<clever>
Judson1: try with a different window manager temporarily?
<clever>
jonge: the order and numbering doesnt really matter, you just need to use the right ones in the config
<clever>
LnL: with `nix copy`, you can specify that in the protocol, and it will silently ignore the flag if you are not trusted
<clever>
LnL: with the old nix-copy-closure api, it defaults to not checking signatures for trusted users (including root)
<clever>
d1rewolf: sounds like it should have no trouble running nixos
<clever>
d1rewolf: how much ram does the machine have? what cpu?
<clever>
all command line here
<clever>
d1rewolf: i have a nixos box with zfs as my nas, it currently has 3 4tb drives
<clever>
gchristensen: and now i'm fighting ghc once more, too many Crypto.Random in scope!
<clever>
i was literally editing code, running the new version, and beating the old version, with several hours of late start!
<clever>
Taneb: and it was so slow, that it was faster to profile it, and patch nix, then it was to wait for it to finish, lol
<clever>
yeah
<clever>
which results in 108 million calls to elemAt
<clever>
internally, snack is using lib.unique a lot, and lib.unique is implemented with lib.head, lib.drop, and lib.drop heavily abuses builtins.elemAt
<clever>
memoize stuff, rather then calling a function repeatedly, store its result in a set
<clever>
gchristensen: with both changes to the snack nix expressions, and adding sublist to nix itself, it went from over 38 hours, to just 14 seconds
<clever>
gchristensen: and prior to any refactorying, snack took over 38 hours to eval, and had yet to finish
<clever>
and similar high gains on others that are down as far as 15 sec
<clever>
hydra has its own options to control that, but when using nix-daemon on the build slave, that hydra feature is broken
<clever>
dhess: that causes nix to terminate any derivation that runs for over 2h
<clever>
dhess: some of the tests in haskell deadlock and just run for over 2 days
<clever>
dhess: yes
<clever>
gchristensen: though when using the nix sandbox, that "real location" is actually a temp dir i believe, and mount namespaces remap it
<clever>
check the other dirs default.nix refers to for examples of what it should look like
<clever>
srcs.nix is an input for the default.nix
<clever>
colemickens: Konqueror appears to be missing from pkgs/applications/kde/default.nix
<clever>
,locate onqueror
<clever>
,locate Konqueror
<clever>
adamantium: but hardware.cpu.intel.updateMicrocode will prepend a blob onto the initrd, which the kernel will probably run, before linux even does any real bootup logic
<clever>
elvishjerricco: try reading that row out of db.sqlite, sign it, then read again, and see if anything changes
<clever>
the option is defined, and used, but has no default and no value assigned, is a better way to put it
<clever>
elvishjerricco: just make sure to backup the file first, because if you corrupt the db, your entire /nix/ has to be reset
<clever>
elvishjerricco: i think the only way to remove signatures is to run sqlite3 against /nix/var/nix/db/db.sqlite and update the column to remove them
<clever>
elvishjerricco: what about just removing the entire path? `nix-store --delete`, and dont use force
<clever>
so you only need to do that once
<clever>
nixops will also allow its own key in the nixos it deploys
<clever>
yeah
<clever>
but the agent lets other keys leak into the nixops ssh
<clever>
sphalerite: but when nixops runs, it changes the default search path, to use the key nixops generated
<clever>
sphalerite: `ssh root@ditto.strathtech.co.uk` will default to ~/.ssh/id_rsa
<clever>
sphalerite: do you have an ssh agent running?
<clever>
hyper_ch2: the stdenv in nix already sets all of those
<clever>
enless you specially modify NIX_PATH via nix.nixPath
<clever>
if root has no channels, then nixos-rebuild will fail
<clever>
nix-env basically ignores NIX_PATH, and will recursively search ~/.nix-defexpr/ for directories containing a default.nix, and then use the dir names
<clever>
but nix-env -iA CHANNEL.package, follows entirely different rules
<clever>
so a channel named nixpkgs, only works on non-root users, when accessed via <nixpkgs>
<clever>
`/home/clever/.nix-defexpr/channels` is also at the very start, so my personal channels have top priority
<clever>
so you will have trouble using a channel named nixpkgs
<clever>
but, `nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos` is near the start, so <nixpkgs> is forcibly mapped to the nixos channel on root
<clever>
`/nix/var/nix/profiles/per-user/root/channels` is at the end for me, so every channel on root is in the path, and <unstable> would find what the above command created
<clever>
chpatrick: first, `echo $NIX_PATH`
<clever>
chpatrick: also, for extra confusion points, --add takes url&name, but --list gives name&url!
<clever>
if you do want to use nixpkgs-unstable, you can add it to root, but name it something other then nixpkgs, since that name is a bit special
<clever>
and having the nixpkgs-unstable on your user also leads to confusion, because you have to run --update twice, as each user
<clever>
chpatrick: and having a nixos channel on both root and your user just leads to confusion, because now you have 2 different versions of what "nixos" means
<clever>
chpatrick: root's channels are the default for when your user lacks channels
<clever>
chpatrick: you simply havent ran `nix-channel --update` as root in a year
<clever>
chpatrick: what is the last-mod on the most recent channel in `ls -l /nix/var/nix/profiles/per-user/root` ?
<clever>
chpatrick: no, one min
<clever>
chpatrick: and now everything should be using the same nixpkgs version, no more confusion
<clever>
chpatrick: and now `ls -l ~/.nix-defexpr/channels` should only have a manifest.nix
<clever>
chpatrick: do `nix-channel --remove nixos ; nix-channel --remove nixpkgs ; nix-channel --update` all without root
<clever>
chpatrick: ah, you have 2 nixos channels, and a nixpkgs channel, thats going to cause all kinds of weird things
<clever>
chpatrick: what does nix-channel --list report, both with and without root?
<clever>
its using the channel called nixos, that is managed by root
<clever>
thats normal
<clever>
nix-instantiate --find-file nixpkgs
<clever>
if you know what path it will be at
<clever>
markus1189: libredirect, to point it into running a pre-patched copy when it tries to run the other?
<clever>
i dont believe it can be used on derivations
<clever>
and it will filter the contents and then return another path
<clever>
cleanSource needs a path to a directory
<clever>
adetokunbo: src = lib.cleanSource ./.; is a simple example
<clever>
samueldr: oh, and #osdev knows more about low level stuff in the efi area
<clever>
if you get the `.drv` file from 2 different builds, you can use `nix-diff` to compare them, and see why its different and rebuilding
<clever>
yeah
<clever>
if you want to use it in another expression, you just import or callPackage the nix file that made it
<clever>
nope
<clever>
i just nix-build and ./result/bin/foo to test things
<clever>
i also try to avoid using nix-env when testing things
<clever>
i just use nix-build for building things in the store, and nix-env -f foo.nix -iA bar, if i want it installed into my profile
<clever>
ive never used nix-install
<clever>
lib.cleanSource can clean that up
<clever>
adetokunbo: if your leaving a result symlink in its source dir, then the source is going to change every time you build it, and nix will always have to rebuild it
<clever>
adetokunbo: you need to refer to the nix expression that built it using import or callPackage
<clever>
perrier-jouet: dont know
<clever>
perrier-jouet: i think its bootstrap+docbook, from the Makefile in the repo i linked
<clever>
for example, so grub can ask the firmware, is linux.xz correctly signed?
<clever>
i think the only point of that function, is to decide if you should verify other binaries, before you execute them
<clever>
but as you have seen, a machine without secureboot can just run something like uboot, and then uboot is free to lie and claim secureboot is "on"
<clever>
also of note, there is a function in the efi tables, that just returns a boolean, saying if secureboot is on or not
<clever>
and then linux has permission to manage the previously mentioned devices
<clever>
samueldr: but when linux boots, it runs ExitBootServices() which shuts down most of that, and limits you to just the efi vars, and some very basic stuff
<clever>
samueldr: early in the boot, the firmware is doing a lot of things, has exclusive control over drives, gpu, and usb, and provides a lot of features
<clever>
performance reasons
<clever>
those are only for the bootloader level stuff
<clever>
linux doesnt really use much of the efi services
<clever>
yeah
<clever>
dang
<clever>
so i can just select it from the main grub menu
<clever>
i have a boot.loader.grub.extraEntries that adds the correct chainload (legacy only) to the grub.cfg
<clever>
lol
<clever>
so i have to tweak bios settings, or return to pure legacy, every time i want windows
<clever>
i switched my dual-boot desktop to boot nixos in efi, but then discovered win7 still used legacy and lacks a boot.efi
<clever>
likely, because the CSM is potentially missing
<clever>
oh, anoyingly, grub-efi cant chainload any legacy os
<clever>
so u-boot would have to be configured to have a dedicated partition for its vars
<clever>
uboot cant safely write to the /boot partition when linux mounts it
<clever>
for it to work right, part of u-boot has to remain running, forever, and have the ability to write to SD
<clever>
[root@amd-nixos:~]# efibootmgr -v
<clever>
samueldr: check `mount`
<clever>
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,nosuid,nodev,noexec,relatime)
<clever>
efi reports how much time was spent in each stage of booting
<clever>
checking the logs, it looks more like a garbage collection ate the compiler (bugs in some auto-gc stuff), and the build failed when it shouldnt have
<clever>
and then 1 day ago, it fixed itself
<clever>
i can see that 3 days ago, something stopped building
<clever>
and i can pick a rev it has pre-built, and update to it almost immediately
<clever>
so i can both see if it will break without updating
<clever>
i also have my local hydra pre-building my nixos configs against nixos-unstable
<clever>
if you ensure every machine is on the same nixpkgs rev (update the channels at the same time, or other stuff), you can share build products between machines
<clever>
and now the company is very anti-nix and doesnt like the other guy that is trying to promote nix
<clever>
ive seen another company where the new guy tried to switch them to nixos before learning it fully himself
<clever>
that would be a bit more complex, but still possible
<clever>
and then people can just `nix-channel --update ; nix-env -iA company.all-tools` to both upgrade, and get any new tools added to the list
<clever>
and a common set like newstuff above, could be inside that channel
<clever>
you could make your own nix channel, for the company, which returns company specific tools in it
<clever>
the company channel could then refer to an approved nixpkgs rev, that hydra has pre-built your tools for
<clever>
it would get whatever packages the "all-tools" set in the "company" channel listed
<clever>
just make a channel, with the default.nix returning tools, and a set called all-tools
<clever>
and then anybody with the channel can just nix-env -iA company.all-tools
<clever>
your custom channel could even have such sets, directly in it
<clever>
but there are also things that break the build often, and then i move them to nix-env, because they get in the way of changing 1 line in a config file
<clever>
i try to use nix-env for temporary things, and move them to configuration.nix later
<clever>
you could also make 2 sets of packages, and choose to always install set1 from nixpkgs, and set2 from nixos
<clever>
yep
<clever>
`nix-env -iA nixos.newstuff -r` will atomicly install(or update) everything in the set, and remove anything not in the set
<clever>
but it wont remove things you took out of the set
<clever>
and if you nix-env -iA nixos.newstuff, it will install (or upgrade) everything to the versions listed there, from the nixos channel
<clever>
the override in the gist, will create a set called newstuff