^_^}>
[nixpkgs] @JohnAZoidberg opened pull request #60406 → treewide: Remove usage of isNull → https://git.io/fjGan
palo has quit [Ping timeout: 250 seconds]
palo1 is now known as palo
rauno has quit [Ping timeout: 240 seconds]
anpryl has quit [Ping timeout: 258 seconds]
rprije has quit [Remote host closed the connection]
rprije has joined #nixos
justanotheruser has joined #nixos
drakonis has quit [Quit: WeeChat 2.4]
domogled has joined #nixos
justanotheruser has quit [Ping timeout: 255 seconds]
Jetien has joined #nixos
<ivan>
does anyone have an example of using Hydra to build system configurations (and all packages config depends on)? I've been using morpher, not sure exactly what Hydra needs to build the same things
<ivan>
I did the simplest thing that is apparently wrong because it builds one package for one machine
<iqubic>
So, is there a way to run a series of pactl commands at boot time?
<iqubic>
Like "pactl load-module module-null-sink sink_name=Virtual1" and things similar to that?
<srhb>
iqubic: Do you mean something more specific than a systemd unit?
<ivan>
srhb: yeah, morph, sorry, I called my user 'morpher' and got confused
<iqubic>
I know that default.pa is a thing, and I'm wondering if that's what I should use instead.
<srhb>
ivan: Take a look at morphs data directory. It hasa something I think is called eval-machines.nix which is basically the same as nixops' eval-machines.nix
<srhb>
ivan: And, in turn, is similar to nixos' eval-machine
<srhb>
ivan: Your best bet is probably to look at the morph sourcecode to find the invocation of nix build / nix-build that uses the options.nix and eval-machines.nix files
<ivan>
thanks
<srhb>
ivan: That will essentially point you at the expression your hydra will need to also build :)
<ivan>
ok
<srhb>
ivan: fwiw johanot and adamt (the morph authors) will probably be online a bit later EU time and you can ask them yourself :-)
<srhb>
For some reason they still don't have IRC bouncers set up...
<iqubic>
I wish there was some convient guide to using PulseAudio from the command line, and not needing to worry about pavucontrol.
<ivan>
I guess you know pacmd
__monty__ has joined #nixos
<iqubic>
I don't actuall.
<iqubic>
The main way that I've ever interacted with PulseAudio is through pavucontrol.
linarcx has joined #nixos
<iqubic>
Also, why does Firefox like to weird things with PulseAudio? Firefox randomly changes the settings that I have set with Pavucontrol.
brejoc has joined #nixos
brejoc has quit [Remote host closed the connection]
<srhb>
iqubic: You're on 19.03?
<iqubic>
I think so. How do I check?
<srhb>
nixos-version
<iqubic>
Nope.
<srhb>
iqubic: What, then?
<iqubic>
Still on 19.03
<srhb>
iqubic: ... So, yes :D
<iqubic>
No.
<iqubic>
I typed the wrong thing.
<iqubic>
I'm still on 18.09
<srhb>
iqubic: Then I would guess its flat-volumes
<iqubic>
I should update my machine.
<srhb>
Which we default out of from 19.03 and onwards
<iqubic>
Yeah, that it.
<srhb>
That setting is crazy and will eventually ruin your hearing.
<iqubic>
srhb: This upgrade is going to take a while.
<iqubic>
Because of that I've decided to keep chatting while the upgrade happens in the background.
<iqubic>
I'll be rebooting after I finish the upgrade.
<immae>
The upgrade is (almost) atomic anyway isn’t it? The actual upgrade only happens at the last step, before that nothing happens outside of the store
<immae>
so you can continue using your tools safely until it says he is running the activation scripts
ggpeti has quit [Ping timeout: 246 seconds]
wfranzini has joined #nixos
Jetien has quit [Ping timeout: 244 seconds]
ggpeti has joined #nixos
ferriswheel has quit [Remote host closed the connection]
rauno has joined #nixos
ferriswheel has joined #nixos
<iqubic>
What the bloody hell?
<iqubic>
My update just failed claiming there was no space left on the disc.
hio has quit []
hio has joined #nixos
<immae>
well, I guess the error speaks by itself
ggpeti has quit [Ping timeout: 258 seconds]
demaio has joined #nixos
linarcx has quit [Ping timeout: 250 seconds]
Tucky has joined #nixos
civodul has joined #nixos
linarcx has joined #nixos
jackdk has quit [Ping timeout: 258 seconds]
linarcx has quit [Client Quit]
linarcx has joined #nixos
cfricke has quit [Quit: WeeChat 2.4]
Jetien has joined #nixos
<{^_^}>
[nixpkgs] @peterhoeg opened pull request #60407 → emacs: do not capture build environment details for a reproducible build → https://git.io/fjGaj
<{^_^}>
[nixpkgs] @schmittlauch opened pull request #60408 → [soundkonverter] init at 3.0.1 → https://git.io/fjGVR
<AlexRice[m]>
I'll create an issue in a bit with all the information I think
linarcx has quit [Quit: WeeChat 2.4]
ardumont has quit [Ping timeout: 245 seconds]
<pbb>
Hi, can anyone explain to me how the wireguard routing works on NixOS when I have a default route over wireguard? There is no table 51820 or any additional rule as there is with the wg-quick script.
linarcx has joined #nixos
fendor has joined #nixos
<iqubic>
How long does a channel update usually take?
ardumont has joined #nixos
ferriswheel has quit [Quit: Leaving]
<AlexRice[m]>
ivan: nm I'm an idiot, my boot partition wasn't mounted
<ivan>
haha
<ivan>
pbb: whoever put wireguard into nixos didn't implement that part
<Taneb>
Is there a way to query required system features for a derivation and its ancestry?
iqubic has quit [Ping timeout: 256 seconds]
jasongrossman has quit [Ping timeout: 246 seconds]
iqubic has joined #nixos
<iqubic>
Well, I finally updated my system
miniBill has joined #nixos
<iqubic>
I'm now running on the 5.0.9 kernel.
<miniBill>
I've got some legacy webapps (LAN-only fortunately) that need php5 to run and will not work with php7. I tried searching but it looks like packages for php5 were removed from nixpkgs, any clues on how to manage it?
<iqubic>
srhb: And firefox is still screwing with my PulseAudio settings.
jasongro` has quit [Quit: ERC (IRC client for Emacs 26.2)]
<nh2>
sphalerite: so looks like my issue was completely unrelated from the `systemctl exec` issue in the end!
<srhb>
iqubic: If you're on 19.03 it's not flat-volumes at least, unless you overridde the default somehow. No idea in that case.
<iqubic>
I don't override the setting.
<sphalerite>
nh2++ nice work!
<{^_^}>
nh2's karma got increased to 8
<iqubic>
In fact, I'm specifically not changing it. I was setting the flat-volumes in my configuration.nix, but I removed that line when I updated my system.
dminuoso has joined #nixos
<dminuoso>
Is there some configuration to enable the pc speaker for bell ringing?
orivej has joined #nixos
linarcx has quit [Quit: WeeChat 2.4]
linarcx has joined #nixos
jasongrossman has joined #nixos
amir has quit [Quit: No Ping reply in 180 seconds.]
<{^_^}>
[nixpkgs] @Ma27 pushed commit from @BenBals to master « GeoGebra: 472 -> 535 (#60272) »: https://git.io/fjGrV
parsnip0 is now known as parsnip
johanot has quit [Ping timeout: 245 seconds]
johanot has joined #nixos
fendor has quit [Quit: Leaving]
nD5Xjz has quit [Ping timeout: 245 seconds]
nD5Xjz has joined #nixos
<nh2>
how should I symlink a binary under `current-system/sw` with a custom name, e.g. `myprog-nh2`?
<tilpner>
nh2: Anything you put into systemPackages will show up in current-system/sw/bin
<nh2>
tilpner: yes, but for that I already need to have something like `mypackage/bin/myprog-nh2 -> /nix/store/actual-package/myprog`, right? I'm wondering what the cleanest way to just make a `bin/` symlink is, so I can put it into systemPackages
<tilpner>
One option if you want to do more than redirect: writeShellScriptBin "myprog-nh2" "${hello}/bin/hello"
<tilpner>
Something like this if you just want a symlink: runCommand "myprog-nh2" {} ''mkdir -p $out/bin; ln -s ${hello}/bin/hello $out/bin/myprog-nh2''
<nh2>
tilpner: yea, I currently have something like that that also uses `exec` and `$@`, but I'd like to get rid of the bash. I had hoped there might already be some simple wrapper around it, but if there's none, I'll implement it as you just showed with the second line, thank you!
<tilpner>
There might be, I haven't checked
Copenhagen_Bram has quit [Read error: Connection reset by peer]
domogled has quit [Quit: domogled]
mmlb39 has joined #nixos
mmlb3 has quit [Ping timeout: 245 seconds]
ThatDocsLady has joined #nixos
ayerhart has quit [Read error: Connection reset by peer]
Athas_ is now known as Athas
nD5Xjz has quit [Ping timeout: 276 seconds]
nD5Xjz has joined #nixos
ayerhart has joined #nixos
orivej has quit [Ping timeout: 245 seconds]
<klntsky>
How to deal with ` hGetContents: invalid argument (invalid byte sequence)` in Haskell, given that I can't modify the code calling 'readFile'?
kisik21 has joined #nixos
Copenhagen_Bram has joined #nixos
<kisik21>
ok, any way to use Qt apps on Wayland natively in NixOS?
<kisik21>
They seem to require a plugin that isn't present in Nixpkgs
<kisik21>
at least I can't find it...
<nh2>
klntsky: what's the reason you can't modify it? Using `readFile` and `hGetContents` is almost always incorrect, and it should be fixed
mmlb394 has joined #nixos
<dminuoso>
klntsky: Presumably someone is using `text` and expecting UTF-8 encoded content.
Havvy has quit [Ping timeout: 245 seconds]
mmlb39 has quit [Ping timeout: 245 seconds]
Havvy has joined #nixos
mvnetbiz_ has quit [Remote host closed the connection]
mvnetbiz_ has joined #nixos
<infinisil>
klntsky: If you're using stack, nix: pure: false should do it
<genesis>
does exist some small text with logo that we can uniformly put on website to explain non-nixos poeple they can use nix to install the software ?
mmlb3949 has joined #nixos
<genesis>
to promote nix/nixos
mmlb394 has quit [Ping timeout: 255 seconds]
<pie_>
whats lib.systems?
linarcx has quit [Ping timeout: 250 seconds]
<pie_>
^ matthewbauer, ?
<pie_>
also is there a library function somewhere for mapping over a directory?
linarcx has joined #nixos
<miniBill>
I've got some legacy webapps (LAN-only fortunately) that need php5 to run and will not work with php7. I tried searching but it looks like packages for php5 were removed from nixpkgs, any clues on how to manage it?
<nh2>
genesis: you mean like the texts next to the logo on e.g. https://nixos.org/nix/ ?
<pie_>
miniBill, you could try getting th ephp5 package from an older nixpkgs version
<nh2>
miniBill: yeah, reviving the older version and maintaining it in an overlay might be an option for you (I know nothing about PHP in nixpkgs btw, just my general intuation)
<pie_>
and by getting it from an older version i mean you can do the nixpkgs pinning style thing
cfricke has joined #nixos
<genesis>
nh2 : yes could use that with a nix logo, i guess
<genesis>
nh2 ; added nix command to install the software
rprije has quit [Ping timeout: 246 seconds]
ThatDocsLady has quit [Ping timeout: 250 seconds]
<nh2>
genesis: ah, or do you mean something like a button "install with nix", like those TravisCI / CircleCI badges many github repos have?
<genesis>
yes
<nh2>
genesis: I haven't seen such a thing before, but maybe you want to make one and publish it on the nixos-artwork repo. It has SVG logos: v
<genesis>
nh2 : could be fine to have it with package name parameter yes
<immae>
Hello there! I would like to use a different version of linux packages (the latest one rather than the one fixed in 19.03), is it safe to just put boot.kernelPackages = pkgs.linuxPackages_latest, or is there some more things to change at other places? (note: I have boot.initrd.availableKernelModules and boot.kernelModules set by nixops, but they are strings)
Jetien has joined #nixos
fendor has joined #nixos
<nh2>
immae: sounds right to me. `_latest` is currently 5.0 in 19.03, do you want that? Given that you use nixops, you could deploy a machine to test it
<immae>
nh2: yes, I want 5.0 (or latest is fine, more generally). However I just tried to build it and it complains about modinfo not finding modules, but those modules are modules from my local machine, so I’m a bit worried
<immae>
(local in the sense: the machine where the build happens, not the one where it will be deployed)
<nh2>
immae: Usually building both kernel and modules on another machine should work fine; I'm currently doing it with 2 physical laptops, putting NixOS on an SD card. Is your build sandboxed?
<immae>
nh2: it is set to "relaxed" because I have a few (non-kernel related) derivations that are impure, so unless the linux package has __noChroot = true it should be sandboxed, right?
<{^_^}>
[nixpkgs] @aanderse pushed commit from @bzizou to master « aragorn: init at 1.2.38 (#58354) »: https://git.io/fjGKi
<nh2>
immae: I'm not familiar with that, I only know that because one of my machines is Ubuntu without sandbox, builds can pick up stuff from outside. I'm not sure if `/proc/modules` is sandboxed; you could `strace` your build to see if it uses that
<immae>
nh2: actually it shows the same messages even if I have sandbox = true, so it somehow manages to get out of its jail
slyfox has quit [Quit: :)]
<nh2>
immae: I don't know whether `/proc/modules` is jailed at all
<immae>
so I should just ignore the message and keep going right? It worked for months like that, there is no reason to break more with pkgs.linuxPackages_latest than the default pkgs.linuxPackages
<immae>
(I’ll try that at night, just in case it provoques extended downtime :p )
<{^_^}>
[nixpkgs] @FRidh pushed 266 commits to staging-next: https://git.io/fjG6e
<nh2>
immae: yes I guess that makes sense. The modules thing would probably benefit from a real investigation, or at least an issue about it, but if it also don't see a reason for it to work significantly less than it did so far
mabel has quit [Ping timeout: 244 seconds]
<immae>
I’ll post an issue then, thank nh2
sheeldotme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<nh2>
immae: cc me please, as I'm also interested in modules building
<immae>
please send me your github handle then (either here or in private)
<miniBill>
pie_: I have no clue what pinning means tbh, any further pointers?
<miniBill>
nh2: thanks
logzet has quit [Remote host closed the connection]
<pie_>
you can use somethng like that instead of import <nixpkgs> {} for example
<pie_>
oldnixpkgs = blah; oldnixpkgs.php5
kisik21 has quit [Ping timeout: 246 seconds]
<miniBill>
pie_: thanks!
linarcx has quit [Quit: WeeChat 2.4]
cfricke has joined #nixos
coconnor has quit [Ping timeout: 240 seconds]
cfricke has quit [Client Quit]
linarcx has joined #nixos
<pie_>
miniBill, hope it helps \o/
cfricke has joined #nixos
coconnor has joined #nixos
<miniBill>
pie_: been trying nixos since <1wk, a blast so far. nixops is really really really cool. had been using propellor lately, but it missed something. now I know: it missed an immutable declarative OS to work on
<dtz>
@.@ all the llvmPackages/stdenv override plumbing is really :(
<dtz>
I trust it's needed and such but.... realllyyyy lame ;3
<miniBill>
yeah, main drawbacks of propellor are 1) trying to apply a declarative approach to stateful distros 2) sometimes the error messages are gcc-2 style =D
slyfox has joined #nixos
jomik has joined #nixos
<jomik>
Mic92: Hey! I have an issue with that python script you made for updating vim plugins. I modified it to work for my fish plugins, and it works locally, but my CI fails on `out = subprocess.check_output(["nix", "eval", "--json", GET_PLUGINS])`, do you have any idea why? It says it gave a non-zero exit code, but not much else...
<dtz>
lol and how many gettimeofday patches did we have?! lmao
logzet has joined #nixos
psyanticy has joined #nixos
<dtz>
excuse me, clock_gettime
uranther has joined #nixos
Lears has joined #nixos
Rusty1 has joined #nixos
[Leary] has quit [Ping timeout: 245 seconds]
puck has quit [Remote host closed the connection]
tg has quit [Ping timeout: 245 seconds]
puck has joined #nixos
petrkr has joined #nixos
winem_ has joined #nixos
tg has joined #nixos
zupo has joined #nixos
<{^_^}>
[nixpkgs] @joachifm merged pull request #60377 → nixos/apparmor: service unit improvements → https://git.io/fjG4k
<{^_^}>
[nixpkgs] @dtzWill opened pull request #60419 → mosh: upstream patch to fix w/newer clang/libcxx (c++17) → https://git.io/fjGix
civodul has quit [Ping timeout: 268 seconds]
<jomik>
Anyone know why python's `Path(__file__).parent` seems to return `/builds/Jomik/nur-expressions/` rather than `/builds/Jomik/nur-expressions/pkgs/fishPlugins/` :/ I am using the ROOT variable in the update.py script we use to update vim plugins.
<{^_^}>
[nixpkgs] @Profpatsch pushed to master « lorri: reserve attribute name »: https://git.io/fjGP5
<{^_^}>
[nixpkgs] @angristan opened pull request #60423 → vscodium: init at 1.33.1 → https://git.io/fjGPd
stepcut has joined #nixos
rauno has quit [Ping timeout: 258 seconds]
ayerhart has quit [Read error: Connection reset by peer]
<cyris212>
Could someone explain to me on how to retrieve the modSha256 value (buildGoModule)?
<tilpner>
cyris212: Fill in e.g. e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
<tilpner>
cyris212: Then build it and pick the correct hash from the error message
<tilpner>
,tofu
<{^_^}>
To get a sha256 hash of a new source, you can use the Trust On First Use model: use probably-wrong hash (for example: 0000000000000000000000000000000000000000000000000000) then replace it with the correct hash Nix expected.
<cyris212>
tilpner: thx :-)
<immae>
Should’t tofu talk about lib.fakeSha256 / lib.fakeSha512 which seems to be done for that? (easier to use lib.fakeSha256 than counting the correct number of zeroe’s we’re putting :p )
ayerhart has joined #nixos
<simpson>
immae: Nice, TIL.
ckoparkar has joined #nixos
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<xorAxAx>
it was working yesterday and i cannot find any git commits to nixos/hardware
<xorAxAx>
that would be relevant
<jomik>
samueldr: Oh, thanks! That also downloads unstable I guess? It doesn't use my local one? Neat
<samueldr>
right
<Taneb>
Oh wow, that is neat
<samueldr>
it uses the relatively recent addition of channel:name for NIX_PATH
<manveru>
genesis: it's more about providing a unified appearance for projects built with nix :)
<jomik>
Thank you ! :)
<samueldr>
from nix 2.0's release notes:
<jomik>
samueldr++
<{^_^}>
samueldr's karma got increased to 82
<samueldr>
>> You can now use channel:channel-name as a short-hand for https://nixos.org/channels/channel-name/nixexprs.tar.xz. For example, nix-build channel:nixos-15.09 -A hello will build the GNU Hello package from the nixos-15.09 channel. In the future, this may use Git to fetch updates more efficiently.
<manveru>
genesis: it's super bare-bones atm, but ideally we'd build a kind of web-ring of projects that are built with nix for easier discovery... that list of projects is still not there yet...
<adisbladis>
lordcirth__: What aspect of `curl | sh` dont you like? How could it be improved?
<lordcirth__>
adisbladis, at a minimum, the default instructions should say to download the script, then run it. And recommend gpg checking.
<infinisil>
lordcirth__: So what's there to complain about? It provides an easy | way for users who don't care and a better way for users who do
<lordcirth__>
infinisil, for the same reason banks don't send you links in emails. You don't teach users to curl | sh
<manveru>
guess you can't make both happy :P
<adisbladis>
Also, some OSX friends were using `brew cask` to install nix :)
<infinisil>
lordcirth__: There's a lot of discussion about this recently, but the conclusion is that there's nothing actually bad about it (assuming you prevent half-downloaded files from executing, which nix does)
<adisbladis>
lordcirth__: Meh. `curl -O .../install && gpg --verify && bash install` has exactly the same threat model as `curl | sh`
<lordcirth__>
infinisil, there's nothing as long as you 1) trust the webserver to not be compromised and 2) don't mind teaching users to thoughtlessly run code
o1lo01ol1o has quit [Remote host closed the connection]
<lordcirth__>
adisbladis, actually no. For one thing, a server can tell if you are piping or downloading, and only give the malicious code if you are piping.
fendor has joined #nixos
<infinisil>
When the server is compromised you can't trust it to even give you the right signature with gpg checks
<infinisil>
You already lost in that case
<adisbladis>
lordcirth__: That's just semantics though. You are still running instructions from the exact same download page.
<adisbladis>
What infinisil said :)
<genesis>
perharps add a sentence to check if package manager has not recent nix would be fine
<adisbladis>
I would agree with the `curl | sh` sentiment for most software. A package manager is not most software.
knupfer has joined #nixos
ericsagnes has joined #nixos
<Orbstheorem>
So, in my usual debian deployments, I enable `pam_env.so user_readenv=1` so that I can source environment variables for my user session. I noticed nixos currently does not support this, but before making a patch to the pam module, I digged a bit around and I found this: https://nvd.nist.gov/vuln/detail/CVE-2015-8325 . Though that particular CVE it targeted at openssh, I think it would be possible to hijack any
<lordcirth__>
adisbladis, yes, but you are running instructions that were given to you after you told the server that you would be running the code without checking it first.
<Orbstheorem>
following pam modules after pam_env is executed by using LD_PRELOAD as described in the CVE. Do you think such attach is possible and therefore should I look for a better solution than user-session env vars?
<simpson>
lordcirth__: Assuming you've read gchristensen's thoughts, could you clarify whose GPG keys you would like to trust, and what your threat model is?
srid has quit [Ping timeout: 245 seconds]
<infinisil>
There seem to be a lot of strong opinions regarding this, as seen from threads on lobsters and elsewhere
<lordcirth__>
simpson, the most important thing here is not teaching users to curl | sh. Banks don't send you links in emails, and we don't tell users to blindly curl | sh.
<pie_>
id argue, probably pointlessly, the more infrastructure you can distrust the better
* genesis
had relaunched a flamewar :(
<samueldr>
there is trouble if the first feeling you have is (some say arguably right) revulsion with the first thing you see about something :/
winem_ has quit [Ping timeout: 246 seconds]
<lordcirth__>
simpson, Considering that the nix installer is a very reasonable 1 page, telling users to wget it then read it would be good too.
<pie_>
infinisil, im a bad person and i thought gpg information has to be in the file for some reason
<pie_>
well, kind of ambiently assumed, even though ive seen sig files
<simpson>
lordcirth__: Oh, so you're not actually interested in using Nix? I'm trying to address your *actual* point of what *you* personally require in terms of security.
<yorick>
when you're installing nix you're giving it root access anyways, the nixos website is already trusted as root in this model
<lordcirth__>
simpson, I already use Nix. I chose to trust the site. What I'm concerned about is teaching users bad security habits, and potentially *appearing* to by unconcerned by security.
<pie_>
yorick, is the nixos website on the same infrastructure as the build servers?
fendor has quit [Ping timeout: 246 seconds]
<yorick>
pie_: the build servers have signatures and whatever, but that won't help you when initially installing nix
<xorAxAx>
nix on !nixos isnt suid root, yorick, is it?
<pie_>
yorick, well thats what the gpg stuff is for
<pie_>
(right?)
<yorick>
pie_: so if I'm evil I just replace the gpg stuff
<simpson>
lordcirth__: Telling people to download and run a script is just like a curl|sh, but with more words. They have to do roughly the same amount of thinking, copy'n'pasting, and running of unsafe code. Perhaps we could restructure the script so that, once it starts running, it forces the user to view its own source~? There is a bit of an infinite regress here in terms of teaching the user how to be
<simpson>
security-conscious!
<pie_>
yorick, oh good point, thats where the whole web of trust stuff comes in i guess
<xorAxAx>
from april 1, 2020 on, nix can only be installed by people in the top 200 of the strong web of trust
<ajs124>
has anyone brought up "on trusting trust" yet? because I would really like someone to prove maxwells equations to me first, before we start talking about anything else.
<Orbstheorem>
pie_: Web of trust (usually) hardly protects you from identity spoofing
<pie_>
simpson, ah! but by then youve already lost! youre running code! it could have backdoored the text editor to show that its clean! :P
<simpson>
lordcirth__: In security in particular, we should avoid the *appearance* of being highly concerned, and instead be *actually* highly concerned. Thus my preoccupation with peoples' actual threat models and systemic weaknesses.
<xorAxAx>
.oO(hmm, it should be the reverse)
<pie_>
something something reflections on trusting trust
<lordcirth__>
simpson, At a minimum, wget then running it prevents certain attacks where the server can choose to only send malicious code when it knows it's being piped and won't be inspected first.
sb0 has joined #nixos
<pie_>
ajs124, lol there we go
<simpson>
lordcirth__: If your threat model involves distrusting nixos.org then NixOS might not be for you.
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « ghc: update 8.6.5-rc1 to 8.6.5 »: https://git.io/fjGMl
<lordcirth__>
simpson, still missing the point
<pie_>
ajs124, lmao what does that have to do with maxwells equations
<yorick>
pie_: I can't even find the relevant keys on keyservers
<simpson>
lordcirth__: Thanks, you too. Patches *are* welcome if you wanna reword that part of the site!
<lordcirth__>
simpson, threat model #1: Trustworthy projects such as Nix teach users to be careless with security, for the sake of convenience.
<{^_^}>
[nixops] @AmineChikhaoui pushed 6 commits to master: https://git.io/fjGM8
<pie_>
i think theres another view to this discussion, being that curl | sh is bad is a meme
<simpson>
lordcirth__: This is richly ironic considering that Nix is the closest thing to a package-capability system yet implemented using standard software.
<simpson>
pie_: Yep, exactly. Can't fight against a meme with reason alone.
<pie_>
though i do agree with training users about bad practices
<infinisil>
lordcirth__: okay you checked the script, the server didn't serve you anything different. But the tarball you'll download next, how do you trust that? The server could send you anything again
<yorick>
lordcirth__: and none of these other scripts will ever work once they install nixos :P
<yorick>
so it'll quickly unteach them
<ajs124>
pie_, computers. electronics. physics. it's ~turtles~ electrons all the way down! and by that I mean fields. hence maxwell.
<yorick>
so we should make it as convenient as possible to install nixos
<pie_>
ajs124, s/fields/friends/ also, ah i got it
<lordcirth__>
yorick, far more people are currently installing Nix on other distros than are installing NixOS
<yorick>
lordcirth__: I don't... think so
<lordcirth__>
Do we have numbers on this?
<pie_>
here are the fundamentals as i see them: either a user can and does read the code, or they are not experienced enough
<simpson>
lordcirth__, pie_, infinisil: TBQF it could be that merely adding a single paragraph and giving the URL first would fix https://nixos.org/nix/download.html to the satisfaction of the various whines I've heard so far.
<infinisil>
lordcirth__: Haha if you make such a claim *you* should provide the numbers
<pie_>
if they are not experienced enough i think the problem reduces to "they will run a script anyway", if they are experienced enough, they know what they are doing
tboston_ has joined #nixos
<yorick>
simpson: it would be dumb but there's no point fighting it
<simpson>
But, also TBQF, the entirety of what's above the fold on the page *already* includes GPG information, "The installation script requires that you have sudo access to root.", and even the demanded-for `curl -o install-nix-2.2.2 https://nixos.org/nix/install`
srid has joined #nixos
<pie_>
imo the page is very informative to what ive seen, but i havent looked at the debian download page in years so idk
<pie_>
so the question is what to do about the inexperienced users
<pie_>
sorry, the point it to not run arbitrary code
<lordcirth__>
pie_, some install scripts are massive, but the nix one isn't.
<yorick>
pie_: the point is a meme at this point
<pie_>
lordcirth__, so the reviewability is already loads better, but that doesnt help for the inexperienced users that one is worried about executing arbitrary code from the internet no?
<pie_>
yorick, im honestly trying to think about this :P
<yorick>
pie_: no argument will work to anyone who only knows this is bad and not why
<pie_>
yorick, i hate feeling like the fundamental problem is unsolvable
<lordcirth__>
yorick, you aren't being helpful by dismissing your opponents
<yorick>
lordcirth__: same
<pie_>
lordcirth__, the rebuttal is also pointless :D
<pie_>
lordcirth__, how do you expect your grandma to install nixos
<pie_>
i mean nix
cfricke has quit [Read error: Connection reset by peer]
<lordcirth__>
pie_, I don't.
<simpson>
lordcirth__: Almost certainly the onus is on somebody with your position to submit a suggested change to this page, in the concrete, as a PR, as part of the normal community process.
<pie_>
ok your technically apt cousin
<yorick>
pie_: tarball, unpack, ./configure && make && sudo make install, like our ancestors did before us
<jasonk000[m]>
yorick: you have read ken thompson's paper, reflections on trusting trust?
<yorick>
jasonk000[m]: at some point in the past, yes
<pie_>
hm i havent *actually read* the paper though
<yorick>
jasonk000[m]: the software you use to build your software is generally inside the trust model
<jasonk000[m]>
it's turtles all the way down
<ashkitten>
kturtles all the way
<gchristensen>
all software could probably be traced back to some insecure fetching
<pie_>
waiting for the day nix + the world is compiled with something like compcert bootstrapped from a tractable-for-a-single-human-to-verify theorem prover core with a capabilities system
<pie_>
(yeah your theorems themselves might be broken but whateverrrrr)
<gchristensen>
you might like reading up on Guix's bootstrapping
<jomik>
Should I not be able to add a channel `nur-jomik` and then refer to it using `<nur-jomik>` ? I can not seem to install from it using `nix-shell -I '<nur-jomik>' -p mypackage` :/
<samueldr>
and it is not to be confusd with a discrete filesystem mounted at /boot
<samueldr>
the bios boot type of partition is intended to be an opaque blob location where the initial bootloader phase of grub will look for the second stage
<tilpner>
mightybyte: The important parts are in the gist
<mightybyte>
Fantastic! Thanks everyone. I'll dive into this when I get a chance.
<samueldr>
(bios boot partition is easy to conflate with a partition for a filesystem that will be mounted at /boot)
<talqu>
hi, nix-build returns a path of the executable. But how do i install it, so that the binary name is in the path?
<talqu>
nix-env -i
<clever>
talqu: nix-env -f foo.nix -iA bar <- nix-build foo.nix -A bar
ixxie has quit [Ping timeout: 250 seconds]
Synthetica has quit [Quit: Connection closed for inactivity]
civodul has joined #nixos
<talqu>
thanks
<talqu>
what is the recommended and most basic way to copy/send one binary(built on one nixos) to a remote nixos? I'm trying nix-deploy tool at the moment
<tilpner>
nix-copy-closure is very basic
<adisbladis>
Also `nix copy`
petrkr has quit [Remote host closed the connection]
tboston_ has quit [Ping timeout: 246 seconds]
<talqu>
when using nix-closure-copy, i get error: cannot add path '/nix/store/7gx4kiv5m0i7d7qkixq2cwzbr10lvxwc-glibc-2.27' because it lacks a valid signature
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fjGD7
<adisbladis>
talqu: nix copy --no-check-sigs
<clever>
talqu: the receiver needs to be a trusted user in nix.conf
<clever>
(either run as root, or add yourself as a trusted user)
<clever>
`nix copy --no-check-sigs` will disable checking, but again, you must be trusted to change that
<clever>
you can also setup the sender to sign things, with a key the receiver trusts, if you plan to do it a lot and like the extra security
mwilsoncoding has joined #nixos
<talqu>
sudo nix copy --no-check-sigs complains that i dont have a default.nix. clever, sudo nix-closure -to myremote@1.. $(nix-build release.nix) asks a password but also errors "lacks a valid signature"
Neo-- has quit [Ping timeout: 246 seconds]
<clever>
talqu: the receiver needs to be trusted, not the sender
<clever>
talqu: but if you flip the initiator, you can just sudo -i on the remote machine, and do a --from instead
<clever>
and then the source can be any user
<mwilsoncoding>
essentially, I want to clone a project from github and build a package contained within, but the code to build the package I want is in a child directory of the giant repo, not at the base of the repo =/
<pie_>
mwilsoncoding, my mind is in other places right now but if youre using mkDerivation or something like that you add an attribute called preBuild and put your commands in it
<pie_>
mwilsoncoding, stdenv.mkDerivation puts a lot of / extra attributes in environment variables and stuff, im not sure what it does exactly
<pie_>
so hook function implementations passed from nix usually end up as functions in bash's environment, and they get called by the runhooks and such
<pie_>
does that make any sense?
sb0 has quit [Quit: Leaving]
<pie_>
mwilsoncoding, its basically the same as overriding installPhase for example
<mwilsoncoding>
I think that still works, I'm just not sure in which closure to define the preBuild hook
<clever>
mwilsoncoding: the one that is calling buildPythonPackage i think
<mwilsoncoding>
yep yep- I'm using all the helper functions I can at the moment
<mwilsoncoding>
I think this still allows preBuild- I can see where the buildPhase is defined and calls the hook, but do I define the hook as a member of the recursive set passed _into_ buildPythonPackage?
tboston_ has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fjGyB
<mwilsoncoding>
testing that out- will report back
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/fjGy0
blumenkranz has joined #nixos
<blumenkranz>
Hello. Is anyone else experiencing error 500 while downloading .narinfo from cache.nixos.org?
<{^_^}>
[nixpkgs] @Infinisil merged pull request #60374 → Added support for python caldav package → https://git.io/fjG8z
<talqu>
clever, i've now added my local machine's user's name to remote's configuration.nix as allowedUsers. Now, doing nix-copy-closure --to remote-user@remote /nix/store/foo, i get his error: cannot open connection to remote store 'daemon': reading from file: Connection reset by peer error: unexpected end-of-file
<andi->
blumenkranz: works for me right now. There is a thread in discourse about 503s IIRC
<infinisil>
blumenkranz: I just saw the build bot have that: https://logs.nix.ci/?key=nixos/nixpkgs.60374&attempt_id=e3e97a8e-93e0-4f28-ab5d-f0159bcbd956
<yorick>
oh god pythonPackages overrides don't compose
<infinisil>
yorick: They do I'm pretty sure, but it's annoying to get it right
<yorick>
infinisil: doing python3 = super.python3.override { packageOverrides = ... } will get you only the final overlaid packages
<infinisil>
You want to use .override with an argument
<infinisil>
And compose that..
<blumenkranz>
It's kinda annoying since it won't let me nixos-rebuild switch without downloading from the cache, for some reason, but I guess I will wait it out.
<yorick>
infinisil: ... ohno, thanks
<infinisil>
yorick: It's ugly as hell..
drakonis has joined #nixos
<das_j2>
Hey, is there a way to compose a path from $NIX_PATH variables? I need something like (import <nixpkgs-${version}>)
<tilpner>
blumenkranz: You can disable the cache temporarily with --option substituters ""
<tilpner>
(And IIRC --option substitute false)
<sphalerite>
or --no-substitute, which doesn't require being a trusted user
<andi->
blumenkranz: or use my (caching) proxy for cache.nixos.org with --option substituters https://cache.nix.h4ck.space, it just proxies the requests so the original hydra sigantures are still there..
<{^_^}>
[nixpkgs] @peti pushed 7 commits to haskell-updates: https://git.io/fjGyx
nornagon3 is now known as nornagon
<{^_^}>
[nixpkgs] @lheckemann pushed 2 commits to release-19.03: https://git.io/fjGyp
alex```136855 has joined #nixos
alex```13685 has quit [Ping timeout: 268 seconds]
<clever>
talqu: if you run `nix-build '<nixpkgs>' -A hello` on the remote machine, wht does it say?
<talqu>
clever, the same
joebobjoe has joined #nixos
<talqu>
error: cannot open connection to remote store 'daemon'
Ariakenom has joined #nixos
<joebobjoe>
for there a lot of nix developers in this room or are they in nixos-dev
<gchristensen>
this is the best place to start with for asking for help
<clever>
talqu: check the journal for nix-daemon.service
<joebobjoe>
but to work on nix prs #nixos-dev is best
<joebobjoe>
?
<gchristensen>
best to start here, and then depending on the topic we can move :)
<das_j2>
infinisil: Well, the sandbox prevents me from actually accessing the file
joebobjoe has quit [Client Quit]
<clever>
das_j2: if you dont quote a path, nix will include it in the sandbox for you
jb55 has quit [Ping timeout: 258 seconds]
<talqu>
clever, i was able to copy-closure -path root@remote-host ..., but needed to add services.openssh.permitRootLogin = "yes";
<das_j2>
clever: But can I substitute variables, then?
zupo has joined #nixos
<pie_>
clever, theres also everyones favorite unsage
<pie_>
unsafe
* pie_
hides
<clever>
talqu: you can also ssh into a normal user, sudo -i, and then nix-copy-closure --from otherend /nix/store/foo
<clever>
talqu: flip around who initates the transfer
<clever>
das_j2: env vars at eval time or nix vars?
knupfer has quit [Ping timeout: 250 seconds]
dansho has joined #nixos
linarcx has quit [Ping timeout: 246 seconds]
<das_j2>
> let profiles = "/profiles/"; in /var/nix + profiles + per-user
<talqu>
clever, very weird i cant do nix-build '<nixpkgs>' -A hello on my remote nixos, it only works with sudo
<{^_^}>
undefined variable 'per-user' at (string):252:55
<das_j2>
clever: Something like that
<talqu>
however, i dont need any sudo doing the same on local machine nixos
<clever>
talqu: with sudo, it ignores the nix-daemon
<clever>
talqu: check the journal for nix-daemon.service
jb55 has joined #nixos
<talqu>
Apr 29 19:16:17 nixos nix-daemon[12257]: error processing connection: user 'talqu' is not allowed to connect to the Nix daemon
<clever>
talqu: you may need to set allowed users as well
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
craigevil[m] has joined #nixos
<das_j2>
Well turns out I am still getting sandboxed with this: let release = "19.03"; in builtins.toPath (/nix/var/nix/profiles/per-user/root/channels/nixos- + release + "-small");
<talqu>
clever, i've put the remote user in the allowed users array in remote's configuration.nix and now it works
<talqu>
weird :)
fendor has quit [Ping timeout: 255 seconds]
<talqu>
nix-copy-closure now lets copying to remote-user@.. and not only root
<talqu>
thank a lot clever
<das_j2>
nvm, I'm an iditot
Jetien has quit [Ping timeout: 245 seconds]
linarcx has joined #nixos
<clever>
das_j2: dont call toPath, its already a path
<clever>
das_j2: dont call toString either, paths turn into strings on their own
<das_j2>
clever: Man, paths really are the weirdest type
<pie_>
thats literally my code that im trying to run but its not in this directory, the weird path and a previous nix error i had threw me off
<Orbstheorem>
Could someone please explain me this error? :
<Orbstheorem>
the string 'ly_wrapped_X' is not allowed to refer to a store path (such as '!out!/nix/store/56s02zjzzfd3hwqgzy8xln42ach8ranz-xorg-server-1.20.4.drv')
<pie_>
put me in the "something is wrong with nixpkgs" mode
<Orbstheorem>
I'm trying to install a security wrapper for xorg
<Orbstheorem>
s/security/setuid
<Mic92>
jomik, you can change it subprocess.run to get the actual output
<Orbstheorem>
I think I'm trying to make a security wrapper to a “relative” locate, which is not recognized as a derivation
<pie_>
clever, can I get something to connect to the x server if I dont build it in a sandbox?
<AlexRice[m]>
Does anyone have any idea on where to start debugging why meson/pkgconfig is not finding dependencies?
<NemesisD>
how (or does?) nix-collect-garbage know what to delete? if i use nix in a bunch of projects to build dependencies and such, does it or can it know that those derivations are in use?
<AlexRice[m]>
NemesisD: it collects everything not connected to a gc root
<pie_>
this should disable the sandbox right? nix-build --option sandbox false
<NemesisD>
pie_: yes
<symphorien>
pie_: only if you are a trusted user
<pie_>
symphorien, yeah i did that..
<pie_>
symphorien, any way i can check that its happy with me?
Ariakenom has quit [Quit: Leaving]
<NemesisD>
AlexRice[m]: does that mean that if i symlink an output somewhere when i run a nix build that it will be connected to a gc root?
Jetien has quit [Ping timeout: 246 seconds]
<AlexRice[m]>
NemesisD: I think the output will be connected but not any build time dependencies
wfranzini has quit [Remote host closed the connection]
<NemesisD>
i guess in general i wonder how people manage disk usage. i'm constantly getting close to running out, but i would like to avoid having my next compile have to recompile the world
<{^_^}>
nix#2208 (by goodwillcoding, 47 weeks ago, open): nix-shell dependencies can be garbage collected any time now / persistent nix-shell envs
<AlexRice[m]>
though I think there are better tools now but someone else might know more
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<pie_>
symphorien, NemesisD I have trusted-users = root nixos in my /etc/nix/nix.conf (added via configuration.nix) and my username is nixos
<pie_>
i did a rebuild switch
<pie_>
ah, i havent done low level debugging in a while, i forgot, i should try more -v
mwilsoncoding has quit [Ping timeout: 276 seconds]
tboston_ has joined #nixos
<AlexRice[m]>
is there an easy way to force a rebuild of a package?
<pie_>
well...that didnt help
<pie_>
AlexRice[m], if its a fixed output derivation you have to change the hash
justanotheruser has joined #nixos
anpryl has quit [Ping timeout: 258 seconds]
<AlexRice[m]>
hmm, I just want to see what it outputs when it builds really
barryfm has joined #nixos
<pie_>
(at least, thats what i always had to do, not sure if anything changed)
Guest10736 has quit [Quit: WeeChat 2.4]
<dtz>
Alex Rice: it's not perfect but if you have it built you can rebuild it by adding `--check`
mwilsoncoding has joined #nixos
<dtz>
"not perfect" -> not exactly a match for your desired behavior
<pie_>
well, i dont know how to solve my sandbox problem -v didnt help
<AlexRice[m]>
still might be able to get it to work
<AlexRice[m]>
thanks
<dtz>
but AFAIK does what it means to properly, lol. But for example you have to have it in your store already, and can't use remote builders, which isn't always quite what one might want for "build again only keep the log and/or see what you get"
stites has quit [Quit: ZNC 1.6.6+deb1ubuntu0.1 - http://znc.in]
<pie_>
dtz, i feel like we really should have an option for this? people keep wanting it
zupo has joined #nixos
<pie_>
or does it just not make sense
tboston_ has quit [Ping timeout: 246 seconds]
mabel has quit [Ping timeout: 258 seconds]
mabel has joined #nixos
justanotheruser has quit [Quit: WeeChat 2.4]
justanotheruser has joined #nixos
<pie_>
this is something im not actually clear on, does disabling the sandbox mean the build process has access to the rest of your system?
<pie_>
sphalerite, im testing some stuff so I need access to my X server from the build process
<pie_>
because Im running stuff in wine and it tends to want to run gui stuff
<pie_>
xvfb-run works if I dont actuall care about the output or debugging
<sphalerite>
what about xvfb-run with a screenshot tool of your choice?
ardumont has quit [Ping timeout: 246 seconds]
<pie_>
sphalerite, I thought of that but its tedious :x
<pie_>
sphalerite, i was actually thinking of screen recording or something
<pie_>
i might do it *anyway*
linarcx has quit [Quit: WeeChat 2.4]
<pie_>
but it would be helpful if i could get this nonsandboxed stuff to work
<sphalerite>
what's the actual problem though? The build not being able to access the X server even with the sandbox off, or not wanting to turn the sandbox off?
<pie_>
the former
<pie_>
or at least i havent figured out how to do it
<pie_>
I just set DISPLAY=:0 in the build and its not happy
<sphalerite>
try running `xhost +` outside the build
<pie_>
ok, what does that do
<pie_>
,locate xhost
<{^_^}>
Found in packages: xlibs.xhost, bash-completion
<sphalerite>
you may also need to copy your ~/.Xauthority to somewhere accessible by the build and set the XAUTHORITY env var to its path
sheeldotme has joined #nixos
<pie_>
ah ok so its permissions stuff
<pie_>
$ xhost +
<pie_>
access control disabled, clients can connect from any host
<pie_>
doesnt disable cookies too?
<pie_>
will try adding the cookie
<sphalerite>
I'm not sure
<sphalerite>
hence "may" :)
qyliss^work has quit [Quit: bye]
qyliss has quit [Read error: Connection reset by peer]
qyliss^work has joined #nixos
qyliss has joined #nixos
<{^_^}>
[nix] @edolstra pushed to precise-gc « Include GC stats in printStats »: https://git.io/fjGQ0
alex```136855 has quit [Ping timeout: 255 seconds]
<sphalerite>
pie_: many windows installers can be unpacked using 7-zip :^)
ingenue has quit [Ping timeout: 268 seconds]
<cransom>
,locate ascii.7
<{^_^}>
Found in packages: manpages
<pie_>
sphalerite, Im actually trying to run UniExtract2 but youre probably right that I should look for something that will just work on linux native
<pie_>
and or i should just run the installer / use autoit or somejunk
<pie_>
uniextract2 is an aggregation of extractors
drakonis has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @burke opened pull request #60439 → [wip] Bump most apple-source-releases to macOS 10.14.1 → https://git.io/fjGQi
fendor has joined #nixos
<AlexRice[m]>
I might be missing something here but what should be the intended behaviour when an item in `buildInputs` is wrapped in a singleton list i.e. `buildInputs = [ [a] b c ]`, I've tried a bit of testing and it sometimes seems to work with the singleton list and sometimes doesn't
<coconnor>
pie_: thanks. I think I'll go for the toplevel definition overriding the dxvk package to provide d9vk.
<pie_>
id also try to see how the list gets passed
<pie_>
you could override a phase and echo it
<pie_>
or something like that
<pie_>
maybe the "type" bash builtin?
<AlexRice[m]>
tbh bash sort of scares me
<pie_>
scares a lot of people
<pie_>
ah sorry type is just for commands
o1lo01ol1o has quit [Ping timeout: 244 seconds]
aramiscd has quit [Ping timeout: 246 seconds]
<pie_>
AlexRice[m], btw if you dont intend to pursue it or dont manage to get to the bottom of it (or even before that), please do file a github issue - or see if one exists already
<AlexRice[m]>
I can in a bit
<pie_>
its good to have a record of problems
<pie_>
\o/
<AlexRice[m]>
I'll see if I can find a minimal example
<pie_>
AlexRice[m], even better if you can make a nix script that reproduces it :D
<pie_>
oh ok, didnt know that anyway, trying with just string right now
<pie_>
i mean i use unsafediscard on the first part of the string because i dont want the whole directory tree pulled in
<gchristensen>
it won't pull it in automatically
<pie_>
oh
<gchristensen>
if you do: src = /. + "home/grahamc/foobar"; it'll only pull in /home/grahamc/foobar
<pie_>
oh ok
<pie_>
this still doesnt work, not sure why src = config.inputPath + "/Delver.zip";
<gchristensen>
Nix is lazy :)
<pie_>
true
mkoenig has joined #nixos
thc202 has quit [Ping timeout: 255 seconds]
<pie_>
...the file definitely exists, it has +r
Glider_IRC_ has joined #nixos
<gchristensen>
you discarded context on it?
<gchristensen>
inputPath is the result of discarded context?
<pie_>
on the config.inputPath
<pie_>
oh yeah i guess i can remove that because you said its lazy
<gchristensen>
yeah, and this is also causing the problem
<{^_^}>
[nixos-homepage] @Ericson2314 opened pull request #275 → Obsidian Systems provides commercial support too → https://git.io/fjG5e
<pie_>
i guess that makes sense
<{^_^}>
[nixos-homepage] @grahamc merged pull request #275 → Obsidian Systems provides commercial support too → https://git.io/fjG5e
<{^_^}>
[nixos-homepage] @grahamc pushed 2 commits to master: https://git.io/fjG5v
Glider_IRC has quit [Ping timeout: 245 seconds]
<pie_>
wow wtf my thing worked
<pie_>
that wasnt even that hard. ok, its a java game, and wine works pretty well these days, and i didnt really do anything other than a glorified extractor with nix
<gchristensen>
nice
<gchristensen>
ps
<pie_>
ok mouse controls are totally wrecked with Xephyr though...
<gchristensen>
a hint that you got the thing wrong is that Nix builds will never complain about a path outside of the nix store or /tmp being missing, because it never has access to them
<gchristensen>
so since it complained about /home/... being absent meant you passed in a string (ie: nothing special)
<pie_>
gchristensen, yeah
sheeldotme has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]