2017-07-23
00:23
<
clever >
your /lib/x86_64-linux-gnu also has to be removed
00:17
<
clever >
wrapProgram $out/bin/foo --unset LD_LIBRARY_PATH
00:17
<
clever >
so you need to create a wrapper script using wrapProgram in your nix expression
00:16
<
clever >
the problem is that the python in nix is obeying env vars you have set
00:15
<
clever >
kiloreux: what if you only remove it for the python process, using a wrapper script?
00:14
<
clever >
kiloreux: removing /srv from LD_LIBRARY_PATH may fix it
00:13
<
clever >
kiloreux: looks like you have the wrong zlib in your LD_LIBRARY_PATH
00:06
<
clever >
yeah, that might work better,given that cmakeDir is unusable
00:04
<
clever >
Infinisil: you would need to set dontUseCmakeBuildDir and then do the build dir yourself in preConfigure if you want to keep it
00:04
<
clever >
Infinisil: yeah, that will probably break things
00:02
<
clever >
mpickering: every attribute in a derivation becomes an env variable during the build
2017-07-22
23:59
<
clever >
and it will then do an out-of-tree build (the .o's are seperate from the src)
23:59
<
clever >
when you run cmake, you give it a path (relative or absolute) to the dir where the source and CMakeLists.txt exists
22:29
<
clever >
LnL: yeah, i think thats making bash do regex?
22:27
<
clever >
i have no idea how, but that sed-like function is implemented in pure bash
22:25
<
clever >
yeah, its also harder to insert storepaths with a .patch
22:21
<
clever >
its mostly just preference
22:18
<
clever >
the patch would fail to apply, and draw attention to what needs to be fixed
22:17
<
clever >
sed may just silently ignore things if upstream changes something, and then you get odd errors
22:17
<
clever >
a patch is more likely to fail in a safe way
22:16
<
clever >
avn: that usualy leaves the ssh privatekeys in the nix store, and visible on your binary cache for the world to see
22:15
<
clever >
sheenobu: then you need to disable that, and copy the source in during postUnpack
22:14
<
clever >
mpickering: and now you have a second derivation, being used as the source for the first
22:14
<
clever >
mpickering: you just do src = fetchgitPrivate { ... };
22:13
<
clever >
and only if it runs on the local machine (build slaves will break it)
22:13
<
clever >
just during fetchgitPrivate
22:13
<
clever >
so ssh-agent thinks socat (running as root) is doing the requests, and allows it
22:13
<
clever >
and root is exempt from that safety
22:12
<
clever >
the socat in my gist will proxy it over
22:12
<
clever >
so the git running as nixbld1 cant use it
22:12
<
clever >
sheenobu: but the ssh-agent in the ssh package, actively rejects any connection coming from the "wrong" user
22:12
<
clever >
sheenobu: fetchgitPrivate expects <ssh-auth-sock> to point to a unix socket for an ssh agent
22:10
<
clever >
mpickering: fetchgit and fetchgitPrivate auto-generate such a derivation
22:09
<
clever >
mpickering: all network access must be done in a seperate derivation, that declares the output hash ahead of time
22:08
<
clever >
cherrybl0ss0m_: and then in github, create a personal access token that has repo:status
22:08
<
clever >
cherrybl0ss0m_: create an xml section called <github_authorization> that contains "orgname = token <sha1>"
22:07
<
clever >
sheenobu: i just use an android device for netflix
22:05
<
clever >
cherrybl0ss0m_: yes
22:05
<
clever >
obviously, thats for the chromium package (not google-chrome or firefox)
22:05
<
clever >
chromium.enableWideVine = true; has worked for me in the past
22:04
<
clever >
netflix uses widevine on chrome and something else on firefox
22:04
<
clever >
netflix doesnt use flash
22:04
<
clever >
ive just not turned flash on
22:04
<
clever >
cwre: and yeah, adobe is free to break it by just deleting the tar, and nix will demand you get the exact right version
21:57
<
clever >
M and P to adjust the sort order
21:57
<
clever >
also, check 'top' and see what is using the cpu and ram
21:57
<
clever >
cwre: i think your setting nixpkgs.config.config.firefox
21:51
<
clever >
cwre: then it has to go under nixpkgs.config.firefox.enableAdobeFlash = true;
21:51
<
clever >
cwre: how is firefox installed?
21:51
<
clever >
cwre: firefox.enableAdobeFlash = true; in whatever config.nix your firefox is based around
21:14
<
clever >
yeah, the fixupPhase runs it over $out/bin/
20:27
<
clever >
mudri: the buildEnv would atomicaly replace the last buildEnv you had by the same name
20:25
<
clever >
mudri: then it lands in ~/.nix-profile/bin/ which is already in PATH
20:25
<
clever >
mudri: for PATH, i would just create a buildEnv based derivation, and nix-env -iA it
20:20
<
clever >
rvolosatovs: change the {path}: to just path:
20:17
<
clever >
sheenobu: and then it runs that busybox on this script, which uses busybox to unpack the tar, and patchelf to fix everything to refer to its new $out
20:16
<
clever >
sheenobu: this is a bare busybox binary, staticly linked, not even in a tar, and a tar containing glibc + gcc + patchelf
20:15
<
clever >
sheenobu: in the same directory is a txt showing the output you can expect
20:15
<
clever >
sheenobu: this is a bare-bones derivation that doesnt use the stdenv directly
19:39
<
clever >
rvolosatovs: this is a path, a division operator, an addition operator, and a string
19:39
<
clever >
error: syntax error, unexpected '+', at (string):1:11
19:39
<
clever >
nix-repl> ./result/ + "/bar"
19:38
<
clever >
can you paste the exact code you tried?
19:37
<
clever >
an unquoted path has several special properties, and you can concat more to it and keep those
19:37
<
clever >
rvolosatovs: just do (./foo + "/bar")
19:31
<
clever >
note the type code on line 30
19:28
<
clever >
just make sure /boot is outside the luks
19:28
<
clever >
and thats pretty much it
19:27
<
clever >
and this tells it to search for a pool called laptop (it looks in lvm automatically) and mount that as /
19:27
<
clever >
fileSystems."/" = { device = "laptop/root"; fsType = "zfs"; };
19:27
<
clever >
silver_hook: this tells nixos to open the luks device at /dev/sda3 before scanning for lvm devices
19:26
<
clever >
silver_hook: boot.initrd.luks.devices = [ { name = "root"; device = "/dev/sda3"; preLVM = true; } ];
19:24
<
clever >
silver_hook: let me see
19:23
<
clever >
avn: none of the machines have swap on zfs
19:23
<
clever >
and the desktop has 64gig of NVME swap
19:22
<
clever >
but the desktop, it just hangs, it doesnt even try to use the swap
19:22
<
clever >
sure, it gets io bound in swap all the time, but it recovers
19:22
<
clever >
silver_hook: oddly, the laptop with 2gig of ram performs "better" then the desktop with 16gig of ram
19:17
<
clever >
it also has snapshots, so i have undo for almost any file
19:17
<
clever >
i now have the option to use zfs send to backup the entire system
19:17
<
clever >
so the lvm just splits the luks up into zfs and swap
19:16
<
clever >
and zfs for zfs
19:16
<
clever >
silver_hook: luks for encryption, lvm because i know swap on zfs is bad, and i didnt want 2 luks partitions
19:15
<
clever >
silver_hook: my laptop is booting with zfs on lvm on luks
19:06
<
clever >
mpickering: you would need to update the packages config to list all of the packages you want, and then nixos-rebuild to update the docs
18:58
<
clever >
nixos yes, nix no
18:56
<
clever >
silver_hook: nixos needs to generate the grub.conf far more often, you can usualy get away with just putting the other distro into grub.conf via the extraConf option in nixos
18:15
<
clever >
some, but version numbers vary so much that it doesnt always work right
18:14
<
clever >
comparing the version numbers would be more tricky
18:11
<
clever >
foo = if (old.foo.name == "foo-1.2.3") then old.foo else old.foo.overrideAttrs (drv: { src = ...; });
18:10
<
clever >
but you could put an if statement into it, that checks the version of the old package
18:10
<
clever >
the override/overlay will have priority, and will have the final say in what is used
18:06
<
clever >
rvolosatovs: you can do that with either normal packageOverrides, or overlays
14:27
<
clever >
alunduil: nixos test framework
14:25
<
clever >
bennofs: you might be able to use libredirect (from nixpkgs) to redirect /proc/self/exe to a shell script
04:51
<
clever >
cwre: so the default kernel uses this set of patches
04:51
<
clever >
and line 12284 generates that over the linux_4_9 attribute
04:50
<
clever >
so nixos uses this alias as a default
04:50
<
clever >
cwre: finding a link...
04:49
<
clever >
which would be what linuxPackages is an alias to
04:49
<
clever >
cwre: probably the one that your using as a default
04:45
<
clever >
cwre: and then use that kernel via its matching linuxPackages set
04:45
<
clever >
cwre: you want to modify one of the kernel attributes near my link to refer to your new patch
04:33
<
clever >
cwre: i think you need to reference the patch elsewhere
04:33
<
clever >
/home/clever/apps/nixpkgs/pkgs/top-level/all-packages.nix: kernelPatches.p9_fixes
01:19
<
clever >
only real issue, is that it only protects against accidental deletions, since the backups are on the local disk
01:18
<
clever >
you now get automatic backups every 15mins, hour, day, week, and month, each one with its own max# that expires automatically
01:17
<
clever >
yegortimoshenko: zfs snapshots are great to have a rolling backup system
2017-07-21
22:59
<
clever >
ottidmes: at a glance, i dont think the cpu supports pagefault detection
22:55
<
clever >
ottidmes: that will depend heavily on how reliable the unbricking method is
22:53
<
clever >
but thats typically handled by the existing kernel
22:53
<
clever >
if the cpu has an MMU, they you should be able to set a pagefault handler that catches access to unmapped memory
22:51
<
clever >
celph_: which pebble?
22:47
<
clever >
celph_: though it still relies on ulimit being set as normal
22:47
<
clever >
celph_: i recently did systemd.coredump.enable = true; and have found it handy in catching things
22:28
<
clever >
tilpner: yep
22:26
<
clever >
and then apply the overlay to that nixpkgs
22:26
<
clever >
tilpner: internally, it will re-import its own chosen nixpkgs version, and not force the config
22:25
<
clever >
tilpner: if you import the default.nix from this "overlay", it wont actualy be used as an overlay
22:24
<
clever >
tilpner: oh, i think i know
22:24
<
clever >
tilpner: all of that is inside a copy of nixpkgs-channels from revision ed07, which isnt mentioned in any of the fetchurl or fetchgit calls
22:22
<
clever >
tilpner: can you add the entire trace as another file in the previous gist?
22:18
<
clever >
tilpner: also, useSandbox is a nix option, not a nixpkgs option, so it does nothing on lin e13
22:17
<
clever >
tilpner: that should give a backtrace to where it came in from
22:17
<
clever >
tilpner: ah, try putting a syntax error into your config.nix and then run it with --show-trace
22:14
<
clever >
tilpner: can you link a gist with the file?
22:13
<
clever >
tilpner: which argument?
22:12
<
clever >
ottidmes: so you can boot the vm once, then test a single function on 1000's of different bits of data
22:11
<
clever >
ottidmes: and then each clone of the vm gets different input data
22:11
<
clever >
ottidmes: triforce works by forking the entire bloody qemu process, to create clones of the vm
22:09
<
clever >
ottidmes: there is even a variant that is embeded into a modified qemu, that can fuzz kernels
22:07
<
clever >
tilpner: nix-build --arg config '{}'
22:05
<
clever >
joepie91: but then nobody else benefits! lol
22:05
<
clever >
joepie91: and i have considered setting loose ~30 bots in this channel named after nix functions, just so i can tab-complete things like callPackage in here :P
22:04
<
clever >
joepie91: my irc client is good at completing with just 2 letters most of the time
21:52
<
clever >
ottidmes: so you dont even need support for custom ISO's
21:52
<
clever >
ottidmes: the directory above that file, is a kexec trick i made, that can hijack any existing linux machine
21:52
<
clever >
ottidmes: so you could create an ISO that has this module included, boot the ISO, ssh in, and run justdoit, and your done
21:51
<
clever >
ottidmes: when ran, that will format /dev/sda, and install nixos
21:51
<
clever >
ottidmes: this is a custom nixos module, that pre-installs a script called justdoit
21:49
<
clever >
joepie91: ah, its the default value?
21:49
<
clever >
ottidmes: and its up to you to deal with the hardware layer (or creation of VM's within control panels)
21:48
<
clever >
ottidmes: if you set the targetEnv = "none"; in nixops, it will just ssh into an existing nixos machine and manage it
21:47
<
clever >
ottidmes: i have considered using nixops just to manage my laptops
21:46
<
clever >
ottidmes: i have also written a kexec based tool that works similiarly to nixos-infect
21:44
<
clever >
cwre: and nix's closures can basicaly do the same thing, just write the right expression s and it does it for you
21:44
<
clever >
cwre: without it depending on any part of the host
21:43
<
clever >
cwre: with LFS, they need a toolchain at a non-standard path, that can be transplanted from the host to the guest
21:43
<
clever >
cwre: yeah
21:43
<
clever >
cwre: nix simplifies it with storepaths, but does the same basic process
21:43
<
clever >
cwre: and then repeat it all, but against / this time, to make the real install
21:42
<
clever >
cwre: then you can mount that entire thing into a chroot, and be 100% isolated from the original host toolchain
21:42
<
clever >
cwre: so it uses /tools/lib and /tools/bin/ and even /tools/lib/ld.so
21:42
<
clever >
cwre: the basics of LFS, is building an entire toolchain (bash, gcc, glibc), that is rooted to /tools/
21:41
<
clever >
cwre: having done LFS, i'm able to read and understand the stdenv bootstrap in nixpkgs
21:40
<
clever >
cwre: i have also ran linux from scratch on my router, so yes
21:40
<
clever >
i was mostly gentoo based prior to discovering nixos
21:39
<
clever >
i have nixos on my desktop, 2 netbooks, 1 laptop, the router, and the NAS
18:23
<
clever >
simpson: the GHC RTS has a hefty amount of C in it...
17:59
<
clever >
joepie91: i find i dont even look hard enough for such tooling
17:55
<
clever >
mbrock: i just skipped cabal and stack, and went directly to haskellPackages.ghcWithPackages, and it works fine
17:54
<
clever >
joepie91: this script also breaks if any of the cargo deps happen to use a git submodule
17:53
<
clever >
so the fetch and build always use the same lock file
17:53
<
clever >
joepie91: nix will re-do the fetch job if the lock file has been modified
17:53
<
clever >
but its trying to do network again afterwards
17:52
<
clever >
then cargo should just run without network
17:52
<
clever >
and then you provide the sha256 over that entire set of deps
17:52
<
clever >
joepie91: nixpkgs uses the lock file to pre-fetch things in a fixed-output derivation when it has network
17:51
<
clever >
joepie91: except, nixpkgs has done some trickery to provide it everything pre-fetched
17:49
<
clever >
joepie91: do you know much about how 'cargo fetch' runs?
01:19
<
clever >
id have to read more of the expressions to know what exactly is going on
01:19
<
clever >
you may need to apply an override to pkgs.firefox-nightly-bin then
01:17
<
clever >
Infinisil: the overlay is already setup, no need to use mozillaPkgs
01:17
<
clever >
Infinisil: i think its better to just do pkgs.firefox-nightly-bin
01:16
<
clever >
Infinisil: yeah
2017-07-20
23:49
<
clever >
profile can also source bashrc
23:48
<
clever >
ottidmes: and bashrc will source profile in some cases
23:48
<
clever >
ottidmes: interactiveShellInit lands in /etc/bashrc, shellInit lands in /etc/profile
23:36
<
clever >
gchristensen: sure
23:31
<
clever >
your already applying an override, so just delete line 13 of the gist, and use pkgs.firefox-nightly-bin
23:31
<
clever >
config isnt an argument
23:28
<
clever >
so you can just pkgs.firefox-nightly-bin
23:28
<
clever >
though, the overlay your adding puts that nightly into the main pkgs set anyways
23:27
<
clever >
then it wont read any config.nix, and it will just work
23:27
<
clever >
cwre: you probably want mozillaPkgs = import mozillaPkgsDir { config = { allowUnfree = true; }; };
23:27
<
clever >
cwre: line 13 imports a new copy of nixpkgs, as root, so it reads roots config.nix file
23:26
<
clever >
cwre: what about the /root/.config/nixpkgs/config.nix?
23:26
<
clever >
though that instance is only used for a fetchFromGitHyb
23:25
<
clever >
cwre: line 5 overrides the config, so it doesnt read any config.nix files
23:24
<
clever >
cwre: can you gist that file?
23:23
<
clever >
cwre: what command is causing the unfree error?
23:23
<
clever >
cwre: what is it set to?
23:23
<
clever >
cwre: it shouldnt be
23:21
<
clever >
cwre: is $NIXPKGS_CONFIG set to anything?
23:21
<
clever >
cwre: oops, ^^^
23:21
<
clever >
celph: does /etc/nix/nixpkgs-config.nix exist?
23:20
<
clever >
gchristensen: pong
21:22
<
clever >
sphalerite[m]: yeah, wider hardware support may bloat it more
21:20
<
clever >
depends on the goals
21:20
<
clever >
sphalerite[m]: yeah, but the i3 is probably optional, if you wanted it to only display a pdf and do nothing else
21:19
<
clever >
sphalerite[m]: its about 40mb
21:18
<
clever >
though that currently lacks X support
21:18
<
clever >
sphalerite[m]: heh, sounds like something i would do with not-os
21:09
<
clever >
boomshroom: i think you can also run this with a normal nix, that was compiled against /nix/store/
21:09
<
clever >
boomshroom: an example i had made a made nearly a year ago
21:08
<
clever >
2016-08-19 05:25:17< clever> [clever@amd-nixos:~]$ NIX_LOG_DIR=/home/clever/nix2/var/log NIX_REMOTE= NIX_STORE=/home/clever/nix2/store NIX_STATE_DIR=/home/clever/nix2/var/nix/db nix-build '<nixpkgs>' -A hello -Q -j8 --option build-use-sandbox false --option build-users-group ""
21:08
<
clever >
boomshroom: there is also an env variable that overrides the store location
21:07
<
clever >
boomshroom: try unsetting $NIX_REMOTE
20:45
<
clever >
and also, the hash in /nix/store/<hash> is only the first 160 bits of the sha256
20:44
<
clever >
i believe the <hash> on line 154 is the sha256 from the fetchurl, and the hash of this entire string is what goes into /nix/store/<hash>-name
20:44
<
clever >
wait no, that part is excluded for fixed-output ones
20:43
<
clever >
and the "/nix/store" string is in that outer hash
20:43
<
clever >
a character is prepended to the hash algo
20:42
<
clever >
taktoa: slightly different rules for that
20:27
<
clever >
line 104 has a giant comment explaining things
20:26
<
clever >
which is just several of those functions jammed into one
20:23
<
clever >
taktoa: it appears to use makeOutputPath with the output name and that hash
20:22
<
clever >
note the if statement on line 338
20:19
<
clever >
boomshroom: yeah, you can just make a dummy home folder, chown it, and cd over
20:18
<
clever >
michaelpj: yeah
20:17
<
clever >
boomshroom: and if its in your home dir, you need to use the same home everywhere
20:17
<
clever >
boomshroom: yes
20:17
<
clever >
michaelpj: so if it exists, the one in home is ignored
20:17
<
clever >
michaelpj: that is a default that has higher priority then ~/.nixpkgs/config.nix
20:16
<
clever >
/etc/nix/nixpkgs-config.nix
20:16
<
clever >
[clever@amd-nixos:~]$ echo $NIXPKGS_CONFIG
20:16
<
clever >
but you can do nixpkgs.config = import /etc/nix/nixpkgs-config.nix; to shortcut that
20:16
<
clever >
nixos will only ever obey nixpkgs.config
20:11
<
clever >
nix-env and nix-build ignore the overrides in configuration.nix
20:11
<
clever >
spinus: nope
20:10
<
clever >
boomshroom: yeah, nix-copy-closure
20:10
<
clever >
michaelpj: that sounds like how i would set them up
20:09
<
clever >
boomshroom: nixops only helps if you want nixos, but if you just want nix on another distro, nixops wont help any
20:08
<
clever >
michaelpj: can you gist both examples?
19:48
<
clever >
GPT uses more then 1 sector
19:48
<
clever >
thats enough code to let it read /boot, and then it can do things right
19:48
<
clever >
grub's kernel, and fs driver (ext4 for example) get concat'd together, and then throw into "free" space between sector 0 and partition 1
19:47
<
clever >
that sounds like grub's stage 1.5 on MBR
19:46
<
clever >
the userland translates things to a simpler form
19:46
<
clever >
there is basicaly no lvm support in the kernel, same for luks
19:45
<
clever >
i mainly booted my gentoo without an initrd
19:42
<
clever >
deltasquared: ive previously used linuxfromscratch and gentoo, nixos install wasnt that complex
19:36
<
clever >
deltasquared: oh rather, kexec is the only way to bypass that, and my kexec trick relies on the MBR being obeyed
19:35
<
clever >
deltasquared: yeah, kexec requires that the host still runs the boot sector in the MBR
19:35
<
clever >
but with any decent datacenter, you can remotely wipe and try again