<clever>
CMCDragonkai: fetchgitPrivate never documented how to use the ssh-auth-sock, and this is the only way i found that works
<clever>
CMCDragonkai: socat acting as a proxy, will blame everything on root, and ssh-agent has an exception to let root in, so `sudo ssh foo` can use your agent, even though root isnt you
<clever>
CMCDragonkai: if ssh-agent detects you connecting from the "wrong" user, it thinks its malicious, and refuses to do anything
<clever>
CMCDragonkai: every time something connects to it, socat will open a socket to $SSH_AUTH_SOCK, and forward the traffic over
<clever>
CMCDragonkai: /tmp/hax is a unix socket, that socat will listen on
<clever>
and depending on what the key can do, they could still wreak havoc :P
<clever>
CMCDragonkai: you want pkgs.fetchgitPrivate, which needs some funky stuff with your ssh agent, and then any derivation downloading something can make use of your keys
<clever>
jared-w: checking nixpkgs...
<clever>
jwaksbaum[m]: its trying to read kernel.dev, to get the headers
<clever>
14 kernelDir = if libsOnly then null else kernel.dev;
<clever>
jwaksbaum[m]: lets start by readiing line 14 of amdgpu-pro/default.nix
<clever>
jwaksbaum[m]: sure, let me read the paste above...
<clever>
jared-w: i got bored one day, and read the docs for every single acme package :P
<clever>
i suspect acme-everything has a special exception to ignore it
<clever>
even some acme things are in there
<clever>
yes
<clever>
Orbstheorem: i believe so
<clever>
jared-w: or for virtualbox, it could just be a slight variant of the installer iso
<clever>
jared-w: my basic plan with the 1189 issue, is that you would have a pre-built kexec tar, and nixops will just upload it to a target running any version of linux
<clever>
gchristensen: and github wont let us sweep that under the rug! lol
<clever>
angerman: i believe the nixops virtualbox backend starts with a vbox app file, that has a base nixos pre-installed
<clever>
angerman: and it can then use that remote machine, to build itself
<clever>
angerman: but if your deploying with nixops, it will first create a linux machine, either in the cloud or virtualbox (depending on the backend of choice)
<clever>
gchristensen: should i maybe edit the title of that now?
<clever>
`_: if you use pkgs.fetchsvn, give it a name and sha256, it will cache the result and reuse it for the same name+sha256
<clever>
pie__: yep
<clever>
`_: thats probably part of it, git is everywhere now
<clever>
lol
<clever>
pie__: if you set .script, it will auto-generate a shell script for you, and put it into serviceConfig.ExecStart
<clever>
`_: builtins.fetchGit is is mostly for private git repos
<clever>
so they both slow down the build, and harm purity
<clever>
`_: the builtin.fetch* functions are eval time fetches, only one can run at once, and sha256 is optional
<clever>
`_: all of the pkgs.fetch* functions are build-time fetches, which need a sha256, and can be ran in parallel
<clever>
`_: which forces you to fetch the entire source before you know the output path of anything
<clever>
`_: because it happens at eval time, and nix will just hash the directory before it does the eval
<clever>
`_: and if you fail to meet that promise, your build is considered as failing
<clever>
`_: the sha256= is a promise that your build will always have the same result, and that promise is what gives you permission to access the network
<clever>
`_: pkgs.fetchsvn will take a sha256, and only if the name= or sha256= changes, would it rebuild
<clever>
`_: fetchGit behaves the same as src = ./foo;
<clever>
`_: causing it to perform a new build
<clever>
`_: builtins.fetchGit happens before the eval is finished, and if you change the source, the output path will be properly updated
<clever>
`_: the filesystem access is also restricted
<clever>
pie__: ive seen activation scripts entirely block a machine from booting
<clever>
pie__: systemd oneshot services!
<clever>
and with 1 line in your config, you can do the same!
<clever>
509 xkbOptions = "caps:shiftlock";
<clever>
508 xserver = {
<clever>
so capslock does !@#$%^&*()_+ to the top row!
<clever>
so now, the capslock key, affects numbers!
<clever>
EdLin: i turned on shiftlock, instead of capslock
<clever>
the idea was to have predictable latency, and high bandwidth, with linux support
<clever>
EdLin: at one point, i was looking into a custom audio capture system, ethernet based at the time, that would allow for 32 channel audio capture, 24bit, 96khz
<clever>
`_: my current issue, is that busybox crashes with SIGILL when ran as init in the initrd
<clever>
pie__: its probably not under -u, since it doesnt have a unit name
<clever>
`_: heh, funnily enough, i'm currently working on open source firmware, for the rpi!
<clever>
pie__: the journal maybe
<clever>
but steam and proton have mostly solved that
<clever>
but i still had to use windows for games
<clever>
around the age of xp, i began switching to linux
<clever>
ive ran dos, win3.11, 95, 98, xp, 7, and 10 i think
<clever>
EdLin: a malformed ping packet, would cause a bluescreen
<clever>
EdLin: ive heard about the ping of death in win95
<clever>
:D
<clever>
ive been trying to solve this problem lately, i'm pretty sure i have the right arch for this build...
<clever>
[ 6.699657] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
<clever>
[ 6.544240] potentially unexpected fatal signal 4.
<clever>
because i fix it when it breaks, and then it doesnt get into a stable channel!
<clever>
then the stuff i care about remains in a working state
<clever>
part of why i always run nixos-untable
<clever>
and then it winds up in the next stable release, in a broken state
<clever>
if nobody uses it in nixos-unstable, its unlikely to be fixed
<clever>
other channels may not have the problem
<clever>
youll need to set allowBroken = true, find the real problem, and then file a PR to nixpkgs to fix it (and mark it as not broken)
<clever>
thats because they fail to compile, and marking it as broken stops you from wasting time building something that will fail
<clever>
how do they fail?
<clever>
`_: they seem to work just fine for me, how are you testing them?
<clever>
`_: then it may need to be patched by the nix build process
<clever>
`_: does the script detect if things are already checked out at a certain dir?
<clever>
`_: yes, the network is disabled to make sure the builds are reproducable
<clever>
`_: also, you want to use `nix-build file.nix -A package` for testing, nix-env isnt suited well for testing
<clever>
`_: nix disables all network access during a build, you must use pkgs.fetchsvn to fetch from svn
<clever>
i lack hydra control
<clever>
ivan: i think you need a special flag to make systemd aware that nfs is using the network, and to umount those before shutting off the network
<clever>
ivan: why is it hanging? you should probably fix that issue first
<clever>
ivan: how do you shutdown the machine?
<clever>
ivan: are you shutting down properly?
<clever>
ivan: is /boot mounted correctly?
<clever>
maybe?
<clever>
ivan: system.copySystemConfiguration
<clever>
lovesegfault: might be in libstore of nix itself
<clever>
lovesegfault: and the thing its compressing isnt on disk, its a single char* in ram
<clever>
lovesegfault: youll have to patch hydra-queue-runner
<clever>
lovesegfault: xz i think
<clever>
lovesegfault: its copying the build product from the build machine, to hydra, compressing, then uploading to an S3 bucket
<clever>
wavirc22: you dont have to set the uid or gid of your thing, nixos will just auto-generate one on startup
<clever>
some people just make everything on by default :P
<clever>
its just a matter of enabling it
<clever>
bash can do the same things
<clever>
programs.ssh.startAgent
<clever>
Whether to start the OpenSSH agent when you log in. The OpenSSH agent remembers private keys for you so that you don't have to type in passphrases every time you make an SSH connection. Use ssh-add to add a key to the agent.
<clever>
and share it between every terminal
<clever>
having an ssh agent configured, will automate the `eval "$(ssh-agent)"` step
<clever>
and then test with `ssh git@github.com`
<clever>
EdLin: does `ssh-add -l` show a key?
<clever>
EdLin: that broke your connection to the agent, re-start the ssh-agent, and redo ssh-add
<clever>
EdLin: then your ssh key isnt working yet
<clever>
EdLin: what does `ssh git@github.com` report?
<clever>
not https://
<clever>
EdLin: you have to clone from git@github.com:owner/repo
<clever>
it computes the public from the private
<clever>
you only add the private key to the agent
<clever>
then thats not precisely what you typed in!
<clever>
EdLin: the error only happens if you use `-l`
<clever>
EdLin: short term, try doing: eval "$(ssh-agent)" and then ssh-add
<clever>
it just makes it simpler if you have a pw
<clever>
an agent isnt needed
<clever>
EdLin: what does `ssh git@github.com` report?
<clever>
then an agent isnt running, and ssh will load ~/.ssh/id_rsa by default
<clever>
EdLin: use `ssh-keygen` to create a keypair, with optional passphrase, then configure the public key in github
<clever>
EdLin: did you tell github about your ssh keypair?
<clever>
EdLin: did you create a repo in github yet?
<clever>
[ 2.213178] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00002a00
<clever>
samueldr: it works as expected on x86
<clever>
samueldr: throwing together a script to build the x86 busybox, and see what it does in this situation!
<clever>
samueldr: any guess as to what to do next? maybe test in qemu?
<clever>
dansho: sounds perfect for your issue
<clever>
[ 6.555003] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
<clever>
so i have to bake it into the kernel
<clever>
my bootloader lacks initrd support right now
<clever>
[nix-shell:~/apps/kernel/build]$ time make $makeFlags zImage -j8 && time nix-build ~/apps/rpi-open-firmware/ -A helper
<clever>
CONFIG_INITRAMFS_SOURCE="initrd.cpio"
<clever>
samueldr: i have its exit code, so i could try `exit 42` lol
<clever>
samueldr: i think this line, is why stdout/stderr dont work
<clever>
samueldr: [ 5.479812] Warning: unable to open an initial console.
<clever>
then it gives you clang automatically, without any clang in buildInputs
<clever>
dansho: replace stdenv.mkDerivation with clangStdenv.mkDerivation
<clever>
dansho: you must use clangStdenv if you want clang working
<clever>
lovesegfault: you try getting 3 cross-compilers setup without nix :P
<clever>
dansho: is clangd being ran under nix-shell with clangStdenv?
<clever>
lovesegfault: i have a single nix-build command, that can build arm assembly, vc4 assembly, a linux kernel, and then assemble all of them into a single directory
<clever>
nix, to the rescue!
<clever>
so i cant reproduce their claims of it working :P
<clever>
but the actual build of linux wasnt documented
<clever>
lovesegfault: the dram bringup and loading of linux was previously solved
<clever>
lovesegfault: my current problem, is that the mmc reader is failing, so it cant mount the rootfs
<clever>
.... i'm not
<clever>
lovesegfault: it "just works" if you use the closed-source blobs
<clever>
this is the furthest ive gotten so far
<clever>
[ 5.604569] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
<clever>
lovesegfault: ive also made major rpi3 progress here