gentauro has quit [Read error: Connection reset by peer]
gentauro has joined #nixos
<jackdk>
how frequently do updates to all-cabal-hashes come through nixpkgs? I'm trying to callHackage to get reflex-0.6 and it's not there, and 0.6 was uploaded in march
gagbo has quit [Ping timeout: 255 seconds]
gagbo has joined #nixos
Rusty1 has quit [Quit: Konversation terminated!]
amfl has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @magnetophon opened pull request #60445 → speech-denoiser: init at unstable-07-10-2019 → https://git.io/fjG5E
tboston_ has joined #nixos
hhefesto has joined #nixos
mwilsoncoding_ has joined #nixos
hhefesto has quit [Client Quit]
hhefesto has joined #nixos
mexisme_ has joined #nixos
tboston_ has quit [Ping timeout: 246 seconds]
jybs has joined #nixos
drakonis has joined #nixos
drakonis_ has quit [Ping timeout: 250 seconds]
everybodyHertz has joined #nixos
<{^_^}>
[nixpkgs] @matthewbauer opened pull request #60447 → Fixup from macos-10-12 branch → https://git.io/fjG59
tboston_ has joined #nixos
start2 has joined #nixos
gagbo has quit [Ping timeout: 255 seconds]
mwilsoncoding has quit [Ping timeout: 276 seconds]
<start2>
Hey guys, I just installed NixOs two days ago and took a lot of time to set it up. Then i deleted all my nix configs by a git reset --hard while trying to back them up. Is there any way to retrieve the configs from my current system state?
o1lo01ol1o has quit [Remote host closed the connection]
<clever>
start2: you can use nix-diff to compare the current config against the currently running OS
<clever>
then you can edit it to make it differ less
o1lo01ol1o has joined #nixos
gagbo has joined #nixos
infinee has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
<hodapp>
"error: The option `services.syncthing.guiAddress' defined in `/etc/nixos/configuration.nix' does not exist." oh, so apparently this is a more recent thing
<hodapp>
still puzzled as to why it's just choosing a random port that is documented nowhere
<clever>
hodapp: what channel are you on?
tboston_ has joined #nixos
<hodapp>
gah. it picked a random port during one run, and then wrote a configuration file which then forced that for all subsequent runs
<clever>
aha
tboston_ has quit [Ping timeout: 245 seconds]
stepcut has joined #nixos
gagbo has quit [Ping timeout: 245 seconds]
mwilsoncoding has joined #nixos
everybodyHertz has quit [Read error: Connection reset by peer]
gagbo has joined #nixos
stepcut has quit [Ping timeout: 258 seconds]
iqubic has joined #nixos
<iqubic>
Anyone know why xbacklight isn't working for me right now?
<iqubic>
any xbacklight commands I run return: "No outputs have backlight property"
<iqubic>
Which is bizarre, because this was working just yesterday, before I updated to 19.03
<iqubic>
What did 19.03 do that would cause this to fail?
<bohan>
haha, prolly the most important program, right?
<iqubic>
acpilight just seems like a better tool than xorg.xbacklight.
<iqubic>
I say that because I prefer the tool that actually works.
<Myrl-saki>
uh. This is more of a Linux problem than anything.
Tucky has joined #nixos
<Myrl-saki>
Now that I think about it. Isn't it kind of funny that Linux can update kernels "without restarting"(I mean, technicallyyyy), but can't update groups without restarting, say, your window manager.
<iqubic>
yes
<etu>
Myrl-saki: You can update groups without restarting, but you have to log out and in.
<Myrl-saki>
etu: Yes, but you have to restart your X server* and all the already-running progarms.
<immae>
Myrl-saki: I may be wrong, but to me it’s just a problem of "the process only asks for his parents rights and doesn’t bother checking that he can have more", isn’t it?
<immae>
(I mean: technically a process can get the new groups, he just doesn’t ask for it)
<Myrl-saki>
I guess that's exactly why it's like this. UNIX doesn't seem to really have long-running programs except for algorithmic stuff, which, wel, doesn't require permissions.
<jomik>
Hey guys, I have some trouble booting and shutting down my machine after a system update. I use the 19.03 channel. I get a `Failed to start udev Wait for Complete Device Initialization`, systemd-udev-settle.service has failed.
<jomik>
And my mouse cursor is now gone :D
sam_d has joined #nixos
anpryl has quit [Ping timeout: 255 seconds]
jomik has quit [Quit: WeeChat 2.4]
jomik has joined #nixos
<jomik>
I tried to switch to channel 18.09 and rebuild with that, but it gives the same result.. O.o
<parsnip>
searching the issue tracker a little, seems like there's some rebuild that needs to be toggled off
kaliumxyz has joined #nixos
<parsnip>
not sure though, couldn't figure if it was a good match
brejoc has joined #nixos
brejoc has quit [Remote host closed the connection]
zupo_ has joined #nixos
jomik has quit [Quit: WeeChat 2.4]
zupo has quit [Ping timeout: 258 seconds]
Jackneill has quit [Read error: Connection reset by peer]
goibhniu has joined #nixos
jomik has joined #nixos
<jomik>
So I guess there is some issue with detecting my touchpad. Since my mouse stopped working.
Jackneill has joined #nixos
linarcx has joined #nixos
<sphalerite>
jomik: if it also happens on 18.09 (and didn't previously) my first guess would be coincidental hardware failure. Do the old generations work?
<jomik>
sphalerite: I was a genius and deleted my old generations. Mistake really. Lol. Was just cleaning up the nix store, and then passed -d by mistake :D
<jomik>
It didn't happen on 18.09 previously.
<jomik>
If I boot into the nixos livecd, all is fine though.
<sphalerite>
ah ok
<jomik>
I guess I can try to wipe _everything_ and reinstall on 19.03...
<jomik>
Is it fine to use a NixOS 18.09 livecd, and just update the channel to 19.03 and install?
<Orbstheorem>
Hello ^^/, has anyone tried to develop perl6 on nixos?
<jomik>
I was dumb and deleted old generations before testing, lol.
<jomik>
Oooh, that's clever, I was browsing github backwards ! :P
<jomik>
rebooting to test this commit
jomik has quit [Quit: WeeChat 2.4]
jomik has joined #nixos
<jomik>
Commit ebcadadf55dc4516ef99ba43b2771acbe63ff870 works >.o
<jomik>
I guess I can clone, checkout some version and then bisect..
<srhb>
jomik: Yup, that works very nicely.
<Orbstheorem>
jomik: Think about `nixos-rebuild build-vm` to automate git bisect :D
thc202 has joined #nixos
<Orbstheorem>
I've been running `NIXOS_CONFIG="$(readlink -f test-vm.nix)" nixos-rebuild build-vm && ./result/bin/run-*-vm -chardev stdio,mux=on,id=char0,signal=off -mon chardev=char0,mode=readline -serial chardev:char0` for a couple of hours now to try to package a displaymanager ^^
iqubic has quit [Ping timeout: 256 seconds]
knupfer has quit [Remote host closed the connection]
<AlexRice[m]>
is there a nice way to use gsettings from nixos?
<tilpner>
AlexRice[m]: Don't know what exactly your question is. gsettings is in glib.bin, and there is gsettings-desktop-schemas
<AlexRice[m]>
I mean if there is a way of setting the options from configuration.nix
<AlexRice[m]>
or if it has to just be done imperatively
fusion809 has quit [Remote host closed the connection]
Makaveli7 has quit [Quit: WeeChat 2.4]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « configuration-ghc-8.8.x: try to get some builds working with the alpha-1 compiler »: https://git.io/fjGx0
<{^_^}>
[nixpkgs] @teto merged pull request #60465 → lua: add rapidjson, lua-toml and lua-messagepack to generated packages → https://git.io/fjGAY
alex```1368555 has quit [Ping timeout: 246 seconds]
ingenue has quit [Ping timeout: 250 seconds]
<jomik>
Mic92: Could we change the update script for vim plugins to only grab tags?
<Mic92>
jomik: I would stick to the behavior of other vim package manager, which always fetches latest master. This is how I feel the ecosystem works.
<jomik>
vim-plug and others have a `tag` option tho? `Plug 'neoclide/coc.nvim', {'tag': '*', 'do': './install.sh'}`
<Mic92>
I have not looked into the release policy of vim plugin authors, but I would expect that some might be lazy to update their tags given that most people would just stick to the latest.
<Mic92>
They have a tag option, but I don't see many people using it, so I don't think it would be a good default.
<Mic92>
We can always opt-out on a per plugin case.
<jomik>
Hmmm, I agree it shouldn't be a default.
<jomik>
Ah, that's true. I guess I could just freeze it at a tag/manually update, since tags would be slower.
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-network-bsd: fix the build in LTS-13.x »: https://git.io/fjGpO
<jomik>
It was simply because coc.nvim seems to live using master, so, I have had breaking stuff.. :P
<jomik>
You are right, thank you :)
<Twey>
Where is the tarball-ttl option documented? I see some references to it in the manual, but I don't see an actual description anywhere… specifically, I'd like to know what happens if I set it to 0. Does that mean the cache doesn't expire? Or that it never caches anything?
LogicAside has quit [Quit: ZNC 1.6.5+deb1+deb9u1 - http://znc.in]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-network-bsd: fix the build in LTS-13.x »: https://git.io/fjGpZ
alex```136855585 has joined #nixos
silver has joined #nixos
alex```13685558 has quit [Ping timeout: 255 seconds]
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-network-bsd: fix the build in LTS-13.x »: https://git.io/fjGp0
jomik has quit [Quit: WeeChat 2.4]
<Twey>
azazel: It just says « You can change the cache timeout either on the command line with --option tarball-ttl number of seconds or in the Nix configuration file with this option: tarball-ttl number of seconds to cache. »
<Twey>
It doesn't say what happens if I set it to 0
<{^_^}>
[nixpkgs] @LinArcX opened pull request #60471 → nanum-gothic-coding: init at VER2.5 → https://git.io/fjGpE
<azazel>
Twey: It's simply enough to discover, it seems to me
nschoe has joined #nixos
Makaveli7 has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « hackage-packages.nix: automatic Haskell package set update »: https://git.io/fjGp2
<Twey>
azazel: Yes, but it's going to be several hours before I have time to sit down at a computer and discover it, and I was hoping to give my coworker an answer :þ
knupfer has quit [Remote host closed the connection]
<gchristensen>
<aminechikhaoui>
gchristensen yeah I always have the wireguard unit in a failed state after reboot
<aminechikhaoui>
but never bothered to investigate :D
<gchristensen>
:D
pjan has joined #nixos
leotaku has quit [Ping timeout: 255 seconds]
<emilsp>
gchristensen: are the hostnames fully qualified? what happens if you dig them? Because if they're just broadcast by the hosts themselves, there is systemd unit that you could wait for
domogled has quit [Quit: domogled]
<aminechikhaoui>
in my case it's a FQDN
johanot has joined #nixos
<aminechikhaoui>
it's just a matter of order of unit execution as then when I restart it works
<aminechikhaoui>
(when I restart the unit)
<emilsp>
aminechikhaoui: maybe there's a way to wait for systemd-resolve
<emilsp>
but then you have to be using systemd-resolve
knupfer has quit [Remote host closed the connection]
jeregrine has joined #nixos
<parsnip>
a derivation is a _path_?
<parsnip>
and the file at that path contains an _expression_?
<parsnip>
oh, i guess paths are expressions too
<jeregrine>
so I am attempting to run nix on macos and I am running into https://github.com/NixOS/nix/issues/728 I have attempted the suggested work-arounds with no luck. Any thing else I could try?
<nschoe>
(or is it like, new from this morning? ^^)
<azazel>
there's an announcement on nixos.org home page
<parsnip>
does "just" mean "handwave"?
unmanbearpig has joined #nixos
unmanbearpig has quit [Excess Flood]
unmanbearpig has joined #nixos
unmanbearpig has quit [Excess Flood]
<nschoe>
azazel, thanks for that
<nschoe>
I feel stupid for missing this ^^
<azazel>
handwave? I don't what that means, in this context "just" means "you only have to" (type acroread then )
<parsnip>
i assumed they meant, they had the name of the package, but not the name of the executable
<azazel>
nschoe: why? don't feel stupid just because you don't know, but for when you know you should have learnt and you haven't ;-)
<nschoe>
azazel, :)
<nschoe>
Anyway so regarding my initial question of finding an executable when it doesn't have the same name as the derivation, is there a standard way? (I looked into the builder.sh and found our acroread in my case)
<parsnip>
nschoe: i'm curious about this acroread nix thing, do you have a link?
<arianvp>
unpopular opinion (I think) but I _hate_ the "script =" parameter in systemd.services
<arianvp>
because it obscures what the service does when you use normal admin tools to inspect your system. e.g. "systemctl cat <service-name>" shows
<azazel>
nschoe: every /bin subdirectory of every package in the -p option is put in your $PATH so by doing an "echo $PATH" you'll find the entrypoints to each package's directory containing the executable it contains
<arianvp>
ExecStart=/nix/store/link6b9hd0c8pvk74ps6l0lm6hdhgk04-unit-script-prepare-kexec-start instead of the thing that's actually executed
drakonis_ has joined #nixos
<nschoe>
azazel, oh, right. Thanks.
<nschoe>
parsnip, sure, give me a sec and I'll find it
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has quit [Read error: Connection reset by peer]
drakonis_ has joined #nixos
Copenhagen_Bram has quit [Read error: Connection reset by peer]
<azazel>
arianvp: I mostly agree with you, but there's a problem with ExecStart, i.e. that unless Type= is oneshot, exactly one command must be given.
nikivi has quit [Quit: ZNC is awesome]
drakonis has quit [Ping timeout: 240 seconds]
nschoe has joined #nixos
nikivi has joined #nixos
<nschoe>
parsnip, did you get the link? What was bothering you about the executable `acroread`?
tv has quit [Ping timeout: 245 seconds]
lassulus has quit [Ping timeout: 245 seconds]
moyamo has joined #nixos
<parsnip>
nschoe: i just was curious if i could come up with a way to find it. but i was staring at the .nix, didn't realize it would be in .sh. bad googling.
<parsnip>
the PATH thing is interesting. still reading through the pills
<moyamo>
Hey, could someone point me to an explanation of the difference between the staging-* and release-* branches.
mekeor has joined #nixos
<nschoe>
parsnip, yeah, the pills really helped me too. But I wish there was a continuation :)
<nschoe>
But yeah, the PATH thing is good. I´ll remember it for next time
<parsnip>
i noticed that was like an open issue or something, but i guess it's just nice to have as much learning curve softened as there is.
jomik has joined #nixos
<jomik>
For some reason this `yarn prepare` fails with `/bin/sh: npm-run-all: not found`, even though `npm-run-all` is a devDependency. I am using nix-npm-buildpackage. Anyone have any idea why it seems to be unable to find something clearly listed as a dependency?
<aswanson>
pie_: no bites so far, and I haven't looked at it since sunday
<{^_^}>
[nixpkgs] @dotlambda opened pull request #60492 → dovecot: fix CVE-2019-11494 and CVE-2019-11499 → https://git.io/fjZfy
drakonis has joined #nixos
<pie_>
aswanson, searching github for crashes, this seems to be a very unreliable piece of the code
<pie_>
most of the crash reports seem to be py_config adjacent
<Orbstheorem>
Hey ^^/ Is there any way to use home-manager as an overlay of my configuration.nix?
<aswanson>
I suppose that shouldn't be surprising since it's the place with the most friction between the 3+ codebases they've kludged together
<pie_>
aswanson, yeah maybe its reasonable to fail so hard, idk :D
<pie_>
just from the few lines ive read it would be nice if they tried to get more failure information from python as opposed to just crashing and burning
drakonis_ has joined #nixos
lassulus has joined #nixos
<pie_>
like, the documentaiton for that dict api says it will return null on failure
<pie_>
(IIRC)
drakonis1 has joined #nixos
<pie_>
thats stuff you should be checking for at least on the C++ side i think
<pie_>
as opposed to "unmapped memory" which is "obviously" a null pointer dereference
<jeregrine>
LnL: error: selector 'lists' matches no derivations
stepcut has joined #nixos
<LnL>
jeregrine: just nix-env -q
<jeregrine>
nix-2.2.2\n nss-cacert-3.42
zimbatm[m] has joined #nixos
<djanatyn>
azazel: yes, identical
<djanatyn>
hmm, maybe i could put in a PR to fix that package
<djanatyn>
i'll take a look if it isn't already fixed this afternoon
Qubasa has quit [Read error: Connection reset by peer]
<pie_>
aswanson, anyway, added my findings to the issue. id have gone further but i couldnt figure out how the heck to compile stuff so that is has more debug symbols / less optimization / whatever it was that was making things opaque
Qubasa has joined #nixos
<aswanson>
pie_: the whole R packages implementation seems funky as hell. I like using R so should probably get more familiar with it, but also, woof
<pie_>
i think the nix packages for r need a refactoring - or more documentation, because overrides are hell and i could only get anything done by trying to inject code in the stdenv that r took as a dependency
anpryl has joined #nixos
hio has quit [Quit: Connection closed for inactivity]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<aswanson>
pie_: the way around it might be to forgo the nix installation of reticulate and build it manually, then drop it into the R package library manually?
<qyliss^work>
but it depends how much effort you want to go to
<aswanson>
idk how the R wrappers deal with dozens of r packages scattered around the nix store but you might be able to trick it into finding one manually built package
<qyliss^work>
language-specific build funtions aren't really the same as plugins
knupfer has joined #nixos
<pie_>
hm ok, i could probably stretch the metaphor if i really wanted to but not right now
<aswanson>
I don't have the knowledge to say one way or another, but the practice of adding individual packages from language ecosystems to nixpkgs feels like it may eventually collapse.
npmccallum has joined #nixos
<aswanson>
I also don't know enough about nix to recognize that it is necessary to do so, so...
<qyliss^work>
definitely necessary
<pie_>
aswanson, adding individual packages?
<qyliss^work>
Ruby doesn't do it, and it means you can't do stuff like nix-shell shebangs
zupo has joined #nixos
<pie_>
the language infra really is a huge amount of effort though isnt it
<pie_>
i need to learn how to use fhsuerenv one of these days
<aswanson>
pie_: just like, every python package/r-package has an entry in nixpkgs, even though you don't use them on their own. This is probably a semantic hangup of mine but it feels strange that development packages are side by side with stuff I think of atomic pieces of software meant for day to day use
<aswanson>
R might be a special case, since whoever added them decided to automate adding all of CRAN/bioconductor to nixpkgs at once
<manveru>
hehe
<pie_>
aswanson, stuff like tha thappens for haskell as well
<pie_>
or does figuring out that interface stuff fall under my job as self-proclaimed application integration workgroup member ;.;
<manveru>
the problem is mostly one of scale... haskell and R have relatively few libraries in nixpkgs, also python libraries are all hand-picked and not automated
<manveru>
ruby has more, and if you start getting into nodejs... boy :)
<infinisil>
Haskell has few libraries in nixpkgs?
<infinisil>
We have all of hackage!
<manveru>
"relatively" :)
<manveru>
it's a ton still
<aswanson>
that's the part where I feel like there's a big debt that will eventually have to be paid, where it becomes impossible to performantly parse nixpkgs because we've duplicated all of nodejs
<qyliss^work>
ruby has ~no libraries in nixpkgs that are actual packages you can install though
<pie_>
ok so you meant not how much of the repo but how big the repo
<Guanin>
Hi, I'm trying to get an (ARMv7) OrangePi PC running with NixOS, but I can not use any keyboard or screen to set it up. When I was using archlinux, I was able to use qemu-arm-static to "chroot" and use the other architecture, but I can not find that binary in the qemu package. Is it available at all?
<drakonis>
manveru: was there a particular reason why python libraries arent automated?
<manveru>
drakonis: look at the derivations... they're really not easy to unify
<Taneb>
`locate bin.qemu-arm-static
<manveru>
drakonis: python uses like 15 different build systems or something
<yorick>
qyliss^work: I just copy-pasted the nix and ran callPackage, thanks
<simpson>
drakonis: PyPI doesn't export sufficiently fine-grained metadata for us, and the last discussion I had with dstufft indicated that it's not on their roadmap.
<Taneb>
Guanin: I couldn't find it (although I didn't look super hard)
<manveru>
qyliss^work: in theory adding gems to nixpkgs is easy enough, and could replace bundler usage, it's just that i can never decide on which ones are worth adding :P
<drakonis>
ah, shame.
johanot has quit [Quit: WeeChat 2.4]
<qyliss^work>
manveru: speaking of, we should really have a chat about Bundix sometime
<manveru>
qyliss^work: and then i don't have the resources to update them regularly, neither time nor hardware :(
<Guanin>
Taneb, thanks :) at least that's more or less confirmed then.
<manveru>
qyliss^work: what about?
<manveru>
for today i want to replace all those useless bundlerEnvs in nixpkgs with bundlerApp...
<qyliss^work>
oh yes please
<manveru>
also found a bug in bundlerApp :(
<qyliss^work>
About generating Gemfiles to avoid them running arbitrary code that depends on arbitrary other files
lassulus has quit [Ping timeout: 250 seconds]
<qyliss^work>
We briefly talked about it the other day but I can't find it now
<manveru>
ah, you posted about that ages ago, right?
<qyliss^work>
Yeah
<manveru>
should be in some github issue
<qyliss^work>
I thought it came up on IRC the other day
<qyliss^work>
maybe not
<manveru>
i still think it's an excellent idea
<manveru>
just not sure how it'll work with some stranger gems
<qyliss^work>
Any examples?
<qyliss^work>
I'd like to try redoing Bundix to do it exclusively
<qyliss^work>
But if there's some reason not to do it exclusively would be good to know first.
<manveru>
like having a gemfile that loads gemspec and some git dependencies
<simpson>
Possibly extremely stupid idea: How workable would it be to write a custom Nix implementation of whatever's methods are called in Gemfiles?
<qyliss^work>
probably impossible
<qyliss^work>
because you can (and people do) call any method in a gemfile
<manveru>
gemfiles can have arbitrary code... yeah
<qyliss^work>
people shell out to git
<manveru>
that's why i never look at the Gemfile in bundix but the lockfile instead
<qyliss^work>
manveru: all of that boils down to a normal lockfile in the end
<qyliss^work>
so doesn't matter whether it calls gemspec
<simpson>
Mm, got it. Makes sense that that wouldn't work, then.
<qyliss^work>
I guess I should just try this and see what happens.
<manveru>
the problem is that bundler still needs the gemfile for some weird reason, and then the paths are all fucked up
<manveru>
so if we generate a better gemfile, that'd take care of that :)
<qyliss^work>
yeah
<qyliss^work>
I just need to stop thinking about this and start writing it, probably
liori has quit [Quit: leaving]
<qyliss^work>
We could generate Gemfiles and lockfiles from gemset.nix files. That'd be pretty rad.
<manveru>
i don't think that you can replace bundix with it, but it'd be an addition...
<qyliss^work>
No duplication in Nixpkgs
<qyliss^work>
My instinct is that you could, but we'll see I guess
<manveru>
indeed :)
<manveru>
bundler is damn sensitive about the lockfile, so i never had much luck in rewriting it nicely
<simpson>
If we generate a Gemfile, then we can ensure that it *is* safe to just run during build, right?
<manveru>
sure
<manveru>
don't have to, though
<pie_>
ah... <simpson> drakonis: PyPI doesn't export sufficiently fine-grained metadata for us, and the last discussion I had with dstufft indicated that it's not on their roadmap.
<manveru>
but ideally you can get rid of the `gempath` and rely only on `gemspec`, which makes derivations in nixpkgs a bit nicer :)
<drakonis>
when was that conversation?
<drakonis>
i'd honestly prefer to not have to package every individual python package
<drakonis>
its hell
<simpson>
pie_: Keep in mind that I'm *very* pessimistic about my interactions with Python core devs; I feel like there's a lot of stuff in the Python world that is idiosyncratically painful or inconvenient as a matter of tradition alone.
o1lo01ol_ has joined #nixos
<manveru>
qyliss^work: anw, lemme know how it works out or if i can help you, spent a long time in bundler source... :|
<simpson>
drakonis: Late last year, or maybe early this year. Don't remember. It's been a known issue for years though.
<pie_>
simpson, sounds like unix :P
<pie_>
* *nix
<pie_>
but yeah guys any ideas how to make a package manager that isnt radioactive
<pie_>
i mean specifically in the context of languge packages, though im not sure that makes much of a difference
<mdash>
drakonis: gobo doesn't have any of nix's benefits
<Twey>
IMO GoboLinux was a primitive version of Nix's ideas
<drakonis>
it predates nix by two years
mekeor has quit [Quit: digital revolution = cryptoanarchism + cybercommunism]
ixxie has joined #nixos
<gchristensen>
NixOS came out in 2003 too
<drakonis>
huh
<manveru>
pie_: it's easiest to work with package managers that provide 3 things: a lockfile, hashes of the downloaded dependencies in that lockfile, and using pkg-config for C stuff...
<manveru>
gchristensen: NixOS or Nix?
<Twey>
I was interested in it in the past, but then NixOS came out and I didn't need it any more :)
<gchristensen>
according to our wikipedia page, 2003
<simpson>
pie_: Sorry, lemme restate. A package implemented in *any* (non-Nix) language is going to have to have some sort of interface to Nix via subprocessing. So instead what languages should do is focus on being easier to package in general: reproducibility, purity, etc.
<manveru>
that can't be right...
<manveru>
that's when nix was released, nixos was around 2008 or so, no?
<drakonis>
the paper that introduced it apparently
<pie_>
simpson, where does stuff go wrong with cargo? i think there was something?
<manveru>
nixos homepage mentions a manual for it by 2007 :)
<drakonis>
the publication rather
<drakonis>
both hydra and nixos had publications in 2008
<Twey>
pie_: Cargo a) always wants to build its dependencies from source and b) always wants to hit the network to check what packages are available and download them if necessary
<gchristensen>
Armijn says he first created NixOS in 2004. Nix was first created in 2003
<drakonis>
hm, fair.
<Twey>
pie_: b) can be solved with cargo-vendor; a) is harder
<Twey>
pie_: Basically the problem is that Cargo is a combined build system and package manager, and to integrate it with something else you want to be able to invoke the build system without invoking the dependency manager. But they're tightly coupled
<pie_>
hm
<manveru>
yeah... build systems should work totally offline :|
<gchristensen>
yeah
linarcx has joined #nixos
<gchristensen>
NixOS was first created in 2004
<Twey>
pie_: And for internal reasons the Cargo people don't want to decouple them. Which leads to a lot of people wanting to compile Rust having to re-implement Cargo.
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<pie_>
Twey, wow that sounds kind of shitty
<pie_>
internal reasons?
<pie_>
ok ill take a look thanks
<pie_>
id probably only really get it if i tried to do it myself though
<manveru>
ideally you'd have distinct dependency resolution as well :)
<Twey>
manveru: You can get a dependency graph out of Cargo, which is nice
<manveru>
before you download them?
<Twey>
I think probably `carnix` does this
<Twey>
manveru: No
mwilsoncoding_ has quit [Ping timeout: 256 seconds]
<Twey>
pie_: My understanding is that they don't want to allow pre-built dependencies because there's no stable ABI for Rust and no mechanism for ensuring that a binary dependency was built with a compatible compiler
<simpson>
Twey: Is there another, simpler, internal build system for Rust? Or is Cargo the only one? It seems that Cargo is like Conda: It has opinions, and those opinions include having control of the build environment in ways which Nix prohibits.
ixxie has quit [Ping timeout: 246 seconds]
<pie_>
ok that kind of makes sense but
<manveru>
pie_: for decentralized package management, i still like the new go modules the best...
LogicAside has joined #nixos
mconstant has joined #nixos
<pie_>
if it just leads to ther people reimplementing cargo its stupid, cant they have some abi revision field or something? or require a metafile?
<Twey>
simpson: There's some build stuff built into rustc that make at least Rust dependencies quite nice, but it's not sufficient — everyone assumes Cargo and crates.io are available, so that's the format used to specify dependencies (and Cargo also supports Rust-language build scripts that do arbitrary things)
<pie_>
i guess im not better then a bunch of rust devs so "just" is a bad work
<pie_>
word
<simpson>
Twey: Adorable~ Well, at least it can't get worse than the Node tree, right~
o1lo01ol1o has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @manveru opened pull request #60503 → pt: 0.7.3 -> 0.10.0, use bundlerApp → https://git.io/fjZkf
<mthst>
betaboon: in 2.3, step 4 mentions "You must set the option boot.loader.systemd-boot.enable to true"
Myhlamaeus has joined #nixos
<{^_^}>
[nixpkgs] @manveru opened pull request #60504 → hue-cli: use bundlerApp → https://git.io/fjZkJ
o1lo01ol1o has joined #nixos
<{^_^}>
[nixpkgs] @manveru opened pull request #60505 → compass: use bundlerApp, cleanup → https://git.io/fjZkU
ubert has quit [Quit: Leaving]
<talqu>
hi, i've tried to upgrade from 18.09 to 19.03, but now see errors in boot process. In the boot window i can choose the previous built. My question would be: can i delete the last one? So that in the boot window i wouldnt to select the previous?
<{^_^}>
[nixpkgs] @manveru opened pull request #60506 → cucumber: 2.4.0 -> 3.1.2, use bundlerApp → https://git.io/fjZkk
<{^_^}>
[nixpkgs] @manveru opened pull request #60507 → drake: use bundlerApp → https://git.io/fjZkt
o1lo01ol1o has quit [Remote host closed the connection]
<infinisil>
talqu: I think `nixos-rebuild switch --rollback` is what you're looking for
<{^_^}>
[nixpkgs] @manveru opened pull request #60508 → homesick: use bundlerApp → https://git.io/fjZkm
<{^_^}>
[nixpkgs] @manveru opened pull request #60509 → ledger-web: use bundlerApp → https://git.io/fjZkO
<{^_^}>
[nixpkgs] @manveru opened pull request #60510 → matter-compiler: use bundlerApp → https://git.io/fjZk3
<talqu>
infinisil, "switching from generation 15 to 14..." Thanks. Exactly that
o1lo01ol1o has joined #nixos
<{^_^}>
[nixpkgs] @manveru opened pull request #60511 → procodile: 1.0.17 -> 1.0.23, use bundlerApp → https://git.io/fjZkG
srid has quit [Ping timeout: 255 seconds]
<{^_^}>
[nixpkgs] @manveru opened pull request #60512 → rake: 12.3.1 -> 12.3.2, use bundlerApp → https://git.io/fjZkZ
<{^_^}>
[nixpkgs] @manveru opened pull request #60513 → riemann-tools: use bundlerApp → https://git.io/fjZkn
lassulus has joined #nixos
<{^_^}>
[nixpkgs] @manveru opened pull request #60514 → sensu: 1.0.3 -> 1.7.0, use bundlerApp → https://git.io/fjZkC
<betaboon>
adisbladis: efi-stub is enabled in the kernel by default isnt it?
<{^_^}>
[nixpkgs] @manveru opened pull request #60515 → sup: use bundlerApp, cleanup → https://git.io/fjZkW
<{^_^}>
[nixpkgs] @manveru opened pull request #60516 → t: use bundlerApp → https://git.io/fjZkl
<{^_^}>
[nixpkgs] @manveru opened pull request #60517 → timetrap: use bundlerApp → https://git.io/fjZk8
<manveru>
phew, that was all of them
<adisbladis>
manveru++
<{^_^}>
manveru's karma got increased to 11
<manveru>
well, not all, but all i can do today :)
<adisbladis>
betaboon: Sure, but iirc the cmdline is not embedded in the image so to make it useful you'd still need to figure that out
<adisbladis>
(And embedding the cmdline in the kernel image would be bad for other reasons)
<adisbladis>
manveru: Good work :)
<betaboon>
adisbladis: i was under the assumption that systemd-boot is taking the role of an efi-boot-manager which then loads the kernel with efi-stub.
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
<adisbladis>
betaboon: Yes, and appends a command line from the entry configuration
<everybodyHertz>
kIntsky: my first thought would be `nix show-derivation /nix/store/<path/to/file>.drv`
<everybodyHertz>
But you'd have to do that for the derivations for each package supplied to nix-shell
<klntsky>
everybodyHertz: thanks, very useful. I just started it without arguments in a directory with a `shell.nix` and it showed the total size to be fetched.
mwilsoncoding has joined #nixos
talqu has quit [Ping timeout: 246 seconds]
srid has joined #nixos
mthst has joined #nixos
<matthewbauer>
klntsky : the --dry-run flag will avoid building
<Orbstheorem>
Is there any place where I can find how the config is merged?
<Orbstheorem>
I suspect with heavy lazy load and some faith, but I'd like to understand the faith part better x)
<{^_^}>
[nixpkgs] @bignaux opened pull request #60518 → gweled: init at unstable-2018-02-15 → https://git.io/fjZk9
civodul has joined #nixos
jasongrossman has quit [Read error: Connection reset by peer]
jasongrossman has joined #nixos
__monty__ has joined #nixos
fnords has joined #nixos
linarcx has quit [Quit: WeeChat 2.4]
linarcx has joined #nixos
ambro718 has joined #nixos
fendor has joined #nixos
linarcx has quit [Quit: WeeChat 2.4]
linarcx has joined #nixos
nschoe has joined #nixos
moyamo has left #nixos ["ERC (IRC client for Emacs 26.1)"]
<{^_^}>
[nixpkgs] @worldofpeace pushed 3 commits to master: https://git.io/fjZIs
ToxicFrog has quit [Quit: WeeChat 2.3]
dansho has quit [Read error: Connection reset by peer]
ToxicFrog has joined #nixos
dansho has joined #nixos
<clr_>
Is there anyone here who would be interested in talking about auto merging nixpkg cl's? I was thinking about what signal would be good enough - maybe all tests pass?
<clr_>
s/cl/pr
ris has joined #nixos
<Orbstheorem>
clr_: In general, I'm not a big fan of auto-merging, even if a package definition is “correct”, is doesn't mean is readable/undestandable/mainteinable code
<lordcirth__>
clr_, #nixos-dev ?
<Orbstheorem>
s/a package definition/some code
<lordcirth__>
Does a Nix linter exist?
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has quit [Remote host closed the connection]
<gentauro>
goibhniu: :)
mekeor has joined #nixos
ckoparkar_ has quit [Ping timeout: 240 seconds]
o1lo01ol1o has joined #nixos
ckoparkar has joined #nixos
kreisys has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
detran has joined #nixos
<manveru>
bennofs[m]: reminds me that i should finally share my wordpress setup...
Church- is now known as Goldblum
kreisys has joined #nixos
Goldblum is now known as Church-
<clever>
manveru: i saw a wordpress setup before, explained in some blog, where it would spin the entire thing up in a vm, then clone it with recursive wget
bikes has joined #nixos
<clever>
manveru: so the end result of the nix-build was just a single directory full of html&css, and it could then be hosted staticly
<manveru>
yeah, that works, for static pages :)
bikes has quit [Max SendQ exceeded]
<manveru>
also, my users actually want to edit their pages in realtime...
bikes has joined #nixos
gagbo has quit [Ping timeout: 258 seconds]
PLPD-Bot has quit [Remote host closed the connection]
wedens has quit [Quit: Connection closed for inactivity]
Copenhagen_Bram has joined #nixos
<camsbury>
clever: maybe you know the answer to this, but basically I have a docker container running nix, and I'm trying to do a nix-shell in it. I have the `/nix/store` mounted as a volume, and it looks like it is persisting fine, but when I change the command I'm running in the docker compose (maybe from `nix-shell` to `sh`), it builds the world again (even though i see the files in `/nix/store`). Is there anything else that nix looks to to see
<camsbury>
if it needs to build a thing? shouldn't it just be looking for the hash in the store?
o1lo01ol1o has quit [Remote host closed the connection]
<clever>
camsbury: i think the problem is more that docker doesnt understand that, and it makes a new layer for every command in your compose file
<camsbury>
well if I exec into a container
<camsbury>
with a shell.nix that basically describes installing python
<camsbury>
and run `nix-shell`, it will populate the `/nix/store`, which is a volume
<camsbury>
and is persisting fine
<camsbury>
when I do change that command in the docker compose
<camsbury>
like I still see the state of /nix/store that I expect when I exec in
<camsbury>
its just on running `nix-shell` that I'm seeing the issue
everybodyHertz has quit [Ping timeout: 276 seconds]
<camsbury>
I can try simplifying it even further to be sure, but I checked with an example package `watchdog`, and the store did not change before and after I ran `nix-shell`, but it mentioned it in the build step
<camsbury>
I'll clear out the volume and try again with a very minimal shell.nix
<devalot>
When using `bundlerEnv' the zipruby gem fails to build because it can't find zlib.h. I've tried adding zlib.dev to buildInputs, and also tried setting CFLAGS, neither work. Any suggestions?
Guest74645 has quit [Ping timeout: 245 seconds]
Guest74645 has joined #nixos
Neo-- has quit [Ping timeout: 250 seconds]
Copenhagen_Bram has quit [Read error: Connection reset by peer]
wfranzini has quit [Remote host closed the connection]
ambro718 has quit [Quit: Konversation terminated!]
wfranzini has joined #nixos
Soo_Slow has quit [Remote host closed the connection]
orivej has joined #nixos
jasongrossman has quit [Read error: Connection reset by peer]
<gentauro>
<3 NixOS so far :-)
<gentauro>
I mean, pretty nifty little installer amirite? xD
<gchristensen>
you like the install process?
Copenhagen_Bram has joined #nixos
<gentauro>
gchristensen: the minimal installation with X11, YES !!!
<gchristensen>
me too
<gentauro>
reminds me of the good *gentto* days :-)
drakonis has quit [Read error: Connection reset by peer]
<gentauro>
I have a totally plain *vanilla NixOS* on my newly bought laptop
<gchristensen>
I remember fighting with ubuntu/debian's installer so much, trying to get its GUI to do the right thing
<gchristensen>
TUI
<gentauro>
gchristensen: from copying the .iso to a use (have I used so much time with this). Just a `cp name.iso to /dev/sdX`
<gentauro>
and then just follow a few basic steps (I had to reverse the `parted` creation steps as I did get some strange messages when formatting my main partition with `mkfs.ext4`)
<gentauro>
but other than that, it just works :-)
Shouou has joined #nixos
<gentauro>
(maybe it's a bit onfair cos I have a physical cable, instead of using wifi. Could guess that the wpa_supplicant could give some problems)
<camsbury>
clever: yeah so literally saw `0j1sc30kjf9b3j7j0sp68jns2v34apr0-pcre-8.42` in the nix store before running `nix-shell`, then saw `these paths will be fetched (63.93 MiB download, 289.61 MiB unpacked):
<clever>
this will either report the size, or claim the path is not valid
<clever>
its in /nix/var/nix/db/
<camsbury>
gotcha
<camsbury>
ohhh
<camsbury>
hmm
<camsbury>
yeah okay so it checks the db first
<clever>
if that is getting rolled back, then nix will believe the other files in /nix/store are also rolled back
<clever>
and will want to download whatever is "missing"
drakonis has joined #nixos
<camsbury>
hmm interesting
o1lo01ol1o has quit [Remote host closed the connection]
Shouou has quit [Ping timeout: 246 seconds]
<camsbury>
okay, eventually want to have a binary cache hosted that can be referenced, but just trying to get a proof of concept at work in our existing docker infrastructure
<camsbury>
hence trying to just volumize `/nix/store`
<camsbury>
but obviously doesn't work in a vacuum
<camsbury>
needs the db at least
<camsbury>
so I can play with that some more
<camsbury>
ty
<clever>
yeah, the entire /nix needs to be one volume
<clever>
and the above is how to query the correct hash, and compute the current hash
<camsbury>
ah great thank you
<clever>
if they get out of sync, somebody has been naughty, and nix will claim the directory is corrupt
<camsbury>
very useful
drakonis_ has joined #nixos
<clever>
you can also `nix-store --verify --check-contents` to make it just test the hash of everything
o1lo01ol1o has joined #nixos
yuken has quit [Ping timeout: 258 seconds]
ee1943 has quit [Ping timeout: 246 seconds]
<JaakkoLuttinen[m>
In nixpkgs derivations, can I somehow replace/substitute placeholders in a text file with some nix expressions/values? Or can I write nix expressions to arbitrary text files and have them evaluated when reading the file?
ee1943 has joined #nixos
<clever>
JaakkoLuttinen[m: pkgs.substituteAll
ee1943 has quit [Read error: Connection reset by peer]
slowz has joined #nixos
<camsbury>
thanks @clever
ardumont has quit [Ping timeout: 245 seconds]
ee1943 has joined #nixos
hedning_ has quit [Remote host closed the connection]
drakonis has quit [Ping timeout: 250 seconds]
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
stepcut has joined #nixos
drakonis has joined #nixos
drakonis_ has quit [Read error: Connection reset by peer]
<samrose>
what is a recommended way to create a symlink from /nix/store to a symlinked path in a nix expression?
<palo>
andi-: sup?
<andi->
palo: can you send me an ssh -v output of the issue you've been seeing?
<andi->
Preferably with a minimal ssh_config
drakonis has quit [Ping timeout: 250 seconds]
mthst has quit [Ping timeout: 264 seconds]
<palo>
sure can do, but I'm in the bathtube right now, give me 30min
<andi->
sure
* palo
will not swim to far out
__monty__ has quit [Quit: leaving]
mthst has joined #nixos
mexisme_ has joined #nixos
lassulus has joined #nixos
lassulus has quit [Ping timeout: 246 seconds]
<samrose>
is there a supported directory for creating symlinks in nixos? is it `/ryn` ?
<samrose>
`/run` rather ...
knupfer has quit [Ping timeout: 250 seconds]
<infinisil>
samrose: What kinda symlinks?
<samrose>
infinisil: like from files in /nix/store to a more "standard" dir location
<infinisil>
Well there's a lot of different things in /nix/store, configuration things would make sense in /etc
Synthetica has quit [Quit: Connection closed for inactivity]
nD5Xjz has quit [Read error: Connection reset by peer]
<samrose>
infinisil: yes, this would be something that I had already built and packaged into an iso and channel in hydra, and then want to reference. I think you are right that /etc is a good candidate as what I want to link to is effectively a kind of configuration
<samrose>
I'll try it and thanks
ckoparkar has quit [Ping timeout: 264 seconds]
<samrose>
I noticed that trying `ln -s` in a package doesn't seem to work, and so I am trying to discern if there is a builtin function for this kind of thing
<infinisil>
samrose: There's not, nix builds by design can't touch anything outside of $out
nD5Xjz has joined #nixos
<infinisil>
samrose: NixOS only has an option for putting things in /etc with environment.etc, but you could also make it go into other directories with systemd.tmpfiles, systemd services or activationScripts
<samrose>
infinisil: interesting, so by design, in a nix expression, the permission would be denied, but in a systemd context, the permission to create a symlink would be granted is that right?
wfranzini has quit [Remote host closed the connection]
<samrose>
infinisil: oh wait I see, you mean I could copy the files with systemd services out of the store
<infinisil>
samrose: It shouldn't be surprising, because systemd services don't run inside a nix build, those are just normal executables that can do anything they want
o1lo01ol1o has quit [Remote host closed the connection]
<infinisil>
samrose: Ah yup
nD5Xjz has quit [Ping timeout: 244 seconds]
nD5Xjz has joined #nixos
o1lo01ol1o has joined #nixos
<samrose>
infinisil: not surprising, just interesting (it totally makes sense I just wasn't aware of that :-D)
o1lo01ol1o has quit [Read error: Connection reset by peer]
o1lo01ol1o has joined #nixos
zupo has joined #nixos
<pie_>
wow, overlay systems can really clean things up
<pie_>
shame they have some hidden complexity
<pie_>
s/hidden/somewhat insidious/
<samrose>
pie_: how would we remove the complexity in overlay systems?
<pie_>
samrose, i mean the inherent complexity in the implicit recursiveness
<pie_>
or just the recursiveness / interconnectedness rather
<pie_>
it seems kind of unavoidable, just leaves me a bit uneasy
<pie_>
im having a hard time describing it because ive only written like two medium sized things so far :p , i dont think ive run into any serious problems yet
<{^_^}>
[nixpkgs] @worldofpeace pushed 3 commits to master: https://git.io/fjZqj
linarcx has quit [Quit: WeeChat 2.4]
<pie_>
maybe its that you cant see how the entire structure will unfold, you have a general idea of how it should work, and most of the time it does, but sometimes you get some funky infinite recursion, and im pretty sure the whole point is to be using self as much as possible because that will give you overridability
linarcx has joined #nixos
<pie_>
dont get me wrong, as i said it seems to be able to really clean up - at least *my* code, and im pretty happy with the approach
<pie_>
at least for what ive used it for
shibboleth has joined #nixos
<samrose>
pie_: I agree it is both useful, and can be a "handle with care" kind of thing
<pie_>
was hoping to send in my first substantial PR with it today but im not done with the refactor :/
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
infinisil has joined #nixos
justanotheruser has joined #nixos
<palo>
andi-: I'm back though,
<palo>
let me say up front, I'm not using nix-channels, I'm on 19.03 and on a commit from last week or so (maybe 2 weeks)
<palo>
maybe it makes more sense to up date first
<samueldr>
palo: I missed the initial discussion (as maybe others did here too) what seems to be the issue?
<samueldr>
(I saw the ping/ping with ssh -v)
<palo>
I have a problem with ssh, I need to specifiy the HostKeyAlgorithm for every computer, depending on what know_host entry I have in /etc/ssh/known_hosts (which si maintain via nixos)
<palo>
I have to use ~/.ssh/config to pin one algorithm down, and one algorithm only for every machine
<palo>
that became a problem with the switch to 19.03
dsiypl4 has joined #nixos
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
infinisil has joined #nixos
mkoenig has quit [Remote host closed the connection]
<palo>
samueldr: yeah I set that parameter too, but it only affected my 19.03 nixos machines, when I want to connect to an older nixos version, or a non-nixos machine, I have the same issue
<samueldr>
right, so yeah, maybe a same root issue
<palo>
so 19.03 -> 19.03 systems is fine
<palo>
19.03 -> 18.09 not, ...
<palo>
and 19.03 -> ubuntu/fedora/debian is not as well
winem_ has joined #nixos
<samueldr>
right makes sense, nixos-org-configurations still is at 18.09, it looks like it would be the same issue (from an outsider's perspective)
arcnmx has joined #nixos
iceypoi has quit [Quit: WeeChat 2.4]
<palo>
so far I'm quick with vim and ~/.ssh/config but andi- asked like half an hour ago what the output of ssh -V is
<palo>
I guess it makes more sense to update first,
mkoenig has joined #nixos
<palo>
give me 15 mi
<palo>
*min
<andi->
samueldr: we dropped a patch that added a "feature" to openssh that allowed setting `HostKeyAlgorithms +ssh-dd` also in the `ssh_config` (not sshd_config). Upstream actually added that with the release where we dropped it so I am trying to figure out what the difference is for users that observe the error.
<iqubic>
I just found out that the key with a magnifying glass on it pulls focus to the firefox searchbar.
<pie_>
i have a shotgun idea but i dont know what repercussions it could have, you could try just deleting your pulseaudio configuration and restart and hope it resets
<iqubic>
Already did that.
<iqubic>
Didn't help
<pie_>
google says its ~/.config/pulse/ or ~/.pulse/
<pie_>
oh
<iqubic>
I deleted both.
parsnip has joined #nixos
drakonis has joined #nixos
<iqubic>
So I'm super confused.
<pie_>
damn. I dont know then. Hm. It looks like software *can* influence the LED because if I toggle my mute in the audio popup in the corner it toggles the LED.
<arcnmx>
hi um, I have a question about distributed/remote builds... I seem to be hitting "you are not privileged to build derivations" unless my builder@buildMachine is in trusted-users, is this a misconfiguration I can fix or just a hard requirement for a remote build server account?
<arcnmx>
While I can "ssh builder@buildMachine nix-build etc" without issue, "nix-build etc --builder ssh://builder@buildMachine" will not work.
<pie_>
gchristensen, why cant this be done in a "local untrusted user" way?
<arcnmx>
Ah hm, so is there no way to set up a builder otherwise? I was hoping builders-use-substitutes or similar could sidestep the issue of the build server needing to trust the "local" user.
<pie_>
maybe im misunderstanding what the difference is
dsiypl4 has joined #nixos
mekeor has quit [Quit: digital revolution = cryptoanarchism + cybercommunism]
<{^_^}>
[nixpkgs] @Infinisil closed pull request #60289 → [Experiment] Separate security wrappers from NixOS → https://git.io/fjsdk
iqubic has quit [Ping timeout: 256 seconds]
infinisil has quit [Quit: Configuring ZNC, sorry for the joins/quits!]
<arcnmx>
As untrusted normal/local users can presumably evaluate and build arbitrary expressions/derivations, can that not be done remotely? Or is all evaluation done by the daemon, and the drv/derivations being sent to the build server are not hashed/validated by anything but their inputs I guess is the problem?
shibboleth has quit [Remote host closed the connection]
<pie_>
clever, by your description that just needs the *local* user to be trusted
<pie_>
not the *remote build user*
<arcnmx>
Right, and that's reasonable. The problem seems to be that it goes in both directions, the remote machine requires trusting "you" re the .drv file?
<pie_>
because the local user is requesting a result from an arbitrary remote
srid has joined #nixos
srid has quit [Changing host]
<clever>
arcnmx: nope, because the .drv file is purely a hash(value)=value based DB
<clever>
i cant give you $bad, and claim its $good
<clever>
because you just save it as hash($bad), and it co-exists beside hash($good)
zupo has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
ingenue has quit [Remote host closed the connection]
<arcnmx>
Also reasonable. So then, is what I'm expecting possible (being able to schedule builds remotely without the remote build machine trusting the ssh user)? And if so, do I have some sort of misconfiguration here preventing it from working?
<clever>
arcnmx: try using `nix-copy-closure` to copy a given drv over
sheeldotme has joined #nixos
bikes has joined #nixos
o1lo01ol1o has joined #nixos
civodul has quit [Quit: ERC (IRC client for Emacs 26.2)]
fendor has quit [Read error: Connection reset by peer]
shibboleth has joined #nixos
Jetien has joined #nixos
<mwilsoncoding>
anyone familiar with beamPackages and why I get this error when attempting to install phoenix (Elixir): compile: warnings being treated as errors src/cow_multipart.erl:392: call to crypto:rand_bytes/1 will fail, since it was removed in 20.0; use crypto:strong_rand_bytes/1
<pie_>
mwilsoncoding, the error sounds pretty descriptive?
<pie_>
mwilsoncoding, seems like you need to figure out what is trying to use a deprecated api and why
<pie_>
and then figure out what to update
mbrgm_ has joined #nixos
klntsky has joined #nixos
npmccallum has joined #nixos
mbrgm has quit [Ping timeout: 250 seconds]
mbrgm_ is now known as mbrgm
<arcnmx>
clever: that doesn't seem to be the problem? require-sigs = false in nix.conf on the local machine doesn't help with "you are not privileged to build derivations"
<arcnmx>
So although it seems like there's no strict technical/architectural reason preventing remote builds from working without trusting the remote build account, is it just the case that this isn't currently supported/allowed by nix? aarch64-build-box README does seem to imply this is the case.
goibhniu has quit [Ping timeout: 246 seconds]
<clever>
arcnmx: ive used the community box as a build slave without issues
<arcnmx>
I can see how it does potentially limit the usefulness of remote builders, as multiple build machines couldn't share build products without at least trusting each other... I was hoping it wouldn't outright deny it, however.
o1lo01ol1o has joined #nixos
Guanin_ has joined #nixos
<pie_>
I dont suppose theres some lib functions to magically make this nicer to look at:
<arcnmx>
clever: well, that particular box/readme says all build users are trusted, so yeah, it works like that, but at the cost of security/etc.
<pie_>
I dont expect there to be it would just be nice to use them if there was
<clever>
arcnmx: ah
<clever>
arcnmx: part of it, is that if the build needs certain inputs, nix will try to push them over, and then the slave must trust those pre-built inputs
Guanin has quit [Ping timeout: 245 seconds]
<arcnmx>
right, and that makes sense... However, it seems like it should still at least be able to initiate builds, or get inputs from substitutes instead (which there's a config option for), or compare them against trusted signatures, rather than just a blanket "remote users can't build at all if untrusted" ban
<clever>
yeah
o1lo01ol1o has quit [Ping timeout: 245 seconds]
<pie_>
maybe there's a github issue alreday?
<pie_>
for the remote builders stuff
ardumont has quit [Ping timeout: 258 seconds]
<arcnmx>
there could be! I've mostly just been looking/searching for something that at least confirms this is an expected error or intended/unsupported behaviour, and hadn't found much saying either way.
<arcnmx>
(and from comments about the community box above it sounds like this is the case?)