#nixos — irc logs

00:35 <clever> dhess: what about systemctl status hydra-queue-runner?

00:34 <clever> dhess: what was in that log?

00:33 <clever> ghostyy: i think we should take this to #zfs

00:33 <clever> dhess: ok, what about `journalctl -f -u hydra-queue-runner` ?

00:32 <clever> dhess: that one better not be asking for any features!

00:32 <clever> dhess: yeah, got them mixed up a bit, it also doesnt matter what user you run the command as

00:31 <clever> sometimes after a large snapshot destroy, freeing has a value of 5gig, and your free space slowly climbs

00:31 <clever> that means its not actively trying to free blocks

00:31 <clever> ghostyy: what about "zpool get freeing" ?

00:30 <clever> and the .drv is already evaluated

00:30 <clever> dhess: hydra-evaluator

00:29 <clever> nix should never be in nix-env when using nixos

00:29 <clever> dhess: yeah, thats the problem, you have a 2nd copy of nix in nix-env, removing it should fix the issue

00:29 <clever> ghostyy: try destroying those snapshots and see if the error clears up

00:28 <clever> dhess: the user that had the error

00:28 <clever> dhess: i want the non-readlink version

00:28 <clever> ghostyy: nix fixed the version on the fs, but the snapshot is immutable, so it cant be fixed

00:28 <clever> ghostyy: ah, that could also explain things

00:27 <clever> ghostyy: id check to see if you can just delete some of those then, what does `nix-store --query --roots /nix/store/2cqprl9pz1x6zl1nmjwnciqpvh1a02hi-libX11-1.6.5` say?

00:26 <clever> dhess: what does `which nix-store` return?

00:25 <clever> dhess: nix 2.0 daemon doesnt set NIX_REMOTE, but nix 1.0 client still needs that set

00:25 <clever> Lisanna: do a grep -r on all of nixpkgs for that filename

00:25 <clever> ghostyy: ah, ive never seen corruption with zfs before, can you add -C5 to the grep?

00:24 <clever> dhess: you didnt set `export NIX_REMOTE=daemon`

00:23 <clever> ghostyy: which files are corrupt?

00:23 <clever> dhess: pick one of them

00:23 <clever> dhess: the .drv path

00:22 <clever> colemickens: the user on his gists is Dezgeg, he is a nixos user

00:22 <clever> dhess: not sure, but its at http://hydra.angeldsis.com/

00:21 <clever> dhess: open the details for a build that isnt buinding, find its .drv url, and then run `nix-store -r --dry-run` on it, can you pastebin the output?

00:20 <clever> dhess: hydra will never log about a missing feature

00:19 <clever> dhess: is the hydra publicly visible?

00:19 <clever> dhess: what features do the slaves have?

00:19 <clever> dhess: are jobs visible in the machine status?

00:18 <clever> dhess: how exactly is it stuck?

00:16 <clever> colemickens: i cant think of anything obvious, id have to start patching the guest kernel or the host qemu and throwing printf's everywhere

00:15 <clever> Lisanna: ah, then you can pretty much just delete the bash heredoc on lines 3,4,6,7 and your done

00:14 <clever> colemickens: mostly that hydra runs some basic nixos tests, that happen to involve 9plan

00:12 <clever> colemickens: hydra wouldnt let nixos-unstable update if such a thing was broken

00:11 <clever> Lisanna: that lets you quickly iterate thru a list of libraries, and also re-patch something that tries to auto-update and unpatch itself

00:11 <clever> Lisanna: if you run nix-build against one of these, it will generate a bash script, and if you run the bash script on an ELF, it will patch it

00:11 <clever> Lisanna: https://gist.github.com/cleverca22/8cae5bc9c02c12099a3bf5e20e75161f

00:10 <clever> it may even work with a darwin or windows host

00:10 <clever> so the host kernel shouldnt matter

00:10 <clever> colemickens: when the client tries to read something, it will relay the request to the daemon (qemu), which then uses standard posix stuff (readdir, open, read, write) to perform the same request against the host

00:09 <clever> colemickens: the "daemon" side of the 9plan connection is within qemu, and the "client" side is in the guest kernel, both come from the same nixpkgs (your fork)

00:07 <clever> its using 9plan to mount the host fs into the guest directly

00:06 <clever> colemickens: ah, the problem is with 9plan then

00:05 <clever> ghostyy: `nix-store --verify --check-contents --repair` will test the drive and repair any damage, but you should probably replace the disk asap if its truely failing

00:04 <clever> colemickens: right before the switch_root, do "ls -ltrh /fs/nix/store"

00:01 <clever> not sure then, kind of tricky to debug things in that region

00:00 <clever> you need to add another "set -x" to the stage2 script, ah, and your comment says you did

00:00 <clever> colemickens: the exec command replaces that shell with the switch_root command, so the "set -x" ceases to have any effect past that point

23:02 <clever> you can upgrade a single-user to a multi-user after installing

23:01 <clever> id just run nix-daemon as root

22:58 <clever> and also enforces the rules so 1 user cant cheat and exploit another

22:58 <clever> nix-daemon manages running everything as a single user to solve the problems

22:58 <clever> that wont inherit to the directories that the nix tools create inside /nix

22:57 <clever> because you cant easily give every user write access

22:57 <clever> you need nix-daemon to do a multi-user install

22:56 <clever> if you have +w to /nix, it never even needs root

22:56 <clever> its not designed to have root, and wants to chown /nix to your user

22:54 <clever> :P

22:52 <clever> and then nix-store --delete

22:52 <clever> i think you can use proot to map the same /home/user/whatever to /nix

22:51 <clever> then you can switch back to the faster namespace

22:51 <clever> id try doing just the --delete with proot

22:50 <clever> yeah

22:50 <clever> you can never delete paths while in a namespace

22:50 <clever> Myrl-saki: that breaks the GC root code

22:50 <clever> Myrl-saki: are you in a namespace?

22:44 <clever> Myrl-saki: i dont think nix has an option for that, you have to --delete it (and everything depending on it), then rebuild

22:42 <clever> only an output

22:42 <clever> you cant repair a .drv file

22:42 <clever> need root

22:41 <clever> yeah

22:41 <clever> Myrl-saki: you want --repair-path

22:33 <clever> thats why ive been saying to run nix-collect-garbage

22:33 <clever> so now a collect-garbage will delete more things

22:33 <clever> deleting the 2nd generation made more garbage

22:32 <clever> and there is basically no way to tell the difference between what it depended on, and all the other unused paths

22:32 <clever> but not what it depended on

22:32 <clever> you also deleted the build itself

22:32 <clever> just run `nix-collect-garbage --max-freed 1g` and you should be good

22:28 <clever> run nix-store -qR on the path that doesnt exist anymore, and try to nix-store --delete each and every one of those things

22:27 <clever> treets: the simplest way to delete more things is to `nix-collect-garbage --max-freed 1g`

22:27 <clever> treets: but not what it depended on

22:27 <clever> treets: it only deletes the path you pointed out and the things that depend on it

22:24 <clever> treets: yep

22:24 <clever> tomberek: yeah, that should be fixed

22:24 <clever> you need to use `nix-env -p /nix/var/nix/profiles/system --delete-generations 2` to make system-2-link not active

22:23 <clever> and the symlinks in /nix/var/nix/profiles/ tell you what storepath each generation is

22:23 <clever> ls -l /run/current-system points to the storepath that is currently running

22:22 <clever> it deletes the 2nd generation of the system profile

22:20 <clever> for that, you need nix-env -p /nix/var/nix/profiles/system --delete-generations 2

22:20 <clever> GC roots cant be removed with --delete

22:18 <clever> treets: when given the same path?

22:18 <clever> tomberek: builtins.fetchgit will just run the real `git ls-something` and do what git normally does to filter it

22:17 <clever> treets: you need to first run `nix-store --query --roots` on those, to see why they are still active

22:13 <clever> ?

22:12 <clever> treets: the storepath that system-link-3 points to

21:55 <clever> treets: run an ls on the sw/bin directory of those system links

21:48 <clever> to nixpkgs, under nixos/doc/

21:48 <clever> yeah

21:47 <clever> probably could be added

21:44 <clever> you can also use: nix-env -p /nix/var/nix/profiles/system --list-generations

21:43 <clever> all of the ones starting with system

21:43 <clever> ls -l /nix/var/nix/profiles/

21:42 <clever> the builds live in /nix/store, and nix-store --delete deletes them from there

21:41 <clever> if you want to remove osmething, you have to use nix-store --delete

21:41 <clever> no

21:39 <clever> including anything in the grub menu, those cant be deleted

21:39 <clever> so anything actively in-use cant be deleted

21:39 <clever> it will only be things that lack GC roots

21:38 <clever> treets: `nix-collect-garbage --max-freed 1g` will delete a random 1gig worth of un-needed things

21:36 <clever> treets: why do you want to delete some things?

21:34 <clever> if it has no roots, it can be deleted

21:34 <clever> treets: `nix-store --query --roots /nix/store/foo` will tell you if somebody can be deleted or not

21:22 <clever> nix also keeps track of what is needed and will refuse to let you delete something thats potentially in-use

19:14 <clever> ertes-w: simply add autoreconfHook to the nativeBuildInputs

19:12 <clever> ottidmes: its internally managed by nixops based on the state of libvirtd

18:53 <clever> dx__: /nix/store/f1c5k5vac133n9m8kvnda16m8373zm7y-mutt-1.9.4 is not on the binary cache, so something is different on that machine

18:51 <clever> along with what infinisil asked for

18:51 <clever> dx__: can you pastebin the output of this command on each machine: nix show-derivation $(nix-instantiate '<nixpkgs>' -A mutt)

18:50 <clever> dx__: both machines print the same string?

18:45 <clever> dx__: what does this output on both machines?

18:45 <clever> nix-instantiate --eval -E 'with import <nixpkgs> {}; "${mutt}"'

18:44 <clever> dx__: what was the original issue?

18:42 <clever> dx__: what does nix-channel --list say as both a normal user and root?

17:21 <clever> ottidmes: the .env attribute of most haskell packages is suitable for use with nix-shell

17:08 <clever> so an attacker could potentialy know everything your downloading

17:06 <clever> moredhel_[m]: there is also the minor issue that a mitm attack can expose what you are downloading to a 3rd party

17:05 <clever> dont need anything for hangouts to work

17:03 <clever> bfrog: it works on hangouts but it fails on google meetings

15:11 <clever> dx__: nix-shell -E 'with import <nixpkgs> {}; clangStdenv.mkDerivaton { name = "name"; }'

14:58 <clever> dx__: are you using nix-shell?

00:36 <clever> [root@router:~]# nix-build -E 'import <nixpkgs> {}' -A hello

00:34 <clever> if you want a nix string containing a literal ${foo} then you can use \${foo}

00:33 <clever> single quotes prevent that

00:32 <clever> and nix-build wants a derivation, so you have to give it just root, not a string containing root

00:32 <clever> so the double quotes dont have to be escaled

00:32 <clever> Myrl-saki: i also try using single quotes at the bash level

00:27 <clever> \$

00:27 <clever> ah, you want to escale the ${?

00:27 <clever> "you can still do ${5*5} nix"

00:26 <clever> Myrl-saki: ''doublesingle'' or just 'single'?

23:29 <clever> `man 5 configuration.nix`

23:29 <clever> pirateking: you forgot the .nix at the end

21:59 <clever> iitalics: https://nixos.org/nixpkgs/manual/#chap-packageconfig

21:58 <clever> iitalics: you can also edit ~/.config/nixpkgs/config.nix and run nix-env -iA to install the changes

21:53 <clever> iitalics: -i uses a lot of ram, -iA uses almost nothing

21:53 <clever> !-A

21:53 <clever> also

21:53 <clever> Thedarkb-X40: yeah, swap is a must for such a small system

21:53 <clever> Thedarkb-X40: should work, ive ran it on a system with similar specs and only 4gig of disk

21:52 <clever> iitalics: so whatever they install with nix-env -i is unique to that user, and appears within ~/.nix-profile/

21:52 <clever> iitalics: and since $USER is unique to each user, they each have their own profile

21:52 <clever> iitalics: by default, ~/.nix-profile for each user will point to /nix/var/nix/profiles/per-user/$USER/profile

21:37 <clever> i'm thinking, instead of symlinking default.nix to ../foo/default.nix, you make a default.nix containing: import ../foo/default.nix

21:36 <clever> 5

21:36 <clever> nix-repl> 10 / 2

21:35 <clever> divide path by 2 or open the dir 2?

21:35 <clever> it may not like the /2

21:35 <clever> oh

21:35 <clever> was expecting it to open the default.nix in there

21:33 <clever> then nix knows to look iwthin 2

21:32 <clever> infinisil: what about using "import ../2" instead of a symlink from one default.nix to another

21:31 <clever> it appears to be doing the import ./content.nix relative to the path you gave it, not the absolute path of the file the statement is within

21:26 <clever> pirateking: but it cant help when using import in nix

21:25 <clever> infinisil: what are you doing with the symlink in nix?

21:16 <clever> correct

21:16 <clever> then install phase copies the built binaries from . to $out

21:16 <clever> then configure and build phases build it in .

21:15 <clever> steveeJ: unpackPhase copies $src to .

21:15 <clever> steveeJ: the builder starts in a tmpdir that the unpackPhase is supposed to unpack the source into

21:14 <clever> the current directory

21:14 <clever> steveeJ: you have to copy from $src to .

14:01 <clever> nico202: need to convince every other user on the server

13:58 <clever> nico202: its also been giving me a lot of trouble lately

13:52 <clever> haskell.lib.doJailbreak haskellPackages.pandoc

13:50 <clever> lo_mlatu_: yes

01:39 <clever> for example: python.withPackages (ps: [ ps.pyopengl ])

01:39 <clever> for python, you generally want to use pythonWithPackages

01:38 <clever> sgillespie: ^^^

01:38 <clever> !library

22:37 <clever> iitalics: its not really documented, but ctrl+f this file for mkif: https://github.com/NixOS/nixpkgs/blob/master/lib/modules.nix#L463-L468

22:27 <clever> freeman42x]NixOS: i summoned dmj, the author of miso :P

22:26 <clever> freeman42x]NixOS: *begins the summoning ritual* ....

22:25 <clever> ah :(

22:24 <clever> Unode: id recomend each machine have its own /nix/store, and then use a binary cache to share things

22:23 <clever> lol

22:22 <clever> Myrl-saki: nice

22:21 <clever> and then a regular old nix-collect-garbage wont see them, so your files go bye bye

22:21 <clever> Unode: if its on nfs, then the symlinks nix-build is creating may not be visible on another machine

22:19 <clever> Unode: you could also `grep delete ~/.bash_history`

22:18 <clever> it deleted the target of /run/current-system, lol

22:18 <clever> i once used force when trying to get rid of something

22:17 <clever> Unode: nope

22:16 <clever> which ignores those symlinks

22:16 <clever> Unode: what about a user that ran nix-store --delete --force?

22:16 <clever> so you could have 3 different names for the same host, that trigger different configs

22:15 <clever> Myrl-saki: and if you do `Hostname baz` after that, then `ssh foobar` will actually connect you to baz!

22:15 <clever> Myrl-saki: if you do `Host foobar` in ~/.ssh/config, then all lines following it will only apply to `ssh foobar`

22:14 <clever> then the symlinks will temporarily not exist, and "oh, you dont need this anymore"

22:14 <clever> Unode: the only way i can see things breaking, is if the FS containing package/version isnt mounted when you run a GC

22:14 <clever> Myrl-saki: you can even change the ip it connects to, so the hostname becomes just an alias

22:14 <clever> Myrl-saki: you can also use ~/.ssh/config to set options per-hostname

22:13 <clever> that should never disapear

22:13 <clever> renaming also breaks it

22:12 <clever> if you move the symlink, that magic is broken

22:12 <clever> as long as ~/roots/hello exists

22:12 <clever> ~/roots/hello now points to the hello derivation, and nix will refuse to delete it

22:12 <clever> the simplest example would be: nix-build '<nixpkgs>' -A hello -o ~/roots/hello

22:11 <clever> Unode: if you create the symlinks using nix, then nix will know they are in use, and cant ever GC them

22:10 <clever> Unode: ah, no, only a run of --delete or nix-collect-garbage can remove it

22:10 <clever> Myrl-saki: havent tested it yet

22:09 <clever> and dont use --force

22:09 <clever> Unode: nix-store --delete /nix/store/foo

22:09 <clever> the only thing a daemon does, is police the rules when root owns /nix

22:08 <clever> ALL nix tools are fully capable of operating without a daemon, if they have write access to everything in /nix/

22:08 <clever> the nix-store process it launches can write directly to the store

22:08 <clever> nope

22:05 <clever> by default, it runs `make installcheck`

22:04 <clever> Myrl-saki: its just a check phase that runs after the install phase

22:04 <clever> Myrl-saki: https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L1106-L1123

22:02 <clever> iitalics: and line 7 of the same file

22:02 <clever> iitalics: https://github.com/NixOS/nixpkgs/blob/master/nixos/default.nix#L1

22:01 <clever> Myrl-saki: and what is in that nix.conf?

22:00 <clever> Myrl-saki: did you set NIX_CONF_DIR to point to a dir with nix.conf?

21:57 <clever> as long as its running the patched version

21:57 <clever> any nix process that has write access to the store will just do the right thing

21:57 <clever> if your using single-user nix, then you dont need any daemon at play

21:56 <clever> pong

21:21 <clever> :D

21:20 <clever> or /dev/stdin

21:20 <clever> then it will redirect in the current tty

21:20 <clever> what about /dev/tty

21:20 <clever> oh

21:20 <clever> maybe

21:19 <clever> the args are restricted

21:17 <clever> Myrl-saki: if you try to ./foo a +x'd file, that lacks a #!, bash will run itself on the file!

21:17 <clever> also of note, bash cheats

21:17 <clever> it proably also needs a #!

21:16 <clever> Myrl-saki: :b pkgs.writeScriptBin "plsrunbash" "exec bash"

21:15 <clever> also :b it

21:14 <clever> :D

21:11 <clever> but its simpler to just do pkgs.writeScriptBin, nix-build it, and nix-copy-closure

21:11 <clever> if you are a trusted user (which you are in single-user), you dont even need the output to match up with the hash of the storepath

21:10 <clever> Myrl-saki: also of note, the nix api basically lets you write to any path in /nix/store that does not currently exist

21:08 <clever> phase b: how to hack your own server!

21:07 <clever> that has a different command on it

21:07 <clever> do you have a 2nd pubkey?

21:07 <clever> oops

21:07 <clever> oh

21:07 <clever> <enter>~. will cause ssh to forcibly hang-up

21:03 <clever> thats what i was just guessing! lol

21:03 <clever> Myrl-saki: and if you run `env` from .profile, you may find the original command in an env var

21:03 <clever> Myrl-saki: yep

21:01 <clever> Myrl-saki: it will ignore whatever ssh asked it to run, so you need to force the command to be a wrapper script that runs nix-store --serve --write

20:59 <clever> its probably /bin/bash -l

20:58 <clever> bash sources different files depending on if its login or not

20:58 <clever> i dont think it counts as a login shell when you do that

20:57 <clever> you just need a line like that in authorized_keys

20:57 <clever> Myrl-saki: command="/home/foo/wrappers/nix-store" ssh-rsa giant-ass-base64-blob

20:54 <clever> try the authorized_keys thing then

20:54 <clever> your shell is wrong, i see

20:54 <clever> ahh

20:52 <clever> and then do the ssh again

20:52 <clever> try adding echo to both .bashrc and .profile

20:51 <clever> ssh -t -i .ssh/packet_rsa myrl@c.zv.io nix-store

20:51 <clever> i have a theory

20:51 <clever> try adding -t to ssh

20:51 <clever> thats the most similar to what nix does

20:50 <clever> Myrl-saki: also, what about `ssh -i .ssh/packet_rsa myrl@c.zv.io nix-store`

20:50 <clever> Myrl-saki: and what is the contents of ~/.ssh/authorized_keys ?, and is an ssh agent active?

20:42 <clever> lol

20:42 <clever> ahh

20:42 <clever> -rws--x--x 1 root root 52175 Nov 3 2013 /usr/bin/chsh

20:41 <clever> Myrl-saki: what about chsh?

20:41 <clever> it can only ever be a build slave

20:41 <clever> in the example i linked, it prevents the ssh key on root, from actualy giving a root shell

20:40 <clever> that can just be stuck into ~/.ssh/authorized_keys

20:40 <clever> no mater what the remote user asked for

20:40 <clever> then sshd will force the shell to always run that command

20:40 <clever> Myrl-saki: if you prefix an ssh pubkey with command="...."

20:39 <clever> Myrl-saki: https://github.com/input-output-hk/iohk-ops/blob/develop/modules/hydra-slave.nix#L20

20:38 <clever> Myrl-saki: one min

20:38 <clever> Myrl-saki: oh, also, authorized_keys magic

20:38 <clever> Myrl-saki: so you can mess with PATH all you want

20:38 <clever> Myrl-saki: bash will read either ~/.profile or ~/.bashrc, even for non-interactive shells

20:35 <clever> and "$@" is how you forward args

20:34 <clever> and stick it into PATH

20:34 <clever> Myrl-saki: i think your best bet, is to put all of that into a bash script on the remote machine, called nix-store

20:34 <clever> Myrl-saki: nice

19:37 <clever> yep

19:37 <clever> bbl

19:37 <clever> Myrl-saki: and since you have a daemon, NIX_CONF_DIR has to be set in the context of the daemon

19:36 <clever> the daemon also has to be running the new version i guess

19:35 <clever> you need to use the absolute path to the old nix to revert

19:34 <clever> enless that is some internal error deep within nix

2018-04-27

2018-04-26

2018-04-25

2018-04-24