<clever>
but i cant get the kernel from nixos to boot on the rpi
<clever>
2 slaves
<clever>
an rpi2 + rpi3
<clever>
yeah, i need to get the rpi3 up to double my speed
<clever>
heyho: it sounds like makeWrapper was ran on makeWrapper, so its an infinite loop
<clever>
there are also vpn options to bypass the port forwarding
<clever>
for ssh, it has to be at the server
<clever>
for vnc, the forwarding can go at either the client or server, depending on your needs
<clever>
heyho: ssh or vnc are my main choices
<clever>
so it doesnt do anything
<clever>
aristid: also, after the latest update, the connect button just vanished
<clever>
so the directory has to exist only when the php code is being ran
<clever>
and when you try to open it with a normal syscall (cd, open, stat) it will treat that string as a path relative to the symlink
<clever>
a symlink is basicaly just a string, with a special type on it
<clever>
symlinks can point to things that dont exist
<clever>
eacameron: but you can then make a systemd unit that creates the folders before the php services start
<clever>
eacameron: nope, the derivation only has access to $out when building
<clever>
so nixos-unstable wont update until all tests pass
<clever>
eacameron: yeah, the release's of a channel depend on every nixos test passing
<clever>
and if all of the inputs are unchanged, it will reuse the old test results
<clever>
and will "compile" the test results by running scripts against qemu
<clever>
the tests are a special derivation, that depends on the package
<clever>
gchristensen: vcs1 all the tests!!
<clever>
and this public_html derivation is faster to rebuild when you change that, then the aedb derivation
<clever>
yeah, none of this is writeable, but config.php could contain paths to the writeable folders
<clever>
which has the core of the code that makes everything work
<clever>
nope, aedb is just a clone of the source from github
<clever>
eacameron: this generates a config.php, and inserts its path into a copy of index.php, along with the path to the core source, and makes some symlinks for static files
<clever>
eacameron: so the infection can persist and attack every other visitor
<clever>
eacameron: when somebody does inject code into your website, they have write permissions to the php files
<clever>
eacameron: let me gist what i have
<clever>
just ignore that step and see what breaks
<clever>
why?
<clever>
so when it tries to write to the upload directory, it winds up in /var/lib/service-name
<clever>
so foo/upload is a symlink to /var/lib/service-name
<clever>
eacameron: you need to patch it to write to somewhere else, or put a symlink into the store
<clever>
eacameron: once something has finished building, it can never be modified
<clever>
eacameron: and /nix/store is mounted read-only, so you cant write to it even with root
<clever>
so no chown stuff you do will stick
<clever>
eacamero_: when the build is done, nix-daemon will chown everything to 0:0
<clever>
Myrl-saki: i havent found the code yet, but i believe it goes thru a buildEnv with ignoreCollisions = true;, so the new i915.ko will just override the old
<clever>
viric: ive got 4 rpi's, and an HDMI on one of them, along with network boot configured
<clever>
evangeline: hence the error: tar: /nix/store: file changed as we read it
<clever>
evangeline: i think it tried to tar up files inside /nix/store, while other jobs modified /nix/store
<clever>
gchristensen: ive tried patching zoom-us before, and it was a nightmare, lol
<clever>
glines: ah, nice
<clever>
evangeline try running it again with -j1 and see what happens
<clever>
and i'm off to bed, goodnight
<clever>
dell d630 in my case
<clever>
the-kenny: mine is doing the same thing, i have caused that problem before when i was messing with custom kernel builds and turned on a synaptics driver, but i havent looked into fixing nixos yet
<clever>
good luck :)
<clever>
and its getting pretty late here, i should get off to bed
<clever>
it may also help to read the git source code
<clever>
root is all powerfull
<clever>
but root also has the magic ability to just ignore chmod values entirely
<clever>
removing root's write to the directory may stop that
<clever>
viric: so they typicaly open a file like index.tmp, write to it, then use the rename() syscall to atomicly update it
<clever>
viric: some programs dont open the file for writing, because thats not atomic
<clever>
viric: i think part of the problem is in git, when you ask it what files have been modified, it updates the .git/index to speed up future operations
<clever>
we need to grep the paths to find out what and fix it
<clever>
the cflag change likely caused a path to something to get stuck somewhere
<clever>
can you pastebin the exact error
<clever>
signal4: you need to grab the 2 outputs it mentions, for the other output, and find out why there is a cycle
<clever>
ah, and that explains why i couldnt recreate the issue with dry-run, only switch/boot/test run that
<clever>
viric: then grep the resulting files for chown
<clever>
viric: that sounds weird, i would just throw strace at the thing, "strace -ff -o logfiles -s 5000 nixos-rebuild build"
<clever>
kk
<clever>
lol
<clever>
the QT mobile stuff is more geared towards something that already has a 100% custom UI, and wants to use it on all mobile devices
<clever>
so now you have to reimplement all of that
<clever>
and i didnt see anything that would just reuse the existing stuff android has to do mobily things
<clever>
to make mobile stuff feel mobily, you have to redo the entire UI for the mobile platform
<clever>
so instead of scrolling by flinging the list up/down, you have to drag the scroll bar, in the oposite direction (exactly like you do on a desktop)
<clever>
another major problem, the QT android stuff, behaves more like QT desktop
<clever>
yeah
<clever>
which also returned different error codes and made new bugs
<clever>
so i had to use an alpha version of QT that implemented QSslSocket on the apply ssl libs
<clever>
you must use the ssl that they provide
<clever>
the ios stuff was a bit tricky, apple does not allow openssl in the apps
<clever>
and QT has support for windows, linux, mac, ios, android, windows phone, and blackberry
<clever>
i wound up taking over for the client guy, and redid the entire thing in QT
<clever>
then he wanted mobile support
<clever>
it started with a windows only client, then as that was nearly done, he wanted mac support
<clever>
the boss kept changing the goals right as it was nearing completion
<clever>
the project fizzled out for other reasons
<clever>
it was also above the heads of the guys being paid to keep the servers online, lol
<clever>
and i had to solve it myself by telling dhcpcd to renew the lease
<clever>
the support guys where also unable to figure out what was wrong
<clever>
i highly suspect i could arp poison the switches in that datacenter and mitm my neighbors
<clever>
even though they where on different subnets entirely (private and public ip's)
<clever>
and i had other servers in that datacenter, a quick check confirmed, the 2 servers shared a broadcast domain
<clever>
then one day, it gave me a private ip instead
<clever>
the dhcp was giving out a static publicly routable IP
<clever>
and after some investigating, i discovered it had an ip in the 172.16.0.0/12 block
<clever>
but one day, the server just dropped off the internet, yet was still on my custom VPN
<clever>
which reminds me, one datacenter i have used in the past, did static dhcp (you get the same ip every time, based on your mac)
<clever>
as a replacement for dhcp
<clever>
yeah, thats something i thought of, a service you can enable in nixos that will just obey /etc/network/interfaces
<clever>
this is more of a generic tool for any datacenter that offers dhcp
<clever>
and you cant just make a single base nixos install, that you clone endlessly for nixops use
<clever>
yeah
<clever>
nixos never reads that
<clever>
those tools mount your rootfs, and alter /etc/network/interfaces to update the static IP
<clever>
they have tools to snapshot your entire vm, and spawn a copy at a new IP
<clever>
another oddity on DO, that can break nixos easily
<clever>
so you have to set a static ip in the original configuration2.nix in the gist, that matches your droplet
<clever>
digital ocean is a bit special though, they dont offer DHCP
<clever>
yeah, as long as they run the bootloader in the MBR
<clever>
heh
<clever>
even if its 2000 miles away in a datacenter
<clever>
so you can treat the system like it had just booted an install ISO
<clever>
and nixos-install is available
<clever>
and it runs purely from a ramdisk, so you are now free to format the hdd
<clever>
the current OS will immediately die, and nixos will rise from the ashes
<clever>
when the correct nix-build command is ran, it will create a bash script, you can then nix-copy-closure that script to a target server, and run it
<clever>
and being able to ssh into it, is also what you need to make it a build slave
<clever>
eacameron: one key part though, to deploy, you must be able to ssh into the machine
<clever>
and due to how the rest of nix works, everything depending on this file would have to re-compile, so mac users cant make use of hydra builds (because hydra happened to use linux, and mac users want to use mac)
<clever>
it doesnt have the ability to throw in a different arch for such basic tasks
<clever>
which uses the linux builds of mkdir, mv, and bash
<clever>
eacameron: i believe the user-groups.json eventualy gets written to disk in this derivation
<clever>
angerman: and it is a shallow merge, so { a={b=2;}; } and { a={c=3;}; d=4; } will overwrite the whole .a attribute
<clever>
angerman: it will merge 2 attribute sets, overwriting upon collisions
<clever>
eacameron: its used to limit qemu based testing to certain build slaves, that have kvm pre-configured
<clever>
eacameron: features that the slave supports, big-parallel is the only one that may concern you, the kernel needs that feature to compile
<clever>
i'll need to experiment with this more...
<clever>
jeaye: ah, so the console driver fails to load, atleast in virtualbox, but the serial port is up&working
<clever>
jeaye: doing the kexec trick under virtualbox, i do see tty output on the serial port
<clever>
and the laptop even shut itself off
<clever>
though it just hangs upon executing
<clever>
jeaye: aha, the problem is in the build of kexec, not the kernel
<clever>
and the slave doesnt have to be nixos, i have 2 gentoo slaves, and 1 mac slave
<clever>
the matching public has to be in the ~/.ssh/authorized_keys of c2d
<clever>
which nix will use to get access to c2d
<clever>
eacameron: yep, in my case /etc/nixos/keys/distro is a private key without any pw
<clever>
k
<clever>
eacameron: and it will use nix-copy-closure to push the build inputs out, and pull the result bac
<clever>
eacameron: you put a line like this into a text file, and any time it has to build something for "x86_64-linux" it will just "ssh clever@c2d.localnet" and use that to do the build
<clever>
eacameron: if you already have a virtualbox with nixos, you should be able to make it a build slave
<clever>
eacameron: yeah, it needs a linux build of "echo" to create files, its a bit silly
<clever>
eacameron: nixops?
<clever>
jeaye: ah, it might be some of the hardening stuff
<clever>
"This kinds of errors usually caused by gcc unnecesarrily add options like -fexception, -fPIC, -fstack-protetor-* for building kexec purgatory which runs in kernel mode."
<clever>
so it could be used in any environment, but if you brick the machine, there is no recovering it (but cloud providers usualy have a button to re-image a base OS)
<clever>
and the kexec gets rid of the need to control the network boot stuff
<clever>
jeaye: if this kexec bug can be fixed (does it even happen on another distro?) you can get full control of the partitioning
<clever>
jeaye: but it fails for the same reason boot.crashdump.enable is broken
<clever>
jeaye: and if the netboot image is configured correctly, you will get a sshd running purely from ram, that is capable of partitioning and doing nixos-install
<clever>
jeaye: basicaly, my idea is to download the kernel+initrd for netboot, then just kexec them from the current OS