2017-07-20
19:34
<
clever >
deltasquared: yeah, with both nixos-in-place and kexec, you only get one chance
19:34
<
clever >
nh2: and there is a nixops-example.nix so you can add the machine to nixops
19:33
<
clever >
nh2: the justdoit script is also pre-installed in that ramdisk, and does nearly the entire install
19:31
<
clever >
deltasquared: somebody did joke that i could nixos-ify half the internet if i had a zero-day :P
19:31
<
clever >
nh2: then you can ssh in, wipe the disk, and nixos-install like normal
19:31
<
clever >
nh2: and within 5 minutes, it should be running nixos from a ramdisk
19:30
<
clever >
nh2: you upload a specialy made tarball to a remote server, unpack it to /, then run /kexec_nixos
19:30
<
clever >
nh2: have you seen my kexec trick?
19:10
<
clever >
/run/current-system/sw/share/doc/
19:02
<
clever >
leading to confusion
19:02
<
clever >
also, without -A, it will silently ignore broken things
19:02
<
clever >
yeah, without -A its much slower, and not clear which channel it will use
19:01
<
clever >
this is a channel name, and package name
19:01
<
clever >
nix-env -iA unstable.musecore
19:00
<
clever >
so it will only get used if you name unstable in a command
19:00
<
clever >
the above command calls the channel unstable
19:00
<
clever >
yeah, all of the nixos tools read the channel called nixos
19:00
<
clever >
download this, rename it to musecore.nix, and do musecore = pkgs.callPackage ./musecore.nix {};
18:59
<
clever >
or an override
18:59
<
clever >
so the new version thats not broken isnt available
18:59
<
clever >
queiw: ah, musecore appears to have been fixed in june, and 17.03 is from march
18:57
<
clever >
queiw: ah, what channel are you on?
18:54
<
clever >
queiw: and what happens if you do nix-env -iA nixos.musescore
18:53
<
clever >
queiw: what is the name of the package?
18:43
<
clever >
boomshroom: and then nix-build will never give a cached result, because every success modifies the source
18:43
<
clever >
boomshroom: if you do src = ./.; and nix-build in the directory, the result symlink becomes part of the "source"
18:43
<
clever >
boomshroom: ive done that, by mistake a few times, lol
18:42
<
clever >
boomshroom: nix refuses to allow any recursion
14:49
<
clever >
there was a bug in the nix-channel management code that caused it to ignore a recently passing build
13:13
<
clever >
canndrew: you want to patchelf it with the 32bit versions of the libs
13:12
<
clever >
hodapp: if you check ps aux, what is the path to the working gimp?
12:45
<
clever >
xd1le: add pkgconfig to the nativeBuildInputs and then insert $(pkg-config --cflags libevdev) into your gcc command
12:45
<
clever >
-I/nix/store/z69dmzg0h9dm7m0avha7klf0xklnch95-libevdev-1.5.6/include/libevdev-1.0/
12:45
<
clever >
[nix-shell:~]$ pkg-config --cflags libevdev
12:45
<
clever >
xd1le: pkgconfig is also in that package, so you can use that
12:45
<
clever >
xd1le: tab completion
12:44
<
clever >
(which is exactly what nix protects you from)
12:44
<
clever >
because the idiots wanted to prevent collisions
12:44
<
clever >
so you need to #include <libevdev-1.0/libevdev/libevdev.h>
12:44
<
clever >
lovely, lol
12:44
<
clever >
/nix/store/z69dmzg0h9dm7m0avha7klf0xklnch95-libevdev-1.5.6/include/libevdev-1.0/libevdev/libevdev.h
12:43
<
clever >
xd1le: the include dir of everything in buildInputs is added to -I automatically
2017-07-19
23:58
<
clever >
in the same directory as Text
23:58
<
clever >
i think you need to run it one directory up
23:56
<
clever >
you would have to run nix-shell in that dir, then ghc and ghci will have the deps
23:56
<
clever >
and the cabal file doesnt say to compile the examples, so they arent available
23:54
<
clever >
nix-build creates a result symlink pointing to the finished build
22:56
<
clever >
not registering doesnt stop them from tracking you :P
22:56
<
clever >
eqyiel[m]: and whats wrong with having a google account?
22:50
<
clever >
you can just get a normal google account tied to any email
22:50
<
clever >
you dont need a gmail account to have a google account
19:32
<
clever >
if you turn on secure one-time tokens for pam, it turns passwords off!
19:31
<
clever >
there was something worse in the pam 2 factor auth
19:27
<
clever >
i try to keep /mnt clear because i use that for new installs
19:25
<
clever >
jtojnar: i keep mine under /media/
19:23
<
clever >
yeah, it ignores everything under /run
19:22
<
clever >
it might ignore /run
19:21
<
clever >
jtojnar: where is it mounted?
19:19
<
clever >
jtojnar: is it mounted when you run nixos-generate-config?
19:18
<
clever >
jtojnar: add it to configuration.nix instead
19:10
<
clever >
Winchell1M: nixos already adds $HOME/bin/ to $PATH
15:53
<
clever >
GlennS: more that you can customize the partition tables, and do the entire install from real nixos, rather then mutating the root into nixos
15:49
<
clever >
and you now have a nixos install with zfs and custom partitions
15:49
<
clever >
so you just unpack the tar, run /kexec_nixos, ssh into it, and run justdoit
15:48
<
clever >
GlennS: this creates a kernel+initrd pair, containing the entire nixos installer
15:48
<
clever >
kexec lets you load a kernel+initrd into ram, and just switch control of the entire host to it
15:42
<
clever >
GlennS: have you seen my kexec trick?
14:31
<
clever >
qknight: yeah, sounds like it
14:20
<
clever >
qknight: i think its disabled by default
14:11
<
clever >
but internally, it applies no changes
14:11
<
clever >
so nix treats it as a transform
14:11
<
clever >
i would just have the derivation copy the valid config file to $out, and then return the result of the mkDerivation
14:10
<
clever >
ahh, your having nginx lint the config file
14:09
<
clever >
why does it need a whole derivation to test the value?
14:08
<
clever >
weird, your trying to build a derivation over x, and then just use x?
14:06
<
clever >
no need to handle the failure specialy
14:06
<
clever >
qknight: it will already abort if the derivation fails
14:02
<
clever >
qknight: what are you trying to do?
13:30
<
clever >
id just throw an alias into .bashrc
13:30
<
clever >
that works
13:24
<
clever >
odd, not sure then
13:22
<
clever >
cinimod: try export TERM=xterm
13:20
<
clever >
qknight: mkDerivation returns a string pointing to where the derivation will be installed to, but its not yet known if it has passed or not
13:00
<
clever >
but then you may as well not even hash it, users.users.clever.initialPassword = "hunter2";
13:00
<
clever >
you could use a secondary password there, so you can at least login and run passwd
12:59
<
clever >
yeah, thats the only downside
12:57
<
clever >
and then my pw is always right
12:57
<
clever >
i just set users.users.clever.initialHashedPassword
12:56
<
clever >
systemd-nspawn wont really work right away, the nixos inside the root has to be built with boot.isContainer=true;
12:54
<
clever >
why do you want to imperatively set passwords before the first boot?
12:41
<
clever >
but that code is absent in the master version of the script
12:40
<
clever >
i think it wants the nixbldX users from the host
12:40
<
clever >
aha, then it will create users on the host and store the passwords on the guest!!
12:38
<
clever >
because of the umount, it will modify the guest passwd when it asks for the root pw at the end
12:37
<
clever >
and also line 236 un mounts them
12:36
<
clever >
but it wont persist, and the guest will create its own later
12:36
<
clever >
yeah, it uses a bind mount to "copy" the host passwd into the guest
12:33
<
clever >
i thought it was only directories
12:33
<
clever >
yeah, i was also surprised that files can be bind mounted
12:33
<
clever >
yeah, it mounted something over /etc/passwd
12:32
<
clever >
any bind mounts over passwd?
12:32
<
clever >
catern: what does "mount" say when ran both inside and outside?
12:30
<
clever >
ben: that will depend on if you have enabled or disabled mutable users
2017-07-18
22:27
<
clever >
ah, it was -t
22:27
<
clever >
Apr 27 16:10:23 router kernel: rejected connection: IN=wan OUT
22:27
<
clever >
-- Logs begin at Mon 2017-04-24 18:42:51 UTC, end at Tue 2017-07-18 22:26:19 UTC. --
22:27
<
clever >
[root@router:/etc/nixos/nixcfg]# journalctl -t kernel -b 0
22:26
<
clever >
i think it might be in "-k kernel" or something like that
22:26
<
clever >
pshendry: what about just journalctl -f ?
20:16
<
clever >
though if you think it wont crash and its only a chown and chmod, that can owrk
20:15
<
clever >
the last guy i saw using activation hooks tried to do network, it errored out, and then that broke the entire boot process
20:15
<
clever >
it would probably be safer to use a one-shot systemd unit
20:14
<
clever >
nixos can only manage /etc and /nix
20:14
<
clever >
there is no way to manage things under /home with nixos
20:14
<
clever >
where does folder_name exist?
20:00
<
clever >
WinchellsM: by setting mode and uid on an environment.etc entry, you can control what user owns it
19:46
<
clever >
spinus: something came up, cant type much now
19:40
<
clever >
spinus: there is also the build slave stuff, and brb
19:40
<
clever >
spinus: nix-copy-closure can take a .drv from nix-instantiate, then you can run nix-store -r on that remotely
17:04
<
clever >
WinchellsM: rerun with -j1 to unscramble the download progress
16:55
<
clever >
1.4.111 and 2.3.8 are the versions i get
16:55
<
clever >
WinchellsM: the names are non-obvious
16:55
<
clever >
pkgs/top-level/all-packages.nix: bittorrentSync20 = callPackage ../applications/networking/bittorrentsync/2.0.x.nix { };
16:55
<
clever >
pkgs/top-level/all-packages.nix: bittorrentSync14 = callPackage ../applications/networking/bittorrentsync/1.4.x.nix { };
16:54
<
clever >
pkgs/applications/networking/bittorrentsync/generic.nix: name = "btsync-${version}";
16:43
<
clever >
you would need to clone nixpkgs, checkout the right version for your host, and then edit that file
16:43
<
clever >
it looks like it should be doing entry.knownHosts
15:32
<
clever >
but with this syntax, all arguments are put into a set called args
15:32
<
clever >
{ pkgs, config, ... } @ args:
15:32
<
clever >
on its own, the arguments are just dropped, so you cant access the things you havent named
15:32
<
clever >
NickHu: it makes it accept any argument
15:30
<
clever >
it downloads a given nar, and unpacks it to a new dir called <hash>-hello-<version>
15:29
<
clever >
gchristensen: and an example closer to what you wanted
15:29
<
clever >
2017-03-13 15:49:05< clever> [clever@amd-nixos:/tmp/fooo]$ curl cache.nixos.org/nar/0b1c57kbqjl78yh5wvna3lgfzldjk12s5a5kkyq49qd07jgy4p0p.nar.xz | unxz | nix-store --restore bdjyhh70npndlq3rzmggh4f2dzdsj4xy-hello-2.10
15:29
<
clever >
no nix.sqlite metadata is involved, no need for root, and you can just treat it as a tar replacement if you wanted
15:28
<
clever >
this will copy a to b, serializing it in the process
15:28
<
clever >
2017-02-22 22:23:23< clever> $ nix-store --dump a | nix-store --restore b
15:28
<
clever >
all paths start at the root of $out, so $out/bin/foo exists as just "bin/foo" in the nar
15:28
<
clever >
and /nix/store/ isnt a prefix on the paths
15:27
<
clever >
its a custom format, that omits fields like uid/read/write/mtime
15:27
<
clever >
yeah, its not a tar file
15:26
<
clever >
gchristensen: one min, i have a trick somewhere
12:31
<
clever >
bennofs: oh, i think the -p was breaking it
12:26
<
clever >
so if you use cc and c++, it will work on both stdenv's
12:26
<
clever >
but the clangStdenv includes a wrapper called cc
12:25
<
clever >
dang, clangStdenv sets CC, but the normal stdenv doesnt!
12:25
<
clever >
[clever@amd-nixos:~/apps/nixpkgs]$ nix-shell -E 'with import <nixpkgs>{}; clangStdenv.mkDerivation { name = "name"; }'
12:16
<
clever >
bennofs: i think $CC and $CXX are set right
11:42
<
clever >
S0rin: the nixPath entry in the configuration.nix lands in a file in /etc after the rebuild, then you must relaunch the shell
11:05
<
clever >
cinimod: the above creates an override on diagrams, to make it use a jailbroken version of cautious file
11:01
<
clever >
[clever@amd-nixos:~]$ nix-shell -p "haskellPackages.ghcWithPackages (pkgs: [ pkgs.chart-unit pkgs.numhask pkgs.numhask-range ])" 'haskellPackages.diagrams-haddock.override { cautious-file = haskell.lib.doJailbreak haskellPackages.cautious-file; }'
10:59
<
clever >
and diagrams-haddock depends on cautious-file
10:58
<
clever >
its in cautious-file's cabal file
10:58
<
clever >
the problem isnt in your cabal file
10:58
<
clever >
the condition is right in the cabal file the error said it was in
10:58
<
clever >
[root@amd-nixos:/tmp]# grep directory cautious-file-1.0.2/cautious-file.cabal build-Depends: base >= 4, base < 5, directory >= 1.1, directory < 1.3, filepath >= 1.2, filepath < 1.4, bytestring >= 0.9, bytestring < 0.11
10:57
<
clever >
which cabal file did you read?
10:57
<
clever >
builder for ‘/nix/store/ghy607jzpy4ifhxpl486ffgvxbb7gclk-cautious-file-1.0.2.drv’ failed with exit code 1
10:55
<
clever >
the output in the console when it gives the error
10:55
<
clever >
there should be more lines that give context
10:55
<
clever >
pastebin the entire error
10:54
<
clever >
from which derivation?
10:52
<
clever >
try restoring $TERM to a more normal value
10:52
<
clever >
cinimod: i'm thinking this, now diagrams will be in path, rather then ghc
10:51
<
clever >
[clever@amd-nixos:~]$ nix-shell -p "haskellPackages.ghcWithPackages (pkgs: [ pkgs.chart-unit pkgs.numhask pkgs.numhask-range ])" haskellPackages.diagrams-haddock
10:50
<
clever >
and `ghc-pkg list` ?
10:44
<
clever >
cinimod: error: attribute ‘numeric-ode’ missing, at (string):1:106
2017-07-17
23:37
<
clever >
i think adding it to the propagatedBuildInputs of gcr would be best in this situation
23:33
<
clever >
but thats not in the search path when building pinentry
23:32
<
clever >
because pkg-config is dumb, and wants to find the glib.pc file as well
23:27
<
clever >
you need to add glib to the buildInputs for pkg-config to allow you to use gcr
23:27
<
clever >
jtojnar: thought so, pkg-config is weird like that
23:19
<
clever >
jtojnar: what if you try to ask pkg-config for the ldflags of gcr-base-3?
23:15
<
clever >
jtojnar: investigating...
23:11
<
clever >
can you gist the nix files you have modified?
23:09
<
clever >
jtojnar: is pkgconfig also in the builtInputs?
23:00
<
clever >
yegortimoshenko: it appears to do absolutely nothing
22:53
<
clever >
whatever that is, it needs to be added to the buildInputs of the package
22:53
<
clever >
and --pure isolates it better
22:53
<
clever >
so it was only working because something you installed was leaking in
22:52
<
clever >
jtojnar: try adding --pure to the nix-shell
22:32
<
clever >
which is always a subset of all of your build-time inputs
22:32
<
clever >
tnks: nix will just auto-detect what you need at runtime, by what paths exists in $out when your done
22:31
<
clever >
tnks: there is also the fact, that you cant really ever define the runtime deps
22:29
<
clever >
tnks: so if somebody ever tries to cross-compile your package 2 years down the road, it will try to make a build of cmake for the wrong platform, then run that on a cpu that cant run it
22:27
<
clever >
but most of the time, your doing a native build, so the buildInputs are just transparently appended to the nativeBuildInputs
22:26
<
clever >
tnks: and buildInputs come from the target arch (all libs go here)
22:26
<
clever >
tnks: when cross-compiling, nativeBuildInputs come from the host arch (cmake goes in there)
22:06
<
clever >
tnks: no way to merge derivations, you would need to put the ghcWithPackages into the buildInputs of a new derivation, that also depends on the python things
22:06
<
clever >
alex-v: id just throw strace at it, but that will generate 1000's of lines of logs, and then you need a pastebin
22:04
<
clever >
i cant think of anything else to check
22:03
<
clever >
those things are usually off by default
22:02
<
clever >
alex-v: anything like apparmour/gesecurity/selinux active?
21:59
<
clever >
alex-v: dmesg?
21:57
<
clever >
alex-v: and what about the mount for /opt/revr/tmp?
21:55
<
clever >
alex-v: or the output of dmesg?
21:55
<
clever >
alex-v: what about the output of mount?
21:54
<
clever >
alex-v: how are you able to access irc but not a pastebin?
21:53
<
clever >
nixer: you can also just add the module to the imports of a configuration.nix
21:52
<
clever >
nixer: --eval maybe, but it wont confirm things like the mkOption calls having valid arguments
21:51
<
clever >
alex-v: what does this output?
21:44
<
clever >
alex-v: why can you not access gist?
21:41
<
clever >
alex-v: can you gist the entire error?
21:41
<
clever >
alex-v: if something was ran as root in the past, the ownership may be mixed
21:40
<
clever >
alex-v: does the user own everything in the store?
21:38
<
clever >
bennofs: pretty sure only string worked with lift when i was messing with it
21:36
<
clever >
probably need to dive into more complex parts of it, or use the th-lift thing i saw somewhere
21:34
<
clever >
i have noticed that out of the box, template-haskell can only insert a plain String (a linked list of characters!) into the source, but not any other type
21:30
<
clever >
i'm pretty sure nix flattens the array down to a space seperated list, and then your hosed
21:30
<
clever >
what about how the stdenv treats $buildInputs as a space seperated list of inputs?
21:20
<
clever >
i believe its invalid to have a space in the name of a derivation, so even $out/bin would be safe
21:19
<
clever >
Infinisil: bash is a bit weird, and should eval both of those identically
20:53
<
clever >
qknight: its currently in a let block, so there is no way to reference it
20:52
<
clever >
qknight: you would need to expose the config as its own attribute within the config attrset
20:21
<
clever >
the-kenny: ah nice, logs of juicy details in there
20:19
<
clever >
that has the size of each partition
20:19
<
clever >
and cat /proc/partitions
20:11
<
clever >
setting the format to raw removes the restrictions
20:10
<
clever >
and given that its usb, its very likely to jump around anyways
20:10
<
clever >
i try to do everything with uuid or label, so it doesnt matter
20:10
<
clever >
in theory, if the guest writes the correct headers to the file, qemu can start to interpret it as a copy-on-write image of something else, and read an attacker controlled path
20:09
<
clever >
may also need a format=raw
20:09
<
clever >
-drive index=3,id=usb,file=/dev/sdc
20:07
<
clever >
to just directly expose the block device as a whole
20:07
<
clever >
you can also -drive /dev/sdc i think
20:06
<
clever >
dont think so
20:06
<
clever >
qemu does also have an option to emulate a usb drive if it still needs to be over usb
20:05
<
clever >
sphalerite[m]: also, i would just use -drive to create a virtual drive, then dd it to the usb stick after its shutdown
20:04
<
clever >
i would just chown the dev node on the host, no need to mess with udev
19:59
<
clever >
oh, and rules.d is read-only, no other option
19:59
<
clever >
sphalerite[m]: either add it to configuration.nix and "nixos-rebuild test", then undo the config change
19:30
<
clever >
yegortimoshenko: there are no stable channels for darwin, only nixpkgs-unstable is officialy supported
19:28
<
clever >
`ghc-pkg list | wc -l` -> 40
19:27
<
clever >
tnks: and in here, are symlinks to every package in the closure of shake
19:27
<
clever >
lrwxrwxrwx 1 root root 101 Dec 31 1969 array-0.5.1.1.conf -> /nix/store/8v64zpyci6rgrzzbhc2bfa911yfmnfw5-ghc-8.0.2/lib/ghc-8.0.2/package.conf.d/array-0.5.1.1.conf
19:27
<
clever >
[nix-shell:~/apps/hydra-configs]$ ls /nix/store/7w38kjm300d6mwbc0y5hf1mv3khdh7bs-ghc-8.0.2-with-packages/lib/ghc-8.0.2/package.conf.d/ -l
19:26
<
clever >
building path(s) ‘/nix/store/7w38kjm300d6mwbc0y5hf1mv3khdh7bs-ghc-8.0.2-with-packages’
19:26
<
clever >
[clever@amd-nixos:~/apps/hydra-configs]$ nix-shell -p 'haskellPackages.ghcWithPackages (hpkgs: [ hpkgs.shake ])'
19:25
<
clever >
tnks: but ghc is very different, you use the ghcWithPackages function to create a special instance of ghc, that has those packages in its default search path
19:25
<
clever >
tnks: for both python and gcc, nix will mutate the search path (the include path or pythonpath), based on the buildInputs
19:24
<
clever >
tnks: everything ran after this point up setup.sh will then be visible
19:23
<
clever >
tnks: this creates a runCommand derivation, that depends on simplejson and nose, and also sets a preHook that turns on a bash debug feature
19:23
<
clever >
nix-shell -E 'with import <nixpkgs> {}; runCommand "dummy" { preHook = "set -x"; buildInputs = [ pythonPackages.simplejson pythonPackages.nose ]; } ""'
19:18
<
clever >
and also anything in the stdenv, so the setup-hook for gcc gets sourced
19:18
<
clever >
the setup-hook for package1 and package2, and everything listed in the propagated inputs, recursively
19:18
<
clever >
so the phases of nose, only become available if you nix-shell '<nixpkgs>' -A pythonPackages.nose
19:17
<
clever >
but the setup hook is for when it gets put into the inputs of another package
19:17
<
clever >
yeah, the phases are only for build time
19:16
<
clever >
which iterates over all inputs, and adds them to PYTHONPATH
19:15
<
clever >
tnks: and because its acting like python was in the list of inputs, it will source this script
19:15
<
clever >
/nix/store/zq0lf0fdc7n12zcdcs2qq3viz6mc87vr-python-2.7.13/nix-support/setup-hook
19:15
<
clever >
tnks: because of this file, it will behave as if you had added coverage, python, and setuptools to the -p list as well
19:15
<
clever >
/nix/store/5q51zmjqrcz8qn7kspi5qhcldnzy1x1l-python2.7-coverage-4.0.1 /nix/store/zq0lf0fdc7n12zcdcs2qq3viz6mc87vr-python-2.7.13 /nix/store/hr25ww5b8jcgjz5wmmqb4zqm8yz2ipnx-python2.7-setuptools-30.2.0
19:15
<
clever >
[nix-shell:~/apps/hydra-configs]$ cat /nix/store/2qqn05m1nj2q1p7infamx3dhpzxjlmpk-python2.7-nose-1.3.7/nix-support/propagated-native-build-inputs
19:11
<
clever >
do you have an example nix-shell i can run on this end?
19:10
<
clever >
only the setup hooks, which are defined seperately
19:10
<
clever >
it will run neither of the shell hooks
19:09
<
clever >
it might also be setup by a setup hook in python, try to print it before and after the nix-shell and see what happens
19:08
<
clever >
tnks: it wont run the phase things for anything listed
19:08
<
clever >
tnks: -p creates a new derivation, using runCommand, that has everything listed in the buildInputs
18:21
<
clever >
yeah, i see
18:20
<
clever >
not what the hash is hashing over
18:20
<
clever >
as base32 text, or as raw binary
18:20
<
clever >
its more about how the hash is displayed
18:19
<
clever >
bennofs: so it turns into a 20 byte string of raw binary, then the hashmap might be a little faster
18:19
<
clever >
bennofs: something else i have been thinking of, is taking the hash in the <hash>.narinfo, and undoing the base32
18:11
<
clever >
yegortimoshenko: nix-build -E 'with import <nixpkgs>{}; callPackage ./default.nix {}'
18:03
<
clever >
dtzWill: all narinfo files go into a hashmap in ram, while the nar files are currently uncached (i plan to cache them to disk)