2018-11-24

<clever> then you have one of movit, mlt, or kdenlive, in your systemPackages
<clever> and those explain why its being built
<clever> Acou_Bass: it will also list what dependended on movit and kdenlive
<clever> Acou_Bass: does kdenlive fail?
<clever> v0|d: In addition, nixos-rebuild accepts various Nix-related flags, including --max-jobs / -j, --show-trace, --keep-failed, --keep-going and --verbose / -v. See the Nix manual for details.
<clever> v0|d: that is likely to break its ability to find <nixos-config>, -I nixpkgs=./my-nixpkgs would be better
<clever> bbarker: yeah
<clever> but that will likely bleed thru into the domains you can authorize
<clever> the only solution i can see is to chain NS records for subdomains and grant a dynamic ip control over some things
<clever> but no way to change TXT records
<clever> some of my dns hosters only have an api to change the addr behind A and AAAA
<clever> gchristensen: that sounds like a pain
<clever> so you need to give every machine an automated way to update dns records about its own domain
<clever> gchristensen: do any records involved in dns-01 have to be updated at regular intervals?
<clever> the zip setup hook already handles stuff like that for you
<clever> ah
<clever> i heard it took 12 hours to copy it from the build slave, to hydra, and back to another slave
<clever> also, at one time, chromium had a seperate derivation to unpack
<clever> and a lot of automation breaks
<clever> so if you force everybody to unpack, you loose the hashes upstream provides
<clever> and things like the hackage db and yarn, store hashes of .tar.gz files
<clever> infinisil: note, that fetchurl takes the hash of the .tar.gz, but fetchzip and fetchFromGitHub take the hash of the nar

2018-11-23

<clever> sphalerite: i would have done the same with all software, prior to discovering nix :P
<clever> its mostly in response to infinisil
<clever> dramforever: ah, that does sound like a much better fix
<clever> but if you define the outputHash, nix understands that the output is mostly unrelated to the input, and can reuse the product
<clever> dramforever: if its not fixed, nixos will rebuild it for every update, and potentially leave you with 5 copies, each 2.2gig in size
<clever> dramforever: that would at least stop it from rebuilding every time nixpkgs updates, and let arches share the product
<clever> one can build, but can use
<clever> dramforever: that has the benefit, that darwin and linux can share the output from the binary cache
<clever> dramforever: one font, is just an unzip'ing derivation, but its been flagged as fixed-output
<clever> dramforever: even if you just split it in half, and buildEnv the 2 halves back together, it would have no functional difference, but hydra would be tricked into accepting its size
<clever> booglewoogle: its in-use by 3 programs that are currently running, and the boot generation, you will need to reboot to remove those roots
<clever> booglewoogle: now `nix-store --query --roots /nix/store/foo`
<clever> dramforever: then you can get a subset of the sarasa-gothic fonts, and not pay the whole 2.2gig
<clever> booglewoogle: first, try just `nix-store --delete /nix/store/foo` and see what it says
<clever> booglewoogle: it would be better to find out why force is needed, ive broken a machine with --force before
<clever> or if that whole 2.2gig is just from a zip, modify the unzip'ing derivation to filter
<clever> dramforever: maybe groupings, or a special derivation that filters it to a subset, so it only needs the 2.2gig at compile time, and then you can GC it
<clever> ldlework: what do you see when you view www.youtube.com/html5 ?
<clever> ldlework: youtube uses html5 now
<clever> ah, i dont have that one
<clever> the above command is limited to a single generation
<clever> noto-fonts is around 20th place at 117mb
<clever> in my case, mono is #1 at 577mb, and linux firmware is #2 at 532mb
<clever> dramforever: du -hc --max=0 $(nix-store -qR /run/current-system) | sort -h
<clever> dmj`: now run coredumpctl as root, you should see a coredump has been saved
<clever> dmj`: systemd.coredump = { enable = true; };, nixos-rebuild, and then reproduce the fault
<clever> dmj`: linux or darwin?
<clever> i suspect nim is not correctly populating the rpath when building things
<clever> ldlework: SDL isnt part of the opengl-drivers, so it must be in the rpath
<clever> v0|d: like above
<clever> > (import <nixpkgs> { system = "x86_64-linux"; }).pkgsCross.armv7l-hf-multiplatform.hello

2018-11-22

<clever> bbl
<clever> you need an x86 python, that can generate arm pyc files
<clever> v0|d: but if your cross-compiling, then things get a bit more complex
<clever> v0|d: i think the limitation, is that pkg-config is typically used for target packages, so python would belong in buildInputs
<clever> v0|d: what happens if you move python3 to the buildInputs?
<clever> looks like a yes
<clever> ,locate python3.pc
<clever> v0|d: does the python3 derivation contain a python3.pc?
<clever> or fetchFromGithub
<clever> let foo = fetchurl { ... }; in stdenv.mkDerivation { ... prePatch = "cp ${foo} ./bar"; };
<clever> boomshroom: use more pkgs.fetchurl's and copy them somewhere
<clever> boomshroom: you can switch back to nix-instantiate or nix eval, once you know the expr of interest
<clever> boomshroom: a:, its `:r`, b:, it doesnt work
<clever> loads fine here
<clever> ixxie: toxvpn, somebody else filed a PR to put it into nixpkgs
<clever> wouldnt be the first time somebody has packaged something i made and put it on nixpkgs
<clever> lol :D
<clever> so you want doInstallCheckPhase = false;
<clever> ixxie: i think python packages use the installCheckPhase, not the checkPhase
<clever> ixxie: does something else depend on the non-overriden version? you may need an overlay to force every other package to obey
<clever> so a tar could be fetched from a website and just used
<clever> using /ssh_pubkey at runtime lets you change the keys without making a new tar
<clever> your choice
<clever> that path, on the debian rescue image
<clever> i need to add a default.nix that you can just nix-build
<clever> Baughn: which lets you then scp a tar to a non-nix machine, and unpack it to /
<clever> Baughn: it generates the /kexec_nixos bash script, and a tarball containing that script and its closure
<clever> and omited the most important line :P
<clever> ive also seen it cut a haskell error off at the ^^^^^^
<clever> Baughn: the new command is in the 1st line of configuration.nix
<clever> lol
<clever> i think thats just nix
<clever> and its designed for use on remote machines
<clever> Baughn: you build the tarball on a local machine, scp it to the rescue image, unpack it to / and run /kexec_nixos
<clever> Baughn: my kexec process is designed for exactly that
<clever> Baughn: kexec is trivial, and i have instructions
<clever> that chroot stuff looks too fussy and complex
<clever> Baughn: it sounds like you really want kexec
<clever> nixos-init?
<clever> Baughn: what params where given to clone?, was it ran as "root"? is it just a chroot or a namespace?
<clever> or use an overlay
<clever> ixxie: systemPackages = [ (hdbscan.overrideAttrs (old: { doCheck = false; })) ];
<clever> turion: if you dont want swap, the lvm can be ignored
<clever> turion: thats mainly there so i can have swap in the same luks volume
<clever> and running that will wipe the disk and install nixos
<clever> its just a nixos module, that adds a `justdoit` script to the systemPackages
<clever> turion: zfs has a lot of benefits over ext4, like compression, dedup, snapshots and zfs send
<clever> turion: so i use zfs ontop of luks
<clever> turion: i use zfs on all of my machines, but i still consider the zfs encryption experimental
<clever> it would likely be simpler to just format the disk, make a normal luks volume, with a normal ext4 in it, and then rsync the data into it
<clever> ottidmes: then have the files conditionally enable themselves with mkIf, based on config values
<clever> ottidmes: you would need to use builtins.readDir, and imports every single one
<clever> azazel: then you can mkIf the entire config block, and then having "useless" things in imports has no impact
<clever> azazel: another option is to make the modules define options and config
<clever> usually just `export PATH=$HOME/.nix-profile/bin:$PATH`
<clever> its a single line change
<clever> _d0t: on the machine "host"
<clever> _d0t: PATH isnt being set right for non-interactive shels, youll need to fix your .bashrc and .bash_profile first
<clever> _d0t: if you `ssh user@host nix-store --version` does it work?
<clever> azazel: i have unique starting points like laptop.nix and desktop.nix, which then list a subset of my modules in imports
<clever> azazel: oops, yeah
<clever> _d0t: you can also configure one machine to be a binary cache via ssh
<clever> _d0t: i think you can do that via `nix-copy-closure $(ls /nix/store/*), but `nix copy --all` would be simpler
<clever> ajs124: the imports tree cant depend on the config tree, that causes infinte recursion
<clever> _d0t: nix-copy-closure and `nix copy`
<clever> ajs124: zfs decryption is at postdevice, console keymap is at prelvm
<clever> ajs124: aha
<clever> CMCDragonkai: and also line 1270
<clever> then group wont matter as much
<clever> CMCDragonkai: and also giving the nixbld group access to it
<clever> not all build machines have gpu devices
<clever> CMCDragonkai: disable testing
<clever> CMCDragonkai: if you set checkPhase, then you loose the pre/post hooks
<clever> timclassic: if you grab that example, and switch it to screen 1, what happens?
<clever> timclassic: i dont know how you would remap fb0 to a different interface, but i noticed in the example app i linked, that you open screen 0 to get a handle to the hdmi/composite
<clever> timclassic: so when you write to /dev/fb0 on linux, its writing to an image resource, that dispmanx then stretches and renders out the hdmi
<clever> timclassic: and the rpi firmware will statically allocate a 2d "image" that is on the hdmi output, and pass the phys address of that "image" to linux, claiming its a framebuffer
<clever> timclassic: the rpi uses dispmanx as the 2d compositor for all video outputs
<clever> CMCDragonkai: not really, you would need to make an override that sets doCheck = false;
<clever> anoyingly, darwin doesnt have realpath, but the nixpkgs coreutils does build on darwin
<clever> CMCDragonkai: lines 7-11, thats call `realpath`, heh
<clever> CMCDragonkai: what path is the script your running at?
<clever> CMCDragonkai: its got nothing to do with the checkPhase, its entirely to do with #!'s that point to things that dont exist
<clever> slack1256: i think the contents of the file are standard across all linux distros, ive also found that haskell programs dont even know what tcp is, if the file is missing
<clever> are you just putting raw bash into the checkPhase, or are you running a script that has #!/usr/bin/env at the top?
<clever> checkPhase would likely work fine
<clever> any time before the script is ran
<clever> CMCDragonkai: /usr/bin/env isnt present in the nix sandboxes, you need to run patchShebangs on the script first
<clever> and if it cant be patched, libredirect
<clever> WhittlesJr: ah, i would just patch whatever is expecting those paths to look elsewhere
<clever> WhittlesJr: what service is it?, what is the path?
<clever> but you can use things like libredirect to remap it
<clever> nothing automated
<clever> there are also pre-existing tmpfs's you can use
<clever> tmpfs on /run type tmpfs (rw,nosuid,nodev,size=8208660k,mode=755)
<clever> and remade every time the service is started
<clever> then they are lost at shutdown
<clever> WhittlesJr: you could modify it to put the symlinks onto a tmpfs
<clever> timclassic: how much do you know about dispmanx?
<clever> we hadnt found the fix yet
<clever> delroth: heh, me and colemickens where just debugging that in #nixos-dev
<clever> seems to work equally well on strings and paths
<clever> > ./.
<clever> > builtins.dirOf ./.
<clever> many programs disable automatic module loading when ran as root
<clever> alex_giusi_tiri: thats what sudo is for
<clever> alex_giusi_tiri: by tweaking some of the pulseaudio security flags, probably
<clever> try as a non-root user
<clever> and pulse doesnt like running as root, for security reasons
<clever> /etc/asound.conf remaps the default device to a fake alsa "driver" that just connects to the pulseaudio daemon
<clever> /etc/asound.conf is how it did so
<clever> alex_giusi_tiri: `alsamixer -c 0` forces it to not use the pulse device
<clever> alex_giusi_tiri: pulseaudio inserts a dummy alsa driver into the default config
<clever> alex_giusi_tiri: ssh or x11?

2018-11-21

<clever> > lib.concatMapStringsSep "," (x: toString x) [ 1 2 3 4 ]
<clever> > lib.concatMapStringsSep (x: toString x) "," [ 1 2 3 4 ]
<clever> > concatMapStringsSep (x: toString x) "," [ 1 2 3 4 ]
<clever> asymmetric: not sure then
<clever> asymmetric: anything involving replace-dependencies?
<clever> asymmetric: do you have any overrides in config.nix?
<clever> romildo: sounds like a normal fetchurl call
<clever> nikivi: it looks like pyside might be broken, but you wanted autoped, not pyside
<clever> nikivi: try adding the bin dir for that to PATH, at the start, when running vscode
<clever> you can also just `nix-build -E '(import <nixpkgs> { config = {}; }).python.withPackages (p: [p.pyside p.pysideTools p.twisted])'`, but then your more likely to loose the magic incantation
<clever> and i just run nix-build to build it
<clever> the above came from a `default.nix` file i have in a random dir
<clever> yes
<clever> yes
<clever> and what if another package wants a conflicting version of autoped?
<clever> the PYTHONPATH may not include wherever you happened to install it
<clever> the above creates a custom python, that can use pyside, pysideTools, and twisted
<clever> yeah
<clever> its a function, that takes a list of python packages, and returns a python that can use those packages
<clever> for example, (import <nixpkgs> { config = {}; }).python.withPackages (p: [p.pyside p.pysideTools p.twisted])
<clever> yes
<clever> nikivi: you likely need to use python.withPackages
<clever> but on nixos, it uses the TMPDIR of the nix-daemon proc, which is /tmp/
<clever> and TMPDIR defaults to that
<clever> then its not /run/user to blame
<clever> chrisaw: nixos or other?
<clever> haslersn: grub.device is only ever used for legacy booting, if your on efi, then you want grub.device = "nodev";
<clever> jhillyerd: i would use $out/etc/X11/myprog
<clever> delroth: it would be able to run crypto commands, as your user, before returning a path back to nix
<clever> delroth: https://gist.github.com/cleverca22/590cbb3e6b0ad1959e720d73c36e1e95 could be of interest to you
<clever> delroth: $out can be either a file, directory, or even a symlink, for most derivations
<clever> you may have forgotten to mkdir $out
<clever> nix-instantiate is also in read-only mode, so it cant do IFD by default
<clever> let foo = runCommand "name" {} "sha256 ${./input} > $out"; in builtins.readFile foo
<clever> delroth: 2 options, plan a: import from derivation
<clever> delroth: one min
<clever> > builtins.hashString "sha512" "foo"
<clever> exarkun22: there is a recent kernel flag to stop /dev/mem from having free reign over all ram, you would need to build the kernel without it
<clever> Unode: check dmesg?
<clever> Unode: does a file with the name unprivileged_userns_clone exist in /proc?, is the contents "1" ?
<clever> Unode: one sec
<clever> Unode: --no-check-sigs do not require that paths are signed by trusted keys
<clever> so its trying to mount ./-u to /nix, lol
<clever> the original assumes the 1st arg is the location of the store
<clever> Unode: and are you using the version i linked above, from nix-bundle? i changed its arg parsing a good deal
<clever> Unode: try -n rather then -u
<clever> Unode: what is the exact command you ran?
<clever> Unode: what error did it give?
<clever> Unode: haskell programs assume /etc/protocols defines what tcp and udp are, and fail hard if the file is missing
<clever> Unode: `-m /home:/home -m /etc:/host-etc -m etc:/etc` and then pre-populate a ./etc dir, and your inner script can deal with merging the 2 etc's
<clever> and some haskell programs wont even know what tcp is, if /etc/protocols is missing
<clever> but if the host is nixos, then then host /etc/protocols is a symlink into the wrong store, and doesnt exist
<clever> you need the host /etc/resolv.conf to have working dns
<clever> the only problems that remain afterwards, are conflicts in /etc
<clever> its all relative to the working dir, not /
<clever> Unode: thats what the patchelf i just linked is solving
<clever> so you can run a dynamic elf with the "wrong" root, as long as you cd to the root dir first
<clever> so it will look in ./nix/store/foo-glibc/lib/ and so on
<clever> Unode: that override prefixes the interpreter and rpath with a .
<clever> ls isnt in PATH, but thats easy to deal with
<clever> Unode: done, i now have a shell with $HOME/nix at /nix
<clever> bash-4.4$
<clever> [clever@system76:~]$ nix/store/4xbn31l2fr95vp9z7g7ayxzy19ywcpnd-nix-user-chroot-2c52b5f/bin/nix-user-chroot -n /home/clever/nix /nix/store/5igbdc1czdss7341r360648n14pkpp5r-bash-interactive-4.4-p23/bin/bash
<clever> [clever@system76:~]$ nix copy --to local?root=/home/clever/ /nix/store/5igbdc1czdss7341r360648n14pkpp5r-bash-interactive-4.4-p23
<clever> [clever@system76:~]$ nix copy --to local?root=/home/clever /nix/store/4xbn31l2fr95vp9z7g7ayxzy19ywcpnd-nix-user-chroot-2c52b5f
<clever> Unode: youll need a c program (like nix-user-chroot) to bypass that
<clever> Unode: so it wont work, even when i use unshare to get permission!
<clever> Unode: the mount binary wont let me --bind or -o if getuid() != 0
<clever> thekolb_: add the lib dir to LD_LIBRARY_PATH
<clever> Unode: lol, the mount util is being too smart
<clever> Unode: ive mostly done it with the c level api, let me double-check the bash one...

2018-11-20

<clever> and only mount --bind will work
<clever> Unode: if you lack root, you must unshare both the user and mount namespaces
<clever> dlopen wont be detected by ldd
<clever> thekolb_: are you sure its not just normal dlopen()?
<clever> thekolb_: try just setting a custom buildPhase or postBuild, that will sha256 the binary
<clever> lfish: once youve upgraded, youll want to `nix-env -e nix`, since having nix installed like that can cause problems
<clever> thekolb_: and then after nix-build breaks it, print the rpath again, has it changed?
<clever> thekolb_: at the end of the buildPhase, try patchelf --print-rpath
<clever> yeah
<clever> depends on if its `strip` or `--shrink-rpath` that is causing the breakage
<clever> thekolb_: one sec
<clever> yeah
<clever> doit.sh assumes you will just be copying the files to the right path on the target machine
<clever> you just need something like nix-user-chroot from the nix-bundle package
<clever> there are examples of that in the top part of the gist
<clever> yeah
<clever> that lets you build somethign like your /share/nix, using nix, on a normal machine
<clever> Unode: did you see the doit.sh i gave a few days ago?
<clever> Unode: nix-daemon will remount it r/w when starting a build, if nix-daemon was running as root
<clever> mount /share/nix/store /share/nix/store --bind -o ro
<clever> mount the nix store read-only?
<clever> Unode: the nfs server dynamicaly generates some .nfs files in random dirs, and those break the hash
<clever> Unode: nfs?
<clever> the hash in $out, for a non-fixed derivation, is the hash of the attrs passed to mkDerivation
<clever> Unode: yeah
<clever> so there is no way for the builder to then modify it in race conditions
<clever> Unode: it hashes $out after the builder process has exited
<clever> Unode: nix-store --dump /nix/store/foo > foo.nar
<clever> Unode: it is just the hash of the NAR for that path
<clever> t
<clever> i prefer gist because it shows diffs and i can fork things and edi
<clever> Unode: havent looked at that yet
<clever> lfish: under a `sudo -i`
<clever> lfish: oh, PATH=/nix/store/cdcia67siabmj6li7vyffgv2cry86fq8-nix-2.1.3/bin:$PATH _NIXOS_REBUILD_REEXEC=1 nixos-rebuild boot --fast
<clever> lfish: try `sudo -i` then `_NIXOS_REBUILD_REEXEC=1 nixos-rebuild boot --fast`
<clever> lfish: let me double-check the source
<clever> lfish: --fast turns on --show-trace automatically
<clever> ryantm: oh, but you likely also need nix-daemon running as root, for sandboxing to even work
<clever> ryantm: yeah, that should work
<clever> ryantm: $NIX_CONF_DIR is how you would change where nix.conf lives
<clever> ryantm: there is also just `--option sandbox true` i believe
<clever> lfish: try `sudo nixos-rebuild boot --fast`
<clever> lfish: that means you installed nix2 with nix-env, which generally causes problems, but it can also help in this case
<clever> ryantm: but if your not using nix-daemon, you can set an env var to change the path of nix.conf
<clever> ryantm: if you are using nix-daemon, then there is no env var to effect it
<clever> ryantm: are you using nix-daemon?
<clever> lfish: that is not the output of `type nix`
<clever> lfish: type nix
<clever> lfish: what is the full output of nixos-rebuild?
<clever> lfish: if you `unset NIX_REMOTE`, it wont connect to the nix-daemon
<clever> configuration.nix*