<drozdziak1>
In order to successfully fool a package, I need a path in $out to be a symlink (readlink(<should-be-symlink>) syscall mustn't be an error)
growpotkin has joined #nixos
<drozdziak1>
mkDerivation seems to leave the resulting store path dereferenced
<euank>
drozdziak1: unless I'm reading that wrong, that's a symlink within $out pointing to a path in $out, right? when you readlink, what value does it end up being?
<elvishjerricco>
I have boot.loader.grub.efiInstallAsRemovable = true, but it's not creating a /boot/EFI/BOOT/BOOTX64.efi file.
<elvishjerricco>
Tried to switch back to systemd-boot and now I'm getting `systemd-boot not installed in ESP.` and `No default/fallback boot loader installed in ESP.`
<simpson>
Nix isn't a magic solution to dependency problems. It merely provides a structure against which we can *describe* dependencies, and the rest is library code.
CustosLimen has quit [Ping timeout: 260 seconds]
stree has joined #nixos
VideoGameEnjoyer has quit [Remote host closed the connection]
VideoGameEnjoyer has joined #nixos
Supersonic112 has joined #nixos
Supersonic has quit [Ping timeout: 250 seconds]
Supersonic112 is now known as Supersonic
CustosLimen has joined #nixos
typetetris has joined #nixos
Arahael has quit [Ping timeout: 240 seconds]
<DavHau[m]>
Not magical in a sense that it is a no-brainer. But being able to describe dependencies instead of basing your whole toolchain off of outdated docker images sound quite magical to me.
<{^_^}>
[nixpkgs] @jtojnar pushed to no-gnome-three « gnome: rename from gnome3 »: https://git.io/J3H60
vidbina has joined #nixos
__monty__ has joined #nixos
pixelfog has quit [Ping timeout: 245 seconds]
c4droid has joined #nixos
ram19890 has joined #nixos
chour has joined #nixos
chour has quit [Client Quit]
kenran has joined #nixos
<c4droid>
Hi, I'm trying create the initramfs using busybox with nix, I don't know how to write the nix expression for automatically building, I was saw the nixpkgs definitions, but my request is just build a debug kernel only initramfs, have any idea?
<rnhmjoj-M>
is it just me or the fonts in the new nixos.org theme are huge? hydra is particularly bad: a table line can't even fit the monitor in fullscreen
<z0k>
hi everyone, I'm new to nix and I'm wondering what the difference between `src = ./.` and `src = "${./.}"` in a nix expression is. I created a derivation for a private package and only the latter works when I try to use a relative path to parent directory.
<z0k>
i.e. src = ../my-package; doesn't work but src = "${../my-package}"; works
<jtojnar>
z0k: when you use a path in string interpolation, it will get copied to the store first and the string will contain the store path
<aj__>
Hello! I am new no nix(OS). I tried already to find out by google'n'docs, but I cant get a clear answer to the following questions: Do I have to install each package separately or is there something like a collection or meta system for things like "nix-env -i java-development-with-all-common-tools" ?
ddellacosta has joined #nixos
<aj__>
Furthermore: If I want to install for alle users, do I always have to edit the configuration.nix and rebuild? Or is there a wrapper for this, line nix-env --global ?
<jtojnar>
aj__: I would not expect there to be something like that
<philipp[m]>
aj__: Generally speaking what you do with nix-env and your configuration.nix are completely separate.
<jtojnar>
aj__: something like buildMaven might be useful but either way, you are probably better of using nix-shell over global installation with nix-env
<z0k>
I see. So the interpolated version contains the store path. But then what does the plain ./. contain?
<jtojnar>
root's user profile will probably be available to all users but I would still go with shell.nix
<Reventlov>
hey
<Reventlov>
any reason nix search might not find gnuradio3_8 ?
<jtojnar>
z0k: you can try it in `nix repl`
<jtojnar>
> ./.
<{^_^}>
/var/lib/nixbot/state/nixpkgs
<z0k>
Ah, so the interpolated path gets resolved to the store path, whereas ./. is the absolute path
<jtojnar>
> "${./.}"
<{^_^}>
access to path '/var/lib/nixbot/state/nixpkgs' is forbidden in restricted mode
<z0k>
at least it was when I did toString ./.
<philipp[m]>
Reventlov: The most obvious reason would be that you are not on a channel that contains the package, e.g. curent stable.
ddellacosta has quit [Ping timeout: 252 seconds]
<z0k>
oh it worked with just ./. too.
<z0k>
jtojnar: awesome, thanks!
<aj__>
Awwww, shell.nix not editing configuration.nix directly? Awwww home-manager !!! OK, Thx, I will have a noce weekend with the shiny new dell 9310 ....
<Reventlov>
philipp[m]: I'm on unstable :/
beertoagunfight has quit [Remote host closed the connection]
ramses[m] has quit [Quit: Idle for 30+ days]
Liam[m] has quit [Quit: Idle for 30+ days]
beertoagunfight has joined #nixos
<philipp[m]>
aj__: Have fun :D
<aj__>
If I use chanmel nixos-21.05pre287161.d3ba49889a7 .... how do I find new "pre" releases? Do they switch to the next "pre" automagically? (I had to use the pre install iamge, because of "intel xe GPU")
<philipp[m]>
aj__: That's your revision, not your channel. You get the latest revision of all your channels when you run sudo nix-channel --update
<philipp[m]>
Note that all your users can have different channels but all fall back to the root users/system channels.
<philipp[m]>
Reventlov: That's weird. I do get results for `nix search nixpkgs gnuradio3_8` on unstable.
<aj__>
When 21.05 gets released (when?), do I have to switch manually to the "stable" channel then?
<rnhmjoj-M>
aj__: yes, the url of each new stable release is different
<aj__>
THX so far for the kick-start support! Have a nice weekend!
<Reventlov>
So yeah I'm trying to use nixos / gnuradio 3.7 / limesdr
romildo has joined #nixos
romildo has left #nixos [#nixos]
<Reventlov>
and right now it seems even if I can tell to gnuradio where to find the blocks, the limesdr module is not actually available to gnuradio: https://0x0.st/-Bpv.txt
iyefrat has quit [Remote host closed the connection]
iyefrat has joined #nixos
<{^_^}>
[nixpkgs] @sternenseemann opened pull request #122186 → haskell.packages: move platform specific overrides into own configuration files → https://github.com/NixOS/nixpkgs/pull/122186
Synthetica has quit [Quit: Connection closed for inactivity]
<{^_^}>
[nixpkgs] @sternenseemann pushed 77 commits to haskell-updates: https://git.io/J3Qgf
<yurb>
Is there a general standard on what software can and can not be included in NixOS/nixpkgs?
<yurb>
What licenses are allowed, etc?
<yurb>
The Audacity/MuseScore telemetry with Google Analytics is something that got me thinking
<yurb>
I know there is `licenses.unfree`, so there is a distinction between free and unfree - but where is it defined?
<gchristensen>
there is a filecalled licenses.nix
<__monty__>
Afaict it corresponds to the FSF and/or OSI approved licenses.
<gchristensen>
"unfree" is nebulous in nixpkgs unfortunately, but it does vaguely resemble that
<yurb>
__monty__: the license list?
<gchristensen>
no, we have all sorts of licenses
jgt_ has quit [Ping timeout: 246 seconds]
<gchristensen>
yurb: we hardly filter on license at all
<__monty__>
I specifically meant what is considered free/unfree. Not that only FSF or OSI licenses are accepted, fyi.
<gchristensen>
yea
<yurb>
That makes a lot of sense. I'm curious if it is actually stated anywhere, or we are just assuming everyone is assuming the same? :)
<gchristensen>
assuming that "free" means OSI/FSF?
<yurb>
yeah
<MichaelRaskin>
I wonder if our «free» ever deviates from «majority of OSI/FSF/DFSG»
kreisys_ has quit [Remote host closed the connection]
<__monty__>
Might be a bit of an oral tradition. Though afaik there's no other widely accepted definitions?
<gchristensen>
well probably assuming, because it is not written down and it is probabl that some licenses that are ot FSF/OSI approved are marked as free
kreisys has joined #nixos
sangoma has quit [Read error: Connection reset by peer]
<yurb>
I'm just kind of curious what is the explicit or implicit algorithm of deciding what can and can't be included nixpkgs (licensing is a part of that, but there are also other questions). Like if there was some software with known bad behavior / backdoors / malware etc, say, hypothetical Chinese app with code open source but clearly backdored, do we have some written criteria to evaluate that against? Or more like common sense, case-by-case decision?
jiribenes has joined #nixos
<yurb>
Linux is often viewed like a more privacy-friendly OS; in part because most open-source software is known to not contain spyware. However, with cases like Audacity / MuseScore, that might change.
<noonien>
hello folks
<noonien>
anyone using nvidia cards on nixos servers?
hyiltiz has quit [Ping timeout: 246 seconds]
<{^_^}>
[nixpkgs] @mweinelt pushed 35 commits to staging-next: https://git.io/J3Q62
<superherointj>
yurb, security is a hard (and costly) problem. Security efforts are ad-hoc.
<superherointj>
Only better reviews could improve on it. And that is a very limited resource.
<noonien>
well, it's a headless environment, doesn't really matter if it's a server or not
<superherointj>
Many fine PRs takes very long for review and quality and depth of reviews will vary. Usually consider them shallow.
<yurb>
superherointj: yeah, that is understandable
melg8 has joined #nixos
stree has quit [Ping timeout: 265 seconds]
ddellaco_ has quit [Ping timeout: 268 seconds]
eisenvig[m] has left #nixos ["User left"]
amirouche has joined #nixos
<yurb>
I'm thinking more about general policy; with licenses there is a (more or less) clear distinction free vs unfree. There might be something similar with software that is known no contain controversial features
<superherointj>
yurb, each package has it's license. Users should be judge.
<yurb>
superherointj: yeah, but nix helps to maintain the distinction by having the `allowUnfree` setting (disabled by default)
<yurb>
i.e., I know nix will warn me if I try to install something I don't want
<superherointj>
So you are debating what is free and what is not?
<__monty__>
Packaging has so far seemed fairly open as long as it's useful for more than one person. Just because something's packaged doesn't mean you're exempted from applying critical consideration as a user.
<superherointj>
How does it know it is free/unfree?
<yurb>
superherointj: yes
<superherointj>
yurb, there is a list of licenses considered free. If something is not there, it is unfree then.
<__monty__>
yurb: Are you maybe suggesting nixpkgs add something like "allowPhoningHome?"
<yurb>
yeah, I like how the licensing is being clearly divided onto free and undree
lordcirth_ has joined #nixos
<yurb>
__monty__: I'm more like brainstorming, but yep, I'm thinking in that direction; though the Audacity case is not even about phoning home - it's about third-party tracking
philr has quit [Ping timeout: 240 seconds]
<yurb>
i.e. talking to third-party services, collecting personal data (although they argue that ip addresses aren't personal data)
<yurb>
Also this Google Analytics situation with Audacity raises some GDPR questions - although I don't have the expertise to evaluate that
lordcirth has quit [Ping timeout: 250 seconds]
<superherointj>
yurb, NixOS follows upstream, if usptream decides to do something silly, something silly will happen. The user should be judging what is relevant to their needs.
<__monty__>
More detailed info would be cool. I think this should probably start as an external effort though.
<yurb>
superherointj: I agree with you totally, after all this is about user freedom. I'm thinking more about like the threshold of "silliness" that Linux distributions (not just NixOS) are going to tolerate generally
<superherointj>
yurb, the issue is not of tolerance, there is not much that can be done.
<yurb>
there is a warning on the package: "This app tracks and reports your activity"
<superherointj>
I still think NixOS could have a better security model in general, like being able to hide or make private some nix/store packages. or some sort of policy. There are other possibilities as well. But that won't change 'silly apps'.
<yurb>
Some sort of policy would be a great first step!
<superherointj>
yurb, likely there should have a neutral service that would track software *in general*. And NixOS could benefit from that.
<superherointj>
Mimicking what f-droid is doing.
civodul has quit [Ping timeout: 260 seconds]
<superherointj>
Then, it would only be a matter of interface hinting about the status of that software in general.
<superherointj>
If there is a specific vulnerability created at packaging stage, I'm sure NixOS people will take it seriously. There is review already, but as I said earlier, resources are thin.
<superherointj>
yurb, f-droid security profiling/scanning should be outsourced to someone specialized into this. This is beyond the scope of this NixOS. It's tricky to say how safe/secure/harmful some application is.
<superherointj>
This could serve for other distros as well.
<superherointj>
yurb, maybe there is some service that does this already.
<superherointj>
yurb, there's a distiction between a packaging security problem (NixOS failure) and upstream security problem (Upstream failure). If you are considering tackling 'upstrem security' I guess a new project/service is needed.
arjen-jonathan has quit [Ping timeout: 260 seconds]
<superherointj>
yurb, there is a lot to be done on security on NixOS, we should have some security model to isolate applications and data present on nix store, everything being global and accessible is terrible. But 3rd party packages is the part that should be solved by some other iniciative, it's too costly. Anyone willing can hide backdoors easily and hardly will be spotten even on reviews because tiny errors are good enough.
<dupon1>
superherointj: don't SELinux/AppArmor is made for this purpose?
f4r5983 has quit [Read error: Connection reset by peer]
fendor_ has joined #nixos
fendor has quit [Ping timeout: 240 seconds]
<thibm>
Does everybody received notifications for the ZHF issue #122042 or did I received notifications for some reason (but I don't find anything)?
<legendofmiracles>
<valerii_leontiev "How to put directory with home.f"> there's a recursive option, forgot the exact name. And then you have to point .source to a dir
<evils>
thibm: the nixpkgs committers and maintainers teams were tagged in the ZHF issue, everyone in those automatically gets subscribed to notifications because of that
<tobiasBora>
Hello, I'm curious to know: I understand that bubblewrap comes with two flavors: setuid when user namespaces are disabled, and another version in which user namespaces are used. However, as far as I understand, it's not really possible to setup a setuid file in derivation directly, one must configure the setuid binaries via nixos modules. But when it is used in other systems (say debian), then I
<tobiasBora>
guess you won't be able to configure setuid that way. So my question is: how is nix install bubblewrap to ensure it has setuid in debian? I tried to read the source code and can't find anything relevant.
<dev_mohe>
https://imgur.com/a/tMcMXZ7 I think this is supposed to be a maintainer invitation but it really doesn't look like one and it irritated me a lot as I missed the email. On that note is it possible to get one again as it already expired?
ahmedelgabri has joined #nixos
<gchristensen>
lukegb: sigh, right. I need to find a wya to report problems which doesn't involve gpg.
<gchristensen>
dev_mohe: sure
<gchristensen>
dev_mohe: what is your handle?
<dev_mohe>
@mohe2015
<gchristensen>
dev_mohe: looks like you got the mail about 26 days ago?
<dev_mohe>
12.04 so yes
<dev_mohe>
in german writing so 2021/04/12 obv
<gchristensen>
no doubt :)
<gchristensen>
I think a fresh invitation is sent, I don't understand the sentence about the irritation, can you clarify?
civodul has joined #nixos
<dev_mohe>
thanks, yeah it worked. I don't think you can distinguish the invitations depending on the team you get to join
<{^_^}>
[nixpkgs] @sternenseemann opened pull request #122212 → top-level/release-haskell.nix: merge jobs using lib.recursiveUpdate → https://github.com/NixOS/nixpkgs/pull/122212
<Kinnison>
So if your PR is meant to fix something necessary for the release you might want to find out how to raise it to the attention of the right people
<shla>
dev_mohe, and yes, this is how it subtly broke my system when I configured additional sysctl variables via the configuration and rebuild system with switch, this would have gone unnoticed with boot rebuild
ahmed_elgabri has quit [Ping timeout: 260 seconds]
ddellaco_ has joined #nixos
<dev_mohe>
shla: you're welcome - unfortunately I can't merge so you have to hope somebody else does. But be patient it's totally normal this takes a day or two.
ddellaco_ has quit [Remote host closed the connection]
<shla>
i'm patient :) being new to this community I thought I will just open a bug report, tag right people I found via git blame and that will be it, however nobody cared to fix this so I submitted fix myself :) hopefully this will be accepted before the release.
ddellaco_ has joined #nixos
<dev_mohe>
shla: I think there is a lot of work for few people - but this is also my experience. Also quite a few maintainers are not active any more or aren't checking every day.
<shla>
after raising an issue I waited patiently for a month :)
<shla>
but yeah, I understand people are busy, now that this got approved maybe it will get more attention?
<dev_mohe>
yeah your waiting time after raising the issue was totally fine. For a pull request I personally would wait a little longer but the release is also soon and this seems like something pretty bad so idk what I would do. Also it's a bit of experience to get to find out how fast what gets fixed. But in this case it should've been looked into earlier IMHO. But as most people are doing this in their free time this isn't a
<conkker>
a module in my (non-system, non-nixosConfigurations) flake depends on an unfree package, how can I inherit the user's (the person importing my flake as an input) `nixpkgs.config.allowUnfree = true` attribute for my flake's nixpkgs?
ezemtsov has joined #nixos
<tpw_rules>
i'm not 100% sure if you can grab that attribute from the user, but you can set allowUnfree = true on the nixpkgs you import in your flake by simply saying import nixpkgs { config = {allowUnfree = true;}; /* other stuff */ };
<__monty__>
qyliss: Yes, though I haven't looked into it today. Next thing I was going to try is put the expressions in a file and using why-depends with -f.
<qyliss>
does why-depends support an expression if its in parens, like nix build?
<qyliss>
but there's also nix-store -q --tree, the old way
<sss1>
hi all, ho to disable remote builder just for on run ?
<superherointj>
I'm trying to package a Go package that requires to use "go generate". It errors w/ connection refused (it can't download it). How do you handle it?
* superherointj
is no Go programmer. He is trying to use 3rd party software.
<notafile>
hey, not sure if this is the right place, but nixos.org's ipv6 seems to be broken for me. Something seems to be dropping ICMP messages, breaking PMTUD.
<superherointj>
> go: contrib.go.opencensus.io/exporter/ocagent@v0.6.0: module lookup disabled by GOPROXY=off
<{^_^}>
error: syntax error, unexpected '@', expecting ')', at (string):494:46
<simpson>
superherointj: The standard pattern is to deduce which Go package-management tool is intended to install the package, and then applying go2nix, dep2nix, etc.
<kahuna>
Hey all, try to build my own python3 application with nix, so i started with the minimum default.nix https://paste.debian.net/1196850/ where all dependencies are always in the setup.cfg but I have these error `Could not find a version that satisfies the requirement python-snappy (from pykouze)` Any idea why i have this error and how to fix it ? ps: pip install python-snapyy work. Thanks
<immae>
samueldr: as far as I understand the issue is ongoing since march
<hyperfekt>
well, the installer also *shouldn't* be stuck, so i think it's a fair assumption that something somewhere in nixpkgs doesn't do what it should :b
<hyperfekt>
immae: that's helpful
<samueldr>
yeah, I haven't caught back up to the original issue :)
<nf>
hi i'm the friend, and from my tests it's almost definitely a grub 2.06-rc1 bug
<samueldr>
just reacting to the incidental ping :)
<nf>
changing the ISO to have grub 2.04 instead solves it
<samueldr>
plausible! grub sees so infrequent releases changing it means a lot of changes are bundled in one go
<samueldr>
nf: do you know if it's a "known" issue on other distros, for your own issue?
<samueldr>
or haven't tracked any of it?
<nf>
no, i couldn't find anything
dev_mohe has quit [Quit: dev_mohe]
<nf>
i'll need to test a minimal ISO with just grub on it to check that it's not related to nixos
<{^_^}>
[nixpkgs] @sternenseemann pushed to haskell-updates « haskellPackages.paramtree: disable flaky test suite »: https://git.io/J35wI
<samueldr>
AFAIK *all* distros heavily patch grub
<samueldr>
so that's something else to be aware of
<samueldr>
(because, lack of frequent updates)
<samueldr>
jonringer: when using UEFI, you can use any UEFI bootloader. The manual (wrongly) suggests only systemd-boot works
<samueldr>
the phrasing should be reviewed, to better scope it as a suggestion, or maybe better yet, use grub for both cases since that reduces the "fractality" of the installation "guide"
<samueldr>
one thing I have in mind, once we have page-wise documentation, is to build a sort of appendix "all the ways you can customize the installation"
<samueldr>
where it goes into more details for schemes like LUKS, LVM, etc
<samueldr>
all bootloaders
<samueldr>
but as it is, filling up the current section is not really worthwhile
hyiltiz has quit [Ping timeout: 260 seconds]
<colemickens>
:( welp I've ported my nix job to github actions and it fails everytime with "unexpected end of file" before ever finishing a full complet toplevel build
<{^_^}>
[nixpkgs] @maralorn pushed to haskell-updates « maintainers/scripts/haskell/regenerate-hackage-packages.sh: Small improvents and encoding workaround »: https://git.io/J35ro
<nf>
the nix unstable documentation has also switched to that format
ddellaco_ has joined #nixos
<{^_^}>
[nixpkgs] @maralorn pushed commit from @divanorama to haskell-updates « haskellPackages.gi-gtk-declarative-app-simple: loosen haskell-gi version bound »: https://git.io/J35oJ
<abathur>
colemickens: how many times is every time? linux?
kreisys has joined #nixos
<colemickens>
linux, and 4 times in a row to the point I stopped
<colemickens>
so far stable nix seems to be making it further
<colemickens>
which is fine
<abathur>
hmm, yeah
<hyperfekt>
reverting to grub 2.04 did indeed do the trick /cc samueldr
<samueldr>
hyperfekt: ugh!
<samueldr>
hopefully you understand it's not at you
<abathur>
there's been some sort of EOF bug in at least unstable for a while; I can't recall having seen it in a linux build but I think I do remember seeing some reports there
<immae>
samueldr: I’m not sure I followed the discussion correctly, but note that the ISO that nf tried (and failed to boot) with grub 2.06 boots fine on my laptop
<immae>
So you’re certainly not to blame for the failure to detect it with qemu testing
<samueldr>
yeah, it was about a detail that is too new for your cases :)