2017-02-05

<clever> LnL, gchristensen: found it: https://youtu.be/OD2Wxe4RLeU?t=38m29s
<clever> and because you see the shell of an hdmi adapter on the wire, you think its just hdmi, and it cant dma you
<clever> gchristensen: that line then ran to a box with an external pcie card, that did dma attacks against the host
<clever> gchristensen: one demo, involved cutting apart a thunderbolt->hdmi adapter, and just running the thunderbolt wire right thru it, so the user thinks its just hdmi, but its really thunderbolt
<clever> gchristensen: ive seen some pretty crazy thunderbolt hacks
<clever> gchristensen: ive unseated the GPU before when plugging in a monitor, and the system just locked up solid
<clever> mbrgm: the wiki mentions that u-boot is one of the things that was being used to test cross-compiles
<clever> gchristensen: ah, weird
<clever> mbrgm: https://nixos.org/wiki/CrossCompiling has some more info
<clever> gchristensen: yikes!, i wouldnt think a system could survive that
<clever> mbrgm: this is a project ive worked on that cross-compiles to windows, arm works similarly, let me see if i have any examples laying around
<clever> mbrgm: one sec
<clever> i still have 1 gentoo machine still active
<clever> my path was redhat9 -> ubuntu -> gentoo -> LFS (on some systems) -> nixos
<clever> MichaelRaskin: i also ran LFS on my router at one time, but had to retire it when the modem got too fast for the cpu/nic
<clever> Ralith: ive done that with my nixos router, its now over a year out of date!
<clever> :D
<clever> and i got into nixos because i was trying to fix a bug taktoa had in teamspeak, lol
<clever> which version of nix are you running?
<clever> this also says it should only have 3 arguments

2017-02-04

<clever> gchristensen: i so have a fairly large project i plan to test more fully with nixos, first step is to get the entire thing booting on a fresh nixos with zero manual config
<clever> nice
<clever> yeah
<clever> ah
<clever> gchristensen: hard to see what exactly its doing without some more context
<clever> gchristensen: yeah
<clever> i need to get around to another upgrade
<clever> c74d: i'm running a version of nixos-instable from dec 7th
<clever> it has versions going back as far as 3.10
<clever> c74d: there is a linuxPackages_4_4 attribute, so id say yes
<clever> c74d: this follows the 4.9 branch on nixos-unstable
<clever> c74d: looks like it defaults to the linuxPackages attribute of all-packages
<clever> c74d: then it should be using the default for that nix channel
<clever> c74d: boot.kernelPackages
<clever> c74d: are you forcing a kernel version in configuration.nix?
<clever> it should give a description
<clever> run "systemctl status systemd-hostedname.service"
<clever> sophiag: it will clearly tell you which services it skipped
<clever> sophiag: you have to manualy "systemctl restart display-manager"
<clever> sophiag: it will restart some system services, but it wont restart xorg on its own

2017-02-03

<clever> unlike other distros, it will be trivial to switch back at any time
<clever> your free to switch libinput off and synaptics on, reboot, and see what happens
<clever> and that gnome has a GUI for controling it
<clever> this line implies that libinput does the same thing
<clever> services.xserver.libinput.enable = mkDefault true; # for controlling touchpad settings via gnome control center
<clever> so if you turn libinput off, you will have to find some other way to configure the touchpad
<clever> i'm guessing gnome has proper support for controlling libinput config with the touchpad
<clever> sophiag: gnome enables libinput automaticaly, you will need to either turn off Synaptics or turn off libinput
<clever> sophiag: in this last case, its an attribute set, which you still need to store at the nixpkgs.config key in configuration.nix
<clever> sophiag: all import does, is load a given file, and return the top level structure within it
<clever> sophiag: you want nixpkgs.config = import /root/.nixpkgs/config.nix;
<clever> sophiag: imports can only be used for other nixos modules, it wont work on config.nix or packages
<clever> sophiag: can you paste that line of code here
<clever> sophiag: and how is config.nix being referenced from configuration.nix?
<clever> sophiag: what command gave that error?
<clever> sophiag: that has to go into the nix file, not the shell
<clever> sophiag: what is the contents of emacs.nix and how are you loading it?
<clever> LnL: this looks like the best function for that
<clever> int initgroups(const char *user, gid_t group);
<clever> LnL: if you want the aux groups to be initialized correctly, you will still want to properly load /etc/group and setgroups()
<clever> LnL: ah
<clever> sophiag: try pkgs.gnome-shell-extensions
<clever> LnL: not sure why i forgot this one, but its also important for it to fully work
<clever> int setgroups(size_t size, const gid_t *list);
<clever> LnL: yeah, but you also want setgroups and setgid, and to read /etc/group with getpwnam or it will not work as you expect
<clever> sophiag: and what is the error?
<clever> LnL: yeah, i should be able to implement it
<clever> LnL: since it already has root when you start it, there is no need for setuid
<clever> LnL: it should be as simple as calling setgroups, setgid, and setuid
<clever> LnL: i'll look into the perl runner script some more when i get a chance
<clever> jabb: nix-shell -p make --run make
<clever> yep
<clever> servilio: and look into nix-store --query --tree
<clever> servilio: you can also inspect the environment of any process, /proc/self/environ is a \0 seperated list of key=value pairs
<clever> sophiag: ive had it work by not even setting the efi mount point, as long as /boot was a fat filesystem
<clever> yeah
<clever> so some stuff only works right when installed system wide
<clever> some things in nixpkgs are patched to look for plugins in /run/current-system/sw, which can only be managed via systemPackages in configuration.nix
<clever> then no tool will ever refuse again
<clever> you are also free to set allowUnfree = true; in 3 places (configuration.nix, /root/.nixpkgs/config.nix, /home/sophiag/.nixpkgs/config.nix)
<clever> yeah
<clever> but you can set the exact same values under nixpkgs.config = { ... }; of configuration.nix, for the same effect
<clever> nixos-rebuild will never read config.nix
<clever> config.nix is only read by nix-env and nix-build
<clever> the entire nixpkgs.config tree works exactly the same as the config.nix file
<clever> you can set nixpkgs.config.allowUnfree = true;
<clever> sophiag: i do like the idea of just putting EVERYTHING into configuration.nix, so i can recreate or update the system with a single command, but sometimes i want to just install 1 thing without waiting for the entire os to update, so i do that via nix-env
<clever> sophiag: but you can do nixpkgs config for nixos, by setting nixpkgs.config in configuration.nix
<clever> sophiag: nixos-rebuild will only ever use the things referenced in configuration.nix, so it wont be affected by ~/.nixpkgs/config.nix
<clever> jophish: my battery wouldnt last long enough to build chromium,lol
<clever> yorick: it can
<clever> its invalid for the binary cache to only have half of it
<clever> but the binary cache must have the .lib in that case
<clever> abbradar: normaly, it should give up on the binary cache,and just build the entire derivation localy
<clever> abbradar: try letting it spin some more
<clever> ah
<clever> abbradar: what does top say is using cpu?
<clever> servilio: but if you go a level deeper, it gets much more complex
<clever> servilio: for things in $PATH thats easy, just compare /proc/$PID/exe to "which $(basename $(readlink /proc/$PID/exe))"
<clever> ah, then lp is the right group for that device, but linux cant put 2 groups on the same device
<clever> treniii: but the correct group will depend on if its a printer,scanner, or both
<clever> treniii: i think the deeper issue, is that your scanner is owned by a printer group
<clever> treniii: then you probably want to also be in the lp group
<clever> hmmm, since its dropping from root, it probably wont need setuid
<clever> LnL: ah, if you just reference ${pkgs.su}/bin/su in one of the nix strings, it will automaticaly get su, oh, but that one wont be setuid
<clever> Unode: nox has uninstall options?
<clever> that will need a PR to the perl script
<clever> LnL: ah, it currently doesnt support dropping root, so only services that can drop on their own will work
<clever> LnL: *looks*
<clever> the nix-env tool needs some work, -e only goes by name, but -iA can take attrpath
<clever> ah yeah, git-minimal
<clever> eacameron: what name does git go by in nix-env -q

2017-02-02

<clever> manveru: there was also an hnix project
<clever> uerumi: its nixpkgs.config.chromium
<clever> jophish: it sounds like your running nix-build on a bash script?
<clever> uerumi: -qaP wont show non-free packages until you enable non-free packages
<clever> uerumi: the above will give you an error, that also explains why -qaP didnt find it
<clever> uerumi: nix-env -iA nixos.spotify
<clever> uerumi: nix-env -iA nixos.mopidy
<clever> i do see mopidy in 16.09 on my end
<clever> uerumi: --list again as root
<clever> uerumi: or nix-channel --list to show it without changing it
<clever> uerumi: by default, every day at 2:15 am, but you can configure it in configuration.nix
<clever> uerumi: there is a systemd service that runs updatedb for you
<clever> LnL: the script is on the .runner attribute of every systemd service already
<clever> LnL: that module is already included in nixos
<clever> LnL: yeah
<clever> but if your not on nixos, -I nixos-config=./configuruation.nix and then either enable a service, or define it from scratch
<clever> this is the attribute path for it
<clever> /nix/store/81wiw2rvni1d9frv8b90110g369vc9qx-sshd-runner
<clever> [root@amd-nixos:~]# nix-build '<nixpkgs/nixos>' -A config.systemd.services.sshd.runner
<clever> that lets you start the service without systemd or nixos
<clever> gchristensen: nope, it converted a systemd config entry in nixos into a perl script
<clever> LnL: i need to document these things better, its not within the first 15 pages of my gist history
<clever> LnL: let me find the gist i had with the good example
<clever> LnL: have you seen the perl script for testing nixos modules?
<clever> but i never finished that one
<clever> copumpkin: i was working on a similar PR at one point, a build hook that pretty much just did find $out -type f > $filelist, and outputs = [ "out" "filelist" ];
<clever> LnL: from what ive heard before, setup-etc.pl was a bash script, and had to be converted over for speed reasons
<clever> yorick: enless you build a custom OS, and setup-etc.pl is the ONLY thing depending on perl
<clever> Turion: the one i linked deals with everything about /etc at runtime
<clever> Turion: here is a chunk of perl that ive been wanting to rewrite: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/etc/setup-etc.pl
<clever> yorick: heh, most networks ive been to cap me at 20
<clever> sophiag: you told it to quit without saving
<clever> q quit without saving changes
<clever> sophiag: can you pastebin the fdisk commands you ran and all of the console output?
<clever> oh neat, and line 1478 is a special-case for exactly the code i just wrote, it will just bypass the nix and do the compare directly in c++
<clever> nekroze: done!
<clever> [ "a" "b" "c" "d" "e" ]
<clever> nix-repl> builtins.sort (a: b: a < b) [ "c" "d" "e" "b" "a" ]
<clever> the lambda takes 2 items, and returns a boolean
<clever> it takes a lambda and a list
<clever> nekroze: i see a builtins.sort function
<clever> Shados: usualy you just switch to using UUID's so the exact path doesnt matter
<clever> and a reboot is the simplest way to clear it all
<clever> i think you probably missed something that is still keeping the disk open and doing things we arent expecting
<clever> id say reboot and try it again
<clever> sophiag: oh, what does "swapon --show" say?
<clever> sophiag: you need to run fdisk -l on the device, like "fdisk -l /dev/sda" if you want to see the partitions within it
<clever> and gparted will automaticaly format each partition with the correct tool (mkswap, mkfs, and so on)
<clever> if your using the gui cd, you can also use gparted
<clever> and aim mkswap at the swap partition
<clever> yeah
<clever> sophiag: you can run commands like "blkid /dev/sd*" and "fdisk -l /dev/sda" to inspect what is left
<clever> that should be in the manual
<clever> you need to mount the hdd to /mnt/ and boot to /mnt/boot/ before you run commands like nixos-generate-config or nixos-install
<clever> sophiag: what is the output of "mount" ?
<clever> sophiag: and how is the rootfs mounted?
<clever> yeah, the root is missing, try "nixos-generate-config --root /mnt" to regenerate it
<clever> you can install an irc client onto the cd using "nix-env -iA nixos.irssi"
<clever> can you pastebin the hardware config?
<clever> sophiag: i dont see a rootfs defined in configuration.nix, so hardware-configuration.nix has to be doing that
<clever> you can also use "nixos-rebuild build" to test things without applying them
<clever> try commenting that out and see if it changes the result
<clever> something within the services.xserver block is probably the problem
<clever> its unable to compute the kdmrc config
<clever> while evaluating the attribute ‘config’ of the derivation ‘kdmrc’ at /tmp/root/nix/store/8a4674xm6sv5b33yjbfy1i7x59rlkj3a-nixos-16.09.1608.7ae9da4/nixos/nixos/modules/services/x11/display-managers/kdm.nix:58:5:
<clever> sophiag: looks like an issue with the xorg settings, reading it more...
<clever> sophiag: can you rerun that with --show-trace and pastebin the full backtrace
<clever> sophiag: and what was the full error message?
<clever> sophiag: can you pastebin your configuration.nix?
<clever> l
<clever> its as simple as re-mounting everything, and running nixos-instal
<clever> yep
<clever> luigy: so you can apply your new configuration.nix while using the CD's wifi drivers
<clever> luigy: simplest answer is to boot from the cd and re-run nixos-install, that is just a script that runs "nixos-rebuild" under a chroot for you

2017-02-01

<clever> gchristensen: ah neat
<clever> gchristensen: how did you do "click to expand" in github? :O
<clever> peti: ive switched one of my services over to openid, and thats a very common problem
<clever> peti: are both browsers signed into the same google account?
<clever> and the inode list wont have duplicates
<clever> rather then traversing the directory tree
<clever> i would expect fs level dedup to operate directly on the inode list
<clever> which scanner?
<clever> so removing .links wont speed it up any
<clever> ertes: they would also slowly go away if you just stop running --optimize
<clever> ertes: all .links does is act as a central index of extra hardlinks, to speed the process up
<clever> ertes: even if you delete .links, the actual duplicates are still hardlinked to eachother
<clever> ah
<clever> ertes: i think that would mess up some of the optimize logic, why do you want to delete it?
<clever> re-run the nix-build on each channel, and compare the outputs
<clever> and also anything usb related in "lsmod"
<clever> youll want to check for things that i listed above
<clever> so you know exactly which modules actualy wind up in the initrd
<clever> pikajude: this will build the module set for the initrd and drop it in result, then list the modules off
<clever> # find -L result/
<clever> # nix-build '<nixpkgs/nixos>' -A config.system.build.bootStage1.modulesClosure
<clever> checking the contents of the initrd will also help, let me find that nix expression
<clever> xhci_pci i think is usb 3.0 only
<clever> "uhci_hcd" "ehci_pci" these give usb driver support
<clever> in my case, its adding usb card drivers, mass storage, hid, some sata drivers, and a raid controller driver
<clever> pikajude: this entry in either hardware-configuration.nix or configuration.nix
<clever> boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "megaraid_sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];

2017-01-31

<clever> maurer: and then systemd-coredump will give more details in dmesg, as to why its not saving cores
<clever> maurer: looks like you boot with systemd.log_level=debug in the kernel params
<clever> maurer: i see some log_debug calls that may help, those depend on log_get_max_level()
<clever> nix-shell '<nixpkgs>' -A hello
<clever> yeah, systemd ate the core file
<clever> and process_kernel() handles the rest of things in the case of the kernel running systemd-coredump
<clever> so check that next
<clever> maurer: and at a glance (line 1277), systemd-coredump logs directly to dmesg
<clever> i believe this is the source for systemd-coredump
<clever> i suspect its also likely that systemd-coredump is ignoring the core
<clever> maurer: this will at least confirm which programs are segfaulting on you
<clever> [root@amd-nixos:~]# journalctl -b 0 -t kernel | grep segfault
<clever> Jan 30 00:28:54 amd-nixos kernel: synergys[2671]: segfault at 0 ip 0000000000457f3c sp 00007fff1b3c7ca0 error 4 in synergys[400000+d5000]
<clever> dmesg should record every segfault
<clever> chromium might be changing the ulimits
<clever> ah
<clever> what is segfaulting?
<clever> and force any normal program to segfault on demand
<clever> maurer: also of use, you can kill -s SIGSEGV $FOO
<clever> maurer: hmmm, it should be dumping just fine
<clever> maurer: what does "ulimit -a" say as a normal user?
<clever> maurer: so the kernel will run systemd-coredump, and i believe pipe the raw core file to its stdin
<clever> and you can run cat on core_pattern to confirm what its doing
<clever> and its probably /proc/sys/kernel/core_pattern that systemd is using to capture the cores
<clever> maurer: ive found that you still need to "ulimit -c unlimited" when using /proc/sys/kernel/core_pattern
<clever> you can also loopback mount the iso youve created, to confirm it looks right, before doing the final burn
<clever> next simplest option i can think of is to just read the man pages for mkisofs and cdrecord, then do it purely via CLI
<clever> hyper_ch: oh, is cdrecord in /run/current-system/sw/bin/ ?
<clever> i would expect k3b to have both modes in it
<clever> then re-run it as root, and paste in that iso path, and debug the burning issue there
<clever> hmmm, simplest thing i can think of is to run k3b without root, purely in a "group of files" to "iso file" mode
<clever> ah, thats more complex then
<clever> you can usualy just type/paste in the full path to the ISO
<clever> sounds like the browse ui is broken under gksu
<clever> ah
<clever> throw a file in /tmp?, or was the entire browse window broken?
<clever> then you should be able to reproduce the issue
<clever> hyper_ch: i think if you run k3b under strace, as root, then it will just naturaly gain root without the setuid

2017-01-30

<clever> ToxicFrog: ah, you want pkgs.qt5.callPackage
<clever> yeah
<clever> what does <nixos-unstable> eval to in nix-repk?
<clever> this should probably do it
<clever> pkgs.callPackage <nixos-unstable>/pkgs/applications/graphics/digikam/5.nix {}
<clever> the callPackage function can import things for you
<clever> skip the import
<clever> thenyou can build it against the libs in 16.09
<clever> copy its .nix file to your packageOverrides
<clever> ah
<clever> then you may want to --tree both and confirm where the conflicting version is from
<clever> ah
<clever> ToxicFrog: and then earch for the problem version
<clever> ToxicFrog: you can also nix-store -q --tree /run/current-system
<clever> cant think of what else to check right now
<clever> nix-store -qR /run/current-system/sw/lib/qt5/plugins/platforms/libqxcb.so
<clever> ToxicFrog: and then the rpath of those plugins comes into play, and i see
<clever> ToxicFrog: ah, only the plugins are being loaded via /run/current-system
<clever> can you pastebin the strace log?
<clever> what does ldd say?
<clever> RPATH i what matters
<clever> it shouldnt care about whats in /run/current-system

2017-01-29

<clever> hyphon81: not directly, but you can use -I nixpkgs=foo to redirect any other nix tool to a given path or tar
<clever> gchristensen: i have had to try and fix multicast stuff before, and when you lack the docs, its pretty imposible
<clever> only other improvement i can think of is multi-cast, but that requires special lan setup, and it lacks packet retry, so you would have to add that in yourself
<clever> ah
<clever> gchristensen: oh, and related, socat supports ssl, and could be used to authenticate this kind of thing
<clever> gchristensen: looks like your plumbing files around the place?
<clever> gchristensen: i have recently been switching another project over to github and been interested in the github hooks
<clever> gchristensen: neat

2017-01-28

<clever> "password-store-1.6.5"
<clever> nix-repl> pkgs.pass.name
<clever> madonius: nix-env is a weird tool, and will search the name attributes on things by default