[sane] how to scan using sane-airscan?
Hello, I'm using a system with %desktop-services installed (that includes sane-service-type with sane-backends-minimal). With sane-airscan installed I can get a list of devices: --8<---cut here---start->8--- g@ken ~$ airscan-discover [devices] HP Color LaserJet MFP M181fw (0EEE0D) = http://192.168.1.20:8080/eSCL/, eSCL HP Color LaserJet MFP M181fw (0EEE0D) = https://192.168.1.20:443/eSCL/, eSCL HP Color LaserJet MFP M181fw (0EEE0D) = http://[fd56:feaa:cf06::20]:53048/, WSD HP Color LaserJet MFP M181fw (0EEE0D) = http://[fd56:feaa:cf06::60e:3cff:fe0e:ee0d]:53048/, WSD HP Color LaserJet MFP M181fw (0EEE0D) = http://192.168.1.20:53048/, WSD HP Color LaserJet MFP M181fw (0EEE0D) = http://[fe80::60e:3cff:fe0e:ee0d%252]:53048/, WSD --8<---cut here---end--->8--- But if I run simple-scan it cannot find any scanner. I found an old (2023-01-14) message in this mailing list [1] suggesting to do set some env but it does non work: --8<---cut here---start->8--- env LD_LIBRARY_PATH=${HOME}/.guix-profile/lib/sane SANE_CONFIG_DIR=${HOME}/.guix-profile/etc/sane.d simple-scan --8<---cut here---end--->8--- Also this does not work: --8<---cut here---start->8--- LD_LIBRARY_PATH=${HOME}/.guix-profile/lib/sane; SANE_CONFIG_DIR=${HOME}/.guix-profile/etc/sane.d; simple-scan --8<---cut here---end--->8--- I also tried 'scanimage -L' in place of 'simple-scan' but no scanner is detected. In my ${HOME}/.guix-profile/lib I find this symlink: "sane -> /gnu/store/hls5vghgb9z4isrvrr28n0kjsbhk6i97-sane-airscan-0.99.27/lib/sane" and in that directory I find "libsane-airscan.so.1" In my ${HOME}/.guix-profile/etc/ I find this symlink: "sane.d -> /gnu/store/hls5vghgb9z4isrvrr28n0kjsbhk6i97-sane-airscan-0.99.27/etc/sane.d" and in that directory: --8<---cut here---start->8--- /home/g/.guix-profile/etc/sane.d: dr-xr-xr-x 1 root root 34 Jan 1 1970 . dr-xr-xr-x 1 root root 34 Jan 1 1970 .. -r--r--r-- 1 root root 3.3K Jan 1 1970 airscan.conf dr-xr-xr-x 1 root root 14 Jan 1 1970 dll.d /home/g/.guix-profile/etc/sane.d/dll.d: dr-xr-xr-x 1 root root 14 Jan 1 1970 . dr-xr-xr-x 1 root root 34 Jan 1 1970 .. -r--r--r-- 1 root root 42 Jan 1 1970 airscan --8<---cut here---end--->8--- the content of the "airscan" file in /home/g/.guix-profile/etc/sane.d/dll.d is: --8<---cut here---start->8--- # sane-dll entry for sane-airscan airscan --8<---cut here---end--->8--- Plase how can I set sane-airscan as a usable backend for sane scanimage and allo other sane frontends like simle-scan? Thanks, Gio' [1] id:nlhdbqq--...@tutanota.com -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
LXDE startlxde is resetting XDG_DATA_DIRS on Debian 12! (was Re: customize Debian 11 evironment in lightdm...)
Hello, I'm following up a very old thread on debian-user (May 2022) since I finally understand what is _resetting_ my XDG_DATA_DIRS... oh my!!! To help-guix: Giovanni Biscuolo writes: > I'm trying to customize my user environment when using the lightdm > display manager (then the LXDE desktop environment) after the first tests, I also used gdm3 with the very same results > I need to customize some variables so I can see Guix installed > applications in my desktop menu, in particular I need to customize > XDG_DATA_DIRS ...but "something" in LXDE (and only in LXDE) was _resetting_ my XDG_DATA_DIRS customization [...] Since then, I upgraded to Debian 12 (bookworm) and the issue is still here. Since then, I changed the way I'm customizing user's environment in order to allow users to use Guix installed programs (via PATH customization) and see them in the "Application menu" of their preferred desktop environment (via XDG_DATA_DIRS customization). The fact is that my environment setup - that now is the same provided my the Guix binary install script [1] coupled with a per-user .xsessionrc sourcing the relevant environment variables scripts [2] - IS WORKING with all desktop environments I tested... except LXDE. OK, so after this short recap to provide some context, this is the head of the /usr/bin/startlxde script that starts an lxsession [3]: --8<---cut here---start->8--- #!/bin/sh export XDG_DATA_DIRS="/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/" if [ -z "$XDG_CONFIG_HOME" ]; then export XDG_CONFIG_HOME="$HOME/.config" fi if [ -z "$XDG_DATA_HOME" ]; then export XDG_DATA_HOME="$HOME/.local/share" fi --8<---cut here---end--->8--- That is literally _resetting_ all previous XDG_DATA_DIRS variable content... why?!?!? AFAIU this should be a bug in /usr/bin/startlxde. Actually a Debian bug for this issue in package openbox-lxde-session (that provides /usr/bin/startlxde) has been already filed on 2018-08-16, so I'm not going to duplicate it: «openbox-lxde-session: /usr/bin/startlxde overrides XDG_DATA_DIRS making all local .desktop files unable to show on menu» https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906288 That's it! :-( Happy hacking! Gio' [1] https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh [2] this way: if [ -d /etc/profile.d ]; then for i in /etc/profile.d/*.sh; do if [ -r $i ]; then . $i fi done unset i fi [3] as found in /usr/share/xsessions/LXDE.desktop defining how to start LXDE desktop session (Exec=/usr/bin/startlxde). -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: USB redirection via libvirt
Giovanni Biscuolo writes: [...] > I've also added that simple-service to my os config, this is a snippet: > > --8<---cut here---start->8--- > > [...] > > (services >(append %desktop-services >(list [...] > ;; extend polkit for spice-gtk > (simple-service 'spice-polkit polkit-service-type (list > spice-gtk)) > > [...] > > --8<---cut here---end--->8--- [...] > AFAIU polkit-service-type is defined in (gnu services desktop) and I'm > including that module: what am I doing wrong please? No I was wrong, polkit-service-type is in dbus service module: I added it and I was able to define that simple-service [...] Sorry for the noise! Happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: USB redirection via libvirt
Hello, sorry to resurrect an old message but I've the same issue reported on Nov 2023 by TakeV and the provided solution does not work for me Saku Laesvuori writes: [...] >> Error setting USB device node ACL: 'Error PoliciKit error: >> GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: Action >> org.spice-space.lowlevelusbaccess is not registered' (0) same error here [...] > (operating-system > ... > (services > ... > (simple-service 'spice-polkit polkit-service-type (list spice-gtk I've also added that simple-service to my os config, this is a snippet: --8<---cut here---start->8--- [...] (services (append %desktop-services (list ;; libvirt and virtlog daemons (service libvirt-service-type (libvirt-configuration (unix-sock-group "libvirt") (tls-port "16555"))) (service virtlog-service-type (virtlog-configuration (max-clients 1000) (max-size 5) (max-backups 9))) (service xfce-desktop-service-type) (set-xorg-configuration (xorg-configuration (keyboard-layout keyboard-layout))) ;; extend polkit for spice-gtk (simple-service 'spice-polkit polkit-service-type (list spice-gtk)) [...] --8<---cut here---end--->8--- but when I try to apply it I get this error: --8<---cut here---start->8--- g@ken ~$ sudo guix system reconfigure /etc/config.scm Backtrace: 18 (primitive-load "/home/g/.config/guix/current/bin/guix") In guix/ui.scm: 2312:7 17 (run-guix . _) 2275:10 16 (run-guix-command _ . _) In ice-9/boot-9.scm: 1752:10 15 (with-exception-handler _ _ #:unwind? _ # _) In guix/status.scm: 859:3 14 (_) 839:4 13 (call-with-status-report _ _) In guix/scripts/system.scm: 1311:4 12 (_) In ice-9/boot-9.scm: 1752:10 11 (with-exception-handler _ _ #:unwind? _ # _) In guix/store.scm: 684:37 10 (thunk) 1325:8 9 (call-with-build-handler # …) 2205:25 8 (run-with-store # …) In guix/scripts/system.scm: 853:2 7 (_ _) 727:8 6 (_ #) In gnu/system.scm: 1335:19 5 (operating-system-derivation _) 870:11 4 (operating-system-services #< kernel:…>) 904:20 3 (services _) In /etc/config.scm: 120:48 2 (services #< kernel: #) In ice-9/boot-9.scm: 1685:16 1 (raise-exception _ #:continuable? _) 1685:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1685:16: In procedure raise-exception: error: polkit-service-type: unbound variable --8<---cut here---end--->8--- AFAIU polkit-service-type is defined in (gnu services desktop) and I'm including that module: what am I doing wrong please? Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: how to use a variable in a plain-file object?
Hello raingloom thank you for you quick reply! raingl...@riseup.net writes: [...] > Short untested example: > > (define name "Giovanni") > (define greeting-gexp > #~(begin (with-output-to-file #$output (lambda _ (write (string-append > "Hello, " #$name "!")) > > You should be able to use greeting-gexp in place of %my-file-object. I've tested it with this code: --8<---cut here---start->8--- (use-modules (guix gexp)) (define var1 "var1-value") (define var2 "var2-value") (define %another-file-object #~(begin (with-output-to-file #$output (lambda _ (write (string-append "\ # This is an example configuration file # stored in %another-file-object attribute1 = " #$var1 " attribute2 = " #$var2 " ")) %another-file-object --8<---cut here---end--->8--- And this is the result: --8<---cut here---start->8--- [~/tmp] giovanni@roquette [genv]\: cat $(guix build --no-offload -e '(load "guix-output-to-file-example.scm")') "# This is an example configuration file\n# stored in %another-file-object\nattribute1 = var1-value\nattribute2 = var2-value\n" --8<---cut here---end--->8--- The output cannot be used in place of %my-file-object, right? AFAIU the solution is to use mixed-text-file as suggested by Tomas Volf yesterday in this thread. Happy hacking! Gio' [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: how to use a variable in a plain-file object?
Hello Tomas, Tomas Volf <~@wolfsden.cz> writes: [...] > I believe you can use mixed-text-file for this purpose: Oh yes! I missed (to understand) mixed-text-file and text-file* in the G-exp manual section [1], in particular how it can be easily used in place of local-file and plain-file, because I missed (to understand) the given example. Now that I see, I think I'll use that in place of plain-file... everywhere :-O [...] > (use-modules (gnu packages base) > (guix gexp)) > > (define %my-file-object > (mixed-text-file "something.conf" "\ > SED_PATH = " sed "/bin/sed > ")) > > %my-file-object > > And here is the result: > > $ cat $(guix build -e '(load "/tmp/yy.scm")') > SED_PATH = > /gnu/store/6kkygybkxkzqy3lf6k5kzimk5mjasrvw-sed-4.8/bin/sed Cristal clear, also thank you for having pointed out a quick way to test the result by building it and cat(ing) it in a shell session This could be a nice section in the Cookbook :-) Thank you and happy hacking! > There are only two hard things in Computer Science: > cache invalidation, naming things and off-by-one errors. P.S.: I'll steal the above sentence, _verbatim_ :-) [1] IMHO that manual section "talks" to experienced Guile programmers and not to Guix _users_... and actually is a subsection of "Programming interface". -- Giovanni Biscuolo Xelera IT Infrastructures
how to use a variable in a plain-file object?
Hello, sorry for the very guile-absolute-beginner question, but I'd like to use a declared variable in a plain-file object, so I can write something like in this pseudo-code snippet: --8<---cut here---start->8--- (define variable1 "var1-value") (define variable2 "var2-value") [...] (define %my-file-object ,(plain-file "something.conf" " # This is an example configuration file attribute1 =" variable1 " attribute2 =" variable2 " ")) --8<---cut here---end--->8--- and obtain a "something.conf" file like this: --8<---cut here---start->8--- # This is an example configuration file attribute1 = var1-value attribute2 = var2-value --8<---cut here---end--->8--- how can I do, please? Thanks, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Guix Days: Patch flow discussion
Hello Simon, first and foremost: I'd like to say a big thank you to all the people working in the Guix community... ...and apologise if I still cannot do more to help. Simon Tournier writes: [...] > Well, let me try to quickly summarize my conclusion of the session: > > 1. We have a social/organisational problem. > > 2. We have some tooling annoyances. > > > The easy first: #2 about tools. The email workflow is often cited as > part of the issue. That’s a false-problem, IMHO. yes, we (as a community) already had several discussions around the false-problem named "email worfkow is too hard", I also dared to send a *very* lenghty analysis comparing the _so_called_ "pull request model" [1] Unfortunately I'm pretty sure that _this_ false issue will be cited again and again and again when discussing about "how to better help Guix maintainers" ...unless the (info "(guix) Submitting Patches") one day will finally (briefly) explain why the project is using an email based workflow and not a "so called PR workflow" (to understand why PR workflow is "so called" please read [1]) But all this discussion on the "email workflow" issue is more useless when considering the commit authetication mechanism _embedded_ in Guix since 2020; I recently studied this blog post: https://guix.gnu.org/en/blog/2020/securing-updates/ and it states: --8<---cut here---start->8--- To implement that, we came up with the following mechanism and rule: 1 The repository contains a .guix-authorizations file that lists the OpenPGP key fingerprints of authorized committers. 2 A commit is considered authentic if and only if it is signed by one of the keys listed in the . guix-authorizations file of each of its parents. This is the authorization invariant. [...] The authorization invariant satisfies our needs for Guix. It has one downside: it prevents pull-request-style workflows. Indeed, merging the branch of a contributor not listed in . guix-authorizations would break the authorization invariant. It’s a good tradeoff for Guix because our workflow relies on [patches carved into stone tablets] (patch tracker), but it’s not suitable for every project out there. --8<---cut here---end--->8--- [patches carved into stone tablets] is a link to: https://lwn.net/Articles/702177/ «Why kernel development still uses email» By Jonathan Corbet, October 1, 2016 an article with another ton of reasons why "all patch management tools sucks, email just sucks less. Anyway, since Guix is using the "authorization invariant" since 2020, the "email workflow" is embedded in Guix :-D Am I missing something? > Projects that use PR/MR workflow have the same problem. For instance, > Julia [1] has 896 open PR. [...] > I will not speak about the channel ’nonguix’ but it gives another > clue. I will not speak about kubernetes, cited in the above cited LWN article, I will not speak about Gerrit, also cited there... [...] > To be clear, the email workflow might add burden on submitter side but I > am doubtful it is really part of the bottleneck for reviewing and > pushing submissions. Email workflow makes the reviewing workflow _extremely_ easy, provided a good MUA and a _little_ bit of self-discipline following the /easy/ guidance in (info "(guix) Reviewing the Work of Others") > Although the tools might add some unnecessary friction, the net of the > issue is IMHO #1: reviewing is just boring and time-consuming. This is the one and only reason. [...] I don't have anything to add, for now. Happy hacking! Gio' [1] id:87y1ha9jj6@xelera.eu aka https://yhetil.org/guix/87y1ha9jj6@xelera.eu/ -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: declarative partition and format with Guix (was Re: Guix System automated installation)
Giovanni Biscuolo writes: [...] >> but I think this is close to the right track. Either operating-system >> should be extended to support things like disk partitioning, the library for doing this with Guile is guile-parted (packaged in Guix); it's used by the Guix Installer: https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/installer/parted.scm AFAIU this (parted.scm above) is the starting point (the Guix library) that can be used to develop a program that automates the disk partitioning and filesystem creation based on a gexp (disk-layout.scm ?) declaration. >> and effect those changes at reconfigure time (with suitable >> safeguards to avoid wrecking existing installs), > > I would prefer not, such "reconfigurations" should be done "out of band" > and not "in band", IMHO Side note: there is a recent discussion on a "Resize Filesystem Service" at this thread id:zr0p278mb0268910b4fe39a48112ce740c1...@zr0p278mb0268.chep278.prod.outlook.com [1] [...] Happy hacking! Gio' [1] https://yhetil.org/guix/zr0p278mb0268910b4fe39a48112ce740c1...@zr0p278mb0268.chep278.prod.outlook.com/ -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
declarative partition and format with Guix (was Re: Guix System automated installation)
Hello Ian, Ian Eure writes: > Giovanni Biscuolo writes: [...] >> Please consider that a preseed file is very limited compared to >> a >> full-fledged operating-system declaration since the latter >> contains the >> declaration for *all* OS configuration, not just the installed >> packages. > > I appreciate where you’re coming from, I also like the one-file > system configuration, but this is inaccurate. Yes you are right, I completely misrepresented the functionality of the Debian preseed utility, sorry! (...and I used that in a remote past) [...] > installed packages. Right now, Debian’s system allows you to do > things which Guix does not. [...] > means you can use a preseed file to tell the installer to > partition disks, set up LUKS-encrypted volumes (and specify one or > more passwords for them), format those with filesystems Yes, this is what is missing from the Guix installer system > With Debian, I can create a custom installer image with a preseed > file, boot it, and without touching a single other thing, it’ll > install and configure the target machine, and reboot into it. That > boot-and-it-just-works experience is what I want from Guix. I understand that it's just a workaround but you can achieve this boot-and-it-just-works (if there isn't bugs in the script/preseed) experience with a simple bash script to automate "manual installation" I wrote it in bash because I'm not able to write it in Guile and/or extend the "guix system" command to be able to manage the missing bits, but that is a solution (more a workaround now) [...] > There’s no facility for specifying disk partitioning or *creating* > filesystems in the system config -- it can only be pointed at ones > which have been created already. Yes: those facilities are missing, we (still?) cannot do that declaratively... let's do that imperatively, automatically :-) [...] >> I would really Love So Much™ to avoid writing imperative bash >> scripts >> and just write Scheme code to be able to do a "full automatic" >> Guix >> System install, using a workflow like this one: >> >> 1. guix system prepare --include preseed.scm disk-layout.scm >> /mnt >> >> where disk-layout.scm is a declarative gexp used to partition, >> format >> and mount all needed filesystems >> >> the resulting config.scm would be an operating-system >> declaration with >> included the contents of preseed.scm (packages and services >> declarations) >> >> 2. guix system init config.scm /mnt (already working now) >> >> ...unfortunately I'm (still?!?) not able to contribute such code >> :-( >> > > I don’t think there’s any need for a preseed.scm file, and I’m not > sure what would be in that, preseed.scm is "just" the part of "operating-system" declaration without the (bootloader [...]), (file-systems [...]) and (swap-devices [...]) declaration, that is automatically generated by "guix system prepare" based on disk-layout.scm > but I think this is close to the right track. Either operating-system > should be extended to support things like disk partitioning, and > effect those changes at reconfigure time (with suitable safeguards to > avoid wrecking existing installs), I would prefer not, such "reconfigurations" should be done "out of band" and not "in band", IMHO > or the operating-system config could get > embedded in another struct which contains that, similar to the > (image ...) config for `guix system image'. I think there are > some interesting possibilities here: you could change your > partition layout and have Guix resize them Root (/) partition resizing must be done with root unmounted, no? Also, since the resize (shrink?) of filesystem is a very sensitive operation, I'd exclude that from "normal" operations done via "guix system reconfigure"... it's more "guix system prepare..." with one or more disk partitions (i.e. /home) resized/shrinked or kept as is, _without_ file system (re)formatting. One interesting thing that could be done at "guix system prepare" time is to restore one or more filesystem content from a (possibly remote) backup, useful in a disaster recovery scenario. > / create new ones for you. [...] Meanwhile: WDYT to work togheter on a simple _configurable_ bash script to help users automate the very first installation of a Guix System and try to upstream it? Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Guix System automated installation
Hello Ian, I'm a little late to this discussion, sorry. I'm adding guix-devel since it would be nice if some Guix developer have something to add on this matter, for this reason I'm leaving all previous messages intact Csepp writes: > Ian Eure writes: > >> Hello, >> >> On Debian, you can create a preseed file containing answers to all the >> questions >> you’re prompted for during installation, and build a new install image which >> includes it. When booted, this installer skips any steps which have been >> preconfigured, which allows for either fully automated installation, or >> partly >> automated (prompt for hostname and root password, but otherwise automatic). >> >> Does Guix have a way to do something like this? The declarative config is >> more >> or less the equivalent of the Debian preseed file, but I don’t see anything >> that >> lets you build an image that’ll install a configuration. When using the guided installation (info "(guix) Guided Graphical Installation"), right before the actual installation on target (guix system init...) you can edit the operating-system configuration file: isn't it something similar to what you are looking for? Please consider that a preseed file is very limited compared to a full-fledged operating-system declaration since the latter contains the declaration for *all* OS configuration, not just the installed packages. Alternatively, you can use the (info "(guix) Manual Installation") and copy a pre-configured (preseed? :-) ) operating-system file, but you have to be very careful (see (info "(guix) Proceeding with the Installation"). >> I see there’s `guix deploy’, but that requires an already-installed GuixSD to >> work, which isn’t helpful for getting it installed in the first place. >> >> Thanks, >> >> — Ian I'm also interested in a way to fully automate the installation [1] of Guix System hosts and I've developed a small bash script to help me (see below). The idea is to use the script to install a very basic Guix System on the machine and then use "guix deploy" (or deploy "manually") for a full-fledged configuration. My initial motivation was (and sill is the main) to allow me to install Guix Systems on rented hosts (dedicates or VPS) provided by vendors that do not have Guix System in the list of operating systems users can install on their machines: in this case users can boot machines in rescue mode (AFAIU all hosters provide a rescue system) and insall Guix System in a similar way as described in (info "(guix-cookbook) Running Guix on a Linode Server") or (info "(guix-cookbook) Running Guix on a Kimsufi Server") You can find the script here: https://gitlab.com/softwareworkers/swws/-/blob/master/infrastructure/hosts/cornouiller/bootstrap-guix.sh?ref_type=heads (that is the last "version" I used, for now I write a script for every machine I need... I still have to make this script generic putting all needed config variables in an external file) Please consider it's still in early development, although I've already tested it both locally and with real rented machines, both bare metal and VPS. After some tests I realized that with few tests I could use such a script both on a rescue system and when installing using the Guix Installer ISO, selecting a full manual installation, see (info "(guix) Manual Installation"), and then running the script. > guix system image is maybe closer, but it doesn’t automate everything that the > installer does. > But the installer can be used as a Scheme library, at least in theory. The > way > I would approach the problem is by creating a Shepherd service that runs at > boot > from the live booted ISO. I would really Love So Much™ to avoid writing imperative bash scripts and just write Scheme code to be able to do a "full automatic" Guix System install, using a workflow like this one: 1. guix system prepare --include preseed.scm disk-layout.scm /mnt where disk-layout.scm is a declarative gexp used to partition, format and mount all needed filesystems the resulting config.scm would be an operating-system declaration with included the contents of preseed.scm (packages and services declarations) 2. guix system init config.scm /mnt (already working now) ...unfortunately I'm (still?!?) not able to contribute such code :-( Happy hacking! Gio' [1] that means: with almost zero needed intervention by the user... the user just needs to _design_ the installation. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: PostgreSQL 15 service
Hi Mauritz, Mauritz Stenek writes: [...] > However, I get this error (verbatim): > > ``` > # herd start postgres > Service user-homes has been started. > herd: error: exception caught while executing 'start' on service > 'postgres': > Throw to key `%exception' with args `("#<&invoke-error program: > \"/gnu/store/m7dwq55l600g12bzm245zd9ha8v1zvn1-pg_ctl-wrapper\" > arguments: (\"start\") exit-status: 1 term-signal: #f stop-signal: > #f>")'. > ``` > > Any ideas on how to fix this? AFAIU the above error is just saying trat the exit status of pg_ctl-wrapper is 1 (meaning it failed) Can you have a look at the logs, they sould be in syslog (by default, having not defined a specific log-destination configuration) HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: 29.1: tramp: use $SHELL environment variable to start remote shell?
Giovanni Biscuolo writes: [...] > I need my remote profile to be loaded because all hosts I manage have > Guix [2] installed and all needed environment variables are set by the > user profile; here is an example of a "M-x shell" remote connection to a > guix host (foreign distro), the same holds for "M-x eshell": > > --8<---cut here---start->8--- > > /ssh:local.biscuolo.anemone:/localhome/g/ #$ guix describe > guix 3676e31 > repository URL: https://git.savannah.gnu.org/git/guix.git > commit: 3676e312aaf1ce10ed1d7844e871b54e04624098 > /ssh:local.biscuolo.anemone:/localhome/g/ #$ $SHELL -l > (anemone)g@anemone:~$ guix describe > Generation 9 Apr 21 2021 09:23:33(current) > guix 13c4a37 > repository URL: https://git.savannah.gnu.org/git/guix.git > branch: master > commit: 13c4a377f5a2e1240790679f3d5643385b6d7635 > > --8<---cut here---end--->8--- > (as you can see, without proper environment guix is not able to run as > it should) Please forgive me for the noise: the problem is in the environment of (one of) my remote user! I tested again with other users on other hosts and the environment variables of my profile are correctly set. Anyway, the shell I get when connecting is still not fully functional, for example autocompletion does not work (write a substring and then TAB) and also up and down arrow keys do not work (echoes escape sequances instead of showing the shell history) Am I still doing something wrong with my environment? Ouch! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
29.1: tramp: use $SHELL environment variable to start remote shell?
Hello, please is it possible to start a remote shell (and vterm) using the program defined in the $SHELL env variable on the remote host? Alternatively, is there a way to automatically source a remote profile (e.g. .bash_profile) in the remote shell? Short story long (sorry for the long details)... I have this Emacs and TRAMP versions: --8<---cut here---start->8--- (emacs-version) "GNU Emacs 29.1 (build 1, x86_64-unknown-linux-gnu, cairo version 1.16.0)" (tramp-version nil) "2.6.2.0" --8<---cut here---end--->8--- Installed emacs-vterm version: 0.0.2-1.c3a3a23 If I open a remote directory in dired with TRAMP and then connect to a remote host with "M-x shell" or "M-x vterm", the default shell is /bin/sh I can later start my preferred shell with "$SHELL -l" so my shell profile (e.g. .bash_profile) is sourced and all is working as expected [1] I need my remote profile to be loaded because all hosts I manage have Guix [2] installed and all needed environment variables are set by the user profile; here is an example of a "M-x shell" remote connection to a guix host (foreign distro), the same holds for "M-x eshell": --8<---cut here---start->8--- /ssh:local.biscuolo.anemone:/localhome/g/ #$ guix describe guix 3676e31 repository URL: https://git.savannah.gnu.org/git/guix.git commit: 3676e312aaf1ce10ed1d7844e871b54e04624098 /ssh:local.biscuolo.anemone:/localhome/g/ #$ $SHELL -l (anemone)g@anemone:~$ guix describe Generation 9Apr 21 2021 09:23:33(current) guix 13c4a37 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 13c4a377f5a2e1240790679f3d5643385b6d7635 --8<---cut here---end--->8--- (as you can see, without proper environment guix is not able to run as it should) I know that I can customize the remote shell to use by: 1. use "C-u M-x shell" and specify the remote shell to use [3] 2. use connection related information [4] to customize "remote-shell" per-connection (via regexp) but 1. does not vork for vterm and 2. is too complicated for this use case, IMO. Ideally I would like both "M-x shell" and "M-x vterm" to just do "the right thing" and start a remote shell using the remote $SHELL environment variable. Any hint please? Happy hacking, Gio' [1] I mean, is working in the same way I get when connecting with any other terminal emulator [2] some on foreign distro, other on Guix System [3] /bin/bash on foreign distros, /run/current-system/profile/bin/bash on Guix System [4] https://www.gnu.org/software/emacs/manual/html_node/tramp/Predefined-connection-information.html P.S.: yes, still not using eshell as I should! :-( -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: patch question: any tool to download patches from guix patch mailing list?
Hi! Jelle Licht writes: [...] > I know it was already mentioned, but some features were recently added > to piem (patch waiting over at https://issues.guix.gnu.org/64155) to > integrate it with debbugs.el, great! I missed it (v. 0.5.0 released few hours ago [1]); thank you for the patch to the Guix package! > the Emacs debbugs interface. This makes it > (IMHO) a fairly easy to apply some patches locally. > > I have this set up with (something similar to) the following: > --8<---cut here---start->8--- > (setq piem-inboxes > (("guix-patches" > :coderepo ("/home/jlicht/Documents/guix") > :url "https://yhetil.org/guix-patches"; > :listid "guix-patches.gnu.org" > :address "guix-patc...@gnu.org" > :gnu-package "guix-patches"))) > > (require 'piem) > (piem-gnus-mode 1) > (piem-debbugs-mode 1) > > (require 'debbugs) > (defun debbugs-gnu-guix () > "List Guix issues." > (interactive) > (debbugs-gnu '("serious" "important" "normal") '("guix-patches") nil t)) > --8<---cut here---end--->8--- > > With the configuration taken care of, just `M-x debbugs-gnu-guix', > navigate to any issue (just put point on an issue you are interested in) > and run `M-x piem-b4-am'. It should pull down all needed messages (from > yhetil's public inbox mirror), and use some heuristics to apply the most > recent patch revision, taking into account either 'git send-email' or > attachment-based patch series. Thank you for the explanation, it's very valuable since this new feature is not well documented on the pien online manual at https://docs.kyleam.com/piem/ (e.g. https://docs.kyleam.com/piem/Lisp-Function-Index.html mentions piem-debbugs-mode but no other documentation is found) [...] Happy hacking! Gio' [1] https://git.kyleam.com/piem/tree/Documentation/RelNotes/0.5.0.txt -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: patch question: any tool to download patches from guix patch mailing list?
Hi Andy, Andy Tai writes: [...] > (There seems to be tool like b4 or patchworks for Linux kernel > developers and their mailing lists but not sure if similar tools exist > for GNU (or Guix specific) development mailing lists) what you ask has been discussed several times in guix-devel since a smoother "send and recieve patches workflow" is a very common desire :-) I'm still not extensively using the tools I mention in 2. so I have no "hands on" suggestions, I'm currenly using 1 (but still not emacs-piem). 1. use notmuch (possibly with emacs-piem) if already a notmuch user **and** you are subscribed to the patches mailing list, for a single patch you can copy the patch message-id (cI to stash it) and use --8<---cut here---start->8--- $ notmuch show --format=mbox id:XXX | git am for a single patch, or $ notmuch show --format=mbox thread:XXX | git am for a whole series --8<---cut here---end--->8--- (https://notmuch.notmuchmail.narkive.com/V2cK3dJb/handling-patch-from-mail) if you are comfortable with emacs, emacs-piem can be used as a frontend to apply patches from a Notmuch (or Gnus) buffer (or editable pop up mbox buffer): https://docs.kyleam.com/piem/Applying-patches.html#Applying-patches 2. Use b4 and public-inbox related tools the advantage of b4 is that you are not "forced" to be subscribed to the patches mailing list(s) since it can apply patches from a public-inbox backed mailing list https://yhetil.org/guix/20201114003906.25111-1-k...@kyleam.com/ This is a thread that explains how to use b4 with the guix-patches (unofficial) public-inbox, this is an executive summary: --8<---cut here---start->8--- $ # in the guix repo $ git config b4.attestation-policy off $ git config b4.midmask https://yhetil.org/guix-patches/%s $ b4 am --8<---cut here---end--->8--- If you use Emacs there is a frontend: emacs-piem 3. keep looking at mumi recently (April 2023 [1]) the "mumi send-email" CLI was added to help in /sending/ patches maybe one day a CLI will be added to ""mumi git-am" in a similar way as the workflow in 1. On May 2022 [2] Ludovic sent a "super-early-draft" of a "guix review" command on the guix-devel mailing list and there was some consensus that it should become "mumi review", but no development was done since then AFAIK HTH, Happy hacking! Gio' [1] https://yhetil.org/guix/87mt2xiab3@systemreboot.net [2] https://yhetil.org/guix/87a6btymzz@gnu.org -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: stateful caches (was Re: OBS Studio memory leak)
Hi! Guillaume Le Vaillant writes: [...] > I used gdb on versions of mesa and vlc with debug symbols: > > --8<---cut here---start->8--- > guix build --with-debug-info=mesa --with-debug-info=vlc vlc > > gdb /gnu/store/...-vlc-3.0.18/bin/.vlc-real > (gdb) run some-video.mkv > --8<---cut here---end--->8--- > > Then I sent a SIGSTOP signal to the vlc process, and in gdb I looked at > the backtrace of all the threads of vlc. got it, thanks! [...] >> do you think this bug (is it a bug, right?) needs to be reported >> upstream? > > I guess it would be better if the code reading the shader cache was more > robust when reading possibly incompatible or corrupted data. However > I have not tried more recent versions of mesa, maybe they are better at > it... > > And it seems that Maxim has already reported the issue upstream, > see <https://issues.guix.gnu.org/63197> oh I missed it: I'll make my comments in that issue then, thanks! > and <https://gitlab.freedesktop.org/mesa/mesa/-/issues/8937> I see Happy hacking. Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
stateful caches (was Re: OBS Studio memory leak)
Hi Guillaume Le Vaillant and Guix Devels, sorry for cross-posting but IMHO the workaround you found [1] for the memory leak affecting a number of media processing applications is of interest for many people potentially not subscribed to help-guix AFAIK this was not filed as a Guix bug Guillaume Le Vaillant writes: > Ott Joon skribis: > >> Hey >> >> Tried the same thing in VLC and it freezes on GPU accel and starts >> leaking memory while also becoming hard to kill. Maybe this also >> explains why some mpv GPU accel settings don't work also in the exact >> same way. I have an AMD RX 6900 XT on this machine. [...] > It looks like an issue with the shader cache of mesa. > After clearing it, I don't see the memory leak anymore. good catch: please can you tell us how you managed to spot that problem? Did you straced it or did yoy find a related mesa bug report? do you think this bug (is it a bug, right?) needs to be reported upstream? I'm asking this because I "feel" we (I mean Guix users) could do something to help upstream removing this "status mismanagement" > Could you try doing a "rm -r $HOME/.cache/mesa_shader_cache/*" and see > if it also solves the issue for you? AFAIU this is "just" another instance of the "mismanaged state" error class, like the one(s) discussed back in Oct 2019 [2] and probably periodically recurring since the beginning of some (many) the upstream applications lifecycle. Back then, Efraim Flashner was using this snippet [2] in his OS-config: --8<---cut here---start->8--- ;; This directory shouldn't exist (file-system (device "none") (mount-point "/var/cache/fontconfig") (type "tmpfs") (flags '(read-only)) (check? #f)) --8<---cut here---end--->8--- It seems that a similar snippet could also be useful for all "~/.cache/*" :-O Happy hacking! Gio' [1] message id:87y1kozvny@robbyzambito.me [2] message id:20191018073501.GB1224@E5400 -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: nudging patches
Hello Remco, sorry for cross posting to guix-devel but I think this is more a devel (committers needing help) discussion than a user (needing help) one :-) Remco van 't Veer writes: > Hi, > > What's the preferred / politest way to draw attention to patches (and / > or bugs) which seem to have been overlooked? AFAIU send an email ping to the patch/bug, possibly Cc-ing the related team [1] > And while I have your attention and you're wondering which patches I'd > like to promote.. 😉 > > - #62557 [guix-patches] > [PATCH] gnu: ruby-2.7-fixed: Upgrade to 2.7.8 [fixes CVE-2023-{28755, > 28756}] > - #62558 [guix-patches] > [PATCH] gnu: ruby-3.0: Upgrade to 3.0.6 [fixes CVE-2023-{28755, 28756}]. > - #62559 [guix-patches] > [PATCH] gnu: ruby-3.1: Upgrade to 3.1.4 [fixes CVE-2023-{28755, 28756}]. > - #62561 [guix-patches] > [PATCH] gnu: ruby-3.2: Upgrade to 3.2.2 [fixes CVE-2023-{28755, 28756}]. > > They still apply cleanly on master. This is the current Ruby team: id: ruby name: Ruby team description: scope: "gnu/packages/ruby.scm" "guix/build/ruby-build-system.scm" "guix/build-system/ruby.scm" "guix/import/gem.scm" "guix/scripts/import/gem.scm" "tests/gem.scm" members: + Christopher Baines > But seriously, what is the preferred way to do this? HTH! Gio' [1] https://guix.gnu.org/en/manual/devel/en/html_node/Teams.html#Teams -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Racket REPL not working
Hello, Efraim Flashner writes: [...] > I was able to run 'guix shell racket -- racket --version' with it > segfaulting. Same thing when I switched to using the same commit that > you're using. I'm using this Guix commit: --8<---cut here---start->8--- Generation 149 May 08 2023 13:31:35(current) guix e118b92 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: e118b92cfe7a598b71dbbda2622b7551f4a72104 --8<---cut here---end--->8--- I'm on a foreign distro (Debian 11), I've tested racket in a pure/not-pure guix shell and it is working, no segfaulting > Can you paste the output of 'lscpu'? I suspect that there might be some > optimizations being applied during build time and it's been optimized > with features not available in your CPU. This is my lscpu output: --8<---cut here---start->8--- giovanni@roquette: lscpu Architecture:x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian Address sizes: 36 bits physical, 48 bits virtual CPU(s): 8 On-line CPU(s) list: 0-7 Thread(s) per core: 1 Core(s) per socket: 8 Socket(s): 1 NUMA node(s):1 Vendor ID: GenuineIntel CPU family: 6 Model: 77 Model name: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz Stepping:8 CPU MHz: 1899.896 CPU max MHz: 2400, CPU min MHz: 1200, BogoMIPS:4799.73 Virtualization: VT-x L1d cache: 192 KiB L1i cache: 256 KiB L2 cache:4 MiB NUMA node0 CPU(s): 0-7 Vulnerability Itlb multihit: Not affected Vulnerability L1tf: Not affected Vulnerability Mds: Mitigation; Clear CPU buffers; SMT disabled Vulnerability Meltdown: Mitigation; PTI Vulnerability Spec store bypass: Not affected Vulnerability Spectre v1:Mitigation; usercopy/swapgs barriers and __user pointer sanitization Vulnerability Spectre v2:Mitigation; Full generic retpoline, IBPB conditional, IBRS_FW, STIBP disabled, RSB filling Vulnerability Srbds: Not affected Vulnerability Tsx async abort: Not affected Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_pe rfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 movbe popc nt tsc_deadline_timer aes rdrand lahf_lm 3dnowprefetch cpuid_fault epb pti ibrs ibpb stibp tpr_shadow vnmi flexpriority ept vpid tsc_adjust smep erms dtherm arat md_clear --8<---cut here---end--->8--- HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
cpp-mustache-4.1 build fails
Hello thank you very much Hubert for your report: errors like the one you found (packages build failures) are bugs, next time please report them to bug-g...@gnu.org; better to close a non-bug than to miss an actual one ;-) As you can see I've now filed a new bug: bug#63551 Thank you also to Vagrant and Denis for the heads up, please submit further comments or patches to 63...@debbugs.gnu.org Denis 'GNUtoo' Carikli writes: [...] > There are several approaches here and I've patches for two of them if > needed (I've attached them): > (1) backport some upstream patches: > - There are 2 catch2 updates, they can be squashed into 1 patch > - We also need a patch for fixing unused variables. > (2) Update cpp-mustache: There is an upstream commit > > (https://github.com/kainjow/Mustache/commit/4ed8c0b5a2a43d59394bd6900dc04e738dbf8c02) > that change some version string. I've asked upstream if that was > the 5.0.0 release but so far I got no answer. > https://github.com/kainjow/Mustache/issues/65 > > (1) is 0001-gnu-cpp-mustache-fix-build-with-newer-glibc.patch > (2) is 0001-bug-reported-upstream-for-release-info-gnu-cpp-musta.patch > > I didn't share the patches yet because I was waiting on upstream to > clarify the situation with the lack of 5.0.0 tag. Please do not wait for an official upstream "release" (git tag, actually) for cpp-mustache, I guess upstream just forgot to tag it: Guix is full of "not officially" released or properly tagged packages, sources are often taken from carefully selected git commits (I've recently proposed a patch for dia, that is in a very similar situation) Since commit 4ed8c0b is setting version to 5.0.0 and that version works (does it?), I'd go for an "update to 5.0.0" patch My two cents. [...] Happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Frescobaldi manifest can’t be updated
Hello Gottfried, Gottfried writes: > my Lilypond manifest could not be updated. (since weeks) > Frescobaldi can’t be build. (python-poppler) > May be somebody know why? I also tried to build [1] frescobaldi and the build failed, but it was caused by python-pyportmidi-217 (see bug#63548) and not python-poppler Nevertheless, also the build of python-poppler-qt5 (/gnu/store/1jv6lwkfqpjy2jqifs3xjpp7xjz6sw7d-python-poppler-qt5-21.1.0.drv) is failing the same way you are reporting: [...] > /gnu/store/pzlvgglsbwjkgn9x25bfgni2836ch3i3-python-sip-4.19.25/bin/sip > -I /gnu/store/dy3xh053ahkhrp2jamggq8cpsyvp8mg0-python-3.10.7/share/sip > -t POPPLER_V21_01_0 -x QTXML_AVAILABLE -c > build/temp.linux-x86_64-cpython-310 -b > build/temp.linux-x86_64-cpython-310/poppler-qt5.sbf -I > > /gnu/store/7a5cx6yzn5i5cvqm5mg0138dyhy2jcgc-python-pyqt-5.15.9/share/sip > -n PyQt5.sip -t Qt_5_15_8 -t WS_X11 poppler-qt5.sip > sip: Unable to find file "QtCore/QtCoremod.sip" > > error: command > '/gnu/store/pzlvgglsbwjkgn9x25bfgni2836ch3i3-python-sip-4.19.25/bin/sip' > failed with exit code 1 > > error: in phase 'build': uncaught exception: [...] so I filed a new bug: #63549 Sorry I'm not able to propose patches for both packages. HTH! Gio' [1] "./pre-inst-env guix build frescobaldi" in a Guix checkout -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: to enable all profiles at login time
Hi Gottfried I guess you are on a foreign distro Gottfried writes: [...] > but when starting MATE Desktop all my profiles are not enabled. graphical sessions environment is not controlled by .bash_profile (or .profile) If your distro works like Debian [1], try to add this to your ~/.xsessionrc: if [ -f ~/.bash_profile ]; then . ~/.bash_profile fi Details here: https://wiki.debian.org/Xsession#User_configuration [...] Happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: mbsync with XOAUTH2 SASL mechanism
Hi Timo, Timo Wilken writes: [...] > Instead, I ended up "borrowing" Thunderbird's client key and secret, > which has worked fine so far. > > Maybe I'm being a bit paranoid, but I don't want to post the literal > key here. You can copy it from mailnews/base/src/OAuth2Providers.jsm > in Thunderbird's source tree (look for "login.microsoftonline.com" in > the kIssuers variable near line 140). thanks for sharing this trick! this adds a big dependency in our software stack, but it works, so why not! :-) a couple questions: - have you tried getmail6 with the mentioned howto? - to refresh the tokens do you have to periodically run Thunderbird? Thanks! Gio' [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: mbsync with XOAUTH2 SASL mechanism
Hi, Giovanni Biscuolo writes: [...] > This howto is for getmail 5.6 but AFAIU should also work for getmail6 > (it's mentioned in the official getmail6 documentation [1]) I forgot to mention the howto! https://www.bytereef.org/howto/oauth2/getmail.html it contains detailed instructions on how to configure getmail to get the initial access and refresh tokens (they must be periodically "manually" refreshed, unfortunately) HTH! Gio' [...] > [1] https://getmail6.org/configuration.html#retriever-parameters (search > for "use_xoauth2" -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: mbsync with XOAUTH2 SASL mechanism
Hello Peter, have you solved your problem? I never tested this, but I'll have to do... Peter Polidoro writes: > I am trying to setup an oauth2 email account to work with Emacs > using mbsync (from the isync guix package) and mu4e. [...] > What is the proper Guix way of getting mbsync to work with > XOAUTH2? Should I try to package cyrus-sasl-xoauth2 or modify the > isync package or something else? Thanks! I can't help with packaging and integrating cyrus-sasl-xoauth2 with isync but maybe getmail6 (packaged in Guix) is able to get your emails from your enterprise IMAP server This howto is for getmail 5.6 but AFAIU should also work for getmail6 (it's mentioned in the official getmail6 documentation [1]) Last but not least, please consider that if you can (and if your company server/postmaster allows it) it's much better to use an "app password" method instead of Oauth2 https://pypi.org/project/getmail/#oauth2-privacy-policy HTH! Gio' P.S.: please give us feedback if you can, I think your is a common problem among Guix users [1] https://getmail6.org/configuration.html#retriever-parameters (search for "use_xoauth2" -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
declarative containers (was Re: [EXT] Re: Enterprise Guix Hosting?)
Hello everybody, (this is an old thread started on help-guix [1]) Ludovic Courtès writes: > "Thompson, David" skribis: > >> On Wed, Aug 31, 2022 at 2:40 AM Ricardo Wurmus wrote: >>> >>> Another thing that seems to be missing is a way to supervise and manage >>> running containers. I use a shepherd instance for this with >>> container-specific actions like this: [...] >> Hey that's a real nice starting point for a container management tool! >> So maybe there should be a system service to manage containers and >> then a 'docker compose'-like tool for declaratively specifying >> containers and their network bridging configuration that is a client >> of the service? > > Agreed! We could turn Ricardo’s code into ‘container-guest-service’ or > something and have ‘containerized-operating-system’ add it > automatically. please there was some progress with this service? once done, could it be possible to declaratively start a whole network of containers using a dedicated home-service, or containerized-operating-systems (also on foreign distros)? right now with "guix system container" we can imperatively manage (start/stop, connect to the console with nsenter) and connect them to the network [2], Ricardo showed us how he do it programmatically; having a declarative interface (os-records) whould be awesome! I'm very interested and willing to test it, if needed thanks! Gio' [1] id:878rn4syql@elephly.net [2] thank you Ricardo for the cookbook section! https://guix.gnu.org/en/cookbook/en/guix-cookbook.html#Guix-System-Containers -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
use guix shell with a file (e.g. tissue.scm)
Hi, I just want to share with you a temporary solution for users who wish to try out tissue or other packages before they are included in Guix upstream. ...and yes, unlike me advanced Guix users may find this obvious :-) Put this file (use-modules (gnu packages autotools) (gnu packages gettext) (gnu packages guile) (gnu packages guile-xyz) ((gnu packages skribilo) #:prefix guix:) (guix build-system gnu) (guix gexp) (guix packages) (guix git-download) ((guix licenses) #:prefix license:)) (define skribilo-latest (let ((commit "621eb1945aec8f26f5aee4bdf896f2434e145182") (revision "1")) (package (inherit guix:skribilo) (name "skribilo") (version (git-version "0.9.5" revision commit)) (source (origin (method git-fetch) (uri (git-reference (url "https://git.systemreboot.net/skribilo";) (commit commit))) (file-name (git-file-name name version)) (sha256 (base32 "16rdcvszl9x183y32hjdwns0lkrvkmwd2fsshymspb12k4cxj6i4" (native-inputs `(("autoconf" ,autoconf) ("automake" ,automake) ("gettext" ,gnu-gettext) ,@(package-native-inputs guix:skribilo)) (define tissue (let ((commit "6d6285d071132960835f848a1703faaea2356937") (revision "3")) (package (name "tissue") (version (git-version "0.1.0" revision commit)) (source (origin (method git-fetch) (uri (git-reference (url "https://git.systemreboot.net/tissue";) (commit commit))) (file-name (git-file-name name version)) (sha256 (base32 "1dlcy7m4gz1vmklyny4mxky9822q5hjc4qdmn42yf2qvh8xy62g5" (build-system gnu-build-system) (arguments (list #:make-flags #~(list (string-append "prefix=" #$output)) #:modules `(((guix build guile-build-system) #:select (target-guile-effective-version)) ,@%gnu-build-system-modules) #:phases (with-imported-modules '((guix build guile-build-system)) #~(modify-phases %standard-phases (replace 'patch-source-shebangs (lambda* (#:key inputs #:allow-other-keys) (substitute* "bin/tissue" (("^exec guile") (string-append "exec " (search-input-file inputs "/bin/guile")) (delete 'configure) (add-after 'install 'wrap (lambda* (#:key inputs outputs #:allow-other-keys) (let ((out (assoc-ref outputs "out")) (effective-version (target-guile-effective-version))) (wrap-program (string-append out "/bin/tissue") `("GUILE_LOAD_PATH" prefix (,(string-append out "/share/guile/site/" effective-version) ,(getenv "GUILE_LOAD_PATH"))) `("GUILE_LOAD_COMPILED_PATH" prefix (,(string-append out "/lib/guile/" effective-version "/site-ccache") ,(getenv "GUILE_LOAD_COMPILED_PATH"))) (inputs (list guile-3.0 guile-filesystem guile-git guile-xapian)) (propagated-inputs (list skribilo-latest)) (home-page "https://tissue.systemreboot.net";) (synopsis "Text based issue tracker") (description "tissue is a text based issue tracker.") (license license:gpl3+ tissue in your preferred directory (~/guix/unpackaged/ in the example below) and then: --8<---cut here---start->8--- guix shell -f ~/guix/unpackaged/tissue.scm -- tissue help --8<---cut here---end--->8--- The first time the package(s) gets compiled, so it'll take as time as needed, from the second time onwards the guix shell cache will do its job and the command will run immediatly. With this trick you can use Guix to install tissue [1] and use it for your project - or tissue issues [2] - before tissue is packaged in Guix. «One Guix to rule them all» :-D Happy hacking! [1] even on foreign distros obviuosly [2] web view: https://issues.genenetwork.org/?type=open-issue -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: How to install guix system from existing linux with guix package manager?
Hi kiasoc5, kias...@disroot.org writes: [...] >> I never tried this, but beware that the UID and GID of user(s) in >> your new Guix System sould be the very same of the arch system to be >> able to access homes, /including/ Guix profiles of users (stored in >> /home/$USER...) > > Yes, I believe most Linuxes set the first created user to a UID and > GID of 1000, so hopefully this is not an issue. Automatic UID and GID assignemt works that way /but/ when migrating/sharing an OS that's not deterministic and I strongly suggest you to use the "source system" (arch in your case) UID and GID in your target system (Guix System in your case) >> Important: if you want to be able to share the store between the two >> systems you should also share the /status/ of Guix, stored in >> LOCALSTATEDIR/guix/ (usually /var/guix), since it contains a lot of >> useful data and AFAIU it must be kept in sync between the foreign distro >> and the Guix System [1]. This is the most critical part about being >> able to share Guix between two different host operating systems. > > Should I make /var/guix a subvolume as well? Oh yes, I forgot to mention this! Both /gnu/store and /var/guix must be shared so you need a dedicated block device: partition or LVM/btrfs (sub)volume. An alternative could be to bind mount /gnu/store and /var/guix on the "target system" [1] (Guix System in your case)... but IMHO the dedicated block device is better for dual (multiple) boot systems like in your case > ALso the only directory in /gnu is /gnu/store right? So I could just > have an @gnu subvolume mounted on /gnu instead of a @gnu-store > subvolume mounted on /gnu/store? AFAIK /gnu is still not used by any other software to store files, but it could be in the future... who knows? For this reason I'd share only /gnu/store for Guix and nothing more, eventually sharing other /gnu/folders in the future, IF needed. >> Last but not least, once you have installed Guix System you have to >> decide what manages your GRUB configuraton: Guix System or arch, you >> cannot share the grub config between the two; Guix System have a >> stateless GRUB config (and it' good and fair) so I suggest you to use it >> for GRUB configuration, but if you decide to keep using arch this is a >> good tip: https://yhetil.org/guix/20181031125428.GA814@doom/ > > Thanks for the tip. What if I install another bootloader on Arch like > systemd boot? Then there will not be a bootloader conflict and I can > select one with efibootmgr. Yes of course you can always select your preferred boot mamager with efibootmgr, but I'm lazy and I like to have GRUB manage all my OSs :-) > May 28, 2022, 10:51 AM, "Giovanni Biscuolo" mailto:g...@xelera.eu?to=%22Giovanni%20Biscuolo%22%20%3Cg%40xelera.eu%3E > > wrote: [...] >> As a side note, you could also consider to switch to Guix System and >> keep your foreign distro running as an LXC container sharing store and >> state with the host, but you have to be familiar with LXC tooling [1] >> AND know how to "convert" a "physical" machine to an LXC container [2], >> giving the guests acces to the host GPU [3] for graphical applications >> or using remote dektop applications like SPICE or VNC... it's a little >> bit complex but pure fun! > > Would an LXC approach require two graphics cards? I only have an > integrated GPU. No, you can share your GPU with guests or connect to guests using remote desktop, as mentioned above ;-) Happy hacking! Gio' [1] I'm using this technique in my LXC containers, excerpt from one config: --8<---cut here---start->8--- lxc.mount.entry=/gnu/store gnu/store none ro,bind 0 0 lxc.mount.entry=/var/guix var/guix none bind 0 0 --8<---cut here---end--->8--- -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: How to install guix system from existing linux with guix package manager?
Hello kiasoc5, this morning I realized that... Giovanni Biscuolo writes: [...] >> WDYT? any tips/suggestions? > > I never tried this, ehrm: it's false :-O Actually I'm using a shared store AND "LOCALSTATEDIR/guix/" (usually /var/guix) between my host OS and all my LXC containers, it's something I learned by adapting Ludo' and Ricardo notes on installing Guix on a cluster; please see this message (it was Feb 2019, I forgot I wrote that) for details and pointers to the relevant documentation: https://yhetil.org/guix/87h8d8dl6d@roquette.mug.biscuolo.net/ In your case the "store and state sharing" systems are not running and at the same time like on a cluster, but from a systemistic point of view it's (almost) the same thing some of us are already doing in their setup. Please pay attention: you can skip the setup of guix-daemon on client (compute) nodes since... you have no clients :-), but you should keep guix-daemon updated (as root, sudo -E...) on both dual-boot operating systems to avoid potential problems due to changes in state data format and/or API. Obviously also consider all the caveats I mentioned in my previous message. As a side note, you could also consider to switch to Guix System and keep your foreign distro running as an LXC container sharing store and state with the host, but you have to be familiar with LXC tooling [1] AND know how to "convert" a "physical" machine to an LXC container [2], giving the guests acces to the host GPU [3] for graphical applications or using remote dektop applications like SPICE or VNC... it's a little bit complex but pure fun! [...] Please keep us updated on your progress! Happy Hacking! Gio' [1] see info '(guix) Virtualization services' [2] this is a sort of howto: https://askubuntu.com/questions/680608/how-to-migrate-physical-12-04-machine-into-lxc [3] https://bookstack.swigg.net/books/linux/page/lxc-gpu-access -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: How to install guix system from existing linux with guix package manager?
Hello kiasoc5, IMHO what you are trying to do is an interesting path to... ascension :-) For my desktop and laptop I'm still using Guix on top of a foreign distro (Debian) because... I'm conservative :-D, so I'd very much like to have a way to try to slowly switch to Guix System with the "safety net" to be able to boot my current system if I'm in trouble; this way also I can spare some cash avoiding to buy a new dedicated machine for this experiments. kias...@disroot.org writes: [...] > @guix-root is mounted on / on guix system > @gnu-store is mounted on /gnu/store on guix system and shared between > arch and guix > @home is mounted on /home and shared between arch and guix > > So I think the steps are as follows: > 0. backup data (just in case) Also backup /var/guix so you should be able to restore a working Guix status (with working I mean in your current foreign distro) > 1. move /gnu/store to subvolume > 2. install Guix system manually with the following file systems: > > (mapped-devices > (list (mapped-device > (source (uuid "my-uuid")) > (target "cryptroot") > (type luks-device-mapping > > (file-systems (append >(list (file-system [...] >%base-file-systems)) In your snippet config you missed to mount /home ;-) (you also need to configure GRUB for dual boot, but I guess you know) > 3. configure uefi to boot guix grub by default > > WDYT? any tips/suggestions? I never tried this, but beware that the UID and GID of user(s) in your new Guix System sould be the very same of the arch system to be able to access homes, /including/ Guix profiles of users (stored in /home/$USER...) Important: if you want to be able to share the store between the two systems you should also share the /status/ of Guix, stored in LOCALSTATEDIR/guix/ (usually /var/guix), since it contains a lot of useful data and AFAIU it must be kept in sync between the foreign distro and the Guix System [1]. This is the most critical part about being able to share Guix between two different host operating systems. Last but not least, once you have installed Guix System you have to decide what manages your GRUB configuraton: Guix System or arch, you cannot share the grub config between the two; Guix System have a stateless GRUB config (and it' good and fair) so I suggest you to use it for GRUB configuration, but if you decide to keep using arch this is a good tip: https://yhetil.org/guix/20181031125428.GA814@doom/ There's nothing else it comes to my mind now regarding this "migrate and share path" AFAIU with the above caveats, you should be able to "share Guix" between the two systems in dual boot. Please let me know your progresses, I'm interested! Happy Hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: /gnu/store
Hello Gottfried, are you using Guix System or Guix on a foreign distro? Gottfried writes: > Hi Guixers, > After guix pull und guix update I have a new Emacs Version, Emacs 28 > > 1. My earlier created icon for emacs, in Mate Desktop, opens the older > Version Emacs 27.2 > How to fix it? have you tried logging out and in? > 2. Opening /gnu/store/ in Mate Caja (File Manager) takes ages. AFAIK it takes ages in every file manager you'd better use "find" (man find) from your terminal if you want to find a package in /gnu/store, see below > To look for a the Emacs 28.1 file takes also ages. What is "the Emacs 28.1 file"? > Is there a quicker way to search for some directories in /gun/store? > May be in the terminal emulator? With which commands? yes: use the CLI in a terminal to have the (too long) directory listing: "ls -lah /gnu/store" to serach for every first level only directory having "emacs" in its name under /gnu/store: "find /gnu/store -maxdepth 1 -type d -name '*emacs*'" then you can inspect the store for each installed package, e.g. "/gnu/store/r1zd92x4bh8zfz16rj9gh66pr950x2zr-emacs-guix-0.5.2-5.c9aef52" with ls or Caja if you want > I want to change the command for opening emacs in the starter,now > version 27.2 change into emacs 28. So that the emacs icon in the toolbar > opens Emacs 28. Or is the simplest way deleting the icon and after every > new emacs version creating a new icon? You cannot change the .desktop files used to start applications installed via Guix since they are stored read-only in the store It's "just" a matter to refresh your graphical menu an usually we need to logout and login (at least on a foreign distro) > If I do a "emacs -ProfileManager" it opens the emacs 28 AFAIU you are starting emacs from a terminal, and yes: it starts emacs 28 because it does not use the *.desktop file used by the graphical menu (which have the 27.2 version hardcoded in it) > but does not give me a possibility to set a new Profile. AFAIK "ProfileManager" is not a valid emacs option :-) > 3. Can somebody explain to me the structure of /gnu/store? Please read the Guix manual at "8.9 The Store" AFAIK the store is set read-only **but** in any case /do not/ directly write to the store, it is accessed by the guix-daemon via the various "guix..." command use the guix cli (or the great emacs-guix interface [1]) to explore your packages (et al) [...] > The date is allways the same, it's a reproducibility requirement: our software is /eternal/ B-) [...] > thanks in advance > I am "hacking" at the basics > Gottfried Happy hacking! Gio' [1] I had to apply a workaround to make it working https://issues.guix.gnu.org/55013#2 [...] -- Giovanni Biscuolo Xelera IT Infrastructures
Re: Screen sharing ungoogled-chromium
Hi phodina this sounds like an upstream bug, or do you think it depends on Guix packaging? phodina via writes: > Hi, > > I'm attempting to share my screen in the chromium browser (100.0.4896.127-1). > > I've enabled the #enable-webrtc-pipewire-capturer flag and I also have > xdg-desktop-portal install on my Guix System. > > However, when I click in Teams do you mean Microsoft Teams? I never used that service, sorry I cannot help here. [...] > Does somebody use the screen sharing feature? I regurarly use the screen sharing feature in Jitsi and it works out of the box (some previous ungoogled-chromium had issues with video on Jisti, depending on servers) HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
SOLVED: Re: nheko and quaternion: completely black chat area
Hello Guix, Giovanni Biscuolo writes: [...] > So it seems to be related to my LTSP session AND to Something™ my > (Guix?) environment... but can't figure out what. Since my LTSP terminal is not 3D capable I have to enable the Qt Quick 2D Renderer [1] by setting this env variable in my profile: --8<---cut here---start->8--- export QMLSCENE_DEVICE=softwarecontext --8<---cut here---end--->8--- This way I'm now able to use nheko (and quaternion... and other Qt Quick based apps I guess) also on my 2D LTSP terminal. Happy hacking! Gio' [1] https://doc.qt.io/QtQuick2DRenderer/ -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
LTSP related Re: nheko and quaternion: completely black chat area
Giovanni Biscuolo writes: [...] > The apps are running fine, including authentication and send messages > /but/ the chat area [1] is completely black and I cannot read anything > in it. > > The strange thing is that on my laptop, configured (almost) the same and > also with Guix on top of Debian 10 both applications are running fine, I > mean the message chat box is readeable. One more info to add: my desktop is a LTSP server (in a LXC container) and I connect to it with a thin client, it's working well since many years. There's another strange thing: if I connect from my laptop to my desktop with ssh (and X11 forwarding) I can run both nheko and quaternion without problems, I mean: the chat area is NOT black. So it seems to be related to my LTSP session AND to Something™ my (Guix?) environment... but can't figure out what. ...still investigating... [...] Happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
nheko and quaternion: completely black chat area
Hello Guix users, I'm running Guix on Debian 10 and I'm experiencing a strange problem both with nheko and quaternion, both matrix chat protocol clients and both qt5 GUI based. I've installed both of them via manifest from a very recent commit I've pulled today: --8<---cut here---start->8--- Generation 122 lug 08 2021 13:31:51(current) guix 94f772d repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 94f772dad8cb1064d0e8cf11285ad9963ba00224 --8<---cut here---end--->8--- The apps are running fine, including authentication and send messages /but/ the chat area [1] is completely black and I cannot read anything in it. The strange thing is that on my laptop, configured (almost) the same and also with Guix on top of Debian 10 both applications are running fine, I mean the message chat box is readeable. I've also tried to compare the nheko /proc//environ on the two hosts but AFAIU there are no meaningful differences. I've also installed the nheko deb package via apt and with that I do not have the "black chat area" problem, so it seems related to Guix and to the environment... but I'm not qt5 expert so I'm just trying to guess... with no success. Any hint please? Thanks! Gio' [1] the one with the messages list you can see in this upstream screenshot: https://nheko-reborn.github.io/images/screenshots/chat-resized.png -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: XDG_... env variables in root
Hi Hamzeh, "Hamzeh Nasajpour" writes: [...] > Seems that this is relevant to way of switching user which I used. I > was using `su` for switching as `root` and just now I found that there > are some differences between `su` and `su -`. With using of `su -` the > `XDG_...` env paths are correct: Yes, that was the issue, I was not thinking about it when I first replied. Regards, Gio' [...] -- Giovanni Biscuolo Xelera IT Infrastructures
Re: XDG_... env variables in root
Hello Hamzeh, "Hamzeh Nasajpour" writes: [...] > but another issue is these are env variables in `root`. My main issue > is why these variables in `root` point to `USER` paths? please can you show us only the relevant parts [1] of your bash profile (or other shell profile) for "user" and "root"? Thanks, Gio' [1] I mean the one setting GUIX related env variables -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Emacs config for "traditional" or Guix environment?
Hello Simon, thank you for your patience and tips! This is a follow-up of things discussed in bug#43243 (now resolved). I'm posting this to help-guix in case someone finds it useful. This is a *very* quick summary of my bug report: I had a strange error with elfeed-org and after some investigation I realized I was still using old packages loaded from my ~/.emacs.d/elpa directory, installed using "use-package" before migrating to Guix's Emacs; I removed that directory and all is running as before. During the investigation I sent my redacted init.el, Simon commented it. The following is my follow-up. zimoun writes: > Dear, > > On Fri, 02 Oct 2020 at 20:08, Giovanni Biscuolo wrote: [...] >> ;; -*- mode: emacs-lisp -*- >> (unless (require 'guix-emacs nil 'noerror) >> (package-initialize)) >> (unless (require 'guix-emacs nil 'noerror) >> ;; package archives >> (when (>= emacs-major-version 24) >>(require 'package) >>(setq package-archives >>'(("GNU_ELPA" . "https://elpa.gnu.org/packages/";) >> ("org" . "https://orgmode.org/elpa/";) >> ("MELPA_Stable" . "https://stable.melpa.org/packages/";) >> ("MELPA". "https://melpa.org/packages/";)) >>package-archive-priorities >>'(("GNU_ELPA" . 15) >> ("org" . 10) >> ("MELPA_Stable" . 5) >> ("MELPA". 0) > > From my experience, I do not mix packages from Emacs archives and from > Guix because it often leads to weirdness –– unexpected behaviour at > least… Yes I perfectly understand that: *never* mix packages. What you see (and still I am using) is my attempt for a smooth migration from my "Debian+use-package" Emacs installation to a pure Guix one; since I'm using the same environment (packages+config) on all my machines *and* I'm quite conservative I wanted a configuration that "Just Worked" in all my environments (via git controlled dotfolder). This "multi enviroment" trick was suggested by a smart Emacs user: --8<---cut here---start->8--- (if (require 'guix-emacs nil 'noerror) ; Code for Guix Emacs ; Code for non-Guix Emacs ) --8<---cut here---end--->8--- and I adapted it to my needs without actually fully understand how it works :-O ...and it actually worked during my transition to a full Guix Emacs install, being a transition from a Debian+use-package 26.3 to the same version on Guix. Anyway, as far as I see, my current usage of "(unless (require 'guix-emacs nil 'noerror)..." actually prevents any code to be evaluated in my Guix Emacs environment. > Personally, I have removed the use of all the ‘package.el’ > functions and only use packages ’emacs-*’ from Guix and then configure > them using ’with-eval-after-load’. I'm considering this, also, since now I do not need my old "multi env" config anymore and I like simple and clean solutions, easier to debug. Guix is the solution to package management, I migrated, forget the past. Full stop. :-D [...] > (Note I do not know about TRAMP, so maybe ’tramp-remote-path’ should be > evaluated at init time and not at use time. Aside the fact that TRAMP > is part of vanilla Emacs, AFAICT.) Yes it is part of vanilla Emacs but the upstream author suggested me to install the upstream version, that solved an issue I had with /adb:/ on 26.3 vanilla Emacs from Guix. [...] > From my understanding, you are misusing ’use-package’. Or you could > rewrite: > > (with-eval-after-load 'org > (require 'org-tempo)) > > (And I am personally doing that.) [...] > Last, your starting time should be pretty long, right? Hum? IMHO, it > could be really faster if you use ’with-eval-after-load’ or > ’(use-package foo :defer t …)’ and so enjoy the speedup by “lazy” > evaluation. Thank you, I'll study with-eval-after-load. Fast starting time is absolutely not a priority for me, I usually use Emacs in daemon mode for several days... but it surely helps. [...] Thanks a lot! Giovanni. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: are gnutls binaries available in guix?
Hi Tobias Tobias Geerinckx-Rice writes: [...] > ‘guix environment gnutls’ doesn't provide gnutls; ‘gnu environment > --ad-hoc gnutls’ does. Oh my… "guix environment " provides an augmented environment needed TO BUILD , it DOES NOT add the package to the environment: I should self-repeat that 42 times more. Thanks! Gio' aka "Guix Fu Panda" :grin: -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
are gnutls binaries available in guix?
Hello guix, please how can I install the binary utilities included in gnutls? I see gnutls package have 3 outputs: out (default), debug and doc: I tried "guix environment gnutls" and ""guix environment gnutls:debug" but I cannot find the binaries. Any hint please? Thanks, Gio' -- Giovanni Biscuolo signature.asc Description: PGP signature
Re: Certificate problem with curl, though icecat works
Hi Totor, Todor Kondić writes: [...] >> I'm going to open a bug report upstream (gnutls), thanks for your >> report. This is the bug report https://gitlab.com/gnutls/gnutls/-/issues/1062 I checked other OCSP issues and I did not understand if this is already fixed in latest GnuTLS releases > Thanks for confirming this! (Y) > I pulled the newest Guix and updated gnutls and that did not solve the > issue. Me too, but… I'm not explicitly installing gnutls in my profile (via manifest), I'm just installing curl and in that profile I get: --8<---cut here---start->8--- giovanni@roquette: gnutls-cli --version gnutls-cli 3.6.7 Copyright (C) 2000-2020 Free Software Foundation, and others, all rights reserved. This is free software. It is licensed for use, modification and redistribution under the terms of the GNU General Public License, version 3 or later <http://gnu.org/licenses/gpl.html> Please send bug reports to: --8<---cut here---end--->8--- But: --8<---cut here---start->8--- giovanni@roquette: curl --version curl 7.71.0 (x86_64-unknown-linux-gnu) libcurl/7.71.0 GnuTLS/3.6.14 zlib/1.2.11 libidn2/2.3.0 nghttp2/1.41.0 Release-Date: 2020-06-24 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: AsynchDNS GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets --8<---cut here---end--->8--- curl should use gnutls 3.6.14... I should double check my profile update I'll report as soon as I understand what's happening Thanks, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Certificate problem with curl, though icecat works
Giovanni Biscuolo writes: [...] >> $ curl >> https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N >> >> curl: (60) server certificate verification failed. CAfile: >> /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile: >> none >> More details here: https://curl.haxx.se/docs/sslcerts.html >> >> ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is set >> properly. > > This is similar to > https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html No, this is a different issue: --8<---cut here---start->8--- gnutls-cli actorws.epa.gov Processed 128 CA certificate(s). Resolving 'actorws.epa.gov:443'... Connecting to '134.67.99.60:443'... - Certificate type: X.509 - Got a certificate list of 2 certificates. - Certificate[0] info: - subject `CN=*.epa.gov,OU=OMS/OITO/EHD,O=Environmental Protection Agency,L=Durham,ST=North Carolina,C=US', issuer `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', serial 0x0caca7602da89b50c3820b33518c827a, RSA key 2048 bits, signed using RSA-SHA256, activated `2019-04-25 00:00:00 UTC', expires `2021-04-19 12:00:00 UTC', pin-sha256="o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk=" Public Key ID: sha1:884a27ada33cc533411036cde08f7c83bee2580e sha256:a39776b6463318d12800bcda3e901de6af928a66b63276db22d13ae02a720c29 Public Key PIN: pin-sha256:o5d2tkYzGNEoALzaPpAd5q+Sima2MnbbItE64CpyDCk= - Certificate[1] info: - subject `CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US', issuer `CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US', serial 0x01fda3eb6eca75c888438b724bcfbc91, RSA key 2048 bits, signed using RSA-SHA256, activated `2013-03-08 12:00:00 UTC', expires `2023-03-08 12:00:00 UTC', pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=" |<1>| Got OCSP response with an unrelated certificate. - Status: The certificate is NOT trusted. The received OCSP status response is invalid. *** PKI verification of server certificate failed... *** Fatal error: Error in the certificate. [~]- --8<---cut here---end--->8--- I'm going to open a bug report upstream (gnutls), thanks for your report. Best regards, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Certificate problem with curl, though icecat works
Hi TK TK writes: [...] > However, doing the same thing with curl errors out: > > $ curl > https://actorws.epa.gov/actorws/chemIdentifier/v01/resolve.json?identifier=MKXZASYAUGDDCJ-NJAFHUGGSA-N > > curl: (60) server certificate verification failed. CAfile: > /home/user/.guix-profiles/profile/etc/ssl/certs/ca-certificates.crt CRLfile: > none > More details here: https://curl.haxx.se/docs/sslcerts.html > > ca-certificates.crt exists at the CAfile location and CURL_CA_BUNDLE is set > properly. This is similar to https://lists.gnu.org/archive/html/help-guix/2020-06/msg00025.html and it should be fixed in the latest GnuTLS, which is in Guix since commiy 8951b9496b5c390adb3b3292d234bb8ab9936c40 Anyway I can confirm that I get the same results as you. I'm going to investigare if I can add something useful and open a bug (probably upstream?) happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: hash mismatch on permanently moved URL
zimoun writes: > On Thu, 2 Jul 2020 at 15:38, Giovanni Biscuolo wrote: > >> Actually this is a in-place *displacement* (with HTML) :-O > > I do not know what is an "inplace displacement (with HTML)". Just a nonsense of mine :-) [...] > Redirection should not be an issue. The important point is the > integrity of the data (the sha256 field). > And here, there is a mismatch Yes I go it, the very unusual thing is that the (double) redirection is pointing to a web page (AFAIU) and *not* to the tgz source file [...] >> Problems like this one are very bad for our time machine, I'm just >> thinking if Guix can do something to prevent them. > > I agree. But Guix cannot fix the world. :-) ...unfortunately not: it can fix *almost* all that is software related > What is currently done seems The Right Thing: > > 1. fetch from the Guix farm > 2. try with the current upstream > 2b. try a mirror if any > 3. fallback to SWH > > You hit the problem because you turn off the fallback to the Guix > farm, Yes I see, and actually it's a very specific use case > BTW, the fallback to SWH is not ready yet for 2 main reasons: > > a) SWH has not yet ingested all the source tarballs in existence of > Guix; and it is not ready. What is ready is to ingest the current > source tarballs but nothing has been done to feed with all the past > source tarballs. > b) It is not clear how to fetch back the raw tarball from SWH since > they do not store the checksum but their own hash id (SWHID). Some > discussion about correspondence and so on is happening right now. :-) I was not aware of this second point: thanks! [...] Happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: hash mismatch on permanently moved URL
Hi Efraim and Simon, thank you for your very quick reply! I read your messages after I tried my "guix build" attempt zimoun writes: > Dear, > > Ah the joy of in-place replacement! :-D Actually this is a in-place *displacement* (with HTML) :-O Fortunately Guix is amazing \O/ Anyway: I guess there will be potentially other issues like this one in the future (permanent redirections to web pages instead of sources) and unfortunately (AFAIU) Guix will not be able to use alternative sources like Software Heritage: WDYT about considering 301 and 302 HTTP codes as "soft failures" and making Guix considering the alternative sources? Problems like this one are very bad for our time machine, I'm just thinking if Guix can do something to prevent them. [...] >> Please how can I fix this situation? > > guix download > http://ci.guix.gnu.org/nar/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz Oh yes... download (preseed the file)! I did: --8<---cut here---start->8--- $ guix download https://github.com/unicode-org/icu/releases/download/release-64-2/icu4c-64_2-src.tgz Starting download of /tmp/guix-file.QYSPMo From https://github.com/unicode-org/icu/releases/download/release-64-2/icu4c-64_2-src.tgz... following redirection to `https://github-production-release-asset-2e65be.s3.amazonaws.com/49244766/c239d900-615b-11e9-9f18-c7c2f6baa47b?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200702%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200702T131303Z&X-Amz-Expires=300&X-Amz-Signature=5b743b3a38385952bde1807ac6c8f387e534650a49cf2f533bb04164cf0bc255&X-Amz-SignedHeaders=host&actor_id=0&repo_id=49244766&response-content-disposition=attachment%3B%20filename%3Dicu4c-64_2-src.tgz&response-content-type=application%2Foctet-stream'... icu4c-64_2-src.tgz 22.9MiB 11.5MiB/s 00:02 [##] 100.0% /gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz 0v0xsf14xwlj125y9fd8lrhsaych4d8liv8gr746zng6g225szb2 --8<---cut here---end--->8--- and guix pull is going on now, building half of the world! :-) [...] Thanks a lot! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: hash mismatch on permanently moved URL
Hello, I tried to build using the current upstream release channel (see below) but I'm still stuck. Giovanni Biscuolo writes: [...] > The problem is that > http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz > moved pernamently: > > --8<---cut here---start->8--- > > ~$ curl -I http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz > HTTP/1.1 301 Moved Permanently > Date: Thu, 02 Jul 2020 12:27:32 GMT > Server: Apache/2.4.38 (Debian) > Content-Security-Policy: upgrade-insecure-requests; > Location: https://icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz > Content-Type: text/html; charset=iso-8859-1 > > --8<---cut here---end--->8--- ... AND: --8<---cut here---start->8--- ~$ curl -I https://icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz HTTP/1.1 302 Found Date: Thu, 02 Jul 2020 12:51:46 GMT Server: Apache/2.4.38 (Debian) Content-Security-Policy: upgrade-insecure-requests; Location: http://site.icu-project.org/download/#/icu4c/64.2/icu4c-64_2-src.tgz Content-Type: text/html; charset=iso-8859-1 --8<---cut here---end--->8--- so I got the source URL from the new releases official channel, and built using: --8<---cut here---start->8--- ~$ guix build icu4c --with-source=https://github.com/unicode-org/icu/releases/download/release-64-2/icu4c-64_2-src.tgz [...] successfully built /gnu/store/waf07n3970nz183kvk947lpa1wj9ixvk-icu4c-64_2-src.drv /gnu/store/8fxpn9b21gf782n6v6cq4q17jcfgm9ix-icu4c-64_2-src --8<---cut here---end--->8--- After this, unfortunately, `guix pull` is still trying to build icu4c since it is a different store item: --8<---cut here---start->8--- building /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv... downloading from http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz... /sha256 hash mismatch for /gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz: expected hash: 0v0xsf14xwlj125y9fd8lrhsaych4d8liv8gr746zng6g225szb2 actual hash: 19pfpqg5yl86nnzfkzkgq521y56wg1yhfiyis7m480rczyiqnbin hash mismatch for store item '/gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz' build of /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv failed --8<---cut here---end--->8--- [...] I still don't know how to solve this situation. Any hint please? Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
hash mismatch on permanently moved URL
Hi Guix, yesterday I installed a new Guix System (on iron) using the installer (latest stable https://ftp.gnu.org/gnu/guix/guix-system-install-1.1.0.x86_64-linux.iso.xz on USB) The installation is fine but when I try to guix pull I get this: --8<---cut here---start->8--- ~$ sudo -i guix pull Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'... Building from this channel: guix https://git.savannah.gnu.org/git/guix.git b919d40 building /gnu/store/f99dg2cqqlskh5q07l9dw5la7l5s28lq-libgcrypt-1.8.4.tar.bz2.drv... downloading from https://gnupg.org/ftp/gcrypt/libgcrypt/libgcrypt-1.8.4.tar.bz2... building /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv... downloading from http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz... |sha256 hash mismatch for /gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz: expected hash: 0v0xsf14xwlj125y9fd8lrhsaych4d8liv8gr746zng6g225szb2 actual hash: 1qfbm2kh7hzd8752rky9dzis8qhgkhs6dkq71k8zar8y74nz7265 hash mismatch for store item '/gnu/store/0zh5mvhgcx0198k7j6p5pgrc5krgxyqj-icu4c-64_2-src.tgz' build of /gnu/store/4582v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv failed View build log at '/var/log/guix/drvs/45/82v7day5c4v9qaidlkwmd6kllks2y4-icu4c-64_2-src.tgz.drv.bz2'. cannot build derivation `/gnu/store/y9y4j318znj6xfdnljkc8q8n0kp75liw-icu4c-64_2-src.tar.xz.drv': 1 dependencies couldn't be built building /gnu/store/22bdz5hk38p49xllw64xddrn9sgdm6b0-libgcrypt-1.8.4.drv... cannot build derivation `/gnu/store/4wzc4ccnspff6hm00b82ma5c2p9ykh7k-icu4c-64.2.drv': 1 dependencies couldn't be built cannot build derivation `/gnu/store/34kcbgv7ls6r214w071p35d18xpirzff-openldap-2.4.47.drv': 1 dependencies couldn't be built building /gnu/store/03q5wvsw7f91rkmyawhkhrcqvrxrykrc-psutils.tar.gz.drv... cannot build derivation `/gnu/store/8ij04934aafwspnrarm5c3lv9hnz34i2-curl-7.66.0.drv': 1 dependencies couldn't be built guix pull: error: build of `/gnu/store/8ij04934aafwspnrarm5c3lv9hnz34i2-curl-7.66.0.drv' failed --8<---cut here---end--->8--- I searched in the current guix master branch and found icu4c is at version 66.1 now (the commit that upgraded to 64.2 is 27ed6960be) The problem is that http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz moved pernamently: --8<---cut here---start->8--- ~$ curl -I http://download.icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz HTTP/1.1 301 Moved Permanently Date: Thu, 02 Jul 2020 12:27:32 GMT Server: Apache/2.4.38 (Debian) Content-Security-Policy: upgrade-insecure-requests; Location: https://icu-project.org/files/icu4c/64.2/icu4c-64_2-src.tgz Content-Type: text/html; charset=iso-8859-1 --8<---cut here---end--->8--- This will be a build server so I'm not using substitutes: --8<---cut here---start->8--- (guix-service-type config => (guix-configuration (inherit config) (use-substitutes? #f) (authorized-keys %authorized-guix-keys)) --8<---cut here---end--->8--- Please how can I fix this situation? Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: tramp and adb, strange escape codes in dired
Hi, Giovanni Biscuolo writes: [...] > I'm trying to use adb via tramp (I'd love to be able to browse my phone > filesystem in Emacs) for the first time and I get a strange dired > buffer: > > --8<---cut here---start->8--- > > /adb::/storage: > total 13 > drwxr-xr-x 1 root root 80 05-31 13:04 [1;34m.[0m > drwxr-xr-x 1 root root 4k 2009-01-01 [1;34m..[0m > drwx--x--x 1 root sdcard_rw 4k 05-31 13:04 [1;34memulated[0m > drwxr-xr-x 1 root root 60 05-31 13:03 [1;34mself[0m > drwxr-xr-x 1 root root 80 05-31 13:04 [1;34m/storage/.[0m > drwxr-xr-x 1 root root 4k 2009-01-01 [1;34m/storage/..[0m > > --8<---cut here---end--->8--- It seems a bug in TRAMP, anyone interested please do not feedback here but have a look at https://lists.gnu.org/archive/html/help-gnu-emacs/2020-06/msg00109.html [...] Happy hacking! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
tramp and adb, strange escape codes in dired
Hello, I'm using Emacs 26.3 with TRAMP 2.4.3.5 and adb 7.1.2_r36 [1], all installed via Guix on a foreign distro (Debian 10). I still do not undestand if what follows is a TRAMP bug or something related to my environment. I've sent a message to help-gnu-em...@gnu.org [2] but I'm asking here in case anyone in this list is/was able to browse an Android filesystem via TRAMP+adb. I'm trying to use adb via tramp (I'd love to be able to browse my phone filesystem in Emacs) for the first time and I get a strange dired buffer: --8<---cut here---start->8--- /adb::/storage: total 13 drwxr-xr-x 1 root root 80 05-31 13:04 [1;34m.[0m drwxr-xr-x 1 root root 4k 2009-01-01 [1;34m..[0m drwx--x--x 1 root sdcard_rw 4k 05-31 13:04 [1;34memulated[0m drwxr-xr-x 1 root root 60 05-31 13:03 [1;34mself[0m drwxr-xr-x 1 root root 80 05-31 13:04 [1;34m/storage/.[0m drwxr-xr-x 1 root root 4k 2009-01-01 [1;34m/storage/..[0m --8<---cut here---end--->8--- If I try to "dired-visit" any of the listed dirs I get this in the *Messages* buffer: --8<---cut here---start->8--- dired-get-file-for-visit: File no longer exists; type ‘g’ to update Dired buffer --8<---cut here---end--->8--- I'm able to use "adb shell" in a shell buffer under Emacs, this is the result: --8<---cut here---start->8--- jflte:/storage # ls -lah ls -lah total 6.0K drwxr-xr-x 4 root root80 2020-05-31 13:04 . drwxr-xr-x 22 root root 4.0K 2009-01-01 01:00 .. drwx--x--x 3 root sdcard_rw 4.0K 2020-05-31 13:04 emulated drwxr-xr-x 2 root root60 2020-05-31 13:03 self jflte:/storage # --8<---cut here---end--->8--- and I can "navigate" all my folders via adb shell (in root mode). Do you have any idea why I get all that escape sequences? Thanks! Gio' [1] but I have the same results using adb 8.1.0+r23-5 version from Debian stable [2] https://lists.gnu.org/archive/html/help-gnu-emacs/2020-06/msg00101.html -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: curl server certificate verification failed for a few sites
Marius Bakke writes: [...] > The problem is with GnuTLS, which failed if one of the trust roots were > using an expired certificate: > > https://gitlab.com/gnutls/gnutls/-/issues/1008 Oh I see, fine! > It has been fixed in the latest GnuTLS, which is in Guix as of commit > 8951b9496b5c390adb3b3292d234bb8ab9936c40. Thanks for reporting it! Thank you for the explanation and the patch! Best, Giovanni -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: curl server certificate verification failed for a few sites
Hi Tobias, thank you for your clear explanation and patience ...and sorry again to all other Guix users for the "noise": this is not strictly related to Guix but just to the most recent version of curl/wget I still I don't understand the differences between curl (and wget) behaviour and the last Guix available ungoogled-chromium (see below). Tobias Geerinckx-Rice writes: > Giovanni Biscuolo 写道: >> Jack Hill writes: >>> The error wget gives is a little bit better, > > FWIW, I use this (extremely verbose) command to debug/check my own > servers: > > $ openssl s_client -showcerts -servername > voices.transparency.org \ > -connect voices.transparency.org:443 With this output I'm able to understand what's going on with this certificate, thanks! This command clearly shows the depth of this certificate is 3 and that the top level cert is expired: --8<---cut here---start->8--- depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify error:num=10:certificate has expired notAfter=May 30 10:48:38 2020 GMT --8<---cut here---end--->8--- I guess that this information, client side, is the same for all browsers and CLI interfaces (like curl) since long ago: right? [...] > They're also sending intermediate certificates that they shouldn't > be sending in the first place[0] which doesn't help matters. I > agree that this looks like an outdated server (mis)configuration. OK but I really don't understand why with a recent browser from Guix - ungoogled-chromium 81.0.4044.138 - the certificate is detected as valid: the top root certificate shown in it's graphical "Certificate viewer" interface is "USERTrust". It seems that ungoogled-chromium stops the verification at the level=1 certificate: --8<---cut here---start->8--- 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA Domain Validation Secure Server CA i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority --8<---cut here---end--->8--- >> Yes. All modern clients and operating systems have the newer, >> modern >> COMODO and USERTrust roots which don’t expire until 2038. > > Right, but ‘modern’ there means ~2015. I don't fully understand what this means, sorry... but it's not important :-) > [0]: > https://www.ssllabs.com/ssltest/analyze.html?d=voices.transparency.org&s=52.4.38.70&hideResults=on I had a look at three random IP addresses from the list of checked ones (all grade B): they give three certification paths and path #3 is expired. Nonetheless, I still do not understand why ungoogled-chromium is behaving diffrerently than the most recent curl/wget A similar thing is happening when trying to fetch content (for elfeed) using curl from: 1. www.skepticalscience.com (server's certificate chain is incomplete) 2. firstmonday.org (uses the expired AddTrust External TTP Network root certificate) Both are detected as valid in ungoogle-chromium. I can ask each of them to update their certificates but I fear it will be difficult to explain why, given that all "modern browsers" have absolutely no problem with them :-S ...and yes, I agree they **have** a problem with their certificate chains :-( Thanks! Giovanni. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: curl server certificate verification failed for a few sites
Hi Jack, thanks for your help! ...and sorry if this is not Guix specific Jack Hill writes: [...] > I think that this is due to the recent AdTrust Root CA cert expiration > [0]. The error wget gives is a little bit better, but you know about the > situation to interpret it correctly: > > """ > $ wget "https://voices.transparency.org"; -O /dev/null > --2020-06-04 10:37:29-- https://voices.transparency.org/ > Resolving voices.transparency.org (voices.transparency.org)... > 52.4.225.124, 52.4.240.221, 52.1.119.170, ... > Connecting to voices.transparency.org > (voices.transparency.org)|52.4.225.124|:443... connected. > ERROR: The certificate of ‘voices.transparency.org’ is not trusted. > ERROR: The certificate of ‘voices.transparency.org’ has expired. > """ oh I see, I get this error also... but I do not understand the different behaviour with what I see in Firefox (from Debian) or ungoogled-chromium (from Guix): using one of those browsers the certificate is valid, the certificate viewer shows that the root in cert hierarchy is "USERTrust RSA Certification Authority" The section in [0] titled "Certificate Chain Diagram" states: --8<---cut here---start->8--- A legacy browser or older device that does not have the modern “USERTRust” root would not trust it and so would look further up the chain to a root it does trust, the AddTrust External CA Root. A more modern browser would have the USERTrust root already installed and trust itwithout needing to rely on the older AddTrust root. --8<---cut here---end--->8--- I do not fully understand why curl and wget return error while Firefox and ungoogled-chromium not [...] > Therefore, I think the fix is for voices.transparency.org to update the > certificate chain/bundle that they are sending. > > [0] > https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA03l0117LT this page states: --8<---cut here---start->8--- Will my certificate still be trusted after May 30, 2020? Yes. All modern clients and operating systems have the newer, modern COMODO and USERTrust roots which don’t expire until 2038. --8<---cut here---end--->8--- Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
curl server certificate verification failed for a few sites
Hello Guix, this is my current Guix version: --8<---cut here---start->8--- Generation 71 giu 03 2020 17:44:58(current) guix 2f49007 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 2f49007dd076b14feb40d7c3331dee3e737265c844 --8<---cut here---end--->8--- I'm having a strange error with curl from Guix (on a foreign distro): --8<---cut here---start->8--- giovanni@roquette: curl -I https://voices.transparency.org curl: (60) server certificate verification failed. CAfile: /home/giovanni/.guix-extra-profiles/emacs/emacs/etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. --8<---cut here---end--->8--- I'm working in a profile with "curl" and "nss-certs" installed, I my profile activate with: --8<---cut here---start->8--- GUIX_PROFILE="/home/giovanni/.guix-extra-profiles/emacs/emacs" ; . "$GUIX_PROFILE"/etc/profile --8<---cut here---end--->8--- and it seems to me that the env is set up correctly, especially I have: --8<---cut here---start->8--- CURL_CA_BUNDLE=/home/giovanni/.guix-extra-profiles/emacs/emacs/etc/ssl/certs/ca-certificates.crt --8<---cut here---end--->8--- With other sites I have no problems, e.g. with "curl https://google.com"; or "curl https://fsf.org"; I also have no problem using curl from my foreign distro, i.e.: --8<---cut here---start->8--- giovanni@roquette: /usr/bin/curl -I https://voices.transparency.org HTTP/2 200 server: nginx date: Thu, 04 Jun 2020 12:31:30 GMT content-type: text/html; charset=utf-8 content-length: 331031 set-cookie: uid=lo_qSsMbQ4z5dnK; Expires=Fri, 04-Jun-21 12:31:30 GMT; Path=/; Secure; HttpOnly sepia-upstream: medium x-opentracing: {"ot-tracer-spanid":"390949417d4930c0","ot-tracer-traceid":"7f0fd7d0262c0c9b","ot-tracer-sampled":"true"} [...] x-frame-options: sameorigin x-content-type-options: nosniff x-xss-protection: 1; mode=block x-ua-compatible: IE=edge, Chrome=1 x-powered-by: Medium x-obvious-tid: 1591273890249:f076faaf3e63 x-obvious-info: 41228-18f1264,18f1264f828 link: <https://medium.com/humans.txt>; rel="humans" cache-control: no-cache, no-store, max-age=0, must-revalidate expires: Thu, 09 Sep 1999 09:09:09 GMT pragma: no-cache set-cookie: sid=1:h/sJWfMuvxt6xsp9CxiSVZhE/m0Gkrnt1Aj+VWcPGV1cpLwK14Dg7Rfr4fWgzCz9ru4qnVfGEhX+mljUMOriPA==; path=/; expires=Fri, 04 Jun 2021 12:31:30 GMT; samesite=none; secure; httponly set-cookie: optimizelyEndUserId=lo_qSsMbQ4z5dnK; path=/; expires=Fri, 04 Jun 2021 12:31:30 GMT; samesite=none; secure --8<---cut here---end--->8--- Am I missing something in my env, there is a problem in https://voices.transparency.org setting or is something else? Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
sane-airscan (Re: [OT] Free software compatible Multifuncion printer
Hello Guix, sorry for the OT but maybe this could be useful for someone else here Giovanni Biscuolo writes: [...] > I just got a brend new HP LaserJet MFP M227sdn, HP ships hplip & > co. since long ago and they have a pretty informative list of supported > printers [...] > ...that means a bug report on Ubuntu Launchpad :-S > https://bugs.launchpad.net/hplip/+bug/1874254 in that thread brian_p pointed me to sane-airscan https://github.com/alexpevzner/sane-airscan --8<---cut here---start->8--- If you are a lucky owner of scanner or MFP which works via network with Apple devices, I have a good news for you: now your scanner works with Linux as well! In theory, this backend should work with any scanner that supports the eSCL protocol (unofficially known as AirScan or AirPrint scanning). In practice, it was tested on several devices from Canon, Kyocera and HP, and this list constantly grows, though slowly, so feedback regarding other devices is very welcomed. Apple maintains a comprehensive list of compatible devices, but please note, this list contains not only scanners and MFP, but pure printers as well. To use this backend, you don't need to install ScanGear from Canon, HPLIP from HP or some other proprietary software from hardware vendor. This backend works directly with your device and doesn't depend on a 3rd party closed source components. --8<---cut here---end--->8--- I've tested it using the provided Debian 10 packages (personal repo hosted on software.opensuse.org) and it works. It's GPL2+ but I still have to check if there are really no blobs I'll try and make a Guix package, if I'll be able HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
[OT] Free software compatible Multifuncion printer
Hello guix users! sorry for this OT, I know there are other community channels to search for this kind of information but they are really scarce: https://h-node.org/printers/catalogue/en/1/1/undef/undef/undef/undef/compatibility/undef?search_string=MFP&submit=Search Please do you have a suggestion on a MFP (Multifunction Printer) that can print _and_ scan using just free software, without additional proprietary blobs? This is somewhat a follow-up on Chris Marusich help request... more than one year later: https://lists.gnu.org/archive/html/help-guix/2019-03/msg00113.html I'm too much sad about the hardware compatibility with free software in 2020... since 2003 :-(... and this is _not_ a free software community fault. I just got a brend new HP LaserJet MFP M227sdn, HP ships hplip & co. since long ago and they have a pretty informative list of supported printers https://developers.hp.com/hp-linux-imaging-and-printing/supported_devices/index Column 3 of that list is about "Driver Plug-in" and that column says "No" for my printer [1], so my printer and scanner should be fully supported. ...but I just found that if I do not install the proprietary binary (via "sudo hp-plugin") the scan function just does not work; I've also opened a bug report via the only official channel availabre from HP: https://developers.hp.com/hp-linux-imaging-and-printing/support ...that means a bug report on Ubuntu Launchpad :-S https://bugs.launchpad.net/hplip/+bug/1874254 I'm considering opening an official complaint with HP and returning the MFP printer, but I'd also like to know how can I solve my issue: I'd really like a printer and scanner in one appliance. The alternative oprion is to continue like I did since yesterday: keep printer and scanner separate, so I'll have more options to find a completely free software compatible scanner via SANE Project Any hit is appreciated Thanks! Giovanni [1] ("Required") A downloadable driver plug-in is required for printing support. ("Optional") A downloadable driver plug-in is optional for printing support and may increase the speed, quality, or other aspect of printed output. ("No" or "None") A driver plug-in is not required nor available. Driver plug-ins are released under a proprietary (non-open) license and are not part of the HPLIP tarball release. For more information, please refer to this https://developers.hp.com/hp-linux-imaging-and-printing/binary_plugin.html -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Useless gandi.cli (was: [bug#39447] [PATCH] gnu: Add python-gandi.cli.)
Tobias Geerinckx-Rice writes: [...] >> https://v4.gandi.net/admin/api_key > > I'd love to, but that doesn't work for everyone anymore: > > Account already migrated > This account has already been migrated to Gandi's new > website. […] Mumble... actually I don't know why but I'm able to log in in V4 (using the "legacy" handle") and V5 > That message is new. When I opened this bug a week ago, logging > into V4 still broke IceCat with a redirect loop, with no > indication of what went wrong. I haven't changed or updated my > browser since. The joy of web interfaces :-S >> They are planning to close the v4 customer web interface, I hope >> they >> will fix this before... but fortunately it's still working > > I'm glad to hear it's still working for you ehrm, ehrm: actually I never used gandi.cli and I'm testing it in my spare time 1. the legacy "gandi domain list" just lists the domanins of my "legacy" v4 handle 2. "gandi dns domain.list" (the v5 equivalent) gives an empty list 3. curl -H "Authorization: Apikey $GANDI_APIKEY" https://api.gandi.net/v5/domain/domains gives me the complete list (that means the domains in all the organizations I'm part of) > at least, and I suspect someone who really needs the CLI could ask > support for an XMLRPC key. That's enough to keep it in Guix. It was > not enough to keep me with Gandi. gandi.cli needs more love: 1. https://github.com/Gandi/gandi.cli/issues/279 Unable to manage domains migrated to Gandi-V5 2. https://github.com/Gandi/gandi.cli/issues/288 (Order domain name via API V5) and probably also the API: 1. https://github.com/Gandi/gandi.cli/issues/285 dns update command reports "Remote API service is unreachable" that bugs are still open, they made some commits since the 1.5 release but AFAIU by a quick look at the code that ploblems are still open (and probably upgrading gandi.cli to a newer commit won't enhance the situation) [...] Ciao, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Useless gandi.cli (was: [bug#39447] [PATCH] gnu: Add python-gandi.cli.)
Hello Tobias, sorry for the late reply Tobias Geerinckx-Rice writes: > Amin, > > Amin Bandali 写道: >> * gnu/packages/python-xyz.scm (python-gandi.cli): New variable. > > Does it do anything for you? After reading the issue tracker it's > clear to me that gandi.cli is unusable and unmaintained. I'd love > to be proven wrong. > > Here ‘gandi domain list’ returns ‘Invalid API key, please use > 'gandi setup' command’ no matter what I do. All non-trivial > operations require an old XMLRPC key which isn't ever possible to > generate nowadays[0]. > > Kind regards, > > T G-R > > [0]: > https://github.com/Gandi/gandi.cli/issues/292#issuecomment-560370741 I'm not a regular user of gandi.cli (hope I will) so I've not tested all the features now, but it is working for me You have to use Gandi V4 customer web interface to get the "legacy" XMLRPC API key and it worked for me, done 3 minutes ago https://v4.gandi.net/admin/api_key They are planning to close the v4 customer web interface, I hope they will fix this before... but fortunately it's still working HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Scheduling and getting notifications in a desktop or window manager environment
Hello, I've no direct experience with desktop notifications but... sirgazil writes: [...] > I tried GNOME Calendar some time ago in the Guix System, I liked its > simplicity, but it was not reliable (notified sometimes, sometimes > not). What about orage? I tried that once and *maybe* it has a notification system. I use radicale as my CalDAV/CardDAV server with vdirsyncer [1] on my GNU machines to keep events and contacts in sync (with DAVx5 on Android)... ...but orage can be used also standalone [...] HTH! Gio' [1] I'm a little bit worried on its future https://github.com/pimutils/vdirsyncer/issues/790 -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: how to run docker?
Hi Adam, Adam Kandur via writes: > hi, guixers! > Sorry for newbe question. > How yo run docker service after installation docker package? you don't need to install the package, you just need to configure your service (packages will be automatically installed in the system profile) The documentation is here: https://guix.gnu.org/manual/en/guix.html#Miscellaneous-Services This is what I did in my config.scm: --8<---cut here---start->8--- [...] (services (append (list [...] (service ntp-service-type) ;; clock **must** be in sysc (elogind-service) ;; needed by docker-service (dbus-service) ;; needed by docker-service (service docker-service-type) [...] --8<---cut here---end--->8--- Clock must be in sync in general, I don't remember if this is also a requirement for docker (probably not, but it was for sure for other services) HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: how can I add a static IPv4 route?
Hi Julien thanks for your support! Julien Lepiller writes: > Le 12 février 2020 13:08:46 GMT-05:00, Giovanni Biscuolo a > écrit : >>Hello, >> >>I have a very simple networking configuration: >> >>--8<---cut here---start->8--- >>(service dhcp-client-service-type) >>--8<---cut here---end--->8--- >> >>Please how can I add a static route? (I know there is wip-netlink, but >>AFAIU it's still not in master) [...] > However, if you don't need IPv6, I'd like to encourage you to use the > static-networking-service that's described in the manual: > https://guix.gnu.org/manual/devel/en/html_node/Networking-Services.html#Networking-Services Thanks for your suggestion but I don't understand how to use it just to add a static route to the interface set up by dhcp-client-service-type. I'm trying to have something similar to this debian interfaces config: --8<---cut here---start->8--- auto eth0 iface eth0 inet dhcp ### static routing for eth0 ### post-up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.9.38.65 pre-down route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.9.38.65 --8<---cut here---end--->8--- I'd like to stay whith a dhcp client config, but please provide an example on how to add a static route to a configuration like this: --8<---cut here---start->8--- (static-networking-service "eno1" "192.168.1.82" #:gateway "192.168.1.2" #:name-servers '("192.168.1.2")) --8<---cut here---end--->8--- Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
how can I add a static IPv4 route?
Hello, I have a very simple networking configuration: --8<---cut here---start->8--- (service dhcp-client-service-type) --8<---cut here---end--->8--- Please how can I add a static route? (I know there is wip-netlink, but AFAIU it's still not in master) I found a message from Julien [1] explaining he is using a custom service [2] to define both IPv4 and IPv6 for the same device: do I have to adapt that? Since my guile-fu is very minimal, please do you have a snippet I can reuse apart Julien's above? Thanks! Gio' [1] Message-ID: <80602dd8-60a9-487d-b39c-46360f42c...@lepiller.eu> [2] https://framagit.org/tyreunom/system-configuration/blob/master/modules/config/network.scm -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Default autogroup niceness of Guix build daemon
Hi James, "J. R. Haigh (re. Guix)" writes: > Hi all, > I've been using Guix on Debian 9 Stretch [...] > Is there a way to declaratively set the default autogroup > niceness of Guix's build daemon? Since Debian 9 users systemd, should be possible by configuring a limit in the systemd service unit file [1]; I've never tried but try adding "LimitNICE=19" in the [Service] stanza Documentation on that parameter here: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Process%20Properties Remember to "systemctl daemon-reload" after editing one the systemd service unit file HTH! Gio' [1] /etc/systemd/system/guix-daemon.service [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Passwords inside System Configuration
Hi Raghav, Raghav Gururajan writes: [...] >> > 3) LUKS Device >> >> AFAIK it's not possible to provide the passphrase in the system >> configuration, and it's by design :-) > > Hmm, I have heard of a way to embed the passphrase in 'initrd'. Do you > know how to do that? no sorry, I never searched for that because I think it is unsecure, so I don't know how to do it HTH! Gio' [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Passwords inside System Configuration
Hello Raghav, "Raghav Gururajan" writes: > Hello Guix! > > I would like to insert/set password for the following, inside system > configuration (config.scm): > 1) Roor User > 2) Regular User --8<---cut here---start->8--- (user-account (name "charlie") (group "users") ;; Specify a SHA-512-hashed initial password. (password (crypt "InitialPassword!" "$6$abc"))) --8<---cut here---end--->8--- but please read https://guix.gnu.org/manual/en/html_node/User-Accounts.html#user_002daccount_002dpassword --8<---cut here---start->8--- You would normally leave this field to #f, initialize user passwords as root with the passwd command, and then let users change it with passwd. Passwords set with passwd are of course preserved across reboot and reconfiguration. [...] Note: The hash of this initial password will be available in a file in /gnu/store, readable by all the users, so this method must be used with care. --8<---cut here---end--->8--- > 3) LUKS Device AFAIK it's not possible to provide the passphrase in the system configuration, and it's by design :-) I mean: you set the LUKS passphrase "imperatively" when encrypting the device (e.g. during installation) or to change it later, storing it in config.scm would mean to make it available in /gnu/store, readeable by all users... and you should avoid it [...] HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
dbus problems running next in my environment (LTSP), also via ssh -Y
Hello Guix, I suspect this is related to my environment and not to next... but don't understand why and how to fix it also, probably I have dbus problems for other applications too but I do not see them because they are not blocking like in next I installed next 1.4 via guix on two Debian 10 machines: 1. my laptop: next works fine and I'm happy 2. my LTSP app server: it does not work :-S this is the error I get on my app server: --8<---cut here---start->8--- giovanni@roquette: next -v Arguments parsed: (VERBOSE T) and NIL Next version 1.4.0 [18:38:43] next remote.lisp (ensure-dbus-session fun1 fun65) - Failed to run (dbus-launch): dbus-launch not found --8<---cut here---end--->8--- my dbus related processes on this failing machine are: --8<---cut here---start->8--- giovanni 32087 0.0 0.0 11032 2276 ?S18:34 0:00 /usr/bin/dbus-launch --exit-with-session --sh-syntax giovanni 32088 0.0 0.0 8880 2888 ?Ss 18:34 0:00 /usr/bin/dbus-daemon --syslog --fork --print-pid 5 --print-address 7 --session giovanni 32124 0.0 0.0 3336 2852 ?S18:34 0:00 /gnu/store/zjalyyj5v1gygqh613p3y5b3hp7rdxpj-dbus-1.12.12/bin/dbus-daemon --config-file=/gnu/store/rhx1m9ms4a856rayxdb60z776av63f18-at-spi2-core-2.32.1/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 --8<---cut here---end--->8--- and the related DBUS env on the failing machine is: --8<---cut here---start->8--- DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-X4UdsFONq5,guid=8fc98da614e6df5de9ef6fe45e1caa2d --8<---cut here---end--->8--- on the laptop, where next is running fine, I have this dbus related processes: --8<---cut here---start->8--- g 2665 0.0 0.0 9088 4388 ?Ss Jan12 0:22 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only g 2878 0.0 0.0 8884 4160 ?SJan12 0:00 /usr/bin/dbus-daemon --config-file=/usr/share/defaults/at-spi2/accessibility.conf --nofork --print-address 3 --8<---cut here---end--->8--- and this dbus related env: --8<---cut here---start->8--- DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus --8<---cut here---end--->8--- Any hint please? Thanks, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: ungoogled-chromium aborts on foreign distro via LTSP (Linux Terminal Server Project)
Hello Marius, Thanks! the issue was related to lack of user namaspaces Marius Bakke writes: > Giovanni Biscuolo writes: [...] >> The same updated version of ungoogled-chromium from Guix on a Debian 10 >> laptop does not have this problem, so it's specific to the LTSP >> environment I guess no: my laptop had user namespaces enabled :-) >> The chromium binary from Debian 10 on the same LTSP environment does not >> have the same problem, it works so the Debian binary is working without user namespaces? >> Any suggestion on where to look for problems here, please? > > The (ungoogled-) Chromium sandbox relies on user namespaces support in > the kernel. I guess `guix environment -C` does not work either? no, "guix environment -C" was not working and *still* does not work... but I'm almost sure it depends on something else, more on this in another thread > Debian disables user namespaces by default, try this command to enable > it: > > sudo sysctl -w kernel.unprivileged_userns_clone=1 it worked, I made it persistent also [1] Thanks again! Gio' [1] sudo su -c "echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/00-local-userns.conf" -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
ungoogled-chromium aborts on foreign distro via LTSP (Linux Terminal Server Project)
Hi Guix, first and foremost kudos Marius Bakke for the great work in maintaining this package! if I run the last ungoogled-chromium Guix version in my terminal session [1] on a Debian 10 server, I get SIGABRT: --8<---cut here---start->8--- [14913:14913:0110/113833.689067:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.9oo91esource.qjz9zk/chromium/src/+/master/docs/linux_suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox. #0 0x561fb4b09f09 base::debug::CollectStackTrace() Received signal 6 #0 0x561fb4b09f09 base::debug::CollectStackTrace() r8: r9: 7ffc91ca6500 r10: 0008 r11: 0246 r12: 7ffc91ca7750 r13: 0170 r14: 7ffc91ca7910 r15: 7ffc91ca6780 di: 0002 si: 7ffc91ca6500 bp: 7ffc91ca6740 bx: 0006 dx: ax: cx: 7fee29c227fa sp: 7ffc91ca6578 ip: 7fee29c227fa efl: 0246 cgf: 002b0033 erf: trp: msk: cr2: [end of stack trace] Calling _exit(1). Core file will not be generated. --8<---cut here---end--->8--- If I run ungoogled-chromium with --no-sandbox it works, but I'd like not to browse with the sandbox off (I'm going to study how to run my browsers in a guix container, but it't not the solution AFAIU) The same updated version of ungoogled-chromium from Guix on a Debian 10 laptop does not have this problem, so it's specific to the LTSP environment I guess The chromium binary from Debian 10 on the same LTSP environment does not have the same problem, it works Any suggestion on where to look for problems here, please? Thanks! Gio' [1] I have a couple LTSP terminals connected to a LTSP server -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Relationship between Docker and Guix
Hellp zimoun, my two cents on Docker as container images builder (not as "container instantiation toolbox") zimoun writes: [...] > The relationship between Docker and GNU Guix is container and the LXC > [1] technology. They use both but differently: > > - Docker is rooted in mutable/imperative and tries to go to more > functional; Docker images are immutable, they are usually (but not exclusively) generated via `docker build` using an imperative "dockerfile language" (so immutable/imperative :-) ); images are used to instantiate Linux containers and there are tools (bind mounts, environment) to separate state (data/config) from "system" to obtain a stateless container: the "stateless" status of the container however is strictly tied to the stateless properties of the underlying ditribution used to build the container I'm not sure what you mean with "tries to go more funtional" since AFAIU dockerfile "language" is not going to be funcional anytime soon, probably it does not even need to. The main issue with the use of dockerfiles is that unfortunately the FROM layering option (usually *heavily* used by docker images packagers) often makes keeping control of what is actually distributed with the image [1], cryptominers included, simply an... illusion... ehrm hard work :-). I've done it for work and that is the main reason I *avoid* any docker image not built by me as soon as I can. [...] > Everything starts with a configuration file: Dockerfile versus manifest.scm. > > - Dockerfile depends on the state of the distribution that one will > use -- say Debian -- and each time "RUN apt-get update" and/or "RUN > apt-get install" is called then no one can know in advance what the > resulting disk image will *exactly* contain; The non reproducible (not stateful) nature of the resulting docker images directly depends on the distribution used to build it: Debian have no means to "pin" a specific version in time (tag or commit, ala Guix) to use; indeed if I use Guix as initial system image (FROM guix-base) and a combination of manifests and channels definitions I can get a reproducible image (never tried this, just theory :-) ) Anyway, using `guix pack -f docker...` is much much better than the above dockerfile example :-O This is just to say that it is not `docker build` fault not creating reproducible images :-) [...] Ciao. Gio' [1] even from a legal POV -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: service 'dockerd' requires 'dbus-system', which is not provided by any service
Hello, reply to self... Giovanni Biscuolo writes: [...] > What do I miss plz? I had to install also elogind and dbus services: --8<---cut here---start->8--- (use-service-modules [...] desktop dbus docker) [...] (elogind-service) ;; needed by docker-service, in desktop service-module (dbus-service) ;; needed by docker-service, in dbus service-module (service docker-service-type) --8<---cut here---end--->8--- Do we need to add a note on the manual or is a bug in docker-service-type (in that case I'm willing to open the bug report)? Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
service 'dockerd' requires 'dbus-system', which is not provided by any service
Hello Guix! I'd like to use the docker-service-type so I added this --8<---cut here---start->8--- (service docker-service-type) --8<---cut here---end--->8--- to my config.scm but if I try to --8<---cut here---start->8--- sudo guix system reconfigure /etc/config.scm --8<---cut here---end--->8--- I get this error: --8<---cut here---start->8--- guix system: error: service 'dockerd' requires 'dbus-system', which is not provided by any service --8<---cut here---end------->8--- What do I miss plz? Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: New reconfigure, creating a file under /etc
Hi Efraim, thanks for the very interesting example! Efraim Flashner writes: [...] > (define %os-release-file > (plain-file "os-release" > (string-append > "NAME=\"Guix System\"\n" > "PRETTY_NAME=\"Guix System\"\n" > "VERSION=\""((@ (guix packages) package-version) (@ (gnu > packages package-management) guix))"\"\n" > "ID=guix\n" > "HOME_URL=\"https://www.gnu.org/software/guix/\"\n"; > "SUPPORT_URL=\"https://www.gnu.org/software/guix/help/\"\n"; > "BUG_REPORT_URL=\"mailto:bug-g...@gnu.org\"\n";))) > > (simple-service 'os-release etc-service-type > `(("os-release" ,%os-release-file))) [...] IMHO this is a perfect candidate - whith many other replies in help-guix - for the Guix Cookbook (thanks Ricardo for creating it!): what about to expand your example in a patch for the cookbook? :-) Thanks! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures
Re: cannot boot with BTRFS in degraded mode
Hello Maxim, Maxim Cournoyer writes: [...] > Fixing the Grub config (manually or not) is one thing, but not enough, > as it is the init script (contained within the initrd) Yes I was obviously wrong: the initrd must be updated, also! > run by the kernel > that mounts the root partition. This script currently doesn't honor the > rootflags= argument given to the Linux kernel command line, which means > that you cannot pass extra options (such as 'degraded') to mount your > root partition during the early boot process of the system. Yes, now I understand, thanks! >> Anyway, with the help of a friend, in a few hours we are going to test >> this solution :-) > > Good luck! The only viable solution to this problem is to boot a rescue system and fix the BTRFS array there: I'm doing it now via grml (remotely via ssh with the help of a friend who "manually" started the network and ssh daemon) For the records, this is what I did: 1. btrfs replace start 5 /dev/sde /target (since the missimg one was the 5th) 2. btrfs replace status /target it took less then 10 mins to replace a 1TB disk with 76.28GiB used: --8<---cut here---start->8--- Started on 6.Sep 09:21:44, finished on 6.Sep 09:40:45, 0 write errs, 0 uncorr. read errs --8<---cut here---end------->8--- [...] Thank you again for your support! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: cannot boot with BTRFS in degraded mode
Hello Maxim, Maxim Cournoyer writes: [...] > Also note that for the time being, the init script of Guix doesn't honor > the "rootflags" kernel argument. AFAIU this means Guix will not configure the grub parameter in the grub config, but if I pass "rootflags" via grub "manually" that should be passed to the kernel: right? Anyway, with the help of a friend, in a few hours we are going to test this solution :-) > The good news is that there is a patch awaiting testing/review that adds > support for it here: > https://debbugs.gnu.org/cgi/bugreport.cgi?bug=37305. AFAIU it's a good patch, thanks! IMHO actually it's two patches merged togheter: "honor rootflags kernel parameter" and "Allow booting from a Btrfs subvolume", anyway it's a big imrovement for BTRFS users I'll try them and will report back! Thanks, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures
Re: cannot boot with BTRFS in degraded mode
Hi Gábor, Gábor Boskovits writes: [...] >> Christopher suggested I might be able to at least mount the filesystem >> with the degraded option in the guix rescue environment, which might be >> something like: >> >> --8<---cut here---start->8--- >> (mkdir "/mnt/broken-root") >> (mount "/dev/sda3" "/mnt/broken-root" "btrfs" 0 "degraded") >> --8<---cut here---end--->8--- >> >> but we do not know how to proceed from there. > > I don't know what would work from here, but here are a few ideas: > 1. somehow hack the degraded root option into the bootloader config, like > here: > https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1229456 Oh great! I was not able to find what it seems a solution to boot: add "degraded" to the "rootflags=" kernel parameters (ah my ignorance!) I also find (just now :-S) this message very helpful: https://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg31265.html > 2. try to switch_root, using /bin/sh as init, and try to fix the bootloader > config from there. This is not strictly needed, all I need to boot is entering the grub editing mode, boot degraded and solve the problem with "btrfs replace..." and "btrfs balance..." I was thinking to permanently add "rootflags=[...],degraded" as kernel parameter but reading the message I mentioned above: --8<---cut here---start->8--- Altho if it is indeed true that btrfs will now refuse to mount writable if it's degraded like that, that's not such a huge issue either, as the read-only mount can serve as the same warning. Still, I certainly prefer the refusal to mount entirely without the degraded option, if indeed the filesystem is lacking a component device. There's nothing quite like forcing me to actually type in "rootflags=degraded" to rub my face in the reality and gravity of the situation I'm in! =:^) --8<---cut here---end--->8--- I changed my mind: booting in degraded mode should be done "manually" just to solve the issue :-) > 3. see what the original script is doing, either by having a look at how it > is composed: > see for example: gnu/system.scm: > operating-system-default-essential-services, > gnu/services.scm: %boot-service and most prominently: > gnu/services/shepherd.scm: shepherd-boot-gexp > > Wdyt? I'm certailny going to study how Guix instruments the booting of a machine, but I need time... and I'm late :-S Thank you very much for the pointers, indeed! [...] Ciao, Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
cannot boot with BTRFS in degraded mode
Hi Guix! Yesterday I had to physically replace a failed disk on milano-guix-1 (one of Guix build machines), that disk was part of a BTRFS RAID10 multi disk array and now the machine is unbootable The BTRFS RAID10 array was made of 6 disks and was running well, some days ago Christopher Baines found that the 5th disk (/dev/sde) of that array failed and was able to remount it in degraded mode in order to re-balance the array and go on working without data loss Unfortunately I was not able to perform a "btrfs replace..." since adding a new disk (we have spare slots) was not detected by the kernel... HP ProLiant Smart Array is not so smart after all (aka bye bye hot swapping of disks) :-S... So I had to reboot the server and enter the config tool, added the new drive as a new Smart Array logical volume (RAID0 with 1 drive) [1] and removed the failed logical volume The problem now is that the boot process stops when trying to mount the BTRFS filesystem, the error is: --8<---cut here---start->8--- BTRFS error (device sda3): devid 5 uuid [omissis] is missing --8<---cut here---end--->8--- ([omissis] means I'm not copying the exact uuid, sda3 is the first block device in the BTRFS pool) All I get now is the guix rescue environment prompt, that I do not know how to use: I'm not able to boot with BRTFS in degraded mode :-S Christopher suggested I might be able to at least mount the filesystem with the degraded option in the guix rescue environment, which might be something like: --8<---cut here---start->8--- (mkdir "/mnt/broken-root") (mount "/dev/sda3" "/mnt/broken-root" "btrfs" 0 "degraded") --8<---cut here---end--->8--- but we do not know how to proceed from there. Obviously I have no way now to reconfigure guix, the only idea I got is to boot from an USB rescue disk (e.g. grml) and try to do a "btrfs replace..." from there: that should fix the BTRFS array and should allow a mount in non-degraded mode, so the next Guix boot should succeed That machine is physically far away from me and I should collect as much info as possible before I go there to test for a solution (no remote serial console unfortunately) I'm searching the web for a solution, any hint will be greatly appreciated :-) Meanwhile milano-guix-1 build machine is offline... :-( Thank you for your attention, Gio' [1] AFAIU that is the only way to present a single disk to the OS and let the OS manage it as part of a **software** RAID pool (hardware RAID is not an option) -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Why reproducibility is breaking by metadata?
Hello Konrad, Konrad Hinsen writes: [...] > Philosophical side note: the right way to store provenance information > is outside of the data they refer to. Unfortunately, with file-based > storage, there is no clean way to attach the provenance information > securely to the data without putting it into the same file. Just "food for thought": git-annex metadata allows users to attach arbitrary metadata to their annexed files, «metadata is stored in the git-annex branch, and so is automatically kept in sync with the rest of git-annex's state» Being content-hashed, each file will persintently keep its metadata even in case of renames (in the git-annex "filesystem" scope) I doubt this could be applied to `guix pack`, but it's an intereting approach to "sidecar" metadata Happy Guix! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: support for btrfs multiple devices?
Hello Matt, Matt Huszagh writes: > I'm unable to get even a basic guix system init working with btrfs on 2 > partitions. I setup the btrfs filesystem with: > > mkfs.btrfs -L btrfs -m raid1 -d raid0 /dev/nvme0n1p2 /dev/sda1 Please can you specify how did you then installed Guix on your system? > and in my config: > > (define fs-root > (file-system >(mount-point "/") >(type "btrfs") >(device (file-system-label "btrfs")) Can you please try using uuid instead of file-system-label? >(options "defaults,compress=lzo,ssd,noatime") >(needed-for-boot? #t))) > > (define fs-boot > (file-system >(mount-point "/boot/efi") >(type "vfat") >(device (uuid "68C5-A2D1" 'fat fat32 ? :-) > > (file-systems (append > (list > fs-root > fs-boot) > %base-file-systems)) [...] > Has anyone gotten btrfs working with any sort of multi-device raid > capability? Yes, I did it on milano-guix-1 build machine (and I'm almost sure I'm not the only one around): That machine configuration is here: http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/milano-guix-1.scm I initially installed on a RAID1 (both data and metadata) btrfs volume using two disk partitions, with manual installation method, and it worked; lately I added 4 more disks (whole disks) and converted the volume to RAID10 > Any pointers would be greatly appreciated! I've now devoted 4 full > days and still can't get past the guix system init phase - I'm pretty > close to giving up... Can you please provide a step-by-step report of what you are doing when installing, maybe a review could reveal something wrong... or probably a Guix bug :-) Thanks for reporting! Happy Guix! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: grub with encrpted root no longer automatically loads luks
Hello Jack, I don't have a Guix machine using root on encrypted LUKS now, but I tested this non so long ago and it worked well Jack Hill writes: > I've noticed that recently (unfortunately, I don't know exactly when it > started), that grub no longer prompts me to enter my password to unlock my > root filesystem. Are you able to boot to a previous Guix System generation and try to find the one that introduced this behaviour? Are you sure you did not reconfigured your device mapping meanwhile? > I notice that at the grub command line, if I enter > `cryptomount -a`, I am not prompted for a password, and the root > filesystem does not become available. However, if I first run `insmod > luks` and then `cryptomount -a`, I am prompted for my password, and the > root filesystem become available and I can boot normally. I imagine you are entering the grub CLI because you get some error: what's the error please? [...] > ;; Specify a mapped device for the encrypted root partition. > ;; The UUID is that returned by 'cryptsetup luksUUID'. > (mapped-devices >(list (mapped-device >(source (uuid "f7776767-70c9-44e3-9973-c1334d301348")) >(target "alperton_root") >(type luks-device-mapping > > (file-systems (cons* > (file-system >(device (file-system-label "boot")) >(mount-point "/boot") >(type "ext4")) > (file-system >(device (file-system-label "alperton_root")) >(mount-point "/") >(type "ext4") >(dependencies mapped-devices)) > %base-file-systems)) AFAIU (mapped-device ..(target "name") (type luks-device-mapping))) creates the mapped device /dev/mapper/name; file-system should be: --8<---cut here---start->8--- (file-system (device "/dev/mapper/alperton_root") (mount-point "/") (type "ext4") (dependencies mapped-devices)) %base-file-systems)) --8<---cut here---end--->8--- Did your configuration worked in a prior Guix System generation? [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: guix system reconfigure: Wrong type argument in position 1 (expecting struct)
Ricardo Wurmus writes: [...] > Pull out the modify-services expression, so that it becomes the second > argument to “append”. Thank you Ricardo, I applied the cons* solution suggested by Julien ...what an amazing community: two answers in a few hours, you make me feel home :-D Happy Guix! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: guix system reconfigure: Wrong type argument in position 1 (expecting struct)
Hello Julien, thank you for your check! Julien Lepiller writes: [...] > The result of modify-services is a list, but reading your file, it > seems you add it to the end of the (list ...) thing, Ouch... now **I see**! ...and begin to understand the error message > which is not going > to work: you're ending up with a list of lists. You can either put the > modify-services form outside of that list: [...] > or replace the (append (list ...)) with a (cons* ...): I adopted the latter, it makes (services...) more readeable to me [...] Kudos. Gio' aka `Guix-Fu Panda` -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
guix system reconfigure: Wrong type argument in position 1 (expecting struct)
g/guix-daemon.log" http-proxy: #f tmpdir: #f>> #< type: # value: #< log-file: "/var/log/nscd.log" debug-level: 0 caches: (#< database: hosts positive-time-to-live: 43200 negative-time-to-live: 20 suggested-size: 211 check-files?: #t persistent?: #t shared?: #t max-database-size: 33554432 auto-propagate?: #t> #< database: services positive-time-to-live: 86400 negative-time-to-live: 3600 suggested-size: 211 check-files?: #t persistent?: #t shared?: #t max-database-size: 33554432 auto-propagate?: #t>) name-services: () glibc: #>> #< type: # value: #< udev: # rules: (# # # #)>> #< type: # value: (("/bin/sh" # "/bin/sh">))>) --8<---cut here---end--->8--- Since everytime I try to purposely add a syntax error or miss to add a module guix correctly point that out, I doubt it depends on some error in my config.scm... or am I wrong? Anyway, this is my slightly obfuscated config.scm: --8<---cut here---start->8--- ; This is batondor (use-modules (gnu)) (use-service-modules networking ssh mcron virtualization) (use-package-modules linux) (define %authorized-guix-keys ;; List of authorized 'guix archive' keys. (list (local-file "keys/guix/OMISSIS.pub") (local-file "keys/guix/OMISSIS.pub"))) (define gc-job ;; Run 'guix gc' at 3AM every day. #~(job '(next-hour '(3)) "guix gc -F 50G")) (define btrfs-job ;; Run 'btrfs balance' every three days to make free space. #~(job (lambda (now) (next-day-from now (range 1 31 3))) (string-append #$btrfs-progs "/bin/btrfs balance " "start -dusage=50 -musage=70 /"))) ;; The actual machine (operating-system (locale "en_US.utf8") (timezone "Europe/Rome") (keyboard-layout (keyboard-layout "it" "nodeadkeys")) (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (target "/boot/efi") (keyboard-layout keyboard-layout))) (file-systems (cons* (file-system (mount-point "/") (device (uuid "26bd54ec-4e74-4b3a-96ff-58f2f34e4a1a" 'btrfs)) (type "btrfs")) (file-system (mount-point "/boot/efi") (device (uuid "7A61-DB20" 'fat32)) (type "vfat")) %base-file-systems)) (host-name "batondor") (users (cons* (user-account (name "x") (comment "X") (group "users") (home-directory "/home/x") (supplementary-groups '("wheel" "kvm" "netdev" "audio" "video"))) %base-user-accounts)) (packages (append (list (specification->package "nss-certs")) %base-packages)) (services (append (list (service openssh-service-type (openssh-configuration (port-number 22) (authorized-keys `(("x" ,(local-file "keys/ssh/x.pub")) (service dhcp-client-service-type) (service ntp-service-type) (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "arm" "aarch64")) (guix-support? #t))) (service mcron-service-type (mcron-configuration (jobs (list gc-job btrfs-job (modify-services %base-services (guix-service-type config => (guix-configuration (inherit config) (use-substitutes? #t) (authorized-keys %authorized-guix-keys --8<---cut here---end--->8--- Am I missing something or did I found a bug? Thanks! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: foreign arch build taking too long `guix build -s armhf-linux help`
Hello Guix, my first foreign arch build failed after two days :-) I still do not understand why I had two stale processes during build (if needed see details below)... ...looking at /var/log/messages, I see this (in reverse timing ordering) some segfaults: --8<---cut here---start->8--- Jun 12 09:45:39 localhost vmunix: [1958344.658696] Code: 0f 1f 40 00 66 0f ef c0 66 0f ef c9 66 0f ef d2 66 0f ef db 48 89 f8 48 89 f9 48 81 e1 ff 0f 00 00 48 81 f9 cf 0f 00 00 77 6a 0f 6f 20 66 0f 74 e0 66 0f d7 d4 85 d2 74 04 0f bc c2 c3 48 83 Jun 12 09:45:39 localhost vmunix: [1958344.616598] svn[35664]: segfault at 0 ip 776be6b6 sp 7fffbb18 error 4 in libc-2.28.so[7764b000+13f000] [...] Jun 12 09:21:13 localhost vmunix: [1956879.360841] Code: c7 77 83 c2 7c 83 c6 5b 4d 8d 67 60 4c 89 74 24 40 89 94 24 8c 00 00 00 89 bc 24 88 00 00 00 89 4c 24 74 45 31 db 89 74 24 70 <48> 89 44 24 10 4d 89 ee 48 89 6c 24 08 48 8b 44 24 08 48 8b 2d 2c Jun 12 09:21:13 localhost vmunix: [1956879.304954] git[43284]: segfault at 7ffdeff0 ip 77e333a3 sp 7ffdefe0 error 6 in libc-2.28.so[77dd6000+13f000] [...] Jun 12 08:55:02 localhost vmunix: [1955307.460504] Code: f8 04 0f 87 19 03 00 00 83 c0 77 89 44 24 28 e9 8c f9 ff ff 66 0f 1f 44 00 00 48 8d 3d e1 d9 0f 00 e8 54 da ff ff 0f 1f 40 00 <89> 54 24 28 e9 e0 fb ff ff 0f 1f 80 00 00 00 00 8d 4f 5b 8d bc 3f Jun 12 08:55:02 localhost vmunix: [1955307.385398] git[11650]: segfault at 7ffdefd8 ip 77e33960 sp 7ffdefb0 error 6 in libc-2.28.so[77dd6000+13f000] [...] Jun 12 08:31:17 localhost vmunix: [1953883.012358] Code: e6 f9 ff ff 89 c2 31 c0 85 d2 74 0a 0f b6 7c 24 0f e8 f4 fa ff ff 48 83 c4 18 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 <8b> 04 25 00 00 00 00 0f 0b 0f 1f 80 00 00 00 00 48 83 ec 18 48 89 Jun 12 08:31:17 localhost vmunix: [1953882.986533] python[22829]: segfault at 0 ip 7766cb10 sp 7fffb238 error 4 in _testcapi.so[7766c000+6000] --8<---cut here---end--->8--- do I have to memtest my machine?!? Thanks! Gio'. Giovanni Biscuolo writes: [...] > and this process: > > --8<---cut here---start->8--- > /gnu/store/sw2rrqmjij73wcy3ajd47ypvmzh12yz6-qemu-3.1.0/bin/qemu-arm > /gnu/store/43ljk0rxwxl4c9msr4b9xwihhw6fak8v-bootstrap-binaries-0/bin/rm -f > /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt > --8<---cut here---end--->8--- > > The process run time taken from `top` now is 796:50.68 :-O > > That file is still there and it seems it's not removed: > > --8<---cut here---start->8--- > ~$ sudo ls -lah > /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt > -rw-r--r-- 1 guixbuilder01 guixbuild 5.7K Jun 11 04:02 > /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt > --8<---cut here---end--->8--- I did "manually" delete the above mentioned file and killed the stale process, the build went on to the next steps... Until today I realized that build was still frozen at this stage: --8<---cut here---start->8--- make[2]: Leaving directory '/tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6' make check-TESTS make[2]: Entering directory '/tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6' make[3]: Entering directory '/tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6' PASS: leaktest PASS: hugetest PASS: initsecondarythread_test PASS: threadleaktest PASS: smashtest PASS: cordtest PASS: subthreadcreate_test PASS: middletest PASS: threadkey_test PASS: staticrootstest PASS: disclaim_test PASS: test_cpp PASS: realloc_test PASS: disclaim_bench --8<---cut here---end--->8--- with this stale process never ending: --8<---cut here---start->8--- /gnu/store/sw2rrqmjij73wcy3ajd47ypvmzh12yz6-qemu-3.1.0/bin/qemu-arm /tmp/guix-build-libgc-7.6.6.drv-0/gc-7.6.6/.libs/gctest --8<---cut here---end--->8--- so I killed the above process and the build stopped with a failure (sorry for the verbosity): --8<---cut here---start->8--- FAIL: gctest Testsuite summary for gc 7.6.6 # TOTAL: 15 # PASS: 14 # SKIP: 0 # XFAIL: 0 # FAIL: 1 # XPASS: 0 # ERROR: 0 See ./test-suite.log Please report to https://github.com/ivmai/bdwgc/issues
Re: Servname not supported
Hello Dustin, Dustin Rayner writes: [...] > However, guix install hello and guix pull both fail. I've verified > network access, but the error I receive is: > > In procedure getaddrinfo: Servname not supported for ai_socktype What if you try `whois gnu.org` on that host? Do you get the same error? [1] This seems not related to Guix, please can your check permissions on /etc/services (ls -lah /etc/services) on your host? They should be: --8<---cut here---start->8--- -rw-r--r-- 1 root root 19K dic 26 2016 /etc/services --8<---cut here---end--->8--- If others (including your normal user) cannot read /etc/services they get this error. I never had similar issues in the past, but I can reproduce this on my host. --8<---cut here---start->8--- $ sudo chmod o-r /etc/services $ LC_ALL=C whois gnu.org getaddrinfo(whois.pir.org): Servname not supported for ai_socktype --8<---cut here---end--->8--- `sudo chmod o+r /etc/services` fixed the above error. Does it help? Gio'. [1] https://askubuntu.com/questions/742613/network-aplications-throwing-servname-not-supported-for-ai-socktype -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
foreign arch build taking too long `guix build -s armhf-linux help`
Hi Guix! I've a x86_64 build machine I configured to build for arm and aarch architetures this way: --8<---cut here---start->8--- (service qemu-binfmt-service-type (qemu-binfmt-configuration (platforms (lookup-qemu-platforms "arm" "aarch64")) (guix-support? #t))) (modify-services %base-services (guix-service-type config => (guix-configuration (inherit config) (use-substitutes? #f) (authorized-keys %authorized-guix-keys))) --8<---cut here---end--->8--- This should enable transparent build for another architecture, using no substitutes. To test a build I did `guix build -s armhf-linux help`; after several hours I'm still waiting the build to complete, it seems stuck at this build stage: --8<---cut here---start->8--- [...] /gnu/store/zxgm9xn0dgqfp6dxynklqzr27957qkis-make-boot0-4.2.1/bin/make subdir=stdlib -C stdlib ..=../ others make[2]: Entering directory '/tmp/guix-build-glibc-intermediate-2.28.drv-0/glibc-2.28/stdlib' --8<---cut here---end--->8--- and this process: --8<---cut here---start->8--- /gnu/store/sw2rrqmjij73wcy3ajd47ypvmzh12yz6-qemu-3.1.0/bin/qemu-arm /gnu/store/43ljk0rxwxl4c9msr4b9xwihhw6fak8v-bootstrap-binaries-0/bin/rm -f /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt --8<---cut here---end--->8--- The process run time taken from `top` now is 796:50.68 :-O That file is still there and it seems it's not removed: --8<---cut here---start->8--- ~$ sudo ls -lah /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt -rw-r--r-- 1 guixbuilder01 guixbuild 5.7K Jun 11 04:02 /tmp/guix-build-glibc-intermediate-2.28.drv-0/build/stdlib/drand48.os.dt --8<---cut here---end--->8--- Looking at /var/log/guix-daemon.log does not help. Any hint about what's going on here and/or understanding why that process is stuck removing that file? Thanks! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: arm image ; daemon-socket error
Hello rhombus, rhom...@transversals.org writes: > after manually installing guixsd via the current guix-install.sh script [...] > # guix system disk-image --system=armhf-linux -e "(@ (gnu system > install) beaglebone-black-installation-os)" > > it ended with the following: > > Guix System: Error: fails to connect to '/var/guix/daemon-socket/socket' > no such file or directory Please can you check the guix-daemon is up and runnig and give some feedback with details about it? Usually `/var/guix/daemon-socket/socket` is created by guix-daemon on startup [...] HTH, Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Guix and intrusion detection (was Re: Help with writing custom boot-loader configuration)
Hello Raghav, Raghav Gururajan writes: [...] > It works. Was curious about other alternatives. Btw, is it possible make guix > to > automatically GPG-Sign the "grub.cfg" it generates during "guix system init" > or > "guix system reconfigure" ?? I cannot (still) help patching guix this way, but from a security POV this is interesting, providing you explain what you are trying to achieve :-) Anyway: 1. to sign, guix should have a secret key and that key may be easily stolen (modulo encryption but that's another story...) 2. to verify a list of system admins signatures guix just needs public keys and that's easy to provide, the not so easy part is patching guix I guess 3. signature of "grub.cfg" - or other store items - should be done on *another* machine and items deployed to the host (there is some POC and custom code around in guix-devel for this) Could GPG signature *verification* of selected core parts (bootloader, initrd, kernel... guix itself) of our reproducible system make us confident that instrusions via physical access to hardware are automatically detected and notified by guix? [1] ...or I'm exagerating here and Guix already provides a good path to do effective intrusion detection, even with remote hosts potentially available to physical instrusion? Thoughts? [...] Thanks! Gio'. [1] let's call it Trusting Remote Trust problem -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: how to unmount disk after guix system init error?
Hello znavko, zna...@disroot.org writes: [...] > I cannot do this. I fullfilled this but making filesystem on /dev/sdb2 gives > the error, that device is mounted. > As I understand this is because of my run 'herd start cow-store /mnt' and > also run `guix system init /mnt` > I've stopped herd service. But do not know what to do else. So I can only > reboot and start again. > > Please is there another way to solve? No, AFAIU there is no way other than restart the machine I'm almost sure there's an already opened bug for this but I cannot find it now :-S HTH! Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Installer: GUIX_IMAGE as /dev/sda on some hardware?
Hi Tobias, thanks for sharing your experience, I'm cross posting to guix-devel since it's worth discussing a patch to the installer Tobias Geerinckx-Rice writes: > Giovanni Biscuolo wrote: >> This is **very** important when installing grub, in fact grub >> installation failed when instantiating my config.scm on the HP >> ProLiant >> simply because it was on /dev/sda pointing to the USB media; > > /dev/xdyN names have never been safe to use in this way I'm not talking about partitions ;-) According my faulty memory (I cannot reproduce it now) /dev/sd is what the Installer writes in the bootloader section of config.scm: --8<---cut here---start->8--- (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/sda") (keyboard-layout keyboard-layout))) --8<---cut here---end--->8--- and that caused the Installer to fail on grub-install since /dev/sda was my USB media, (fortunately it failed because there was no space for grub :-) ) On the other hand, by setting "/dev/sdb" whould made grub-install succeed when running from USB but fail when running from the system itself [...] >> 3. how is the USB media "relocated" to the last /dev/sd? device >> by the installer? > > It's… not? So it's pure coincidence that grub-install on /dev/sda succeedes on the whole set of machines users are installing via USB media? :-O > Dev nodes & names are doled out by the kernel. As > you've discovered, they aren't to be relied on, and you should use > labels or UUIDs instead. Labels and UUIDs are for volumes, not for the whole disk ;-) I'm not talking about filesystem config, where using labels or UUIDS is strongly recommended (and used by the Installer), I'm talking about grub-install config But wait! There's the /dev/disk/by-id/ tree, I did not notice it until now! :-) That's the solution: --8<---cut here---start->8--- (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/disk/by-id/scsi-3600508b1001c75a3bebb04b23d19e249") (keyboard-layout keyboard-layout))) --8<---cut here---end--->8--- I did not test this but it smells like running, if Guix devels agree I think Installer should adopt /dev/disk/by-id by default, sorry I'm not able to propose a patch for this [...] > Hoping to have scared you into using UUIDs, Yes! You did it (albeit it is disk/by-id and not UUIDs) :-D Thanks for your suggestions! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Installer: GUIX_IMAGE as /dev/sda on some hardware?
Hello Guix! I cannot reproduce this anymore since the machine I used is no more under my physical control and is in production... anyway I'm sure on a HP ProLiant DL380p Gen8 the installer image (1.0.0 version) [1] listed the USB media as /dev/sda while I've always observed (and reproducing now on a testing machine) that it's listed as **the last** /dev/sd? device in the list This is **very** important when installing grub, in fact grub installation failed when instantiating my config.scm on the HP ProLiant simply because it was on /dev/sda pointing to the USB media; I had to manually install grub on /dev/sdb to complete the install A couple of questions: 1. has anyone observed a similar issue? 2. what could have caused it? 3. how is the USB media "relocated" to the last /dev/sd? device by the installer? Happy hacking! Gio'. [1] the only custom thing I made was adding "vga=791" and removing "quiet" from the kernel arguments -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: guix pull extremely verbose (with no ----verbose)
Ricardo, Ricardo Wurmus writes: [...] > This is a bug. Thanks for reproducing this and for confirming this is a bug, I'll add my further findings in the bug report (I still do not see it on debbugs.gnu.org) 🖖 Live long and prosper. Gio' -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: guix pull extremely verbose (with no ----verbose)
Hi Ricardo, Thank you for helping Ricardo Wurmus writes: >> I've run "guix pull" many many times since today but now after that >> command I see a lot of logs like this one: >> >> --8<---cut here---start->8--- >> @ build-log 9461 44 >> checking if GSS-API support is requested... @ build-log 9461 4 >> yes >> @ build-log 9461 28 >> checking gss.h usability... @ build-log 9461 4 >> yes > […] > > Are you using an old daemon? These are hints that are filtered by the > daemon — if it is recent enough. Is guix-daemon 1.0.0 recent enough? On the Guix System machine: --8<---cut here---start->8--- ~$ sudo -i guix-daemon --version guix-daemon (GNU Guix) 1.0.1-1.8204295 --8<---cut here---end--->8--- That machine finished "guix pull" in more or less 33 mins, it's a 32 cores machine with 64GB RAM After that now "guix pull" does not output debug messages On the foreign distro machine: --8<---cut here---start->8--- $ sudo -i guix-daemon --version guix-daemon (GNU Guix) 1.0.0-1.326dcbf --8<---cut here---end--->8--- Anyway it was running since Wed 2019-05-15 11:43:04 CEST (1 weeks 1 days ago): I restarted and "guix pull"ed again... --8<---cut here---start->8--- $ time guix pull Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'... Building from this channel: guix https://git.savannah.gnu.org/git/guix.git a9150d4 --8<---cut here---end------->8--- and I still get a lot of verbose output... this time I'm going to wait until it'll finish (previously I always interrupted it) [...] Thanks! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
guix pull extremely verbose (with no ----verbose)
Hi Guix! I've run "guix pull" many many times since today but now after that command I see a lot of logs like this one: --8<---cut here---start->8--- @ build-log 9461 44 checking if GSS-API support is requested... @ build-log 9461 4 yes @ build-log 9461 28 checking gss.h usability... @ build-log 9461 4 yes @ build-log 9461 27 checking gss.h presence... @ build-log 9461 4 yes @ build-log 9461 22 checking for gss.h... @ build-log 9461 4 yes @ build-log 9461 82 checking whether to enable Windows native SSL/TLS (Windows native builds only)... @ build-log 9461 3 no @ build-log 9461 47 checking whether to enable Secure Transport... @ build-log 9461 63 no checking whether to enable Amiga native SSL/TLS (AmiSSL)... @ build-log 9461 3 no @ build-log 9461 27 checking for pkg-config... @ build-log 9461 9 (cached) @ build-log 9461 77 /gnu/store/xyiyf12w4i7zf5g5b4ah0bi1mmd6i8xa-pkg-config-0.29.2/bin/pkg-config @ build-log 9461 48 checking for openssl options with pkg-config... @ build-log 9461 3 no @ build-log 9461 40 checking for HMAC_Update in -lcrypto... @ build-log 9461 3 no @ build-log 9461 41 checking for HMAC_Init_ex in -lcrypto... @ build-log 9461 3 no @ build-log 9461 38 checking OpenSSL linking with -ldl... @ build-log 9461 3 no @ build-log 9461 52 checking OpenSSL linking with -ldl and -lpthread... @ build-log 9461 3 no @ build-log 9461 36 checking for pkg-config... (cached) @ build-log 9461 77 /gnu/store/xyiyf12w4i7zf5g5b4ah0bi1mmd6i8xa-pkg-config-0.29.2/bin/pkg-config @ build-log 9461 47 checking for gnutls options with pkg-config... @ build-log 9461 6 --8<---cut here---end--->8--- I'm trying from two different machines, one on forein distro and one with Guix System but the output is the same on both On the first I am at --8<---cut here---start->8--- $ guix describe Generation 2Jun 21 2019 19:03:33(current) guix 6acf6ce repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 6acf6cec7d74d2e288e275429e8362bfb04b0286 --8<---cut here---end--->8--- while on the second I am at --8<---cut here---start->8--- $ guix describe Generation 20 May 12 2019 16:17:24(current) guix 59199e1 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 59199e1adbd5d5f3116a2ca4b580222908f1853e --8<---cut here---end--->8--- so it does not seem related to guix version Any hint on what's going on plz? Thanks! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Using an ntp service
Hi Adam, Adam Mazurkiewicz writes: [...] > I expected that it would sync system time, but it did not. I have > still been getting the time of my computer BIOS in a terminal, not the > synced one. If system clock is too late (or too far in the future) ntpd will not update it «Normally, ntpd exits if the offset exceeds the sanity limit, which is 1000 s by default. » [1] Is this your case? > Also in Xfce DE Clock. I have no idea how to debug it and > fix. To debug you should check "sudo tac /var/log/messages | grep ntpd | less" messages > Any help will be appreciated. Set your clock (via date command or some GUI) and then "sudo hwclock --systohc" to update your BIOS clock. Last but not least: check your hardware clock setting are preserved between reboots, if not you should change it's battery (if it's not broken). HTH! Gio' [1] http://doc.ntp.org/4.1.0/ntpd.htm -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Youtube Viewer
Hi "Raghav Gururajan" writes: [...] >> Anyway, both the GTK and CLI versions invoke MPV just fine here. yes but the config file for the GTK version is .config/youtube-viewer/gtk-youtube-viewer.conf Raghav can you please check that it contains --8<---cut here---start->8--- video_player_selected => "mpv", --8<---cut here---end--->8--- I'm using both GUI and CLI and I had to configure both, they both start mvp "on click" >> Could you try running both in a pure environment? > > Yes. Please find the following error. > > address@hidden ~ [env]$ gtk-youtube-viewer > No protocol specified > Gtk-WARNING **: cannot open display: :1 at > /gnu/store/zy4mnhidqcnfdf1ci4dsafxyd14ck1in-perl-gtk2-1.24992/lib/perl5/site_perl/5.28.0/x86_64-linux-thread-multi/Gtk2.pm > line 126. > cannot open display: that should be related to the environment [...] HTH! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: error in bootloader config while system init
(xorg-configuration (xorg-configuration (extra-config '("Section \"InputClass\" Identifier \"touchpad\" Driver \"libinput\" MatchIsTouchpad \"on\" Option \"Tapping\" \"on\" EndSection") ) (modify-services ;; removing unnecessary services (remove (lambda (service) (member (service-kind service) (list ntp-service-type avahi-service-type bluetooth-service network-manager-service-type gdm-service-type))) %desktop-services) ;end of remove lambda services ;; wpa_supplicant + dhcp-client (above) instead of networkmanager (wpa-supplicant-service-type config => (wpa-supplicant-configuration (interface "wlp2s0") (config-file "/etc/wpa_supplicant/wpa_supplicant.conf"))) ;; disabling sleep on closing notebook lid (elogind-service-type c => (elogind-configuration (handle-lid-switch 'ignore))) ) ;;end of modify-services )) ;;end of services ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss) ;;blacklist ugly sound speaker (kernel-arguments '("modprobe.blacklist=pcspkr,snd_pcsp,bluetooth")) ) ;;end of operating-system --8<---cut here---end--->8--- -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: Possible store corrumption
Hi Jack, Jack Hill writes: > I've run guix gc --verify and received the following output: > > $ guix gc --verify > reading the store... > checking path existence... > path `/gnu/store/k5qxpr9wswli6lskpp433mrk0ffvxa9q-gcc-6.5.0.tar.xz.drv' > disappeared, but it still has valid referrers! [...] > $ guix gc > finding garbage collector roots... > deleting garbage... > guix gc: error: executing SQLite query: database or disk is full > > What might be causing these symptoms and how might I resolve them? Could be a full disk issue? If you use a dedicated volume for /gnu, what's the result of df -h | grep /gnu ? Otherwise, the result of "df -h | grep /" ? If your disk/volume is full: I never had similar issues so I cannot help, I just suggest you to extend your volume if you can HTH! Gio'. [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: btrfs raid configuration vs mdraid
Hi Fredrik, Fredrik Salomonsson writes: [...] >> Assuming I'm going to format the root filesystem as: >> >> mkfs.btrfs -m raid1 -d raid1 /dev/sda3 /dev/sdb3 >> >> how should I configure (file-system...)? this way: >> >> (file-system >> (mount-point "/") >> (type "btrfs") >> (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb"))) >> >> with UUID taken from "lsblk -f"? > > That should work. I confirm it worked, easily! :-) [...] > One thing you should note is that guix might generate incorrect > paths for grub if you are using subvolumes. At least guix < 1.0 does > that for me, haven't tested 1.0+ yet. But I have been using a shell > script that works around that issue. I did not use root on a subvolume for my installation, but I'll try to reproduce it in a test install: can you please file a bug report for this, IMHO this should be fixed >> From you experience is RAID on brtfs as solid as the one on mdadm? > > I have very little experience with mdadm, so can only speak of my > experience with btrfs and RAID-1. Which I have been using for 3+ years. > For me it has been solid. Only issue I have encountered was when my > fileserver lost power a few times leaving the filesystem corrupt. A > "btrfs check --repair" fixed that issue. Thanks for sharing! You give me courage to adopt btrfs more extensively :-) Best regards, Gio'. [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
Re: How to start Guix on Asus K50C ?
Hello znavko, zna...@disroot.org writes: > nomodeset not helped. can you please try using "vga=791" I had a similar issue recently and setting vga as above solved it HTH! Gio'. [...] -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature
btrfs raid configuration vs mdraid
Hello Guix! My preferred storage setup until now was using RAID-1 software RAID built with mdadm; for a new machine I'm considering setting up a RAID-1 btrfs volume as root, but I have much less experience with btrfs Assuming I'm going to format the root filesystem as: mkfs.btrfs -m raid1 -d raid1 /dev/sda3 /dev/sdb3 how should I configure (file-system...)? this way: (file-system (mount-point "/") (type "btrfs") (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb"))) with UUID taken from "lsblk -f"? From you experience is RAID on brtfs as solid as the one on mdadm? Thanks! Gio'. -- Giovanni Biscuolo Xelera IT Infrastructures signature.asc Description: PGP signature