2017-08-20
23:31
<
clever >
uid=0(root) gid=0(root) groups=0(root)
23:29
<
clever >
does the user "neo" exist in /etc/passwd?
23:27
<
clever >
freeman42x: and there is sudoedit, which is designed for editing files
23:27
<
clever >
freeman42x: also, sudo correctly sets HOME, so you may not need --user-data-dir at all
23:26
<
clever >
sudo -u neo 'code --user-data-dir=~/.config/Code/'
23:21
<
clever >
the gui program must have read access to the file in $XAUTHORITY
23:21
<
clever >
changing to another normal user is far more problematic then root
23:20
<
clever >
ive had no troubles running gui things under sudo
23:19
<
clever >
what about sudo?
23:14
<
clever >
cbarrett: i believe the sqlite file is all you need to backup
09:44
<
clever >
heading to bed now
09:41
<
clever >
Myrl-saki: that would result in ~/.nix-profile pointing to nothing, and nix-env wont know what is currently installed
09:26
<
clever >
sphalerite: a recent copy of the configuration for my hydra
09:24
<
clever >
sphalerite: i mainly use hydra for that, it always GC roots the entire build-time closure, and acts as a private binary cache
08:58
<
clever >
there is no 17.04 or 17.08 branch
08:56
<
clever >
the nixpkgs branch?
08:54
<
clever >
vandenoever: i think its every 6 months
08:51
<
clever >
this at least prooves that ssl isnt to blame, but ipv6
08:50
<
clever >
which includes using an ip directly
08:50
<
clever >
ssl gets upset if you dont use the right hostname
08:49
<
clever >
some of the IP's i get on this end
08:49
<
clever >
chat.freenode.net. 120 IN A 185.30.166.38
08:49
<
clever >
irc.freenode.net. 300 IN CNAME chat.freenode.net.
08:49
<
clever >
chat.freenode.net. 120 IN A 162.213.39.42
08:47
<
clever >
oh, and does the ping actually get a reply?
08:46
<
clever >
kuznero: simplest is to just get the v4 ip, "ping irc.freenode.net" and then add that as a server in hexchat
08:44
<
clever >
kuznero: do you have ipv6 support from your ISP?
08:38
<
clever >
can you screenshot the status window of hexchat?
08:36
<
clever >
does it say what port its connecting to?
08:35
<
clever >
kuznero: what error do they give?
08:25
<
clever >
eqyiel[m]: --build-host "root@192.168.1.245"
08:25
<
clever >
ebzzry_: ssh into root on the remote host and that disables signature checking
07:07
<
clever >
and then switch makes the OS rebuild against the new nixpkgs
07:07
<
clever >
the --update will apply all the changes that had been given to nix-channel, which changes what version of nixpkgs you have
07:05
<
clever >
sudo nixos-rebuild switch
07:05
<
clever >
sudo nix-channel --update
07:05
<
clever >
do you want to switch the whole os over, or just bitwig?
07:04
<
clever >
the version was updated on march 13th, and just missed the 17.03 release
06:58
<
clever >
which channel are you on?, sudo nix-channel --list
06:55
<
clever >
you can even use this to pretty-print the manifest.nix
06:55
<
clever >
$ nix-env -p /nix/var/nix/profiles/per-user/clever/profile-305-link -q
06:54
<
clever >
and you can check either the manifest.nix within them, or the bin directory, to see how the installed apps have changed over time
06:54
<
clever >
schef: each numbered symlink in here is a different version of my users profile (managed by nix-env)
06:54
<
clever >
$ ls -l /nix/var/nix/profiles/per-user/clever/
06:48
<
clever >
environment.systemPackages = with pkgs; [ bitwig-studio ];
06:42
<
clever >
line 69 is just a bash loop, that iterates over everything that line 65 found
06:42
<
clever >
the bitwig one is fairly simple
06:41
<
clever >
then nix will do everything automatically
06:41
<
clever >
yeah, its far simpler to make a package that sets the rpath and interpreter for you
06:35
<
clever >
the bitwig package does all the patchelf stuff for oyu
06:35
<
clever >
nix works without a /lib or /usr/lib, so you must always use patchelf to put absolute paths into the ELF headers for a program to work
06:33
<
clever >
schef: nix-env -iA nixos.bitwig-studio
01:22
<
clever >
Fare: what does this output? nix-instantiate '<nixpkgs>' -A hello -v 2>&1 | grep config.nix
01:21
<
clever >
Fare: it changed a few months ago, but it can still load the old location, if the new one doesnt exist
01:21
<
clever >
Fare: do you have a ~/.config/nixpkgs/config.nix ?
01:13
<
clever >
joepie91: what does "which python" say outside the shell?
01:06
<
clever >
joepie91: it sounds like he needs an absolute path to the "right" python in the #!
2017-08-19
23:49
<
clever >
i also often use it via /proc/sysrq-trigger to get kernel mode stack traces
23:48
<
clever >
kini: and there are others that force a sync, or just instantly cut power without flushing data to the drive
23:47
<
clever >
kini: another one, alt+printscreen+h shows the help
23:47
<
clever >
construct: yep
23:46
<
clever >
kini: those hotkeys change the filter for the kernel messages
23:46
<
clever >
kini: try using alt+printscreen+ a number from 0 to 9 (not sure which one)
23:44
<
clever >
construct: support32Bit will make pulseaudio work in 32bit programs (wine, steam, skype)
23:43
<
clever >
construct: doesnt need the "with packages;"
23:38
<
clever >
construct: only if you want /home on its own partition
23:31
<
clever >
joepie91: i also just had an idea, what if you use a packageOverride to create a pkgs.unstable and pkgs.release-17.03?
23:31
<
clever >
joepie91: ah
23:31
<
clever >
joepie91: why not just use the pkgs argument, rather then add a whole new thing?
10:07
<
clever >
Taneb: looks like the attribute path is AgdaStdlib
10:05
<
clever >
Taneb: i think so
09:49
<
clever >
Taneb: nix-shell -p and nix-env -iA take attribute names
09:48
<
clever >
Taneb: nix-env -i searches the .name attribute of every derivation
03:47
<
clever >
tnks: and hydra itself, has a keep-number saying how many evals to keep, but i dont think that really works on hydra.nixos.org
03:47
<
clever >
tnks: cache.nixos.org has no cleanup policy, as far as i know
2017-08-18
23:46
<
clever >
ryantm: release-17.03 i believe
23:43
<
clever >
on my machine, they come in at ~12mb for the pair
23:43
<
clever >
-rw-r--r-- 1 root root 8.7M Aug 10 23:16 flrij28yp0l94afy1mfmsj07py8w9500-initrd-initrd
23:43
<
clever >
-rw-r--r-- 1 root root 3.5M Aug 10 23:16 kzb60ynf7zvq543hf2l1rpnnhp4gr8sa-linux-4.9.39-bzImage
03:53
<
clever >
you can always nix-channel --rollback to undo the change in nixpkgs
03:36
<
clever >
romildo: looks good
03:06
<
clever >
which means nix-repl would have to be setuid root
03:06
<
clever >
and the builds are triggered from inside a library, so things like nix-repl can directly spawn the build
03:05
<
clever >
setuid isnt allowed in the store
03:01
<
clever >
second main point, is that nix-daemon enforces the rules, and stops users from doing nasty things in the store
03:01
<
clever >
ison111: and its simpler to just make nix-daemon root, and have it manage that for them
03:01
<
clever >
ison111: you would need to arrange for every user to have write access to /nix/store for one
02:29
<
clever >
not sure, ive only ever used buildEnv
02:25
<
clever >
then use postBuild to replace $out/bin/caja with a wrapper
02:25
<
clever >
romildo: use buildEnv with ignoreCollisions=true; to merge caja, and every extension into a single directory tree
02:24
<
clever >
romildo: a buildEnv with a post hook may also be better
02:17
<
clever >
romildo: should probably symlink them at the least, so they are still available
02:14
<
clever >
romildo: can those things run the original caja?
02:09
<
clever >
romildo: yeah, that would help users a lot
01:55
<
clever >
but you can still delete a lot of things without --delete-older-than
01:55
<
clever >
which then allows normal nix-collect-garbage to delete more things
01:55
<
clever >
olejorgenb[m]: --delete-older-than will delete gc roots in nix-env and nixos-rebuild
01:52
<
clever >
olejorgenb[m]: it will always delete things in a random order, but the above argument makes it stop mid way
01:51
<
clever >
olejorgenb[m]: nix-collect-garbage --max-freed 1G
01:31
<
clever >
they have their own forum?, no github, in this day? lol
01:29
<
clever >
viaken[m]: try just giving it a dummy email and see what happens
01:28
<
clever >
viaken[m]: and you cant just provide it at runtime or hard-code it?
01:25
<
clever >
gimpPlugins being a set of all possible plugins
01:25
<
clever >
romildo: gimp for example has: gimp gimp-with-plugins gimpPlugins
01:23
<
clever >
romildo: only thing missing that i can think of is man pages
01:16
<
clever >
viaken: what are you trying to do?, only packages defined in the nixos side of things can refer to nixos config
01:14
<
clever >
nope, still not found
01:13
<
clever >
boomshroom: if we have the name of the ppd, we can check to see if its already been packaged
01:11
<
clever >
romildo: that is passing 2 files as a single argument
01:11
<
clever >
romildo: you quoted it too much
00:55
<
clever >
hmmm, still not finding anything in nix-locate
00:53
<
clever >
boomshroom: what are some of the names under /usr/local/Brother?
00:50
<
clever >
boomshroom: and what about the LPR printer driver?
00:49
<
clever >
hello --version > $out
00:49
<
clever >
romildo: pkgs.runCommand "name" { buildInputs = [ hello ]; } ''
00:47
<
clever >
romildo: either use runCommand instead, or set unpackPhase = ":";
00:47
<
clever >
boomshroom: and it has a special unpack flag that just unpacks to the cwd
00:47
<
clever >
boomshroom: as long as its ran without root, it cant really do any damage
00:45
<
clever >
try the cups one
00:43
<
clever >
boomshroom: if you download the .deb file, and unpack it, what files does it contain?
00:42
<
clever >
boomshroom: do you have a filename for a brother driver from the AUR?
00:39
<
clever >
i believe nix still supports md5, and its just nixpkgs that dis-allows it
00:38
<
clever >
jasom: so you could apply a .overrideDerivation to fetchurl (after giving it a fake sha256) to change the outputHashAlgo and outputHash
00:38
<
clever >
jasom: any derivation that defines outputHashAlgo, outputHash, and outputHashMode, is fixed-output
00:35
<
clever >
as long as that function returns a string
00:35
<
clever >
you can also give it a list of attrsets, and then apply a more complex function
00:35
<
clever >
"a/subdir:b/subdir:c/subdir"
00:35
<
clever >
nix-repl> lib.concatMapStringsSep ":" (x: "${x}/subdir") [ "a" "b" "c" ]
00:35
<
clever >
nix-repl> lib.concatMapStringsSep ", " (x: "item ${x}") [ "a" "b" "c" ]
00:35
<
clever >
"item a, item b, item c"
00:33
<
clever >
romildo: lib.concatMapStringsSep
00:29
<
clever >
romildo: makeWrapper ${caja}/bin/caja $out/bin/caja ....
00:29
<
clever >
romildo: you can just use makeWrapper directly
00:22
<
clever >
romildo: and wrapProgram just renames the path you give it, then runs makeWrapper
00:21
<
clever >
romildo: makeWrapper takes a path to the real program, and the output path
00:21
<
clever >
romildo: one second
00:00
<
clever >
how will it deal with amazon being weird?, i ordered 4 sticks of ram, 3 arrived at the post office, 1 turned up leaning against my back door
2017-08-17
23:53
<
clever >
i have seen some programs enabling things like sse3 support, then not checking for it at runtime, causing fun errors
07:04
<
clever >
you can also use this to ship your own overrides with your app
07:04
<
clever >
in either case, nixpkgs gives the config argument a higher priority
07:04
<
clever >
tnks: import <nixpkgs> { config = {}; }
07:04
<
clever >
tnks: nix-build '<nixpkgs>' --arg config '{}' -A foo
04:53
<
clever >
seems its already expired
02:23
<
clever >
gchristensen: oops
01:39
<
clever >
obviously, it broke things :P
01:39
<
clever >
in my first week of using nixos, i had done "mount /nix/store -o remount,rw" to modify something
01:06
<
clever >
Enzime: -I nixpkgs=/home/clever/nixpkgs/
2017-08-16
20:59
<
clever >
manveru: yay
20:48
<
clever >
and an extra 200 of spam makes that harder
20:47
<
clever >
sphalerite: but you should still have a general idea of how many generations back to go if you ever want to rollback from grub
20:46
<
clever >
sphalerite: it feels like a recipe for instability and endless disk usage
20:45
<
clever >
sphalerite: i feel the same about system.autoUpgrade
20:43
<
clever >
manveru: then your build needs to run strip on that library
20:42
<
clever >
manveru: (run file directly on the so file)
20:42
<
clever >
manveru: sounds like debug info is present, does "file" agree with that?
20:41
<
clever >
manveru: then its not in the rpath, try strings and grep
20:40
<
clever >
manveru: now try using patchelf --print-rpath on that .so
20:40
<
clever >
manveru: gcc is one node down the tree from nokogiri, so the path of gcc must exist somewhere inside nokogiri
20:39
<
clever >
manveru: grep --color cz6hpw1n6xmfadq7fsg5va0mrb1kysk8 /nix/store/bmqwi6kpc2vfrbr4vks4w9n3bhp0fpqc-ruby2.4.1-nokogiri-1.7.2
20:39
<
clever >
manveru: grep for the path of gcc in the node
19:09
<
clever >
wrong nick on one msg
19:08
<
clever >
slyfox: 2nd, nixos already merges all definitions from every module, just [ 1234 ]; is enough to append
19:08
<
clever >
frankpf: 1st, the value of the option depends on itself, so it wont eval
19:08
<
clever >
frankpf: that will fail for 2 reasons
18:32
<
clever >
nwuensche: adding this to the sudo config allows the ds9 user to run those 2 scripts, as root, without entering a pw
18:32
<
clever >
ds9 ALL=(root) NOPASSWD: /root/reload_lighty , /root/ubc
18:10
<
clever >
yorick: you may need to re-do the rpath using patchelf, as if it was a closed-source blob
18:06
<
clever >
then you dont even have to deal with setuid
18:06
<
clever >
nwuensche: you could also configure sudo to allow running a script without a password
18:06
<
clever >
first thing i can think of is to just patch that script to not mess with the rpath
18:04
<
clever >
where in the install thing is it being removed?
18:03
<
clever >
gcc should add it automatically
18:00
<
clever >
yorick: and which entry are the missing libraries under?
17:58
<
clever >
yorick: what is the value of rpath before it gets stripped?
17:56
<
clever >
yorick: are the libraries in the lib directory at the time it was linked to them?
17:56
<
clever >
yorick: are you building it from source?
17:25
<
clever >
adelbertc: throw the real file into a gist at gist.github.com and maybe i can see whats wrong
17:18
<
clever >
and then pass haskellPackages to extraBuildTools
17:18
<
clever >
--arg extraBuildTools 'hpkgs: with hpkgs; [ foo bar baz ]'
17:18
<
clever >
maybe as a function would be better
17:18
<
clever >
ah yeah, that --arg gets evaled before loading shell.nix
17:15
<
clever >
try with --arg, and single-quote the list
17:13
<
clever >
adelbertc: also, what is the first ~2 lines of shell.nix?
17:13
<
clever >
adelbertc: --argstr passes it as a string
15:49
<
clever >
dhess: maybe something is checking if $CPP == cpp, and then assuming it must not be clang, so its safe to use clang-incompatible args
15:43
<
clever >
dhess: nixpkgs-unstable is the only one with binary cache coverage for darwin
15:36
<
clever >
from my gentoo /etc/sudoers file
15:36
<
clever >
## X11 resource path settings
15:36
<
clever >
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
15:35
<
clever >
tilpner: sudo already has a list of vars that arent safe and get cleared, and does a lot of things to make you safe when doing such things
15:35
<
clever >
PATH will also be null, which will break a lot more
15:34
<
clever >
tilpner: X11 wont work, locales will be reset to defaults, it wont know what terminal your using
15:34
<
clever >
tilpner: passing null there would make it safe, it would also break many things
15:34
<
clever >
and if bash is ran under that cgi'd script, it gains functions that the user provided
15:33
<
clever >
query params in an http url become env variables
15:33
<
clever >
tilpner: that is how shellshock worked
15:32
<
clever >
and if the script is then ran as root, you have a security problem
15:32
<
clever >
tilpner: there are so many problems with that, many env vars can leak functions into bash
15:29
<
clever >
LnL: the kernel disables the setuid if you have a debugger attached
15:29
<
clever >
tilpner: if you run strace as root, the setuid wont work, but the child will be ran as root
15:11
<
clever >
catern: yeah, we would need to convince it that the nar's are immutable
15:10
<
clever >
one issue i can see, ipfs wants to read&hash every file its sharing, so that will involve reading your entire store every time you start the daemon
15:09
<
clever >
then the performance cost is on the ipfs side, rather then the entire-system side
15:08
<
clever >
lol, maybe
15:08
<
clever >
it just shares the files as-is
15:08
<
clever >
and it doesnt have to understand what is inside them
15:08
<
clever >
its much simpler for the ipfs daemon to share things, if you just give it a directory full of blobs it can share
15:04
<
clever >
there is also the issue of sharing uncompressed nar's, thats going to be harder on the network layer
15:04
<
clever >
catern: nix would need to be patched to just throw the whole NAR into a directory and signal the fuse layer, instead of trying to unpack
15:03
<
clever >
catern: ive made 2 FUSE layers that turn a nar into a mounted fs
2017-08-15
23:55
<
clever >
joepie91: that overwrites the patches attribute on the object, but doesnt actually override the derivation
23:55
<
clever >
joepie91: eek!, the python27 example in the blog you linked is wrong
23:35
<
clever >
joepie91: they all predate me discovering nix
23:34
<
clever >
joepie91: yeah, ive got at least 4 unique snowflakes i manage, that i refuse to even upgrade because of how fragile they can sometimes be, i really need to switch that crap over to nixos
21:57
<
clever >
no idea then
21:57
<
clever >
that will make boost use the same stdenv
21:56
<
clever >
try (boost.override { inherit stdenv; })
21:56
<
clever >
you may need to .override each dependency you pass in, to change their stdenv's also
21:55
<
clever >
2171 stdenv = overrideCC stdenv gcc49;
21:55
<
clever >
2170 gnaural = callPackage ../applications/audio/gnaural {
21:54
<
clever >
hodapp: i believe you want to override the stdenv, not insert a new gcc into buildInputs
21:23
<
clever >
which screws with programs that dont (teamspeak), causing the noise floor to be boosted into triggering constant mic spam
21:22
<
clever >
joepie91: yeah, i have noticed a large number of voip programs messing with the pulse capture levels to implement automatic gain
21:22
<
clever >
joepie91: that was under the older skype, version 4.3 era
21:21
<
clever >
Infinisil: chromium still has playback, but claims i no longer have a microphone
21:21
<
clever >
Infinisil: teamspeak looses all audio, and refuses to cleanly exit because its waiting for pulseaudio
21:20
<
clever >
Infinisil: skype will just 100% stop all network traffic, yet claim its still online
21:20
<
clever >
that denies pulse access to realtime threads, so it never becomes a target
21:20
<
clever >
security.rtkit.enable = lib.mkForce false; was the only way to make it stop
21:20
<
clever >
so i wind up having to restart things every 5 minutes
21:19
<
clever >
and half my programs fail to reconnect to pulseaudio
21:19
<
clever >
Infinisil: something in the kernel is already doing exactly that, and -9's pulseaudio if the watchdog hangs for even a split second
21:19
<
clever >
ixxie: oh, that das_watchdog option, ive run into something very similiar, that was extremely anoying
21:18
<
clever >
ive also played with latencytop on my machine
21:17
<
clever >
they also have #musnix
20:50
<
clever >
but once the nix expresison is done, it should be trivial to reproduce it again and again in the future!
19:24
<
clever >
nwuensche: and then add that to the drivers
19:23
<
clever >
nwuensche: you would need to create a derivation that drops the files at the right location under $out
19:12
<
clever >
nwuensche: what are the contents of /etc/systemd/system/cups.service?
19:10
<
clever >
id say its safer to rename it, then you can always undo
19:09
<
clever >
nwuensche: any log files in the results?
19:07
<
clever >
nwuensche: what about "find /var | grep cups"
19:07
<
clever >
cups has to be running to change the debug with cupsctl, lol
19:07
<
clever >
thought that might happen
19:02
<
clever >
look around /var/ for any files or directories with cups in the name
19:02
<
clever >
cups may write to its own logs
18:09
<
clever >
atis_: acording to nmap, that ip is 100% unresponsive, 22 isnt open, and it hasnt replied to a single query
18:07
<
clever >
networking.firewall.allowedTCPPorts = [ 80 443 ];
18:07
<
clever >
atis_: then 80 isnt allowed in the nixos firewall
18:06
<
clever >
ixxie: i dont think the sandbox contents are fully documented, but i do have an example derivation that pokes around at it
18:06
<
clever >
atis_: i port-scanned your domain, pings are blocked, 3mins to check the rest of the ports...
18:05
<
clever >
[root@nas:~]# iptables-save | grep 80
18:05
<
clever >
-A nixos-fw -p tcp -m tcp --dport 80 -j nixos-fw-accept
18:04
<
clever >
atis_: iptables-save, then check it manually to see if 80 is allowed
18:02
<
clever >
and also the nixos firewall