<__red__>
I don't know how many of you are familiar with elixir - but it handles unicode by downloading the unicode database, encapsulating it into code and compiling
<__red__>
it's pretty instant
sigmundv_ has quit [Ping timeout: 264 seconds]
<gchristensen>
neat
<__red__>
speaking of things taking a while - the update that I did to ponyc timed out on build: https://logs.nix.ci/?key=nixos/nixpkgs.98598&attempt_id=6196e31e-d9c8-44a8-bd6d-451232146cc5
<__red__>
is there anything I need to do / can do to help?
<{^_^}>
[nixpkgs] @ryantm pushed commit from @elitak to master « vcs: init at 1.13.4 »: https://git.io/JU2tZ
<reptarmigan>
hey, I'm trying out building a nix dirivation (checked out nixpkg, modifed a stale version of textadept to try out the latest stable) I'm getting a hash mismatch in hg-archive, any advice?
<__red__>
reptarmigan: yes - since teh version changed - you have to change the hash
<__red__>
when you ran it, it probably said something like: "
<__red__>
Expected: <hash>
<__red__>
Got: <hash>
cole-h has quit [Quit: Goodbye]
<reptarmigan>
I don't get any results for a specific search, but it seems like "hash mismatch in fixed-output derivation '/nix/store/qg1jv1havczbjm7n108wz744vr95mw3f-hg-archive':"
<reptarmigan>
hg-archive is not the package I've modified
<__red__>
oh - not what I thought you meant
<__red__>
can you pastebin or gist the whole thing?
<reptarmigan>
So I got the hash for the new textadept version using nix-prefetch-hg I assume hg-archive is some dependency, but this is my first time, so I'm just tilting at windmills ;-)
<__red__>
since I'm not familiar with the new ofborg
zupo has joined #nixos
<__red__>
and tell help me understand what the new bits are
<__red__>
They say, the time of my compile was not a price oborg was willing to pay
<__red__>
but it shows as neutral, which seems odd if that was the process that was supposed to validate the package
<__red__>
if it doesn't complete - how are the committers supposed to do package verification?
<__red__>
(apart from download it themselves manually I guess)
ghasshee has joined #nixos
<srhb>
__red__: It's always a tradeoff, of course. It would be better if ofborg could confidently always build anything no matter the cost, but yes, sometimes it's up to the reviewer to either build it themselves or trust in the committer :) Wrt. "neutral" -- the goal is for ofborg "green" to mean "it's totally OK to click merge with minimal effort" while "red" is "we're confident this is broken, don't
<{^_^}>
[nixpkgs] @jonringer pushed commit from @Lucus16 to release-20.09 « gnat: fix build »: https://git.io/JU2Y8
civodul has joined #nixos
mananamenos has joined #nixos
zaeph has quit [Ping timeout: 240 seconds]
knupfer has quit [Ping timeout: 256 seconds]
<{^_^}>
[nixpkgs] @tricktron opened pull request #98621 → [20.09] notebook: fix tests on darwin, 6.1.3 -> 6.1.4 → https://git.io/JU2YK
ramen_master has joined #nixos
<reptarmigan>
Aha, I just ran the build and filled out the new deps and it looks like a thing built itself! Is there a fast way to do that? I just split my term and bashed (or zshed) my way through it :-D
karantan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
sigmundv_ has joined #nixos
tmaekawa has joined #nixos
<{^_^}>
[nixpkgs] @Flakebi opened pull request #98630 → amber: init at 2020-09-23 → https://git.io/JU2nu
<solene>
hi, I use Nixos 20.03, I installed xrdp but I can't figure out how to start it. I see no systemd unit file to start a service.
spease has quit [Ping timeout: 256 seconds]
<evils>
solene: did you install it by setting `services.xrdp.enable = true;`?
bahamas has joined #nixos
karantan has joined #nixos
daa has joined #nixos
<solene>
evils: absolutely not. I added xrdp in my package list. How could I now I can add this as a service to enable? I'm quite new to Nixos, I've read the manual but I can't find a pattern to understand when I can use services.$something. I also looked at the package code on github to find clues and didn't find any.
<solene>
I'll try what you suggest, this make sense
<evils>
solene: i think you only need to add the services enable line to your nixos configuration.nix, you shouldn't need to add it to your packages unless you need the binary accessible in your environment
cosimone has quit [Quit: Quit.]
tmaekawa has quit [Ping timeout: 246 seconds]
wolfshappen has joined #nixos
<solene>
evils: it works like a charm, thank you
sigmundv_ has quit [Remote host closed the connection]
cosimone has joined #nixos
stree_ has joined #nixos
stree has quit [Ping timeout: 260 seconds]
sputny has joined #nixos
dermetfan has quit [Ping timeout: 260 seconds]
<{^_^}>
[nixpkgs] @yihuang opened pull request #98632 → support multiple major version of go package → https://git.io/JU2c4
<solene>
evils: is there a way to know that a package can be registered as a service? (like for xrdp)
<{^_^}>
[nixpkgs] @DavHau opened pull request #98633 → profiles: add HP Smart Array RAID scsi driver to all-hardware.nix → https://git.io/JU2cu
<Coda-Coda>
Hi, I'm new to Nixos, I'm trying to set up a window manager other than icewm with xrdp for NixOS running on AWS. I've come across https://github.com/NixOS/nixpkgs/issues/57717 but have no solutions, does anyone have tips?
<{^_^}>
#57717 (by Zhen-hao, 1 year ago, open): xrdp server missing KDE option
<{^_^}>
[nixpkgs] @vcunat merged pull request #97597 → Purity checking should also accept $TMP, $TMPDIR and $TEMP, $TEMPDIR → https://git.io/JUcAB
xd1le has joined #nixos
nixuser has joined #nixos
bahamas has quit [Ping timeout: 260 seconds]
knerten has joined #nixos
<xd1le>
so I have default.nix file which does import <nixpkgs>, but it doesn't evaluate in pure mode. So what is the substitute to that? Can I like call the default.nix expression passing in nixpkgs from a flake.nix somehow?
meh` has joined #nixos
daa has quit [Remote host closed the connection]
<{^_^}>
[nixos-homepage] @github-actions[bot] pushed commit from GitHub Actions to master « Update flake.lock and blogs.xml [ci skip] »: https://git.io/JU2Wi
<xd1le>
Ok I think I have an idea
<xd1le>
If callPackage is in nixpkgs.lib I can just use that from the flake.nix
<felschr1[m]>
Hi, does anyone have an idea how to reference a branch with a `/` in the name in a flake input url?
<raboof>
I wonder if we should rename 'Nix Package Manager Guide' and 'Nixpkgs Users and Contributors Guide' to simply 'Nix Manual' and 'Nixpkgs Manual'? That's how I always think of them (and matches their URL and even 'title')... WDYT?
sangoma has quit [Read error: Connection reset by peer]
ericsagnes has joined #nixos
<evils>
raboof: well, the learn page has "Learn Nix | Learn Nixpkgs | Learn NixOS" seems sensible to keep it simple and consistent; and "guide" implies they're more guided / a linear read-through, than they are
<raboof>
evils: so... you agree? :)
rprije has quit [Ping timeout: 256 seconds]
<jmercouris>
OH DO I
<jmercouris>
DO I AGREE?
<jmercouris>
I guess so :-)
kdlv has joined #nixos
<evils>
raboof: sure, though i think it's best to coordinate consistent communication via the marketing team rather than feedback from randos on #nixos :P
<jmercouris>
C O M M U N I C A T I O N
<jmercouris>
A E S T H E T I C
<raboof>
B R A N D
<evils>
B I K E S H E D D I N G
<jmercouris>
lol :-)
<gchristensen>
P U L L R E Q U E S T S
<{^_^}>
[nixos-homepage] @raboof opened pull request #570 → Learn: replace 'More ...' with 'Manual' → https://git.io/JU24h
<infinisil>
I guess we could also use the different types of documentation
<infinisil>
The current manuals are a mix of how-to's, references, tutorials i think
<gchristensen>
aye
<raboof>
I mostly think of them as reference docs - I personally keep things that are more 'tutorial-like' on the wiki (though it's a fine line I guess)
<evils>
i think of them as my last hope...
<{^_^}>
[nixpkgs] @mkg20001 opened pull request #98637 → flat-remix-gtk: init at 20200718 → https://git.io/JU2BI
cfricke has joined #nixos
<chreekat[m]>
+1 raboof
<gchristensen>
that may be what you expect them to be, but they aren't consistently reference
lordcirth_ has quit [Remote host closed the connection]
lordcirth has joined #nixos
waleee-cl has joined #nixos
<{^_^}>
[nixos-homepage] @maralorn opened pull request #572 → Unify capitalisation of manual headings → https://git.io/JU2aC
endformationage has joined #nixos
<easter_egg>
Is someone experiencing UTF-8 issues with ansible package? The package from my other package manager is working as expected but ansible from nix-env is showing those encoding issues.
azure1 has quit [Read error: Connection reset by peer]
<rasmusm>
but if you are going to use it as a system install i think your way if the best way
tyxie has quit [Remote host closed the connection]
hnOsmium0001 has joined #nixos
<evanjs>
rasmusm: yeah just need to figure out what to turn on/off as I already had LanguageClient-neovim installed/enabled, etc
<rasmusm>
i know that feeling, i part of my change to neovim are a clean up of my 20 year old ever evolving vimrc
<evanjs>
I remember seeing something about the update.py script (for vimplugins) needing authentication a while back... is this something that's needed now?
<evanjs>
And oh wow. Glad I got into all this sorta late
<evanjs>
And mostly dropped my old "configs" from Gentoo and etc :P
karantan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
<rasmusm>
i am still not sure if i really want to nixpkgs for my plugins, i often want either bleading edge or just the version i have allways used. and i also use (n)vim on windows
sangoma has joined #nixos
<rasmusm>
but must plugins are just a git checkout, so its easy to wrap for nix, execely with something like niv or nix-prefetch-github
<evanjs>
Right exactly. I also stick to nixos-unstable and have my systems auto update every 6h :P
<evanjs>
I've gotten more comfortable using nixos-unstable rather than nixpkgs-unstable as it's less likely for packages to break. Not like it never happens, but definitely less often, in my experience
<rasmusm>
i am running nixos-stable onless i have a good resion not to. unstable are to scarry ;)
kdlv has quit [Quit: kdlv]
gtoast has joined #nixos
<evanjs>
yeah that's why I switched from nixpkgs-unstable to nixos-unstable :P
nixuser has quit [Read error: Connection reset by peer]
<evanjs>
holy heck the update.py --add workflow is amazing. thanks guys!
ericsagnes has quit [Ping timeout: 260 seconds]
<rasmusm>
not that i have had any more problem with nixos-unstable then nixos-stable, but i have not realy used nkpgs-unsable i like binary packages from hydra to much
mir100 has joined #nixos
<lordcirth>
I tried to switch to unstable (because pulling just IPFS from unstable was hard, with flakes) but home-manager has a conflict currently.
<lordcirth>
Gotta love that I found that out *before* switching, though.
<evanjs>
lordcirth: what, is is something like "21.09 is not a version?"
<{^_^}>
[nixpkgs] @NeQuissimus pushed 3 commits to release-20.09: https://git.io/JU26p
<evanjs>
lordcirth: yeah I am referencing home-manager from nurPackages, which I have pinned, so it's fairly easy to roll back if needed. I actually don't commit updates to those pins unless at least one of my configs builds, anyway :P
<roconnor>
I though the output hashes where strictly based on the contents of the .drv file.
mmohammadi98127 has joined #nixos
<roconnor>
why do you need the whole .drv graph?
meh` has quit [Read error: Connection reset by peer]
lordcirth_ has quit [Ping timeout: 260 seconds]
<lordcirth__>
roconnor, in that context, you need to be trusted, because you are telling Nix that the store paths you are uploading as <hashX>-foo are, in fact, the untampered result of building <hashX>-foo.drv
<roconnor>
Or is it necessary to verify that every nix/store objected mentioned in the env matches the output produced by the inputDrvs?
<gchristensen>
roconnor: because you can't prove you are allowed to access /nix/store/4qry96ap0kpkjwjlsyc8p3m3hh6pg5pv-bash-4.4-p23.drv without proving you know how to build /nix/store/4qry96ap0kpkjwjlsyc8p3m3hh6pg5pv-bash-4.4-p23.drv
<gchristensen>
you can only prove you know how to build it if you know how to build everything which culminates up to /nix/store/4qry96ap0kpkjwjlsyc8p3m3hh6pg5pv-bash-4.4-p23.drv
boombim has joined #nixos
<roconnor>
lordcirth__: edolstra seems to be saying that simply uploading the .drv file by itself without the closure is problematic.
rasmusm has quit [Read error: Connection reset by peer]
<evanjs>
okay it looks like the lua section isn't being terminated properly? hrm
<boombim>
Hey. Can you help me with home-manager please?
<roconnor>
gchristensen: I don't think it is a access control issue. What we are trying to do is avoid an untrusted remote maching from compromising the local build machine's /nix/store integrety.
mmohammadi98127 has quit [Quit: I quit (╯°□°)╯︵ ┻━┻]
<roconnor>
And I don't see how a malformed .drv can do that. What is there to validate in a .drv?
<roconnor>
beyond its own syntax, which is easy for the local build machine to do.
ManiacOfMadness has quit [Ping timeout: 260 seconds]
grobi has quit [Quit: WeeChat 2.8]
rasmusm has joined #nixos
mmohammadi9812 has joined #nixos
lordcirth__ has quit [Ping timeout: 260 seconds]
meh` has joined #nixos
<roconnor>
... is it the case that every occurance of /nix/store in the 'env' must match up with an inputSrcs or an inputDrvs?
<boombim>
how can I bind it in sway with home manager?
<gchristensen>
roconnor: Nix is an object-capability safe, and part of it is this. you only copy your drv but not the drvs you depend on, you're bypassing object capability safety
<gchristensen>
you can nix-copy-closure a `.drv` to theremote and nix-build it
<gchristensen>
the other thing is this does is it requires the other end to have built or substituted everything, whereas with normal remote building you can copy built outputs to the remote
lordcirth has joined #nixos
cole-h has joined #nixos
<roconnor>
gchristensen: But you are already trusting the remote machine. That is of course necessary.
<roconnor>
The issue I'm trying to wrap my head around is the remote machine trusting the local machine.
<gchristensen>
the remote needs to trust you
<gchristensen>
because you're copying build outputs in to its store
<roconnor>
And I get that is you are pushing binaries over the the remote machine you need trust there.
<gchristensen>
(or you're copying a .drv over, and only copying content-addressed data)
<roconnor>
But it seems that just pushing a .drv without its closure is unsafe.
mir100 has quit [Ping timeout: 258 seconds]
philr has quit [Ping timeout: 240 seconds]
<gchristensen>
it is unsafe, you can't prove you know how to create those drvs
<roconnor>
but I thought a .drv file was the similar as a content addressable data blog.
<roconnor>
data blob.
<evanjs>
rasmusm: .... it might have been the spacing??
<lordcirth>
roconnor, it is, but asking the remote to build it isn't
<roconnor>
gchristensen: in principle .drv can be created by hand no? I mean, of course we use the nix language to make them, but that is a separate layer.
<gchristensen>
sure
<gchristensen>
the proof is in the "do I know everything about how this was created?" which means the entire tree used to create your hash
<roconnor>
gchristensen: you are saing the hash prefix of a .drv files is not the hash of the contents of the .drv file?
<gchristensen>
it is
<roconnor>
then what is the problem?
fendor_ has joined #nixos
<lordcirth>
As I understand it, the problem is that the .drv can refer to paths you shouldn't have access to
<gchristensen>
right
<gchristensen>
you get access to paths you can prove you know how to produce
<roconnor>
The /nix/store is publically readable. There are no read access controls on it.
<gchristensen>
not with a remote builder
<lordcirth>
roconnor, on the local machine, not remotely
<lordcirth>
Eg, if not for this check, you could submit a .drv that says "build me a file that contains the contents of /nix/store-<hash>-shadow
<roconnor>
yes but I've already logged into the remote machine via ssh and now I am acting as the local user "nixBuild".
<roconnor>
and "nixBuild" can read everything from /nix/store.
<roconnor>
because it is world readable.
<gchristensen>
then you might want to tighten up how you configure your remote builds
<roconnor>
There is no read access control.
<gchristensen>
the recommended way to run remote bulids is use SSH's Command, to automatically run nix-store on connect, and not allow a general access
<roconnor>
But still I cannot do builds without adding nixBuild to the trusted user.
<rasmusm>
evanjs: that sound like something viml could have a problem with
<roconnor>
trusted builders is all about using the --builder flag with nix-store and that has nothing to do with read access control.
<roconnor>
it is only about what you are able to write to the store.
<gchristensen>
for the purposes of this conversation I'll assume you're right and go back to lunch
<rasmusm>
evanjs: do you (or others) have experiance with rnix-lsp, are there something i should look out for when setting it up?
<Ke>
some platforms have some of these libs baked into libc, so no extra linking is required
<roconnor>
gchristensen: Sorry. I do appreciate your attempts to help me, even if I'm stuborn. Thank you. I'm going to try asking on the thread, and maybe I'll find out you are right.
<Ke>
does it build, if you omit -lrt
<Ke>
though not sure, ix nix packages glibc on darwin or something
<gchristensen>
if you want to skip being a trusted user, simply nix-copy-closure the .drv and run `ssh remote nix-build the.drv` and then `nix-copy-closure` the result back
<Ke>
if
nullheroes has joined #nixos
fendor_ has quit [Remote host closed the connection]
fendor_ has joined #nixos
sputny has joined #nixos
fendor_ has quit [Read error: Connection reset by peer]
<roconnor>
(BTW, nix-copy-closure doesn't send the entire contents of the closure to the remote machine, thus it doesn't prove to the remote machine that the local machine knows the content of all the .drv files)
<clever>
lordcirth_: its not squid, but instead a custom haskell program, that is aware of the binary cache api, and has no cache expiry policy
knupfer has joined #nixos
<clever>
roconnor: check the manpage of nix-copy-closure
pinkieval has joined #nixos
<LnL>
roconnor: I could be totally wrong but I think it has more to do with the fact that buildDerivation registers a path with invalid (non existing) references which is not allowed under normal circumstances
<lordcirth_>
clever, thanks!
<roconnor>
clever: I'm reading it righ tnow.
<roconnor>
"This command is efficent because it only sends the store paths that re missing on the target machine"
<clever>
roconnor: --include-outputs
<roconnor>
LnL: Oh does it do that?
<LnL>
it skips all the dependencies for efficiency
<roconnor>
LnL: Is the issue that the remote machine may have built the dependencies of the build request but have garbage collected the .drv files? (can that happen?)
<roconnor>
I mean it needs the .drv files of the unbuild dependencies anyways.
<roconnor>
It doens't need the .drv files of the unbuilt dependencies?
quinn has quit [Ping timeout: 258 seconds]
<LnL>
yeah only the outputs used by that single drv
boombim has quit [Remote host closed the connection]
quinn has joined #nixos
<roconnor>
But to build those outputs, it will need their .drv files...
<roconnor>
I must be missing something fundamental here...
mmohammadi9812 has quit [Ping timeout: 256 seconds]
<LnL>
the build hook will ensure those are copied to the build host first
<roconnor>
what if the local machine hasn't built them?
<LnL>
it must have them because that's the machine that's "building" the tree
mthst has quit [Ping timeout: 260 seconds]
<LnL>
if it didn't it would build those first just like local builds
<roconnor>
oh, so the local machine sends build requests to the remote machine, one at at time.
<LnL>
yeah
<roconnor>
okay, that sounds like a bit of a fundamenal misunderstanding I had. :)
zakame has joined #nixos
<roconnor>
Let me rethink this then. The local machines only makes a remote build request when it has all the dependencies built.
<roconnor>
(one way or another)
<roconnor>
It sends the .drv file to the remote machine.
<roconnor>
Now, if the remote machine happens to already have the dependencies, then, at least in principle, it could build the .drv in without trusting the local machine.
<{^_^}>
[nixpkgs] @evanjs opened pull request #98667 → vimPlugins.lsp_extensions-nvim: init at 2020-09-06 → https://git.io/JU2Dp
<Cadey>
Has anyone packaged inspircd in Nix before?
<evanjs>
rasmusm: there we go lol
lordcirth__ has joined #nixos
<roconnor>
And if the remote machine doesn't have the dependencies then the local machine sends them over.
<roconnor>
of course this must be a trusted operation.
lordcirth_ has quit [Ping timeout: 260 seconds]
<roconnor>
But then I don't quite get dolstra's comment about "this prevents Nix from checking that the .drv is legit".
mthst has joined #nixos
<roconnor>
There doesn't seem to be any trust issues about the .drv file itself.
<roconnor>
Just about build outputs.
marsh has quit [Read error: Connection reset by peer]
<Reiser>
Is it possible to easily write out some arbitrary content to a file managed by my configuration.nix? I.E, let's say I just want to write the word "world" into `/root/hello`
<gchristensen>
no
marsh has joined #nixos
<Reiser>
I see, what's the right thing to do then. Package up some kind of service that autoruns and does the writing?
<evanjs>
Reiser: could do that with home-manager
<V>
Cadey: not to my knowledge, unless it was out of nixpkgs
<judson>
I'm having trouble with buildGoModule and buildFlags array - it looks like the array is concatenated and passed as a single string to `go build`
<Reiser>
evanjs, basically I have some `docker-containers` that require static configuration files, and I'm not sure the best way to place them somewhere that makes sense on the system. Ideally I'd like to manage the files directly in configuration.nix
<evanjs>
If it's used for the root user. But yeah, not like you can throw it _anywhere_ in the system
<Cadey>
V: fair, i may have to do it myself, i just wanted to see if there was prior art or not
<judson>
This is in an unstable captured on 8/27
<evanjs>
You can also just keep them in your nix config and reference them from there
<evanjs>
But I'm assuming something _else_ is consuming the configs, outside of Nix's control
lordcirth_ has joined #nixos
<Reiser>
evanjs, they're expected to be in the mounted volume of the docker container
<Reiser>
What I've done is, used `/root/container/<name>` for various volume mounts, I'm just trying to figure out the best way to manage the static configurations that should be in each
<{^_^}>
[nixpkgs] @siraben opened pull request #98668 → st: enable build on darwin → https://git.io/JU2y6
<Reiser>
I do want to configure them through nix :)
<Reiser>
This looks promising though, I can place them under /etc and mount the files directly
<judson>
Uh, is this really buildFlagsArray is supposed to work? It all gets concatenated? I see mage using this to avoid needing to quote ldflags, and drone-ci using a prebuild phase to _actually_ get an array of build args.
<judson>
Surely this is a bug?
sputny has quit [Remote host closed the connection]
lordcirth_ has joined #nixos
lordcirth__ has quit [Ping timeout: 260 seconds]
urkk has quit [Ping timeout: 260 seconds]
spease has quit [Ping timeout: 258 seconds]
<mthst>
is there a way to get an aarch64 gcc in stdenv?
<roconnor>
LnL: So after reviewing edolstra's thesis (page 108) I see now that the hash of a .drv file isn't just the hash of the contents of the .drv file, but a hash of the contents with the inputDrvs replaced with the hashDrv value of the content of those inputDrv files.
<roconnor>
This, of course, is impossible to validate without having the contents of those inputDrv files on hand.
<roconnor>
I don't quite get why this is done, but it does mean that you cannot add add .drv files to the nix store without having all the inputDrv file contents.
ghasshee has quit [Remote host closed the connection]
lordcirth__ has quit [Ping timeout: 260 seconds]
sputny has joined #nixos
adisbladis has left #nixos ["ERC (IRC client for Emacs 28.0.50)"]
<cole-h>
I wish nixos-unstable would update :(
<bbigras>
me too
<beww>
rasmusm, your repo nix-neovim is pretty interesting, how did you found the version to use, that does not change every night due to the nightly build?
zupo has joined #nixos
rajivr has quit [Quit: Connection closed for inactivity]
lordcirth__ has joined #nixos
<rasmusm>
beww: i just used niv to giv me the last from git, and then i just update some times (its wary mush wip)
<{^_^}>
[nixpkgs] @rickynils pushed to master « Unmaintain a few packages »: https://git.io/JU2QW
lordcirth__ has joined #nixos
<simpson>
roconnor: I don't have a complete answer for you; your points have been both convincing and question-raising. But I think that part of the answer is that, ideally, we'd have the Nix store mounted in some way so that it's not possible to enumerate or list the contents; world-readability of the store wouldn't imply that anybody can get a listing of what's currently in the store.
ManiacOfMadness has joined #nixos
<simpson>
(While I think that this is technically possible today, it would break a lot of tools and a lot of debugging workflows.)
<{^_^}>
[nix] @kquick opened pull request #4063 → Fixes fall-through to report correct description of hash-file command. → https://git.io/JU27E
<{^_^}>
[nixpkgs] @cole-h opened pull request #98676 → nixos/update-users-groups: /etc/shadow owned by root:shadow → https://git.io/JU27z
ericsagnes has quit [Ping timeout: 260 seconds]
reptarmigan has quit [Quit: Konversation over!]
meh` has quit [Ping timeout: 258 seconds]
noudle has quit []
bahamas has quit [Ping timeout: 260 seconds]
meh` has joined #nixos
eta has quit [Quit: we're here, we're queer, connection reset by peer]
<{^_^}>
[nixpkgs] @Infinisil closed pull request #98477 → Allow specifying a `recursionLimit` for `toPretty` → https://git.io/JUzF4
eta has joined #nixos
devalot has joined #nixos
jonathan[m]1 has joined #nixos
eta has quit [Client Quit]
eta has joined #nixos
sangoma has joined #nixos
ericsagnes has joined #nixos
eta has quit [Client Quit]
<devalot>
I need some help. I have no idea what I did but sshd and console login is busted. I rebooted and used grub to boot into an older generation that I know works but same problem. Before I rebooted I saw that SSH was accepting keys but then drops the connection and logs fatal: Access denied for user [user] by PAM account configuration"
eta has joined #nixos
eta has quit [Remote host closed the connection]
<devalot>
Everything on the machine seems to work, but I can no longer login.
eta has joined #nixos
<cole-h>
If you can edit the command line in grub, I think adding `single` will give you root to play around with?
<bourbon>
S
reptarmigan has joined #nixos
<bourbon>
also, in grub itself, you should be able to `e` to get into the edit mode on the option
<cole-h>
That's what I was talking about :)
eta has quit [Client Quit]
eta has joined #nixos
grobi has quit [Quit: WeeChat 2.8]
<devalot>
cole-h: Yeah, I suppose that's my next step. Any idea why PAM would be rejecting logins? Or where I should be looking?
<cole-h>
Sounds like file corruption to me, but aside from that, no idea.
<__red__>
ofborg timed out on my build. Is there anything I need to do to get this PR greased up again?
<sheepfleece>
Good day! How can I install VirtualBox with USB2.0 feature enabled? I tried to set `virtualisation.virtualbox.host.enableExtensionPack`, after that virtualbox recompiled itself for some reason but USB2.0 feature still didn't work.
<sheepfleece>
In settings there is indeed `Oracle VBoxDTrace Extension Pack` however I'm not sure this is the one I need.
<jtojnar>
sheepfleece: you might need to add yourself to some groups
<sheepfleece>
I did that, however it still complained that some kernel drivers were unavailable, so I tried to run it as root and it worked, but I still don't have USB 2.0 option
<roconnor>
simpson: I'm concluded that this whole readable store is a red herring and Dolestra's comment is simply reflecting the fact that the output values in a drv file are computed by `hashDrv` which (recursively) needs the contents of all the `drv` dependencies to function.
<jtojnar>
sheepfleece: maybe modprobe the modules?
karantan has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
aleph- has quit [Ping timeout: 272 seconds]
<jtojnar>
rebooting will probably be safest to ensure everything is up – not sure if the udev rules are loaded on rebuild or some systemd service needs to be restarted
<{^_^}>
[nixpkgs] @zimbatm pushed commit from @r-ryantm to master « bitwarden: 1.20.1 -> 1.22.1 (#98674) »: https://git.io/JU2AO
<sheepfleece>
I rebooted the system one more time (even though I was in a vboxusers group), modprobe says that the module is loaded, however I still can only use VM as root (I even added root to the group)
cr4y1 has joined #nixos
<sheepfleece>
But USB 2.0 (and other things) are still not available
<{^_^}>
musteresel: Please expand your question to include more information, this will help us help you :)
civodul has quit [Quit: ERC (IRC client for Emacs 27.1)]
sheepfleece has quit [Quit: Lost terminal]
spudly has quit [Ping timeout: 260 seconds]
spudly- is now known as spudly
<ptival[m]>
is there an easy way of making a derivation just like GCC's, expect changing the install phase? (for some reason, I'd need a snapshot of the whole directory structure after build)
<{^_^}>
[nixos-homepage] @garbas merged pull request #577 → enforce building docker images on linux → https://git.io/JU2xZ
<{^_^}>
[nixos-homepage] @garbas pushed 2 commits to master: https://git.io/JU2x2
<{^_^}>
[nixos-homepage] @garbas pushed 0 commits to fix-514: https://git.io/JU2xV
<musteresel>
I've frist tried via packageOverwrites .. which didn't work out either (new guest additions package gets built but is not used in any way)
<infinisil>
So e.g. `nix-build '<nixpkgs>' -A hello`, followed by `nix-build '<nixpkgs>' -A hello -K --check` should give you the build directory of it
<musteresel>
With the overlay approach now it seems that a mount related systemd service depends on the new virtualbox guest additions package, but nothing else (not the environment packages nor the systemd unit which runs the main service)
<ptival[m]>
doesn't this give you the directory structure before build?
<ptival[m]>
hopefully I can adapt it to preInstall or something :)
meh` has quit [Ping timeout: 260 seconds]
<ptival[m]>
will give it a try... well, now waiting for gcc to build
<ptival[m]>
thanks!
<infinisil>
ptival[m]: Does what I suggested not work?
<ptival[m]>
I'll know in however amount of time it takes for gcc to build :D
<ptival[m]>
whatever*
<cole-h>
It works the exact same for preInstall or prePatch or preFixup
<musteresel>
https://pastebin.pl/view/c77564b9 This is how I wrote my overlay; vbox-guest.nix is basically a copy of the nix expression in nixpkgs with a changed src/version.
<musteresel>
I'm using overlays for the system configuration as described with the "trick" here: https://nixos.wiki/wiki/Overlays#Using_nixpkgs.overlays_from_configuration.nix_as_.3Cnixpkgs-overlays.3E_in_your_NIX_PATH
<{^_^}>
[nix-mode] @leungbk opened pull request #112 → Makefile: add nix-mode project directory to 'load-path' in 'run' target → https://git.io/JU2po
devalot has joined #nixos
<{^_^}>
[nixos-homepage] @garbas pushed to fix-219 « links should be absolute since RSS/Atom readers dont understand relative links »: https://git.io/JU2pi
sxiii has quit [Ping timeout: 256 seconds]
<{^_^}>
[nixos-homepage] @garbas opened pull request #579 → links should be absolute since RSS/Atom readers dont understand relat… → https://git.io/JU2p1
<{^_^}>
[nixos-homepage] @garbas merged pull request #578 → remove pre-git/post-git from the nixpkgs manual → https://git.io/JU2pg
<{^_^}>
[nixos-homepage] @garbas pushed 2 commits to master: https://git.io/JU2pM
<devalot>
cole-h: bourbon: Thanks for the help earlier. I was trying to use users.users.<name>.passwordFile in conjunction with sops-nix and activation timing issues and my own incompetence led to a malformed /etc/shadow file. It's a little upsetting that switching generations didn't fix the issue.
<{^_^}>
[nixos-homepage] @garbas pushed 0 commits to fix-514: https://git.io/JU2pD
justanotheruser has quit [Ping timeout: 260 seconds]
justanotheruser has joined #nixos
erasmas has quit [Quit: leaving]
cr4y1_ has quit [Ping timeout: 264 seconds]
shibboleth has joined #nixos
sxiii has joined #nixos
<{^_^}>
[nixos-homepage] @garbas merged pull request #579 → links should be absolute since RSS/Atom readers dont understand relat… → https://git.io/JU2p1
<{^_^}>
[nixos-homepage] @garbas pushed 2 commits to master: https://git.io/JU2p5
<{^_^}>
[nixos-homepage] @garbas pushed 0 commits to fix-219: https://git.io/JU2pF
<roconnor>
nixUnstable doesn't build with GCC 8.4 :/
<zeta_0>
hello there, a couple of weeks ago i saw a reddit post, on some new nix dictionary tool, that's used to look at nix documentation, but now i can't seem to find it now, do you any of you know specifically what this tool is called ? so that i can search for it in nixpkgs (or github if it's not there).
<{^_^}>
[nixpkgs] @fzakaria opened pull request #98693 → Fix shebang for binaries in JRuby → https://git.io/JU2hN
<{^_^}>
[nix] @paulopiyo777 opened pull request #4065 → Remove redundant value checks → https://git.io/JU2hp
<{^_^}>
#98693 (by fzakaria, 13 minutes ago, open): Fix shebang for binaries in JRuby
<infinisil>
fzakaria: Know about `patchShebangs`?
<fzakaria>
i do;
<fzakaria>
i commented about it in the description
<infinisil>
Oh sorry, should've read it
<fzakaria>
"Patchshebangs was not picking up the fix as part
<fzakaria>
itself."
<fzakaria>
of stdenv because the patch is not a build input but the final output
<fzakaria>
(lmk if my assessment was wrong)
<jtojnar>
fzakaria: patchShebangs should work but it needs the program (jruby) on PATH (i.e. added to buildInputs)
ailiev has quit [Remote host closed the connection]
<infinisil>
Also, looking at pkgs/build-support/setup-hooks/patch-shebangs.sh, I see that it supports --build and --host flags, for build-time and runtime deps respectively, looking at PATH and HOST_PATH respectively
emmanuel_erc has quit [Remote host closed the connection]