visitor has quit [Remote host closed the connection]
lunik1 has quit [Remote host closed the connection]
lunik1 has joined #nixos
gustavderdrache has quit [Quit: Leaving.]
<thomashoneyman>
anyone have a favorite tutorial for Hydra, after setup?
<thomashoneyman>
i have a Hydra server up and running, but no jobsets
<thomashoneyman>
(though i have a release.nix file a la Gabriel439/haskell-nix)
<thomashoneyman>
so i'm specifically looking for how to set up the jobs themselves
<clever>
thomashoneyman: create a project, and a jobset, within the jobset, configure an input with the github url, and then tell it which input to use, and the relative path to release.nix within that input
<thomashoneyman>
clever: do you have any ideas or links wrt copying over these keys for the 'hydra' user, which is the user i believe runs the fetchGit command?
rogue_koder has joined #nixos
<thomashoneyman>
i'm assuming i can do this in the configuration.nix for the hydra machine
<thomashoneyman>
something like openssh.hydra.keys = [ ../path/to/key.pub ]
<thomashoneyman>
or rather users.user.hydra = { ... key = ... }
<clever>
gchristensen: i think the : can be part of a var name? try ${NIX_PATH}:
<gchristensen>
hmmm good thought
drakonis has joined #nixos
<bogdb>
is there a way to override gcc.arch in nix-shell ? `gcc -march=native -Q --help=target | grep march` returns 'x86_64' which is not ideal in terms of compiler optimization
<gchristensen>
clever: NIX_PATH entries are in decreasing order of precedence, right?
<clever>
gchristensen: first entry has highest priority, and -I will prepend to the list
<clever>
thomashoneyman: this deals with the private key it needs to ssh into build machines, if you have any
<clever>
thomashoneyman: oh, we dont use private repos on this hydra, so no further examples, just edit the target for this
ddellacosta has joined #nixos
<thomashoneyman>
clever: thanks for the link. i'm not entirely sure how to interpret this at the moment (nix is my first foray into devops related things)
<thomashoneyman>
this is copying a generated key to /etc/nix/<key>
<clever>
thomashoneyman: yeah
<thomashoneyman>
what are the uid and gid?
<thomashoneyman>
user id for hydra evaluator?
<thomashoneyman>
and group id for hydra?
<thomashoneyman>
meaning those two have access to this key?
<clever>
yep
wavirc22 has joined #nixos
<thomashoneyman>
while i wouldn't do this for production, for testing purposes i ... could copy my own key over?
<clever>
thomashoneyman: sure
<thomashoneyman>
i'm testing by deploying to virtualbox, ssh-ing in, and then attempting to clone a private repo
<thomashoneyman>
that's better than nothing. it's clearly getting through, but the pinned nixpkgs is no bueno
das_j has joined #nixos
Scriptkiddi has joined #nixos
<thomashoneyman>
i need a break, but it looks like i can either a) get the key to /var/lib/hydra/.ssh/<key> or b) figure out how to tell ssh to look at /etc/nix/<key>
<thomashoneyman>
and then it'll be working
<thomashoneyman>
and on to the next issue
<thomashoneyman>
clever: thanks for the tips
erictapen has quit [Ping timeout: 258 seconds]
Lears has joined #nixos
evils has quit [Remote host closed the connection]
[Leary] has quit [Ping timeout: 240 seconds]
drakonis has quit [Ping timeout: 268 seconds]
felixfoertsch23 has quit [Ping timeout: 246 seconds]
felixfoertsch has joined #nixos
spacefrogg has quit [Quit: Gone.]
aw has quit [Quit: Quitting.]
aw has joined #nixos
spacefrogg has joined #nixos
evils has joined #nixos
<evils>
FYI, if you get `tar: cannot write: no space left on device` on a nix-prefetch-url, you want `services.logind.extraConfig = "RuntimeDirectorySize=16G";`
<evanjs>
So what do I need for hashcat functionality on an AMD system (CL PLATFORM NOT FOUND”)? `amdgpu` or something in `hardware.opengl.extraPackages`?
<evanjs>
Man, even after I typed that I forgot to clarify haha
<evanjs>
Interesting. Might I have an easier time then just using my NVIDIA laptop for hashcat for now, then? It’s a 980m so it should be fine.
<evanjs>
This does look like it would be a nice addition to my AMD desktop, at any rate
<{^_^}>
[nixpkgs] @lodi opened pull request #76966 → idris2: init at 0.0.0 (bf5b229) → https://git.io/Jepyc
<evils>
evanjs: it's far from perfect, but it's fairly simple to set up once you read the instructions and get how to use an overlay, i think more users would be appreciated
<{^_^}>
[nixpkgs] @danielfullmer opened pull request #76967 → rtl8812au: fix cross compiling and enable arm support → https://git.io/Jepyl
wavirc22 has joined #nixos
drakonis1 has joined #nixos
drakonis1 has quit [Client Quit]
drakonis1 has joined #nixos
<wavirc22>
I have a nix server that is ready before the dhcp server. How can I auto retry the IP address request until the server is ready?
justanotheruser has quit [Ping timeout: 258 seconds]
<clever>
thomashoneyman: allowed-urls
<evanjs>
evils: oh I mimic infinisil’s config heavily and external sources are no issue 😁 might as well try it out
mounty has quit [Remote host closed the connection]
justanotheruser has joined #nixos
<wrl>
hey, i'm trying to nixos-rebuild switch --upgrade. whenever i'm in the new generation, /etc/resolv.conf contains only the line "options edns0" and i'm unable to resolve any hostnames
<wrl>
after running switch --upgrade, i *do* get a message that "error(s) occurred"
<wrl>
oh, and while trying to remove the *newer* generation, apparently i removed my working *older* generation instead
<wrl>
welp
<wrl>
okay, so i have a nixos installation that cannot resolve any hostnames
<Guest4429>
what version are you running? also does --verbose give anything more?
<wrl>
Guest4429: how do I check what version I'm running?
<Guest4429>
nixos-version
lovesegfault has joined #nixos
<Guest4429>
dont need the last 16 digits
<wrl>
20.03pre207998.e0470e11c7a (Markhor)
<Guest4429>
oh
<Guest4429>
bleedin' edge there m8
<Guest4429>
any reason you need the unstable branch?
wavirc22 has quit [Read error: Connection reset by peer]
<Guest4429>
do you have any older generations?
<wrl>
not anymore
mexisme has joined #nixos
<Guest4429>
hm. you wouldn't happen to have testdisk or some other data recover tool install would you?
<wrl>
i booted into a working generation and attempted to "nix-collect-garbage -d" but apparently that removed the generation i was booted into since it wasn't the most recent
<wrl>
so now i have a broken generation
<Guest4429>
..wat?
<wrl>
yep
<Guest4429>
I don't think that should be possible
<wrl>
it 100% just happened
<wrl>
i had three generations, 57 58 59
<Guest4429>
I've never seen that with -d. thats weird
<wrl>
59 is broken. i booted into 58, collected garbage, now i only have 59
<clever>
the one you are currently running cant be GC'd, but the generation# pointing to it can be deleted
<clever>
so it likely still exists in /nix/store, but doesnt have a generation# assigned to it
<wrl>
that is beyond my fluency with nix to figure out what to do with
<Guest4429>
wrl: just for the future, I'd suggest nix-env --delete-generations +3 followed by the garbg coll command without -d. That'd delete all but the most recent 3
<wrl>
Guest4429: noted, okay
<Guest4429>
-d is the 2nd most terrible flag in nix tooling
<{^_^}>
[nixpkgs] @lodi opened pull request #76970 → idris2: init at 0.0.0 (bf5b229) → https://git.io/Jehfx
<clever>
Guest4429: --force is worse
<clever>
Guest4429: it can delete things your actually using
<Guest4429>
the first I've found is nix-store --delete --ignore-liveness, same effect
<Guest4429>
so fun to see "sleep: command not found"
<clever>
Guest4429: yeah, thats the one i meant
<Guest4429>
ah
<Guest4429>
I used it
<Guest4429>
once
<wrl>
alright so am i just sunk here
<clever>
same
mexisme has quit [Ping timeout: 248 seconds]
<Guest4429>
and it will *stay* used exactly once
<wrl>
i'm attempting to dig into resolvconf to see if it's logging something somewhere
<clever>
wrl: simplest option is to just boot the installer ISO, mount everything back up under /mnt, and run nixos-install
<clever>
wrl: it will re-create any missing files, based on existing config
<wrl>
i mean this thing boots
<wrl>
it comes up fine
<clever>
ah
<wrl>
/etc/resolv.conf is even created
<clever>
but -d destroys your ability to undo things
<wrl>
it's just that it contains no nameservers
<wrl>
so i can't resolve anything
<clever>
wrl: dhcp or static ip?
<wrl>
clever: dhcp
<Guest4429>
can you still ping things by address?
<wrl>
yes
<clever>
wrl: does `dhcpcd -U enp3s0` show dns config (if you sub in the right IF)
<wrl>
clever: "read_config: fopen `/etc/dhcpcd.conf`: No such file or directory"
<clever>
it always says that
<wrl>
"enp3so: dhcp_dump: No such file or directory"
<wrl>
nothing else
<clever>
wrl: did you give it an interface name?
<wrl>
clever: wrong one. when i give it the right one, I do get the correct information
mounty has joined #nixos
<clever>
wrl: did you set networking.nameservers in your nixos config?
<wrl>
clever: no, i did not
<Guest4429>
I think you could add the ip-address pairs to the hostfile as a temporary measure. Or do something like nix-channel --add http://54.217.220.47/channels/nixos-unstable. Kinda hacky, but it only needs to work once
<clever>
wrl: short-term, you can just edit /etc/resolv.conf to get things working again
mounty has quit [Remote host closed the connection]
<wrl>
clever: yeah i'll just do that for now
<wrl>
clever: i apparently didn't know resolv.conf syntax well. nameserver lines have to go *before* option lines
<Guest4429>
LarryTheCow: it doesn't include some things like pkg downloading since it's from the 2nd run, but that shouldn't be a problem. You prob only need a few lines from it mainly
<LarryTheCow>
uhhhhh
lovesegfault has quit [Quit: WeeChat 2.7]
<LarryTheCow>
I just ran it on my other machine and it worked
<Guest4429>
wat.
<LarryTheCow>
What in the devil
<LarryTheCow>
I do have to mention that my other machine isn't nix[OS]
<Guest4429>
hm. you have some stuff in nix.conf?
<LarryTheCow>
I do have some stuff
<Guest4429>
yeah. I had some stuff in ~/.config/nixpkgs (dont remem which file) and it apparently takes precedence
<Guest4429>
It is documented luckily.
<LarryTheCow>
Wait, nixpkgs takes precedence over /etc/nixos/...?
<Guest4429>
yeah. It's 2nd priority
<Guest4429>
1st is cmdline args
<Guest4429>
look at man nix.conf, see if any of that is different from what's set on the 1st machine
<Guest4429>
LaryTheCow: I don't know if yours was made automatically or if it's important for now, but if you rename/move/zip it up and nothing complains it might stop the problem
<Guest4429>
what files are exactly in that dir?
<LarryTheCow>
I only have home-manager in my .config/nixpkgs
<LarryTheCow>
wdym by rename move zip?
<Guest4429>
If a file there is what's causing this, then making nix unable to find them would make it change to defaults
<Guest4429>
better that then just deleting it
phaebz has joined #nixos
<LarryTheCow>
I mean it's not that important to get this working. I just wanted to watch youtube in emacs instead of firefox
<Guest4429>
that's..hm. It really is an os
<Guest4429>
then again I tried to get videos with sixels working I guess
xkapastel has quit [Quit: Connection closed for inactivity]
Heirlung has quit [Read error: Connection reset by peer]
<Guest4429>
this mean there was no bug/unexpected behavior all along?
<Guest4429>
If so i'd cancel that issue
<LarryTheCow>
You have nixos, right? If so, we both got it on nixos, but not on nix
<LarryTheCow>
That's still an issue
<Guest4429>
yeah. same thing came up on my x86-64 machine
<Guest4429>
I could try it on aarch64 too
<Guest4429>
it's supposed to have 1st class support next to 86-64
<Guest4429>
would take notably longer tho
mexisme has joined #nixos
<LarryTheCow>
I mean, if compiling emacs doesn't kill your aarch64 device, go for it
Heirlung has joined #nixos
ixxie has joined #nixos
<Guest4429>
I'd prob try x-compiling it 1st, or just run it in qemu. Might try one of those once gcc decides its done compiling
scompt has joined #nixos
Guest92090 has joined #nixos
<Guest4429>
yeah trying it just to see, passed in --argstr system aarch64-linux
scompt has quit [Client Quit]
<Guest4429>
think that's right
mounty has joined #nixos
<Guest4429>
oh lawdie that cpu usage
peam has joined #nixos
<LarryTheCow>
Is it a rpi4?
<Guest4429>
LaryTheCow: rpi 3B+, latest *fully* supported one as far I know
<clever>
nixos can boot on the rpi4, but it needs to use the rpi fork of linux, not the upstream linux
<clever>
(which is in nixpkgs)
<Guest4429>
ah, I was going off the wiki
<Guest4429>
huh. The version I ran with --argstr system aarch64-linux seems to have completely ignored the flag :/
<Guest4429>
do I gotta specify it within the nix-shell cmd?
<clever>
Guest4429: did the default.nix accept a system arg?
<clever>
Guest4429: exactly what command did you run?
<multun>
Iorgen generates code for reading input, and metalang is a language that compiles to many others. These were both made for providing code snippets to read input data for running a computer science contest
mexisme has quit [Ping timeout: 240 seconds]
<Guest4429>
hm. might the kinda thing eoli3n_ is looking for
<eoli3n_>
thx multun but it requires to create own templates too
<eoli3n_>
so pet seems better for my usecase in that way
m0rphism has joined #nixos
<eoli3n_>
#linux isn't the solution, guys are talking about dogs farts :/
<eoli3n_>
never been there, its worth than #ubuntu
<Guest4429>
depends on the time of day really (timezones)
orivej has joined #nixos
<eoli3n_>
i'm Europe/Paris, its 10am here, 3am in usa so...
<Guest4429>
yeah that'd explain it.
opthomasprime has joined #nixos
o1lo01ol1o has joined #nixos
mexisme has joined #nixos
<Guest4429>
~19:00-23:00 would be when you'd be the most likely to get some good help
<eoli3n_>
thx Guest4429
<Guest4429>
1900-2300 in new york specifically
<Guest4429>
just cause that's where the population density is highest
<Guest4429>
I could be wrong but it seems like a good guess
o1lo01ol1o has quit [Ping timeout: 268 seconds]
LarryTheCow has quit [Remote host closed the connection]
<srhb>
ashkitten: It's not terribly practical, but you could piggyback on the meta check logics to try and make the set a bit more sensible to work with
<ashkitten>
ah, yeah
<ashkitten>
never mind
<srhb>
Basically meta.available and lib.isDerivation should mostly catch it all
alexherbo2 has joined #nixos
o1lo01ol1o has joined #nixos
kaliumxyz has joined #nixos
polman has joined #nixos
opthomasprime has left #nixos [#nixos]
polman has quit [Read error: Connection reset by peer]
fendor has quit [Ping timeout: 240 seconds]
polman has joined #nixos
fendor has joined #nixos
chagra_ has quit [Ping timeout: 260 seconds]
chagra_ has joined #nixos
alex`` has quit [Quit: WeeChat 2.7]
alex`` has joined #nixos
ng0 has quit [Quit: leaving]
bogdb has joined #nixos
<eoli3n_>
i use services.openvpn.servers.<name>.updateResolvConf
<eoli3n_>
problem is that openvpn doesnt set search domains
<eoli3n_>
i tried adding an echo "search domain.com" > /etc/resolv.conf to up command
<eoli3n_>
but it seems overided just after
<eoli3n_>
"The script will be run after the "up" commands "
<eoli3n_>
hm
pingiun has quit [Quit: bye]
Guest92090 has quit [Ping timeout: 265 seconds]
floscr- has quit [Remote host closed the connection]
floscr has quit [Remote host closed the connection]
phaebz` has quit [Ping timeout: 240 seconds]
cosimone has joined #nixos
evernite has joined #nixos
mananamenos has joined #nixos
orivej has quit [Ping timeout: 268 seconds]
kenjis has joined #nixos
chloekek has joined #nixos
<{^_^}>
[nixpkgs] @marsam merged pull request #76963 → libmad: fix build on darwin → https://git.io/Jep1H
nornagon has quit [Quit: Ping timeout (120 seconds)]
nornagon has joined #nixos
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
kenjis has quit [Remote host closed the connection]
kenjis has joined #nixos
kenjis has quit [Remote host closed the connection]
kenjis has joined #nixos
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
polman has quit [Ping timeout: 250 seconds]
o1lo01ol1o has quit [Remote host closed the connection]
o1lo01ol1o has joined #nixos
polman has joined #nixos
tmaekawa has quit [Quit: tmaekawa]
polman has quit [Excess Flood]
phaebz` has joined #nixos
vidbina has joined #nixos
mounty has quit [Ping timeout: 260 seconds]
erictapen has joined #nixos
vld has joined #nixos
phaebz` has quit [Ping timeout: 265 seconds]
mananamenos has quit [Remote host closed the connection]
vld has quit [Ping timeout: 258 seconds]
ixxie has quit [Ping timeout: 260 seconds]
thc202 has quit [Ping timeout: 265 seconds]
<jackdk>
I am trying to build fixed-output derivations of single files. Why am I prevented from doing this when the file in question has the executable bit set? nix build stops with "output path '/nix/store/<snip>' should be a non-executable regular file"
<{^_^}>
[nixpkgs] @peti merged pull request #76912 → haskell: add comment to default-package-overrides in configuration-hackage2nix.yaml → https://git.io/JepcW
<{^_^}>
[nixpkgs] @peti pushed 2 commits to haskell-updates: https://git.io/Jejew
polman has joined #nixos
<clever>
jackdk: if outputHashMode = "flat"; then outputHash is the raw hash of the $out file, and $out must not be +x
slby[m] has joined #nixos
<clever>
jackdk: if outputHashMode = "recursive"; then outputHash is the hash of the nar of $out (nar is like tar), and $out can be anything (file, directory, symlink, +x'd file)
<__monty__>
And why does executableness matter?
<clever>
__monty__: because when using flat hashing, there is no metadata to say if it should be executable or not
<jackdk>
clever: ah yes, I've found that passage in the nix manual, but no description of that rationale. makes sense
<clever>
__monty__: the hash and name should 100% describe how to create the file, and leaving the +x bit undefined means your not 100% describing it
<clever>
outputHashMode = "recursive" will be hashing a nar, which includes directions on if it should be +x or not
<__monty__>
Why doesn't the hash simply include the metadata?
polman has quit [Ping timeout: 260 seconds]
<jackdk>
because for a flat hash of a file, that is impossible. you have to hash something with more structure than file contents like a nar
<clever>
outputHashMode = "flat" is just the dumb hash of the file, like `sha256sum $out`
<clever>
and sha256sum doesnt care if its executable or not
ixxie has joined #nixos
<jackdk>
hm. is there an easy way to precompute what the hash would be?
<clever>
jackdk: the nix-hash command
ashesham` has joined #nixos
<o1lo01ol1o>
clever: could you remind me how I can view the contents of nginx's config file?
<jackdk>
clever: no documented version? that's a shame (I'm generating nix code from haskell using hnix as a lib). cheers.
polman has joined #nixos
bvdw has quit [Read error: Connection reset by peer]
<clever>
o1lo01ol1o: `ps aux | grep nginx` and then cat the .conf its using
<clever>
jackdk: you would need to serialize the file as a nar, with the execute flag set, and then hash the resulting bytestring
rogue_koder has quit [Remote host closed the connection]
<clever>
jackdk: this is some ancient code (some of the very first haskell i wrote) that can parse a nar into a tree of data records
<clever>
jackdk: if the put instances are all filled in, then you can turn a string (file contents) with the execute flag, back into a nar bytestring, then hash it
<clever>
jackdk: `nix-store --dump ./foo > foo.nar` and `nix-store --restore foo < foo.nar` will create and extract from a .nar, for test data
<clever>
jackdk: and thats the original c++ implementation for reference
<clever>
jackdk: fusenar was a project to turn a directory full of foo.nar into a directory full of foo, and the c++ parser would parse every single byte (possibly over a gig) before it knew what the type of foo was
polman has joined #nixos
<clever>
jackdk: so `ls -l /nix/store` was incredibly expensive!
<clever>
jackdk: thats when haskell tempted me to the dark side :P
<jackdk>
clever: that would've been cool. I'm currently trying to split the output of my hakyll site into a tree of individual fixed-output derivations, symlinked together, so I don't reup the entire thing every time I change a word.
<jackdk>
clever: I have it pretty much working except for executables (which I don't even have but want to fix for completeness)
<clever>
jackdk: the original idea with using fuse there, is that you can keep all storepaths as nar files, and then share them over ipfs
<clever>
jackdk: but, you have to keep them uncompressed...
<jackdk>
clever: I need to get my head around ipfs at some point
<clever>
the next major change that narfuse would need to work better, is seekable xz support
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-src-exts: update overrides for the new 1.23.0 version »: https://git.io/Jejvk
<clever>
basically, it would need to parse the xz file, figure out where each xz block starts within the .nar.xz, and how many uncompressed bytes each block represents
<clever>
then also parse the nar within it, and generate an index from filename to uncompressed offset
<clever>
combined, that would let you seek to an offset within the xz, partially decompress, and then seek again within that stream to a specific file body
smatting has joined #nixos
ebzzry has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed to haskell-updates « haskell-src-exts: update overrides for the new 1.23.0 version »: https://git.io/JejvO
knupfer has quit [Ping timeout: 248 seconds]
<{^_^}>
[nixpkgs] @FRidh pushed commit from @marsam to master « pythonPackages.ipykernel: fix build »: https://git.io/Jejv3
o1lo01ol1o has quit [Remote host closed the connection]
chagra has joined #nixos
kenjis has quit [Remote host closed the connection]
kenjis has joined #nixos
xantoz has quit [Read error: Connection reset by peer]
xantoz has joined #nixos
ashesham` has quit [Ping timeout: 252 seconds]
<{^_^}>
[nixpkgs] @peti pushed commit from @mgttlinger to haskell-updates « haskell: add quickjump option to the haskell mkDerivation »: https://git.io/JejvS
<chagra>
using "$ nix edit nixpkgs.hello" gives me this error
<tilpner>
chagra: At a first check, I haven't found any IFD, which is good
<chagra>
IFD?
<tilpner>
chagra: You do a lot of "with import <nixpkgs> {};" though, which may increase memory usage and eval time
<LnL>
alright, never mind that then :)
polman has joined #nixos
<tilpner>
,ifd
<{^_^}>
import-from-derivation (IFD) is when you evaluate nix from a derivation result, for example `import (pkgs.writeText "n" "1 + 1")` will evaluate to 2. This is sometimes problematic because it requires evaluating some, building some, and then evaluating the build result. It has been described as "such a nice footgun."
<chagra>
tilpner: yeah learning proper writing is on my to do list when I find the time
orivej has quit [Ping timeout: 240 seconds]
<chagra>
so I can get those packages on nixpkgs
polman has quit [Excess Flood]
polman has joined #nixos
dansho has quit [Remote host closed the connection]
dansho has joined #nixos
rogue_koder has joined #nixos
<LnL>
chagra: oh, one more thing you could try is to run this with a version from one of your previous /nix/var/nix/profiles/system generations
polman has quit [Ping timeout: 250 seconds]
<{^_^}>
[nixpkgs] @peti pushed to master « python-google_auth: build this package with on older version of cachetools »: https://git.io/Jejfs
polman has joined #nixos
polman has quit [Read error: Connection reset by peer]
<__monty__>
You can't really manage channels from configuration.nix.
asheshambasta has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed 3 commits to haskell-updates: https://git.io/JejfS
<asheshambasta>
is anyone aware of an up-to-date wiki/post on Nixos on RaspberryPi
<luc65r>
Is this safe? `nix.nixPath = [ "nixpkgs=http://nixos.org/channels/nixos-unstable/nixexprs.tar.xz" ];`
<{^_^}>
[nixpkgs] @peti pushed 4 commits to haskell-updates: https://git.io/Jejf7
<__monty__>
asheshambasta: I think there's a #nixos-aarch64? You might find more like-minded people there : )
<asheshambasta>
__monty__: thanks!
polman has quit [Ping timeout: 250 seconds]
polman has joined #nixos
o1lo01ol_ has joined #nixos
o1lo01ol1o has quit [Ping timeout: 258 seconds]
<{^_^}>
[nixpkgs] @FRidh pushed to master « python2Packages.pyxattr: remain at 0.6.1, fixes #76979 »: https://git.io/Jejfh
<{^_^}>
[nixpkgs] @peti pushed to master « git-annex: temporarily drop support for bup some more »: https://git.io/Jejfj
polman has quit [Read error: Connection reset by peer]
<{^_^}>
[nixpkgs] @peti pushed 10 commits to haskell-updates: https://git.io/JejJv
eoli3n_ has quit [Quit: WeeChat 2.7]
polman has joined #nixos
polman has quit [Read error: Connection reset by peer]
polman has joined #nixos
polman has quit [Read error: Connection reset by peer]
polman has joined #nixos
<jackdk>
clever: I found `hnix-store-core` on hackage, so I don't need my 1am-coding version of the NAR serialiser, and I don't have to handroll nix-flavoured base32 either. happy days.
luc65r has quit [Remote host closed the connection]
polman has quit [Read error: Connection reset by peer]
polman has joined #nixos
polman has quit [Read error: Connection reset by peer]
mehlon has joined #nixos
numerobis has joined #nixos
sigmundv_ has joined #nixos
<jD91mZM2>
Hi people! I'm a little too frequently on non-nixos non-root setups and would like to be able to easily get my emacs setup over. Currently, I don't manage emacs in Nix at all, but I'm really starting to feel like I'm missing out. So to keep my portability I'm looking into things like https://github.com/matthewbauer/nix-bundle, but I happen to know nix-user-chroot doesn't work on one of the machines
<jD91mZM2>
(which I understand nixos-bundle depends on) :(. Does anybody happen to know any alternatives?
polman has joined #nixos
<jackdk>
before I went full nixos, I just leaned heavily on use-package :ensure t and things were pretty good. I don't know what you're stuck with if you can't get root; my knee-jerk reaction would be to suggest nix-env -i but that might not be a thing
polman has quit [Excess Flood]
polman has joined #nixos
<{^_^}>
[nixpkgs] @FRidh pushed 188 commits to staging-next: https://git.io/JejJV
<ryantm>
jD91mZM2: never mind that nixos-shell thing needs nix installed. You could build a VM with `nixos-rebuild build-vm`. What about running a remote emacs server on another machine?
smatting has quit [Ping timeout: 260 seconds]
drakonis1 has joined #nixos
<martyet-o>
mmm someone using simple-nixos-server setup? im struggling on undefined rspamd (but anyway somehow somewhere mentioned?)
<jD91mZM2>
martyet-o: I'm using that, haven't had any problems though
<ehmry>
is there a fix for "warning: substituter 'ssh://...' does not have a valid signature for path '/nix/store/..."?
polman has joined #nixos
<ehmry>
I have substituters setup but I get lots of these and "broken pipe" messages
dbmikus has quit [Ping timeout: 240 seconds]
<__monty__>
ehmry: You need the substituter to sign its store paths. Also add the public key to your config. The broken pipe sounds like a bad network connection.
<ehmry>
__monty__: I thought I had signing enabled, and I would think that most paths are signed already
<__monty__>
And do you have the public key in the local config?
<ehmry>
symphorien: wiki articles should not document anything that can be documented in the nixpkgs repo
<__monty__>
It has nothing to do with nixpkgs?
<__monty__>
It's in the nix manual.
<symphorien>
that's not reference documentation, but a tutorial
<symphorien>
which is completely different
<ehmry>
its going to rot, if it isn't already rotten
ravndal has quit [Client Quit]
<gchristensen>
ehmry: people work hard on the wiki in a way different from the old wiki
<MichaelRaskin>
ehmry: are you implying that we don't have any incorrect or outdated in-repo documentation?
<MichaelRaskin>
ehmry: also, the reason for killing wiki was the cost of fighting the spam, and lack of a plan to set up a viable set countermeasures, including convenient tools for moderators
<ehmry>
MichaelRaskin: fixing in-repo documentation is a concrete priority
ravndal has joined #nixos
<gchristensen>
ehmry: I think I speak for all of us to be glad for all the help you can provide :)
<simpson>
Also, fixing nixpkgs docs is the sort of thing that can be tackled by *improved processes*; we can change how we do code review to require that docs be updated where applicable, and I think we already can tag documentation issues as such in GH's filters.
<symphorien>
well, it's a concrete priority, but nix still does not have man page.
<gchristensen>
simpson++
<{^_^}>
simpson's karma got increased to 14
<MichaelRaskin>
We kind of require that the relevant documentation is updated, but not many people remember what is actually there and what is not
<simpson>
Yeah. I've worked with systems that are literate, which make it obvious; I've also worked with systems that require some comments or annotations from source code to documentation files.
<MichaelRaskin>
«It is a concrete priority» is also not a complete statement. It is only a complete statement when it mentions some people for whom it is a concrete priority. Then, it can be turned into a complete but false statement
vld has joined #nixos
<MichaelRaskin>
(or into a true statement, depends on luck)
<eoli3n_>
is there any way to query upgradable packages ?
<eoli3n_>
list upgradable
<__monty__>
eoli3n_: nix-env has a --dry-run flag. I think that's the closest thing to what you want.
<eoli3n_>
nix-env --upgrade --dry-run gives only "(dry run; not doing anything)"
ee194350 has quit [Ping timeout: 268 seconds]
<eoli3n_>
i have auto upgrade, so maybe i'm up to date
vld has quit [Ping timeout: 258 seconds]
ee194350 has joined #nixos
phaebz has joined #nixos
gustavderdrache has joined #nixos
Ariakenom has joined #nixos
<__monty__>
eoli3n_: Well it would only say anything about things you've installed using nix-env. Which is probably nothing if you're on nixos.
<eoli3n_>
i do
<__monty__>
,declarative eoli3n_
<{^_^}>
eoli3n_: There are multiple ways of managing declarative profiles. 1) Attrset, compatible with imperative use of nix-env https://git.io/fAQHW ; 2) buildEnv, providing more control over the paths that are linked into the profile https://git.io/fp0aU ; 3) home-manager, providing nixos-like config for your ~ https://github.com/rycee/home-manager
<__monty__>
These are all recommended over nix-env -i : )
Ariakenom has quit [Client Quit]
<eoli3n_>
i don't use nix-env
bvdw has quit [Read error: Connection reset by peer]
<eoli3n_>
i do use nixos, i mean
<eoli3n_>
and configuration.nix
<__monty__>
Ah, then the dry-run won't help you find out what you're looking for.
Ariakenom has joined #nixos
<__monty__>
Just trust the system : )
<eoli3n_>
yep, trusting is not my thing
<eoli3n_>
how if i reboot during an upgrade ?
bvdw has joined #nixos
<__monty__>
Any upgrade nix does is atomic. It's simply switching a symlink.
ddellacosta has quit [Quit: WeeChat 2.2]
<kenjis>
should be fine, usually you shouldn't switch to the new generation untill everything is finished and even then you can switch back
<eoli3n_>
ok
<eoli3n_>
that's strange for me to not be able to only check for upgradable, in case i don't use auto upgrades
<eoli3n_>
using nix-rebuild
<symphorien>
technically, you can use nix-diff on the current and freshly built generation
<eoli3n_>
hm, that could be a way
ddellacosta has joined #nixos
<__monty__>
Not really. NixOS doesn't facilitate upgrading specific packages. Only instantiating your declarative config.
<eoli3n_>
ok, i need to chill and relax... why not :D
<__monty__>
If you need a specific version of something you'd pin it.
<__monty__>
Note that we're not saying this is optimal UX. It's just current state.
<eoli3n_>
i don't, i'm configuring modules of my waybar, i come from arch with a custom pkg module which checks for upgrades and tells if kernel has been upgraded
<eoli3n_>
so just asking myself if i need to port
<eoli3n_>
it seems i don't really need
<eoli3n_>
so lets chill on this
<eoli3n_>
:)
<eoli3n_>
if will just diff readlink /run/booted-system/kernel && readlink /run/current-system/kernel
<__monty__>
You can definitely rest easy in comparison to arch. Pacman messing up a kernel upgrade is what motivated me to check out nix : )
<eoli3n_>
__monty__: there is a nice pacman hook for this
<__monty__>
Yeah, I'm pretty sure that existed back then. It was nothing to do with specific modules. It literally simply botched a kernel upgrade.
<eoli3n_>
since when you use nixos ?
<__monty__>
Couple months.
<eoli3n_>
and what do you finally think, in few words ?
<eoli3n_>
did you had to do a nixos upgrade ?
<__monty__>
I've had macOS similarly mess up a system upgrade btw. This is not a problem limited to arch.
<eoli3n_>
i mean about you switch, how positive is your nix experience ?
v88m has joined #nixos
<__monty__>
A nixos upgrade? I've moved from 19.03 to 19.09 if that's what you mean.
<eoli3n_>
without any pb ?
p-h[m] has joined #nixos
<__monty__>
Very, some things are hard but I knew what I was getting into. And the benefits of the declarative configuration and the rollbacks outweigh the problems for me.
<eoli3n_>
yep it seems tricky, but its motivating
<eoli3n_>
for now i see a lots of pros, just few cons, which are only because of paradigm change, just need to adapt
<eoli3n_>
community is <3, and growing, it seems that a lot of people used archlinux as a teaching distro, then move to a fully fonctionnal one as nixos is
dbmikus has joined #nixos
dm9 has quit [Quit: WeeChat 2.7]
polman has quit [Ping timeout: 250 seconds]
32NABQH3E has joined #nixos
7YSAAGZES has joined #nixos
7YSAAGZES has quit [Read error: Connection reset by peer]
cyraxjoe has quit [Ping timeout: 265 seconds]
polmaan has joined #nixos
<__monty__>
Could someone check for me whether the swift derivation works on linux? I'm trying to adapt it for macOS but I get an error about the gcc attribute missing in `clang.cc.gcc`. Does the clang derivation differ on linux and mac?
mounty has joined #nixos
<MichaelRaskin>
It evaluates
<MichaelRaskin>
I would expect that on Mac clang is built with clang
<MichaelRaskin>
So there is no clang.cc.gcc
polmaan has quit [Read error: Connection reset by peer]
polmaan has joined #nixos
mexisme has quit [Ping timeout: 260 seconds]
<LnL>
yeah, I don't really understand why that exists in the first place
<ddima>
steell: do you happen to have a swapfile instead of swap partition?
<steell>
ddima: i do not, i actually do not have swap configured at all in configuration.nix
<steell>
although swapon -s is telling me that it is using the partition i had setup for swap (but never enabled in configuration.nix)
<steell>
does NixOS automatically swapon a partition labeled "swap"? none of my configuration files specify this
kenjis has quit [Remote host closed the connection]
<ddima>
steell: for hibernation you need swap in any case. you should try to define it in `swapDevices` and then boot should automatically try to resume from that.
<samueldr>
fadenb: saw your tweet about the PBP, currently mustered the sticktoitivity to finally do the last steps
<steell>
ddima: will give it a shot, thanks!
<samueldr>
fadenb: do you *intend* to get one or do you *have* one?
<ddima>
steell: Not to my knowledge. Nixos installer does not create any partitions for you, so maybe you forgot?
kenjis has joined #nixos
<{^_^}>
[nixpkgs] @peti pushed 10 commits to haskell-updates: https://git.io/JejtB
<steell>
i definitely created the partition, i just never invoked "swapon" prior to running the hw scan or running nix-install
<steell>
and my config does not specify any swapDevices
<fadenb>
samueldr: I have one and am currently tinkering with it. My serial adapter is shipped next week so currently I am doing blind trial and error attempts :p
<samueldr>
fadenb: care to hop on #nixos-aarch64?
<samueldr>
I can transfer my current knowledge there
<ddima>
steell: if you had it activated when you did nixos-generate-config it might have been picked up, in which case it would be in hardware-configuration.nix though
<{^_^}>
[nixpkgs] @edolstra pushed to master « Revert "nix: build using gcc8" »: https://git.io/Jejtz
<samueldr>
(else it's going to be a bit spammy here :))
<ddima>
steell: when you say "my config", does that include hardware-configuration.nix or just configuration.nix?
<steell>
ddima: yeah it's not in my hardware-configuration.nix
<steell>
ddima: or any other imports ;-)
<ddima>
hm, interesting. maybe there's some other mechanism that goes by label or sth.
<steell>
yeah i may file a bug
ZeDestructor has quit [Quit: o.O]
phaebz has quit [Read error: Connection reset by peer]
<ddima>
steell: and /etc/fstab also doesnt list it?
ZeDestructor has joined #nixos
<{^_^}>
[nix] @LnL7 opened pull request #3303 → build: fix sandboxing on darwin → https://git.io/Jejty
<{^_^}>
[rfcs] @Infinisil opened pull request #64 → [RFC 0063] New Documentation Format → https://git.io/JejtS
<steell>
ddima: it does not :-/
<steell>
ddima: i added it to swapDevices as you suggested and now hibernate works :-)
<ddima>
steell: nice. wrt mystery swap - Id suggest you double check things, ideally try this in a VM or so (maybe with nixos-rebuild build-vm) and file an issue in nixpkgs. I've not seen that happen yet.
vld has joined #nixos
vld has quit [Ping timeout: 268 seconds]
Chiliparrot has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
cosimone has joined #nixos
drakonis2 has joined #nixos
drakonis1 has quit [Ping timeout: 248 seconds]
aveltras has quit [Quit: Connection closed for inactivity]
kenjis has quit [Remote host closed the connection]
<shapr>
nixos n00b question: I have "hardware.pulseaudio.enable = true;" in my configuration.nix does that mean pulseaudio is running as a system service?
<{^_^}>
[nixpkgs] @bcdarwin opened pull request #76997 → skorch: init at 0.7.0 → https://git.io/JejqM
<shapr>
my goal is to install mpd to play music, mpd needs to match pulseaudio whether user or system
<lassulus>
if hardware.pulseaudio.systemWide is not enabled, pulseaudio runs as system user service afair
<shapr>
how would I discover attributes such as hardware.pulseaudio.* ?
<shapr>
is there an lsp-mode for configuration.nix? :-D
lunik1 has quit [Remote host closed the connection]
lunik1 has joined #nixos
lunik1 has quit [Remote host closed the connection]
selfsymmetric-pa has quit [Remote host closed the connection]
lunik1 has joined #nixos
lunik1 has quit [Remote host closed the connection]
lunik1 has joined #nixos
lunik1 has quit [Remote host closed the connection]
lunik1 has joined #nixos
lunik1 has quit [Remote host closed the connection]
chagra has quit [Ping timeout: 265 seconds]
selfsymmetric-pa has joined #nixos
mehlon has quit [Quit: Leaving]
lsix has quit [Quit: WeeChat 2.6]
nixtacular has joined #nixos
<nixtacular>
i'm trying to override the version for the gem bundler in an overlay, but it's not working. doing something like `bundler = super.bundler.override { version = "2.0.2"; }` gets me the error `called with unexpected argument 'version'`
<nixtacular>
i can work around it by using `overrideAttrs`, but why doesn't `override` work? the bundler derivation calls `buildRubyGem`, which uses `makeOverridable`
lunik1 has joined #nixos
<nixtacular>
i've noticed other packages that use builder functions that in turn use `makeOverridable` and that also give the same error. for example, trying to do something like `super.nodejs-10_x.override { version = "10.16.3"; }` gives the same error. i'm forced to use `overrideAttrs`
lunik1 has quit [Client Quit]
Guest92090 has quit [Ping timeout: 258 seconds]
<nixtacular>
i'd prefer to use `override` because functions like `buildRubyGem` do a lot of processing before calling `mkDerivation`. for example, the derivation's `name` is an interpolation of the gem name and the version, so it would be preferable to use `override` so that the updated version number gets propagated to both the src and name attributes, etc.
<nixtacular>
infinisil: any idea? (or anyone else...?)
Guest92090 has joined #nixos
<nixtacular>
(and yet other packages seem to support `override` just fine. for example, i can do `super.nodePackages.yarn.override { version = "1.21.1"; }` and it works as expected. what is the rhyme or reason behind when `override` works and when it doesn't?)
lunik1 has joined #nixos
<nixtacular>
if I'm understanding `buildRubyGem` correctly, it should output a set that is a derivation AND that has two additional attributes, `override` and `overrideDerivation`, which are functions that take a set with the same shape as `buildRubyGem` (which, in turn, should include the attribute `version` among many others)
<nixtacular>
bbl afk, but will check any responses later via the logs :-)
nixtacular has quit [Remote host closed the connection]
noudle has quit []
philr has joined #nixos
Guest92090 has quit [Ping timeout: 260 seconds]
chagra has joined #nixos
Guest92090 has joined #nixos
selfsymmetric-pa has quit [Remote host closed the connection]
<{^_^}>
[nixpkgs] @NeQuissimus pushed 2 commits to release-19.09: https://git.io/Jejmr
mexisme_ has quit [Ping timeout: 268 seconds]
yobj has quit [Remote host closed the connection]
antoszka has joined #nixos
erictapen has joined #nixos
yobj has joined #nixos
sigmundv_ has quit [Ping timeout: 258 seconds]
orivej has quit [Ping timeout: 265 seconds]
<antoszka>
Guys, trying to install NixOS on encrypted ZFS and UEFI -- pretty much in accordance with current instructions. ZFS is encrypted at the root zpool level with a passphrase, zfs volumes inherit the encryption.
FRidh has quit [Quit: Konversation terminated!]
justanotheruser has quit [Ping timeout: 260 seconds]
<antoszka>
The problem is that when I boot from grub I only see the NixOS logo and there's no other sign of activity
<antoszka>
nor any text field allowing me to input the passphrase
kiloreux has quit [Remote host closed the connection]
ng0 has joined #nixos
ng0 has joined #nixos
erictapen has quit [Ping timeout: 260 seconds]
<shapr>
Is there a way to volunteer my system to occasionally build a nix pkg for caching?
<maurer>
shapr: That seems like it would be problematic from a trust perspective
<shapr>
hm, perhaps you could hand out a pkg to several people and check that they all return the same thing?
__monty__ has quit [Quit: leaving]
<gchristensen>
one day, I hope r13y.com can use systems like yours for exactly this purpose
<samueldr>
shapr: is there something you need that isn't cached well?
<shapr>
nope, just seemed like a friendly thing to do
<gchristensen>
samueldr++
<samueldr>
ah great :)
<{^_^}>
samueldr's karma got increased to 146
<shapr>
I have a bunch of cores and ram
<maurer>
shapr: Yeah, that kind of thing has been considered, but I don't think anyone ever got to a coherent answer on how to do it well
<shapr>
you could have an 'untrusted' cache where builds are signed by a particular user?
<shapr>
then if at any point that user uploads something broken or malicious, don't use builds by that person ever again?
<maurer>
Sure, but now you're trying to develop a reputation system
<shapr>
maybe I just advertise my own cache and other people can use it?
<shapr>
yeah, good point
<maurer>
If you just want to advertise your own cache, someone made a tool for that, forgetting the name now...
<gchristensen>
ideally we reach a point where binary reproducibility is very high, and multiple independent organizations do builds which come to the same hash
<maurer>
cachix
<samueldr>
s/advertise/host
erictapen has joined #nixos
<maurer>
If you want to provide a cache for some set of packages that users are likely to trust you for
<samueldr>
an issue with caches is that a cache can't easily say "I have packages x,y,z"
<maurer>
(for example, since you are the software author)
<maurer>
cachix will help address that
<samueldr>
you always need to have the inputs for it, and the same as they were built with :)
<shapr>
has anyone developed a vaguely sane homomorphic encryption system?
<samueldr>
so you can't rely on <nixpkgs> when doing that, but rely instead on a pinned nixpkgs in those derivations served by that cache
<gchristensen>
shapr: apologies, what does that mean?
<maurer>
Last I heard, homomorphic encryption still had prohibitively high overhead
<shapr>
gchristensen: you can send encrypted data to a user, and they can operate on that data without it ever being decrypted
<gchristensen>
ah
<maurer>
gchristensen: The short version is encrypting values such that you can do computation on them without decrypting
jgeerds has quit [Ping timeout: 268 seconds]
<gchristensen>
right, makes sense
<maurer>
e.g. there exists some map f E(x) = E(f(x)) for some restricted f which doesn't require the ability to invert E
<maurer>
well, that statement is a little fuzzily false
<shapr>
last I checked it takes a million (or ten mil) unencrypted operations to do one single encrypted operation.
<maurer>
but you get the general concept
<gchristensen>
is tahoelafs' object capability model -- where you can validate data integrity without decrypting -- homomorphic encryption?
<maurer>
No
<gchristensen>
I thought not
fendor_ has joined #nixos
drakonis1 has joined #nixos
<MichaelRaskin>
Homomorphic encryption is just crazy inefficient, and then you get to the fact that it is even worse
<MichaelRaskin>
You cannot simulate branches in the imperative sense, you simulate circuits
<maurer>
I mean, if you could simulate branches, you'd be able to probe properties of the value
<MichaelRaskin>
BTW, you do not need f(E(x)) = E(f(x)), you are OK with g(E(x))=E(f(x)) if g is sane and easy to obtain from f
<gchristensen>
anyway, what would homomorphic encryption get us? :P
<maurer>
MichaelRaskin: That's why I immediately followed up with "that statement is a little fuzzily false"
<shapr>
whenever homomorphic encryption becomes vaguely reasonable, perhaps it'll replace build servers by paying people to warm their houses.
<MichaelRaskin>
maurer: you _can_ simulate branches in the circuit sense, but you calculate _both_ sides every time
<gchristensen>
interesting
<maurer>
MichaelRaskin: Well, yes, exactly. You have to do both
<maurer>
MichaelRaskin: It's similar to using cmov to dodge side channels
<MichaelRaskin>
We do not need homomorphic encryption for build farm
<maurer>
It wouldn't even be plausible :P
fendor has quit [Ping timeout: 265 seconds]
<MichaelRaskin>
We need a much cheaper condition
<shapr>
gchristensen: homomorphic encryption would mean your users could volunteer to build nixos pkgs and you could trust the results.
<maurer>
tbh if you could do homomorphic encryption for a compilation, and get it to run, you'd probably be in the running for a turing award
<MichaelRaskin>
It would be enough to have succinct proofs that something is indeed a result of running the compiler on the inputs
<MichaelRaskin>
The difference is that you do not need privacy here
<shapr>
How would you get that?
<MichaelRaskin>
It is still horribly inefficient, but I think an order of magnitude cheaper than full homomorphic encryption
fendor_ is now known as fendor
<maurer>
shapr: There are some compilers that can provide verifiable proof that their output object code is derived from particular source files
<maurer>
You'd need to put that into every stage of the build though
<shapr>
ah, too bad
<gchristensen>
and then validate it
<maurer>
It's very interesting stuff, but not in the realm of "let's put it in our build farm"
<antoszka>
nvm, I kinda solved my problem
<maurer>
shapr: If you want to learn more, good keywords are "certifying compilers" and "proof carrying code"
<maurer>
Anything by Karl Crary or Xavier Leroy is worth reading
<shapr>
I kinda hope homomorphic encryption becomes usable so I can build a dead simple computer to verify everything, and then hand out all my work to completely unpatch Intel hardware that's fast and untrustworthy
<maurer>
shapr: aiui homomorphic encryption only does secrecy not integerity
<maurer>
so I don't think that's what you're going for
<{^_^}>
[nixpkgs] @roberth merged pull request #73394 → nixos/xserver:services.xserver.xkbOptions is now commas → https://git.io/Jer6q
<gchristensen>
it seems like verifiable proof that the computation is correct would be more work than doing the computation itself
<MichaelRaskin>
Providing such a proof will always be more work than computation itself
<MichaelRaskin>
Verifying such a proof is much less work
<MichaelRaskin>
(even with today's tools)
phreedom has joined #nixos
phreedom_ has quit [Ping timeout: 240 seconds]
<MichaelRaskin>
Of course, there is also a question of _storing_ such a proof
bogdb has quit [Quit: Leaving]
<gchristensen>
so then where is the cost benefit of having the proof be created, or paying N more people to do the computation
<gchristensen>
yeah?
<MichaelRaskin>
So far, you need a pretty large N to get the payoff
domogled has quit [Quit: domogled]
<MichaelRaskin>
I think I have seen an estimation that if you have fully trustable fab and a business relationship with a remote fab, it might be faster to run a proof on a new chip and verification on a trusted chip, especially if the ratio in performance is many millions of times (and apparently if India military wants complete trust in fabrication, the ratio would indeed be like that)
philr has quit [Ping timeout: 260 seconds]
mexisme_ has quit [Ping timeout: 265 seconds]
<MichaelRaskin>
I am not sure it is better than a competing idea of the fast cheap just feeding prefetch hints to the slow chip, though
vidbina has joined #nixos
<maurer>
I'll also note that if you're worried about chip backdoors, making one of those do mistaken compilation is very hard
<maurer>
Making a system vulnerable with one is easy, but miscompilation...
<maurer>
(not that it's impossible mind you)
<MichaelRaskin>
True; I just remembered a case where someone has already run the numbers
<maurer>
I wonder if the US still has the private gov't fabs... probably not, we've gotten complacent
<maurer>
US used to subsidize Intel operating one entirely US based fab, able to be operated by cleared people etc
<maurer>
so that they could have supply chain integrity for military applications
<gchristensen>
is this back in the clipper chip days?
<MichaelRaskin>
I think at some point they asked could they have at least provably non-China-touchable routers for Pentagon network and found out that no, they don't have enough supply chain transparency?
selfsymmetric-mu has joined #nixos
civodul has quit [Quit: ERC (IRC client for Emacs 26.3)]
<maurer>
gchristensen: This started before that and ran longer than that
<maurer>
MichaelRaskin: Yeah, I know, I was on a DARPA project that wanted to try to figure out how to check routers after the fact for tampering
<maurer>
MichaelRaskin: It was never going to work, but it was a research grant, so we took the money and did problem adjacent work
<gchristensen>
hah anice
<MichaelRaskin>
I think they also considered an option of just having it manufactured completely in more trustable places and doing logistics by US military planes
<MichaelRaskin>
Apparently the supply chains didn't work out
<kqb>
Hello, I am interested in the parsing of nix language expressions. I have already figured out that the crucial bits seem to reside `/src/libexpr`. Is there any documentation already available on how the parse is built? I checked https://nixos.org/nix/manual/#ch-expression-language and https://nixos.org/nix/manual/#chap-hacking. I still have difficulties understanding what the files in directory `libexpr` are trying to implement.
thomashoneyman has joined #nixos
nixtacular has joined #nixos
mehlon has joined #nixos
<thomashoneyman>
quick q: i have a pinned nixpkgs in a project, which builds fine, but when evaluated with Hydra I get an error that there is no 'nixpkgs'
<thomashoneyman>
i'm poking around but i'm not sure why the pinned nixpkgs is not found
<nixtacular>
ok, i think i figured out my override problem from above. the overlays are getting packages from all-packages.nix, which in turn calls `callPackage` on everything. `callPackage` introduces its own `makeOverridable`. the result is that when you try to override any derivation provided by `callPackage`, you end up overriding the top-level arguments
<nixtacular>
passed to `callPackage`, not the ones passed to lower-level functions like `buildRubyGem`
<nixtacular>
that is...pretty unfortunate/annoying.
<nixtacular>
at least, that's what i think is happening...
turona has joined #nixos
chloekek has quit [Ping timeout: 260 seconds]
<infinisil>
nixtacular: You might be able to override buildRubyGem though!
orivej has quit [Ping timeout: 268 seconds]
<nixtacular>
infinisil: how?
<nixtacular>
btw am i missing something...? is this just par for the course when it comes to Nix development? none of this stuff seems to be documented anywhere
fusion809 has quit [Remote host closed the connection]
<nixtacular>
it's really slow-going, constantly having to check how different groups of packages handle things like overrides
<{^_^}>
[nixpkgs] @bcdarwin opened pull request #77000 → ocamlPackages.npy: init at unstable-2019-04-02 → https://git.io/JejO4
<infinisil>
nixtacular: Ah I kind of assumed you wanted to override a package that was built with buildRubyGem
<infinisil>
But I guess your question is when .override/.overrideAttrs and why?
<nixtacular>
infinisil: i do. i want to override `bundler`. also, i want to override `nodejs-10_x`, and other packages in general, but those two are most pressing for me.
<nixtacular>
yes
<infinisil>
makeOverridable takes a function which takes arguments and returns a result. With .override you can override the arguments, with .overrideAttrs you can override attributes of the result
<kqb>
What is the proper IRC channel to ask about the Nix language itself?
<infinisil>
kqb: There is #nix-lang if you prefer a nix language-specific channel over here
<kqb>
infinisil: thank you
<nixtacular>
infinisil: i'm familiar with the differences between .override and .overrideAttrs. my question is more about packaging policy. it is really, really, really frustrating to have to spend hours and hours digging through the codebase trying to determine whether a particular package will support .override in a straightforward fashion vs. .overrideAttrs.
<nixtacular>
i'm trying to figure out whether there is a rule of thumb for which one to use when, or whether it's totally random (seems totally random)
<infinisil>
nixtacular: You could probably override bundler with `bundler.override (old: { buildRubyGem = attrs: old.buildRubyGem (attrs // { <your changes> }); })`
<infinisil>
nixtacular: Ah I see, so generally you need to know what it is that you want to override and where it comes from. E.g. src, version, buildPhase and such are attributes of derivations (created with mkDerivation to be exact), and those can be overridden with .overrideAttrs
<infinisil>
The function arguments are for dependencies or other customizations
<infinisil>
And since a recent PR of mine, you can also query .override arguments
<infinisil>
> lib.functionArgs pkgs.curl
<{^_^}>
'functionArgs' requires a function, at /var/lib/nixbot/nixpkgs/master/repo/lib/trivial.nix:328:42
<infinisil>
> lib.functionArgs hello
<{^_^}>
'functionArgs' requires a function, at /var/lib/nixbot/nixpkgs/master/repo/lib/trivial.nix:328:42
<evanjs>
*reading on ibus on NixOS* "To use any input method, the package must be added in the configuration, as shown above, and also (after running nixos-rebuild) the input method must be added from IBus' preference dialog.
<evanjs>
whaaat
<evanjs>
is there really no way to do the last bit declaratively? I guess maybe home-manager would be my best bet for now?
<infinisil>
And nix doesn't fetch things again if it already has a version of it
<infinisil>
So it will reuse the files of the old version too
knupfer has joined #nixos
<nixtacular>
but shouldn't it fetch the new tarball based on the new version, then see that there's a sha mismatch, then throw an error?
<nixtacular>
that's what happens generally
<infinisil>
Ideally yeah, but with how the fetchers work that isn't usually the case
<nixtacular>
i'm confused though. how could it possibly know fall back to the old version number?
<infinisil>
The version number is only used to determine how to download the source
<infinisil>
But if that source is already downloaded, then it doesn't need to download it again
<infinisil>
And nix determines whether something is downloaded/built already by the output hash (in fixed-output derivations)
<nixtacular>
right. but the version number is part of that hash, no?
<infinisil>
Nope
<nixtacular>
oh
<nixtacular>
ok, that makes sense then :-)
<infinisil>
I hope we can make it part of the hash eventually though
<infinisil>
There are some problems with it unfortunately
<infinisil>
Minor ones imo
<nixtacular>
like what? seems pretty obvious
<nixtacular>
i mean the value of including it
<infinisil>
There are different fetchers, like builtins.fetchTarball, fetchFromGitHub and more, and unless each of them agree for how to incorporate the version into the hash, they'll all have different sha256's
<infinisil>
Um, I mean different output hashes
<infinisil>
Wait no
<infinisil>
I mean different /nix/store paths
<infinisil>
And that is apparently problematic because sometimes you need to exchange them or prefetch something with one fetcher, but then use another later on
<infinisil>
The solution that was chosen to fix this many years ago was to not incorporate the version (and other properties) into the hash
<infinisil>
However I think a better solution would be to just agree on a format for how to incorporate it and align this in all fetchers
jmeredith has joined #nixos
<nixtacular>
ah i see. makes sense.
gxt has joined #nixos
rengglian has joined #nixos
<infinisil>
Btw, incorporating the version (or other properties) is done by just setting the name of the derivation to something like "foo-${version}". The solution of not incorporating it meant to set all derivation names to "source"
<infinisil>
Which is why you see so many /nix/store/...-source in nix-build's
<nixtacular>
huh! i did notice that but i didn't know the reasons.
bvdw has quit [Quit: bvdw]
rengglian has quit [Read error: Connection reset by peer]
rengglian has joined #nixos
bvdw has joined #nixos
<infinisil>
If the other solution is chosen, we'd know where those sources come from, because it would be /nix/store/...-source-github.com-foo-bar-v0.2` or so, which would also be nice
xO1 has quit [Ping timeout: 258 seconds]
vidbina has quit [Ping timeout: 260 seconds]
<rengglian>
What's the best way to run a binary (go build) copied via shared drive?
rengglian has quit [Read error: Connection reset by peer]
<mehlon>
I tihnk you can just run it..?
<nixtacular>
infinisil: one small annoyance i have with the naming scheme is that when overriding packages that include the version number in the name, you usually have to manually override the whole name, as well, which means that you need to know the name structure. for example: