2018-10-26
10:22
<
clever >
i was mounting fuse fs's inside a nix-build, and if i didnt umount at the end, nix would fail to remove the /tmp/nix-build-foo-0/
10:21
<
clever >
but the rm -rf at the end, cant deal with mountpoins
10:21
<
clever >
if the sandbox is off, i can run fusermount to use fuse inside a normal build
10:21
<
clever >
ive also found that nix doesnt understand mount points when cleaning up $NIX_BUILD_TOP
10:20
<
clever >
it can probablyy leak procs when they double-fork
10:19
<
clever >
Lisanna: nope, in a single-user i'm not sure how the cleanup is handled
10:19
<
clever >
Lisanna: yeah
10:15
<
clever >
i believe it will do such cleanup both at the start (before the build begins) and at the end (after the initial proc returns)
10:14
<
clever >
because nix picked their uid, and then killed the entire session
10:14
<
clever >
upon starting any nix command, they where dropped to a login screen
10:14
<
clever >
in the past, i have seen users add themselves to the nixbld group
10:13
<
clever >
under normal conditions, that would be when genericBuild from setup.sh returns
10:13
<
clever >
Lisanna: when the main proc nix started returns, i believe nix will murderize everything else in the uid
10:08
<
clever >
pie_: yeah, systemctl wont work at all in the chroot
10:07
<
clever >
sphalerite: oh, that may work as well!
10:06
<
clever >
symphorien: sudo and su will work if the sandbox is off
10:06
<
clever >
Lisanna: nix cleans up all children by uid, so it kills everything in the nixbld1 user
09:52
<
clever >
pie_: that can also work
09:52
<
clever >
pie_: that has been replaced by nixos-enter
09:50
<
clever >
cinimod: you want, packages = haskellPackages: with haskellPackages; [ lens ];
09:50
<
clever >
then it should just work
09:49
<
clever >
pie_: is it being ran as root?
09:43
<
clever >
cinimod: line 3, the with statemement is missing a ;
09:35
<
clever >
unset all of them!
09:34
<
clever >
pie_: TMP is likely the only one you need to unset
09:34
<
clever >
pie_: unset both and it should fall back to normal /tmp
09:32
<
clever >
pie_: `env | grep run/user` and unser any vars pointing there
09:26
<
clever >
pie_: try just nixos-enter and nixos-rebuild boot
09:20
<
clever >
kreetx: unstable is always master, and master is now using 19.03 internally, so its clearly not 18.09
09:19
<
clever >
kreetx: it also goes into the channels nixos-unstable, nixpkgs-unstable, and the -small variants of both
09:18
<
clever >
kreetx: thats based on master
2018-10-25
16:44
<
clever >
exarkun1: part of the reason is that its slow, and it has to hash that whole dir tree every time you run the nix code
16:43
<
clever >
haslersn: i use gpg-agent, and it remembers what you `ssh-add` across sessions
16:41
<
clever >
exarkun1: that happens any time something like src = ./.; imports 256mb
16:40
<
clever >
haitlah: lrwxrwxrwx 1 clever users 45 Oct 29 2017 .nix-profile -> /nix/var/nix/profiles/per-user/clever/profile
16:35
<
clever >
lrwxrwxrwx 1 clever users 45 Oct 29 2017 .nix-profile -> /nix/var/nix/profiles/per-user/clever/profile
16:29
<
clever >
haitlah: you may want to re-aim .nix-profile to the version for your user, like my above ls output
16:28
<
clever >
haitlah: ~/.nix-profile points to the default profile, so you would need root to install things to that profile
16:25
<
clever >
lrwxrwxrwx 1 clever users 45 Oct 29 2017 .nix-profile -> /nix/var/nix/profiles/per-user/clever/profile
16:24
<
clever >
as long as .nix-profile is a symlink pointing to the right area
16:24
<
clever >
if it doesnt exist, it will be auto-created
16:24
<
clever >
haitlah: thats usually handled by something like nix.sh
16:20
<
clever >
haitlah: yeah
15:51
<
clever >
jophish: it doesnt clearly say that, but i think it can be infered by the lack of .interp
15:45
<
clever >
not sure then
15:43
<
clever >
jophish: what about readelf?
15:31
<
clever >
jophish: sounds more like they are static ELF's and dont need patchelf
15:21
<
clever >
jophish: ah
15:19
<
clever >
,locate libjvm.so
15:19
<
clever >
jophish: and you cant just use a libjvm thats in nixpkgs?
15:16
<
clever >
jophish: what does file report about the binary?
15:15
<
clever >
jophish: should be just a matter of patchelf --set-rpath
15:13
<
clever >
dtz: it looks like builtin:fetchurl is unxz'ing when it shouldnt!
15:13
<
clever >
and all processes from the previous ones are gone
15:13
<
clever >
haitlah: i think docker is spinning up a new container for each RUN in your docker file
15:09
<
clever >
haitlah: are you able to check the pstree and confirm/deny if nix-daemon is actually running?
15:08
<
clever >
haitlah: what happens if you did `RUN nix-daemon &` ?
15:06
<
clever >
without nix-daemon, only users that have +w to /nix can use nix commands
15:05
<
clever >
haitlah: nix-daemon has to be ran in the background, since its a service
15:04
<
clever >
haitlah: is nix-daemon setup and running in the docker image, as "root" ?
15:03
<
clever >
haitlah: is this nixos or another distro?
11:59
<
clever >
i do agree that both python and haskell accepting a self: super: function is sorta useless when you can only give one
11:59
<
clever >
betaboon: you would need to compose the overlays together yourself, into a single self: super: function
11:57
<
clever >
and i dont think python is using newScope, so overrideScope/extends arent available
11:57
<
clever >
betaboon: the problem currently is more that .override makes it such that only one packageOverrides param works
11:54
<
clever >
betaboon: when you call .override on python3, it overwrites any previous args you set with .override
10:43
<
clever >
i think you can
10:42
<
clever >
and see if that effects it
10:42
<
clever >
ocharles: try adjusting `--option evaluator_max_heap_size $((1024*1024*1024))` maybe, when you run hydra-eval-jobs locally
10:41
<
clever >
yeah, thats a lot of things
10:40
<
clever >
ok, so that will have a ghc, and all kinds of tools
10:35
<
clever >
ocharles: looks like your just making an aggregate over every buildInput in shell.nix, can that be added to the gist?
10:30
<
clever >
ah, and shell is another aggragate
10:30
<
clever >
but for even shell to cause it to trigger again, and to be so slow
10:29
<
clever >
but that means it has to re-run the nix gitHubStatus just ran, because it covers everything
10:29
<
clever >
it throws out the nix heap to make things run "faster"
10:29
<
clever >
the restarting on line 50 could be part of whats making it slower
10:28
<
clever >
to speeding up shell will also speed up gitHubStatus
10:28
<
clever >
ocharles: ocharles oh, i notice shell is part of gitHubStatus
10:25
<
clever >
ocharles: can you reproduce the issue with nix-instantiate?
10:25
<
clever >
ocharles: is the nix code public?
10:23
<
clever >
ocharles: oh, githubstatus is a constituents job, that would explain some of it
10:22
<
clever >
ocharles: after you confirm the issue with nix-instantiate, you can use the above to profile it
10:22
<
clever >
,profiling
10:21
<
clever >
ocharles: yep
10:21
<
clever >
ocharles: line 50 is also interesting, gitHubStatus blew the heap up, and it restarted itself to shrink things
10:21
<
clever >
ocharles: and can you confirm that with `nix-instantiate release.nix -A gitHubStatus` ?
10:20
<
clever >
srhb: if localhost is setup as a build slave, it can sometimes cause such lockups
10:20
<
clever >
Lisanna: builtins.fetchTarball is probably better
10:18
<
clever >
ocharles: if you manually run this on your release.nix, can you reproduce the slowness?
07:09
<
clever >
grub and linux will search all drives, and ignore the order
07:08
<
clever >
then you can scramble the uuid of the old disk
07:08
<
clever >
pie_: there should also be utils to regenerate the uuid on ext4, google around for that
07:08
<
clever >
pie_: i dont think the recovery has grub configured, so it shouldnt write to any MBR's
06:56
<
clever >
so you start at a root specific to that machine, and it works its way up the tree to core.nix
06:56
<
clever >
and then core.nix is the common things
06:56
<
clever >
Lears: so machine1.nix defines stuff unique to that machine, and has imports = [ ./core.nix ];
06:55
<
clever >
Lears: i make a reverse tree out of my configs
06:44
<
clever >
Lears: not sure what the cause is, i would just break both the hostname and the xorg settings into their own file, and add them to imports
06:33
<
clever >
and includes the install-disk profile
06:33
<
clever >
its essentially just another way to boot the install ISO
06:32
<
clever >
and the rescue system runs entirely from ram, so all changes to it are lost at shutdown
06:32
<
clever >
it has its own nix store
06:30
<
clever >
probably a quirk of how install-grub.pl works
06:27
<
clever >
did you add the extra ( and ) around @bootRoot@ ?
06:25
<
clever >
to load the stdout into the local clipbpard
06:25
<
clever >
or, `ssh box1 'cat /boot/grub.cfg' | xclip -something`
06:24
<
clever >
you probably want screen, ctrl+[, ctrl+] and then paste it into ssh
06:24
<
clever >
pie_: the x in xclip stands for x11 :P
06:23
<
clever >
pie_: ssh box1 'DISPLAY=:0 xclip -something'
06:21
<
clever >
pie_: the xclip util can print the clipboard to stdout
06:20
<
clever >
hyper_ch2: pkgs.substituteAll
06:19
<
clever >
pie_: can you pastebin the entire grub.cfg ?
06:17
<
clever >
pie_: thats msdos partition type, partition 1
06:17
<
clever >
Lears: skipping thru that, i can see the following nixos options, system.build, boot.loader.systemd-boot.enable, networking.hostName, nixpkgs.config, services.xserver.videoDrivers,
06:13
<
clever >
@bootRoot@ actually, try fixing my nix file and doing another rebuild
06:13
<
clever >
i believe nixos will replace that with the right grub variable, for your setup
06:13
<
clever >
pie_: i recently discovered @bootroot@, and have been meaning to test it on the rescue ssytem
06:12
<
clever >
is /boot on its own partition?
06:12
<
clever >
oh, it also depends on how your /boot is setup
06:12
<
clever >
it will be set by grub.cfg
06:12
<
clever >
its a grub variable
06:11
<
clever >
oh, and rescue_boot needs a decent chunk of your /boot
06:08
<
clever >
so you can do module = { pkgs, config, ... }: { ... };
06:08
<
clever >
pie_: yeah, module is just the contents of configuration.nix
06:08
<
clever >
nix somehow disables the progress meter
06:08
<
clever >
yeah, that step is always slow
06:03
<
clever >
Lears: can you pastebin the backtrace when its ran with --show-trace ?
05:58
<
clever >
pie_: i was expecting systemd to resist more :P
05:58
<
clever >
i dont think systemd actually has any such files
05:57
<
clever >
pie_: just systemctl stop every service that has files open write
05:55
<
clever >
pie_: surprisingly few things, chrome, docker, nscd, it might still be possible
05:54
<
clever >
pie_: this lists most of the things keeping files open for writing
05:54
<
clever >
[root@system76:~]# ls -l /proc/*/fd/* | grep lrw | egrep -v 'shm|socket|inode|dev'
05:52
<
clever >
it likely helped that this was in the rc.d days
05:52
<
clever >
under a day :P
05:52
<
clever >
its fairly simple, just check `lsof -a` to see what has files open read/write, and stop it
05:51
<
clever >
then i just booted every service back up when i was done
05:51
<
clever >
i just did 99% of a shutdown, by hand
05:51
<
clever >
and then remounted root read-only
05:50
<
clever >
so you just have to prevent any shutdown type scripts from trying to shutdown NAT
05:50
<
clever >
but thats a purely in-kernel job
05:50
<
clever >
so it still had to perform NAT
05:50
<
clever >
pie_: in my case, it was on a router
05:46
<
clever >
without causing any outage of its services, lol
05:45
<
clever >
also, in the pre-systemd days, on linuxfromscratch, i have forced a machine back into single-user mode, and mounted the rootfs read-only, and imaged it
05:45
<
clever >
just add ./rescue_boot.nix to your imports section, rebuild switch, and your done
05:44
<
clever >
pie_: this is the exact kind of situation that led to me writing rescue_boot.nix above :P
05:44
<
clever >
by reading the fsinfo file
05:44
<
clever >
line 450 of stage-1 is where it mounts all boot filesystems
05:43
<
clever >
systemd gets upset if / isnt in the fstab :P
05:43
<
clever >
how can it read fstab?
05:43
<
clever >
stage-1 is responsible for mounting the rootfs
05:43
<
clever >
fstab is on the rootfs
05:42
<
clever >
that script is responsible for mounting / and running stage-2, in the same dir
05:42
<
clever >
pie_: for nixos, this script is baked into the initrd at /init, and the kernel will run that as pid 1 at bootup
05:41
<
clever >
nixos overwrites fstab on bootup, and fstab doesnt effect stage-1
05:39
<
clever >
debuging boot problems
05:38
<
clever >
causing stage-1 to ask you if you want a shell
05:38
<
clever >
it allows getting a shell in the initrd, and then triggers a false error just before mounting things
05:37
<
clever >
it will "fail" fairly early in the initrd, and just not mount the rootfs
05:37
<
clever >
pie_: just shove boot.debug1devices into the kernel cmdline
05:36
<
clever >
pie_: oh, i just read what you wanted in that other channel, one sec
05:35
<
clever >
since booting is what creates /bin/sh
05:35
<
clever >
that assumes you have booted at least once
05:35
<
clever >
when stage-1 claims it doesnt exist, just tell it to continue anyways
05:35
<
clever >
pie_: if you boot with init=/bin/sh in grub, you can get a "rescue" mode
05:34
<
clever >
aleph-: then it might not be a firewall issue
05:34
<
clever >
pie_: i dont know of any distro that lets you umount / entirely, and it would have to be a pivot_root, not umount
05:33
<
clever >
aleph-: you could also turn the firewall off for a moment, fire it up, then open the ports it was using
05:33
<
clever >
aleph-: i just open up netstat and tcpdump to see what ports its using, and then open those
05:32
<
clever >
pie_: it sounds like you want my rescue boot
2018-10-24
23:53
<
clever >
i just use lastpass
23:39
<
clever >
pie_: nix-env -q does exactly what you want
23:12
<
clever >
Arahael: the above, would set the option when the module is loaded via modprobe
23:12
<
clever >
Arahael: boot.extraModprobeConfig = "option i915 alpha_support=1";
23:11
<
clever >
you can also use modprobe.d.conf
23:11
<
clever >
that just puts it right into grub.cfg, so its identical to editing grub, but automated
23:11
<
clever >
Arahael: that will put the same thing into grub.cfg for you
23:10
<
clever >
Arahael: boot.kernelParams = [ "i915.alpha_support=1" ];
23:08
<
clever >
Arahael: what did you change in grub to change the driver?
23:05
<
clever >
what does hashicorp do?
23:03
<
clever >
i made the same mistake and missed that commit when taking over this yarn2nix code
22:57
<
clever >
try the fork in the above file, to see if that is the issue
22:56
<
clever >
arianvp: are you using the fork of yarn2nix from the above nix file?
22:56
<
clever >
arianvp: is it the same version as in the daedalus yarn.lock file?
22:53
<
clever >
then your in luck, the above has a lot of sass!
22:52
<
clever >
arianvp: ive got a yarn based project that includes some native css thing
22:38
<
clever >
Arahael: boot.kernelParams ?
2018-10-23
16:31
<
clever >
so when you set something like buildInputs = [ foo bar ];, you can just `echo $buildInputs` in the shell to see it
16:30
<
clever >
ashkitten: every attribute in the derivation becomes an env var
14:18
<
clever >
Taneb: i dont think that page has ever allowed you to edit the slaves
13:34
<
clever >
thats what i try to do as well
13:33
<
clever >
so you need to use the right -A for the current dir, and default.nix
13:32
<
clever >
but the default.nix and using -A pkg.env gives you the nix built deps, and lets you build just 1 package
13:32
<
clever >
the shell.nix sets things up to do the entire build with stack
13:32
<
clever >
TweyIV: also, one of the main projects i work on has a "broken" shell.nix so it wouldnt really work
13:25
<
clever >
could even be pushd . i think
13:25
<
clever >
TweyIV: a single pushd at the start to save the current one
13:24
<
clever >
TweyIV: you probably want pushd and popd, rather then cd $start
13:18
<
clever >
ramses_: nix-store --query --roots /nix/store/g5dlpwd44kd75i71nwzii8w4bp4inxwk-findutils-4.6.0/bin/find
02:55
<
clever >
and .text if you just want the value in nix
02:55
<
clever >
you can do etc.environment."nix/foo.conf".source to do subdirs
02:55
<
clever >
drakonis: it will create /etc/<filename> as a symlink to a /nix/store/ entry, which may be a copy of the file pointed to by source
02:07
<
clever >
i think its in the cabal file, so it can apply to executables but not libs
02:06
<
clever >
elvishjerricco: thats how the cardano stuff is using gold
02:02
<
clever >
but yeah, they do need better documentation
02:02
<
clever >
once you read the source for nix-env and nix-channel, channels are a lot more understandable
01:54
<
clever >
pbogdan: you can also `with import ./. {};` and ignore `-I nixpkgs=.`
00:43
<
clever >
the QT stuff in nixpkgs for example, creates state in the current dir, that breaks a 2nd nix-shell run
00:42
<
clever >
it makes it very difficult to open 2 shells to the same package
00:41
<
clever >
i think it is
00:38
<
clever >
suzu: you could maybe use `trap EXIT` in bash, from the shellHook
00:35
<
clever >
thats where you can find the gitk binary
00:35
<
clever >
> pkgs.gitAndTools.gitFull
00:35
<
clever >
oldandwise: gitk can also help to visualize what is happening
00:28
<
clever >
oldandwise: you can use `git reset --hard remotes/origin/master` to forcibly set the current branch to the upstream master, and skip the merge mess (and drop any changes you have locally)
00:28
<
clever >
oldandwise: the trick is to never make commits on master or release, only ever make commits on your own branches
00:14
<
clever >
this one uses --serve
00:14
<
clever >
oh, ssh.cc is the backend of ssh-store.cc, lol
00:13
<
clever >
ah, line 54 makes more ssh sessions
00:12
<
clever >
which i'm guessing is just the unix socket it used locally, but over ssh
00:11
<
clever >
ssh-ng appears to use nix-daemon --stdio
00:09
<
clever >
so the user can wind up with a serve protocol on their shell
00:09
<
clever >
elvishjerricco: it forces it to run the specified command, and ignores the command the client requested
00:05
<
clever >
elvishjerricco: one sec
2018-10-22
23:55
<
clever >
pbogdan: nix-instantiate and nix-store --query --tree
22:24
<
clever >
infinisil: that will also hep
22:23
<
clever >
to the source!
22:23
<
clever >
thats an odd one
22:22
<
clever >
infinisil: can you gist the whole grub.cfg?
22:22
<
clever >
infinisil: what was the error?
22:09
<
clever >
infinisil: shouldnt need anything special if you have a normal /boot partition, just add the path to that to your imports and rebuild switch
19:11
<
clever >
,locate json-diff
18:33
<
clever >
ocharles: when hydra internally runs nix-prefetch-git, it doesnt really escape anything, so you can directly put --fetch-submodules into the URL field of a build input, and it will fetch them
18:30
<
clever >
ocharles:
*looks*
02:59
<
clever >
i had to duplicate a lot of it to make a zfs based ami
02:58
<
clever >
ah yeah, it does a lot, may be simpler to keep that small override, then to copy what you need
02:58
<
clever >
dhess: just read amazon-image.nix and decide what you want to keep from it?
02:57
<
clever >
dhess: and the testnet deployer you linked above, is being created with terraform, and then nixops manages it via none
02:55
<
clever >
s/nixos-rebuild/nixops deploy/
02:55
<
clever >
and then it just booted the previous generation
02:55
<
clever >
dhess: so the nixos-rebuild failed to update the boot config
02:55
<
clever >
dhess: that sounds much more like you didnt mount /boot correctly
02:52
<
clever >
dhess: yes
2018-10-21
23:42
<
clever >
in the case of sshd, its to prevent the hostkey changing and causing unexpected mitm warnings
23:41
<
clever >
samueldr: it can also impact the postgresql version, and some ssh hostkey types
23:37
<
clever >
in this case, nix mounts /nix/store to /nix/store, with an extra read-only mount
23:37
<
clever >
pie___: you can mount a subdir of anything to another dir
23:36
<
clever >
pie___: bind mounts
00:59
<
clever >
not sure then
00:56
<
clever >
dmj`: was DO done from a mac?
00:17
<
clever >
dmj`: i was just testing it out, it had the same issues hangouts was having in that situation
00:13
<
clever >
dmj`: the default vpc still has internet access, this should work fine for you
00:11
<
clever >
dmj`: one sec
00:09
<
clever >
why do you need start and stop?
00:08
<
clever >
dmj`: it can create and destroy, but not stop/start
2018-10-20
23:59
<
clever >
that will probably be acceptable
23:59
<
clever >
you could also just have a string explaining what the default is doing
23:57
<
clever >
but adding in defaultText, makes the docs claim "default is pkgs.ferm" which means a lot more
23:57
<
clever >
with the example i just linked, the documentation would just say "default is "/nix/store/29vz9534lcvj8hw0qycf4pm9sz89zac6-ferm-2.4.1"" which doesnt mean much
23:56
<
clever >
so you also need a defaultText, that contains the same nix code as default, but quoted