2017-08-20

<clever> uid=0(root) gid=0(root) groups=0(root)
<clever> does the user "neo" exist in /etc/passwd?
<clever> freeman42x: and there is sudoedit, which is designed for editing files
<clever> freeman42x: also, sudo correctly sets HOME, so you may not need --user-data-dir at all
<clever> sudo -u neo 'code --user-data-dir=~/.config/Code/'
<clever> the gui program must have read access to the file in $XAUTHORITY
<clever> changing to another normal user is far more problematic then root
<clever> ive had no troubles running gui things under sudo
<clever> what about sudo?
<clever> cbarrett: i believe the sqlite file is all you need to backup
<clever> heading to bed now
<clever> yeah
<clever> Myrl-saki: that would result in ~/.nix-profile pointing to nothing, and nix-env wont know what is currently installed
<clever> :D
<clever> sphalerite: a recent copy of the configuration for my hydra
<clever> yeah
<clever> sphalerite: i mainly use hydra for that, it always GC roots the entire build-time closure, and acts as a private binary cache
<clever> ahh
<clever> there is no 17.04 or 17.08 branch
<clever> the nixpkgs branch?
<clever> vandenoever: i think its every 6 months
<clever> this at least prooves that ssl isnt to blame, but ipv6
<clever> which includes using an ip directly
<clever> ssl gets upset if you dont use the right hostname
<clever> oh yeah
<clever> some of the IP's i get on this end
<clever> chat.freenode.net. 120 IN A 185.30.166.38
<clever> irc.freenode.net. 300 IN CNAME chat.freenode.net.
<clever> chat.freenode.net. 120 IN A 162.213.39.42
<clever> oh, and does the ping actually get a reply?
<clever> ping -4?
<clever> kuznero: simplest is to just get the v4 ip, "ping irc.freenode.net" and then add that as a server in hexchat
<clever> kuznero: do you have ipv6 support from your ISP?
<clever> kuznero: http://imgur.com/
<clever> can you screenshot the status window of hexchat?
<clever> does it say what port its connecting to?
<clever> kuznero: what error do they give?
<clever> eqyiel[m]: --build-host "root@192.168.1.245"
<clever> ebzzry_: ssh into root on the remote host and that disables signature checking
<clever> yep
<clever> and then switch makes the OS rebuild against the new nixpkgs
<clever> the --update will apply all the changes that had been given to nix-channel, which changes what version of nixpkgs you have
<clever> sudo nixos-rebuild switch
<clever> sudo nix-channel --update
<clever> sudo nix-channel --add https://nixos.org/channels/nixos-unstable nixos
<clever> do you want to switch the whole os over, or just bitwig?
<clever> the version was updated on march 13th, and just missed the 17.03 release
<clever> which channel are you on?, sudo nix-channel --list
<clever> you can even use this to pretty-print the manifest.nix
<clever> $ nix-env -p /nix/var/nix/profiles/per-user/clever/profile-305-link -q
<clever> and you can check either the manifest.nix within them, or the bin directory, to see how the installed apps have changed over time
<clever> schef: each numbered symlink in here is a different version of my users profile (managed by nix-env)
<clever> $ ls -l /nix/var/nix/profiles/per-user/clever/
<clever> yep
<clever> environment.systemPackages = with pkgs; [ bitwig-studio ];
<clever> line 69 is just a bash loop, that iterates over everything that line 65 found
<clever> the bitwig one is fairly simple
<clever> then nix will do everything automatically
<clever> yeah, its far simpler to make a package that sets the rpath and interpreter for you
<clever> you*
<clever> the bitwig package does all the patchelf stuff for oyu
<clever> nix works without a /lib or /usr/lib, so you must always use patchelf to put absolute paths into the ELF headers for a program to work
<clever> schef: nix-env -iA nixos.bitwig-studio
<clever> Fare: what does this output? nix-instantiate '<nixpkgs>' -A hello -v 2>&1 | grep config.nix
<clever> Fare: it changed a few months ago, but it can still load the old location, if the new one doesnt exist
<clever> Fare: do you have a ~/.config/nixpkgs/config.nix ?
<clever> joepie91: what does "which python" say outside the shell?
<clever> joepie91: it sounds like he needs an absolute path to the "right" python in the #!

2017-08-19

<clever> i also often use it via /proc/sysrq-trigger to get kernel mode stack traces
<clever> yep
<clever> kini: and there are others that force a sync, or just instantly cut power without flushing data to the drive
<clever> kini: another one, alt+printscreen+h shows the help
<clever> construct: yep
<clever> kini: those hotkeys change the filter for the kernel messages
<clever> kini: try using alt+printscreen+ a number from 0 to 9 (not sure which one)
<clever> construct: support32Bit will make pulseaudio work in 32bit programs (wine, steam, skype)
<clever> construct: doesnt need the "with packages;"
<clever> construct: only if you want /home on its own partition
<clever> joepie91: i also just had an idea, what if you use a packageOverride to create a pkgs.unstable and pkgs.release-17.03?
<clever> joepie91: ah
<clever> joepie91: why not just use the pkgs argument, rather then add a whole new thing?
<clever> Taneb: looks like the attribute path is AgdaStdlib
<clever> Taneb: i think so
<clever> Taneb: nix-shell -p and nix-env -iA take attribute names
<clever> Taneb: nix-env -i searches the .name attribute of every derivation
<clever> tnks: and hydra itself, has a keep-number saying how many evals to keep, but i dont think that really works on hydra.nixos.org
<clever> tnks: cache.nixos.org has no cleanup policy, as far as i know

2017-08-18

<clever> ryantm: release-17.03 i believe
<clever> on my machine, they come in at ~12mb for the pair
<clever> -rw-r--r-- 1 root root 8.7M Aug 10 23:16 flrij28yp0l94afy1mfmsj07py8w9500-initrd-initrd
<clever> -rw-r--r-- 1 root root 3.5M Aug 10 23:16 kzb60ynf7zvq543hf2l1rpnnhp4gr8sa-linux-4.9.39-bzImage
<clever> you can always nix-channel --rollback to undo the change in nixpkgs
<clever> romildo: looks good
<clever> which means nix-repl would have to be setuid root
<clever> and the builds are triggered from inside a library, so things like nix-repl can directly spawn the build
<clever> setuid isnt allowed in the store
<clever> second main point, is that nix-daemon enforces the rules, and stops users from doing nasty things in the store
<clever> ison111: and its simpler to just make nix-daemon root, and have it manage that for them
<clever> ison111: you would need to arrange for every user to have write access to /nix/store for one
<clever> not sure, ive only ever used buildEnv
<clever> then use postBuild to replace $out/bin/caja with a wrapper
<clever> yeah
<clever> romildo: use buildEnv with ignoreCollisions=true; to merge caja, and every extension into a single directory tree
<clever> romildo: a buildEnv with a post hook may also be better
<clever> romildo: should probably symlink them at the least, so they are still available
<clever> romildo: can those things run the original caja?
<clever> romildo: yeah, that would help users a lot
<clever> but you can still delete a lot of things without --delete-older-than
<clever> which then allows normal nix-collect-garbage to delete more things
<clever> olejorgenb[m]: --delete-older-than will delete gc roots in nix-env and nixos-rebuild
<clever> olejorgenb[m]: it will always delete things in a random order, but the above argument makes it stop mid way
<clever> olejorgenb[m]: nix-collect-garbage --max-freed 1G
<clever> they have their own forum?, no github, in this day? lol
<clever> viaken[m]: try just giving it a dummy email and see what happens
<clever> viaken[m]: and you cant just provide it at runtime or hard-code it?
<clever> yeah
<clever> gimpPlugins being a set of all possible plugins
<clever> romildo: gimp for example has: gimp gimp-with-plugins gimpPlugins
<clever> romildo: only thing missing that i can think of is man pages
<clever> viaken: what are you trying to do?, only packages defined in the nixos side of things can refer to nixos config
<clever> nope, still not found
<clever> boomshroom: if we have the name of the ppd, we can check to see if its already been packaged
<clever> romildo: that is passing 2 files as a single argument
<clever> romildo: you quoted it too much
<clever> hmmm, still not finding anything in nix-locate
<clever> boomshroom: what are some of the names under /usr/local/Brother?
<clever> boomshroom: and what about the LPR printer driver?
<clever> ''
<clever> hello --version > $out
<clever> romildo: pkgs.runCommand "name" { buildInputs = [ hello ]; } ''
<clever> romildo: either use runCommand instead, or set unpackPhase = ":";
<clever> boomshroom: and it has a special unpack flag that just unpacks to the cwd
<clever> boomshroom: as long as its ran without root, it cant really do any damage
<clever> try the cups one
<clever> boomshroom: if you download the .deb file, and unpack it, what files does it contain?
<clever> boomshroom: do you have a filename for a brother driver from the AUR?
<clever> i believe nix still supports md5, and its just nixpkgs that dis-allows it
<clever> jasom: so you could apply a .overrideDerivation to fetchurl (after giving it a fake sha256) to change the outputHashAlgo and outputHash
<clever> jasom: any derivation that defines outputHashAlgo, outputHash, and outputHashMode, is fixed-output
<clever> as long as that function returns a string
<clever> you can also give it a list of attrsets, and then apply a more complex function
<clever> "a/subdir:b/subdir:c/subdir"
<clever> nix-repl> lib.concatMapStringsSep ":" (x: "${x}/subdir") [ "a" "b" "c" ]
<clever> nix-repl> lib.concatMapStringsSep ", " (x: "item ${x}") [ "a" "b" "c" ]
<clever> "item a, item b, item c"
<clever> romildo: lib.concatMapStringsSep
<clever> romildo: makeWrapper ${caja}/bin/caja $out/bin/caja ....
<clever> romildo: you can just use makeWrapper directly
<clever> romildo: and wrapProgram just renames the path you give it, then runs makeWrapper
<clever> romildo: makeWrapper takes a path to the real program, and the output path
<clever> romildo: one second
<clever> how will it deal with amazon being weird?, i ordered 4 sticks of ram, 3 arrived at the post office, 1 turned up leaning against my back door

2017-08-17

<clever> :D
<clever> i have seen some programs enabling things like sse3 support, then not checking for it at runtime, causing fun errors
<clever> lol
<clever> lol
<clever> yeah
<clever> you can also use this to ship your own overrides with your app
<clever> in either case, nixpkgs gives the config argument a higher priority
<clever> tnks: import <nixpkgs> { config = {}; }
<clever> tnks: nix-build '<nixpkgs>' --arg config '{}' -A foo
<clever> seems its already expired
<clever> gchristensen: oops
<clever> obviously, it broke things :P
<clever> in my first week of using nixos, i had done "mount /nix/store -o remount,rw" to modify something
<clever> Enzime: -I nixpkgs=/home/clever/nixpkgs/

2017-08-16

<clever> manveru: yay
<clever> and an extra 200 of spam makes that harder
<clever> sphalerite: but you should still have a general idea of how many generations back to go if you ever want to rollback from grub
<clever> sphalerite: it feels like a recipe for instability and endless disk usage
<clever> sphalerite: i feel the same about system.autoUpgrade
<clever> manveru: then your build needs to run strip on that library
<clever> manveru: (run file directly on the so file)
<clever> manveru: sounds like debug info is present, does "file" agree with that?
<clever> manveru: then its not in the rpath, try strings and grep
<clever> manveru: now try using patchelf --print-rpath on that .so
<clever> manveru: gcc is one node down the tree from nokogiri, so the path of gcc must exist somewhere inside nokogiri
<clever> manveru: grep --color cz6hpw1n6xmfadq7fsg5va0mrb1kysk8 /nix/store/bmqwi6kpc2vfrbr4vks4w9n3bhp0fpqc-ruby2.4.1-nokogiri-1.7.2
<clever> manveru: grep for the path of gcc in the node
<clever> wrong nick on one msg
<clever> oops
<clever> slyfox: 2nd, nixos already merges all definitions from every module, just [ 1234 ]; is enough to append
<clever> frankpf: 1st, the value of the option depends on itself, so it wont eval
<clever> frankpf: that will fail for 2 reasons
<clever> nwuensche: adding this to the sudo config allows the ds9 user to run those 2 scripts, as root, without entering a pw
<clever> ds9 ALL=(root) NOPASSWD: /root/reload_lighty , /root/ubc
<clever> yorick: you may need to re-do the rpath using patchelf, as if it was a closed-source blob
<clever> then you dont even have to deal with setuid
<clever> nwuensche: you could also configure sudo to allow running a script without a password
<clever> first thing i can think of is to just patch that script to not mess with the rpath
<clever> ah
<clever> where in the install thing is it being removed?
<clever> gcc should add it automatically
<clever> yorick: and which entry are the missing libraries under?
<clever> yorick: what is the value of rpath before it gets stripped?
<clever> yorick: are the libraries in the lib directory at the time it was linked to them?
<clever> yorick: are you building it from source?
<clever> adelbertc: throw the real file into a gist at gist.github.com and maybe i can see whats wrong
<clever> and then pass haskellPackages to extraBuildTools
<clever> --arg extraBuildTools 'hpkgs: with hpkgs; [ foo bar baz ]'
<clever> maybe as a function would be better
<clever> ah yeah, that --arg gets evaled before loading shell.nix
<clever> try with --arg, and single-quote the list
<clever> adelbertc: also, what is the first ~2 lines of shell.nix?
<clever> adelbertc: --argstr passes it as a string
<clever> dhess: maybe something is checking if $CPP == cpp, and then assuming it must not be clang, so its safe to use clang-incompatible args
<clever> heh
<clever> hodapp: https://xkcd.com/1445/
<clever> hodapp: https://xkcd.com/1205/
<clever> dhess: nixpkgs-unstable is the only one with binary cache coverage for darwin
<clever> from my gentoo /etc/sudoers file
<clever> ## X11 resource path settings
<clever> # Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
<clever> tilpner: sudo already has a list of vars that arent safe and get cleared, and does a lot of things to make you safe when doing such things
<clever> PATH will also be null, which will break a lot more
<clever> tilpner: X11 wont work, locales will be reset to defaults, it wont know what terminal your using
<clever> tilpner: passing null there would make it safe, it would also break many things
<clever> and if bash is ran under that cgi'd script, it gains functions that the user provided
<clever> query params in an http url become env variables
<clever> tilpner: that is how shellshock worked
<clever> and if the script is then ran as root, you have a security problem
<clever> tilpner: there are so many problems with that, many env vars can leak functions into bash
<clever> LnL: the kernel disables the setuid if you have a debugger attached
<clever> tilpner: if you run strace as root, the setuid wont work, but the child will be ran as root
<clever> catern: yeah, we would need to convince it that the nar's are immutable
<clever> one issue i can see, ipfs wants to read&hash every file its sharing, so that will involve reading your entire store every time you start the daemon
<clever> then the performance cost is on the ipfs side, rather then the entire-system side
<clever> lol, maybe
<clever> it just shares the files as-is
<clever> and it doesnt have to understand what is inside them
<clever> its much simpler for the ipfs daemon to share things, if you just give it a directory full of blobs it can share
<clever> there is also the issue of sharing uncompressed nar's, thats going to be harder on the network layer
<clever> catern: nix would need to be patched to just throw the whole NAR into a directory and signal the fuse layer, instead of trying to unpack
<clever> catern: ive made 2 FUSE layers that turn a nar into a mounted fs

2017-08-15

<clever> joepie91: that overwrites the patches attribute on the object, but doesnt actually override the derivation
<clever> joepie91: eek!, the python27 example in the blog you linked is wrong
<clever> lol
<clever> joepie91: they all predate me discovering nix
<clever> joepie91: yeah, ive got at least 4 unique snowflakes i manage, that i refuse to even upgrade because of how fragile they can sometimes be, i really need to switch that crap over to nixos
<clever> no idea then
<clever> ah
<clever> that will make boost use the same stdenv
<clever> try (boost.override { inherit stdenv; })
<clever> you may need to .override each dependency you pass in, to change their stdenv's also
<clever> ah
<clever> 2171 stdenv = overrideCC stdenv gcc49;
<clever> 2170 gnaural = callPackage ../applications/audio/gnaural {
<clever> hodapp: i believe you want to override the stdenv, not insert a new gcc into buildInputs
<clever> which screws with programs that dont (teamspeak), causing the noise floor to be boosted into triggering constant mic spam
<clever> joepie91: yeah, i have noticed a large number of voip programs messing with the pulse capture levels to implement automatic gain
<clever> joepie91: that was under the older skype, version 4.3 era
<clever> Infinisil: chromium still has playback, but claims i no longer have a microphone
<clever> Infinisil: teamspeak looses all audio, and refuses to cleanly exit because its waiting for pulseaudio
<clever> Infinisil: skype will just 100% stop all network traffic, yet claim its still online
<clever> that denies pulse access to realtime threads, so it never becomes a target
<clever> security.rtkit.enable = lib.mkForce false; was the only way to make it stop
<clever> so i wind up having to restart things every 5 minutes
<clever> and half my programs fail to reconnect to pulseaudio
<clever> Infinisil: something in the kernel is already doing exactly that, and -9's pulseaudio if the watchdog hangs for even a split second
<clever> ixxie: oh, that das_watchdog option, ive run into something very similiar, that was extremely anoying
<clever> ive also played with latencytop on my machine
<clever> they also have #musnix
<clever> but once the nix expresison is done, it should be trivial to reproduce it again and again in the future!
<clever> nwuensche: and then add that to the drivers
<clever> nwuensche: you would need to create a derivation that drops the files at the right location under $out
<clever> nwuensche: https://nixos.org/nixos/options.html#services.printing.drivers i think
<clever> nwuensche: what are the contents of /etc/systemd/system/cups.service?
<clever> id say its safer to rename it, then you can always undo
<clever> nwuensche: any log files in the results?
<clever> nwuensche: what about "find /var | grep cups"
<clever> cups has to be running to change the debug with cupsctl, lol
<clever> thought that might happen
<clever> look around /var/ for any files or directories with cups in the name
<clever> cups may write to its own logs
<clever> atis_: acording to nmap, that ip is 100% unresponsive, 22 isnt open, and it hasnt replied to a single query
<clever> networking.firewall.allowedTCPPorts = [ 80 443 ];
<clever> yeah
<clever> atis_: then 80 isnt allowed in the nixos firewall
<clever> ixxie: https://github.com/cleverca22/nix-tests/blob/master/bare-env.nix and the txt file by the same name
<clever> ixxie: i dont think the sandbox contents are fully documented, but i do have an example derivation that pokes around at it
<clever> atis_: i port-scanned your domain, pings are blocked, 3mins to check the rest of the ports...
<clever> [root@nas:~]# iptables-save | grep 80
<clever> -A nixos-fw -p tcp -m tcp --dport 80 -j nixos-fw-accept
<clever> atis_: iptables-save, then check it manually to see if 80 is allowed
<clever> and also the nixos firewall