2017-06-16

<clever> jake_: yeah
<clever> but i couldnt get nsenter to work, and the systemd keeps eating the host
<clever> and nsenter lets you spawn a process in the same namespace
<clever> jake_: unshare was to execute systemd, which you can do with "exec /init" after running /boot
<clever> and the channel with the nixos name wont exist on debian
<clever> oh right, the command-not-found script is hard-coded to look in root's nixos channel
<clever> there is then a hook in bash, that does it automaticaly
<clever> and command-not-found will look it up and tell you what package has it
<clever> the channel generates a programs.sqlite file, containing a list of every single command in every single package
<clever> only thing youll be missing is programs.sqlite for command-not-found
<clever> yep

2017-06-15

<clever> so <nixos> and <nixpkgs> and even <nixpkgs/nixpkgs> refer to the same thing
<clever> legacy reasons
<clever> that extra nixpkgs is actualy a symlink to .
<clever> and so on
<clever> the 3rd entry maps <nixos> to the channel called nixos
<clever> ah,that has different defaults for $NIX_PATH
<clever> and the 3rd lets you refer to any of roots channels by name
<clever> second maps <nixos-config> to the configuration.nix file
<clever> the first entry, maps <nixpkgs> to the nixpkgs subdir of a channel called nixos, on roots channel list
<clever> nope, thats the default value
<clever> nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels
<clever> $ echo $NIX_PATH
<clever> and the default $NIX_PATH is set to a dir that nix-channel outputs to
<clever> yeah
<clever> but you can still do nix-env -f '<nixpkgs>' -iA hello
<clever> yeah, nix-env is the only tool that uses nix-defexpr
<clever> you can also just modify $NIX_PATH
<clever> jsgrant: would need to compare the kernel versions
<clever> mellowmaroon: maybe
<clever> jsgrant: you can also get usb images with memtest86
<clever> jsgrant: it looks like its grub only
<clever> jsgrant: https://nixos.org/nixos/options.html#memtest8 enable memtest86, nixos-rebuild switch, then pick memtest from the grub menu when booting
<clever> jsgrant: have you ran memtest86 on the hardware recently?
<clever> when ran as root
<clever> jsgrant: what does nix-channel --list say?
<clever> jsgrant: what kind of weirdness is it doing?
<clever> cant think of anything else at the moment
<clever> and thats breaking everything
<clever> its possible that idea is trying to clean the env up before running gradle
<clever> not sure then
<clever> was idea started from inside the nix-shell?
<clever> nix goes out of its way to not include headers and such when you install a package
<clever> installing the libraries wont help anything
<clever> not sure what gradle would be doing differently to mess things up
<clever> with import <nixpkgs>{}; stdenv.mkDerivation { ...
<clever> you need to just run "nix-shell default.nix"
<clever> mellowmaroon: -p doesnt load default.nix
<clever> mellowmaroon: can you gist the exact contents, and the command you ran?
<clever> mellowmaroon: it has to go into buildInputs
<clever> but that will likely behave differently if the host lacks systemd
<clever> and breaks the host
<clever> also, every time i try to stop the systemd, it stops the wrong systemd
<clever> then*
<clever> jake_: you would need to setup sshd before you make the tarball, and they it might work
<clever> jake_: systemd starts, but i cant get nsenter to work, so no shells
<clever> jake_: its on my github now
<clever> jake_: taking a break right now, but i can commit what i have if you want to play with it
<clever> but nox will cache the package list
<clever> all nix tools will read it on start, no need to refresh them
<clever> once enabled, nox will probably find it
<clever> if you try to build something unfree, it will tell you: nix-build '<nixpkgs>' -A google-chrome
<clever> you need to set it in ~/.config/nixpkgs/config.nix
<clever> you also need to enabled it in the config.nix
<clever> that doesnt effect nix-env and nox
<clever> mellowmaroon: have you already enabled unfree packages in config.nix?
<clever> yep
<clever> yeah
<clever> but nix-shell -p firefox, will give a shell with firefox pre-compiled
<clever> nix-shell '<nixpkgs>' -A firefox, will give you a shell suitable for compiling firefox from source
<clever> -p or -A?
<clever> yeah
<clever> and if your re-building the same package 200 times to work out a bug, no spam in your generation list
<clever> no generations, no firefox "installed" in anything
<clever> and when your done, delete the result symlink
<clever> so you can then ./result/bin/firefox to run it
<clever> this will create a symlink called result, pointing to the firefox storepath
<clever> nix-build '<nixpkgs>' -A firefox
<clever> and for testing normal programs, i prefer nix-build over nix-env
<clever> which will build and activate, but not create a generation, and the changes are undone upon reboot
<clever> for nixos, there is "nixos-rebuild test"
<clever> ways*
<clever> mellowmaroon: you can also avoid creating generations in a few days
<clever> mellowmaroon: no proper way to do it, only by manualy messing with key symlinks
<clever> digitalmentat: if --roots says that the only roots are in your profile, you can safely delete the unused generations (make sure not to delete the active one)
<clever> and dont force --delete
<clever> digitalmentat: next thing id check is nix-store --query --roots and nix-store --delete, see if you can delete any of the corrupt things
<clever> digitalmentat: yeah, it will only be able to repair things that are on the nixos cache
<clever> thats just not how nix is meant to be used
<clever> you shouldnt ever install libraries like that
<clever> ah, it might be that the presense of mesa_noglu is breaking the runtime stuff
<clever> mellowmaroon: maybe, the mesa_noglu package should also let you compile/link against opengl
<clever> sphalerite: so, what is this doing specially.... https://github.com/systemd/systemd/blob/master/src/nspawn/nspawn.c
<clever> so it should just work, if the arch of the program matches the host (64bit for example)
<clever> do "echo $LD_LIBRARY_PATH' and you should see its already in there
<clever> and if your not on nixos, there will be problems
<clever> mellowmaroon: then you need to ensure /run/opengl-driver/lib/ is in $LD_LIBRARY_PATH, which nixos already sets up
<clever> mellowmaroon: depends on if your just linking, or running
<clever> because every vendor has to re-invent the opengl libs
<clever> mellowmaroon: and then at runtime, it will use /run/opengl-driver/lib/ to swap out the right vendor supplied libs
<clever> mellowmaroon: i believe mesa_noglu is just a dummy opengl to compile/link against
<clever> LnL: it might not be in the public release yet though
<clever> catern: not sure exactly
<clever> nix-shell used runCommand, and was broken when the default got changed
<clever> LnL: that was patched a few weeks ago
<clever> catern: so your putting the stdenv into the buildInputs of something that already uses stdenv
<clever> nix-shell -E 'with import <nixpkgs>{}; runCommandCC "dummy" { buildInputs = [ stdenv ]; } "dummy"'
<clever> so what you are running, is actually more like this
<clever> part of the mess here, is that -p does some nix magic
<clever> catern: what about nix-shell --pure -p gcc?
<clever> catern: try using nix-shell --pure
<clever> catern: if you add pkgconfig to nix-shell -p, it will setup PKG_CONFIG_PATH for you
<clever> LnL: i was thinking that if darwin had namespacing and a new syscall table, that could do it on the same kernel
<clever> LnL: ah, sounds like its just a normal hypervisor vm
<clever> other direction, to run un-modified linux ELF files on darwin
<clever> LnL: that reminds me, are there any darwin translation layers, that implement the linux syscall table? on a darwin kernel?
<clever> sphalerite: strange, when i run systemd under a chroot in a qemu, the journal thinks i rebooted, and the terminal is a bot wonky
<clever> yeah
<clever> cloudfront*
<clever> catern: ive been using --option binary-caches "" to get around the recent cloudflare issues
<clever> and then stopped, and didnt try any other cache
<clever> LnL: in my case, it fetched it from itself, then complained that the hash of the file from the binary cache was wrong
<clever> digitalmentat: the above assumes that the corruption happened after the files got added to the local store
<clever> digitalmentat: this is how i forced it to get the correct version from nixos
<clever> 2017-06-14 19:54:57< clever> [root@router:/tmp]# nix-store --verify --check-contents --option binary-caches https://cache.nixos.org --repair
<clever> digitalmentat: my hydra had some corrupt paths, and was downloading the --repair version from itself
<clever> digitalmentat: ah, i recently had a nearly identical problem
<clever> digitalmentat: what fails with the command?
<clever> catern: why do you want to rebuild it?, nix should normally detect that and rebuild for you
<clever> and optionally --repair
<clever> digitalmentat: nix-store --verify --check-contents
<clever> sphalerite: at a glance, id say the server lacks a cert, and is trying to negotiate a cert-less ssl
<clever> no peer certificate available
<clever> sphalerite: this can also be used to debug ssl things
<clever> [clever@amd-nixos:~]$ openssl s_client -connect cache.nixos.org:443
<clever> aha
<clever> gchristensen: and i'm in canada
<clever> nh2: with the extra --option at the end, you can disable the binary cache temporarily
<clever> [clever@amd-nixos:~/nix-tests/container-generator]$ nix-build -A test-guest --option binary-caches "" -Q
<clever> sphalerite: it might be spreading, check your end again?
<clever> browser is still crippling the machine as it starts up
<clever> nh2: but if your also having it, systemd isnt to blame, lol
<clever> nh2: yeah, i was trying to figure out how systemd in a chroot managed to break the host ssl
<clever> nh2: oh, that wasnt systemd's fault ....
<clever> nvm, it just took a full 90 seconds, lol
<clever> sphalerite: and again, it wont shutdown!
<clever> i think i'm going to need yet another reboot, just to clear this up
<clever> it was in a chroot, how did it even break this ssl?
<clever> lol
<clever> how can systemd break everything so badly so easily??
<clever> sphalerite: and it somehow also broke ssl...
<clever> curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
<clever> hmmm, what happens if i just run systemd-nspawn in a chroot with no systemd on the host??
<clever> Dezgeg: trying to get a nixos containter to boot without systemd-nspawn on the host
<clever> sphalerite: i think a lack of ipc namespacing is what caused the crosstalk in the poweroff command
<clever> Dezgeg: yeah, just need to make the guest not mess with the network stack any
<clever> but that would complicate getting internet
<clever> the container firewall also failed to come up right, because i didnt give it a network namespace
<clever> probably needs an ipc namespace also
<clever> yeah, it borked dbus
<clever> [16401:16451:0615/142845.850724:ERROR:bus.cc(427)] Failed to connect to the bus: Failed to connect to socket /tmp/dbus-0MkGeEjdoV: Connection refused
<clever> which defeats the entire point of containers!
<clever> this is why i only ever play with containers in vm's
<clever> sphalerite: and *boom*, "systemctl poweroff" killed the host networking, and ctrl+c to systemd killed display-manager, lol
<clever> yeah, -r definitely did something good
<clever> oh, maybe i also need -r
<clever> sphalerite: cant seem to get nsenter to work right
<clever> sphalerite: ah, i see, "unshare --fork --pid --mount-proc" will create a mount namespace, and mount a new proc over /proc, but / is still the host
<clever> playing with it a bit more...
<clever> sphalerite: rm -rf --one-file-system !!
<clever> sphalerite: but then i will need to be available on the host, hmmm
<clever> sphalerite: i may want to run the unshare before the chroot then
<clever> sphalerite: i see, unshare is trying to access /proc from inside the chroot
<clever> catern: yeah, then it probably cant auto-detect the binary cache
<clever> the channel should be a directory, containing nixexprs.tar.gz, and binary-cache-url
<clever> LnL: the nix-channel man page explains it
<clever> nope
<clever> sphalerite: i'm guessing it may need some mkdir
<clever> exec unshare --pid=/pid_ns --mount=/mount_ns /nix/store/fwxnazk2jmaknl5d16i41nlqfyza91hs-bash-4.4-p12/bin/bash
<clever> sphalerite: getting this error now
<clever> unshare: cannot stat /proc/16719/ns/mnt: No such file or directory
<clever> and --fork saves you a step
<clever> sphalerite: and the first child it (or the child) makes, becomes pid 1
<clever> sphalerite: i see how it works now, unshare creates a new pid namespace, and then execve's the given child, but still has the original pid
<clever> sphalerite: aha, unshare also has a --fork
<clever> jake_: holding the power button down also works
<clever> disasm: no response
<clever> note to self, be carefull with sudo rm -rf
<clever> systemd refuses to even shutdown, lol
<clever> (facepalm)
<clever> there, last one, lol, brb
<clever> so many open windows!
<clever> probably, one min
<clever> yeah, xterm just doesnt launch, period
<clever> now links dont work in teamspeak, and my hotkey to launch new terminals is broken
<clever> i ran rm -rf t while things like /proc and /dev where mounted
<clever> i think i know why my system is misbehaving now
<clever> oh
<clever> on the var/lib/empty path i think
<clever> chattr -i
<clever> jake_: that forcibly sets /nix/store to be read-only
<clever> jake_: thats a bind mount, a subdir of sda1 (the old holding nix/store) was mounted again to nix/store in read-only mode
<clever> jake_: double-check the output of "mount"
<clever> jake_: and you need heavy use of umount before rm -rf will be happy
<clever> jake_: i'm writing a new script now, with the improvements
<clever> jake_: i had to -9 it, then clean up nearly a dozen mounts
<clever> yep, immutable bit, lsattr!
<clever> rm: cannot remove 't/var/empty': Operation not permitted
<clever> lol, it even bind-mounted /nix/store read-only!
<clever> sphalerite: i think i also want a mount namespace, systemd left all kinds of mounts in /sys, and now i cant rm -rf
<clever> sphalerite: but i have no shell inside that root, need to -9 it and redesign
<clever> sphalerite: how do i make that systemd die?, lol
<clever> sphalerite: yeah, chroot . bash -> unshare -p bash -> /init, appears to work
<clever> thats weird
<clever> sphalerite: oh, the first child of the unshare child is 1?, not the bash itself?
<clever> jake_: read the enter script to find the correct value of $PATH
<clever> stanibanani: kernel modules have to be added to boot.kernelPackages
<clever> jake_: there are 2 init's
<clever> sphalerite: yeah, it appears to be failing when the stage2 tries to launch a child
<clever> it just has a bash script with the correct path to unshare
<clever> jake_: yeah, same error on this end
<clever> clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f2f924529d0) = -1 ENOMEM (Cannot allocate memory)
<clever> which should handle the unshare
<clever> jake_: just made a push to the previous github link, it now has a /enter script in the tar
<clever> 2 for nix, 4 for everything else
<clever> hyper_ch: spaces
<clever> jake_: yeah, init set things up before running systemd, so even failing, it helps
<clever> jake_: there is an unshare inside sw/bin/ of the nixos folder
<clever> jake_: the /init should handle setting that up, but like sphalerite said, it probably has to be ran under unshare -p
<clever> jake_: the sw/bin/ of that nixos, has the system path that belongs in $PATH
<clever> jake_: look at the init symlink, from outside the chroot, youll see it points to an init script in a nixos directory
<clever> pbogdan: -I nixpkgs=something
<clever> but you need working internet to complete that
<clever> turion: networking.enableB43Firmware = true; in the nixos configuration.nix and nixos-rebuild switch
<clever> not sure, never tried that
<clever> turion: not easily, nix doesnt allow you to just install random drivers like that
<clever> turion: you would need to either build a custom ISO that has the drivers, or just get an ethernet cord
<clever> jake_: ah, then it should be fairly simple
<clever> stanibanani: have you rebooted after doing nixos-rebuild switch?
<clever> sphalerite: dont need the full feature set, just enough to run a nixos container without any nix shared to the host
<clever> stanibanani: what does dmesg say after you unplug and replug the device?
<clever> jake_: oh right, is the chromebook x86 or arm?
<clever> sphalerite: ah, would it be possible to recreate systemd-nspawn with unshare?
<clever> jake_: unpack it anywhere, and then either run /bash under a chroot, or /init as pid1, ah, and the activate stuff may need init to work
<clever> jake_: inside that tar, is a full nixos container, with a /init and /bash symlink to help you enter it
<clever> jake_: if you run nix-build in this directory, it will generate a tar at result/tarball/nixos-system-x86_64-linux.tar.xz
<clever> stanibanani: networking.enableRTL8192cFirmware = true;
<clever> sphalerite: the register script in this derivation will add it to binfmt-misc, and the nix patch will convince nix-daemon that the host can run arm binaries
<clever> so the kernel treats it like a bash script
<clever> sphalerite: it uses binfmt-misc to detect the arm fields in an ELF file, and runs qemu-user as an interpreter
<clever> sphalerite: exactly
<clever> sphalerite: i have used qemu-user-arm to do similiar, with less overhead
<clever> jake_: you can then unpack that to anything, and chroot into it
<clever> jake_: the nix file i'm writting will generate a .tar file containing a full nixos, similiar to a gentoo stage3
<clever> sphalerite: if you return an attribute set of tests, then it should just list each of them seperately on hydra
<clever> stanibanani: does it appear in "ip link"?
<clever> then you can see which part failed
<clever> sphalerite: yeah, that might be better
<clever> sphalerite: i think you can set which vlan each machine is on
<clever> since that needs nix on the host
<clever> the nixos-install wouldnt have worked either then
<clever> jake_: ah, then the block device itself might be read-only
<clever> jake_: ok, let me write the tarball thing
<clever> then put a symlink at /nix pointing to somewhere that will remain writeable later
<clever> you can just make it writable
<clever> mount / -o remount,rw
<clever> ahhh
<clever> the chroot command needs root
<clever> (this keyboard doesnt have a working pipe key)
<clever> jake_: give your user ownership of /nix/ and then run curl https://nixos.org/nix/install <pipe> sh
<clever> jake_: but you could get most of the same things if you just install normal nix
<clever> just a raw shell
<clever> yeah, so you wont have any services
<clever> and a pid namespace gives the guest its own pid table
<clever> the systemd inside the chroot wants to be pid 1
<clever> jake_: i can still write an expression that will get you the root for chroot, give me a few minutes
<clever> ah, then a pid namespace may be tricky
<clever> jake_: does systemd-nspawn exist in $PATH as root?
<clever> jake_: is the host systemd based?
<clever> ah, make-system-tarball may help more now that i think of it
<clever> :D
<clever> jake_: what is your end goal with the nixos chroot?
<clever> sphalerite: ah, thought you might, its not that big of an issue
<clever> simpson: --verify --check-contents only checks that the hash matches what it originaly was at install time
<clever> simpson: ah, thats --check in nix
<clever> simpson: not familiar with guix commands
<clever> a123123123[m]: nix-store --verify --check-contents
<clever> ToxicFrog: so you can get a shell inside a nixos
<clever> ToxicFrog: nixos-install also has a --chroot flag, that will just run bash instead of nix-build
<clever> jake_: maybe, but the systemd stuff will want to be pid 1, so you would want to look into containers
<clever> ToxicFrog: nixos-install handles all of those bind-mounts for you
<clever> you can set that to "nodev" to turn that off
<clever> jake_: it will only mess with the device listed in boot.loader.grub.device within the configuration.nix file
<clever> jake_: thats exactly what nixos-install does