2021-03-30

<clever> matthewcroughan: https://dpaste.com/ARQQ55C79 if you use super on line 40, then you will be refering to the state of nixpkgs BEFORE this overlay was applied
<clever> matthewcroughan: and you probably want self there, not super
<clever> matthewcroughan: so you want python3Packages.mkdocs-macro-plugin
<clever> matthewcroughan: your overlay is adding it to python3Packages
<clever> _d0t: pkgs.path + "/pkgs/development/haskell-modules"

2021-03-29

<clever> Unode: optional returns an empty list when the condition is false, so you need to use ++ to append it to the list
<clever> > lib.optional false 42

2021-03-27

<clever> or possibly this one
<clever> cc-wrapper/add-hardening.sh: declare -A hardeningDisableMap=()
<clever> matthewcroughan: it should be in this file
<clever> [clever@amd-nixos:~/apps/nixpkgs/pkgs/build-support]$ git grep hardeningDisable
<clever> bintools-wrapper/add-hardening.sh: declare -A hardeningDisableMap=()
<clever> it really is
<clever> :D
<clever> matthewcroughan: yeah
<clever> yeah
<clever> matthewcroughan: paths can be stored in variables, foo = ../../..; bar = foo + "/baz";
<clever> apo: if you set services.exim.enable then `which exim` will be setuid root
<clever> apo: exim does install the exim binary itself with a wrapper
<clever> 100 security.wrappers.exim.source = "${cfg.package}/bin/exim";
<clever> apo: needs an option like this
<clever> modules/programs/ssmtp.nix: program = "sendmail";
<clever> modules/programs/ssmtp.nix: services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail {
<clever> it is correct
<clever> matthewcroughan: the default name is "${pname}-${version}"
<clever> or `nix build .#`
<clever> nix build .#foo
<clever> >> and then tell arch to remove nix
<clever> but the arch one is earlier in $PATH
<clever> you must have already had a copy of nix in `nix-env -q` before
<clever> possibly
<clever> > nixFlakes
<clever> matthewcroughan: just do a plain nix-env -iA nixpkgs.nix, and let it stay in /nix/store
<clever> matthewcroughan: even static, it will have references into /nix/store
<clever> matthewcroughan: if nix is in /usr/bin/nix, then its being managed by arch, either tell arch to update it, or `nix-env -iA nixpkgs.nix` and then tell arch to remove nix
<clever> supersandro2000: ah, ive been using a hand-written .service file, with a reference to ~/.nix-profile
<clever> matthewcroughan: depends on what `which nix` returns
<clever> yep
<clever> tab-completion in nix repl is your friend
<clever> matthewcroughan: spelling mistake
<clever> propagatedBuildInputs
<clever> it will be the 1st arg of whatever you gave to overrideAttrs
<clever> it will instead be in oldAttrs
<clever> it will never be on super or self
<clever> propogatedBuildInputs is an attribute of a derivation, not a package set
<clever> normally, that function is in a default.nix file
<clever> that style is what lets nativeBuildInputs work, and also lets .override work
<clever> thats defining a function, which is then passed to callPackage
<clever> matthewcroughan: add future to the function on line 3
<clever> propagatedBuildInputs = [ super.python3Packages.lunr ];
<clever> that is fine, as long as no other python package depends on lunr
<clever> because i thought mkdocs was also a python package, and i didnt know which depended on which
<clever> or self.python3Packages.lunr
<clever> 2021-03-26 22:14:10 < clever> so you want pkgs.python3Packages.lunr
<clever> lunr is a python package
<clever> > pkgs.pkgs.pkgs.hello
<clever> also, super.pkgs doesnt make much sense
<clever> yeah, python makes it more fuzzy, except for native extensions
<clever> buildInputs and propagatedBuildInputs are for things you will be "linking" against and using at runtime
<clever> also, nativeBuildInputs is for things you use at build time
<clever> nativeBuildInputs = [ super.pkgs.lunr super.pkgs.mkdocs ];
<clever> the overlays are needed, if your overriding a dep of something your using
<clever> callPackage is needed any time you want nativeBuildInputs vs buildInputs to actually do its job
<clever> super is only used for when you want the pre-override version
<clever> matthewcroughan: you want to use callPackage, and it will find it from the right place for you
<clever> so you want pkgs.python3Packages.lunr
<clever> matthewcroughan: and lunr is being added to python3Packages, not nixpkgs
<clever> matthewcroughan: the super variable is only accessible from lines 17-30
<clever> super
<clever> matthewcroughan: just cut&paste it back into overlay= where it was before
<clever> matthewcroughan: ah, mkdocs isnt in pythonPackages, it needs to be moved to the nixpkgs overlay
<clever> matthewcroughan: https://dpaste.com/CBWWLZ3YE more like this
<clever> matthewcroughan: can you pastebin your file again?
<clever> matthewcroughan: you would have 2 overlays, a python overlay, and a nixpkgs overlay
<clever> matthewcroughan: you would do mkdocs = super.mkdocs.overrideAttrs inside the python overlay
<clever> matthewcroughan: this takes a set of python packages, applies a python overlay, and returns a mutated set of python packages
<clever> matthewcroughan: python3Packages.overrideScope (self: super: {})
<clever> if you use a python overlay to change X, then you only get one
<clever> so now you have 2 X's of different versions
<clever> Y is going to pull in the pre-override version of X
<clever> but Y depends on X
<clever> if you override both X and Y, and shove the overridden versions into a shell
<clever> you tried to override a fetch function, which isnt building things
<clever> matthewcroughan: it may be pulling in multiple versions of the dep, the override and the pre-override version
<clever> matthewcroughan: then you can mutate any python package, and it will automatically affect all python packages
<clever> matthewcroughan: thats why you need to use a python overlay via python3Packages.overrideScope (self: super: {})
<clever> matthewcroughan: line 8 is missing a ;
<clever> so other python packages will respect your change
<clever> matthewcroughan: you can also use this to create a python overlay
<clever> nix-repl> python3Packages.overrideScope (self: super: {})
<clever> matthewcroughan: callPackage handles those args for you
<clever> not sure
<clever> ive not done much python in nix
<clever> looks like its missing pytest
<clever> :D
<clever> python3Packages.callPackage ({ fetchPypi, buildPythonPackage }: ....) {}
<clever> you must use python3Packages.callPackage
<clever> > python3Packages.fetchPypi
<clever> > python3Packages.buildPythonPackage
<clever> matthewcroughan: poke around in `nix repl '<nixpkgs>'`

2021-03-26

<clever> yeah, it should be possible to just build the tip of master, and it will work until they change a dep
<clever> matthewcroughan: flakes wont auto-update
<clever> matthewcroughan: i think you also want something like python3Packages.callPackage?
<clever> matthewcroughan: you need to do callPackage ({ mkShell, lunr }: mkShell ....) {}
<clever> matthewcroughan: nativeBuildInputs only works if callPackage is at play
<clever> matthewcroughan: *waves*

2021-03-25

<clever> gchristensen: nice
<clever> gchristensen: did you get anything done with your zfs stuff?
<clever> elvishjerricco: this creates a zfs ami, gchristensen has also done something with it
<clever> elvishjerricco: one min
<clever> those are security problems, that gcc is protecting you from
<clever> the hardening flags make unsecure code fail to compile
<clever> i think so
<clever> matthewcroughan: what if you add this, or maybe "all" to the drv?
<clever> hardeningDisable = [ "format" ];
<clever> it drops into a new shell, with the same initial env vars
<clever> that also helps when the attr is burried in a let block, and can never be reached
<clever> but skips the problem of figuring out what the attr name is
<clever> exact same thing as `nix-shell -A foo`
<clever> matthewcroughan: run `nix-shell` on the .drv file that failed, then check `env | grep COMPILE`, what comes up?
<clever> and drop FLAGS= entirely
<clever> try with NIX_CFLAGS_COMPILE then?
<clever> "FLAGS='-Wno-error -std=c99 -pedantic -g'" ?
<clever> ''FLAGS="-Wno-error -std=c99 -pedantic -g"'' ?
<clever> matthewcroughan: quotes in quotes
<clever> matthewcroughan: the @ here makes make hide the cmd it ran, if you sed that out, then it will be a lot more verbose
<clever> matthewcroughan: what error does it give under nix?
<clever> radvendii: if your properly using an overlay, it will be inserted in the middle, and change all references to the thing
<clever> so packagename now refers to new-package
<clever> that will replace the value coming in via { stdenv, packagename }:
<clever> Raito_Bezarius: .override { packagename = new-package; }
<clever> Raito_Bezarius: .override lets you replace a package without having to remote it
<clever> matthewcroughan: that can someitmes also work, it depends on the makefile
<clever> depends on what the Makefile author felt like
<clever> others may just ignore CFLAGS entirely
<clever> radvendii: depends on the package, some will happily append to CFLAGS or leave it as-is
<clever> radvendii: some packages will overwrite CFLAGS, but they arent aware of NIX_CFLAGS_COMPILE so it leaks in anyways
<clever> matthewcroughan: every attribute of the derivation is an env var
<clever> matthewcroughan: if its a cflag, then you just set an env var like CFLAGS
<clever> matthewcroughan: there are several extra stdenv's, gcc10Stdenv gcc49Stdenv and so in, you can tab-complete them in the repl
<clever> so you automatically know, the unwrapped gcc, is in gcc-unwrapped
<clever> half the battle, is just memorizing the entire nixpkgs
<clever> > gcc-unwrapped
<clever> radvendii: your only option is a brute-force, compare the $out of every expr
<clever> radvendii: no way to go backwards from a $out to an expr
<clever> radvendii: in `nix repl '<nixpkgs>'`
<clever> wait, was that how it went? lol
<clever> radvendii: give a man a fire, and he will be warm for a day, set him on fire and he will be warm for the rest of his life
<clever> thats why i often show how i got to the answr
<clever> 147 dontConfigure = true;
<clever> radvendii: because it was set in this nix file
<clever> 146 dontBuild = true;
<clever> > gcc.meta.position
<clever> nixos is safer, rather then brick itself, it just refuses to update
<clever> but ive broken ubuntu systems with the reverse problem, an update partially applied and then stopped mid way
<clever> babbaj[m]: atomic updates are a double-edged sword, it wont update enless it can do everything at once
<clever> buildCommand overrides all phases, causing it to ignore that
<clever> radvendii: and it has a dontBuild, so it never runs preBuild/buildPhase/postBuild
<clever> "dontBuild": "1",
<clever> radvendii: thats not the derivation that built gcc
<clever> "name": "gcc-wrapper-10.2.0",
<clever> [nix-shell:~/apps/rpi/lk]$ nix show-derivation /nix/store/wlmwavdybjr2y0ndjfp4b5nhifn69y70-gcc-wrapper-10.2.0.drv
<clever> [nix-shell:~/apps/rpi/lk]$ nix-instantiate '<nixpkgs>' -A gcc
<clever> so its entirely ignoring that overlay, since you didnt request cross compiling
<clever> radvendii: it only does cross-compiling if you set crossSystem or use pkgs.pkgsCross
<clever> radvendii: because your using crossOverlays, it will only affect cross-compiles
<clever> didnt see it either, but i see it now
<clever> not yet
<clever> -rw-r--r-- 1 clever users 804K Apr 14 2020 /home/clever/.config/Signal/sql/db.sqlite
<clever> but i havent ran it in a while...
<clever> yep
<clever> Raito_Bezarius: /home/clever/.config/Signal/sql/db.sqlite: data
<clever> not sure, ive never had to change just a lib in gcc
<clever> can you pastebin the expr?
<clever> still new to flakes
<clever> not sure how that plays into things
<clever> how is the overlay written? how is it loaded?
<clever> but the stdenv wont use that gcc
<clever> if you build -A gcc, it will respect the overlay
<clever> because of complex reasons
<clever> gcc and other parts of the stdenv are also special, and dont respect overlays
<clever> ah, if it ran genericBuild, then it will follow the normal rules
<clever> radvendii: if its using a builder.sh, it can just entirely ignore the normal phase rules
<clever> or fork the repo, fix that mess, and fetch your fork
<clever> matthewcroughan: that has to be ran prior to the fetch, because you lack network access at build time
<clever> matthewcroughan: yeah, i'm thinking this just isnt going to work, until you patch things
<clever> fatal: No url found for submodule path 'sub/argoat' in .gitmodules
<clever> nix-repl> :b fetchFromGitHub { owner = "nullgemm"; repo = "ly"; rev = "v0.5.2"; sha256 = lib.fakeSha256; fetchSubmodules = true; }
<clever> $ nix repl '<nixpkgs>'
<clever> matthewcroughan: can you pastebin the expr your using?
<clever> if you set fetchSubmodules=true; it will instead run fetchgit, but you must invalidate the sha256
<clever> it just downloads a .tar.gz of the commit
<clever> fetchFromGitHub doesnt run git at any point
<clever> same way you would override any other value, you must fully specify the new value
<clever> matthewcroughan: src = fetchFromGitHub { all the args = ...; fetchSubmodules = true; };

2021-03-24

<clever> jboy: your kernel must include kexec support
<clever> the remote nix-daemon will enforce the same rules, and only somebody with root can violate them and polute the /nix/store your going to copy over
<clever> pinpox: there are also things like hydra, which will farm the jobs out to remote hosts, you only need to trust that root hasnt been tampered with on the remote box
<clever> pinpox: nix creates containers (using the same api as docker) to isolate all builds
<clever> pinpox: the nix-daemon runs as root, and enforces that a given store path was made according to the directions in the .drv file, and hasnt been modified maliciously
<clever> simpson: and now that sudo has setuid
<clever> simpson: but you can copy over a malicious build of sudo, and then when you nixos-rebuild --upgrade, "oh, i already have that sudo, no need to DL"
<clever> they can basically write any storepath that doesnt exist yet
<clever> yeah
<clever> which will upload to S3 for you
<clever> there is also `nix copy --to s3://bucket /nix/store/foo`
<clever> yeah
<clever> yeah, but you could leave it in the /nix/store of the cache server
<clever> nix-serve also saves you from having to figure out what to copy and when
<clever> nix-serve avoids doubling your disk usage, by serving what is in /nix/store, rather then you having to make a copy of everything
<clever> pinpox: this creates a directory full of .narinfo and .nar.xz files, which you can then just host with nginx
<clever> [clever@amd-nixos:/tmp]$ nix copy --to file:///tmp/cachedir /nix/store/1anr2k0jn6iqvvax4pk9jjnsmzr412hf-coreutils-8.32

2021-03-23

<clever> so version # doesnt really make sense
<clever> phalrax: the only thing that derivation does, is write a giant string to a text file
<clever> [clever@amd-nixos:~]$ nix-store -q --binding text /nix/store/sg34fhjyz51marrbh0ryr7piwh5j82x6-usermod.pam.drv
<clever> /nix/store/sg34fhjyz51marrbh0ryr7piwh5j82x6-usermod.pam.drv
<clever> [clever@amd-nixos:~]$ nix-store -q --deriver /nix/store/s981cci8vzn5waid8byw9c4bwfnmvb6p-usermod.pam
<clever> [clever@amd-nixos:~]$ nix-store -qR /run/current-system | grep usermod
<clever> /nix/store/s981cci8vzn5waid8byw9c4bwfnmvb6p-usermod.pam
<clever> nixos/modules/programs/shadow.nix: usermod = { rootOK = true; };
<clever> phalrax: usermod is a binary inside the package called shadow
<clever> phalrax: there is no package called usermod
<clever> phalrax: there is a version# at the end of the derivation names, in the list of things its about to build/fetch
<clever> not sure then
<clever> matthewcroughan: relog?
<clever> the xfce session manager has a checkbox to also run gnome and kde session services
<clever> those directions are for xfce
<clever> matthewcroughan: applications->settings->session and startp->advanced, "launch gnome services", "launch kde services"
<clever> pavucontrol maybe?
<clever> its also bad practice in linux to have spaces in filenames
<clever> ls automatically quotes spaces if they are present
<clever> you must pick either Pop or Pop-dark
<clever> matthewcroughan: i think you can only put a single theme name in that list
<clever> matthewcroughan: funnily enough, i have found exactly that in the isp router :P
<clever> i dont know why my upload is better then my download! lol
<clever> matthewcroughan: https://github.com/cleverca22/cachecache is my cache for cache.nixos.org
<clever> matthewcroughan: https://www.speedtest.net/result/11139632686 look at my speeds and weep!
<clever> matthewcroughan: i made my own hydra cache, its on github
<clever> matthewcroughan: almost off the charts :P
<clever> matthewcroughan: fx-8350
<clever> matthewcroughan: and boom, it contains 2 themes!
<clever> [nix-shell:~/apps/rpi/lk]$ ls theme/share/themes/
<clever> Pop Pop-dark
<clever> [nix-shell:~/apps/rpi/lk]$ nix-build '<nixpkgs>' -A pop-gtk-theme -o theme
<clever> but you know the name
<clever> package = pkgs.pop-gtk-theme;
<clever> matthewcroughan: nix-index is more for when you dont know the name of the package
<clever> matthewcroughan: run nix-build on the theme, then run ls on that
<clever> matthewcroughan: you need to set both gtk.theme.package and gtk.theme.name
<clever> matthewcroughan: gtk.theme is a sub-module, it has 2 options, .package and .name
<clever> matthewcroughan: gtk.theme.package, not gtk.theme, not gtk.package
<clever> matthewcroughan: can you pastebin the nix file?
<clever> matthewcroughan: try with gtk.theme.package?
<clever> ah, that would explain it
<clever> matthewcroughan: what do the docs say the type of theme is?
<clever> figgyc: ive sometimes fixed that with `killall -9 nix-daemon`

2021-03-22

<clever> apeyroux: ah right, and you cant wrap a .so file, you must wrap whatever binary is using it down the chain
<clever> that lets you redirect any file based action, without patching the binary
<clever> apeyroux: libredirect
<clever> apeyroux: it deals poorly with large files, and if the old and new string are of a different length, it will also break binary files
<clever> and temporarily running `nix build /nix/store/foo.drv` on that final drv, can give you a better ui on the progress
<clever> running the build with -Q can make it easier to see what is happening
<clever> and you need to look at where the ones it wants to build are in that tree
<clever> you can then run `nix-store -q --tree` on the final drv its going to build
<clever> say*
<clever> if you run that with --dry-run, what does its ay?
<clever> but depending on the shape of the dep tree, there can be bottlenecks where only one drv is buildable at the moment
<clever> the 30 is that field, so nix should be running 30 builds on the remote system
<clever> s1341_: /etc/nix/machines has a field saying how many builds a machine can support
<clever> its not until you do the .a or .b, does nix try to figure out what a= or b= evaluates ot
<clever> so the `result` in fix, will return the `{a=...; b=...;}` part of the function, and the only special thing, is that any reference to `self` in the ..., now has a lazy reference to something
<clever> so if you have something like: `f = self: { a=...; b=...; }` and then try to use `fix f` then nix will first look at fix, and do the code i explained before
<clever> rydnr: nix is lazy, so it wont figure out what the arguments are, until something references it
<clever> rydnr: if you write the function the right way, yeah
<clever> rydnr: just a regular argument
<clever> it doesnt need to know what self is, to figure out what `self: { a=...; b=...; }` is returning, as the root value
<clever> and then it can keep computing things
<clever> and now it knows that self is a set, with keys a&b
<clever> then nix can figure out, that the top-level value is a set, with the keys a&b
<clever> so if you do `f = self: { a=...; b=...; }`
<clever> the trick, is that nix must be able to compute the top-level value of `f`, before its args
<clever> rydnr: it only gets ran once, thru the magic of lazyness, that 1st run can depend on its own return value
<clever> then i can mutate things before they go back in
<clever> so it becomes more like `f (f2 result)`
<clever> Ke: but, thru the magic of makeScope and overrideScope', i can insert a second function
<clever> Ke: this function can be ran thru lib.fix, to map self to its own return value, and make everything work
<clever> and that basically just creates local variables, private to the expr after the `in`
<clever> any time you can have a value in nix, you can also have `let key=value; in value`
<clever> then again, as the return value of the let block
<clever> once to call f, and create result
<clever> yeah, result gets used twice
<clever> `f:` defines this as a function, that takes 1 argument, which will be named `f`
<clever> `f result` then runs `f` with that lazy value
<clever> `let result = ...` creates a lazy thunk, that will figure out the value of `result` at a later time
<clever> rydnr: that simply runs `f`, and passes `f` its own return value as an argument

2021-03-21

<clever> gurjeet: run `touch` on that path to make it again, then run `nix-store --delete` on the path, and next time, always use `nix-store --delete` to delete files