<clever>
sondr3: but, by that time, i already knew c++, qbasic, perl, annd javascript
<clever>
sondr3: something of note, the only programming course ive ever taken at school, was visual basic, in grade 11
<clever>
sondr3: ah
<clever>
sondr3: `strace -f -e execve` may further explain it, but you would have to compare to what a mac does, and execsnoop may hide the answer
<clever>
sondr3: it might even be a bash level thing, because make runs these strings with `sh -c`
<clever>
sondr3: it might be that mac's make, or clang, is ignoring the "" in the arguments
<clever>
sondr3: is macos using a different makefile, or is he telling you to edit it?
<clever>
name++
<clever>
so it should have no real effect
<clever>
sondr3: the gist sets LTHREAD to ""
<clever>
sondr3: what happens if you remove the LTHREAD part?
<clever>
sondr3: but when you read the script, you skipped over that part!
<clever>
and g++ blindly obeys, and tries to open ""
<clever>
sondr3: one of the arguments to g++ was ""
<clever>
sondr3: i thought so
<clever>
11978 access("", F_OK) = -1 ENOENT (No such file or directory)
<clever>
you must then answer it, and supply a pw
<clever>
inkbottle: `nixos-install` will run passwd for you, at the end
<clever>
sondr3: `strace -e execve -f make` might also help
<clever>
sondr3: oops `strace -f -o logfile make ; grep ENOENT logfile > logfile2` then upload logfile2 to gist
<clever>
sondr3: `strace -o logfile make ; grep ENOENT logfile > logfile2` then upload logfile2 to gist
<clever>
,nix-shell
<clever>
sondr3: nix-shell should provide the gcc wrapper for you, installing gcc and gnumake will break things
<clever>
sondr3: do all of the lines mention ENOENT?
<clever>
sondr3: `strace -f make 2>&1 | grep ENOENT` ?
<clever>
sondr3: gist works good, and nix-shell should fix everything
<clever>
sondr3: are you using nix-shell or did you install a compiler?
<clever>
sondr3: can you pastebin the Makefile contents and the exact output it gives when failing?
<clever>
sondr3: what is the error?
<clever>
i dont think i see bsd make packaged
<clever>
sondr3: i think it will always be gnu make, you can check `make --version` to confirm
<clever>
sondr3: `nix-shell -p` will provide you with make
<clever>
equivrel: `nix-collect-garbage --delete-older-than 7d` will delete the roots for profiles it has access to (root can delete from all), then delete the garbage that it exposed
<clever>
equivrel: `nix-store --gc` doesnt matter what uset its ran as, and can only delete things without roots
2019-09-24
<clever>
fun!, lol
<clever>
nix can also build each executable on a different machine, in parallel, if you have build slaves
<clever>
exarkun: so you can build just one executable from the cabal file, even if the others fail to build or are slow to build
<clever>
alexarice[m]: and your working dir is $NIX_BUILD_TOP when things begin
<clever>
alexarice[m]: TEMP, TMP, and TEMPDIR are already set to $NIX_BUILD_TOP
<clever>
pbb: can you pastebin the full error message?
<clever>
alexarice[m]: export HOME=$NIX_BUILD_TOP
<clever>
mojjo: also, every time you do `import ./something { inherit pkgs; }` you can instead fo `pkgs.callPackage ./something {};` and it will pass `pkgs` for you
<clever>
mojjo: import
<clever>
danderson: /run/current-system will probably point to it
2019-09-23
<clever>
rawtaz: that builds the avr firmware for my thermostat, so it gives you an avr-gcc compiler
<clever>
rhitakorrr: but stack2nix level stuff, typically just gets git rev's from the stack file, and doesnt know what the sha256 of things are, so it cant purely generate the nix
<clever>
rhitakorrr: cabal2nix needs a copy of the src, and you can usually get that with `fetchFromGitHub` or related
<clever>
akamaus: if you want to replace the derivation, you need an overlay
<clever>
c0c0: what does `stty` say about `erase` ? on both the local machine, and after you ssh into the remote
<clever>
but nothing says you cant declaratively generate a fake "state" and restore it on bootup
<clever>
the original use for save&restore, was to just save at shutdown, then restore on bootup, so your firewall becomes a giant mess of state, that just persists thru reboots, lol
<clever>
gchristensen: the rest, is just a partial iptables argument list, with the `-t raw` omitted
<clever>
-A PREROUTING -j nixos-fw-rpfilter
<clever>
gchristensen: this is setting the default target for the chain, and the numbers are packet and byte counters, if you wanted to save them on shutdown and restore on bootup
<clever>
:PREROUTING ACCEPT [20006224:1592249935]
<clever>
gchristensen: basically, each table is just a `*nat` line, some update operations, and a `COMMIT` line, and everything is applied atomicly
<clever>
docker might also do something, cant remember
<clever>
gchristensen: some services like fail2ban also mutate the rules, on the fly
<clever>
gchristensen: but, that conflicts with extraCommands, and a lot of junk wants to use bash loops to run iptables multiple times
<clever>
gchristensen: its very simple
<clever>
the problem, is that you have to generate output similar to `iptables-save` from nix, and then use that
<clever>
cat ${something} | iptables-restore, will do the entire update, many rules, in a single atomic operation
<clever>
so if you run `iptables -A` 20 times, the 20th call is 20x slower then the 1st call
<clever>
but, copying that table, gets slower, every time you add a rule
<clever>
and any packets that arrive after the pointer-update will use the new rules
<clever>
any time you modify the rules, you must copy the entire table, (and modify the copy), then update a single pointer
<clever>
the reason, is that the kernel is using RCU lists for the firewall, read-copy-update
<clever>
id also love to set it use iptables-restore
<clever>
it should support allowing a port on a given interface, without having to use extraCommands
<clever>
yeah
<clever>
eyJhb: there is also -I to insert at a given offset if you want to use that
<clever>
eyJhb: id have to read it closer to see what exactly is different with the rp stuff
<clever>
ah, ive not used rpfilter any yet, dont know how it differs
<clever>
the log-refuse is handled seperately from extraCommands
<clever>
ah, this explains the part i just said i didnt know
<clever>
which says that anything not matching a thing in `nixos-fw` will go to `nixos-fw-log-refuse`
<clever>
-A nixos-fw -j nixos-fw-log-refuse
<clever>
i dont know why (from -save only) but this line appears after the 3 `-t filter -A nixos-fw` in my router.nat.nix
<clever>
in my case, `-A INPUT` only has a single entry, that tells it to run thru `-A nixos-fw` next
<clever>
-A INPUT -j nixos-fw
<clever>
eyJhb: run `iptables-save`, look under `*filter` and look at the `-A input` area, all packets start there
<clever>
eyJhb: have you looked at the example router.nat.nix i linked above?
<clever>
and nixos-fw-accept has no default, so you can append more to it
<clever>
eyJhb: i believe the drop only happens after it has tried nixos-fw-accept
<clever>
using mkAfter fixes that
<clever>
eyJhb: in my case, the commands where being ran before nixos-fw-accept had been created, causing failure
<clever>
eyJhb: if you set extraCommands multiple times, the order when it merges things isnt always obvious, and is based on the order of things in the imports array
<clever>
eyJhb: thats due to how the merging works with types.lines