[sane] how to scan using sane-airscan?

2024-08-30 Thread Giovanni Biscuolo
Hello,

I'm using a system with %desktop-services installed (that includes
sane-service-type with sane-backends-minimal).

With sane-airscan installed I can get a list of devices:

--8<---cut here---start->8---

g@ken ~$ airscan-discover 
[devices]
  HP Color LaserJet MFP M181fw (0EEE0D) = http://192.168.1.20:8080/eSCL/, eSCL
  HP Color LaserJet MFP M181fw (0EEE0D) = https://192.168.1.20:443/eSCL/, eSCL
  HP Color LaserJet MFP M181fw (0EEE0D) = http://[fd56:feaa:cf06::20]:53048/, 
WSD
  HP Color LaserJet MFP M181fw (0EEE0D) = 
http://[fd56:feaa:cf06::60e:3cff:fe0e:ee0d]:53048/, WSD
  HP Color LaserJet MFP M181fw (0EEE0D) = http://192.168.1.20:53048/, WSD
  HP Color LaserJet MFP M181fw (0EEE0D) = 
http://[fe80::60e:3cff:fe0e:ee0d%252]:53048/, WSD

--8<---cut here---end--->8---

But if I run simple-scan it cannot find any scanner.

I found an old (2023-01-14) message in this mailing list [1] suggesting
to do set some env but it does non work:

--8<---cut here---start->8---

env LD_LIBRARY_PATH=${HOME}/.guix-profile/lib/sane 
SANE_CONFIG_DIR=${HOME}/.guix-profile/etc/sane.d simple-scan

--8<---cut here---end--->8---

Also this does not work:

--8<---cut here---start->8---

LD_LIBRARY_PATH=${HOME}/.guix-profile/lib/sane; 
SANE_CONFIG_DIR=${HOME}/.guix-profile/etc/sane.d; simple-scan

--8<---cut here---end--->8---

I also tried 'scanimage -L' in place of 'simple-scan' but no scanner is
detected.

In my ${HOME}/.guix-profile/lib I find this symlink: "sane ->
/gnu/store/hls5vghgb9z4isrvrr28n0kjsbhk6i97-sane-airscan-0.99.27/lib/sane"
and in that directory I find "libsane-airscan.so.1"

In my ${HOME}/.guix-profile/etc/ I find this symlink: "sane.d ->
/gnu/store/hls5vghgb9z4isrvrr28n0kjsbhk6i97-sane-airscan-0.99.27/etc/sane.d"
and in that directory:

--8<---cut here---start->8---

/home/g/.guix-profile/etc/sane.d:
dr-xr-xr-x 1 root root   34 Jan  1  1970 .
dr-xr-xr-x 1 root root   34 Jan  1  1970 ..
-r--r--r-- 1 root root 3.3K Jan  1  1970 airscan.conf
dr-xr-xr-x 1 root root   14 Jan  1  1970 dll.d

/home/g/.guix-profile/etc/sane.d/dll.d:
dr-xr-xr-x 1 root root 14 Jan  1  1970 .
dr-xr-xr-x 1 root root 34 Jan  1  1970 ..
-r--r--r-- 1 root root 42 Jan  1  1970 airscan

--8<---cut here---end--->8---

the content of the "airscan" file in
/home/g/.guix-profile/etc/sane.d/dll.d is:

--8<---cut here---start->8---

# sane-dll entry for sane-airscan
airscan

--8<---cut here---end--->8---


Plase how can I set sane-airscan as a usable backend for sane scanimage
and allo other sane frontends like simle-scan?


Thanks, Gio'


[1] id:nlhdbqq--...@tutanota.com


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


LXDE startlxde is resetting XDG_DATA_DIRS on Debian 12! (was Re: customize Debian 11 evironment in lightdm...)

2024-08-19 Thread Giovanni Biscuolo
Hello,

I'm following up a very old thread on debian-user (May 2022) since I
finally understand what is _resetting_ my XDG_DATA_DIRS... oh my!!!

To help-guix: 

Giovanni Biscuolo  writes:

> I'm trying to customize my user environment when using the lightdm
> display manager (then the LXDE desktop environment)

after the first tests, I also used gdm3 with the very same results

> I need to customize some variables so I can see Guix installed
> applications in my desktop menu, in particular I need to customize
> XDG_DATA_DIRS

...but "something" in LXDE (and only in LXDE) was _resetting_ my
XDG_DATA_DIRS customization

[...]

Since then, I upgraded to Debian 12 (bookworm) and the issue is still
here.

Since then, I changed the way I'm customizing user's environment in
order to allow users to use Guix installed programs (via PATH
customization) and see them in the "Application menu" of their preferred
desktop environment (via XDG_DATA_DIRS customization).

The fact is that my environment setup - that now is the same provided my
the Guix binary install script [1] coupled with a per-user .xsessionrc
sourcing the relevant environment variables scripts [2] - IS WORKING
with all desktop environments I tested... except LXDE.

OK, so after this short recap to provide some context, this is the
head of the /usr/bin/startlxde script that starts an lxsession [3]:

--8<---cut here---start->8---

#!/bin/sh

export 
XDG_DATA_DIRS="/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/"

if [ -z "$XDG_CONFIG_HOME" ]; then
export XDG_CONFIG_HOME="$HOME/.config"
fi

if [ -z "$XDG_DATA_HOME" ]; then
export XDG_DATA_HOME="$HOME/.local/share"
fi

--8<---cut here---end--->8---

That is literally _resetting_ all previous XDG_DATA_DIRS variable
content... why?!?!?

AFAIU this should be a bug in /usr/bin/startlxde.

Actually a Debian bug for this issue in package openbox-lxde-session
(that provides /usr/bin/startlxde) has been already filed on 2018-08-16,
so I'm not going to duplicate it:

«openbox-lxde-session: /usr/bin/startlxde overrides XDG_DATA_DIRS making
all local .desktop files unable to show on menu»
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906288

That's it! :-(

Happy hacking! Gio'


[1] https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh

[2] this way:

if [ -d /etc/profile.d ]; then
  for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
  . $i
fi
  done
  unset i
fi

[3] as found in /usr/share/xsessions/LXDE.desktop defining how to start
LXDE desktop session (Exec=/usr/bin/startlxde).

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: USB redirection via libvirt

2024-07-19 Thread Giovanni Biscuolo
Giovanni Biscuolo  writes:

[...]

> I've also added that simple-service to my os config, this is a snippet:
>
> --8<---cut here---start->8---
>
> [...]
>
>   (services
>(append %desktop-services
>(list

[...]

> ;; extend polkit for spice-gtk
> (simple-service 'spice-polkit polkit-service-type (list 
> spice-gtk))
>
> [...]
>
> --8<---cut here---end--->8---

[...]

> AFAIU polkit-service-type is defined in (gnu services desktop) and I'm
> including that module: what am I doing wrong please?

No I was wrong, polkit-service-type is in dbus service module: I added
it and I was able to define that simple-service

[...]

Sorry for the noise!

Happy hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: USB redirection via libvirt

2024-07-18 Thread Giovanni Biscuolo
Hello,

sorry to resurrect an old message but I've the same issue reported on
Nov 2023 by TakeV and the provided solution does not work for me

Saku Laesvuori  writes:

[...]

>> Error setting USB device node ACL: 'Error PoliciKit error: 
>> GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action 
>> org.spice-space.lowlevelusbaccess is not registered' (0)

same error here

[...]

> (operating-system
>   ...
>   (services
> ...
> (simple-service 'spice-polkit polkit-service-type (list spice-gtk

I've also added that simple-service to my os config, this is a snippet:

--8<---cut here---start->8---

[...]

(services
 (append %desktop-services
 (list
  ;; libvirt and virtlog daemons
  (service libvirt-service-type
   (libvirt-configuration
(unix-sock-group "libvirt")
(tls-port "16555")))

  (service virtlog-service-type
   (virtlog-configuration
(max-clients 1000)
(max-size 5)
(max-backups 9)))

  (service xfce-desktop-service-type)
  
  (set-xorg-configuration
   (xorg-configuration
(keyboard-layout keyboard-layout)))
  
  ;; extend polkit for spice-gtk
  (simple-service 'spice-polkit polkit-service-type (list 
spice-gtk))

[...]

--8<---cut here---end--->8---

but when I try to apply it I get this error:

--8<---cut here---start->8---

g@ken ~$ sudo guix system reconfigure /etc/config.scm 
Backtrace:
  18 (primitive-load "/home/g/.config/guix/current/bin/guix")
In guix/ui.scm:
   2312:7 17 (run-guix . _)
  2275:10 16 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1752:10 15 (with-exception-handler _ _ #:unwind? _ # _)
In guix/status.scm:
859:3 14 (_)
839:4 13 (call-with-status-report _ _)
In guix/scripts/system.scm:
   1311:4 12 (_)
In ice-9/boot-9.scm:
  1752:10 11 (with-exception-handler _ _ #:unwind? _ # _)
In guix/store.scm:
   684:37 10 (thunk)
   1325:8  9 (call-with-build-handler # …)
  2205:25  8 (run-with-store # …)
In guix/scripts/system.scm:
853:2  7 (_ _)
727:8  6 (_ #)
In gnu/system.scm:
  1335:19  5 (operating-system-derivation _)
   870:11  4 (operating-system-services #< kernel:…>)
   904:20  3 (services _)
In /etc/config.scm:
   120:48  2 (services #< kernel: #)
In ice-9/boot-9.scm:
  1685:16  1 (raise-exception _ #:continuable? _)
  1685:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1685:16: In procedure raise-exception:
error: polkit-service-type: unbound variable

--8<---cut here---end--->8---

AFAIU polkit-service-type is defined in (gnu services desktop) and I'm
including that module: what am I doing wrong please?

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: how to use a variable in a plain-file object?

2024-05-17 Thread Giovanni Biscuolo
Hello raingloom

thank you for you quick reply!

raingl...@riseup.net writes:

[...]

> Short untested example:
>
> (define name "Giovanni")
> (define greeting-gexp
>   #~(begin (with-output-to-file #$output (lambda _ (write (string-append
> "Hello, " #$name "!"))
>
> You should be able to use greeting-gexp in place of %my-file-object.

I've tested it with this code:

--8<---cut here---start->8---

(use-modules (guix gexp))

(define var1 "var1-value")
(define var2 "var2-value")

(define %another-file-object
  #~(begin (with-output-to-file #$output (lambda _ (write (string-append "\
# This is an example configuration file
# stored in %another-file-object
attribute1 = " #$var1 "
attribute2 = " #$var2 "
"))

%another-file-object

--8<---cut here---end--->8---

And this is the result:

--8<---cut here---start->8---

[~/tmp]
giovanni@roquette [genv]\: cat $(guix build --no-offload -e '(load 
"guix-output-to-file-example.scm")')
"# This is an example configuration file\n# stored in 
%another-file-object\nattribute1 = var1-value\nattribute2 = var2-value\n"

--8<---cut here---end--->8---

The output cannot be used in place of %my-file-object, right?

AFAIU the solution is to use mixed-text-file as suggested by Tomas Volf
yesterday in this thread.

Happy hacking! Gio'

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: how to use a variable in a plain-file object?

2024-05-17 Thread Giovanni Biscuolo
Hello Tomas,

Tomas Volf <~@wolfsden.cz> writes:

[...]

> I believe you can use mixed-text-file for this purpose:

Oh yes!  I missed (to understand) mixed-text-file and text-file* in the
G-exp manual section [1], in particular how it can be easily used in
place of local-file and plain-file, because I missed (to understand) the
given example.  Now that I see, I think I'll use that in place of
plain-file... everywhere :-O

[...]

> (use-modules (gnu packages base)
>  (guix gexp))
>
> (define %my-file-object
>   (mixed-text-file "something.conf" "\
> SED_PATH = " sed "/bin/sed
> "))
>
> %my-file-object
>
> And here is the result:
>
> $ cat $(guix build -e '(load "/tmp/yy.scm")')
> SED_PATH =
> /gnu/store/6kkygybkxkzqy3lf6k5kzimk5mjasrvw-sed-4.8/bin/sed

Cristal clear, also thank you for having pointed out a quick way to test
the result by building it and cat(ing) it in a shell session

This could be a nice section in the Cookbook :-)

Thank you and happy hacking!

> There are only two hard things in Computer Science:
> cache invalidation, naming things and off-by-one errors.

P.S.: I'll steal the above sentence, _verbatim_ :-)


[1] IMHO that manual section "talks" to experienced Guile programmers
and not to Guix _users_... and actually is a subsection of "Programming
interface".

-- 
Giovanni Biscuolo

Xelera IT Infrastructures



how to use a variable in a plain-file object?

2024-05-16 Thread Giovanni Biscuolo
Hello,

sorry for the very guile-absolute-beginner question, but I'd like to use
a declared variable in a plain-file object, so I can write something
like in this pseudo-code snippet:

--8<---cut here---start->8---

(define variable1 "var1-value")
(define variable2 "var2-value")

[...]

(define %my-file-object
  ,(plain-file "something.conf" "
# This is an example configuration file

attribute1 =" variable1 " 

attribute2 =" variable2 "

"))

--8<---cut here---end--->8---

and obtain a "something.conf" file like this:

--8<---cut here---start->8---
# This is an example configuration file

attribute1 = var1-value

attribute2 = var2-value

--8<---cut here---end--->8---

how can I do, please?

Thanks, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Guix Days: Patch flow discussion

2024-02-28 Thread Giovanni Biscuolo
Hello Simon,

first and foremost: I'd like to say a big thank you to all the people
working in the Guix community...

...and apologise if I still cannot do more to help.

Simon Tournier  writes:

[...]

> Well, let me try to quickly summarize my conclusion of the session:
>
>  1. We have a social/organisational problem.
>
>  2. We have some tooling annoyances.
>
>
> The easy first: #2 about tools.  The email workflow is often cited as
> part of the issue.  That’s a false-problem, IMHO.

yes, we (as a community) already had several discussions around the
false-problem named "email worfkow is too hard", I also dared to send a
*very* lenghty analysis comparing the _so_called_ "pull request model" [1] 

Unfortunately I'm pretty sure that _this_ false issue will be cited
again and again and again when discussing about "how to better help Guix
maintainers"

...unless the (info "(guix) Submitting Patches") one day will finally
(briefly) explain why the project is using an email based workflow and
not a "so called PR workflow" (to understand why PR workflow is "so
called" please read [1]) 

But all this discussion on the "email workflow" issue is more useless
when considering the commit authetication mechanism _embedded_ in Guix
since 2020;  I recently studied this blog post:

https://guix.gnu.org/en/blog/2020/securing-updates/

and it states:

--8<---cut here---start->8---

To implement that, we came up with the following mechanism and rule:

1 The repository contains a .guix-authorizations file that lists the
 OpenPGP key fingerprints of authorized committers.

2 A commit is considered authentic if and only if it is signed by one of
 the keys listed in the .  guix-authorizations file of each of its
 parents. This is the authorization invariant.

[...]

The authorization invariant satisfies our needs for Guix. It has one
downside: it prevents pull-request-style workflows. Indeed, merging the
branch of a contributor not listed in .  guix-authorizations would break
the authorization invariant. It’s a good tradeoff for Guix because our
workflow relies on [patches carved into stone tablets] (patch tracker),
but it’s not suitable for every project out there.

--8<---cut here---end--->8---

[patches carved into stone tablets] is a link to:

https://lwn.net/Articles/702177/
«Why kernel development still uses email»
By Jonathan Corbet, October 1, 2016 

an article with another ton of reasons why "all patch management tools
sucks, email just sucks less.

Anyway, since Guix is using the "authorization invariant" since 2020,
the "email workflow" is embedded in Guix :-D

Am I missing something?

> Projects that use PR/MR workflow have the same problem.  For instance,
> Julia [1] has 896 open PR. 

[...]

> I will not speak about the channel ’nonguix’ but it gives another
> clue.

I will not speak about kubernetes, cited in the above cited LWN article,
I will not speak about Gerrit, also cited there...

[...]

> To be clear, the email workflow might add burden on submitter side but I
> am doubtful it is really part of the bottleneck for reviewing and
> pushing submissions.

Email workflow makes the reviewing workflow _extremely_ easy, provided a
good MUA and a _little_ bit of self-discipline following the /easy/
guidance in (info "(guix) Reviewing the Work of Others")

> Although the tools might add some unnecessary friction, the net of the
> issue is IMHO #1: reviewing is just boring and time-consuming.

This is the one and only reason.

[...]

I don't have anything to add, for now.


Happy hacking! Gio'


[1] id:87y1ha9jj6@xelera.eu aka
https://yhetil.org/guix/87y1ha9jj6@xelera.eu/

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: declarative partition and format with Guix (was Re: Guix System automated installation)

2024-02-28 Thread Giovanni Biscuolo
Giovanni Biscuolo  writes:

[...]

>> but I think this is close to the right track.  Either operating-system
>> should be extended to support things like disk partitioning,

the library for doing this with Guile is guile-parted (packaged in
Guix); it's used by the Guix Installer:

https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/installer/parted.scm

AFAIU this (parted.scm above) is the starting point (the Guix library)
that can be used to develop a program that automates the disk
partitioning and filesystem creation based on a gexp (disk-layout.scm ?)
declaration.

>> and effect those changes at reconfigure time (with suitable
>> safeguards to avoid wrecking existing installs),
>
> I would prefer not, such "reconfigurations" should be done "out of band"
> and not "in band", IMHO

Side note: there is a recent discussion on a "Resize Filesystem Service"
at this thread
id:zr0p278mb0268910b4fe39a48112ce740c1...@zr0p278mb0268.chep278.prod.outlook.com
[1]

[...]

Happy hacking! Gio'



[1] 
https://yhetil.org/guix/zr0p278mb0268910b4fe39a48112ce740c1...@zr0p278mb0268.chep278.prod.outlook.com/

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


declarative partition and format with Guix (was Re: Guix System automated installation)

2024-02-27 Thread Giovanni Biscuolo
Hello Ian,

Ian Eure  writes:

> Giovanni Biscuolo  writes:

[...]

>> Please consider that a preseed file is very limited compared to 
>> a
>> full-fledged operating-system declaration since the latter 
>> contains the
>> declaration for *all* OS configuration, not just the installed 
>> packages.
>
> I appreciate where you’re coming from, I also like the one-file 
> system configuration, but this is inaccurate.

Yes you are right, I completely misrepresented the functionality of the
Debian preseed utility, sorry! (...and I used that in a remote past)

[...]

> installed packages.  Right now, Debian’s system allows you to do 
> things which Guix does not.

[...]

> means you can use a preseed file to tell the installer to 
> partition disks, set up LUKS-encrypted volumes (and specify one or 
> more passwords for them), format those with filesystems

Yes, this is what is missing from the Guix installer system

> With Debian, I can create a custom installer image with a preseed
> file, boot it, and without touching a single other thing, it’ll
> install and configure the target machine, and reboot into it.  That
> boot-and-it-just-works experience is what I want from Guix.

I understand that it's just a workaround but you can achieve this
boot-and-it-just-works (if there isn't bugs in the script/preseed)
experience with a simple bash script to automate "manual installation"

I wrote it in bash because I'm not able to write it in Guile and/or
extend the "guix system" command to be able to manage the missing bits,
but that is a solution (more a workaround now)

[...]

> There’s no facility for specifying disk partitioning or *creating* 
> filesystems in the system config -- it can only be pointed at ones 
> which have been created already.

Yes: those facilities are missing, we (still?) cannot do that
declaratively... let's do that imperatively, automatically :-)

[...]

>> I would really Love So Much™ to avoid writing imperative bash 
>> scripts
>> and just write Scheme code to be able to do a "full automatic" 
>> Guix
>> System install, using a workflow like this one:
>>
>> 1. guix system prepare --include preseed.scm disk-layout.scm 
>> /mnt
>>
>> where disk-layout.scm is a declarative gexp used to partition, 
>> format
>> and mount all needed filesystems
>>
>> the resulting config.scm would be an operating-system 
>> declaration with
>> included the contents of preseed.scm (packages and services
>> declarations)
>>
>> 2. guix system init config.scm /mnt (already working now)
>>
>> ...unfortunately I'm (still?!?) not able to contribute such code 
>> :-(
>>
>
> I don’t think there’s any need for a preseed.scm file, and I’m not 
> sure what would be in that,

preseed.scm is "just" the part of "operating-system" declaration without
the (bootloader [...]), (file-systems [...]) and (swap-devices [...])
declaration, that is automatically generated by "guix system prepare"
based on disk-layout.scm

> but I think this is close to the right track.  Either operating-system
> should be extended to support things like disk partitioning, and
> effect those changes at reconfigure time (with suitable safeguards to
> avoid wrecking existing installs),

I would prefer not, such "reconfigurations" should be done "out of band"
and not "in band", IMHO

> or the operating-system config could get 
> embedded in another struct which contains that, similar to the 
> (image ...) config for `guix system image'.  I think there are 
> some interesting possibilities here: you could change your 
> partition layout and have Guix resize them

Root (/) partition resizing must be done with root unmounted, no?

Also, since the resize (shrink?) of filesystem is a very sensitive
operation, I'd exclude that from "normal" operations done via "guix
system reconfigure"... it's more "guix system prepare..." with one or
more disk partitions (i.e. /home) resized/shrinked or kept as is,
_without_ file system (re)formatting.

One interesting thing that could be done at "guix system prepare" time
is to restore one or more filesystem content from a (possibly remote)
backup, useful in a disaster recovery scenario.

> / create new ones for you.

[...]

Meanwhile: WDYT to work togheter on a simple _configurable_ bash script
to help users automate the very first installation of a Guix System and
try to upstream it?

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Guix System automated installation

2024-02-26 Thread Giovanni Biscuolo
Hello Ian,

I'm a little late to this discussion, sorry.

I'm adding guix-devel since it would be nice if some Guix developer have
something to add on this matter, for this reason I'm leaving all
previous messages intact

Csepp  writes:

> Ian Eure  writes:
>
>> Hello,
>>
>> On Debian, you can create a preseed file containing answers to all the 
>> questions
>> you’re prompted for during installation, and build a new install image which
>> includes it.  When booted, this installer skips any steps which have been
>> preconfigured, which allows for either fully automated installation, or 
>> partly
>> automated (prompt for hostname and root password, but otherwise automatic).
>>
>> Does Guix have a way to do something like this?  The declarative config is 
>> more
>> or less the equivalent of the Debian preseed file, but I don’t see anything 
>> that
>> lets you build an image that’ll install a configuration.

When using the guided installation (info "(guix) Guided Graphical
Installation"), right before the actual installation on target (guix
system init...) you can edit the operating-system configuration file:
isn't it something similar to what you are looking for?

Please consider that a preseed file is very limited compared to a
full-fledged operating-system declaration since the latter contains the
declaration for *all* OS configuration, not just the installed packages.

Alternatively, you can use the (info "(guix) Manual Installation") and
copy a pre-configured (preseed? :-) ) operating-system file, but you
have to be very careful (see (info "(guix) Proceeding with the
Installation").

>> I see there’s `guix deploy’, but that requires an already-installed GuixSD to
>> work, which isn’t helpful for getting it installed in the first place.
>>
>> Thanks,
>>
>>  — Ian

I'm also interested in a way to fully automate the installation [1] of
Guix System hosts and I've developed a small bash script to help me (see
below).

The idea is to use the script to install a very basic Guix System on the
machine and then use "guix deploy" (or deploy "manually") for a
full-fledged configuration.

My initial motivation was (and sill is the main) to allow me to install
Guix Systems on rented hosts (dedicates or VPS) provided by vendors that
do not have Guix System in the list of operating systems users can
install on their machines: in this case users can boot machines in
rescue mode (AFAIU all hosters provide a rescue system) and insall Guix
System in a similar way as described in (info "(guix-cookbook) Running
Guix on a Linode Server") or (info "(guix-cookbook) Running Guix on a
Kimsufi Server")

You can find the script here:
https://gitlab.com/softwareworkers/swws/-/blob/master/infrastructure/hosts/cornouiller/bootstrap-guix.sh?ref_type=heads
(that is the last "version" I used, for now I write a script for every
machine I need... I still have to make this script generic putting all 
needed config variables in an external file)

Please consider it's still in early development, although I've already
tested it both locally and with real rented machines, both bare metal
and VPS.

After some tests I realized that with few tests I could use such a
script both on a rescue system and when installing using the Guix
Installer ISO, selecting a full manual installation, see (info
"(guix) Manual Installation"), and then running the script.

> guix system image is maybe closer, but it doesn’t automate everything that the
> installer does.
> But the installer can be used as a Scheme library, at least in theory.  The 
> way
> I would approach the problem is by creating a Shepherd service that runs at 
> boot
> from the live booted ISO.

I would really Love So Much™ to avoid writing imperative bash scripts
and just write Scheme code to be able to do a "full automatic" Guix
System install, using a workflow like this one:

1. guix system prepare --include preseed.scm disk-layout.scm /mnt

where disk-layout.scm is a declarative gexp used to partition, format
and mount all needed filesystems

the resulting config.scm would be an operating-system declaration with
included the contents of preseed.scm (packages and services
declarations)

2. guix system init config.scm /mnt (already working now)

...unfortunately I'm (still?!?) not able to contribute such code :-(


Happy hacking! Gio'



[1] that means: with almost zero needed intervention by the user... the
user just needs to _design_ the installation.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: PostgreSQL 15 service

2024-02-26 Thread Giovanni Biscuolo
Hi Mauritz,

Mauritz Stenek  writes:

[...]

> However, I get this error (verbatim):
>
> ```
> # herd start postgres
> Service user-homes has been started.
> herd: error: exception caught while executing 'start' on service 
> 'postgres':
> Throw to key `%exception' with args `("#<&invoke-error program: 
> \"/gnu/store/m7dwq55l600g12bzm245zd9ha8v1zvn1-pg_ctl-wrapper\" 
> arguments: (\"start\") exit-status: 1 term-signal: #f stop-signal: 
> #f>")'.
> ```
>
> Any ideas on how to fix this?

AFAIU the above error is just saying trat the exit status of
pg_ctl-wrapper is 1 (meaning it failed)

Can you have a look at the logs, they sould be in syslog (by default,
having not defined a specific log-destination configuration)

HTH! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: 29.1: tramp: use $SHELL environment variable to start remote shell?

2024-02-23 Thread Giovanni Biscuolo
Giovanni Biscuolo  writes:

[...]

> I need my remote profile to be loaded because all hosts I manage have
> Guix [2] installed and all needed environment variables are set by the
> user profile; here is an example of a "M-x shell" remote connection to a
> guix host (foreign distro), the same holds for "M-x eshell":
>
> --8<---cut here---start->8---
>
> /ssh:local.biscuolo.anemone:/localhome/g/ #$ guix describe
>   guix 3676e31
> repository URL: https://git.savannah.gnu.org/git/guix.git
> commit: 3676e312aaf1ce10ed1d7844e871b54e04624098
> /ssh:local.biscuolo.anemone:/localhome/g/ #$ $SHELL -l
> (anemone)g@anemone:~$ guix describe
> Generation 9  Apr 21 2021 09:23:33(current)
>   guix 13c4a37
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: 13c4a377f5a2e1240790679f3d5643385b6d7635
>
> --8<---cut here---end--->8---
> (as you can see, without proper environment guix is not able to run as
> it should)

Please forgive me for the noise: the problem is in the environment of
(one of) my remote user!

I tested again with other users on other hosts and the environment
variables of my profile are correctly set.

Anyway, the shell I get when connecting is still not fully functional,
for example autocompletion does not work (write a substring and then
TAB) and also up and down arrow keys do not work (echoes escape
sequances instead of showing the shell history)

Am I still doing something wrong with my environment?

Ouch!  Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


29.1: tramp: use $SHELL environment variable to start remote shell?

2024-02-23 Thread Giovanni Biscuolo
Hello,

please is it possible to start a remote shell (and vterm) using the
program defined in the $SHELL env variable on the remote host?

Alternatively, is there a way to automatically source a remote profile
(e.g. .bash_profile) in the remote shell?

Short story long (sorry for the long details)...

I have this Emacs and TRAMP versions:

--8<---cut here---start->8---
(emacs-version)
"GNU Emacs 29.1 (build 1, x86_64-unknown-linux-gnu, cairo version 1.16.0)"

(tramp-version nil)
"2.6.2.0"
--8<---cut here---end--->8---

Installed emacs-vterm version: 0.0.2-1.c3a3a23

If I open a remote directory in dired with TRAMP and then connect to a
remote host with "M-x shell" or "M-x vterm", the default shell is
/bin/sh

I can later start my preferred shell with "$SHELL -l" so my shell
profile (e.g. .bash_profile) is sourced and all is working as expected
[1]

I need my remote profile to be loaded because all hosts I manage have
Guix [2] installed and all needed environment variables are set by the
user profile; here is an example of a "M-x shell" remote connection to a
guix host (foreign distro), the same holds for "M-x eshell":

--8<---cut here---start->8---

/ssh:local.biscuolo.anemone:/localhome/g/ #$ guix describe
  guix 3676e31
repository URL: https://git.savannah.gnu.org/git/guix.git
commit: 3676e312aaf1ce10ed1d7844e871b54e04624098
/ssh:local.biscuolo.anemone:/localhome/g/ #$ $SHELL -l
(anemone)g@anemone:~$ guix describe
Generation 9Apr 21 2021 09:23:33(current)
  guix 13c4a37
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 13c4a377f5a2e1240790679f3d5643385b6d7635

--8<---cut here---end--->8---
(as you can see, without proper environment guix is not able to run as
it should)

I know that I can customize the remote shell to use by:

1. use "C-u M-x shell" and specify the remote shell to use [3]

2. use connection related information [4] to customize "remote-shell"
per-connection (via regexp)

but 1. does not vork for vterm and 2. is too complicated for this use
case, IMO.

Ideally I would like both "M-x shell" and "M-x vterm" to just do "the
right thing" and start a remote shell using the remote $SHELL
environment variable.

Any hint please?

Happy hacking, Gio'


[1] I mean, is working in the same way I get when connecting with any
other terminal emulator

[2] some on foreign distro, other on Guix System

[3] /bin/bash on foreign distros, /run/current-system/profile/bin/bash
on Guix System

[4] 
https://www.gnu.org/software/emacs/manual/html_node/tramp/Predefined-connection-information.html



P.S.: yes, still not using eshell as I should! :-(

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: patch question: any tool to download patches from guix patch mailing list?

2023-06-19 Thread Giovanni Biscuolo
Hi!

Jelle Licht  writes:

[...]

> I know it was already mentioned, but some features were recently added
> to piem (patch waiting over at https://issues.guix.gnu.org/64155) to
> integrate it with debbugs.el,

great!  I missed it (v. 0.5.0 released few hours ago [1]); thank you for
the patch to the Guix package!

> the Emacs debbugs interface. This makes it
> (IMHO) a fairly easy to apply some patches locally.
>
> I have this set up with (something similar to) the following:
> --8<---cut here---start->8---
> (setq piem-inboxes
>   (("guix-patches"
> :coderepo ("/home/jlicht/Documents/guix")
>   :url "https://yhetil.org/guix-patches";
>   :listid "guix-patches.gnu.org"
>   :address "guix-patc...@gnu.org"
>   :gnu-package "guix-patches")))
>
> (require 'piem)
> (piem-gnus-mode 1)
> (piem-debbugs-mode 1)
>
> (require 'debbugs)
> (defun debbugs-gnu-guix ()
>   "List Guix issues."
>   (interactive)
>   (debbugs-gnu '("serious" "important" "normal") '("guix-patches") nil t))
> --8<---cut here---end--->8---
>
> With the configuration taken care of, just `M-x debbugs-gnu-guix',
> navigate to any issue (just put point on an issue you are interested in)
> and run `M-x piem-b4-am'. It should pull down all needed messages (from
> yhetil's public inbox mirror), and use some heuristics to apply the most
> recent patch revision, taking into account either 'git send-email' or
> attachment-based patch series.

Thank you for the explanation, it's very valuable since this new feature
is not well documented on the pien online manual at
https://docs.kyleam.com/piem/
(e.g. https://docs.kyleam.com/piem/Lisp-Function-Index.html mentions
piem-debbugs-mode but no other documentation is found)

[...]

Happy hacking! Gio'


[1] https://git.kyleam.com/piem/tree/Documentation/RelNotes/0.5.0.txt

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: patch question: any tool to download patches from guix patch mailing list?

2023-06-17 Thread Giovanni Biscuolo
Hi Andy,

Andy Tai  writes:

[...]

> (There seems to be tool like b4 or patchworks for Linux kernel
> developers and their mailing lists but not sure if similar tools exist
> for GNU (or Guix specific) development mailing lists)

what you ask has been discussed several times in guix-devel since a
smoother "send and recieve patches workflow" is a very common desire :-)

I'm still not extensively using the tools I mention in 2. so I have no
"hands on" suggestions, I'm currenly using 1 (but still not emacs-piem).

1. use notmuch (possibly with emacs-piem)

if already a notmuch user **and** you are subscribed to the patches
mailing list, for a single patch you can copy the patch message-id (cI
to stash it) and use

--8<---cut here---start->8---

$ notmuch show --format=mbox id:XXX | git am

for a single patch, or

$ notmuch show --format=mbox thread:XXX | git am

for a whole series

--8<---cut here---end--->8---
(https://notmuch.notmuchmail.narkive.com/V2cK3dJb/handling-patch-from-mail)

if you are comfortable with emacs, emacs-piem can be used as a frontend
to apply patches from a Notmuch (or Gnus) buffer (or editable pop up
mbox buffer):
https://docs.kyleam.com/piem/Applying-patches.html#Applying-patches

2. Use b4 and public-inbox related tools

the advantage of b4 is that you are not "forced" to be subscribed to the
patches mailing list(s) since it can apply patches from a public-inbox
backed mailing list

https://yhetil.org/guix/20201114003906.25111-1-k...@kyleam.com/

This is a thread that explains how to use b4 with the guix-patches
(unofficial) public-inbox, this is an executive summary:

--8<---cut here---start->8---

$ # in the guix repo
$ git config b4.attestation-policy off
$ git config b4.midmask https://yhetil.org/guix-patches/%s
$ b4 am 

--8<---cut here---end--->8---

If you use Emacs there is a frontend: emacs-piem

3. keep looking at mumi

recently (April 2023 [1]) the "mumi send-email" CLI was added to help in
/sending/ patches

maybe one day a CLI will be added to ""mumi git-am" in a similar way as
the workflow in 1.

On May 2022 [2] Ludovic sent a "super-early-draft" of a "guix review"
command on the guix-devel mailing list and there was some consensus that
it should become "mumi review", but no development was done since then
AFAIK


HTH, Happy hacking! Gio'


[1] https://yhetil.org/guix/87mt2xiab3@systemreboot.net

[2] https://yhetil.org/guix/87a6btymzz@gnu.org

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: stateful caches (was Re: OBS Studio memory leak)

2023-06-15 Thread Giovanni Biscuolo
Hi!

Guillaume Le Vaillant  writes:

[...]

> I used gdb on versions of mesa and vlc with debug symbols:
>
> --8<---cut here---start->8---
> guix build --with-debug-info=mesa --with-debug-info=vlc vlc
>
> gdb /gnu/store/...-vlc-3.0.18/bin/.vlc-real
> (gdb) run some-video.mkv
> --8<---cut here---end--->8---
>
> Then I sent a SIGSTOP signal to the vlc process, and in gdb I looked at
> the backtrace of all the threads of vlc.

got it, thanks!

[...]

>> do you think this bug (is it a bug, right?) needs to be reported
>> upstream?
>
> I guess it would be better if the code reading the shader cache was more
> robust when reading possibly incompatible or corrupted data. However
> I have not tried more recent versions of mesa, maybe they are better at
> it...
>
> And it seems that Maxim has already reported the issue upstream,
> see <https://issues.guix.gnu.org/63197>

oh I missed it: I'll make my comments in that issue then, thanks!

> and <https://gitlab.freedesktop.org/mesa/mesa/-/issues/8937>

I see

Happy hacking. Gio'


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


stateful caches (was Re: OBS Studio memory leak)

2023-06-15 Thread Giovanni Biscuolo
Hi Guillaume Le Vaillant and Guix Devels,

sorry for cross-posting but IMHO the workaround you found [1] for the memory
leak affecting a number of media processing applications is of interest
for many people potentially not subscribed to help-guix

AFAIK this was not filed as a Guix bug

Guillaume Le Vaillant  writes:

> Ott Joon  skribis:
>
>> Hey
>>
>> Tried the same thing in VLC and it freezes on GPU accel and starts
>> leaking memory while also becoming hard to kill.  Maybe this also
>> explains why some mpv GPU accel settings don't work also in the exact
>> same way.  I have an AMD RX 6900 XT on this machine.

[...]

> It looks like an issue with the shader cache of mesa.
> After clearing it, I don't see the memory leak anymore.

good catch: please can you tell us how you managed to spot that problem?
Did you straced it or did yoy find a related mesa bug report?

do you think this bug (is it a bug, right?) needs to be reported
upstream?

I'm asking this because I "feel" we (I mean Guix users) could do
something to help upstream removing this "status mismanagement"

> Could you try doing a "rm -r $HOME/.cache/mesa_shader_cache/*" and see
> if it also solves the issue for you?

AFAIU this is "just" another instance of the "mismanaged state" error
class, like the one(s) discussed back in Oct 2019 [2] and probably
periodically recurring since the beginning of some (many) the upstream
applications lifecycle.

Back then, Efraim Flashner was using this snippet [2] in his OS-config:

--8<---cut here---start->8---

;; This directory shouldn't exist
(file-system
  (device "none")
  (mount-point "/var/cache/fontconfig")
  (type "tmpfs")
  (flags '(read-only))
  (check? #f))

--8<---cut here---end--->8---

It seems that a similar snippet could also be useful for all
"~/.cache/*" :-O

Happy hacking! Gio'



[1] message id:87y1kozvny@robbyzambito.me

[2] message id:20191018073501.GB1224@E5400

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: nudging patches

2023-05-17 Thread Giovanni Biscuolo
Hello Remco,

sorry for cross posting to guix-devel but I think this is more a devel
(committers needing help) discussion than a user (needing help) one :-)

Remco van 't Veer  writes:

> Hi,
>
> What's the preferred / politest way to draw attention to patches (and /
> or bugs) which seem to have been overlooked?

AFAIU send an email ping to the patch/bug, possibly Cc-ing the related
team [1]

> And while I have your attention and you're wondering which patches I'd
> like to promote.. 😉
>
> - #62557 [guix-patches]
>   [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, 
> 28756}]
> - #62558 [guix-patches]
>   [PATCH] gnu: ruby-3.0: Upgrade to 3.0.6 [fixes CVE-2023-{28755, 28756}].
> - #62559 [guix-patches]
>   [PATCH] gnu: ruby-3.1: Upgrade to 3.1.4 [fixes CVE-2023-{28755, 28756}].
> - #62561 [guix-patches]
>   [PATCH] gnu: ruby-3.2: Upgrade to 3.2.2 [fixes CVE-2023-{28755, 28756}].
>
> They still apply cleanly on master.

This is the current Ruby team:

id: ruby
name: Ruby team
description: 
scope: "gnu/packages/ruby.scm" "guix/build/ruby-build-system.scm" 
"guix/build-system/ruby.scm" "guix/import/gem.scm" 
"guix/scripts/import/gem.scm" "tests/gem.scm" 
members:
+ Christopher Baines 

> But seriously, what is the preferred way to do this?

HTH! Gio'

[1] https://guix.gnu.org/en/manual/devel/en/html_node/Teams.html#Teams

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Racket REPL not working

2023-05-17 Thread Giovanni Biscuolo
Hello,

Efraim Flashner  writes:

[...]

> I was able to run 'guix shell racket -- racket --version' with it
> segfaulting. Same thing when I switched to using the same commit that
> you're using.

I'm using this Guix commit:

--8<---cut here---start->8---

Generation 149  May 08 2023 13:31:35(current)
  guix e118b92
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: e118b92cfe7a598b71dbbda2622b7551f4a72104

--8<---cut here---end--->8---

I'm on a foreign distro (Debian 11), I've tested racket in a
pure/not-pure guix shell and it is working, no segfaulting

> Can you paste the output of 'lscpu'? I suspect that there might be some
> optimizations being applied during build time and it's been optimized
> with features not available in your CPU.

This is my lscpu output:

--8<---cut here---start->8---

giovanni@roquette: lscpu
Architecture:x86_64
CPU op-mode(s):  32-bit, 64-bit
Byte Order:  Little Endian
Address sizes:   36 bits physical, 48 bits virtual
CPU(s):  8
On-line CPU(s) list: 0-7
Thread(s) per core:  1
Core(s) per socket:  8
Socket(s):   1
NUMA node(s):1
Vendor ID:   GenuineIntel
CPU family:  6
Model:   77
Model name:  Intel(R) Atom(TM) CPU  C2758  @ 2.40GHz
Stepping:8
CPU MHz: 1899.896
CPU max MHz: 2400,
CPU min MHz: 1200,
BogoMIPS:4799.73
Virtualization:  VT-x
L1d cache:   192 KiB
L1i cache:   256 KiB
L2 cache:4 MiB
NUMA node0 CPU(s):   0-7
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf:  Not affected
Vulnerability Mds:   Mitigation; Clear CPU buffers; SMT disabled
Vulnerability Meltdown:  Mitigation; PTI
Vulnerability Spec store bypass: Not affected
Vulnerability Spectre v1:Mitigation; usercopy/swapgs barriers and 
__user pointer sanitization
Vulnerability Spectre v2:Mitigation; Full generic retpoline, IBPB 
conditional, IBRS_FW, STIBP disabled, RSB filling
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort:   Not affected
Flags:   fpu vme de pse tsc msr pae mce cx8 apic sep 
mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe 
syscall nx rdtscp lm constant_tsc arch_pe
 rfmon pebs bts rep_good nopl xtopology 
nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 
ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popc
 nt tsc_deadline_timer aes rdrand lahf_lm 
3dnowprefetch cpuid_fault epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority 
ept vpid tsc_adjust smep erms dtherm arat
  md_clear

--8<---cut here---end--->8---

HTH! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


cpp-mustache-4.1 build fails

2023-05-17 Thread Giovanni Biscuolo
Hello 

thank you very much Hubert for your report: errors like the one you
found (packages build failures) are bugs, next time please report them
to bug-g...@gnu.org; better to close a non-bug than to miss an actual
one ;-)

As you can see I've now filed a new bug: bug#63551

Thank you also to Vagrant and Denis for the heads up, please submit
further comments or patches to 63...@debbugs.gnu.org

Denis 'GNUtoo' Carikli  writes:

[...]

> There are several approaches here and I've patches for two of them if
> needed (I've attached them):
> (1) backport some upstream patches:
> - There are 2 catch2 updates, they can be squashed into 1 patch
> - We also need a patch for fixing unused variables.
> (2) Update cpp-mustache: There is an upstream commit
> 
> (https://github.com/kainjow/Mustache/commit/4ed8c0b5a2a43d59394bd6900dc04e738dbf8c02)
> that change some version string. I've asked upstream if that was
> the 5.0.0 release but so far I got no answer.
> https://github.com/kainjow/Mustache/issues/65
>
> (1) is 0001-gnu-cpp-mustache-fix-build-with-newer-glibc.patch
> (2) is 0001-bug-reported-upstream-for-release-info-gnu-cpp-musta.patch
>
> I didn't share the patches yet because I was waiting on upstream to
> clarify the situation with the lack of 5.0.0 tag.

Please do not wait for an official upstream "release" (git tag,
actually) for cpp-mustache, I guess upstream just forgot to tag it: Guix
is full of "not officially" released or properly tagged packages,
sources are often taken from carefully selected git commits (I've
recently proposed a patch for dia, that is in a very similar situation)

Since commit 4ed8c0b is setting version to 5.0.0 and that version works
(does it?), I'd go for an "update to 5.0.0" patch

My two cents.

[...]

Happy hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Frescobaldi manifest can’t be updated

2023-05-17 Thread Giovanni Biscuolo
Hello Gottfried,

Gottfried  writes:

> my Lilypond manifest could not be updated. (since weeks)
> Frescobaldi can’t be build. (python-poppler)
> May be somebody know why?

I also tried to build [1] frescobaldi and the build failed, but it was
caused by python-pyportmidi-217 (see bug#63548) and not python-poppler

Nevertheless, also the build of python-poppler-qt5
(/gnu/store/1jv6lwkfqpjy2jqifs3xjpp7xjz6sw7d-python-poppler-qt5-21.1.0.drv)
is failing the same way you are reporting:

[...]

> /gnu/store/pzlvgglsbwjkgn9x25bfgni2836ch3i3-python-sip-4.19.25/bin/sip 
> -I /gnu/store/dy3xh053ahkhrp2jamggq8cpsyvp8mg0-python-3.10.7/share/sip 
> -t POPPLER_V21_01_0 -x QTXML_AVAILABLE -c 
> build/temp.linux-x86_64-cpython-310 -b 
> build/temp.linux-x86_64-cpython-310/poppler-qt5.sbf -I
>
> /gnu/store/7a5cx6yzn5i5cvqm5mg0138dyhy2jcgc-python-pyqt-5.15.9/share/sip 
> -n PyQt5.sip -t Qt_5_15_8 -t WS_X11 poppler-qt5.sip
> sip: Unable to find file "QtCore/QtCoremod.sip"
>
> error: command 
> '/gnu/store/pzlvgglsbwjkgn9x25bfgni2836ch3i3-python-sip-4.19.25/bin/sip' 
> failed with exit code 1
>
> error: in phase 'build': uncaught exception:

[...]

so I filed a new bug: #63549

Sorry I'm not able to propose patches for both packages.

HTH! Gio'


[1] "./pre-inst-env guix build frescobaldi" in a Guix checkout

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: to enable all profiles at login time

2023-04-17 Thread Giovanni Biscuolo
Hi Gottfried

I guess you are on a foreign distro

Gottfried  writes:

[...]

> but when starting MATE Desktop all my profiles are not enabled.

graphical sessions environment is not controlled by .bash_profile (or
.profile)

If your distro works like Debian [1], try to add this to your ~/.xsessionrc:

if [ -f ~/.bash_profile ]; then
. ~/.bash_profile
fi

Details here:
https://wiki.debian.org/Xsession#User_configuration

[...]

Happy hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: mbsync with XOAUTH2 SASL mechanism

2023-01-26 Thread Giovanni Biscuolo
Hi Timo,

Timo Wilken  writes:

[...]

> Instead, I ended up "borrowing" Thunderbird's client key and secret,
> which has worked fine so far.
>
> Maybe I'm being a bit paranoid, but I don't want to post the literal
> key here. You can copy it from mailnews/base/src/OAuth2Providers.jsm
> in Thunderbird's source tree (look for "login.microsoftonline.com" in
> the kIssuers variable near line 140).

thanks for sharing this trick!

this adds a big dependency in our software stack, but it works, so why
not! :-)

a couple questions:

- have you tried getmail6 with the mentioned howto?

- to refresh the tokens do you have to periodically run Thunderbird?

Thanks! Gio'

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: mbsync with XOAUTH2 SASL mechanism

2023-01-26 Thread Giovanni Biscuolo
Hi,

Giovanni Biscuolo  writes:

[...]

> This howto is for getmail 5.6 but AFAIU should also work for getmail6
> (it's mentioned in the official getmail6 documentation [1])

I forgot to mention the howto!

https://www.bytereef.org/howto/oauth2/getmail.html

it contains detailed instructions on how to configure getmail to get the
initial access and refresh tokens (they must be periodically "manually"
refreshed, unfortunately)

HTH! Gio'

[...]

> [1] https://getmail6.org/configuration.html#retriever-parameters (search
> for "use_xoauth2"

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: mbsync with XOAUTH2 SASL mechanism

2023-01-24 Thread Giovanni Biscuolo
Hello Peter,

have you solved your problem?

I never tested this, but I'll have to do...

Peter Polidoro  writes:

> I am trying to setup an oauth2 email account to work with Emacs 
> using mbsync (from the isync guix package) and mu4e.

[...]

> What is the proper Guix way of getting mbsync to work with 
> XOAUTH2? Should I try to package cyrus-sasl-xoauth2 or modify the 
> isync package or something else? Thanks!

I can't help with packaging and integrating cyrus-sasl-xoauth2 with
isync but maybe getmail6 (packaged in Guix) is able to get your emails
from your enterprise IMAP server

This howto is for getmail 5.6 but AFAIU should also work for getmail6
(it's mentioned in the official getmail6 documentation [1]) 

Last but not least, please consider that if you can (and if your company
server/postmaster allows it) it's much better to use an "app password"
method instead of Oauth2
https://pypi.org/project/getmail/#oauth2-privacy-policy

HTH! Gio'

P.S.: please give us feedback if you can, I think your is a common
problem among Guix users



[1] https://getmail6.org/configuration.html#retriever-parameters (search
for "use_xoauth2"

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


declarative containers (was Re: [EXT] Re: Enterprise Guix Hosting?)

2023-01-23 Thread Giovanni Biscuolo
Hello everybody,

(this is an old thread started on help-guix [1])

Ludovic Courtès  writes:

> "Thompson, David"  skribis:
>
>> On Wed, Aug 31, 2022 at 2:40 AM Ricardo Wurmus  wrote:
>>>
>>> Another thing that seems to be missing is a way to supervise and manage
>>> running containers.  I use a shepherd instance for this with
>>> container-specific actions like this:

[...]

>> Hey that's a real nice starting point for a container management tool!
>>  So maybe there should be a system service to manage containers and
>> then a 'docker compose'-like tool for declaratively specifying
>> containers and their network bridging configuration that is a client
>> of the service?
>
> Agreed!  We could turn Ricardo’s code into ‘container-guest-service’ or
> something and have ‘containerized-operating-system’ add it
> automatically.

please there was some progress with this service?

once done, could it be possible to declaratively start a whole network
of containers using a dedicated home-service, or
containerized-operating-systems (also on foreign distros)?

right now with "guix system container" we can imperatively manage
(start/stop, connect to the console with nsenter) and connect them
to the network [2], Ricardo showed us how he do it programmatically;
having a declarative interface (os-records) whould be awesome!

I'm very interested and willing to test it, if needed

thanks! Gio'


[1] id:878rn4syql@elephly.net

[2] thank you Ricardo for the cookbook section!
https://guix.gnu.org/en/cookbook/en/guix-cookbook.html#Guix-System-Containers

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


use guix shell with a file (e.g. tissue.scm)

2022-11-26 Thread Giovanni Biscuolo
Hi,

I just want to share with you a temporary solution for users who wish to
try out tissue or other packages before they are included in Guix
upstream.

...and yes, unlike me advanced Guix users may find this obvious :-)

Put this file

(use-modules (gnu packages autotools)
 (gnu packages gettext)
 (gnu packages guile)
 (gnu packages guile-xyz)
 ((gnu packages skribilo) #:prefix guix:)
 (guix build-system gnu)
 (guix gexp)
 (guix packages)
 (guix git-download)
 ((guix licenses) #:prefix license:))

(define skribilo-latest
  (let ((commit "621eb1945aec8f26f5aee4bdf896f2434e145182")
(revision "1"))
(package
  (inherit guix:skribilo)
  (name "skribilo")
  (version (git-version "0.9.5" revision commit))
  (source (origin
(method git-fetch)
(uri (git-reference
  (url "https://git.systemreboot.net/skribilo";)
  (commit commit)))
(file-name (git-file-name name version))
(sha256
 (base32
  "16rdcvszl9x183y32hjdwns0lkrvkmwd2fsshymspb12k4cxj6i4"
  (native-inputs
   `(("autoconf" ,autoconf)
 ("automake" ,automake)
 ("gettext" ,gnu-gettext)
 ,@(package-native-inputs guix:skribilo))

(define tissue
  (let ((commit "6d6285d071132960835f848a1703faaea2356937")
(revision "3"))
(package
  (name "tissue")
  (version (git-version "0.1.0" revision commit))
  (source (origin
(method git-fetch)
(uri (git-reference
  (url "https://git.systemreboot.net/tissue";)
  (commit commit)))
(file-name (git-file-name name version))
(sha256
 (base32
  "1dlcy7m4gz1vmklyny4mxky9822q5hjc4qdmn42yf2qvh8xy62g5"
  (build-system gnu-build-system)
  (arguments
   (list #:make-flags #~(list (string-append "prefix=" #$output))
 #:modules `(((guix build guile-build-system)
  #:select (target-guile-effective-version))
 ,@%gnu-build-system-modules)
 #:phases
 (with-imported-modules '((guix build guile-build-system))
   #~(modify-phases %standard-phases
   (replace 'patch-source-shebangs
 (lambda* (#:key inputs #:allow-other-keys)
   (substitute* "bin/tissue"
 (("^exec guile")
  (string-append "exec " (search-input-file inputs 
"/bin/guile"))
   (delete 'configure)
   (add-after 'install 'wrap
 (lambda* (#:key inputs outputs #:allow-other-keys)
   (let ((out (assoc-ref outputs "out"))
 (effective-version 
(target-guile-effective-version)))
 (wrap-program (string-append out "/bin/tissue")
   `("GUILE_LOAD_PATH" prefix
 (,(string-append out "/share/guile/site/" 
effective-version)
  ,(getenv "GUILE_LOAD_PATH")))
   `("GUILE_LOAD_COMPILED_PATH" prefix
 (,(string-append out "/lib/guile/" 
effective-version "/site-ccache")
  ,(getenv "GUILE_LOAD_COMPILED_PATH")))
  (inputs (list guile-3.0 guile-filesystem guile-git guile-xapian))
  (propagated-inputs
   (list skribilo-latest))
  (home-page "https://tissue.systemreboot.net";)
  (synopsis "Text based issue tracker")
  (description "tissue is a text based issue tracker.")
  (license license:gpl3+

tissue

in your preferred directory (~/guix/unpackaged/ in the example below)
and then:

--8<---cut here---start->8---

guix shell -f ~/guix/unpackaged/tissue.scm -- tissue help

--8<---cut here---end--->8---

The first time the package(s) gets compiled, so it'll take as time as
needed, from the second time onwards the guix shell cache will do its
job and the command will run immediatly.

With this trick you can use Guix to install tissue [1] and use it for
your project - or tissue issues [2] - before tissue is packaged in Guix.

«One Guix to rule them all» :-D

Happy hacking!

[1] even on foreign distros obviuosly

[2] web view: https://issues.genenetwork.org/?type=open-issue

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: How to install guix system from existing linux with guix package manager?

2022-05-30 Thread Giovanni Biscuolo
Hi kiasoc5,

kias...@disroot.org writes:

[...]

>> I never tried this, but beware that the UID and GID of user(s) in
>> your new Guix System sould be the very same of the arch system to be
>> able to access homes, /including/ Guix profiles of users (stored in
>> /home/$USER...)
>
> Yes, I believe most Linuxes set the first created user to a UID and
> GID of 1000, so hopefully this is not an issue.

Automatic UID and GID assignemt works that way /but/ when
migrating/sharing an OS that's not deterministic and I strongly suggest
you to use the "source system" (arch in your case) UID and GID in your
target system (Guix System in your case)

>> Important: if you want to be able to share the store between the two
>> systems you should also share the /status/ of Guix, stored in
>> LOCALSTATEDIR/guix/ (usually /var/guix), since it contains a lot of
>> useful data and AFAIU it must be kept in sync between the foreign distro
>> and the Guix System [1]. This is the most critical part about being
>> able to share Guix between two different host operating systems.
>
> Should I make /var/guix a subvolume as well?

Oh yes, I forgot to mention this!

Both /gnu/store and /var/guix must be shared so you need a dedicated
block device: partition or LVM/btrfs (sub)volume.  An alternative could
be to bind mount /gnu/store and /var/guix on the "target system" [1]
(Guix System in your case)... but IMHO the dedicated block device is
better for dual (multiple) boot systems like in your case

> ALso the only directory in /gnu is /gnu/store right? So I could just
> have an @gnu subvolume mounted on /gnu instead of a @gnu-store
> subvolume mounted on /gnu/store?

AFAIK /gnu is still not used by any other software to store files, but
it could be in the future... who knows?  For this reason I'd share only
/gnu/store for Guix and nothing more, eventually sharing other
/gnu/folders in the future, IF needed.

>> Last but not least, once you have installed Guix System you have to
>> decide what manages your GRUB configuraton: Guix System or arch, you
>> cannot share the grub config between the two; Guix System have a
>> stateless GRUB config (and it' good and fair) so I suggest you to use it
>> for GRUB configuration, but if you decide to keep using arch this is a
>> good tip: https://yhetil.org/guix/20181031125428.GA814@doom/
>
> Thanks for the tip. What if I install another bootloader on Arch like
> systemd boot? Then there will not be a bootloader conflict and I can
> select one with efibootmgr.

Yes of course you can always select your preferred boot mamager with
efibootmgr, but I'm lazy and I like to have GRUB manage all my OSs :-)

> May 28, 2022, 10:51 AM, "Giovanni Biscuolo"  mailto:g...@xelera.eu?to=%22Giovanni%20Biscuolo%22%20%3Cg%40xelera.eu%3E > 
> wrote:

[...]

>> As a side note, you could also consider to switch to Guix System and
>> keep your foreign distro running as an LXC container sharing store and
>> state with the host, but you have to be familiar with LXC tooling [1]
>> AND know how to "convert" a "physical" machine to an LXC container [2],
>> giving the guests acces to the host GPU [3] for graphical applications
>> or using remote dektop applications like SPICE or VNC... it's a little
>> bit complex but pure fun!
>
> Would an LXC approach require two graphics cards? I only have an
> integrated GPU.

No, you can share your GPU with guests or connect to guests using remote
desktop, as mentioned above ;-)


Happy hacking! Gio'



[1] I'm using this technique in my LXC containers, excerpt from one
config:

--8<---cut here---start->8---

lxc.mount.entry=/gnu/store gnu/store none ro,bind 0 0
lxc.mount.entry=/var/guix var/guix none bind 0 0

--8<---cut here---end--->8---

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: How to install guix system from existing linux with guix package manager?

2022-05-28 Thread Giovanni Biscuolo
Hello kiasoc5,

this morning I realized that...

Giovanni Biscuolo  writes:

[...]

>> WDYT? any tips/suggestions?
>
> I never tried this,

ehrm: it's false :-O

Actually I'm using a shared store AND "LOCALSTATEDIR/guix/" (usually
/var/guix) between my host OS and all my LXC containers, it's something
I learned by adapting Ludo' and Ricardo notes on installing Guix on a
cluster; please see this message (it was Feb 2019, I forgot I wrote
that) for details and pointers to the relevant documentation:

https://yhetil.org/guix/87h8d8dl6d@roquette.mug.biscuolo.net/

In your case the "store and state sharing" systems are not running and
at the same time like on a cluster, but from a systemistic point of view
it's (almost) the same thing some of us are already doing in their
setup.

Please pay attention: you can skip the setup of guix-daemon on client
(compute) nodes since... you have no clients :-), but you should keep
guix-daemon updated (as root, sudo -E...) on both dual-boot operating
systems to avoid potential problems due to changes in state data format
and/or API.

Obviously also consider all the caveats I mentioned in my previous
message.

As a side note, you could also consider to switch to Guix System and
keep your foreign distro running as an LXC container sharing store and
state with the host, but you have to be familiar with LXC tooling [1]
AND know how to "convert" a "physical" machine to an LXC container [2],
giving the guests acces to the host GPU [3] for graphical applications
or using remote dektop applications like SPICE or VNC... it's a little
bit complex but pure fun!

[...]

Please keep us updated on your progress!

Happy Hacking! Gio'

[1] see info '(guix) Virtualization services'

[2] this is a sort of howto:
https://askubuntu.com/questions/680608/how-to-migrate-physical-12-04-machine-into-lxc

[3] https://bookstack.swigg.net/books/linux/page/lxc-gpu-access


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: How to install guix system from existing linux with guix package manager?

2022-05-27 Thread Giovanni Biscuolo
Hello kiasoc5,

IMHO what you are trying to do is an interesting path to... ascension
:-)

For my desktop and laptop I'm still using Guix on top of a foreign
distro (Debian) because... I'm conservative :-D, so I'd very much like
to have a way to try to slowly switch to Guix System with the "safety
net" to be able to boot my current system if I'm in trouble; this way
also I can spare some cash avoiding to buy a new dedicated machine for
this experiments.

kias...@disroot.org writes:

[...]

> @guix-root is mounted on / on guix system
> @gnu-store is mounted on /gnu/store on guix system and shared between
> arch and guix
> @home is mounted on /home and shared between arch and guix
>
> So I think the steps are as follows:
> 0. backup data (just in case)

Also backup /var/guix so you should be able to restore a working Guix
status (with working I mean in your current foreign distro)

> 1. move /gnu/store to subvolume
> 2. install Guix system manually with the following file systems:
>
> (mapped-devices
>   (list (mapped-device
> (source (uuid "my-uuid"))
> (target "cryptroot")
> (type luks-device-mapping
>
> (file-systems (append
>(list (file-system

[...]

>%base-file-systems))

In your snippet config you missed to mount /home ;-)
(you also need to configure GRUB for dual boot, but I guess you know)

> 3. configure uefi to boot guix grub by default
>
> WDYT? any tips/suggestions?

I never tried this, but beware that the UID and GID of user(s) in
your new Guix System sould be the very same of the arch system to be
able to access homes, /including/ Guix profiles of users (stored in
/home/$USER...)

Important: if you want to be able to share the store between the two
systems you should also share the /status/ of Guix, stored in
LOCALSTATEDIR/guix/ (usually /var/guix), since it contains a lot of
useful data and AFAIU it must be kept in sync between the foreign distro
and the Guix System [1].  This is the most critical part about being
able to share Guix between two different host operating systems.

Last but not least, once you have installed Guix System you have to
decide what manages your GRUB configuraton: Guix System or arch, you
cannot share the grub config between the two; Guix System have a
stateless GRUB config (and it' good and fair) so I suggest you to use it
for GRUB configuration, but if you decide to keep using arch this is a
good tip: https://yhetil.org/guix/20181031125428.GA814@doom/

There's nothing else it comes to my mind now regarding this "migrate and
share path"

AFAIU with the above caveats, you should be able to "share Guix" between
the two systems in dual boot.

Please let me know your progresses, I'm interested!

Happy Hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: /gnu/store

2022-05-26 Thread Giovanni Biscuolo
Hello Gottfried,

are you using Guix System or Guix on a foreign distro?

Gottfried  writes:

> Hi Guixers,
> After guix pull und guix update I have a new Emacs Version, Emacs 28
>
> 1. My earlier created icon for emacs, in Mate Desktop, opens the older 
> Version Emacs 27.2
> How to fix it?

have you tried logging out and in?

> 2. Opening /gnu/store/ in Mate Caja (File Manager) takes ages.

AFAIK it takes ages in every file manager

you'd better use "find" (man find) from your terminal if you want to
find a package in /gnu/store, see below

> To look for a the Emacs 28.1 file takes also ages.

What is "the Emacs 28.1 file"?

> Is there a quicker way to search for some directories in /gun/store?
> May be in the terminal emulator? With which commands?

yes: use the CLI in a terminal

to have the (too long) directory listing: "ls -lah /gnu/store"

to serach for every first level only directory having "emacs" in its
name under /gnu/store: "find /gnu/store -maxdepth 1 -type d -name '*emacs*'"

then you can inspect the store for each installed package,
e.g. "/gnu/store/r1zd92x4bh8zfz16rj9gh66pr950x2zr-emacs-guix-0.5.2-5.c9aef52"
with ls or Caja if you want

> I want to change the command for opening emacs in the starter,now 
> version 27.2 change into emacs 28. So that the emacs icon in the toolbar 
> opens Emacs 28. Or is the simplest way deleting the icon and after every 
> new emacs version creating a new icon?

You cannot change the .desktop files used to start applications
installed via Guix since they are stored read-only in the store

It's "just" a matter to refresh your graphical menu an usually we need
to logout and login (at least on a foreign distro)

> If I do a "emacs -ProfileManager" it opens the emacs 28

AFAIU you are starting emacs from a terminal, and yes: it starts emacs
28 because it does not use the *.desktop file used by the graphical menu
(which have the 27.2 version hardcoded in it)

> but does not  give me a possibility to set a new Profile.

AFAIK "ProfileManager" is not a valid emacs option :-)

> 3. Can somebody explain to me the structure of /gnu/store?

Please read the Guix manual at "8.9 The Store"

AFAIK the store is set read-only **but** in any case /do not/ directly
write to the store, it is accessed by the guix-daemon via the various
"guix..." command

use the guix cli (or the great emacs-guix interface [1]) to explore your
packages (et al)

[...]

> The date is allways the same,

it's a reproducibility requirement: our software is /eternal/ B-)

[...]

> thanks in advance
> I am "hacking" at the basics
> Gottfried

Happy hacking! Gio'



[1] I had to apply a workaround to make it working 
https://issues.guix.gnu.org/55013#2


[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures



Re: Screen sharing ungoogled-chromium

2022-04-28 Thread Giovanni Biscuolo
Hi phodina

this sounds like an upstream bug, or do you think it depends on Guix
packaging?

phodina via  writes:

> Hi,
>
> I'm attempting to share my screen in the chromium browser (100.0.4896.127-1).
>
> I've enabled the #enable-webrtc-pipewire-capturer flag and I also have 
> xdg-desktop-portal install on my Guix System.
>
> However, when I click in Teams

do you mean Microsoft Teams?

I never used that service, sorry I cannot help here.

[...]

> Does somebody use the screen sharing feature?

I regurarly use the screen sharing feature in Jitsi and it works out of
the box (some previous ungoogled-chromium had issues with video on
Jisti, depending on servers)

HTH! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


SOLVED: Re: nheko and quaternion: completely black chat area

2021-07-11 Thread Giovanni Biscuolo
Hello Guix,

Giovanni Biscuolo  writes:

[...]

> So it seems to be related to my LTSP session AND to Something™ my
> (Guix?) environment... but can't figure out what.

Since my LTSP terminal is not 3D capable I have to enable the Qt Quick
2D Renderer [1] by setting this env variable in my profile:

--8<---cut here---start->8---

export QMLSCENE_DEVICE=softwarecontext

--8<---cut here---end--->8---

This way I'm now able to use nheko (and quaternion... and other Qt Quick
based apps I guess) also on my 2D LTSP terminal.

Happy hacking! Gio'


[1] https://doc.qt.io/QtQuick2DRenderer/


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


LTSP related Re: nheko and quaternion: completely black chat area

2021-07-09 Thread Giovanni Biscuolo
Giovanni Biscuolo  writes:

[...]

> The apps are running fine, including authentication and send messages
> /but/ the chat area [1] is completely black and I cannot read anything
> in it.
>
> The strange thing is that on my laptop, configured (almost) the same and
> also with Guix on top of Debian 10 both applications are running fine, I
> mean the message chat box is readeable.

One more info to add: my desktop is a LTSP server (in a LXC container)
and I connect to it with a thin client, it's working well since many
years.

There's another strange thing: if I connect from my laptop to my desktop
with ssh (and X11 forwarding) I can run both nheko and quaternion
without problems, I mean: the chat area is NOT black.

So it seems to be related to my LTSP session AND to Something™ my
(Guix?) environment... but can't figure out what.

...still investigating...

[...]

Happy hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


nheko and quaternion: completely black chat area

2021-07-08 Thread Giovanni Biscuolo
Hello Guix users,

I'm running Guix on Debian 10 and I'm experiencing a strange problem
both with nheko and quaternion, both matrix chat protocol clients and
both qt5 GUI based. 

I've installed both of them via manifest from a very recent commit I've
pulled today:

--8<---cut here---start->8---

Generation 122  lug 08 2021 13:31:51(current)
  guix 94f772d
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 94f772dad8cb1064d0e8cf11285ad9963ba00224

--8<---cut here---end--->8---

The apps are running fine, including authentication and send messages
/but/ the chat area [1] is completely black and I cannot read anything
in it.

The strange thing is that on my laptop, configured (almost) the same and
also with Guix on top of Debian 10 both applications are running fine, I
mean the message chat box is readeable.

I've also tried to compare the nheko /proc//environ on the two
hosts but AFAIU there are no meaningful differences.

I've also installed the nheko deb package via apt and with that I do not
have the "black chat area" problem, so it seems related to Guix and to
the environment... but I'm not qt5 expert so I'm just trying to
guess... with no success.

Any hint please?

Thanks! Gio'


[1] the one with the messages list you can see in this upstream
screenshot: https://nheko-reborn.github.io/images/screenshots/chat-resized.png

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: XDG_... env variables in root

2021-07-08 Thread Giovanni Biscuolo
Hi Hamzeh,

"Hamzeh Nasajpour"  writes:

[...]

> Seems that this is relevant to way of switching user which I used. I
> was using `su` for switching as `root` and just now I found that there
> are some differences between `su` and `su -`. With using of `su -` the
> `XDG_...` env paths are correct:

Yes, that was the issue, I was not thinking about it when I first
replied.

Regards, Gio'

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures



Re: XDG_... env variables in root

2021-07-07 Thread Giovanni Biscuolo
Hello Hamzeh,

"Hamzeh Nasajpour"  writes:

[...]

> but another issue is these are env variables in `root`. My main issue
> is why these variables in `root` point to `USER` paths?

please can you show us only the relevant parts [1] of your bash profile
(or other shell profile) for "user" and "root"?

Thanks, Gio'


[1] I mean the one setting GUIX related env variables

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Emacs config for "traditional" or Guix environment?

2020-10-06 Thread Giovanni Biscuolo
Hello Simon,

thank you for your patience and tips!

This is a follow-up of things discussed in bug#43243 (now resolved). I'm
posting this to help-guix in case someone finds it useful.

This is a *very* quick summary of my bug report: I had a strange error
with elfeed-org and after some investigation I realized I was still
using old packages loaded from my ~/.emacs.d/elpa directory, installed
using "use-package" before migrating to Guix's Emacs; I removed that
directory and all is running as before.

During the investigation I sent my redacted init.el, Simon commented
it. The following is my follow-up.

zimoun  writes:

> Dear,
>
> On Fri, 02 Oct 2020 at 20:08, Giovanni Biscuolo  wrote:

[...]

>> ;; -*- mode: emacs-lisp -*-
>> (unless (require 'guix-emacs nil 'noerror)
>>  (package-initialize))
>> (unless (require 'guix-emacs nil 'noerror)
>>  ;; package archives
>>  (when (>= emacs-major-version 24)
>>(require 'package)
>>(setq package-archives
>>'(("GNU_ELPA" . "https://elpa.gnu.org/packages/";)
>>  ("org"  . "https://orgmode.org/elpa/";)
>>  ("MELPA_Stable" . "https://stable.melpa.org/packages/";)
>>  ("MELPA". "https://melpa.org/packages/";))
>>package-archive-priorities
>>'(("GNU_ELPA" . 15)
>>  ("org"  . 10)
>>  ("MELPA_Stable" . 5)
>>  ("MELPA". 0)
>
> From my experience, I do not mix packages from Emacs archives and from
> Guix because it often leads to weirdness –– unexpected behaviour at
> least…

Yes I perfectly understand that: *never* mix packages.

What you see (and still I am using) is my attempt for a smooth migration
from my "Debian+use-package" Emacs installation to a pure Guix one;
since I'm using the same environment (packages+config) on all my
machines *and* I'm quite conservative I wanted a configuration that
"Just Worked" in all my environments (via git controlled dotfolder).

This "multi enviroment" trick was suggested by a smart Emacs user:

--8<---cut here---start->8---
(if (require 'guix-emacs nil 'noerror)
 ; Code for Guix Emacs
 ; Code for non-Guix Emacs
)
--8<---cut here---end--->8---

and I adapted it to my needs without actually fully understand how it
works :-O

...and it actually worked during my transition to a full Guix Emacs
install, being a transition from a Debian+use-package 26.3 to the same
version on Guix.

Anyway, as far as I see, my current usage of "(unless (require
'guix-emacs nil 'noerror)..." actually prevents any code to be evaluated
in my Guix Emacs environment.

> Personally, I have removed the use of all the ‘package.el’
> functions and only use packages ’emacs-*’ from Guix and then configure
> them using ’with-eval-after-load’.

I'm considering this, also, since now I do not need my old "multi env"
config anymore and I like simple and clean solutions, easier to
debug.  Guix is the solution to package management, I migrated, forget
the past. Full stop. :-D

[...]

> (Note I do not know about TRAMP, so maybe ’tramp-remote-path’ should be
> evaluated at init time and not at use time.  Aside the fact that TRAMP
> is part of vanilla Emacs, AFAICT.)

Yes it is part of vanilla Emacs but the upstream author suggested me to
install the upstream version, that solved an issue I had with /adb:/ on
26.3 vanilla Emacs from Guix.

[...]

> From my understanding, you are misusing ’use-package’.  Or you could
> rewrite:
>
> (with-eval-after-load 'org
>   (require 'org-tempo))
>
> (And I am personally doing that.)

[...]

> Last, your starting time should be pretty long, right?  Hum?  IMHO, it
> could be really faster if you use ’with-eval-after-load’ or
> ’(use-package foo :defer t …)’ and so enjoy the speedup by “lazy”
> evaluation.

Thank you, I'll study with-eval-after-load.

Fast starting time is absolutely not a priority for me, I usually use
Emacs in daemon mode for several days... but it surely helps. 

[...]

Thanks a lot! Giovanni.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: are gnutls binaries available in guix?

2020-08-13 Thread Giovanni Biscuolo
Hi Tobias

Tobias Geerinckx-Rice  writes:

[...]

> ‘guix environment gnutls’ doesn't provide gnutls; ‘gnu environment 
> --ad-hoc gnutls’ does.

Oh my… "guix environment " provides an augmented environment
needed TO BUILD , it DOES NOT add the package to the
environment: I should self-repeat that 42 times more. 

Thanks! Gio' aka "Guix Fu Panda" :grin:

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


are gnutls binaries available in guix?

2020-08-13 Thread Giovanni Biscuolo
Hello guix,

please how can I install the binary utilities included in gnutls?

I see gnutls package have 3 outputs: out (default), debug and doc: I
tried "guix environment gnutls" and ""guix environment gnutls:debug" but
I cannot find the binaries.

Any hint please?

Thanks, Gio'

-- 
Giovanni Biscuolo


signature.asc
Description: PGP signature


Re: Certificate problem with curl, though icecat works

2020-08-13 Thread Giovanni Biscuolo
Hi Totor,

Todor Kondić  writes:

[...]

>> I'm going to open a bug report upstream (gnutls), thanks for your
>> report.

This is the bug report https://gitlab.com/gnutls/gnutls/-/issues/1062

I checked other OCSP issues and I did not understand if this is already
fixed in latest GnuTLS releases

> Thanks for confirming this!

(Y)

> I pulled the newest Guix and updated gnutls and that did not solve the
> issue.

Me too, but…

I'm not explicitly installing gnutls in my profile (via manifest), I'm just 
installing
curl and in that profile I get:

--8<---cut here---start->8---

giovanni@roquette: gnutls-cli --version
gnutls-cli 3.6.7
Copyright (C) 2000-2020 Free Software Foundation, and others, all rights 
reserved.
This is free software. It is licensed for use, modification and
redistribution under the terms of the GNU General Public License,
version 3 or later <http://gnu.org/licenses/gpl.html>


Please send bug reports to:  

--8<---cut here---end--->8---

But:

--8<---cut here---start->8---

giovanni@roquette: curl --version
curl 7.71.0 (x86_64-unknown-linux-gnu) libcurl/7.71.0 GnuTLS/3.6.14 zlib/1.2.11 
libidn2/2.3.0 nghttp2/1.41.0
Release-Date: 2020-06-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 
pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz 
NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets

--8<---cut here---end--->8---

curl should use gnutls 3.6.14... I should double check my profile update

I'll report as soon as I understand what's happening

Thanks, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Certificate problem with curl, though icecat works

2020-08-12 Thread Giovanni Biscuolo
Giovanni Biscuolo  writes:

[...]

>> $ curl 
>> https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
>>
>> curl: (60) server certificate verification failed. CAfile: 
>> /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile: 
>> none
>> More details here: https://curl.haxx.se/docs/sslcerts.html
>>
>> ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is set 
>> properly.
>
> This is similar to
> https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html

No, this is a different issue:

--8<---cut here---start->8---

gnutls-cli actorws.epa.gov

Processed 128 CA certificate(s).
Resolving 'actorws.epa.gov:443'...
Connecting to '134.67.99.60:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection 
Agency,L=Durham,ST=North Carolina,C=US', issuer `CN=DigiCert SHA2 Secure Server 
CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, RSA key 
2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 UTC', 
expires `2021-04-19 12:00:00 UTC', 
pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk="
Public Key ID:
sha1:884a27ada33cc533411036cde08f7c83bee2580e

sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29
Public Key PIN:
pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=

- Certificate[1] info:
 - subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', issuer 
`CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 
0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using RSA-SHA256, 
activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', 
pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="
|<1>| Got OCSP response with an unrelated certificate.
- Status: The certificate is NOT trusted. The received OCSP status response is 
invalid. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
[~]-

--8<---cut here---end--->8---

I'm going to open a bug report upstream (gnutls), thanks for your
report.

Best regards, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Certificate problem with curl, though icecat works

2020-08-12 Thread Giovanni Biscuolo
Hi TK

TK  writes:

[...]

> However, doing the same thing with  curl errors out:
>
> $ curl 
> https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N
>
> curl: (60) server certificate verification failed. CAfile: 
> /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile: 
> none
> More details here: https://curl.haxx.se/docs/sslcerts.html
>
> ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is set 
> properly.

This is similar to
https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html

and it should be fixed in the latest GnuTLS, which is in Guix since
commiy 8951b9496b5c390adb3b3292d234bb8ab9936c40

Anyway I can confirm that I get the same results as you.

I'm going to investigare if I can add something useful and open a bug
(probably upstream?)

happy hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: hash mismatch on permanently moved URL

2020-07-02 Thread Giovanni Biscuolo
zimoun  writes:

> On Thu, 2 Jul 2020 at 15:38, Giovanni Biscuolo  wrote:
>
>> Actually this is a in-place *displacement* (with HTML) :-O
>
> I do not know what is an "inplace displacement (with HTML)".

Just a nonsense of mine :-)

[...]

> Redirection should not be an issue.  The important point is the
> integrity of the data (the sha256 field).
> And here, there is a mismatch

Yes I go it, the very unusual thing is that the (double) redirection is
pointing to a web page (AFAIU) and *not* to the tgz source file 

[...]

>> Problems like this one are very bad for our time machine, I'm just
>> thinking if Guix can do something to prevent them.
>
> I agree.  But Guix cannot fix the world. :-)

...unfortunately not: it can fix *almost* all that is software related

> What is currently done seems The Right Thing:
>
>  1. fetch from the Guix farm
>  2. try with the current upstream
> 2b. try a mirror if any
>  3. fallback to SWH
>
> You hit the problem because you turn off the fallback to the Guix
> farm,

Yes I see, and actually it's a very specific use case

> BTW, the fallback to SWH is not ready yet for 2 main reasons:
>
>  a) SWH has not yet ingested all the source tarballs in existence of
> Guix; and it is not ready.  What is ready is to ingest the current
> source tarballs but nothing has been done to feed with all the past
> source tarballs.
>  b) It is not clear how to fetch back the raw tarball from SWH since
> they do not store the checksum but their own hash id (SWHID).  Some
> discussion about correspondence and so on is happening right now. :-)

I was not aware of this second point: thanks!

[...]

Happy hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: hash mismatch on permanently moved URL

2020-07-02 Thread Giovanni Biscuolo
Hi Efraim and Simon,

thank you for your very quick reply! I read your messages after I tried
my "guix build" attempt

zimoun  writes:

> Dear,
>
> Ah the joy of in-place replacement! :-D

Actually this is a in-place *displacement* (with HTML) :-O

Fortunately Guix is amazing \O/

Anyway: I guess there will be potentially other issues like this one in
the future (permanent redirections to web pages instead of sources) and
unfortunately (AFAIU) Guix will not be able to use alternative sources
like Software Heritage: WDYT about considering 301 and 302 HTTP codes as
"soft failures" and making Guix considering the alternative sources?

Problems like this one are very bad for our time machine, I'm just
thinking if Guix can do something to prevent them.

[...]

>> Please how can I fix this situation?
>
> guix download 
> http://ci.guix.gnu.org/nar/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz

Oh yes... download (preseed the file)!

I did:

--8<---cut here---start->8---

$ guix download 
https://github.com/unicode-org/icu/releases/download/release-64-2/icu4c-64_2-src.tgz

Starting download of /tmp/guix-file.QYSPMo
From 
https://github.com/unicode-org/icu/releases/download/release-64-2/icu4c-64_2-src.tgz...
following redirection to 
`https://github-production-release-asset-2e65be.s3.amazonaws.com/49244766/c239d900-615b-11e9-9f18-c7c2f6baa47b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200702%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200702T131303Z&X-Amz-Expires=300&X-Amz-Signature=5b743b3a38385952bde1807ac6c8f387e534650a49cf2f533bb04164cf0bc255&X-Amz-SignedHeaders=host&actor_id=0&repo_id=49244766&response-content-disposition=attachment%3B%20filename%3Dicu4c-64_2-src.tgz&response-content-type=application%2Foctet-stream'...
 icu4c-64_2-src.tgz  22.9MiB
   11.5MiB/s 00:02 
[##] 100.0%
/gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz
0v0xsf14xwlj125y9fd8lrhsaych4d8liv8gr746zng6g225szb2

--8<---cut here---end--->8---

and guix pull is going on now, building half of the world! :-)

[...]

Thanks a lot! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: hash mismatch on permanently moved URL

2020-07-02 Thread Giovanni Biscuolo
Hello,

I tried to build using the current upstream release channel (see below)
but I'm still stuck.

Giovanni Biscuolo  writes:

[...]

> The problem is that
> http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz
> moved pernamently:
>
> --8<---cut here---start->8---
>
> ~$ curl -I http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz
> HTTP/1.1 301 Moved Permanently
> Date: Thu, 02 Jul 2020 12:27:32 GMT
> Server: Apache/2.4.38 (Debian)
> Content-Security-Policy: upgrade-insecure-requests;
> Location: https://icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz
> Content-Type: text/html; charset=iso-8859-1
>
> --8<---cut here---end--->8---

... AND:

--8<---cut here---start->8---

~$ curl -I https://icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz
HTTP/1.1 302 Found
Date: Thu, 02 Jul 2020 12:51:46 GMT
Server: Apache/2.4.38 (Debian)
Content-Security-Policy: upgrade-insecure-requests;
Location: http://site.icu-project.org/download/#/icu4c/64.2/icu4c-64_2-src.tgz
Content-Type: text/html; charset=iso-8859-1

--8<---cut here---end--->8---

so I got the source URL from the new releases official channel, and
built using:

--8<---cut here---start->8---

~$ guix build icu4c 
--with-source=https://github.com/unicode-org/icu/releases/download/release-64-2/icu4c-64_2-src.tgz
[...]
successfully built 
/gnu/store/waf07n3970nz183kvk947lpa1wj9ixvk-icu4c-64_2-src.drv
/gnu/store/8fxpn9b21gf782n6v6cq4q17jcfgm9ix-icu4c-64_2-src

--8<---cut here---end--->8---

After this, unfortunately, `guix pull` is still trying to build icu4c
since it is a different store item:

--8<---cut here---start->8---

building /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv...
downloading from 
http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz...
/sha256 hash mismatch for 
/gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz:
  expected hash: 0v0xsf14xwlj125y9fd8lrhsaych4d8liv8gr746zng6g225szb2
  actual hash:   19pfpqg5yl86nnzfkzkgq521y56wg1yhfiyis7m480rczyiqnbin
hash mismatch for store item 
'/gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz'
build of /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv 
failed

--8<---cut here---end--->8---

[...]

I still don't know how to solve this situation.

Any hint please?

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


hash mismatch on permanently moved URL

2020-07-02 Thread Giovanni Biscuolo
Hi Guix,

yesterday I installed a new Guix System (on iron) using the installer
(latest stable
https://ftp.gnu.org/gnu/guix/guix-system-install-1.1.0.x86_64-linux.iso.xz
on USB)

The installation is fine but when I try to guix pull I get this:

--8<---cut here---start->8---

~$ sudo -i guix pull
Updating channel 'guix' from Git repository at 
'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix  https://git.savannah.gnu.org/git/guix.git   b919d40
building 
/gnu/store/f99dg2cqqlskh5q07l9dw5la7l5s28lq-libgcrypt-1.8.4.tar.bz2.drv...
downloading from 
https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.4.tar.bz2...
building /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv...
downloading from 
http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz...
|sha256 hash mismatch for 
/gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz:
  expected hash: 0v0xsf14xwlj125y9fd8lrhsaych4d8liv8gr746zng6g225szb2
  actual hash:   1qfbm2kh7hzd8752rky9dzis8qhgkhs6dkq71k8zar8y74nz7265
hash mismatch for store item 
'/gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz'
build of /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv 
failed
View build log at 
'/var/log/guix/drvs/45/82v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv.bz2'.
cannot build derivation 
`/gnu/store/y9y4j318znj6xfdnljkc8q8n0kp75liw-icu4c-64_2-src.tar.xz.drv': 1 
dependencies couldn't be built
building /gnu/store/22bdz5hk38p49xllw64xddrn9sgdm6b0-libgcrypt-1.8.4.drv...
cannot build derivation 
`/gnu/store/4wzc4ccnspff6hm00b82ma5c2p9ykh7k-icu4c-64.2.drv': 1 dependencies 
couldn't be built
cannot build derivation 
`/gnu/store/34kcbgv7ls6r214w071p35d18xpirzff-openldap-2.4.47.drv': 1 
dependencies couldn't be built
building /gnu/store/03q5wvsw7f91rkmyawhkhrcqvrxrykrc-psutils.tar.gz.drv...
cannot build derivation 
`/gnu/store/8ij04934aafwspnrarm5c3lv9hnz34i2-curl-7.66.0.drv': 1 dependencies 
couldn't be built
guix pull: error: build of 
`/gnu/store/8ij04934aafwspnrarm5c3lv9hnz34i2-curl-7.66.0.drv' failed

--8<---cut here---end--->8---

I searched in the current guix master branch and found icu4c is at
version 66.1 now (the commit that upgraded to 64.2 is 27ed6960be)

The problem is that
http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz
moved pernamently:

--8<---cut here---start->8---

~$ curl -I http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz
HTTP/1.1 301 Moved Permanently
Date: Thu, 02 Jul 2020 12:27:32 GMT
Server: Apache/2.4.38 (Debian)
Content-Security-Policy: upgrade-insecure-requests;
Location: https://icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz
Content-Type: text/html; charset=iso-8859-1

--8<---cut here---end--->8---

This will be a build server so I'm not using substitutes:

--8<---cut here---start->8---

   (guix-service-type config =>
(guix-configuration
 (inherit config)
 (use-substitutes? #f)
 (authorized-keys
  %authorized-guix-keys))

--8<---cut here---end--->8---

Please how can I fix this situation?

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: tramp and adb, strange escape codes in dired

2020-06-12 Thread Giovanni Biscuolo
Hi,

Giovanni Biscuolo  writes:

[...]

> I'm trying to use adb via tramp (I'd love to be able to browse my phone
> filesystem in Emacs) for the first time and I get a strange dired
> buffer:
>
> --8<---cut here---start->8---
>
>   /adb::/storage:
>   total 13
>   drwxr-xr-x  1 root root  80 05-31 13:04 [1;34m.[0m
>   drwxr-xr-x  1 root root  4k 2009-01-01  [1;34m..[0m
>   drwx--x--x  1 root sdcard_rw 4k 05-31 13:04 [1;34memulated[0m
>   drwxr-xr-x  1 root root  60 05-31 13:03 [1;34mself[0m
>   drwxr-xr-x  1 root root  80 05-31 13:04 [1;34m/storage/.[0m
>   drwxr-xr-x  1 root root  4k 2009-01-01  [1;34m/storage/..[0m
>
> --8<---cut here---end--->8---

It seems a bug in TRAMP, anyone interested please do not feedback here
but have a look at
https://lists.gnu.org/archive/html/help-gnu-emacs/2020-06/msg00109.html

[...]

Happy hacking! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


tramp and adb, strange escape codes in dired

2020-06-11 Thread Giovanni Biscuolo
Hello,

I'm using Emacs 26.3 with TRAMP 2.4.3.5 and adb 7.1.2_r36 [1], all
installed via Guix on a foreign distro (Debian 10).

I still do not undestand if what follows is a TRAMP bug or something
related to my environment.

I've sent a message to help-gnu-em...@gnu.org [2] but I'm asking here in
case anyone in this list is/was able to browse an Android filesystem via
TRAMP+adb.

I'm trying to use adb via tramp (I'd love to be able to browse my phone
filesystem in Emacs) for the first time and I get a strange dired
buffer:

--8<---cut here---start->8---

  /adb::/storage:
  total 13
  drwxr-xr-x  1 root root  80 05-31 13:04 [1;34m.[0m
  drwxr-xr-x  1 root root  4k 2009-01-01  [1;34m..[0m
  drwx--x--x  1 root sdcard_rw 4k 05-31 13:04 [1;34memulated[0m
  drwxr-xr-x  1 root root  60 05-31 13:03 [1;34mself[0m
  drwxr-xr-x  1 root root  80 05-31 13:04 [1;34m/storage/.[0m
  drwxr-xr-x  1 root root  4k 2009-01-01  [1;34m/storage/..[0m

--8<---cut here---end--->8---

If I try to "dired-visit" any of the listed dirs I get this in the
*Messages* buffer:

--8<---cut here---start->8---

dired-get-file-for-visit: File no longer exists; type ‘g’ to update Dired buffer

--8<---cut here---end--->8---

I'm able to use "adb shell" in a shell buffer under Emacs, this is the
result:

--8<---cut here---start->8---

jflte:/storage # ls -lah
ls -lah
total 6.0K
drwxr-xr-x  4 root root80 2020-05-31 13:04 .
drwxr-xr-x 22 root root  4.0K 2009-01-01 01:00 ..
drwx--x--x  3 root sdcard_rw 4.0K 2020-05-31 13:04 emulated
drwxr-xr-x  2 root root60 2020-05-31 13:03 self
jflte:/storage # 

--8<---cut here---end--->8---

and I can "navigate" all my folders via adb shell (in root mode).

Do you have any idea why I get all that escape sequences?

Thanks! Gio'



[1] but I have the same results using adb 8.1.0+r23-5 version from
Debian stable

[2] https://lists.gnu.org/archive/html/help-gnu-emacs/2020-06/msg00101.html

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: curl server certificate verification failed for a few sites

2020-06-08 Thread Giovanni Biscuolo
Marius Bakke  writes:

[...]

> The problem is with GnuTLS, which failed if one of the trust roots were
> using an expired certificate:
>
>   https://gitlab.com/gnutls/gnutls/-/issues/1008

Oh I see, fine!

> It has been fixed in the latest GnuTLS, which is in Guix as of commit
> 8951b9496b5c390adb3b3292d234bb8ab9936c40.  Thanks for reporting it!

Thank you for the explanation and the patch!

Best, Giovanni

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: curl server certificate verification failed for a few sites

2020-06-06 Thread Giovanni Biscuolo
Hi Tobias,

thank you for your clear explanation and patience

...and sorry again to all other Guix users for the "noise": this is not
strictly related to Guix but just to the most recent version of
curl/wget

I still I don't understand the differences between curl (and wget)
behaviour and the last Guix available ungoogled-chromium (see below).

Tobias Geerinckx-Rice  writes:

> Giovanni Biscuolo 写道:
>> Jack Hill  writes:
>>> The error wget gives is a little bit better,
>
> FWIW, I use this (extremely verbose) command to debug/check my own 
> servers:
>
>   $ openssl s_client -showcerts -servername 
>   voices.transparency.org \
> -connect voices.transparency.org:443

With this output I'm able to understand what's going on with this
certificate, thanks!

This command clearly shows the depth of this certificate is 3 and that
the top level cert is expired:

--8<---cut here---start->8---

depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = 
AddTrust External CA Root
verify error:num=10:certificate has expired
notAfter=May 30 10:48:38 2020 GMT

--8<---cut here---end--->8---

I guess that this information, client side, is the same for all browsers
and CLI interfaces (like curl) since long ago: right?

[...]

> They're also sending intermediate certificates that they shouldn't 
> be sending in the first place[0] which doesn't help matters.  I 
> agree that this looks like an outdated server (mis)configuration.

OK but I really don't understand why with a recent browser from Guix -
ungoogled-chromium 81.0.4044.138 - the certificate is detected as valid:
the top root certificate shown in it's graphical "Certificate viewer"
interface is "USERTrust".

It seems that ungoogled-chromium stops the verification at the level=1 
certificate:

--8<---cut here---start->8---

 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA 
Domain Validation Secure Server CA
   i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA 
Certification Authority

--8<---cut here---end--->8---

>> Yes. All modern clients and operating systems have the newer, 
>> modern
>> COMODO and USERTrust roots which don’t expire until 2038.
>
> Right, but ‘modern’ there means ~2015.

I don't fully understand what this means, sorry... but it's not
important :-)

> [0]: 
> https://www.ssllabs.com/ssltest/analyze.html?d=voices.transparency.org&s=52.4.38.70&hideResults=on

I had a look at three random IP addresses from the list of checked ones
(all grade B): they give three certification paths and path #3 is
expired.

Nonetheless, I still do not understand why ungoogled-chromium is
behaving diffrerently than the most recent curl/wget

A similar thing is happening when trying to fetch content (for elfeed)
using curl from:

1. www.skepticalscience.com (server's certificate chain is incomplete)
2. firstmonday.org (uses the expired AddTrust External TTP Network root
certificate)

Both are detected as valid in ungoogle-chromium.

I can ask each of them to update their certificates but I fear it will
be difficult to explain why, given that all "modern browsers" have
absolutely no problem with them :-S

...and yes, I agree they **have** a problem with their certificate
chains :-(


Thanks! Giovanni.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: curl server certificate verification failed for a few sites

2020-06-04 Thread Giovanni Biscuolo
Hi Jack,

thanks for your help!
...and sorry if this is not Guix specific

Jack Hill  writes:

[...]

> I think that this is due to the recent AdTrust Root CA cert expiration 
> [0]. The error wget gives is a little bit better, but you know about the 
> situation to interpret it correctly:
>
> """
> $ wget "https://voices.transparency.org"; -O /dev/null
> --2020-06-04 10:37:29--  https://voices.transparency.org/
> Resolving voices.transparency.org (voices.transparency.org)... 
> 52.4.225.124, 52.4.240.221, 52.1.119.170, ...
> Connecting to voices.transparency.org 
> (voices.transparency.org)|52.4.225.124|:443... connected.
> ERROR: The certificate of ‘voices.transparency.org’ is not trusted.
> ERROR: The certificate of ‘voices.transparency.org’ has expired.
> """

oh I see, I get this error also... but I do not understand the different
behaviour with what I see in Firefox (from Debian) or ungoogled-chromium
(from Guix): using one of those browsers the certificate is valid, the
certificate viewer shows that the root in cert hierarchy is "USERTrust
RSA Certification Authority"

The section in [0] titled "Certificate Chain Diagram" states:

--8<---cut here---start->8---

A legacy browser or older device that does not have the modern
“USERTRust” root would not trust it and so would look further up the
chain to a root it does trust, the AddTrust External CA Root. A more
modern browser would have the USERTrust root already installed and trust
itwithout needing to rely on the older AddTrust root.

--8<---cut here---end--->8---

I do not fully understand why curl and wget return error while Firefox
and ungoogled-chromium not

[...]

> Therefore, I think the fix is for voices.transparency.org to update the 
> certificate chain/bundle that they are sending.
>
> [0]
> https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l0117LT

this page states:

--8<---cut here---start->8---

Will my certificate still be trusted after May 30, 2020?

Yes. All modern clients and operating systems have the newer, modern
COMODO and USERTrust roots which don’t expire until 2038.

--8<---cut here---end--->8---

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


curl server certificate verification failed for a few sites

2020-06-04 Thread Giovanni Biscuolo
Hello Guix,

this is my current Guix version:

--8<---cut here---start->8---

Generation 71   giu 03 2020 17:44:58(current)
  guix 2f49007
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 2f49007dd076b14feb40d7c3331dee3e737265c844

--8<---cut here---end--->8---

I'm having a strange error with curl from Guix (on a foreign distro):

--8<---cut here---start->8---
giovanni@roquette: curl -I https://voices.transparency.org
curl: (60) server certificate verification failed. CAfile: 
/home/giovanni/.guix-extra-profiles/emacs/emacs/etc/ssl/certs/ca-certificates.crt
 CRLfile: none
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
--8<---cut here---end--->8---

I'm working in a profile with "curl" and "nss-certs" installed, I my
profile activate with:

--8<---cut here---start->8---
GUIX_PROFILE="/home/giovanni/.guix-extra-profiles/emacs/emacs" ; . 
"$GUIX_PROFILE"/etc/profile
--8<---cut here---end--->8---

and it seems to me that the env is set up correctly, especially I have:

--8<---cut here---start->8---
CURL_CA_BUNDLE=/home/giovanni/.guix-extra-profiles/emacs/emacs/etc/ssl/certs/ca-certificates.crt
--8<---cut here---end--->8---

With other sites I have no problems, e.g. with "curl https://google.com";
or "curl https://fsf.org";

I also have no problem using curl from my foreign distro, i.e.:

--8<---cut here---start->8---
giovanni@roquette: /usr/bin/curl -I https://voices.transparency.org
HTTP/2 200 
server: nginx
date: Thu, 04 Jun 2020 12:31:30 GMT
content-type: text/html; charset=utf-8
content-length: 331031
set-cookie: uid=lo_qSsMbQ4z5dnK; Expires=Fri, 04-Jun-21 12:31:30 GMT; Path=/; 
Secure; HttpOnly
sepia-upstream: medium
x-opentracing: 
{"ot-tracer-spanid":"390949417d4930c0","ot-tracer-traceid":"7f0fd7d0262c0c9b","ot-tracer-sampled":"true"}

[...]

x-frame-options: sameorigin
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-ua-compatible: IE=edge, Chrome=1
x-powered-by: Medium
x-obvious-tid: 1591273890249:f076faaf3e63
x-obvious-info: 41228-18f1264,18f1264f828
link: <https://medium.com/humans.txt>; rel="humans"
cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Thu, 09 Sep 1999 09:09:09 GMT
pragma: no-cache
set-cookie: 
sid=1:h/sJWfMuvxt6xsp9CxiSVZhE/m0Gkrnt1Aj+VWcPGV1cpLwK14Dg7Rfr4fWgzCz9ru4qnVfGEhX+mljUMOriPA==;
 path=/; expires=Fri, 04 Jun 2021 12:31:30 GMT; samesite=none; secure; httponly
set-cookie: optimizelyEndUserId=lo_qSsMbQ4z5dnK; path=/; expires=Fri, 04 Jun 
2021 12:31:30 GMT; samesite=none; secure
--8<---cut here---end--->8---

Am I missing something in my env, there is a problem in
https://voices.transparency.org setting or is something else?

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


sane-airscan (Re: [OT] Free software compatible Multifuncion printer

2020-04-23 Thread Giovanni Biscuolo
Hello Guix,

sorry for the OT but maybe this could be useful for someone else here

Giovanni Biscuolo  writes:

[...]

> I just got a brend new HP LaserJet MFP M227sdn, HP ships hplip &
> co. since long ago and they have a pretty informative list of supported
> printers

[...]

> ...that means a bug report on Ubuntu Launchpad :-S
> https://bugs.launchpad.net/hplip/+bug/1874254

in that thread brian_p pointed me to sane-airscan
https://github.com/alexpevzner/sane-airscan

--8<---cut here---start->8---

If you are a lucky owner of scanner or MFP which works via network with
Apple devices, I have a good news for you: now your scanner works with
Linux as well!

In theory, this backend should work with any scanner that supports the
eSCL protocol (unofficially known as AirScan or AirPrint scanning). In
practice, it was tested on several devices from Canon, Kyocera and HP,
and this list constantly grows, though slowly, so feedback regarding
other devices is very welcomed.

Apple maintains a comprehensive list of compatible devices, but please
note, this list contains not only scanners and MFP, but pure printers as
well.

To use this backend, you don't need to install ScanGear from Canon,
HPLIP from HP or some other proprietary software from hardware
vendor. This backend works directly with your device and doesn't depend
on a 3rd party closed source components.

--8<---cut here---end--->8---

I've tested it using the provided Debian 10 packages (personal repo
hosted on software.opensuse.org) and it works.

It's GPL2+ but I still have to check if there are really no blobs

I'll try and make a Guix package, if I'll be able

HTH! Gio'


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


[OT] Free software compatible Multifuncion printer

2020-04-22 Thread Giovanni Biscuolo
Hello guix users!

sorry for this OT, I know there are other community channels to search
for this kind of information but they are really scarce:
https://h-node.org/printers/catalogue/en/1/1/undef/undef/undef/undef/compatibility/undef?search_string=MFP&submit=Search

Please do you have a suggestion on a MFP (Multifunction Printer) that
can print _and_ scan using just free software, without additional
proprietary blobs?

This is somewhat a follow-up on Chris Marusich help request... more than
one year later:
https://lists.gnu.org/archive/html/help-guix/2019-03/msg00113.html

I'm too much sad about the hardware compatibility with free software in
2020... since 2003 :-(... and this is _not_ a free software community
fault.

I just got a brend new HP LaserJet MFP M227sdn, HP ships hplip &
co. since long ago and they have a pretty informative list of supported
printers

https://developers.hp.com/hp-linux-imaging-and-printing/supported_devices/index

Column 3 of that list is about "Driver Plug-in" and that column says
"No" for my printer [1], so my printer and scanner should be fully
supported.

...but I just found that if I do not install the proprietary binary (via
"sudo hp-plugin") the scan function just does not work; I've also opened
a bug report via the only official channel availabre from HP:
https://developers.hp.com/hp-linux-imaging-and-printing/support

...that means a bug report on Ubuntu Launchpad :-S
https://bugs.launchpad.net/hplip/+bug/1874254


I'm considering opening an official complaint with HP and returning the
MFP printer, but I'd also like to know how can I solve my issue: I'd
really like a printer and scanner in one appliance.

The alternative oprion is to continue like I did since yesterday: keep
printer and scanner separate, so I'll have more options to find a
completely free software compatible scanner via SANE Project



Any hit is appreciated
Thanks! Giovanni



[1] ("Required") A downloadable driver plug-in is required for printing
support. ("Optional") A downloadable driver plug-in is optional for
printing support and may increase the speed, quality, or other aspect of
printed output. ("No" or "None") A driver plug-in is not required nor
available. Driver plug-ins are released under a proprietary (non-open)
license and are not part of the HPLIP tarball release. For more
information, please refer to this
https://developers.hp.com/hp-linux-imaging-and-printing/binary_plugin.html


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Useless gandi.cli (was: [bug#39447] [PATCH] gnu: Add python-gandi.cli.)

2020-03-18 Thread Giovanni Biscuolo
Tobias Geerinckx-Rice  writes:

[...]

>> https://v4.gandi.net/admin/api_key
>
> I'd love to, but that doesn't work for everyone anymore:
>
>   Account already migrated
>   This account has already been migrated to Gandi's new 
>   website. […]

Mumble... actually I don't know why but I'm able to log in in V4 (using
the "legacy" handle") and V5

> That message is new.  When I opened this bug a week ago, logging 
> into V4 still broke IceCat with a redirect loop, with no 
> indication of what went wrong.  I haven't changed or updated my 
> browser since.

The joy of web interfaces :-S

>> They are planning to close the v4 customer web interface, I hope 
>> they
>> will fix this before... but fortunately it's still working
>
> I'm glad to hear it's still working for you

ehrm, ehrm: actually I never used gandi.cli and I'm testing it in my
spare time

1. the legacy "gandi domain list" just lists the domanins of my "legacy"
v4 handle

2. "gandi dns domain.list" (the v5 equivalent) gives an empty list

3. curl -H "Authorization: Apikey $GANDI_APIKEY" 
https://api.gandi.net/v5/domain/domains
gives me the complete list (that means the domains in all the organizations I'm 
part of)

> at least, and I suspect someone who really needs the CLI could ask
> support for an XMLRPC key.  That's enough to keep it in Guix.  It was
> not enough to keep me with Gandi.

gandi.cli needs more love:

1. https://github.com/Gandi/gandi.cli/issues/279
Unable to manage domains migrated to Gandi-V5

2. https://github.com/Gandi/gandi.cli/issues/288 (Order domain name via API V5)

and probably also the API:

1. https://github.com/Gandi/gandi.cli/issues/285
dns update command reports "Remote API service is unreachable"

that bugs are still open, they made some commits since the 1.5 release
but AFAIU by a quick look at the code that ploblems are still open (and
probably upgrading gandi.cli to a newer commit won't enhance the
situation)

[...]

Ciao, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Useless gandi.cli (was: [bug#39447] [PATCH] gnu: Add python-gandi.cli.)

2020-03-17 Thread Giovanni Biscuolo
Hello Tobias,

sorry for the late reply

Tobias Geerinckx-Rice  writes:

> Amin,
>
> Amin Bandali 写道:
>> * gnu/packages/python-xyz.scm (python-gandi.cli): New variable.
>
> Does it do anything for you?  After reading the issue tracker it's 
> clear to me that gandi.cli is unusable and unmaintained.  I'd love 
> to be proven wrong.
>
> Here ‘gandi domain list’ returns ‘Invalid API key, please use 
> 'gandi setup' command’ no matter what I do.  All non-trivial 
> operations require an old XMLRPC key which isn't ever possible to 
> generate nowadays[0].
>
> Kind regards,
>
> T G-R
>
> [0]: 
> https://github.com/Gandi/gandi.cli/issues/292#issuecomment-560370741

I'm not a regular user of gandi.cli (hope I will) so I've not tested all
the features now, but it is working for me

You have to use Gandi V4 customer web interface to get the "legacy"
XMLRPC API key and it worked for me, done 3 minutes ago

https://v4.gandi.net/admin/api_key

They are planning to close the v4 customer web interface, I hope they
will fix this before... but fortunately it's still working

HTH! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Scheduling and getting notifications in a desktop or window manager environment

2020-03-17 Thread Giovanni Biscuolo
Hello,

I've no direct experience with desktop notifications but...

sirgazil  writes:

[...]

> I tried GNOME Calendar some time ago in the Guix System, I liked its
> simplicity, but it was not reliable (notified sometimes, sometimes
> not).

What about orage? I tried that once and *maybe* it has a notification
system.

I use radicale as my CalDAV/CardDAV server with vdirsyncer [1] on my GNU
machines to keep events and contacts in sync (with DAVx5 on Android)...

...but orage can be used also standalone

[...]

HTH! Gio'



[1] I'm a little bit worried on its future 
https://github.com/pimutils/vdirsyncer/issues/790

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: how to run docker?

2020-03-17 Thread Giovanni Biscuolo
Hi Adam,

Adam Kandur via  writes:

> hi, guixers!
> Sorry for newbe question. 
> How yo run docker service after installation docker package?

you don't need to install the package, you just need to configure your
service (packages will be automatically installed in the system profile)

The documentation is here:
https://guix.gnu.org/manual/en/guix.html#Miscellaneous-Services

This is what I did in my config.scm: 

--8<---cut here---start->8---

[...]
  (services
(append
 (list 
[...]

   (service ntp-service-type) ;; clock **must** be in sysc

   (elogind-service) ;; needed by docker-service
   (dbus-service) ;; needed by docker-service
   (service docker-service-type)
[...]

--8<---cut here---end--->8---

Clock must be in sync in general, I don't remember if this is also a
requirement for docker (probably not, but it was for sure for other
services)

HTH! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: how can I add a static IPv4 route?

2020-02-13 Thread Giovanni Biscuolo
Hi Julien

thanks for your support!

Julien Lepiller  writes:

> Le 12 février 2020 13:08:46 GMT-05:00, Giovanni Biscuolo  a 
> écrit :
>>Hello,
>>
>>I have a very simple networking configuration:
>>
>>--8<---cut here---start->8---
>>(service dhcp-client-service-type)
>>--8<---cut here---end--->8---
>>
>>Please how can I add a static route? (I know there is wip-netlink, but
>>AFAIU it's still not in master)

[...]

> However, if you don't need IPv6, I'd like to encourage you to use the
> static-networking-service that's described in the manual:
> https://guix.gnu.org/manual/devel/en/html_node/Networking-Services.html#Networking-Services

Thanks for your suggestion but I don't understand how to use it just to
add a static route to the interface set up by dhcp-client-service-type.

I'm trying to have something similar to this debian interfaces config:

--8<---cut here---start->8---
auto eth0
iface eth0 inet dhcp
### static routing for eth0 ###
post-up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.9.38.65
pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.9.38.65
--8<---cut here---end--->8---

I'd like to stay whith a dhcp client config, but please provide an
example on how to add a static route to a configuration like this:

--8<---cut here---start->8---
(static-networking-service "eno1" "192.168.1.82"
   #:gateway "192.168.1.2"
   #:name-servers '("192.168.1.2"))
--8<---cut here---end--->8---

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


how can I add a static IPv4 route?

2020-02-12 Thread Giovanni Biscuolo
Hello,

I have a very simple networking configuration:

--8<---cut here---start->8---
(service dhcp-client-service-type)
--8<---cut here---end--->8---

Please how can I add a static route? (I know there is wip-netlink, but
AFAIU it's still not in master)

I found a message from Julien [1] explaining he is using a custom
service [2] to define both IPv4 and IPv6 for the same device: do I have
to adapt that?

Since my guile-fu is very minimal, please do you have a snippet I can
reuse apart Julien's above?

Thanks! Gio'

[1] Message-ID: <80602dd8-60a9-487d-b39c-46360f42c...@lepiller.eu>

[2] 
https://framagit.org/tyreunom/system-configuration/blob/master/modules/config/network.scm

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Default autogroup niceness of Guix build daemon

2020-01-27 Thread Giovanni Biscuolo
Hi James,

"J. R. Haigh (re. Guix)"  writes:

> Hi all,
>   I've been using Guix on Debian 9 Stretch

[...]

>   Is there a way to declaratively set the default autogroup
>   niceness of Guix's build daemon?

Since Debian 9 users systemd, should be possible by configuring a limit
in the systemd service unit file [1]; I've never tried but try adding
"LimitNICE=19" in the [Service] stanza

Documentation on that parameter here:
https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Process%20Properties

Remember to "systemctl daemon-reload" after editing one the systemd
service unit file

HTH! Gio'

[1] /etc/systemd/system/guix-daemon.service

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Passwords inside System Configuration

2020-01-24 Thread Giovanni Biscuolo
Hi Raghav,

Raghav Gururajan  writes:

[...]

>> > 3) LUKS Device
>> 
>> AFAIK it's not possible to provide the passphrase in the system
>> configuration, and it's by design :-)
>
> Hmm, I have heard of a way to embed the passphrase in 'initrd'. Do you
> know how to do that?

no sorry, I never searched for that because I think it is unsecure, so I
don't know how to do it  

HTH! Gio'

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Passwords inside System Configuration

2020-01-20 Thread Giovanni Biscuolo
Hello Raghav, 

"Raghav Gururajan"  writes:

> Hello Guix!
>
> I would like to insert/set password for the following, inside system 
> configuration (config.scm):
> 1) Roor User
> 2) Regular User

--8<---cut here---start->8---
(user-account
  (name "charlie")
  (group "users")

  ;; Specify a SHA-512-hashed initial password.
  (password (crypt "InitialPassword!" "$6$abc")))
--8<---cut here---end--->8---

but please read
https://guix.gnu.org/manual/en/html_node/User-Accounts.html#user_002daccount_002dpassword

--8<---cut here---start->8---
You would normally leave this field to #f, initialize user passwords as
root with the passwd command, and then let users change it with
passwd. Passwords set with passwd are of course preserved across reboot
and reconfiguration.

[...]

Note: The hash of this initial password will be available in a file in
/gnu/store, readable by all the users, so this method must be used with
care.

--8<---cut here---end--->8---

> 3) LUKS Device

AFAIK it's not possible to provide the passphrase in the system
configuration, and it's by design :-)

I mean: you set the LUKS passphrase "imperatively" when encrypting the
device (e.g. during installation) or to change it later, storing it in
config.scm would mean to make it available in /gnu/store, readeable by
all users... and you should avoid it

[...]


HTH! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


dbus problems running next in my environment (LTSP), also via ssh -Y

2020-01-13 Thread Giovanni Biscuolo
Hello Guix,

I suspect this is related to my environment and not to next... but don't
understand why and how to fix it

also, probably I have dbus problems for other applications too but I do
not see them because they are not blocking like in next


I installed next 1.4 via guix on two Debian 10 machines:

1. my laptop: next works fine and I'm happy
2. my LTSP app server: it does not work :-S

this is the error I get on my app server:

--8<---cut here---start->8---

giovanni@roquette: next -v
Arguments parsed: (VERBOSE T) and NIL
Next version 1.4.0
 [18:38:43] next remote.lisp (ensure-dbus-session fun1 fun65) -
  Failed to run (dbus-launch): dbus-launch not found

--8<---cut here---end--->8---

my dbus related processes on this failing machine are:

--8<---cut here---start->8---
giovanni 32087  0.0  0.0  11032  2276 ?S18:34   0:00 
/usr/bin/dbus-launch --exit-with-session --sh-syntax
giovanni 32088  0.0  0.0   8880  2888 ?Ss   18:34   0:00 
/usr/bin/dbus-daemon --syslog --fork --print-pid 5 --print-address 7 --session
giovanni 32124  0.0  0.0   3336  2852 ?S18:34   0:00 
/gnu/store/zjalyyj5v1gygqh613p3y5b3hp7rdxpj-dbus-1.12.12/bin/dbus-daemon 
--config-file=/gnu/store/rhx1m9ms4a856rayxdb60z776av63f18-at-spi2-core-2.32.1/share/defaults/at-spi2/accessibility.conf
 --nofork --print-address 3
--8<---cut here---end--->8---

and the related DBUS env on the failing machine is:

--8<---cut here---start->8---
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-X4UdsFONq5,guid=8fc98da614e6df5de9ef6fe45e1caa2d
--8<---cut here---end--->8---



on the laptop, where next is running fine, I have this dbus related
processes:

--8<---cut here---start->8---
g 2665  0.0  0.0   9088  4388 ?Ss   Jan12   0:22 
/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile 
--systemd-activation --syslog-only
g 2878  0.0  0.0   8884  4160 ?SJan12   0:00 
/usr/bin/dbus-daemon 
--config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork 
--print-address 3
--8<---cut here---end--->8---

and this dbus related env:

--8<---cut here---start->8---
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus
--8<---cut here---end--->8---


Any hint please?

Thanks, Gio'



-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: ungoogled-chromium aborts on foreign distro via LTSP (Linux Terminal Server Project)

2020-01-13 Thread Giovanni Biscuolo
Hello Marius,

Thanks! the issue was related to lack of user namaspaces

Marius Bakke  writes:

> Giovanni Biscuolo  writes:

[...]

>> The same updated version of ungoogled-chromium from Guix on a Debian 10
>> laptop does not have this problem, so it's specific to the LTSP
>> environment I guess

no: my laptop had user namespaces enabled :-)

>> The chromium binary from Debian 10 on the same LTSP environment does not
>> have the same problem, it works

so the Debian binary is working without user namespaces?

>> Any suggestion on where to look for problems here, please?
>
> The (ungoogled-) Chromium sandbox relies on user namespaces support in
> the kernel.  I guess `guix environment -C` does not work either?

no, "guix environment -C" was not working and *still* does not
work... but I'm almost sure it depends on something else, more on this
in another thread

> Debian disables user namespaces by default, try this command to enable
> it:
>
>  sudo sysctl -w kernel.unprivileged_userns_clone=1

it worked, I made it persistent also [1]

Thanks again! Gio'



[1] sudo su -c "echo 'kernel.unprivileged_userns_clone=1' > 
/etc/sysctl.d/00-local-userns.conf"

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


ungoogled-chromium aborts on foreign distro via LTSP (Linux Terminal Server Project)

2020-01-10 Thread Giovanni Biscuolo
Hi Guix,

first and foremost kudos Marius Bakke for the great work in maintaining
this package!

if I run the last ungoogled-chromium Guix version in my terminal session
[1] on a Debian 10 server, I get SIGABRT:

--8<---cut here---start->8---
[14913:14913:0110/113833.689067:FATAL:zygote_host_impl_linux.cc(116)] No usable 
sandbox! Update your kernel or see 
https://chromium.9oo91esource.qjz9zk/chromium/src/+/master/docs/linux_suid_sandbox_development.md
 for more information on developing with the SUID sandbox. If you want to live 
dangerously and need an immediate workaround, you can try using --no-sandbox.
#0 0x561fb4b09f09 base::debug::CollectStackTrace()

Received signal 6
#0 0x561fb4b09f09 base::debug::CollectStackTrace()
  r8:   r9: 7ffc91ca6500 r10: 0008 r11: 
0246
 r12: 7ffc91ca7750 r13: 0170 r14: 7ffc91ca7910 r15: 
7ffc91ca6780
  di: 0002  si: 7ffc91ca6500  bp: 7ffc91ca6740  bx: 
0006
  dx:   ax:   cx: 7fee29c227fa  sp: 
7ffc91ca6578
  ip: 7fee29c227fa efl: 0246 cgf: 002b0033 erf: 

 trp:  msk:  cr2: 
[end of stack trace]
Calling _exit(1). Core file will not be generated.
--8<---cut here---end--->8---

If I run ungoogled-chromium with --no-sandbox it works, but I'd like not
to browse with the sandbox off (I'm going to study how to run my
browsers in a guix container, but it't not the solution AFAIU)

The same updated version of ungoogled-chromium from Guix on a Debian 10
laptop does not have this problem, so it's specific to the LTSP
environment I guess

The chromium binary from Debian 10 on the same LTSP environment does not
have the same problem, it works

Any suggestion on where to look for problems here, please?

Thanks! Gio'


[1] I have a couple LTSP terminals connected to a LTSP server

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Relationship between Docker and Guix

2019-11-26 Thread Giovanni Biscuolo
Hellp zimoun,

my two cents on Docker as container images builder (not as "container
instantiation toolbox")

zimoun  writes:

[...]

> The relationship between Docker and GNU Guix is container and the LXC
> [1] technology. They use both but differently:
>
>  - Docker is rooted in mutable/imperative and tries to go to more
>  functional;

Docker images are immutable, they are usually (but not exclusively)
generated via `docker build` using an imperative "dockerfile language"
(so immutable/imperative :-) ); images are used to instantiate Linux
containers and there are tools (bind mounts, environment) to separate
state (data/config) from "system" to obtain a stateless container: the
"stateless" status of the container however is strictly tied to the
stateless properties of the underlying ditribution used to build the
container

I'm not sure what you mean with "tries to go more funtional" since AFAIU
dockerfile "language" is not going to be funcional anytime soon,
probably it does not even need to.

The main issue with the use of dockerfiles is that unfortunately the
FROM layering option (usually *heavily* used by docker images packagers)
often makes keeping control of what is actually distributed with the
image [1], cryptominers included, simply an... illusion... ehrm hard
work :-).  I've done it for work and that is the main reason I *avoid*
any docker image not built by me as soon as I can.

[...]

> Everything starts with a configuration file: Dockerfile versus manifest.scm.
>
>  - Dockerfile depends on the state of the distribution that one will
> use -- say Debian -- and each time "RUN apt-get update" and/or "RUN
> apt-get install" is called then no one can know in advance what the
> resulting disk image will *exactly* contain;

The non reproducible (not stateful) nature of the resulting docker
images directly depends on the distribution used to build it: Debian
have no means to "pin" a specific version in time (tag or commit, ala
Guix) to use; indeed if I use Guix as initial system image (FROM
guix-base) and a combination of manifests and channels definitions I can
get a reproducible image (never tried this, just theory :-) )

Anyway, using `guix pack -f docker...` is much much better than the
above dockerfile example :-O

This is just to say that it is not `docker build` fault not creating
reproducible images :-)

[...]

Ciao. Gio'


[1] even from a legal POV

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: service 'dockerd' requires 'dbus-system', which is not provided by any service

2019-11-18 Thread Giovanni Biscuolo
Hello,

reply to self...

Giovanni Biscuolo  writes:


[...]

> What do I miss plz?

I had to install also elogind and dbus services:

--8<---cut here---start->8---
(use-service-modules [...] desktop dbus docker)

[...]
  
(elogind-service) ;; needed by docker-service, in desktop service-module
(dbus-service) ;; needed by docker-service, in dbus service-module
(service docker-service-type)
--8<---cut here---end--->8---

Do we need to add a note on the manual or is a bug in
docker-service-type (in that case I'm willing to open the bug report)?

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


service 'dockerd' requires 'dbus-system', which is not provided by any service

2019-11-18 Thread Giovanni Biscuolo
Hello Guix!

I'd like to use the docker-service-type so I added this

--8<---cut here---start->8---
(service docker-service-type)
--8<---cut here---end--->8---

to my config.scm but if I try to

--8<---cut here---start->8---
sudo guix system reconfigure /etc/config.scm
--8<---cut here---end--->8---

I get this error:

--8<---cut here---start->8---
guix system: error: service 'dockerd' requires 'dbus-system', which is not 
provided by any service
--8<---cut here---end------->8---

What do I miss plz?

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: New reconfigure, creating a file under /etc

2019-10-09 Thread Giovanni Biscuolo
Hi Efraim,

thanks for the very interesting example!

Efraim Flashner  writes:

[...]

> (define %os-release-file
>   (plain-file "os-release"
>   (string-append
> "NAME=\"Guix System\"\n"
> "PRETTY_NAME=\"Guix System\"\n"
> "VERSION=\""((@ (guix packages) package-version) (@ (gnu 
> packages package-management) guix))"\"\n"
> "ID=guix\n"
> "HOME_URL=\"https://www.gnu.org/software/guix/\"\n";
> "SUPPORT_URL=\"https://www.gnu.org/software/guix/help/\"\n";
> "BUG_REPORT_URL=\"mailto:bug-g...@gnu.org\"\n";)))
>
> (simple-service 'os-release etc-service-type
> `(("os-release" ,%os-release-file)))

[...]

IMHO this is a perfect candidate - whith many other replies in help-guix
- for the Guix Cookbook (thanks Ricardo for creating it!): what about to
expand your example in a patch for the cookbook? :-)

Thanks! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures



Re: cannot boot with BTRFS in degraded mode

2019-09-06 Thread Giovanni Biscuolo
Hello Maxim,

Maxim Cournoyer  writes:

[...]

> Fixing the Grub config (manually or not) is one thing, but not enough,
> as it is the init script (contained within the initrd)

Yes I was obviously wrong: the initrd must be updated, also!

> run by the kernel
> that mounts the root partition.  This script currently doesn't honor the
> rootflags= argument given to the Linux kernel command line, which means
> that you cannot pass extra options (such as 'degraded') to mount your
> root partition during the early boot process of the system.

Yes, now I understand, thanks!

>> Anyway, with the help of a friend, in a few hours we are going to test
>> this solution :-)
>
> Good luck!

The only viable solution to this problem is to boot a rescue system and
fix the BTRFS array there: I'm doing it now via grml (remotely via ssh
with the help of a friend who "manually" started the network and ssh
daemon)

For the records, this is what I did:

1. btrfs replace start 5 /dev/sde /target (since the missimg one was the
5th)

2. btrfs replace status /target

it took less then 10 mins to replace a 1TB disk with 76.28GiB used:

--8<---cut here---start->8---
Started on  6.Sep 09:21:44, finished on  6.Sep 09:40:45, 0 write errs, 0 
uncorr. read errs
--8<---cut here---end------->8---

[...]

Thank you again for your support! Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: cannot boot with BTRFS in degraded mode

2019-09-05 Thread Giovanni Biscuolo
Hello Maxim,

Maxim Cournoyer  writes:

[...]

> Also note that for the time being, the init script of Guix doesn't honor
> the "rootflags" kernel argument.

AFAIU this means Guix will not configure the grub parameter in the grub
config, but if I pass "rootflags" via grub "manually" that should be
passed to the kernel: right?

Anyway, with the help of a friend, in a few hours we are going to test
this solution :-)

> The good news is that there is a patch awaiting testing/review that adds
> support for it here:
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37305.

AFAIU it's a good patch, thanks!

IMHO actually it's two patches merged togheter: "honor rootflags kernel
parameter" and "Allow booting from a Btrfs subvolume", anyway it's a big
imrovement for BTRFS users

I'll try them and will report back!

Thanks, Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures



Re: cannot boot with BTRFS in degraded mode

2019-09-05 Thread Giovanni Biscuolo
Hi Gábor,

Gábor Boskovits  writes:

[...]

>> Christopher suggested I might be able to at least mount the filesystem
>> with the degraded option in the guix rescue environment, which might be
>> something like:
>>
>> --8<---cut here---start->8---
>>  (mkdir "/mnt/broken-root")
>>  (mount "/dev/sda3" "/mnt/broken-root" "btrfs" 0 "degraded")
>> --8<---cut here---end--->8---
>>
>> but we do not know how to proceed from there.
>
> I don't know what would work from here, but here are a few ideas:
> 1. somehow hack the degraded root option into the bootloader config, like
> here:
> https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1229456

Oh great! I was not able to find what it seems a solution to boot: add
"degraded" to the "rootflags=" kernel parameters (ah my ignorance!)

I also find (just now :-S) this message very helpful:
https://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg31265.html

> 2. try to switch_root, using /bin/sh as init, and try to fix the bootloader
> config from there.

This is not strictly needed, all I need to boot is entering the grub
editing mode, boot degraded and solve the problem with "btrfs
replace..." and "btrfs balance..."

I was thinking to permanently add "rootflags=[...],degraded" as kernel
parameter but reading the message I mentioned above:

--8<---cut here---start->8---
Altho if it is indeed true that btrfs will now refuse to mount writable 
if it's degraded like that, that's not such a huge issue either, as the 
read-only mount can serve as the same warning.  Still, I certainly prefer 
the refusal to mount entirely without the degraded option, if indeed the 
filesystem is lacking a component device.  There's nothing quite like 
forcing me to actually type in "rootflags=degraded" to rub my face in the 
reality and gravity of the situation I'm in! =:^)
--8<---cut here---end--->8---

I changed my mind: booting in degraded mode should be done "manually"
just to solve the issue :-)

> 3. see what the original script is doing, either by having a look at how it
> is composed:
> see for example: gnu/system.scm:
> operating-system-default-essential-services,
> gnu/services.scm: %boot-service and most prominently:
> gnu/services/shepherd.scm: shepherd-boot-gexp
>
> Wdyt?

I'm certailny going to study how Guix instruments the booting of a
machine, but I need time... and I'm late :-S

Thank you very much for the pointers, indeed!

[...]

Ciao, Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


cannot boot with BTRFS in degraded mode

2019-09-04 Thread Giovanni Biscuolo
Hi Guix!

Yesterday I had to physically replace a failed disk on milano-guix-1
(one of Guix build machines), that disk was part of a BTRFS RAID10
multi disk array and now the machine is unbootable

The BTRFS RAID10 array was made of 6 disks and was running well, some
days ago Christopher Baines found that the 5th disk (/dev/sde) of that
array failed and was able to remount it in degraded mode in order to
re-balance the array and go on working without data loss

Unfortunately I was not able to perform a "btrfs replace..."  since
adding a new disk (we have spare slots) was not detected by the
kernel... HP ProLiant Smart Array is not so smart after all (aka bye bye
hot swapping of disks) :-S...

So I had to reboot the server and enter the config tool, added the new
drive as a new Smart Array logical volume (RAID0 with 1 drive) [1] and
removed the failed logical volume

The problem now is that the boot process stops when trying to mount the
BTRFS filesystem, the error is:

--8<---cut here---start->8---
BTRFS error (device sda3): devid 5 uuid [omissis] is missing
--8<---cut here---end--->8---

([omissis] means I'm not copying the exact uuid, sda3 is the first block
device in the BTRFS pool)

All I get now is the guix rescue environment prompt, that I do not know
how to use: I'm not able to boot with BRTFS in degraded mode :-S

Christopher suggested I might be able to at least mount the filesystem
with the degraded option in the guix rescue environment, which might be
something like:

--8<---cut here---start->8---
 (mkdir "/mnt/broken-root")
 (mount "/dev/sda3" "/mnt/broken-root" "btrfs" 0 "degraded")
--8<---cut here---end--->8---

but we do not know how to proceed from there.

Obviously I have no way now to reconfigure guix, the only idea I got is
to boot from an USB rescue disk (e.g. grml) and try to do a "btrfs
replace..." from there: that should fix the BTRFS array and should allow
a mount in non-degraded mode, so the next Guix boot should succeed

That machine is physically far away from me and I should collect as much
info as possible before I go there to test for a solution (no remote
serial console unfortunately)

I'm searching the web for a solution, any hint will be greatly
appreciated :-)

Meanwhile milano-guix-1 build machine is offline... :-(

Thank you for your attention, Gio'




[1] AFAIU that is the only way to present a single disk to the OS and
let the OS manage it as part of a **software** RAID pool (hardware RAID
is not an option)

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Why reproducibility is breaking by metadata?

2019-07-06 Thread Giovanni Biscuolo
Hello Konrad,

Konrad Hinsen  writes:

[...]

> Philosophical side note: the right way to store provenance information
> is outside of the data they refer to. Unfortunately, with file-based
> storage, there is no clean way to attach the provenance information
> securely to the data without putting it into the same file.

Just "food for thought": git-annex metadata allows users to attach
arbitrary metadata to their annexed files, «metadata is stored in the
git-annex branch, and so is automatically kept in sync with the rest of
git-annex's state»

Being content-hashed, each file will persintently keep its metadata even
in case of renames (in the git-annex "filesystem" scope)

I doubt this could be applied to `guix pack`, but it's an intereting
approach to "sidecar" metadata

Happy Guix! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: support for btrfs multiple devices?

2019-06-25 Thread Giovanni Biscuolo
Hello Matt,

Matt Huszagh  writes:

> I'm unable to get even a basic guix system init working with btrfs on 2
> partitions. I setup the btrfs filesystem with:
>
> mkfs.btrfs -L btrfs -m raid1 -d raid0 /dev/nvme0n1p2 /dev/sda1

Please can you specify how did you then installed Guix on your system?

> and in my config:
>
> (define fs-root
>   (file-system
>(mount-point "/")
>(type "btrfs")
>(device (file-system-label "btrfs"))

Can you please try using uuid instead of file-system-label?

>(options "defaults,compress=lzo,ssd,noatime")
>(needed-for-boot? #t)))
>
> (define fs-boot
>   (file-system
>(mount-point "/boot/efi")
>(type "vfat")
>(device (uuid "68C5-A2D1" 'fat
 fat32 ? :-)
>
>  (file-systems (append
> (list
>  fs-root
>  fs-boot)
> %base-file-systems))

[...]

> Has anyone gotten btrfs working with any sort of multi-device raid
> capability?

Yes, I did it on milano-guix-1 build machine (and I'm almost sure I'm
not the only one around):

That machine configuration is here:
http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/milano-guix-1.scm

I initially installed on a RAID1 (both data and metadata) btrfs volume
using two disk partitions, with manual installation method, and it
worked; lately I added 4 more disks (whole disks) and converted the
volume to RAID10

> Any pointers would be greatly appreciated!  I've now devoted 4 full
> days and still can't get past the guix system init phase - I'm pretty
> close to giving up...

Can you please provide a step-by-step report of what you are doing when
installing, maybe a review could reveal something wrong... or probably a
Guix bug :-)

Thanks for reporting!

Happy Guix! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: grub with encrpted root no longer automatically loads luks

2019-06-21 Thread Giovanni Biscuolo
Hello Jack,

I don't have a Guix machine using root on encrypted LUKS now, but I
tested this non so long ago and it worked well

Jack Hill  writes:

> I've noticed that recently (unfortunately, I don't know exactly when it 
> started), that grub no longer prompts me to enter my password to unlock my 
> root filesystem.

Are you able to boot to a previous Guix System generation and try to
find the one that introduced this behaviour?

Are you sure you did not reconfigured your device mapping meanwhile?

> I notice that at the grub command line, if I enter 
> `cryptomount -a`, I am not prompted for a password, and the root 
> filesystem does not become available. However, if I first run `insmod 
> luks` and then `cryptomount -a`, I am prompted for my password, and the 
> root filesystem become available and I can boot normally.

I imagine you are entering the grub CLI because you get some error:
what's the error please?

[...]

>   ;; Specify a mapped device for the encrypted root partition.
>   ;; The UUID is that returned by 'cryptsetup luksUUID'.
>   (mapped-devices
>(list (mapped-device
>(source (uuid "f7776767-70c9-44e3-9973-c1334d301348"))
>(target "alperton_root")
>(type luks-device-mapping
>
>   (file-systems (cons*
>   (file-system
>(device (file-system-label "boot"))
>(mount-point "/boot")
>(type "ext4"))
>   (file-system
>(device (file-system-label "alperton_root"))
>(mount-point "/")
>(type "ext4")
>(dependencies mapped-devices))
>   %base-file-systems))

AFAIU (mapped-device ..(target "name") (type luks-device-mapping)))
creates the mapped device /dev/mapper/name; file-system should be:

--8<---cut here---start->8---

(file-system
 (device "/dev/mapper/alperton_root")
 (mount-point "/")
 (type "ext4")
     (dependencies mapped-devices))
%base-file-systems))

--8<---cut here---end--->8---

Did your configuration worked in a prior Guix System generation?

[...]


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: guix system reconfigure: Wrong type argument in position 1 (expecting struct)

2019-06-18 Thread Giovanni Biscuolo
Ricardo Wurmus  writes:

[...]

> Pull out the modify-services expression, so that it becomes the second
> argument to “append”.

Thank you Ricardo, I applied the cons* solution suggested by Julien 

...what an amazing community: two answers in a few hours, you make me
feel home :-D

Happy Guix! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: guix system reconfigure: Wrong type argument in position 1 (expecting struct)

2019-06-18 Thread Giovanni Biscuolo
Hello Julien,

thank you for your check!

Julien Lepiller  writes:

[...]

> The result of modify-services is a list, but reading your file, it
> seems you add it to the end of the (list ...) thing,

Ouch... now **I see**! ...and begin to understand the error message

> which is not going
> to work: you're ending up with a list of lists. You can either put the
> modify-services form outside of that list:

[...]

> or replace the (append (list ...)) with a (cons* ...):

I adopted the latter, it makes (services...) more readeable to me

[...]

Kudos. Gio' aka `Guix-Fu Panda`

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


guix system reconfigure: Wrong type argument in position 1 (expecting struct)

2019-06-18 Thread Giovanni Biscuolo
g/guix-daemon.log" 
http-proxy: #f tmpdir: #f>> #< type: # 
value: #< log-file: "/var/log/nscd.log" debug-level: 0 
caches: (#< database: hosts positive-time-to-live: 43200 
negative-time-to-live: 20 suggested-size: 211 check-files?: #t persistent?: #t 
shared?: #t max-database-size: 33554432 auto-propagate?: #t> #< 
database: services positive-time-to-live: 86400 negative-time-to-live: 3600 
suggested-size: 211 check-files?: #t persistent?: #t shared?: #t 
max-database-size: 33554432 auto-propagate?: #t>) name-services: () glibc: 
#>> #< 
type: # value: #< udev: 
# rules: (# # # #)>> #< type: # value: (("/bin/sh" # "/bin/sh">))>)
--8<---cut here---end--->8---

Since everytime I try to purposely add a syntax error or miss to add a
module guix correctly point that out, I doubt it depends on some error
in my config.scm... or am I wrong?

Anyway, this is my slightly obfuscated config.scm:

--8<---cut here---start->8---
; This is batondor

(use-modules (gnu))
(use-service-modules networking ssh mcron virtualization)
(use-package-modules linux)

(define %authorized-guix-keys
  ;; List of authorized 'guix archive' keys.
  (list (local-file "keys/guix/OMISSIS.pub")
(local-file "keys/guix/OMISSIS.pub")))

(define gc-job
  ;; Run 'guix gc' at 3AM every day.
  #~(job '(next-hour '(3)) "guix gc -F 50G"))

(define btrfs-job
  ;; Run 'btrfs balance' every three days to make free space.
  #~(job (lambda (now)
   (next-day-from now (range 1 31 3)))
 (string-append #$btrfs-progs "/bin/btrfs balance "
"start -dusage=50 -musage=70 /")))

;; The actual machine

(operating-system
 (locale "en_US.utf8")
 (timezone "Europe/Rome")
 (keyboard-layout
  (keyboard-layout "it" "nodeadkeys"))
 (bootloader
  (bootloader-configuration
   (bootloader grub-efi-bootloader)
   (target "/boot/efi")
   (keyboard-layout keyboard-layout)))
 (file-systems
  (cons* (file-system
  (mount-point "/")
  (device
   (uuid "26bd54ec-4e74-4b3a-96ff-58f2f34e4a1a"
 'btrfs))
  (type "btrfs"))
 (file-system
  (mount-point "/boot/efi")
  (device (uuid "7A61-DB20" 'fat32))
  (type "vfat"))
 %base-file-systems))
 (host-name "batondor")
 (users (cons* (user-account
(name "x")
(comment "X")
(group "users")
(home-directory "/home/x")
(supplementary-groups
 '("wheel" "kvm" "netdev" "audio" "video")))
   %base-user-accounts))
 (packages
  (append
   (list (specification->package "nss-certs"))
   %base-packages))

 (services
  (append
   (list (service openssh-service-type
  (openssh-configuration
   (port-number 22)
   (authorized-keys
`(("x" ,(local-file "keys/ssh/x.pub"))

 (service dhcp-client-service-type)

 (service ntp-service-type)

 (service qemu-binfmt-service-type
  (qemu-binfmt-configuration
   (platforms (lookup-qemu-platforms "arm" "aarch64"))
   (guix-support? #t)))

 (service mcron-service-type
  (mcron-configuration
   (jobs (list gc-job btrfs-job

 (modify-services %base-services
  (guix-service-type config =>
 (guix-configuration
  (inherit config)
  (use-substitutes? #t)
  (authorized-keys
   %authorized-guix-keys
--8<---cut here---end--->8---

Am I missing something or did I found a bug?

Thanks! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: foreign arch build taking too long `guix build -s armhf-linux help`

2019-06-12 Thread Giovanni Biscuolo
Hello Guix,

my first foreign arch build failed after two days :-)

I still do not understand why I had two stale processes during
build (if needed see details below)...

...looking at /var/log/messages, I see this (in reverse timing ordering)
some segfaults:

--8<---cut here---start->8---
Jun 12 09:45:39 localhost vmunix: [1958344.658696] Code: 0f 1f 40 00 66 0f ef 
c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 
48 81 f9 cf 0f 00 00 77 6a  0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f 
bc c2 c3 48 83
Jun 12 09:45:39 localhost vmunix: [1958344.616598] svn[35664]: segfault at 0 ip 
776be6b6 sp 7fffbb18 error 4 in 
libc-2.28.so[7764b000+13f000]
[...]
Jun 12 09:21:13 localhost vmunix: [1956879.360841] Code: c7 77 83 c2 7c 83 c6 
5b 4d 8d 67 60 4c 89 74 24 40 89 94 24 8c 00 00 00 89 bc 24 88 00 00 00 89 4c 
24 74 45 31 db 89 74 24 70 <48> 89 44 24 10 4d 89 ee 48 89 6c 24 08 48 8b 44 24 
08 48 8b 2d 2c
Jun 12 09:21:13 localhost vmunix: [1956879.304954] git[43284]: segfault at 
7ffdeff0 ip 77e333a3 sp 7ffdefe0 error 6 in 
libc-2.28.so[77dd6000+13f000]
[...]
Jun 12 08:55:02 localhost vmunix: [1955307.460504] Code: f8 04 0f 87 19 03 00 
00 83 c0 77 89 44 24 28 e9 8c f9 ff ff 66 0f 1f 44 00 00 48 8d 3d e1 d9 0f 00 
e8 54 da ff ff 0f 1f 40 00 <89> 54 24 28 e9 e0 fb ff ff 0f 1f 80 00 00 00 00 8d 
4f 5b 8d bc 3f
Jun 12 08:55:02 localhost vmunix: [1955307.385398] git[11650]: segfault at 
7ffdefd8 ip 77e33960 sp 7ffdefb0 error 6 in 
libc-2.28.so[77dd6000+13f000]
[...]
Jun 12 08:31:17 localhost vmunix: [1953883.012358] Code: e6 f9 ff ff 89 c2 31 
c0 85 d2 74 0a 0f b6 7c 24 0f e8 f4 fa ff ff 48 83 c4 18 c3 66 66 2e 0f 1f 84 
00 00 00 00 00 0f 1f 40 00 <8b> 04 25 00 00 00 00 0f 0b 0f 1f 80 00 00 00 00 48 
83 ec 18 48 89
Jun 12 08:31:17 localhost vmunix: [1953882.986533] python[22829]: segfault at 0 
ip 7766cb10 sp 7fffb238 error 4 in 
_testcapi.so[7766c000+6000]
--8<---cut here---end--->8---

do I have to memtest my machine?!?

Thanks! Gio'.

Giovanni Biscuolo  writes:

[...]

> and this process:
>
> --8<---cut here---start->8---
>  /gnu/store/sw2rrqmjij73wcy3ajd47ypvmzh12yz6-qemu-3.1.0/bin/qemu-arm 
> /gnu/store/43ljk0rxwxl4c9msr4b9xwihhw6fak8v-bootstrap-binaries-0/bin/rm -f  
> /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt
> --8<---cut here---end--->8---
>
> The process run time taken from `top` now is 796:50.68 :-O
>
> That file is still there and it seems it's not removed:
>
> --8<---cut here---start->8---
> ~$ sudo ls -lah 
> /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt
> -rw-r--r-- 1 guixbuilder01 guixbuild 5.7K Jun 11 04:02 
> /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt
> --8<---cut here---end--->8---

I did "manually" delete the above mentioned file and killed the stale
process, the build went on to the next steps...

Until today I realized that build was still frozen at this stage:

--8<---cut here---start->8---
make[2]: Leaving directory '/tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6'
make  check-TESTS
make[2]: Entering directory '/tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6'
make[3]: Entering directory '/tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6'
PASS: leaktest
PASS: hugetest
PASS: initsecondarythread_test
PASS: threadleaktest
PASS: smashtest
PASS: cordtest
PASS: subthreadcreate_test
PASS: middletest
PASS: threadkey_test
PASS: staticrootstest
PASS: disclaim_test
PASS: test_cpp
PASS: realloc_test
PASS: disclaim_bench
--8<---cut here---end--->8---

with this stale process never ending:

--8<---cut here---start->8---
/gnu/store/sw2rrqmjij73wcy3ajd47ypvmzh12yz6-qemu-3.1.0/bin/qemu-arm 
/tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6/.libs/gctest
--8<---cut here---end--->8---

so I killed the above process and the build stopped with a failure
(sorry for the verbosity):

--8<---cut here---start->8---
FAIL: gctest

Testsuite summary for gc 7.6.6

# TOTAL: 15
# PASS:  14
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

See ./test-suite.log
Please report to https://github.com/ivmai/bdwgc/issues

Re: Servname not supported

2019-06-12 Thread Giovanni Biscuolo
Hello Dustin,

Dustin Rayner  writes:

[...]

> However, guix install hello and guix pull both fail. I've verified
> network access, but the error I receive is:
>
> In procedure getaddrinfo: Servname not supported for ai_socktype

What if you try `whois gnu.org` on that host? Do you get the same error?
[1]

This seems not related to Guix, please can your check permissions on
/etc/services (ls -lah /etc/services) on your host?

They should be:

--8<---cut here---start->8---
-rw-r--r-- 1 root root 19K dic 26  2016 /etc/services
--8<---cut here---end--->8---

If others (including your normal user) cannot read /etc/services they
get this error.

I never had similar issues in the past, but I can reproduce this on my
host.

--8<---cut here---start->8---
$ sudo chmod o-r /etc/services 
$ LC_ALL=C whois gnu.org
getaddrinfo(whois.pir.org): Servname not supported for ai_socktype
--8<---cut here---end--->8---

`sudo chmod o+r /etc/services` fixed the above error.

Does it help? Gio'.

[1] 
https://askubuntu.com/questions/742613/network-aplications-throwing-servname-not-supported-for-ai-socktype

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


foreign arch build taking too long `guix build -s armhf-linux help`

2019-06-11 Thread Giovanni Biscuolo
Hi Guix!

I've a x86_64 build machine I configured to build for arm and aarch
architetures this way:

--8<---cut here---start->8---

 (service qemu-binfmt-service-type
  (qemu-binfmt-configuration
   (platforms (lookup-qemu-platforms "arm" "aarch64"))
   (guix-support? #t)))

 (modify-services %base-services
   (guix-service-type config =>
 (guix-configuration
  (inherit config)
   (use-substitutes? #f)
   (authorized-keys
%authorized-guix-keys)))

--8<---cut here---end--->8---

This should enable transparent build for another architecture, using no
substitutes.

To test a build I did `guix build -s armhf-linux help`; after several
hours I'm still waiting the build to complete, it seems stuck at this
build stage:

--8<---cut here---start->8---
[...]
/gnu/store/zxgm9xn0dgqfp6dxynklqzr27957qkis-make-boot0-4.2.1/bin/make  
subdir=stdlib -C stdlib ..=../ others
make[2]: Entering directory 
'/tmp/guix-build-glibc-intermediate-2.28.drv-0/glibc-2.28/stdlib'
--8<---cut here---end--->8---

and this process:

--8<---cut here---start->8---
 /gnu/store/sw2rrqmjij73wcy3ajd47ypvmzh12yz6-qemu-3.1.0/bin/qemu-arm 
/gnu/store/43ljk0rxwxl4c9msr4b9xwihhw6fak8v-bootstrap-binaries-0/bin/rm -f  
/tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt
--8<---cut here---end--->8---

The process run time taken from `top` now is 796:50.68 :-O

That file is still there and it seems it's not removed:

--8<---cut here---start->8---
~$ sudo ls -lah 
/tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt
-rw-r--r-- 1 guixbuilder01 guixbuild 5.7K Jun 11 04:02 
/tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt
--8<---cut here---end--->8---

Looking at /var/log/guix-daemon.log does not help.

Any hint about what's going on here and/or understanding why that
process is stuck removing that file?

Thanks! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: arm image ; daemon-socket error

2019-06-10 Thread Giovanni Biscuolo
Hello rhombus,

rhom...@transversals.org writes:

> after manually installing guixsd via the current guix-install.sh script 

[...]

> # guix system disk-image --system=armhf-linux -e "(@ (gnu system 
> install) beaglebone-black-installation-os)"
>
> it ended with the following:
>
> Guix System: Error: fails to connect to '/var/guix/daemon-socket/socket' 
> no such file or directory

Please can you check the guix-daemon is up and runnig and give some
feedback with details about it?

Usually `/var/guix/daemon-socket/socket` is created by guix-daemon on
startup

[...]

HTH, Gio'


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Guix and intrusion detection (was Re: Help with writing custom boot-loader configuration)

2019-06-05 Thread Giovanni Biscuolo
Hello Raghav,

Raghav Gururajan  writes:

[...]

> It works. Was curious about other alternatives. Btw, is it possible make guix 
> to
>  automatically GPG-Sign the "grub.cfg" it generates during "guix system init" 
> or
> "guix system reconfigure" ??

I cannot (still) help patching guix this way, but from a security POV
this is interesting, providing you explain what you are trying to
achieve :-)

Anyway:

1. to sign, guix should have a secret key and that key may be easily
stolen (modulo encryption but that's another story...)

2. to verify a list of system admins signatures guix just needs public
keys and that's easy to provide, the not so easy part is patching guix I
guess

3. signature of "grub.cfg" - or other store items - should be done on
*another* machine and items deployed to the host (there is some POC and
custom code around in guix-devel for this)

Could GPG signature *verification* of selected core parts (bootloader,
initrd, kernel... guix itself) of our reproducible system make us
confident that instrusions via physical access to hardware are
automatically detected and notified by guix? [1]

...or I'm exagerating here and Guix already provides a good path to do
effective intrusion detection, even with remote hosts potentially
available to physical instrusion?

Thoughts?

[...]

Thanks! Gio'.


[1] let's call it Trusting Remote Trust problem

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: how to unmount disk after guix system init error?

2019-05-29 Thread Giovanni Biscuolo
Hello znavko,

zna...@disroot.org writes:

[...]

> I cannot do this. I fullfilled this but making filesystem on /dev/sdb2 gives 
> the error, that device is mounted.
> As I understand this is because of my run 'herd start cow-store /mnt' and 
> also run `guix system init  /mnt`
> I've stopped herd service. But do not know what to do else. So I can only 
> reboot and start again.
>
> Please is there another way to solve?

No, AFAIU there is no way other than restart the machine

I'm almost sure there's an already opened bug for this but I cannot find
it now :-S

HTH! Gio'


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Installer: GUIX_IMAGE as /dev/sda on some hardware?

2019-05-25 Thread Giovanni Biscuolo
Hi Tobias,

thanks for sharing your experience, I'm cross posting to guix-devel
since it's worth discussing a patch to the installer

Tobias Geerinckx-Rice  writes:

> Giovanni Biscuolo wrote:
>> This is **very** important when installing grub, in fact grub
>> installation failed when instantiating my config.scm on the HP 
>> ProLiant
>> simply because it was on /dev/sda pointing to the USB media;
>
> /dev/xdyN names have never been safe to use in this way

I'm not talking about partitions ;-)

According my faulty memory (I cannot reproduce it now)
/dev/sd is what the Installer writes in the bootloader
section of config.scm:

--8<---cut here---start->8---

  (bootloader
(bootloader-configuration
  (bootloader grub-bootloader)
  (target "/dev/sda")
  (keyboard-layout keyboard-layout)))

--8<---cut here---end--->8---

and that caused the Installer to fail on grub-install since /dev/sda was
my USB media, (fortunately it failed because there was no space for grub
:-) )

On the other hand, by setting "/dev/sdb" whould made grub-install
succeed when running from USB but fail when running from the system
itself

[...]

>> 3. how is the USB media "relocated" to the last /dev/sd? device 
>> by the installer?
>
> It's… not?

So it's pure coincidence that grub-install on /dev/sda succeedes on the
whole set of machines users are installing via USB media? :-O

> Dev nodes & names are doled out by the kernel.  As 
> you've discovered, they aren't to be relied on, and you should use 
> labels or UUIDs instead.

Labels and UUIDs are for volumes, not for the whole disk ;-)

I'm not talking about filesystem config, where using labels or UUIDS is
strongly recommended (and used by the Installer), I'm talking about
grub-install config

But wait! There's the /dev/disk/by-id/ tree, I did not notice it until
now! :-)

That's the solution:

--8<---cut here---start->8---

  (bootloader
(bootloader-configuration
  (bootloader grub-bootloader)
  (target "/dev/disk/by-id/scsi-3600508b1001c75a3bebb04b23d19e249")
  (keyboard-layout keyboard-layout)))

--8<---cut here---end--->8---

I did not test this but it smells like running, if Guix devels agree I
think Installer should adopt /dev/disk/by-id by default, sorry I'm not
able to propose a patch for this

[...]

> Hoping to have scared you into using UUIDs,

Yes! You did it (albeit it is disk/by-id and not UUIDs) :-D

Thanks for your suggestions! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Installer: GUIX_IMAGE as /dev/sda on some hardware?

2019-05-25 Thread Giovanni Biscuolo
Hello Guix!

I cannot reproduce this anymore since the machine I used is no more
under my physical control and is in production... anyway

I'm sure on a HP ProLiant DL380p Gen8 the installer image (1.0.0
version) [1] listed the USB media as /dev/sda while I've always observed
(and reproducing now on a testing machine) that it's listed as **the
last** /dev/sd? device in the list

This is **very** important when installing grub, in fact grub
installation failed when instantiating my config.scm on the HP ProLiant
simply because it was on /dev/sda pointing to the USB media; I had to
manually install grub on /dev/sdb to complete the install

A couple of questions:

1. has anyone observed a similar issue?

2. what could have caused it?

3. how is the USB media "relocated" to the last /dev/sd? device by the
installer?

Happy hacking! Gio'.


[1] the only custom thing I made was adding "vga=791" and removing
"quiet" from the kernel arguments

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: guix pull extremely verbose (with no ----verbose)

2019-05-24 Thread Giovanni Biscuolo
Ricardo,

Ricardo Wurmus  writes:

[...]

> This is a bug.

Thanks for reproducing this and for confirming this is a bug, I'll add
my further findings in the bug report (I still do not see it on
debbugs.gnu.org)

🖖 Live long and prosper. Gio'

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: guix pull extremely verbose (with no ----verbose)

2019-05-23 Thread Giovanni Biscuolo
Hi Ricardo,

Thank you for helping

Ricardo Wurmus  writes:

>> I've run "guix pull" many many times since today but now after that
>> command I see a lot of logs like this one:
>>
>> --8<---cut here---start->8---
>> @ build-log 9461 44
>> checking if GSS-API support is requested... @ build-log 9461 4
>> yes
>> @ build-log 9461 28
>> checking gss.h usability... @ build-log 9461 4
>> yes
> […]
>
> Are you using an old daemon?  These are hints that are filtered by the
> daemon — if it is recent enough.

Is guix-daemon 1.0.0 recent enough?

On the Guix System machine:

--8<---cut here---start->8---
 ~$ sudo -i guix-daemon --version
guix-daemon (GNU Guix) 1.0.1-1.8204295
--8<---cut here---end--->8---

That machine finished "guix pull" in more or less 33 mins, it's a 32
cores machine with 64GB RAM

After that now "guix pull" does not output debug messages

On the foreign distro machine:

--8<---cut here---start->8---
$ sudo -i guix-daemon --version
guix-daemon (GNU Guix) 1.0.0-1.326dcbf
--8<---cut here---end--->8---

Anyway it was running since Wed 2019-05-15 11:43:04 CEST (1 weeks 1 days
ago): I restarted and "guix pull"ed again...


--8<---cut here---start->8---
$ time guix pull
Updating channel 'guix' from Git repository at 
'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix  https://git.savannah.gnu.org/git/guix.git   a9150d4


--8<---cut here---end------->8---

and I still get a lot of verbose output... this time I'm going to wait
until it'll finish (previously I always interrupted it)

[...]

Thanks! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


guix pull extremely verbose (with no ----verbose)

2019-05-23 Thread Giovanni Biscuolo
Hi Guix!

I've run "guix pull" many many times since today but now after that
command I see a lot of logs like this one:

--8<---cut here---start->8---
@ build-log 9461 44
checking if GSS-API support is requested... @ build-log 9461 4
yes
@ build-log 9461 28
checking gss.h usability... @ build-log 9461 4
yes
@ build-log 9461 27
checking gss.h presence... @ build-log 9461 4
yes
@ build-log 9461 22
checking for gss.h... @ build-log 9461 4
yes
@ build-log 9461 82
checking whether to enable Windows native SSL/TLS (Windows native builds 
only)... @ build-log 9461 3
no
@ build-log 9461 47
checking whether to enable Secure Transport... @ build-log 9461 63
no
checking whether to enable Amiga native SSL/TLS (AmiSSL)... @ build-log 9461 3
no
@ build-log 9461 27
checking for pkg-config... @ build-log 9461 9
(cached) @ build-log 9461 77
/gnu/store/xyiyf12w4i7zf5g5b4ah0bi1mmd6i8xa-pkg-config-0.29.2/bin/pkg-config
@ build-log 9461 48
checking for openssl options with pkg-config... @ build-log 9461 3
no
@ build-log 9461 40
checking for HMAC_Update in -lcrypto... @ build-log 9461 3
no
@ build-log 9461 41
checking for HMAC_Init_ex in -lcrypto... @ build-log 9461 3
no
@ build-log 9461 38
checking OpenSSL linking with -ldl... @ build-log 9461 3
no
@ build-log 9461 52
checking OpenSSL linking with -ldl and -lpthread... @ build-log 9461 3
no
@ build-log 9461 36
checking for pkg-config... (cached) @ build-log 9461 77
/gnu/store/xyiyf12w4i7zf5g5b4ah0bi1mmd6i8xa-pkg-config-0.29.2/bin/pkg-config
@ build-log 9461 47
checking for gnutls options with pkg-config... @ build-log 9461 6
--8<---cut here---end--->8---

I'm trying from two different machines, one on forein distro and one
with Guix System but the output is the same on both

On the first I am at

--8<---cut here---start->8---
$ guix describe
Generation 2Jun 21 2019 19:03:33(current)
  guix 6acf6ce
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 6acf6cec7d74d2e288e275429e8362bfb04b0286
--8<---cut here---end--->8---

while on the second I am at

--8<---cut here---start->8---
$ guix describe
Generation 20   May 12 2019 16:17:24(current)
  guix 59199e1
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 59199e1adbd5d5f3116a2ca4b580222908f1853e
--8<---cut here---end--->8---

so it does not seem related to guix version

Any hint on what's going on plz?

Thanks! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Using an ntp service

2019-05-22 Thread Giovanni Biscuolo
Hi Adam,

Adam Mazurkiewicz  writes:

[...]

> I expected that it would sync system time, but it did not. I have
> still been getting the time of my computer BIOS in a terminal, not the
> synced one.

If system clock is too late (or too far in the future) ntpd will not
update it 

«Normally, ntpd exits if the offset exceeds the sanity limit, which is
1000 s by default. » [1] 

Is this your case?

> Also in Xfce DE Clock. I have no idea how to debug it and
> fix.

To debug you should check "sudo tac /var/log/messages | grep ntpd |
less" messages

> Any help will be appreciated.

Set your clock (via date command or some GUI) and then "sudo hwclock
--systohc" to update your BIOS clock.

Last but not least: check your hardware clock setting are preserved
between reboots, if not you should change it's battery (if it's not
broken).

HTH! Gio'


[1] http://doc.ntp.org/4.1.0/ntpd.htm


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Youtube Viewer

2019-05-21 Thread Giovanni Biscuolo
Hi

"Raghav Gururajan"  writes:

[...]

>> Anyway, both the GTK and CLI versions invoke MPV just fine here.

yes but the config file for the GTK version is
.config/youtube-viewer/gtk-youtube-viewer.conf

Raghav can you please check that it contains

--8<---cut here---start->8---

  video_player_selected   => "mpv",

--8<---cut here---end--->8---

I'm using both GUI and CLI and I had to configure both, they both start
mvp "on click"

>> Could you try running both in a pure environment?
>
> Yes. Please find the following error.
>
> address@hidden ~ [env]$ gtk-youtube-viewer
> No protocol specified
> Gtk-WARNING **: cannot open display: :1 at 
> /gnu/store/zy4mnhidqcnfdf1ci4dsafxyd14ck1in-perl-gtk2-1.24992/lib/perl5/site_perl/5.28.0/x86_64-linux-thread-multi/Gtk2.pm
>  line 126.
>

cannot open display: that should be related to the environment

[...]

HTH! Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: error in bootloader config while system init

2019-05-21 Thread Giovanni Biscuolo
  (xorg-configuration
 (xorg-configuration
  (extra-config  
   '("Section \"InputClass\"
Identifier \"touchpad\"
Driver \"libinput\"
MatchIsTouchpad \"on\"
Option \"Tapping\" \"on\"
EndSection")
   
  )

 (modify-services  
  ;; removing unnecessary services
  (remove (lambda (service)
(member (service-kind service)
(list ntp-service-type 
avahi-service-type 
  bluetooth-service 
network-manager-service-type
  gdm-service-type)))
  %desktop-services) ;end of remove lambda 
services

  ;; wpa_supplicant + dhcp-client (above) instead 
of networkmanager
  (wpa-supplicant-service-type config =>
   
(wpa-supplicant-configuration
(interface "wlp2s0")
(config-file 
"/etc/wpa_supplicant/wpa_supplicant.conf")))

  ;; disabling sleep on closing notebook lid
  (elogind-service-type
   c => (elogind-configuration (handle-lid-switch 
'ignore)))
  ) ;;end of modify-services
     )) ;;end of services

  ;; Allow resolution of '.local' host names with mDNS.
  (name-service-switch %mdns-host-lookup-nss)

  ;;blacklist ugly sound speaker
  (kernel-arguments 
'("modprobe.blacklist=pcspkr,snd_pcsp,bluetooth"))

  ) ;;end of operating-system
--8<---cut here---end--->8---


-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: Possible store corrumption

2019-05-21 Thread Giovanni Biscuolo
Hi Jack,

Jack Hill  writes:

> I've run guix gc --verify and received the following output:
>
> $ guix gc --verify
> reading the store...
> checking path existence...
> path `/gnu/store/k5qxpr9wswli6lskpp433mrk0ffvxa9q-gcc-6.5.0.tar.xz.drv' 
> disappeared, but it still has valid referrers!

[...]

> $ guix gc
> finding garbage collector roots...
> deleting garbage...
> guix gc: error: executing SQLite query: database or disk is full
>
> What might be causing these symptoms and how might I resolve them?

Could be a full disk issue?

If you use a dedicated volume for /gnu, what's the result of

 df -h | grep /gnu

?

Otherwise, the result of "df -h | grep /" ?

If your disk/volume is full: I never had similar issues so I cannot
help, I just suggest you to extend your volume if you can

HTH! Gio'.

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: btrfs raid configuration vs mdraid

2019-05-21 Thread Giovanni Biscuolo
Hi Fredrik,

Fredrik Salomonsson  writes:

[...]

>> Assuming I'm going to format the root filesystem as:
>>
>>   mkfs.btrfs -m raid1 -d raid1 /dev/sda3 /dev/sdb3
>>
>> how should I configure (file-system...)? this way:
>>
>> (file-system
>>   (mount-point "/")
>>   (type "btrfs")
>>   (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")))
>>
>> with UUID taken from "lsblk -f"?
>
> That should work.

I confirm it worked, easily! :-)

[...]

> One thing you should note is that guix might generate incorrect
> paths for grub if you are using subvolumes. At least guix < 1.0 does
> that for me, haven't tested 1.0+ yet. But I have been using a shell
> script that works around that issue.

I did not use root on a subvolume for my installation, but I'll try to
reproduce it in a test install: can you please file a bug report for
this, IMHO this should be fixed

>> From you experience is RAID on brtfs as solid as the one on mdadm?
>
> I have very little experience with mdadm, so can only speak of my
> experience with btrfs and RAID-1. Which I have been using for 3+ years.
> For me it has been solid. Only issue I have encountered was when my
> fileserver lost power a few times leaving the filesystem corrupt. A
> "btrfs check --repair" fixed that issue.

Thanks for sharing! You give me courage to adopt btrfs more extensively
:-)

Best regards, Gio'.

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


Re: How to start Guix on Asus K50C ?

2019-05-21 Thread Giovanni Biscuolo
Hello znavko,

zna...@disroot.org writes:

> nomodeset not helped.

can you please try using "vga=791"

I had a similar issue recently and setting vga as above solved it

HTH! Gio'.

[...]

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


btrfs raid configuration vs mdraid

2019-05-15 Thread Giovanni Biscuolo
Hello Guix!

My preferred storage setup until now was using RAID-1 software RAID
built with mdadm; for a new machine I'm considering setting up a RAID-1
btrfs volume as root, but I have much less experience with btrfs

Assuming I'm going to format the root filesystem as:

  mkfs.btrfs -m raid1 -d raid1 /dev/sda3 /dev/sdb3

how should I configure (file-system...)? this way:

(file-system
  (mount-point "/")
  (type "btrfs")
  (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")))

with UUID taken from "lsblk -f"?

From you experience is RAID on brtfs as solid as the one on mdadm?

Thanks!
Gio'.

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature


  1   2   >