bug#37612: device-mapper: remove ioctl on cryptoroot failed: Device or resource busy

[theamazed74]

# Steps to reproduce:

I start going through the GUI installer and during the install I get these 
errors:

![memory-leak](https://coinsh.red/u/653Guix-Memory-Leak.jpeg) 


Next I enter and get these:

![crypt-error]( 
https://coinsh.red/ipfs/QmWkYNpehzGZNeJquZb8ev39SzsQ9crmMfNofAnMKNdz4c
 ) 


Then after restarting I tried the first couple steps then it halted with these:

![bug(pg1)](https://coinsh.red/u/TheFirst566.jpeg) 


![bug(pg2)]( 
https://coinsh.red/u/TheSECOND56677.jpeg
 )

# What was expected?

I am not certain what these errors mean. I tried to RTFM but wasn't able to 
find much.

bug#37347: 'guix environment' fails after trying to follow the steps from "Running Guix Before It Is Installed" page

[Bengt Richter]

On +2019-10-03 12:57:46 -0700, Bengt Richter wrote:
> 
> I could not get to that manual url:
> https://guix.gnu.org/manual/en/html_node/X_002e509-Certificates.html
> 
> Not with with lynx, nor
[...]

> IOW, I couldn't get to the manual.
> Am I in a DNS bubble of some kind?
> 
> If the site is just bogged down busy it shouldn't 404, right?
> Nor on some auth failure -- that should be another code, right?
> 
> Doesn't gnu.org have a little broken-link scanner for its own domain?
> 
> Does no one else encounter access problems and broken links??
> 
To be clearer, the url does not 404 when lynx tries to access
the manual URL -- the 404's were from broken links in another
page (see previous in thread).
Lynx just can't find the site for
https://guix.gnu.org/manual/en/html_node/X_002e509-Certificates.html

Alert!: Unable to connect to remote host.


Looking up guix.gnu.org
Unable to locate remote host guix.gnu.org.
Alert!: Unable to connect to remote host.

lynx: Can't access startfile 
https://guix.gnu.org/manual/en/html_node/X_002e509-Certificates.html
[19:39 ~/bs]$ stack
https://guix.gnu.org/manual/en/html_node/X_002e509-Certificates.html[19:39 
~/bs]$
[19:39 ~/bs]$ stack;echo
https://guix.gnu.org/manual/en/html_node/X_002e509-Certificates.html
[19:40 ~/bs]$ ping guix.gnu.org
ping: guix.gnu.org: Name or service not known
[19:40 ~/bs]$ ping gnu.org
PING gnu.org (209.51.188.148) 56(84) bytes of data.
^C64 bytes from 209.51.188.148: icmp_seq=1 ttl=49 time=93.4 ms

--- gnu.org ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 93.404/93.404/93.404/0.000 ms
[19:40 ~/bs]$ su -c 'setterm -file lynx-attempt.txt -dump 4'

(stack is a little hack I use to append arbitrary strings
to a datafile (with lengths on a metafile) using dd to effect
push and pop etc, so I can get around not having X running
all the time (mostly not :))

TIA again for clues.
--
Regards,
Bengt Richter

bug#37492: GUIXSD 1.0.1 install error

[RAUL H C LOPES]

On 29/09/2019 13:00, Marius Bakke wrote:

RAUL H C LOPES  writes:


Hi Marius,

I've managed to install GuixSD by chossing  msdos instead of gpt.
Coincidence? Is the gpt setup tested?

Can you share the steps required to reproduce the error?



I don't have logs for the crash. Unfortuately, my first time with GuixSD 
and  I just went along with Graphic install. How could I have collected 
them?



Anyway, my memory log:

# install 0:

 Home in separate partition, both encrypted; gpt label.

 That's error I submitted.

# install 1

 one partition, encrypted; gpt label.

 a crash during package install.


# install 2

Guided partioning, no encryption, gpt label.

Same sort of crash at another point.

The crashes happened at different packages. I assumed it was something 
related with disk I/O.



# install 3


Guided one partition, no encryption, label msdos.


It worked fine.


I am doing a new install tomorrow on a Supermicro SYS-E2000-8D. It has 2 
10G NIcs. I hope Guix has got the drivers.






I've running the system for a few days.

I need now a good manual> I'm suffering for:
   - reconfigure stuff that is usually in /etc, like /etc/ssh/sshd_config;

There is a good up-to-date manual here:
.  Search for 'openssh-configuration'
for examples on how to configure the SSH daemon.


   - running a make on an open source project who looks for linux libs
where debian would find them.

Typically you would do something like `guix environment --ad-hoc
gcc-toolchain make` to enter a shell environment where all the
dependencies of the program you want to build are present.


Great! thanks for the link and hint on gcc

bug#37501: [core-updates] Entropy starvation during boot

[Marius Bakke]

Ludovic Courtès  writes:

> Hi again,
>
> Marius Bakke  skribis:
>
>> After reconfiguring on the 'core-updates' branch, systems using the
>> OpenSSH service will occasionally (not always!) hang forever during
>> boot, waiting for entropy.  Moving the mouse or mashing the keyboard
>> allows the boot to proceed.
>>
>> I don't think this is limited to OpenSSH, but anything that calls
>> getrandom() during startup.
>>
>> There is some information about this problem and various workarounds
>> here, including links to recent LKML discussions:
>>
>> https://daniel-lange.com/archives/152-hello-buster.html
>
> I read some of these, and our ‘urandom-seed-service-type’ has the same
> bug as .  Namely, we
> write the previous seed to /dev/urandom but we don’t credit the
> entropy.
>
> The attached patch fixes that, and I think it should fix the problem you
> reported.  Could people give it a try?

Good catch, LGTM.  Unfortunately it does not fix the problem.

> I’m interested in seeing the value of
> /proc/sys/kernel/random/entropy_avail with and without this patch right
> after boot (don’t try it in ‘guix system vm’ because there’s no seed
> there.)

before -  243
after  - 2419

I don't know why this change was insufficient.  Perhaps the kernel
does not consider such a seed alone trustworthy enough?  I also tried to
increase the seed size to no avail.

I found this patch in the 5.4 kernel tree after reading the commit log
of random.c:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f2dc2798b81531fd93a3b9b7c39da47ec689e55

...which *does* solve the problem.

The comments in the merge commit suggests that it is not necessarily a
good solution, so I think we should let it "settle" a bit upstream
before pushing it.  It does look rather sledgehammer-y...

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3f2dc2798b81531fd93a3b9b7c39da47ec689e55

Thoughts?

I have attached a patch that adds Linus' fix for the curious:

diff --git a/gnu/local.mk b/gnu/local.mk
index 9f8ce842b6..b9b6ea3ae7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1078,6 +1078,7 @@ dist_patch_DATA =		\
   %D%/packages/patches/lierolibre-remove-arch-warning.patch	\
   %D%/packages/patches/lierolibre-try-building-other-arch.patch	\
   %D%/packages/patches/linkchecker-tests-require-network.patch	\
+  %D%/packages/patches/linux-libre-active-entropy.patch		\
   %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/lirc-reproducible-build.patch		\
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 6664620c04..dda95c29ac 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -420,7 +420,8 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
 
 (define-public linux-libre-5.2-source
   (source-with-patches linux-libre-5.2-pristine-source
-   (list %boot-logo-patch
+   (list (search-patch "linux-libre-active-entropy.patch")
+ %boot-logo-patch
  %linux-libre-arm-export-__sync_icache_dcache-patch)))
 
 (define-public linux-libre-4.19-source
diff --git a/gnu/packages/patches/linux-libre-active-entropy.patch b/gnu/packages/patches/linux-libre-active-entropy.patch
new file mode 100644
index 00..8f081f4a19
--- /dev/null
+++ b/gnu/packages/patches/linux-libre-active-entropy.patch
@@ -0,0 +1,86 @@
+Try to actively add entropy instead of waiting forever.
+Fixes .
+
+Taken from upstream:
+https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50ee7529ec4500c88f8664560770a7a1b65db72b
+
+diff --git a/drivers/char/random.c b/drivers/char/random.c
+index 5d5ea4ce1442..2fda6166c1dd 100644
+--- a/drivers/char/random.c
 b/drivers/char/random.c
+@@ -1731,6 +1731,56 @@ void get_random_bytes(void *buf, int nbytes)
+ }
+ EXPORT_SYMBOL(get_random_bytes);
+ 
++
++/*
++ * Each time the timer fires, we expect that we got an unpredictable
++ * jump in the cycle counter. Even if the timer is running on another
++ * CPU, the timer activity will be touching the stack of the CPU that is
++ * generating entropy..
++ *
++ * Note that we don't re-arm the timer in the timer itself - we are
++ * happy to be scheduled away, since that just makes the load more
++ * complex, but we do not want the timer to keep ticking unless the
++ * entropy loop is running.
++ *
++ * So the re-arming always happens in the entropy loop itself.
++ */
++static void entropy_timer(struct timer_list *t)
++{
++	credit_entropy_bits(&input_pool, 1);
++}
++
++/*
++ * If we have an actual cycle counter, see if we can
++ * generate enough entropy with timing noise
++ */
++static void try_to_generate_entropy(void)
++{
++	struct {
++		unsigned long now;
++		struct timer_list timer;
++	} stack;
++
++	stack.now = random_get_entropy();
+

bug#37531: ‘%load-path’ in shepherd is unnecessarily long

[Ludovic Courtès]

Ludovic Courtès  skribis:

> $ sudo herd eval root '(length %load-path)'
> Evaluating user expression (length %load-path).
> 119

Commit cdf9811d24b9c857cb79e0ddd38181862ec34bd3 fixes that at the level
of ‘scheme-file’.

Ludo’.

bug#37347: 'guix environment' fails after trying to follow the steps from "Running Guix Before It Is Installed" page

[Bengt Richter]

On +2019-09-16 18:01:04 +0200, Ludovic Courtès wrote:
> Hi Jan,
> 
> Jan  skribis:
> 
> > guix/build/download.scm:313:6: In procedure tls-wrap:
> > X.509 certificate of 'api.github.com' could not be verified:
> >   signer-not-found
> >   invalid
> 
> It looks like X.509 certificates used to authenticate web sites over
> HTTPS could not be found.
> 
> Did you set environment variables and all as described at
> ?
> 
> HTH,
> Ludo’.
> 
> 
> 

I could not get to that manual url:
https://guix.gnu.org/manual/en/html_node/X_002e509-Certificates.html

Not with with lynx, nor
emacs M-x eww, nor
weston-launch, click for terminal, firefox --private &, paste above url

As close as I could get (in firefox, but think lynx and eww would go too):
https://www.gnu.org/manual/manual.html

Where I found: broken links in the above:
https://www.gnu.org/software/guix/manual/
https://www.gnu.org/software/guix/

IOW, I couldn't get to the manual.
Am I in a DNS bubble of some kind?

If the site is just bogged down busy it shouldn't 404, right?
Nor on some auth failure -- that should be another code, right?

Doesn't gnu.org have a little broken-link scanner for its own domain?

Does no one else encounter access problems and broken links??

TIA for clues.
--
Regards,
Bengt Richter

bug#37347: 'guix environment' fails after trying to follow the steps from "Running Guix Before It Is Installed" page

[Jan Wielkiewicz]

On Mon, 16 Sep 2019 18:01:04 +0200
Ludovic Courtès  wrote:

> It looks like X.509 certificates used to authenticate web sites over
> HTTPS could not be found.
> 
> Did you set environment variables and all as described at
> ?
> 
> HTH,
> Ludo’.

Hi again, I've tried setting these variables in the environment but the
same effect. How can I get "guix refresh" to work in the environment?
I think this should be explained somewhere a bit more, because after
reading the packaging tutorial and parts of the documentation I
couldn't set up the development environment for Guix. 
A simple step-by-step tutorial or just list of things to do would make
it more understandable.
Is this already work in progress in the Cookbook?

For example in this section:
https://guix.gnu.org/manual/en/html_node/Building-from-Git.html#Building-from-Git

It is easy to miss the last step - running "make check", because it
isn't explained that running "make check" is necessary to be able to
run ./pre-inst-env. I thought I could just skip this and start hacking.

It would be more clear if the manual or the cookbook contained a
step-by-step list like this:

Quick setting up the environment:
1. git clone ...
2. ./bootstrap
3. ./configure --localstatedir=/var/
4. make check
5. setting certificates to be able to update a package
etc.


Jan Wielkiewicz

bug#37606: CI reports "failed" even if build succeeds

[Hartmut Goebel]

Hi,

I just stepped over ,
which i reported as "failed". But wen looking at the log-file, this
says: "@ build-succeeded
/gnu/store/a8hakfaf7a41ywxrssqlscqgcn642lhc-python-django-allauth-0.39.1.drv".

Maybe someone knowledgeable micht want to have a look.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

bug#37605: [core-updates] MariaDB fails tests on armhf-linux

[Marius Bakke]

"mariadb" consistently fails a single test on the core-updates branch on
armhf-linux:

https://ci.guix.gnu.org/build/1689172/details

The test output:

CURRENT_TEST: binlog_encryption.rpl_skip_replication
safe_process[21120]: parent_pid: 16023
safe_process[21120]: Started child 21121, terminated: 0
--- 
/tmp/guix-build-mariadb-10.1.41.drv-0/mariadb-10.1.41/mysql-test/suite/binlog_encryption/rpl_skip_replication.result
1970-01-01 00:00:00.0 +
+++ 
/tmp/guix-build-mariadb-10.1.41.drv-0/mariadb-10.1.41/mysql-test/suite/binlog_encryption/rpl_skip_replication.reject
2019-09-05 23:24:20.3 +
@@ -46,12 +46,15 @@
 Tables_in_test
 t1
 t2
+t3
 SELECT * FROM t1;
 a  b
 1  NULL
+2  NULL
 SELECT * FROM t2;
 a  b
 1  NULL
+2  NULL
 DROP TABLE t3;
 FLUSH NO_WRITE_TO_BINLOG LOGS;
 STOP SLAVE;
@@ -66,12 +69,17 @@
 Tables_in_test
 t1
 t2
+t3
 SELECT * FROM t1;
 a  b
 1  NULL
+2  NULL
+3  NULL
 SELECT * FROM t2;
 a  b
 1  NULL
+2  NULL
+3  NULL
 DROP TABLE t3;
 FLUSH NO_WRITE_TO_BINLOG LOGS;
 STOP SLAVE;
@@ -109,6 +117,7 @@
 SELECT * FROM t1 ORDER by a;
 a  b
 1  0
+2  0
 3  0
 TRUNCATE t1;
 STOP SLAVE;
@@ -127,6 +136,7 @@
 SET binlog_format= @old_binlog_format;
 SELECT * FROM t1;
 a  b
+3  5
 4  5
 include/stop_slave.inc
 SET @old_slave_binlog_format= @@global.binlog_format;
@@ -151,6 +161,7 @@
 2  8
 SELECT * FROM t1 ORDER by a;
 a  b
+1  8
 2  8
 include/stop_slave.inc
 SET GLOBAL binlog_format= @old_slave_binlog_format;
@@ -225,6 +236,7 @@
 START SLAVE;
 SELECT * FROM t1;
 a  b
+1  NULL
 2  NULL
 SET skip_replication= 0;
 TRUNCATE t1;

mysqltest: Result length mismatch

safe_process[21120]: Got signal 17, child_pid: 21121
safe_process[21120]: Killing child: 21121
safe_process[21120]: Child exit: 1

binlog_encryption.rpl_skip_replication 'mix,xtradb' w2 [ fail ]
Test ended at 2019-09-05 23:24:22

This does not happen on current 'master', so the problem was introduced
somewhere in between ccbc1c5eb..cbc8c658d.


signature.asc
Description: PGP signature

bug#37369: Getting network-manager-openconnect to work

[Divan Santana]

pelzflorian (Florian Pelz)  writes:

> On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote:
>> So firstly I can't edit the connection as my user, without sudo. Not
>> sure if I need to be in some group to do that?
>>
>
> P.S. I use
>
>  (users (cons (user-account
>(name "florian")
>(comment "Florian Pelz")
>(group "users")
>(supplementary-groups '("wheel" "netdev"
>"audio" "video"
>"httpd" "kvm"))
>(home-directory "/home/florian"))
>   %base-user-accounts))
>
> which is the default when installing Guix with the GNOME desktop plus
> unrelated httpd and kvm.
> netdev group seems relevant.

This is mine

 (users (cons (user-account
   (name "ds")
   (comment "Divan Santana")
   (group "users")
   (supplementary-groups
'("adbusers";for adb
  "wheel" "kvm" "audio" "video" "lp"
  "docker"
  ;; "lpadmin"
  "cdrom" "netdev"))
   ;;(shell #~(string-append #$zsh "/bin/zsh"))
   (home-directory "/home/ds"))
  %base-user-accounts))

Already had netdev. Seems same as yours. I'll look into it more
sometime.

Thanks

bug#37596: ‘guix system roll-back’ doesn’t reload services

[Ludovic Courtès]

Hello,

‘guix system roll-back’ and ‘switch-generation’ don’t reload services
and don’t run activation scripts like ‘guix system reconfigure’ does.
Indeed:

--8<---cut here---start->8---
(define (switch-to-system-generation store spec)
  "Switch the system profile to the generation specified by SPEC, and
re-install bootloader with a configuration file that uses the specified system
generation as its default entry.  STORE is an open connection to the store."
  (let ((number (relative-generation-spec->number %system-profile spec)))
(if number
(begin
  (reinstall-bootloader store number)
  (switch-to-generation* %system-profile number))
(leave (G_ "cannot switch to system generation '~a'~%") spec
--8<---cut here---end--->8---

Ludo’.