2018-02-18

<clever> yonk_: can you gist your configuration.nix file?
<clever> yonk_: hmmm, that should work
<clever> yonk_: and if you run the file command on it?
<clever> yonk_: and then ls -lh /nix/store/6lzbj0al7jshsa96zl1q2fqbw89v8wyi-wine-2.0.2/bin/wine
<clever> yonk_: what does `which wine` say?
<clever> yonk_: can you run nix-store --verify --check-contents ?
<clever> yonk_: what distro are you on?
<clever> yonk_: wine.override { wineBuild = "wineWow"; }; will give you a 64bit capable wine
<clever> yonk_: wine defaults to 32bit mode, not much uses 64bit wine
<clever> hask_bee_3: but better, since it covers every single system library and executable
<clever> and also nix-instantiate --find-file nixpkgs
<clever> "18.03pre125026.f607771d0f5"
<clever> $ nix-instantiate --eval -E 'with import <nixpkgs> {}; lib.nixpkgsVersion'
<clever> hask_bee_3: but if you lock the nixpkgs version in your .nix files, it will only update when you change that version in the file
<clever> hask_bee_3: the version can only change when you update the nixpkgs version, which is usually at nix-channel --update
<clever> hask_bee_3: it uses whatever version is defined inside the nixpkgs files
<clever> obadz: probably in the 3rd month
<clever> magnetophon: depends on what was reverted, and ive never seen a channel go backwards like that
<clever> cinimod_: this tells the shake package to ignore all versions defined in the cabal file
<clever> nix-repl> haskell.lib.doJailbreak haskellPackages.shake
<clever> ixxie: not sure if it can recurse
<clever> then haskellPackages.<tab><tab>
<clever> ixxie: nix-repl '<nixpkgs>'
<clever> ixxie: i just tab-complete haskellPackages in nix-repl
<clever> zarel: :D
<clever> hask_bee_3: that will then just lock the versions of everything
<clever> hask_bee_3: you could also just take the nixpkgs revision your using, and put that into the shell.nix
<clever> zarel: yeah
<clever> zarel: users.extraUsers.clever.uid = 1000; for example, pins the uid on the nixos side
<clever> zarel: youll want to ensure they match up between all users in /home
<clever> zarel: if you mount the nixos /nix/store within arch, and configure nix-daemon to run, you could share your entire nix-env profile between both with little issues
<clever> hask_bee_3: build it in the nix sandbox, so things you forget are just not there, then look at the errors
<clever> hask_bee_3: you could also look into stack2nix, which will build the entire project using nix
<clever> hask_bee_3: you can only clearly define the versions if you provide a shell.nix file
<clever> buovjaga: vesa is the simplest driver i believe
<clever> buovjaga: for the above error, i believe you need to set services.xserver.videoDrivers
<clever> it should give line numbers telling you where the issue is
<clever> so youll want to copy that .nix file out of nixpkgs, modify the copy (and fix the relative paths), then use the copy
<clever> but imports entries like that cant be overriden
<clever> you are now free to add any nixos option you want to the image
<clever> buovjaga: then switch to nixos-config=./configuration.nix
<clever> buovjaga: create a configuration.nix file, and add the original nixos-config= path to the imports list
<clever> sphalerite_: not sure then
<clever> so it doesnt get into the cache
<clever> sphalerite_: its also possible that the hydra platforms is allowing hydra to build it, but hydra just fails
<clever> off to the source then!
<clever> wait, no, it does
<clever> isExecutable
<clever> sphalerite_: halma doesnt define itself as having executables
<clever> libraries are of no use on their own
<clever> maybe its only those that declare themselves to have an executable
<clever> sphalerite_: ah, i see, in hackage-packages.nix, some have no hydra platforms, some dont
<clever> sphalerite_: so anything that is indirectly referenced, via something in the pkgs. set has to pull it in
<clever> sphalerite_: i think all of the haskell packages default to an empty hydra platforms, too much to build
<clever> buovjaga: and the nix patch in the same file, will add a build-extra-platforms field to /etc/nix/nix.conf, so you can convince nix-daemon to run binaries that shouldnt work
<clever> without having to boot an arm kernel under qemu
<clever> if you run the ./result/bin/register within it, then the linux host magically gains the ability to just run aarch64 ELF files
<clever> buovjaga: the qemu-arm64 attribute in here builds a variant of qemu-user that supports aarch64
<clever> buovjaga: there is also qemu-user that may be of interest to you
<clever> The Large Physical Address Extension (LPAE), which extends the physical address size from 32 bits to 40 bits, was added to the ARMv7-A architecture in 2011.[104]
<clever> sphalerite_: only thing i can think of then is to nix-store --query --hash each storepath after building, and diff them
<clever> sphalerite_: which will build it several times, then tell you if it differed
<clever> sphalerite_: there is an --option build-repeat 2
<clever> LPAE is an optional feature that supports a 40 bit address bus, while operating in 32bit mode
<clever> and depending on how much ram you have, the entire 3-4 range may be valid
<clever> in kernel mode under linux, the 0-3gig range is mapped to the current process, and 3-4gig kernel land
<clever> yeah
<clever> if the opcode is even valid
<clever> as for just running random garbage, chances are, its going to try to address something outside the mappings and cause a page fault
<clever> sphalerite_: if that fuzzer hasnt broken the chip, then the cpu likely cant be damaged
<clever> sphalerite_: do you mean damage to the cpu, or damage via executing a syscall that does harm?
<clever> sphalerite_: there are programs designed to do just that on purpose, one min
<clever> sphalerite_: wow, got 3.8gig just from /etc/nix/result
<clever> 2822 store paths deleted, 3856.34 MiB freed
<clever> buovjaga: you need to insert the full path that --find-file finds
<clever> /nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
<clever> [clever@amd-nixos:/nix/store]$ nix-instantiate --find-file nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
<clever> buovjaga: that doesnt contain the path to the nixos directory
<clever> buovjaga: what is the new command you ran?
<clever> buovjaga: you already have the file, the above cmd will find it
<clever> buovjaga: nix-instantiate --find-file nixpkgs/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
<clever> buovjaga: you need to give it the path to the nixos directory inside the nixpkgs folder
<clever> sphalerite_: i'm doing some cleanup on my machine, and i'm finding result links everywhere, just found a /etc/nix/result left-over from nixos-rebuild build
<clever> sure
<clever> without that, it adds more to the list every time you run the command
<clever> an empty -option will wipe the entire options list
<clever> now you can try other things from that file
<clever> yep
<clever> try it with numbers also
<clever> without that, it will prepend every time you run it
<clever> then the rest add things back in
<clever> the -option without any value, clears all of the options
<clever> it seems to ignore invalid options silently
<clever> try shift lock above, to verify that they work at all
<clever> i-am-the-slime: and this file lists every option, and tells you what it does in english!
<clever> eurosign:e Euro on E
<clever> [clever@amd-nixos:~]$ grep eurosign /nix/store/cj8sj64sbbj950hd00wz9q4ccq3ssdfj-setxkbmap-1.3.1/share/X11/xkb/rules/base.lst
<clever> !@#$%^&*(
<clever> i-am-the-slime: this changes capslock into shiftlock, so it also effects numbers
<clever> [clever@amd-nixos:~]$ setxkbmap -option -option terminate:ctrl_alt_bksp -option caps:shiftlock
<clever> that means it can effect numbers now
<clever> sphalerite_: heh, nice, capslock is now shift lock!
<clever> [clever@amd-nixos:~]$ setxkbmap -option -option terminate:ctrl_alt_bksp -option caps:shiftlock
<clever> sphalerite_: aha, and this actually has the full option string, and a description!
<clever> [clever@amd-nixos:~]$ grep eurosign /nix/store/cj8sj64sbbj950hd00wz9q4ccq3ssdfj-setxkbmap-1.3.1/share/X11/xkb/rules/base.lst eurosign:e Euro on E
<clever> oh, i also see a man directory in this storepath
<clever> without the wipe flag, it always prepends
<clever> so this wipes the list, then restores the original value
<clever> [clever@amd-nixos:~]$ setxkbmap -option -option terminate:ctrl_alt_bksp
<clever> (as saved in root window properties). If you want to replace all previously specified options, use the -option flag with an empty argument first.
<clever> and it accepts invalid options silently
<clever> ok, so -option prepends things, and i have no way to undo...
<clever> options: capslock:foobar,capslock:none,capslock:shiftlock,terminate:ctrl_alt_bksp
<clever> i-am-the-slime: the --option flag here, lets you just set whatever you want at runtime
<clever> aha
<clever> $ setxkbmap -model pc104 -layout cz,us -variant ,dvorak -option grp:alt_shift_toggle
<clever> if it lacks support for basic #include, it likely doesnt have a pre-processor :P
<clever> but also, i doubt that compiler supports them
<clever> ah, that could be handy
<clever> sphalerite_: nope
<clever> that compiler also lacked #include, so i had to retype every single header file
<clever> so i had to go 3 levels deep into a menu every time
<clever> sphalerite_: that reminds me of the day i tried to type c code on a treo 650, it doesnt have { or } keys, or ;
<clever> i-am-the-slime: i think this is altwin:hyper_win
<clever> 65 xkb_symbols "hyper_win" {
<clever> 63 // Hyper is mapped to the Super.
<clever> so they are always free
<clever> but now i have a whole 11 buttons that nobody expects you to have
<clever> on normal keyboards, i have trouble setting up global keybinds, everything is in use in some app :P
<clever> sphalerite_: yep
<clever> i-am-the-slime: i see 2 files that name hyper
<clever> capslock:xkb_symbols "hyper" {
<clever> altwin:xkb_symbols "hyper_win" {
<clever> its even got brightness adjustment keys
<clever> sphalerite_: also, i have a stop and help button on my keyboard, so things are a bit different here, lol
<clever> sphalerite_: i might be mixing hyper and super up
<clever> i-am-the-slime: meta is alt, hyper is the windows key
<clever> hyper_ch: just change the .zip to .tar.gz
<clever> hyper_ch: github allows tar
<clever> i-am-the-slime: i can see options to map shift to capslock, swap control and caps, make escape capslock and more
<clever> hyper_ch: only fetchTarball and fetchurl
<clever> check the capslock file in the same directory
<clever> it maps scan code AD03 to the EuroSign
<clever> i-am-the-slime: i believe lines 3-6 define what eurosign:e does
<clever> eurosign lists 4 different configs, to have the euro sign on the e, 2, 4, or 5
<clever> no harm in reading what nix generates
<clever> typetetris: yeah, that also works
<clever> so you can look at the exact same files i have (which may be newer or older then your own variant)
<clever> it will download that exact path from the binary cache
<clever> also, if you run `nix-store -r /nix/store/i75qkyhlvjy5li19rf65jcg8hxnvzbv0-xkeyboard-config-2.22`
<clever> [clever@amd-nixos:/nix/store/i75qkyhlvjy5li19rf65jcg8hxnvzbv0-xkeyboard-config-2.22/share/X11/xkb/symbols]$ ls
<clever> i-am-the-slime: i just did 'ps aux | grep X'
<clever> it also has directories that match the options
<clever> ./share/X11/xkb/symbols/eurosign
<clever> i-am-the-slime: and it contains things that match up with the xkb options
<clever> /nix/store/i75qkyhlvjy5li19rf65jcg8hxnvzbv0-xkeyboard-config-2.22/share/X11/xkb/symbols/us: include "eurosign(5)"
<clever> [clever@amd-nixos:~]$ grep -r --color eurosign /nix/store/i75qkyhlvjy5li19rf65jcg8hxnvzbv0-xkeyboard-config-2.22/
<clever> i-am-the-slime: this looks related to the xkb options...
<clever> -xkbdir /nix/store/i75qkyhlvjy5li19rf65jcg8hxnvzbv0-xkeyboard-config-2.22/etc/X11/xkb
<clever> root 29587 7.5 0.0 1271536 24160 tty7 Ssl+ Feb13 542:22 /nix/store/jxg0pggmk24dcq5ad9a2jdh6dw1wc0h6-xorg-server-1.19.6/bin/X -config /nix/store/yicyxhnp3gkhdizs5074mvvzklg3rqf6-xserver.conf -xkbdir /nix/store/i75qkyhlvjy5li19rf65jcg8hxnvzbv0-xkeyboard-config-2.22/etc/X11/xkb -logfile /dev/null :0 vt7 -verbose 3 -nolisten tcp -terminate -auth /var/run/slim.auth
<clever> i-am-the-slime: let me see....
<clever> typetetris: so you could just import <nixpkgs> or import builtins.fetchTarball
<clever> typetetris: and the default.nix can contain pretty much any expression that returns a set of packages
<clever> typetetris: this creates a new foo channel, so you can nix-env -iA foo.hello
<clever> import /home/clever/apps/nixpkgs
<clever> [clever@amd-nixos:~]$ cat .nix-defexpr/test/foo/default.nix
<clever> typetetris: is it possible to edit the nix-defexpr fairly easily
<clever> ah, wasnt sure how smart it was
<clever> infinisil: but nix is still going to recursively go over the entire home every time
<clever> infinisil: the only hack-job i can think of, is to import all of /home/clever, with a filterSource to reject anything not /home/clever/.test/
<clever> infinisil: yeah, i dont know of any way to rename something as its being imported like that
<clever> nix-prefetch-url [--unpack] will just download the url, hash it the same way as the above 2, and add it to the store
<clever> any time nix is dealing with more then 1 file in a fixed-output, it has to use the non-flat variant
<clever> `nix-hash --type sha256 --base32 path`, this will encode the given path as a NAR file, sha256 that, then base32
<clever> `nix-hash --flat --type sha256 --base32 path`, this will just sha256 a file, encode is to base32, and thats it
<clever> ertes: builtins.fetchTarball needs the hash from nix-prefetch-url --unpack
<clever> ottidmes: also, hydra has a built in nix-serve like process, so any hydra server share it
<clever> (that machine doesnt nix-serve, so its safe for me)
<clever> ottidmes: so just dont leak things like i did with mine above :P
<clever> ottidmes: and as long as you keep your nixos store paths secret, it should be safe
<clever> ottidmes: ah
<clever> ottidmes: if i knew your public facing domain
<clever> ottidmes: so if you posted something like this symlink, i could trivially track it down to the secret keys
<clever> lrwxrwxrwx 1 root root 93 Feb 16 11:57 /run/current-system -> /nix/store/cnr09qcb4xvvr51b00n7wxcnl9x9yica-nixos-system-amd-nixos-18.03pre125026.f607771d0f5
<clever> bhipple[m]: it would need to be something like squid, that can proxy requests and cache the responses
<clever> ottidmes: oh, and also, your signing key is in the store now, so nix-serve is sharing it with the world
<clever> bhipple[m]: oh, and nix has a cache for the cache, and will not request again after a cache miss
<clever> bhipple[m]: and it always re-signs everything with the keys you configured it for
<clever> bhipple[m]: nix-serve doesnt really act as a mirror, all it can do is serve what you have in /nix/store/
<clever> bhipple[m]: nix will reject unsigned things
<clever> bhipple[m]: does that metadata also include a signature?
<clever> bhipple[m]: and does the narinfo also include a signature?
<clever> bhipple[m]: to start with, try doing an http query against nix-serve, take the hash from /nix/store/HASH-name and query http://example.com/hash.narinfo
<clever> ottidmes: and what does the expression do with that string?
<clever> ottidmes: which nixos option did you set?
<clever> ottidmes: that sounds like its trying to read it at nix build time, which it shouldnt be doing
<clever> yeah, that should work
<clever> if you use a quoted absolute path, it will probably work better
<clever> ottidmes: so your secrets are no longer secret
<clever> ottidmes: i suspect that if you use an unquoted path, it gets copied into the nix store
<clever> thats also a common way to repair a nixos install
<clever> thoughtpolice: i think nixos and nixpkgs primarily use the right number of ./../'s
<clever> thoughtpolice: the bulk of the expression on the wiki i linked, is to deal with it working on 1.11 as well
<clever> thoughtpolice: yeah, fetchTarball is best
<clever> thoughtpolice: then anything you miss, just fails hard
<clever> thoughtpolice: that then lets you juset `unset NIX_PATH`
<clever> thoughtpolice: oh, about dealing with import <nixpkgs>, there is an expression that can bootstrap a fixed nixpkgs, without relying on <nixpkgs>
<clever> srk: and netboot-base is netboot + all-hardware + base + installation device + no password
<clever> srk: netboot-minimal is just netboot-base + the minimal profile
<clever> srk: i think using netboot.nix directly, and skipping the netboot-base will also skip the installation device config
<clever> srk: thats mostly a matter of just selecting which nixos profiles are included
<clever> thoughtpolice: and this expression boots similar kernel+initrd pairs under qemu
<clever> thoughtpolice: this fully configures a netboot server for PXE, and serves a nixos installer that runs from ram
<clever> thoughtpolice: ive also got nixos expressions that can PXE boot nixos, without relying on the hdd ay all
<clever> infinisil: and adding a / gives you /root/, which is shortened to /root again
<clever> infinisil: it turns into /root
<clever> after every append, it parses the path, and strips out elements that arent needed
<clever> infinisil: which means ./. + "/" + filename is broken
<clever> infinisil: another weird bug, ./. + "/" is a no-op
<clever> while properly telling nix i just want ./foo, skips that
<clever> infinisil: ive also had related issues, where importing ./. hauls in several gig of junk
<clever> infinisil: and if you later "${./. + "/foo"}" then you get /nix/store/hash-foo/
<clever> infinisil: while ./. + "/foo" will just do the exact same thing as ./foo
<clever> infinisil: "${./.}/foo" will first copy all of ./. into the store, then append foo, resulting in /nix/store/hash-src/foo

2018-02-17

<clever> nope, paths are magic :P
<clever> that will append a string to the path, which returns another path
<clever> infinisil: callPackage (./. + "/${filename}") {}
<clever> infinisil: i prefer to keep it as a path for as long as possible
<clever> infinisil: that turns it into a string, which may break some things
<clever> infinisil: ah, then emacs should read that path at runtime
<clever> infinisil: what are you trying to do?
<clever> infinisil: toString turns it into an absolute path, and the nix sandbox wont allow you to access it
<clever> srk: dang!
<clever> [392990.152375] overlayfs: filesystem on '/home/clever/.daedalus/upper' not supported as upperdir
<clever> ottidmes: yeah, once youve closed all open mounts and ran a sync, it should be safe to cut power
<clever> /* Workdir should not be subdir of upperdir and vice versa */
<clever> i think it will do things like copy a file from lower -> work, then use rename to atomicly move from work->upper, after applying changes
<clever> what does it do with work, and why does it have to share the mount...
<clever> srk: now youve got me wondering....
<clever> and then it still needs bash to mkdir the 2 dirs
<clever> so they would be subdirs of the same tmpfs, or just part of the / tmpfs
<clever> ahhh, dang
<clever> a real stress-test, would be to try nixos-rebuild switch inside the ramdisk, and see if it implodes
<clever> the unionfs works similarly
<clever> yeah, that part will still be manual, as lines 67-69 already do
<clever> this part already does that
<clever> Dezgeg: if you tell nixos that a tmpfs is mounted at /nix/store, it should add the /mnt-root on its own
<clever> that would leverage nixos creating the directories for you
<clever> also, workdir= could point to another tmpfs defined in fileSystems, which eliminates the bash entirely
<clever> and your using an existing tmpfs
<clever> srk: i think upper, is what you would point upperdir= at
<clever> srk: your creating an upper directory, but its not used
<clever> srk: it needs the mkdir to work?
<clever> bhipple[m]: also, i think nix-daemon will need root, since it will try to setuid the worker children, which must be members of the nixbld group
<clever> the daemon just has to be started as the right user, by the system service manager
<clever> that would probably make the security worse
<clever> so if the store is locked down and you use nix-daemon to gain access, you have to run it as the user with +w
<clever> technically, it just has to be ran as the user that has +w to /nix/store/
<clever> --option can override most things in nix.conf, but some require root to have an effect
<clever> bhipple[m]: only root can do that, via --option binary-caches foo
<clever> it may need a delete --force?
<clever> ambro718: id also make a backup of the sqlite before you do that
<clever> ambro718: if you export the json to a file, you can edit the problem IP, then re-import it
<clever> the -r flag for jq does that for you
<clever> it should be split into multiple lines, at the \n's
<clever> ambro718: this will dump the entire state as json, then use jq to index into the deployment uuid, resources, hostname, and then the private key for the none backend
<clever> [clever@amd-nixos:~/nix-tests/kexec]$ nixops export -d mystuff | jq '."8a64e407-7566-11e7-bd65-0242d34d2030".resources.eeepc1."none.sshPrivateKey"'
<clever> one min
<clever> ambro718: its very convenient, until things break :P
<clever> ambro718: the ssh private key is inside the sqlite database
<clever> ambro718: you can set the noauto flag, that should make it happy
<clever> srk: each gpu driver within qemu has its own variant of text_update
<clever> to make it reuse the new config.nix body
<clever> you can also put nixpkgs.config = import ~/.config/nixpkgs/config.nix; in the old file
<clever> prooftechnique: and this is where it goes
<clever> ~/.config/nixpkgs/config.nix
<clever> prooftechnique: a config.nix file starts with just { packageOverrides = ...
<clever> prooftechnique: nix-build doesnt understand that
<clever> prooftechnique: thats not a config.nix file
<clever> also, can you gist the config.nix file?
<clever> re-run nix-build with -v and check the output, you should see it reading config.nix
<clever> nix-build obeys that file automatically
<clever> prooftechnique: config.nix overrodes?
<clever> prooftechnique: where is the override?