Re: Missing pinentry-emacs for gpg-agent?

[Pierre Neidhardt]

Vladimir Sedach  writes:

> Apparently everyone thinks that Emacs is a "significant security
> risk," so no distributions seem to ship it.

Well, at least Arch Linux, Gentoo and Void Linux ship it!
Not tht uncommon!

I agree with all your other points.

--
Pierre Neidhardt


signature.asc
Description: PGP signature

Re: Trouble with adding a package

[Nadya Voronova]

I'm so sorry. I did probably the dumbest mistake.
I have package named "tcalc" and i was using "tcal" instead. Of course it
was unknown package.
And now everything is working.

2018-03-27 10:41 GMT+03:00 Ricardo Wurmus :

>
> Hi Nadya,
>
> > Also, while I was experimenting I tried "sudo ./pre-inst-env guix-daemon
> > --build-users-group = guixbuild". And it froze my terminal too.
>
> If you meant
>
> sudo ./pre-inst-env guix-daemon --build-users-group=guixbuild
>
> then “freezing” is expected.  This is a daemon, so it won’t exit.  It
> will keep running and accepting requests.  Usually it is started by a
> service manager or it is backgrounded manually when it is run in a
> terminal session.
>
> But you should only run it once.  After installing Guix you probably
> already started the daemon (confirm with “pgrep -fa guix-daemon”), so
> starting it again won’t work.
>
> > Yep, i tried to do it.
> > I tried to add it to another file (with (define-public tcal)). And i
> tried
> > to add my file to "" (and it appeared in the Makefile). In both cases,
> > nothing happened, still unknown package.
>
> Was there any more output?
>
> Could you send us the complete diff compared to the original sources you
> downloaded?
>
> --
> Ricardo
>
> GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
> https://elephly.net
>
>
>

Test fail

[Maria Sidorova]

Hello,

Running the test suite (`make check`) gives me one of the tests failed.

This is from test-suite.log

test-name: pivot-root
location: /home/masha/src/guix/tests/syscalls.scm:156
source:
+ (test-equal
+   "pivot-root"
+   #t
+   (match (pipe)
+  ((in . out)
+   (match (clone (logior CLONE_NEWUSER CLONE_NEWNS SIGCHLD))
+  (0
+   (dynamic-wind
+ (const #t)
+ (lambda ()
+   (close in)
+   (call-with-temporary-directory
+ (lambda (root)
+   (let ((put-old (string-append root 
"/real-root")))

+ (mount "none" root "tmpfs")
+ (mkdir put-old)
+ (call-with-output-file
+   (string-append root "/test")
+   (lambda (port) (display "testing\n" port)))
+ (pivot-root root put-old)
+ (write (file-exists? "/test") out)
+ (close out)
+ (lambda () (primitive-exit 0
+  (pid (close out)
+   (let ((result (read in)))
+ (close in)
+ (and (zero? (match (waitpid pid)
+((_ . status)
+ (status:exit-val status
+  (eq? #t result
expected-value: #t
actual-value: #f
result: FAIL


The summary is:
# TOTAL: 777
# PASS:  772
# SKIP:  4
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

I'm novice in Guix, can anyone give me a clue?

Thanks,
Maria.

Re: units_cur

[Ludovic Courtès]

Pierre Neidhardt  skribis:

> I believe that GNU units ("units" package) needs more patching to
> function properly:
>
>> sudo units_cur
> Unable to write to output file:
> [Errno 30] Read-only file system: 
> '/gnu/store/cqvsljfz81xkwfnd4ln2zk4194wjjcgd-units-2.16/share/units/currency.units'
>
> On other systems, one is supposed to run `sudo units_cur' to update the
> exchange rates in the currency.units file.

We could build it with --localstatedir=/var, but would the initial
‘currency.units’ be picked up?

It would be awesome if you could give it a try and report back.

Thank you,
Ludo’.

Re: How to install prerelease package versions (particularly Emacs)

[Ludovic Courtès]

Oleg Pykhalov  skribis:

> l...@gnu.org (Ludovic Courtès) writes:
>
>> Pierre Neidhardt  skribis:
>>
>>> Considering the importance of Emacs in this community, I think it would
>>> make sense to provide a cutting-edge version.
>>
>> Do you mean a snapshot of the ‘master’ branch?
>>
>> We don’t do that usually, and I would instead suggest using
>> ‘--with-source’ for people who would like that.
>>
>> What do people think?
>
> In case of ‘emacs’ package recipe, ‘--with-source’ doesn't work for a
> snapshot of the ‘master’ branch.

Why?  Because you’d need to run ‘autoreconf’ and the like?

Ludo’.

Re: Missing pinentry-emacs for gpg-agent?

[Vladimir Sedach]

> I'm sorry to steal a potential contribution to Guix, but you could try:
>
> ‘M-x view-emacs-news’:
>
> * New Modes and Packages in Emacs 25.1
>
> ** pinentry.el allows GnuPG passphrase to be prompted through the
> minibuffer instead of a graphical dialog, depending on whether the
> gpg command is called from Emacs (i.e., INSIDE_EMACS environment
> variable is set).  This feature requires newer versions of GnuPG
> (2.1.5 or later) and Pinentry (0.9.5 or later).  To use this
> feature, add "allow-emacs-pinentry" to "~/.gnupg/gpg-agent.conf" and
> reload the configuration with "gpgconf --reload gpg-agent".

The two work together, and using pinentry-emacs in my experience seems
to be the only reliable way to have pinentry work with the Emacs
minibuffer.

With pinentry-curses and allow-emacs-pinentry and
allow-loopback-pinentry gpg-agent options, I would still have
gpg-agent prompt for the passphrase in a curses box on the Linux
virtual terminal when running Emacs in X on Debian, whenever the agent
cache TTL would expire (so it would prompt in the minibuffer when
first started, then would prompt in the VT where X was started from on
later attempts).

pinentry-emacs is part of the standard pinentry sources, but its build
is disabled by default. Apparently everyone thinks that Emacs is a
"significant security risk," so no distributions seem to ship it. Here
is a discussion about the issue in Debian:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854797

To me the arguments presented in that discussion against
pinentry-emacs are total nonsense. Any other software the user loads
or that gets compromised to allow remote execution can query gpg-agent
and read all your encrypted files. Same deal with installing an X11
key logger to capture the secret key passphrase. Some of the arguments
are just bogus (e.g., "/tmp/emacs$UID/pinentry is not a sensible
choice of paths, since it is within a world-writable directory" <- has
that person ever heard of mktemp?).

My recommendation, as a heavy user of Emacs and GPG, is for Guix to
build pinentry with --enable-pinentry-emacs, which provides the
pinentry-emacs executable as an option for users.

Vladimir

Re: Outdated Qutebrowser and missing qtwebengine?

[Marius Bakke]

Pierre Neidhardt  writes:

> Qutebrowser is out of date: 0.11.0 in GuixSD, upstream is 1.2.1.
>
> https://github.com/qutebrowser/qutebrowser/releases
>
> Newer versions support qtwebengine, which is not packaged on GuixSD
> either.
> I was wondering if this has anything to do with non-free software.
> If not, I'd be happy to package it.

IIRC the problem with QtWebEngine is that it bundles a copy of
Chromium.  However, it seems they strip away binary blobs and Google
integrations[0], so as long as DRM (called "Widevine" in Chromium lingo)
is disabled I think it will be okay for Guix.

FWIW I've been working on Chromium over at .
Maybe you'll find it useful for QtWebEngine.  It would be great if we
could use the same source for both since Chromium has very frequent
security updates, but I'm not sure how patched QtWebEngine is.

As for the status of the Chromium patch, following the recent Pale Moon
discussion I no longer think it satisfies FSDG[1] requirements and will
have to take some further steps to properly hide the "Web Store".

[0] https://wiki.qt.io/QtWebEngine
[1] https://www.gnu.org/distros/free-system-distribution-guidelines.html


signature.asc
Description: PGP signature

Re: How to install prerelease package versions (particularly Emacs)

[Marius Bakke]

Oleg Pykhalov  writes:

> l...@gnu.org (Ludovic Courtès) writes:
>
>> Pierre Neidhardt  skribis:
>>
>>> Considering the importance of Emacs in this community, I think it would
>>> make sense to provide a cutting-edge version.
>>
>> Do you mean a snapshot of the ‘master’ branch?
>>
>> We don’t do that usually, and I would instead suggest using
>> ‘--with-source’ for people who would like that.
>>
>> What do people think?
>
> In case of ‘emacs’ package recipe, ‘--with-source’ doesn't work for a
> snapshot of the ‘master’ branch.
>
> To build the ‘master’ branch you need to write a new package recipe.  I
> think it's not acceptable for a non-contributor in Guix.  WDYT?

This sounds like a job for the mythical "channel" facility.  In the mean
time, sharing package recipes for sticking in GUIX_PACKAGE_PATH like you
did upthread seems like a reasonable workaround.


signature.asc
Description: PGP signature

Re: Missing pinentry-emacs for gpg-agent?

[Oleg Pykhalov]

l...@gnu.org (Ludovic Courtès) writes:

> Pierre Neidhardt  skribis:
>
>> Somewhat surprisingly, pinentry-emacs does not seem to be in the repo.
>> Is it intentional?  I'd love to have it back.
>
> I didn’t know its existence.  :-)

I'm sorry to steal a potential contribution to Guix, but you could try:

‘M-x view-emacs-news’:

* New Modes and Packages in Emacs 25.1

** pinentry.el allows GnuPG passphrase to be prompted through the
minibuffer instead of a graphical dialog, depending on whether the
gpg command is called from Emacs (i.e., INSIDE_EMACS environment
variable is set).  This feature requires newer versions of GnuPG
(2.1.5 or later) and Pinentry (0.9.5 or later).  To use this
feature, add "allow-emacs-pinentry" to "~/.gnupg/gpg-agent.conf" and
reload the configuration with "gpgconf --reload gpg-agent".

[…]

Oleg.


signature.asc
Description: PGP signature

Re: Missing pinentry-emacs for gpg-agent?

[Alex Kost]

Ludovic Courtès (2018-03-27 11:53 +0200) wrote:

> Pierre Neidhardt  skribis:
>
>> Somewhat surprisingly, pinentry-emacs does not seem to be in the repo.
>> Is it intentional?  I'd love to have it back.
>
> I didn’t know its existence.  :-)
>
> Please do submit a package!
>
>   https://www.gnu.org/software/guix/manual/html_node/Submitting-Patches.html
>
>> On a related topic, is it possible to share a gpg-agent.conf between a
>> Guix-based system and another system?
>> What I mean here is that the following line in gpg-agent.conf:
>>
>>  pinentry-program /home/ambrevar/.guix-profile/bin/pinentry
>>
>> won't work on other systems (/usr/bin/pinentry on other systems is
>> somewhat more universal, but hey...).
>
> I can’t think of any solution to that problem… apart from installing
> Guix on the other systems.  :-)

I use another solution: I just run "gpg-agent" with "--pinentry-program"
option (instead of adding "pinentry-program ..." line to the conf-file).

-- 
Alex

Re: Emacs in multiple profiles

[Alex Kost]

Konrad Hinsen (2018-03-26 10:24 +0200) wrote:

> Alex Kost  writes:
>
>> But what your "current profile" is?  How can emacs know about it?  It
>> "knows" only about the default (system and user) profiles.  So if you
>
> I'd say Emacs knows nothing at all about profiles. It's Guix that
> manages profiles for everyone else, be it bash, Python, or Emacs. To get
> the behavior that I expected, Guix would have to define and manage an
> environment variable, let's call it EMACS_PATH, which would be used in
> site-start.el.
>
> What I cannot judge is how much effort it would be to implement such a
> feature, and if it could have undesirable side-effects.

As for me, I think the current behaviour (looking for packages only in
the user and the system profiles) is the right one.  If you want to
auto-load emacs packages from some non-standard profiles, you can easily
do this on your own (as I showed in the previous message).

Anyway, if you think that some feature is missing, I would recommend to
send a message to  about it.  Perhaps other people
will agree with your point.

-- 
Alex

Re: How to install prerelease package versions (particularly Emacs)

[Oleg Pykhalov]

l...@gnu.org (Ludovic Courtès) writes:

> Pierre Neidhardt  skribis:
>
>> Considering the importance of Emacs in this community, I think it would
>> make sense to provide a cutting-edge version.
>
> Do you mean a snapshot of the ‘master’ branch?
>
> We don’t do that usually, and I would instead suggest using
> ‘--with-source’ for people who would like that.
>
> What do people think?

In case of ‘emacs’ package recipe, ‘--with-source’ doesn't work for a
snapshot of the ‘master’ branch.

To build the ‘master’ branch you need to write a new package recipe.  I
think it's not acceptable for a non-contributor in Guix.  WDYT?

Oleg.


signature.asc
Description: PGP signature

Re: Locale error: Falling back to C locale

[Ludovic Courtès]

Pierre Neidhardt  skribis:

> Some applications complain about the locale:
>
>   > stow .
>   perl: warning: Setting locale failed.
>   perl: warning: Please check that your locale settings:
>   LANGUAGE = (unset),
>   LC_ALL = (unset),
>   LANG = "en_US.utf8"
>   are supported and installed on your system.
>   perl: warning: Falling back to the standard locale ("C").
>
>   > emacs
>   (process:7796): Gtk-WARNING **: Locale not supported by C library.
>   Using the fallback 'C' locale.
>
> Both emacs and stow still work properly but I wonder where this comes
> from.  Did I miss something during the install?

On GuixSD this should work fine out of the box.  On other distros,
please take a look at
.

HTH!

Ludo’.

Re: Missing pinentry-emacs for gpg-agent?

[Ludovic Courtès]

Pierre Neidhardt  skribis:

> Somewhat surprisingly, pinentry-emacs does not seem to be in the repo.
> Is it intentional?  I'd love to have it back.

I didn’t know its existence.  :-)

Please do submit a package!

  https://www.gnu.org/software/guix/manual/html_node/Submitting-Patches.html

> On a related topic, is it possible to share a gpg-agent.conf between a
> Guix-based system and another system?
> What I mean here is that the following line in gpg-agent.conf:
>
>   pinentry-program /home/ambrevar/.guix-profile/bin/pinentry
>
> won't work on other systems (/usr/bin/pinentry on other systems is
> somewhat more universal, but hey...).

I can’t think of any solution to that problem… apart from installing
Guix on the other systems.  :-)

Ludo’.

Re: How to install prerelease package versions (particularly Emacs)

[Ludovic Courtès]

Hello,

Pierre Neidhardt  skribis:

> Considering the importance of Emacs in this community, I think it would
> make sense to provide a cutting-edge version.

Do you mean a snapshot of the ‘master’ branch?

We don’t do that usually, and I would instead suggest using
‘--with-source’ for people who would like that.

What do people think?

Ludo’.

Re: Installation: Load non-free wifi firmware (iwlwifi)

[Ludovic Courtès]

Hey Hartmut,

Hartmut Goebel  skribis:

> Am 25.03.2018 um 07:34 schrieb Chris Marusich:
>> As Ludo mentioned elsewhere, using a dongle is one good option.  What
>> prevents you from using a dongle?
>
> Why should I punish myself just for to says "Hey, I'm using only free
> software"? This benefits nobody! [1]

You can do what you want.  Guix as a project is committed to software
freedom, that’s our “contract” with our users, and I think giving them
individual and collective control over the software they use is highly
beneficial to them.

That said, we all prefer when hardware vendors do not make our lives
more difficult, no doubt!

Ludo’.

Re: Trouble with adding a package

[Ricardo Wurmus]

Hi Nadya,

> Also, while I was experimenting I tried "sudo ./pre-inst-env guix-daemon
> --build-users-group = guixbuild". And it froze my terminal too.

If you meant

sudo ./pre-inst-env guix-daemon --build-users-group=guixbuild

then “freezing” is expected.  This is a daemon, so it won’t exit.  It
will keep running and accepting requests.  Usually it is started by a
service manager or it is backgrounded manually when it is run in a
terminal session.

But you should only run it once.  After installing Guix you probably
already started the daemon (confirm with “pgrep -fa guix-daemon”), so
starting it again won’t work.

> Yep, i tried to do it.
> I tried to add it to another file (with (define-public tcal)). And i tried
> to add my file to "" (and it appeared in the Makefile). In both cases,
> nothing happened, still unknown package.

Was there any more output?

Could you send us the complete diff compared to the original sources you
downloaded?

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net