2017-08-06

<clever> one option is to just change xmonad to run a different emulator
<clever> ps aux | grep xterm
<clever> adelbertc: depends on what terminal emulator your using
<clever> xfce just does that automatically
<clever> not just install, it probably has to be ran on login
<clever> Nobabs27: it may need xfconfd running to work right?
<clever> yeah
<clever> zovt_: i think only things installed only in environment.systemPackages and nix-env (without sudo) show up in gnome
<clever> adelbertc: and you have to disable a crap-ton of things to just allow one app
<clever> adelbertc: funnily enough, apps like facebook messenger open a special popup window that allows multi-tasking, and android refuses to let me accept any security question while that is open
<clever> and every touch has a near-touch before/after, so you basicaly have a keylogger, lol
<clever> and it can be used by a background service
<clever> basically, there is an api to let you detect near-touch events
<clever> nothing the attacker sends you will run
<clever> nixos also does a great deal to help, just by the fact that it breaks all unpatchef ELF files
<clever> and i keep an eye on https://www.reddit.com/r/netsec/
<clever> i know when things look phishy and just dont click them
<clever> only the kind that is installed in my brain
<clever> i just turn the confirmations off
<clever> so even if firefox is the default, it doesnt think its the default, and will ask every time its started
<clever> there are some minor problems with the paths because of how nixpkgs wraps things
<clever> other.nix can now depend on foo in the exact same way that everything else in nixpkgs depends on other things
<clever> Lisanna: line 5 and 6 then define 2 packages, foo and other
<clever> Lisanna: line 1 of default.nix does the import of nixpkgs, line 3 then creates a new instance of callPackage, that will search self first, then nixpkgs
<clever> Lisanna: typing that up now
<clever> Lisanna: also, your still importing nixpkgs twice, which will cause slowdowns and problems down the line
<clever> then foo will contain the derivation on line 12-33
<clever> Lisanna: so you must do import ./foo.nix {}; to call that function
<clever> Lisanna: line 1-3 defines a function, that takes a single argument (with a default value)
<clever> the error and the answers dont agree with eachother
<clever> 2017-08-05 22:06:18 < clever> is it also using with import <nixpkgs> ?
<clever> 2017-08-05 22:06:24 < Lisanna> yes
<clever> pastebin the contents of foo.nix
<clever> b: loading nixpkgs twice makes the whole thing slower
<clever> a: then the code in the hastebin should just work
<clever> is it also using with import <nixpkgs> ?
<clever> and what is the contents of foo.nix?
<clever> if foo is a derivation, it will just automatically return $out as a string
<clever> if you can gist an example and any errors you have i can look at it
<clever> Lisanna: if foo is a derivation, you can just do (import foo)
<clever> there should also be another binding to spawn a new terminal
<clever> sounds normal
<clever> adelbertc: and if you hit that, does it go back to the login page?
<clever> sphalerite: and whats the hotkey to make xmonad quit?
<clever> you probably have to use an xmonad binding to make xmonad itself quit
<clever> try using f1 and see which combo works
<clever> f1 in slim will let you cycle between the enabled window and desktop managers
<clever> which means, the default on https://nixos.org/nixos/options.html#xserver.displaymanager is "wrong"
<clever> the default for slim, is the current value of services.xserver.enable
<clever> oh wait
<clever> slim is disabled by default
<clever> adelbertc: which display manager did you enable?

2017-08-05

<clever> but nothing can even start to compile, until the nix expressions have been 100% ran
<clever> or to just reference other things directly
<clever> and the nix expression language is used to stitch together strings from different packages, to make a more complex package
<clever> that modify how setup.sh behaves
<clever> a nix expression is just a bunch of strings being passed to bash as env variables
<clever> yeah
<clever> you have to put some bash script into the nix expression, and have the stdenv run it during the build
<clever> so there is no way for nix to know about the output files
<clever> the nix expressions are ran before the build starts
<clever> Lisanna: bash can do that, for x in $out/bin/*; do patchelf ... $x;done
<clever> ah
<clever> what part of the file is upsetting it?
<clever> currently, it saves every narinfo into a hashmap
<clever> as for the project name, its a cache you place between nix and cache.nixos.org
<clever> so it should be more atomic and faster
<clever> sphalerite: the ByteString.hPutStrLn will fetch a foreign pointer for the bytestring, and ffi it directly to write()
<clever> sphalerite: and back to the write'ing 1 byte at a time thing: https://github.com/cleverca22/cachecache/blob/master/cachecache.hs#L108-L115
<clever> :O
<clever> which can cause confusion when hydra fails
<clever> i have also noticed, if you build with sandboxing off, the host /usr/bin/env leaks in, and lets the builds work without patching
<clever> lol
<clever> 15.05, i dont think ive ever seen somebody mention that channel...
<clever> heh, a 3 year old issue!, but it can be hard to detect what paths to run it on
<clever> the length of the records inside the zip got changed, and the relative sizes in its headers ceased to be accurate
<clever> postPatch = "patchSheBangs build"; will also fix it
<clever> yep
<clever> and nix will fix them to absolute paths for you
<clever> you want to instead run patchSheBangs on the directory with shell scripts
<clever> sphalerite: are you running sed on the zip?
<clever> sphalerite: http://ix.io/yUT that find and sed ....
<clever> sphalerite: oh, i have a thought!
<clever> sphalerite: i think it reads the header at the tail of the file, and then goes relative to that
<clever> sphalerite: try putting breakpoints on both read_directory and get_data, and see which runs first, and how much
<clever> read_directory uses Py_BuildValue to set the file_offset, that get_data later reads
<clever> t = Py_BuildValue("sHIIkHHI", path, compress, data_size,
<clever> file_size, file_offset, time, date, crc);
<clever> get_data doesnt initialize file_offset though
<clever> and then 813 sets file_offset
<clever> 786 is a for loop
<clever> 716 of read_directory has a local file_offset variable, no initial value
<clever> ah, it might be line 813
<clever> something else must set those fields
<clever> so you give it a python object pointer, and it reads internal fields you set earlier
<clever> it appears to be a generic python function
<clever> i think that just reads attributes from a set
<clever> sphalerite: cant find any code in that file that actualy initializes file_offset
<clever> line 605 defines the entire object type
<clever> and the ZipImporter contains the file_offset
<clever> line 569 ties a python method "get_data" to the c method "zipimporter_get_data", which will cast the PyObject* to a ZipImporter*
<clever> sphalerite: just set a breakpoint on get_data
<clever> sphalerite: even without -g, gdb can give a backtrace, which can still help
<clever> and get_data is static, so the call must be inside this file
<clever> i think toc_entry is a python attribute set being passed into this function
<clever> and track down how it computes file_offset
<clever> so we need to either add some print statements to the code, or build with -g and run it under gdb
<clever> to improve buffering
<clever> libc may have rounded the seek position down, so it could read data from before the target point
<clever> its also possible that libc is cheating with the seek and read
<clever> so it reads more (774 bytes) then what it asked for
<clever> they did fread, so libc is buffering, exactly as you where expecting
<clever> sphalerite: ah, thats why i dont see it reading 30 bytes (line 954)
<clever> sphalerite: make it fail with -K and then double-check that its even a zip
<clever> so it appears to just lock up for zero reason, in the middle of gameplay
<clever> and if you get a random network error, it saves everything to disk before rendering a dialog saying it was a entwork error
<clever> sphalerite: this leads to the game locking up solid for ~1.5 hours
<clever> sphalerite: and samba flushes those bytes over the network, and waits 1 round trip per byte, including waiting for the samba server to flush to disk
<clever> sphalerite: i also discovered one day, when running world of warcraft over samba to a linux hdd, that wow saves config 1 byte at a time
<clever> which can manage a buffer within the struct FILE*
<clever> only if you use something like fwrite
<clever> haskell does that as well, it runs write over a list of characters with map
<clever> sphalerite: for example, strace ./oil.ovm, and gist the last 20-30 lines
<clever> sphalerite: strace, build with -g and gdb, patch the source
<clever> sphalerite: the first instance of it should be at file_offset bytes into the file: https://github.com/oilshell/oil/blob/5881d651515844871e6c717dc12105cc34c56d92/Python-2.7.13/Modules/zipimport.c#L950-L961
<clever> sphalerite: thats the zip file header, i believe there is one instance of it for every file in a zip
<clever> i also saw some ssdm failures holding back nixos-unstable
<clever> sphalerite: what does it find?
<clever> sphalerite: if you run "hexdump -C oil.ovm | grep '50 4b 03 04' --color -C5
<clever> then the problem is with the build itself, got a link to the source?
<clever> sphalerite: i dont see anything that is modifying it, what happens when you run the final file it outputs?
<clever> sphalerite: and which binary is being modified/damaged?
<clever> remove the 2
<clever> Wizek: you cant change the pname for that
<clever> another file that does things during many phases
<clever> if you gist it i can look over the output
<clever> then bash will tell you every single thing the stdenv is doing
<clever> sphalerite: in your postPatch, do "set -x"
<clever> sphalerite: a number of things in the stdenv also add hooks to the fixup phase list
<clever> sphalerite: fixupPhase handles binary patching after the install
<clever> yay
<clever> it has to download the cabal file for every single dependency, and then run cabal2nix on each
<clever> yeah
<clever> Wizek: under build-depends:
<clever> Wizek: the cheap-fix, is to just add alex as a library level dep in your cabal file, and re-run stack2nix
<clever> that doesnt include build-time tools
<clever> Wizek: so only what `stack list-dependencies` lists will appear in the generated file
<clever> Wizek: stack2nix overrides the haskellPackages in a special way, that prevents anything from the nixpkgs haskellPackages leaking in
<clever> Wizek: thats a different problem, i ran into it with cpphs
<clever> Wizek: self. lets you refer to other packages in the set, and give them more names
<clever> Wizek: you can do that with gi-javascriptcore = self.gi-javascriptcore2;
<clever> actually no, gi-javascriptcore_4_0_12 = self.gi-javascriptcore;
<clever> Wizek: a second option is to undo these changes, and instead do gi-javascriptcore_4_0_12 = gi-javascriptcore; and use rec for the main {
<clever> Wizek: and second, it continues to try to do that, even when you dont ask for gi-javascriptcore
<clever> Wizek: so that override you pasted earlier is breaking it twice, the first way, it tries to give you gi-javascriptcore_4_0_12 when you asked for gi-javascriptcore (and gi-javascriptcore_4_0_12 doesnt exist)
<clever> Wizek: you will need to add gi-javascriptcore to the arguments on line 1677, in addition to gi-javascriptcore2
<clever> Wizek: nix is forcibly giving gi-webkit2 an extra parameter, that you arent expecting
<clever> thats why it didnt care about the grub values
<clever> ah
<clever> adelbertc: if grub is disabled, then it wont care what grub.device is set to
<clever> adelbertc: ah, that depends on if your using grub or systemd-boot
<clever> adelbertc: there is an assertion that usually goes off, complaining its not set
<clever> adelbertc: for uefi, you need to set boot.loader.grub.device = "nodev";
<clever> Wizek: can you update https://gist.github.com/Wizek/8c9d7be7e57266045a81cf5bd0cc2d01 with the new content?
<clever> the pname should remain unchanged though
<clever> Wizek: try just adding a 2 to every instance of gi-javascriptcore in the stack2nix generated file
<clever> Wizek: ah, so something in nix is renaming things on you
<clever> and because of lazy eval, it just didnt eval the faulty code
<clever> grantwu: nix-build doesnt try to read the meta data
<clever> grantwu: you need to add a with maintainers; to that list
<clever> Wizek: everything refers to it as gi-javascriptcore in the gist, so i dont see whrere that 2nd version is coming from
<clever> grantwu: got a link to the PR?
<clever> grantwu: you can also make a change in the whitespace, git commit --ammend, and force-push to the PR branch
<clever> grantwu: anybody with push access to the repo can restart the build
<clever> Wizek: i think you need to manualy edit that to webkitgtk24x-gtk3
<clever> to make a temporary sandbox
<clever> srhb: i sometimes do HOME=/tmp/foo something
<clever> srhb: you can also just change the value of $HOME
<clever> Wizek: you can solve that with one of the following, "--no-out-link" (skips the result entirely), "-o ../result" (puts it somewhere else), or "cd .. ; nix-build project1 -A project1" (loads project1/default.nix, and leaves the result one directory up)
<clever> Wizek: so project1 will never have a cache hit
<clever> Wizek: so every time you sucessfully build the source, you also modify the source
<clever> Wizek: one minor problem, is that the ./. for project1, will also include the result symlink nix-build creates
<clever> Wizek: and if you perfectly undo the change, it can reuse 100% of it
<clever> Wizek: in the case of nix based builds, it will save everything in /nix/store/
<clever> heh
<clever> that also works
<clever> Wizek: another simpler solution is to just delete your .stack-work
<clever> Wizek: in this case, it excludes any symlinks ending in .root, all .swp files (vim!), your .stack-work, all .nix files, and anything that lib.cleanSourceFilter excludes (.o's, ~'s, and .git)
<clever> Wizek: you will need a second nix file, that imports the stack2nix one (line 24) and applies some overrides
<clever> Wizek: and the definition of cleanSource2 on line 16
<clever> Wizek: one sec
<clever> grantwu: add fetchurl to the arguments, { stdenv, fetchurl }:
<clever> Wizek: that may include your .git and your .stack-work
<clever> Wizek: you have a few ./.'s in the nix file, so it it making a snapshot of the current directory in nix
<clever> srhb: or stdenv.lib
<clever> Wizek: you need -A something
<clever> Wizek: yep
<clever> Wizek: you didnt tell nix-build what to build, so its building EVERY HASKELL PACKAGE, lol
<clever> Wizek: oh, i see the problem
<clever> Wizek: applicative-quoters appears nowhere in the gist
<clever> Wizek: yeah
<clever> Wizek: and what command did you run?
<clever> pastebin it?
<clever> Wizek: --show-trace
<clever> -i will just search, and may find the wrong things
<clever> nix-env -iA nixpkgs.openssh
<clever> that should fix it
<clever> grantwu: { packageOverrides = pkgs: { openssh = pkgs.appendToName "with-kerberos" (pkgs.openssh.override { withKerberos = true; }); }; }
<clever> which now refers to krb, which refers to openssh
<clever> the override to turn on krb refers to openssh
<clever> ah, i suspected that might happen
<clever> grantwu: exactly what i said half an hour ago
<clever> grantwu: without the nixpkgs.config
<clever> nixpkgs.git
<clever> openssh is one, but git is another
<clever> grantwu: just re-install whatever you think will be affected, with nix-env
<clever> yes
<clever> grantwu: { packageOverrides = pkgs: { openssh = pkgs.openssh_with_kerberos; }; }
<clever> makefu: and this is the entire closure of a single minecraft mod: https://github.com/mcpkg/mcpkg-server/blob/master/default.nix
<clever> makefu: this is something i worked on a year ago, it uses fixed-output derivations to generate a gradle cache
<clever> Infinisil: and if you have root, you can run an arm build of linux (ubuntu or nixos!) under a chroot, and connect back to such an xorg
<clever> Infinisil: i have seen an android xorg server, which you can then link to over tcp
<clever> and it would only be able to update to a version i had signed
<clever> so i could create updates freely
<clever> when i recompiled it, i had to re-sign it with my own keypair
<clever> so no data can be stolen
<clever> if you are installing something signed by the "wrong" person, you must uninstall the old app (deleting any secrets it had), then install the new one
<clever> the signature is only ever checked when upgrading
<clever> but android apps are always signed with a certificate-less keypair
<clever> they are signed
<clever> in theory, i could further modify it to log your name/pw, upload to another site, and then post the app on the amazon app store
<clever> what i realized then, is how easy it was to modify the android app
<clever> lol
<clever> decompile, delete map code, recompile, boom, it works!
<clever> that is a system library in android, and it is only present on devices that google has approved
<clever> i also discovered, my online banking app uses the google maps library to show where ATM's are
<clever> but for that first year, i had to root it and jam in the google play app
<clever> a year later, they unlocked canada, and it works fine now
<clever> Infinisil: then i discovered, you must have an american billing address, even to install a free app
<clever> Infinisil: they refused to ship it or sell it to canadians, so i had a friend in america buy it and ship it up
<clever> Infinisil: i had a similar problem with the amazon kindle
<clever> i think it also turns off all ad's
<clever> Infinisil: my problem, is that they wont even let me pay, lol
<clever> Infinisil: they refuse to take my money
<clever> Infinisil: and of course, no dirty canadians allowed
<clever> Infinisil: youtube red is a subscription thing that fixes that
<clever> Infinisil: the android + ps3 youtube/netflix app work in an entirely different manner, the mobile device is a wifi remote, and can safely be turned off
<clever> Infinisil: and it has no rewind
<clever> Infinisil: and the ipad must remain on, and draining battery, for the entire length of the video
<clever> Infinisil: so i am forced to use an apple device to stream youtube videos to the tv
<clever> Infinisil: android has the identical app, it dont work
<clever> Infinisil: and if you launch that app, i can see the cable box doing https requests to that domain
<clever> Infinisil: there is a special iOS app that you must use to stream video to the cable boxes
<clever> yep
<clever> Infinisil: but the new router and IPTV system conflicts with it
<clever> Infinisil: yeah
<clever> try and ping it!
<clever> adisbladis: also, look at the domain twonky.tv.fibreop.ca
<clever> adisbladis: and the multicast traffic comes from a 10 ip
<clever> adisbladis: the STB's access addresses in the 10 range constantly
<clever> the 10.0.0.0/8 network is for the iptv service, and the rest is internet
<clever> adisbladis: my ISP has 2 vlans (802.1q) on the modem, and the router must be specially configured for 2 uplinks over the same wire
<clever> Infinisil: it took me a while to realize that was a private range
<clever> Infinisil: but i could still vpn in, and it had an ip in 172.16.0.0/12
<clever> Infinisil: i had a server in a datacenter, and it randomly just went offline at the designated public ip
<clever> Infinisil: yeah, that one tripped me up a few months ago
<clever> :O
<clever> so i had to switch to 192.168.2.0/24
<clever> i later discovered, the ISP has their own 10.0.0.0/8 for the tv service, and the router has been modified to not allow that for the LAN
<clever> srhb: yeah, half, ~128
<clever> and the UI would just claim to be changing, then do nothing
<clever> when i upgraded to fiber, i tried setting the new router to the same subnet
<clever> back when i was on dsl, i ran my LAN as 10.0.0.0/25
<clever> LnL: i had a /25 before upgrading to fiber
<clever> Infinisil: the 24 has to match up with the netmask on line 31
<clever> every now and then people ask questions, and i gist fragments of my config
<clever> its part of a nixcfg git repo that i havent gotten around to publishing
<clever> stanibanani: full dhcp, dns, and nat, along with an ipv6 tunnel partialy configured
<clever> stanibanani: ^^^
<clever> oops
<clever> thblt: thats what i read, but Infinisil thinks he had it working with suspend to ram
<clever> i would expect randomEncryption to play nicely with suspend to ram, since the key stays in ram
<clever> thblt: and once you have randomEncryption on, you are down to 1 luks device (the zfs pool), so you dont need gchristensen's second 3mb luks trick to unlock 2 things