2019-03-28

<clever> pie_: just `exit 1`
<clever> but that predates the initrd even having network support
<clever> bgamari_: last time i delt with iscsi, it was my rootfs, so the initrd handled that
<clever> gchristensen: systemd-analyze plot
<clever> nefix: search nixpkgs for wrapProgram
<clever> symphorien: not sure how you would handle that
<clever> nefix: modify all of the binaries to be wrapped with a bash script, to put that package into PATH
<clever> nefix: you usually bake the paths into your package, either direct references, or prefix PATH with a bash wrapper
<clever> nefix: nix doesnt allow that to happen just from installing a package, you must enable a nixos module to do that
<clever> only nixos can manage /etc/, packages cant do it
<clever> nefix: yeah, nixos option
<clever> nefix: environment.etc
<clever> symphorien: only at the bash level
<clever> samueldr: you also passed your own -enable-kvm, which isnt conditional
<clever> samueldr: the qemu-kvm bash script, simply tests for /dev/kvm, and conditionally passes -enable-kvm, so it wont fail like that
<clever> samueldr: on nixos, kvm is 666
<clever> Guest29214: you want to set isNormalUser = true; on the acct

2019-03-27

<clever> ah, thats still os, not arch
<clever> generic-builder.nix:, enableHsc2hsViaAsm ? stdenv.hostPlatform.isWindows && stdenv.lib.versionAtLeast ghc.version "8.4"
<clever> ,pr judson__
<clever> then complain to the one that did
<clever> iqubic: include the required fonts inside the flatpak
<clever> iqubic: it likely ignores all system stuff
<clever> __monty__: what if i want to allow older?
<clever> Xyliton: you must add its lib dir to LD_LIBRARY_PATH
<clever> aplainzetakind: did you also ensure to stop nix-daemon?
<clever> blackriversoftwa: it may not obey /etc/group, and then just not put things into kvm
<clever> blackriversoftwa: nix-daemon is doing some container-style logic to change what uid the build thinks it has
<clever> blackriversoftwa: for me, it outputs: uid=1000(nixbld) gid=100(nixbld) groups=100(nixbld)
<clever> blackriversoftwa: nix-build -E 'with import <nixpkgs> {}; runCommand "foo" {} "id"'
<clever> blackriversoftwa: it might be that nix-daemon doesnt obey extra groups, would need to run `id` inside a build
<clever> you could also test that on your ubuntu
<clever> blackriversoftwa: on nixos, its 666, so you dont need a special group
<clever> crw-rw-rw- 1 root root 10, 232 Mar 27 11:58 /dev/kvm
<clever> blackriversoftwa: nothing looks out of place there
<clever> blackriversoftwa: what about the output of `nix show-derivation /nix/store/bvapz42iyv546qfmrwrb7aqskqia7ja6-digital-ocean-image.drv` ?
<clever> blackriversoftwa: thats weird, its showing very clear signs of booting, and already having kvm, before it fails
<clever> tilpner: the first thing the daemon does after picking a user, is to kill every process within the given uid
<clever> tilpner: only when changing his own user, but the nixbld groups are different
<clever> and the other lines nearby, just pastebin the whole output
<clever> can you pastebin the full error msg?
<clever> then it shouldnt need your user to be in the group
<clever> blackriversoftwa: is nix-daemon running?
<clever> blackriversoftwa: and the chmod bits?
<clever> blackriversoftwa: what user/group owns /dev/kvm ?
<clever> blackriversoftwa: your user needs permission to open /dev/kvm
<clever> that changes capslock to shiftlock, so it affects things like numbers
<clever> services.xserver.xkbOptions = "caps:shiftlock";
<clever> betawaffle: no idea, the only keyboard change ive done is shiftlock
<clever> `man vconsole.conf` does exist!
<clever> betawaffle: oh, it even claims to have a man page!
<clever> /nix/store/llvq7j77zkrm8xg93rwr113n3wqynfjm-systemd-239.20190219/example/systemd/system/systemd-localed.service:Documentation=man:systemd-localed.service(8) man:locale.conf(5) man:vconsole.conf(5)
<clever> betawaffle: or the systemd docs
<clever> /nix/store/llvq7j77zkrm8xg93rwr113n3wqynfjm-systemd-239.20190219/share/doc/systemd/NEWS: * If /etc/vconsole.conf is non-existent or empty we will no
<clever> betawaffle: this seems like the most likely hit, so youll want to go to the systemd sources next
<clever> Binary file /nix/store/llvq7j77zkrm8xg93rwr113n3wqynfjm-systemd-239.20190219/lib/systemd/systemd-vconsole-setup matches
<clever> betawaffle: this will search the entire machine for any config or executable that can refer to that file
<clever> [root@amd-nixos:~]$ grep -r vconsole.conf $(nix-store -qR /run/current-system)
<clever> yeah
<clever> probably
<clever> mojjo: not really
<clever> mojjo: you may also not be able to access the data if you change those settings
<clever> mojjo: the bios can be configured to either expose the drives directly, or route them thru the raid controller
<clever> mojjo: line 9, a raid controller, you may need special drivers for it
<clever> mojjo: can you pastebin the output of lspci?
<clever> mojjo: every bios shows it differently
<clever> mojjo: crack the case open, look at it
<clever> mojjo: its more about the physical drive
<clever> mojjo: is it on the sata bus, or directly pcie?
<clever> mojjo: do you know what type of device it is?
<clever> mojjo: does lsblk show it?
<clever> sb0: the attacker needs to know the hash of the build directions to download something

2019-03-26

<clever> eval-time ones are harder to read
<clever> slabity: thats an eval-time failure, rather then a build-time failure
<clever> nefix: does it give a giant spew of "cant build x, 1 dep failed" ?
<clever> nefix: nix already tells you the answer in the error, can you pastebin the entire error output?
<clever> and then it gets messy, you would have to check a lot of things for the propagated build inputs under nix-support
<clever> so you would want to add --all to why-depends
<clever> oh, but a lot of things depend on cups, but dont pull in the .desktop
<clever> christianpoveda: yeah, so gnome-control-center is to blame
<clever> christianpoveda: the output uses colors heavily, so a screenshot may be better
<clever> christianpoveda: nix why-depends /run/current-system /nix/store/b9ypwpa96g1gmxg3n6m04awy4dnss4rw-cups-2.2.6
<clever> christianpoveda: what is the full path in the store?
<clever> christianpoveda: nix-store -qR /run/current-system | grep cups
<clever> christianpoveda: what do you get if you run `nixos-option services.printing.enable` ?
<clever> can you screenshot the thing?
<clever> what if you right click it?
<clever> ah
<clever> then i can refer to `ps aux` to find the proc name
<clever> for example, i can see this when i click on my terminal emulator
<clever> _NET_WM_PID(CARDINAL) = 5030
<clever> christianpoveda: run xprop, and click on the app, to find its process name
<clever> yep
<clever> which will apply an overlay to gnome3, to create a new gnome3 lacking X, then put that into a nixpkgs overlay, to replace the whole gnome3
<clever> symphorien: you want gnome3 = super.gnome3.gnome3.overrideScope' (_: _: { gnome-documents = null; });
<clever> symphorien: due to how overlays work, that would set gnome3 to a set that contains only gnome-documents = null; and all other gnome things would be missing
<clever> NYXT: and then name your script cc or clang, and put it first in PATH
<clever> NYXT: you could create your own bash script, that runs your clang, and prepends NIX_CFLAGS_COMPILE to the args
<clever> NYXT: 80% of what cc-wrapper does, is force (g)cc to obey $NIX_CFLAGS_COMPILE, because packages often overwrite CFLAGS
<clever> NYXT: `env | grep --color FLAGS`
<clever> NYXT: you need to manually pass it $NIX_CFLAGS_COMPILE and friends
<clever> sphalerite: ah, there is a nix level check, that is somewhat decoupled from the actual config
<clever> sphalerite: an old override i have since disabled
<clever> 271 NF_CT_PROTO_DCCP n
<clever> 270 extraConfig = ''
<clever> 269 XXXlinux_4_9 = pkgs.linux_4_9.override {
<clever> sphalerite: *digs thru cfg*
<clever> jD91mZM2: correct, you can leave it out
<clever> samrose: what fails if you try to boot the iso on virtualbox?
<clever> JonReed: 27-29 are almost exactly what you want
<clever> slabity: which may also wind up in /run/current-system/sw/etc or sw/share
<clever> sphalerite: i think thats right
<clever> fendor: `cabal install` isnt really supposed to work on nixos, because thats not how nix manages installing things
<clever> sphalerite: i think there is a defconfig entry in the platforms stuff
<clever> fendor: nixpkgs only works fully with the non-new commands
<clever> fendor: all of the new- commands
<clever> so it cant find zlib, even if you do supply it
<clever> fendor: i think the problem is that `cabal new-build` doesnt respect the buildInputs
<clever> qyliss^work: if you add ./vim.nix to your imports section, it will have all of my vim config, including Nix syntax highlighting
<clever> http: is also a function, but http:/ is a url
<clever> a:a colors itself like a function in vim
<clever> > /.
<clever> have fun! :P
<clever> > a: b
<clever> > a:b
<clever> just like src = "/home/clever/foo.tar.gz";, stop quoting your paths!!
<clever> foo = ../../bar/baz; solved it fully
<clever> Myrl-saki: i recently helped a user that was doing foo = "${../..}/bar/baz"; and then wondered why it was rebuilding uselessly
<clever> > { x, ".", y }: x + y
<clever> qyliss^work: how do you then inherit it, and add it to your function args?
<clever> it will cast to string when you least expect it, with various side-effects
<clever> you can think of paths like numbers in JS :P
<clever> paths arent strings
<clever> > { . = x: y: x+y; }
<clever> qyliss^work: assigning a value to . would be ... difficult
<clever> though you have the limitation that f must be a normal attr
<clever> it would just be a parser level thing, that generates the same AST as `f x y`
<clever> but x `f` y is fairly simple
<clever> infix would be difficult to do with the parser in nix
<clever> Myrl-saki: ive sometimes wanted to use $ in nix

2019-03-25

<clever> neonfuz__: check the go docs
<clever> neonfuz__: i'm thinking, try a newer nixpkgs rev
<clever> neonfuz: which would imply a bug within the derivation, sqlite is enabled, yet silently not included
<clever> neonfuz: yep
<clever> neonfuz: now i can run `nix show-derivation /nix/store/s59vkr1xs9c67nchwwdmpbbappb52wn0-gogs-0.11.86-bin` and see the drv that built it
<clever> neonfuz: i can see that it fetched the exact same gogs build you have, which lacked sqlite
<clever> copying path '/nix/store/s59vkr1xs9c67nchwwdmpbbappb52wn0-gogs-0.11.86-bin' from 'http://nas.localnet:8081'...
<clever> neonfuz: it is now building...
<clever> and without an fs, i have to switch to .vm
<clever> [clever@nas:~/neonfuz]$ nix-build -E '(import ((builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/796a8764ab8.tar.gz) + "/nixos") {}).vm' -I nixos-config=./configuration.nix
<clever> yeah, deleting the references to them now
<clever> this will actually do what i said
<clever> [clever@nas:~/neonfuz]$ nix-build -E '(import ((builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/796a8764ab8.tar.gz) + "/nixos") {}).system' -I nixos-config=./configuration.nix
<clever> typo in my cmd
<clever> oh, oops, thats the nixpkgs, not nixos path
<clever> neonfuz: this allows me to build the same cfg, on the same nixpkgs
<clever> [clever@nas:~/neonfuz]$ nix-build https://github.com/NixOS/nixpkgs/archive/796a8764ab8.tar.gz -I nixos-config=./configuration.nix -A system
<clever> neonfuz: can you pastebin your entire configuration.nix file?
<clever> neonfuz: sqlite is also enabled on that version...
<clever> neonfuz: what does `nix eval nixpkgs.lib.version` report?
<clever> neonfuz: sqlite, i mean
<clever> neonfuz: yeah, that one appears to be built without gogs
<clever> neonfuz: what is the full storepath to your gogs binary?
<clever> neonfuz: sqliteSupport defaults to true, and must be set with .override, not config.gogs
<clever> which is rather useless, since it only works as root
<clever> `sudo -u nobody systemctl status ...`
<clever> while yours has all:all, so you can run systemctl status, as any user
<clever> i think that means i can only run zpool as root
<clever> and `sudo zpool status` works without a pw
<clever> cmacrae: from a machine where i do see it working
<clever> (root) NOPASSWD: /run/current-system/sw/bin/zpool status*
<clever> cmacrae: you also missed a / in here
<clever> sudo nix/store/rl4ky8x58ixnfjssliygq7iwyd30l3gn-systemd-239.20190219/bin/systemctl status openvpn-moo
<clever> cmacrae: can you add the -l output to the gist?
<clever> cmacrae: also check `sudo -l` which should list what you can (and cant) do
<clever> cmacrae: and what happens if you run a literal: sudo systemctl '*' openvpn-moo
<clever> clefru: what does `sudo -l` report?
<clever> sphalerite: ive also noticed it, but havent looked into why
<clever> jomik: if condition then (throw "msg") else (buildEnv ...)
<clever> jomik: nope, thats where you want throw instead
<clever> jomik: you want the nix manual, not the nixos manual
<clever> jomik: yeah
<clever> jomik: so you would insert the assert on line 8 maybe
<clever> jomik: the syntax for assertions is weird, it works similar to a let block
<clever> Alling: which says that it has never passed on hydra
<clever> Alling: yep
<clever> clefru: can you run `nix show-derivation /nix/store/foo.drv` on that drv?
<clever> clefru: what the heck did node2nix do to you? lol
<clever> ah, i'm on slim
<clever> /home/clever/.Xauthority
<clever> clefru: XAUTHORITY is in $HOME on nixos, last i checked
<clever> phases="buildPhase" out=/tmp/whatever genericBuild
<clever> you can also set out at the same time
<clever> clefru: what about just running nix-shell, and then `phases="buildPhase" genericBuild` in the directory the src came from?
<clever> clefru: and then re-run nix-build, and nix will run those commands for you, at the right point
<clever> clefru: also, you can just edit the nix file, to add more commands at any point in the derivation
<clever> jomik: you probably want assert or throw
<clever> clefru: it works by adding buildInputs = [ breakpointHook ]; to your derivation
<clever> > breakpointHook
<clever> clefru: ctrl+f https://nixos.org/nixpkgs/manual/ for breakpointHook and it will explain what you need
<clever> clefru: https://github.com/Mic92/cntr i think you want this
<clever> install is special, and i dont think it can be overrode like that
<clever> only `npm run dist` will run that
<clever> i dont think it does
<clever> clefru: looks like you need to run `babel -d dist src` after npm does most of its work
<clever> clefru: have you tried yarn2nix yet?
<clever> ah
<clever> clefru: one mi
<clever> n
<clever> and its likely complaining about /usr/bin/env not existing
<clever> npm ERR! code ENOENT
<clever> npm ERR! path /nix/store/in8240mjl3l857gi1db2ywvwapcqv5hs-node-nanopos-0.1.5/lib/node_modules/nanopos/dist/cli.js
<clever> clefru: /usr/bin/env doesnt exist within the nix sandbox, you cant recreate that issue with su or nix-shell
<clever> clefru: can you pastebin the original error your trying to fix?
<clever> clefru: you may want to `export out=$HOME/foo` first, to make it writable
<clever> clefru: yeah, genericBuild is the usual entry
<clever> clefru: the rest highly depends on what is failing, and why
<clever> clefru: first, you can skip sourcing env-vars, by running `nix-shell /nix/store/foo.drv`, as for $out, you can just re-export out to something else
<clever> fmsbeekmans: you need to have a script that generates the nix, outside of nix
<clever> fmsbeekmans: yeah
<clever> fmsbeekmans: or giving it a wrong hash
<clever> ,tofu fmsbeekmans
<clever> fmsbeekmans: by running nix-prefetch-git, in a normal shell
<clever> you will also want to connect the gnd of both, so they have a common reference
<clever> nefix_: so you can then run any serial terminal program on one, to access the serial port of the other
<clever> nefix_: if you connect the tx->rx between both of them, then the serial port on one is linked to the other
<clever> nefix_: yeah
<clever> nefix_: do you happen to have a second matching board?
<clever> nefix_: does the board have a serial port?
<clever> idbloader.img is in that directory
<clever> /nix/store/m7rpgdb47k0qkbw8wq03r47z9gy9w5q5-uboot-rock64-rk3328_defconfig-2017.09/idbloader.img
<clever> nefix: that hydra build is in the cache, you can just: nix-store -r /nix/store/m7rpgdb47k0qkbw8wq03r47z9gy9w5q5-uboot-rock64-rk3328_defconfig-2017.09
<clever> nefix: did you build u-boot for the board?
<clever> fmsbeekmans: but for fetching nixpkgs, you likely want fetchTarball instead
<clever> with import (builtins.fetchTarball https://github.com/nixos/nixpkgs/archive/34aa254f9eb.tar.gz) { config = {}; overlays = []; };
<clever> fmsbeekmans: pkgs.fetchgit is a function for generating such derivations
<clever> fmsbeekmans: all network is disabled during normal derivations, you must use a fixed-output derivation to get network access
<clever> 513 type family BoundsOf x
<clever> these 2 things conflict i think
<clever> 515 type instance BoundsOf (a->a) = Int
<clever> 516 type instance BoundsOf (a->a->a) = (Int,Int)
<clever> yep
<clever> fails with the error i gave above
<clever> this is my current patch and nix file
<clever> Conflicting family instance declarations:
<clever> AlexRice[m]: ah, because this is where i need to hide
<clever> 54 import GHC.Base
<clever> AlexRice[m]: still fails with the same error with this
<clever> +import Prelude hiding (join)
<clever> testing that...
<clever> but we need a patch file first
<clever> add patches = [ ./foo.patch ]; with overrideCabal
<clever> yeah
<clever> AlexRice[m]: i see it, join ambiguous
<clever> failing here too, for other reasons
<clever> /nix/store/9hk3204yj7h47d4cfnlfbh0ydl9w8vfc-gnused-4.5/bin/sed: can't read conftest.c: No such file or directory
<clever> so i cant just git clone it
<clever> also, oddly, kmeans-par doesnt have source links in hackage
<clever> binary, in the cabal revision (thanks hackage :P) is the problem
<clever> AlexRice[m]: base can be delt with via jailbreak
<clever> nix-build -E 'with import <nixpkgs>{}; let mypkgs = haskell.packages.ghc844.override { overrides = super: self: { hmatrix = haskell.lib.doJailbreak (self.callHackage "hmatrix" "0.15.0.0" {}); }; }; in mypkgs.kmeans-par'
<clever> 0.14.0.0 also has the thing we want...
<clever> we need to go older!
<clever> nix-build -E 'with import <nixpkgs>{}; let mypkgs = haskell.packages.ghc822.override { overrides = super: self: { hmatrix = self.callHackage "hmatrix" "0.13.0.0" {}; }; }; in mypkgs.kmeans-par'
<clever> nope, and binary is also a bootpkg, so you cant override it
<clever> binary <0.6
<clever> but this may have the needed binary?
<clever> nix-build -E 'with import <nixpkgs>{}; let mypkgs = haskell.packages.ghc844.override { overrides = super: self: { hmatrix = haskell.lib.doJailbreak (self.callHackage "hmatrix" "0.13.0.0" {}); }; }; in mypkgs.kmeans-par'
<clever> ghc844 has base 4.11.1
<clever> AlexRice[m]: base is backed into the ghc package, and there is a special override to always ignore base overrides
<clever> 844 still fails, checking why...
<clever> AlexRice[m]: nixpkgs doesnt allow base to be overriden, stack might?
<clever> nix-build -E 'with import <nixpkgs>{}; let mypkgs = haskell.packages.ghc844.override { overrides = super: self: { hmatrix = self.callHackage "hmatrix" "0.13.0.0" {}; }; }; in mypkgs.kmeans-par'
<clever> but, i can try another ghc version...
<clever> Alling: i'm on a slightly older nixpkgs
<clever> b: hackage has a cabal revision, adding just that!
<clever> a: jailbreak cant deal with constaints inside an if
<clever> ack, double-whamy
<clever> AlexRice[m]: modified the cabal file, to delete version constraints
<clever> nix-build -E 'with import <nixpkgs>{}; let mypkgs = haskellPackages.override { overrides = super: self: { hmatrix = haskell.lib.doJailbreak (self.callHackage "hmatrix" "0.13.0.0" {}); }; }; in mypkgs.kmeans-par'
<clever> and now ive reproduced the base issue, so i just jailbreak...
<clever> ah, 0.13.0.0
<clever> but, callHackage currently fails, looking into why...
<clever> this will build everything using nix, and override the version of hmatrix as it does so
<clever> nix-build -E 'with import <nixpkgs>{}; let mypkgs = haskellPackages.override { overrides = super: self: { hmatrix = self.callHackage "hmatrix" "0.13.0" {}; }; }; in mypkgs.kmeans-par'
<clever> Alling: you may need to change the version of ghc your using, i believe stack does that via the lts release?