Re: Running untrusted code as root in a `guix system vm`?

[Simon Tournier]

Hi,

On ven., 29 déc. 2023 at 23:40, Ben Weinstein-Raun  wrote:

> I'm considering running some software inside a VM created using `guix
> system vm`. The easiest thing to do would be to run the virtualized
> software as root. Normally I wouldn't think twice about that, but iiuc
> the guest will have the host's /store mounted. Am I right that this
> should make me nervous about running untrusted things as root in the VM?
> Or is there some trick by which a root process in the VM is prevented
> from destructively changing /store?

What do you mean by “destructively changing /store”?

Cheers,
simon

Re: Correct way to protect `guix system vm` invocations from garbage collection?

[Ben Weinstein-Raun]

On 01/06/24 02:33, Julien Lepiller wrote:

> If by "as a service", you mean started by the Shepherd, you should be good: 
> the vm path will become alive as it's part of the system.

Ah, that makes sense! I assume this is only true if it's properly in a
profile (either guix home profile or the system profile) as opposed to
being added as a user-level shepherd service not inside my home
directory. I was planning to do the latter, since I'm not sure how to
properly describe the vm in a manifest (though I imagine I could examine
the source code for `guix system vm` to find out).

> Another solution would be to make it a gc root, which you can do by 
> symlinking it in /var/guix/gc-roots
Perfect, that seems to work great! Thanks a ton!


signature.asc
Description: OpenPGP digital signature

Re: Correct way to protect `guix system vm` invocations from garbage collection?

[Julien Lepiller]

Hi Ben,

If by "as a service", you mean started by the Shepherd, you should be good: the 
vm path will become alive as it's part of the system.

Another solution would be to make it a gc root, which you can do by symlinking 
it in /var/guix/gc-roots

Le 6 janvier 2024 00:31:05 GMT+01:00, Ben Weinstein-Raun  a 
écrit :
>Hello!
>
>
>I'm working on setting up permanent virtual machines to run as services.
>In order for this to work, I think I need to be sure that the various
>inputs to the vm runner script are kept alive. This includes the kernel,
>the initrd, and the qemu binary.
>
>
>What's the easiest way to permanently mark an arbitrary store file (in
>this case, the `...-run-vm.sh` script) as "alive"? e.g. is there a way
>to add it to my user's profile, or some other gc-root? Or add it to a
>new profile altogether?
>
>Thanks!
>

Correct way to protect `guix system vm` invocations from garbage collection?

[Ben Weinstein-Raun]

Hello!


I'm working on setting up permanent virtual machines to run as services.
In order for this to work, I think I need to be sure that the various
inputs to the vm runner script are kept alive. This includes the kernel,
the initrd, and the qemu binary.


What's the easiest way to permanently mark an arbitrary store file (in
this case, the `...-run-vm.sh` script) as "alive"? e.g. is there a way
to add it to my user's profile, or some other gc-root? Or add it to a
new profile altogether?

Thanks!



signature.asc
Description: OpenPGP digital signature

Running untrusted code as root in a `guix system vm`?

[Ben Weinstein-Raun]

Hello!

I'm considering running some software inside a VM created using `guix
system vm`. The easiest thing to do would be to run the virtualized
software as root. Normally I wouldn't think twice about that, but iiuc
the guest will have the host's /store mounted. Am I right that this
should make me nervous about running untrusted things as root in the VM?
Or is there some trick by which a root process in the VM is prevented
from destructively changing /store?

Thanks!



signature.asc
Description: OpenPGP digital signature

Re: Can't create user account in virtual machine with guix system vm

[Hubert]

Hi Jeremy! 

Got it!

I suspected it was something like that, good to know, to have it confirmed.

Thanks again :)

HUbert

Le Mon, 07 Mar 2022 12:59:51 +0100,
Jérémy Korwin-Zmijowski  a écrit :

> Hi Hubert !
> You have to edit your system definition to add a user. 
> Sharing some files, even your home directory, is not the way to
> create users. Cheers
> Jérémy
> 
> Le 7 mars 2022 11:47:31 GMT+01:00, Hubert
>  a écrit :
> >Hello Guix!
> >
> >
> >I have made a VM in which no user account seems to could created.
> >
> >The standard command for that:
> >
> >https://guix.gnu.org/fr/manual/devel/en/html_node/Invoking-guix-system.html#Invoking-guix-system
> >
> >$ guix system vm Test.scm --expose=$HOME --share=$HOME/tmp=/exchange
> >
> >And the vm starts running, but no way to add an user account:
> >
> >$ sudo /gnu/store/zrd2c9czm6fdqd33q7yx2695s2dgy9kl-run-vm.sh
> >
> >At the graphical login I typed 'root' and validated. This opened me
> >a privileged user session.  
> >
> >In the qemu console I typed: 'sendkey ctrl-alt-f1' [Enter]
> >
> >In tty2 virtual console, I typed 'passwd' for root, validated and
> >'passwd hubert' confirming the password after typing it.
> >
> >But when I return to the login, either as a guest user or as my
> >username, the password does not succeed, returning me to the login.
> >
> >The vm starts more correctly by adding the options
> >
> >'-m 1024 -smp 2 -nic user,model=virtio-net-pci' 
> >
> >I can't remember why I needed to add these (familiar) options.
> >Anyway, the following launchs the vm:
> >
> >$ sudo /gnu/store/zrd2c9czm6fdqd33q7yx2695s2dgy9kl-run-vm.sh -m 1024
> >-smp 2 -nic user,model=virtio-net-pci
> >
> >Here again, I can only connect in a graphical session with root.
> >
> >Which doesn't surprise me too much, since the home directory is
> >read-only.
> >
> >I don't know if there are ways to solve this case... Give rights to
> >home ?...
> >
> >Thank you in advance if you have any suggestions for me :)
> >
> >
> >Hubert
> >  

Re: Can't create user account in virtual machine with guix system vm

[Jérémy Korwin-Zmijowski]

Hi Hubert !
You have to edit your system definition to add a user. 
Sharing some files, even your home directory, is not the way to create users.
Cheers
Jérémy

Le 7 mars 2022 11:47:31 GMT+01:00, Hubert  a 
écrit :
>Hello Guix!
>
>
>I have made a VM in which no user account seems to could created.
>
>The standard command for that:
>
>https://guix.gnu.org/fr/manual/devel/en/html_node/Invoking-guix-system.html#Invoking-guix-system
>
>$ guix system vm Test.scm --expose=$HOME --share=$HOME/tmp=/exchange
>
>And the vm starts running, but no way to add an user account:
>
>$ sudo /gnu/store/zrd2c9czm6fdqd33q7yx2695s2dgy9kl-run-vm.sh
>
>At the graphical login I typed 'root' and validated. This opened me a 
>privileged user session.  
>
>In the qemu console I typed: 'sendkey ctrl-alt-f1' [Enter]
>
>In tty2 virtual console, I typed 'passwd' for root, validated and 'passwd 
>hubert' confirming the password after typing it.
>
>But when I return to the login, either as a guest user or as my username, the 
>password does not succeed, returning me to the login.
>
>The vm starts more correctly by adding the options
>
>'-m 1024 -smp 2 -nic user,model=virtio-net-pci' 
>
>I can't remember why I needed to add these (familiar) options. Anyway, the 
>following launchs the vm:
>
>$ sudo /gnu/store/zrd2c9czm6fdqd33q7yx2695s2dgy9kl-run-vm.sh -m 1024 -smp 2 
>-nic user,model=virtio-net-pci
>
>Here again, I can only connect in a graphical session with root.
>
>Which doesn't surprise me too much, since the home directory is read-only.
>
>I don't know if there are ways to solve this case... Give rights to home ?...
>
>Thank you in advance if you have any suggestions for me :)
>
>
>Hubert
>

Can't create user account in virtual machine with guix system vm

[Hubert]

Hello Guix!


I have made a VM in which no user account seems to could created.

The standard command for that:

https://guix.gnu.org/fr/manual/devel/en/html_node/Invoking-guix-system.html#Invoking-guix-system

$ guix system vm Test.scm --expose=$HOME --share=$HOME/tmp=/exchange

And the vm starts running, but no way to add an user account:

$ sudo /gnu/store/zrd2c9czm6fdqd33q7yx2695s2dgy9kl-run-vm.sh

At the graphical login I typed 'root' and validated. This opened me a 
privileged user session.  

In the qemu console I typed: 'sendkey ctrl-alt-f1' [Enter]

In tty2 virtual console, I typed 'passwd' for root, validated and 'passwd 
hubert' confirming the password after typing it.

But when I return to the login, either as a guest user or as my username, the 
password does not succeed, returning me to the login.

The vm starts more correctly by adding the options

'-m 1024 -smp 2 -nic user,model=virtio-net-pci' 

I can't remember why I needed to add these (familiar) options. Anyway, the 
following launchs the vm:

$ sudo /gnu/store/zrd2c9czm6fdqd33q7yx2695s2dgy9kl-run-vm.sh -m 1024 -smp 2 
-nic user,model=virtio-net-pci

Here again, I can only connect in a graphical session with root.

Which doesn't surprise me too much, since the home directory is read-only.

I don't know if there are ways to solve this case... Give rights to home ?...

Thank you in advance if you have any suggestions for me :)


Hubert

Re: Trying to guix deploy to a local VM created with guix system vm

[Jeremy Korwin-Zmijowski]

Mea Culpa !

I tried my script on an another computer and it is broken. Oops.

I will update it (already understand why Janneke did his script that
way haha).

I will come back to you as soon as possible !

Take care,

Jérémy

Trying to guix deploy to a local VM created with guix system vm

[Jérémy Korwin-Zmijowski]

Dear Guixters !

Having trouble to `guix deploy` to a VPS the last couples of days, I
tried the experiment locally on a VM powered by `guix system vm`.

Unfortunately, I haven't managed to successfuly deploy on a VM haha
(chances are failures are mine that's why I write to guix-help instead
of bug-guix…).

I created a script and system declarations to reproduce my attempts
(inspired by https://gitlab.com/janneke/deploy).

Here is the error I get so far :

La (1) machine suivante sera déployée :
  kitchen-deployed

guix deploy: déploiement vers kitchen-deployed...
guix deploy: error: impossible de déployer kitchen-deployed : SSH
authentication failed for 'localhost': Access denied for 'publickey'.
Authentication that can continue: publickey,password

Backtrace:
  17 (primitive-load "/home/jeko/.config/guix/current/bin/gu…")
In guix/ui.scm:
  2127:12 16 (run-guix-command _ . _)
In ice-9/boot-9.scm:
  1736:10 15 (with-exception-handler _ _ #:unwind? _ # _)
  1731:15 14 (with-exception-handler #
…)
In guix/status.scm:
776:4 13 (call-with-status-report _ _)
In ice-9/boot-9.scm:
  1736:10 12 (with-exception-handler _ _ #:unwind? _ # _)
In guix/store.scm:
   632:37 11 (thunk)
   1301:8 10 (call-with-build-handler #
…)
In guix/scripts/deploy.scm:
   170:14  9 (_)
In guix/store.scm:
   1342:2  8 (map/accumulate-builds #
…)
In srfi/srfi-1.scm:
   586:17  7 (map1 (#< operating-system: #<))
In guix/store.scm:
   1301:8  6 (call-with-build-handler #
…)
In ice-9/boot-9.scm:
  1736:10  5 (with-exception-handler _ _ #:unwind? _ # _)
In guix/scripts/deploy.scm:
   144:28  4 (_)
In gnu/machine/ssh.scm:
   434:34  3 (deploy-managed-host #< operating-system: #<)
In ice-9/boot-9.scm:
  1670:16  2 (raise-exception _ #:continuable? _)
  1669:16  1 (raise-exception _ #:continuable? _)
  1669:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1669:16: In procedure raise-exception:
ERROR:
  1. 


Cheers,

Jérémy
;; This is an operating system configuration template
;; for a "bare bones" setup, with no X11 display server.
(define-module (bare-bones))

(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh)

(define-public %bare-bones
  (operating-system
   (host-name "kitchen")
   (timezone "Europe/Paris")
   (locale "fr_FR.utf8")

   ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
   ;; target hard disk, and "my-root" is the label of the target
   ;; root file system.
   (bootloader (bootloader-configuration
		(bootloader grub-bootloader)
		(target "/dev/sda")))
   (file-systems (cons (file-system
			(device "/dev/sda1")
			(mount-point "/")
			(type "ext4"))
   %base-file-systems))

   ;; Globally-installed packages.
   (packages (cons screen %base-packages))

   ;; Add services to the baseline: a DHCP client and
   ;; an SSH server.
   (services
(append
 (list
  (service dhcp-client-service-type)
  (service openssh-service-type
   (openssh-configuration
		(openssh openssh-sans-x)
		(permit-root-login 'without-password)
		(authorized-keys
		 `(("root" ,(local-file "id_rsa.pub"
		(port-number 22
 (modify-services
  %base-services
  (guix-service-type
   config => (guix-configuration
		  (inherit config)
		  (authorized-keys
		   (append
		(list (local-file "/etc/guix/signing-key.pub"))
		%default-authorized-guix-keys)

%bare-bones
;; This is a Guix deployment of a "bare bones" setup, with
;; no X11 display server, to a machine with an SSH daemon
;; listening on localhost:. A configuration such as this
;; may be appropriate for virtual machine with ports
;; forwarded to the host's loopback interface.

(use-modules (bare-bones))

(define %system
  (operating-system
   (inherit %bare-bones)
   (host-name "kitchen-deployed")))

(list (machine
   (operating-system %system)
   (environment managed-host-environment-type)
   (configuration (machine-ssh-configuration
   (host-name "localhost")
   (system "x86_64-linux")
   (user "root")
   (identity "id_rsa")
		   (host-key "ssh-ed25519 C3NzaC1lZDI1NTE5IOaYzLHn1PtYIMxl0VY6JO7Xo94ZP41J/gY1aIniQZx2")
   (port 10022)


deploy-vm.sh
Description: application/shellscript

Re: GDM blank for anyone else with guix system vm?

[Efraim Flashner]

On Mon, Nov 16, 2020 at 06:42:09PM -0500, Christopher Lemmer Webber wrote:
> Not sure why but when testing:
> 
>   ./pre-inst-env guix system vm gnu/system/examples/lightweight-desktop.tmpl
> 
> (and also the normal non-lightweight desktop) I'm getting a blank screen
> once gdm is supposed to start up, but the mouse can still move.  I'm
> also running the intel graphics card here.
> 
> Just curious, is anyone else having this problem?

How much memory are you giving it? There might not be enough for GDM to
actually start. IIRC that command spits out a shell script in the store,
so you can run './gnu/store/really-long-path.sh -m 2G' to switch to using
2GB of RAM.

-- 
Efraim Flashner  אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted


signature.asc
Description: PGP signature

GDM blank for anyone else with guix system vm?

[Christopher Lemmer Webber]

Not sure why but when testing:

  ./pre-inst-env guix system vm gnu/system/examples/lightweight-desktop.tmpl

(and also the normal non-lightweight desktop) I'm getting a blank screen
once gdm is supposed to start up, but the mouse can still move.  I'm
also running the intel graphics card here.

Just curious, is anyone else having this problem?

Re: Port forwarding and `guix system vm`

[Christopher Lemmer Webber]

Christopher Lemmer Webber writes:

> Jan Nieuwenhuizen writes:
>
>> In our chat on IRC I mentioned that adding this "-nic user,virtio-net-pci 
>> bit",
>> I mentioned that this gives me two eth devices:
>>
>> --8<---cut here---start->8---
>> eth0  Link encap:Ethernet  HWaddr 52:54:00:12:34:56
>>   inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
>>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>   RX packets:3 errors:0 dropped:0 overruns:0 frame:0
>>   TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
>>   collisions:0 txqueuelen:1000
>>   RX bytes:1314  TX bytes:1286
>>
>> eth1  Link encap:Ethernet  HWaddr 52:54:00:12:34:57
>>   inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
>>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>   RX packets:11 errors:0 dropped:0 overruns:0 frame:0
>>   TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
>>   collisions:0 txqueuelen:1000
>>   RX bytes:1784  TX bytes:1706
>>
>> loLink encap:Local Loopback
>>   inet addr:127.0.0.1  Bcast:0.0.0.0  Mask:255.0.0.0
>>   UP LOOPBACK RUNNING  MTU:65536  Metric:1
>>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>>   collisions:0 txqueuelen:1000
>>   RX bytes:0  TX bytes:0
>> --8<---cut here---end--->8---
>
> I'm also seeing a duplicate network device as above.  (Not sure if it's
> causing problems or not.)
>
>> I noticed this yesterday while struggled similarly, and found that
>> removing this bit from run-sh; like so:
>>
>> --8<---cut here---start->8---
>> sed 's,-nic user[^ ]* ,,' 
>> /gnu/store/j8fqc160diq82da7913gpdlcjca45rhz-run-vm.sh > run-vm.sh
>> --8<---cut here---end--->8---
>>
>> and running "run-vm.sh, will create only eth0.  I blamed this second
>> eth1 device for my ssh'ing troubles...but I cannot reproduce that
>> today...dunno!
>>
>> Greetings,
>> Janneke
>
> It does seem like having two network devices bound to the same address
> would be ripe for a heisenbug though, right?  So maybe...

See bug#42252 for a continued discussion fo this issue.

Re: Port forwarding and `guix system vm`

[Christopher Lemmer Webber]

Jan Nieuwenhuizen writes:

> You want to add something like
>
>(service dhcp-client-service-type)

... doh, I can't believe I missed that.  Thank you!

>
> In our chat on IRC I mentioned that adding this "-nic user,virtio-net-pci 
> bit",
> I mentioned that this gives me two eth devices:
>
> --8<---cut here---start->8---
> eth0  Link encap:Ethernet  HWaddr 52:54:00:12:34:56
>   inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:3 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:1314  TX bytes:1286
>
> eth1  Link encap:Ethernet  HWaddr 52:54:00:12:34:57
>   inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
>   UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>   RX packets:11 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:17 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:1784  TX bytes:1706
>
> loLink encap:Local Loopback
>   inet addr:127.0.0.1  Bcast:0.0.0.0  Mask:255.0.0.0
>   UP LOOPBACK RUNNING  MTU:65536  Metric:1
>   RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>   TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>   collisions:0 txqueuelen:1000
>   RX bytes:0  TX bytes:0
> --8<---cut here---end--->8---

I'm also seeing a duplicate network device as above.  (Not sure if it's
causing problems or not.)

> I noticed this yesterday while struggled similarly, and found that
> removing this bit from run-sh; like so:
>
> --8<---cut here---start->8---
> sed 's,-nic user[^ ]* ,,' 
> /gnu/store/j8fqc160diq82da7913gpdlcjca45rhz-run-vm.sh > run-vm.sh
> --8<---cut here---end--->8---
>
> and running "run-vm.sh, will create only eth0.  I blamed this second
> eth1 device for my ssh'ing troubles...but I cannot reproduce that
> today...dunno!
>
> Greetings,
> Janneke

It does seem like having two network devices bound to the same address
would be ripe for a heisenbug though, right?  So maybe...

Re: Port forwarding and `guix system vm`

[Jan Nieuwenhuizen]

Christopher Lemmer Webber writes:

Hello!

> Hello!
>
> I've been trying to figure out how to do port forwarding with
> `guix system vm` and have not (alas) yet succeeded.
>
> Here's what I've tried so far:

[..]

>   `guix system vm guix-config-dustycloud.scm 
> --share=$HOME/tmp/guix-vm-exchange=/exchange` -nic 
> user,model=virtio-net-pci,hostfwd=tcp::8088-:80

It looks like I definately need the -nic user,model=virtio-net-pci bit,
e.g. this for ssh

/gnu/store/0gdyvca8czl2a62dyfmjjalxhibx53w9-run-vm.sh -nic 
user,model=virtio-net-pci,hostfwd=tcp::10022-:22

> ... same problem.  (However, it looks like the script adds the
> virtio-net-pci and stuff these days, so I'm not sure that stuff is
> necessary...)
>
> Any ideas?

After trying and looking at your config...yeah, 

> config looks like:
>
>   (operating-system
[...]
> (services (cons* (service openssh-service-type
>   (openssh-configuration
>(password-authentication? #f)
>(authorized-keys
> `(("cwebber" ,(local-file 
> "/home/cwebber/.ssh/id_rsa.pub"))
>  (service mcron-service-type
>   (mcron-configuration (jobs (list %gc-job
>  (service nginx-service-type
>   (nginx-configuration
>(server-blocks
> (list (nginx-server-configuration
>(server-name '("www.dustycloud.org" 
> "dustycloud.org"))
>(root "/srv/http/dustycloud.org")
>(listen '("80")))
>  %base-services)))

You want to add something like

   (service dhcp-client-service-type)

This config worked for me:

--8<---cut here---start->8---
(use-modules (gnu))
(use-service-modules networking ssh web)
(use-package-modules admin certs screen ssh tls)

(operating-system
  (host-name "dustycloud")
  (timezone "America/")
  (locale "en_US.UTF-8")

  ;; TODO: this will need to switch out depending on if this is in a local VM 
or not
  (bootloader (grub-configuration (target "/dev/sda")))
  (file-systems (cons (file-system
(device "/dev/sda1")
(mount-point "/")
(type "ext4"))
  %base-file-systems))

  (users (cons (user-account
(name "janneke")
(group "users")
;; Adding the account to the "wheel" group
;; makes it a sudoer.
(supplementary-groups '("wheel"))
(home-directory "/home/janneke"))
   %base-user-accounts))

  (packages (cons* nss-certs;for HTTPS access
   openssh-sans-x
   %base-packages))

  (services (cons* 
   (service dhcp-client-service-type)
   (service openssh-service-type
(openssh-configuration
 (openssh openssh-sans-x)
 (password-authentication? #f)
 (authorized-keys
  `(("janneke" ,(local-file 
"/home/janneke/.ssh/id_rsa.pub"))
   (service nginx-service-type
(nginx-configuration
 (server-blocks
  (list (nginx-server-configuration
 (server-name '("www.dustycloud.org" 
"dustycloud.org"))
 (root "/srv/http")
 (listen '("80")))
   %base-services)))
--8<---cut here---end--->8---

In our chat on IRC I mentioned that adding this "-nic user,virtio-net-pci bit",
I mentioned that this gives me two eth devices:

--8<---cut here---start->8---
eth0  Link encap:Ethernet  HWaddr 52:54:00:12:34:56
  inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:3 errors:0 dropped:0 overruns:0 frame:0
  TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:1000
  RX bytes:1314  TX bytes:1286

eth1  Link encap:Ethernet  HWaddr 52:54:00:12:34:57
  inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.25

Port forwarding and `guix system vm`

[Christopher Lemmer Webber]

Hello!

I've been trying to figure out how to do port forwarding with
`guix system vm` and have not (alas) yet succeeded.

Here's what I've tried so far:

  # testing forwarding http
  `guix system vm guix-config-dustycloud.scm 
--share=$HOME/tmp/guix-vm-exchange=/exchange` -nic hostfwd=tcp::8088-:80
  # testing forwarding ssh
  `guix system vm guix-config-dustycloud.scm 
--share=$HOME/tmp/guix-vm-exchange=/exchange` -nic hostfwd=tcp::10022-:22

In both the case of trying to ssh and trying to access via a web
browser, it just hangs.

I can also add all the rest of the -nic stuff the manual recommends:

  `guix system vm guix-config-dustycloud.scm 
--share=$HOME/tmp/guix-vm-exchange=/exchange` -nic 
user,model=virtio-net-pci,hostfwd=tcp::8088-:80

... same problem.  (However, it looks like the script adds the
virtio-net-pci and stuff these days, so I'm not sure that stuff is
necessary...)

Any ideas?

config looks like:

  (operating-system
(host-name "dustycloud")
(timezone "America/")
(locale "en_US.UTF-8")

;; TODO: this will need to switch out depending on if this is in a local VM 
or not
(bootloader (grub-configuration (target "/dev/sda")))
(file-systems (cons (file-system
  (device "/dev/sda1")
  (mount-point "/")
  (type "ext4"))
%base-file-systems))

(users (cons (user-account
  (name "cwebber")
  (group "users")
  ;; Adding the account to the "wheel" group
  ;; makes it a sudoer.
  (supplementary-groups '("wheel"))
  (home-directory "/home/cwebber"))
 %base-user-accounts))

(packages (cons* tcpdump
 nss-certs ;for HTTPS access
 gnutls
 git
 rsync
 openssh
 lynx
 %base-packages))

(services (cons* (service openssh-service-type
  (openssh-configuration
   (password-authentication? #f)
   (authorized-keys
`(("cwebber" ,(local-file 
"/home/cwebber/.ssh/id_rsa.pub"))
 (service mcron-service-type
  (mcron-configuration (jobs (list %gc-job
 (service nginx-service-type
  (nginx-configuration
   (server-blocks
(list (nginx-server-configuration
   (server-name '("www.dustycloud.org" 
"dustycloud.org"))
   (root "/srv/http/dustycloud.org")
   (listen '("80")))
 %base-services)))

Re: "guix system vm" to libvirt XML domain

[Gábor Boskovits]

Hello,

Giovanni Biscuolo  ezt írta (időpont: 2019. jan. 24., Cs, 
20:05):
>
> Hi,
>
> reply to myself:
>
> Giovanni Biscuolo  writes:
>
> [...]
>
> > 7. start the VM, connect via SPICE and see the VM does not boot due to
> > an error in procedure mount, falling back to the guile REPL; the backtrace
> > is:
> >
> > --8<---cut here---start->8---
> > In gnu/build/linux-boot.scm:
> >516:13  2 (_)
> > 367:8  1 (mount-root-file-system "/dev/vda1" "ext4" # _)
> > In unknown file:
> >0 (mount "/dev/vda1" "/real-root" "ext4" 1 #)
> > --8<---cut here---end--->8---
>
> OK I solved this, it was "virsh domxml-from-native" that missed to detect
> the correct disk type of the vda disk, so I changed this part of the XML
> domain definition:
>
> --8<---cut here---start->8---
> 
>error_policy='report'/>
>   
>   
>function='0x0'/>
> 
> --8<---cut here---end--->8---
>
> type='raw' changed to type='qcow2'
>
> but now I've a problem with the /gnu/store mount in guest
>
> "9pnet_virtio: no channels available for device 
> TAGjoptajej2oynju6yvboauz7pl6uj"
>
> ...still missimg someting
>
> any hint please?
>

I have seen this once, and the virtio-pci kernel module was missing.
When you run it from guix system
vm, then what bus you have the drive on? It might be easier to
replicate that version, I don't know if it
is virtio, but I guess not.


> Thanks!
>
> --
> Giovanni Biscuolo
>
> Xelera IT Infrastructures

Best regards,
g_bor

p.s.: A nice interface to libvirt would be a very good idea.

Re: "guix system vm" to libvirt XML domain

[Giovanni Biscuolo]

Hi,

reply to myself:

Giovanni Biscuolo  writes:

[...]

> 7. start the VM, connect via SPICE and see the VM does not boot due to
> an error in procedure mount, falling back to the guile REPL; the backtrace
> is:
>
> --8<---cut here---start->8---
> In gnu/build/linux-boot.scm:
>516:13  2 (_)
> 367:8  1 (mount-root-file-system "/dev/vda1" "ext4" # _)
> In unknown file:
>0 (mount "/dev/vda1" "/real-root" "ext4" 1 #)
> --8<---cut here---end--->8---

OK I solved this, it was "virsh domxml-from-native" that missed to detect
the correct disk type of the vda disk, so I changed this part of the XML
domain definition:

--8<---cut here---start->8---

  
  
  
  

--8<---cut here---end--->8---

type='raw' changed to type='qcow2'

but now I've a problem with the /gnu/store mount in guest

"9pnet_virtio: no channels available for device TAGjoptajej2oynju6yvboauz7pl6uj"

...still missimg someting

any hint please?

Thanks!

-- 
Giovanni Biscuolo

Xelera IT Infrastructures


signature.asc
Description: PGP signature

"guix system vm" to libvirt XML domain

[Giovanni Biscuolo]

Hi!

I'm using guix on a foreign distro (Debian 9) and I'm already using
libvirtd to manage some KVM guests; I'd like to also manage "guix
system vm" generated ones using libvirt

it would be great to be able to automatically manage the (re)definition
of VMs (and containers?) on - possibly remote - libvirtd servers using a
distributedVM.scm config :-): WDYT?

anyway... as for now it must be "manually" managed and this is
what I'm doing: it fails at the end, what am I doing wrong?

is there a better way to do it?

1. I save the "command line" from the script generated by "guix system
vm" (except the last "@") calling this "container.minimal.args.orig

--8<---cut here---start->8---
/gnu/store/4pnx934k40wni57r5swj2kr29l1j549f-qemu-3.1.0/bin/qemu-system-x86_64 
-kernel /gnu/store/y5aiijqiqna1y8ypn6c0jp367813xxnc-linux-libre-4.20.3/bzImage 
-initrd /gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system/initrd -append 
"--root=/dev/vda1 --system=/gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system 
--load=/gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system/boot" -enable-kvm 
-no-reboot -net nic,model=virtio -object 
rng-random,filename=/dev/urandom,id=guixsd-vm-rng -device 
virtio-rng-pci,rng=guixsd-vm-rng -virtfs 
local,path="/gnu/store",security_model=none,mount_tag="TAGjoptajej2oynju6yvboauz7pl6uj"
 -vga std -drive 
file=/gnu/store/4mz1qqv7h5g5885q1aq0izlmy01knf1g-qemu-image,if=virtio,cache=writeback,werror=report,readonly
 -m  256
--8<---cut here---end--->8---

2. try to convert it to libvirt XML domain definition

--8<---cut here---start->8---
$ virsh --connect qemu:///system domxml-from-native qemu-argv 
container-minimal.args.orig 
error: internal error: malformed keyword arguments in 
'file=/gnu/store/4mz1qqv7h5g5885q1aq0izlmy01knf1g-qemu-image,if=virtio,cache=writeback,werror=report,readonly'
--8<---cut here---end--->8---

3. remove the "readonly" keyword from the last "-drive" arg, calling this
"container.minimal.args" (that *must* be then manually added to the XML
definition)

--8<---cut here---start->8---
/gnu/store/4pnx934k40wni57r5swj2kr29l1j549f-qemu-3.1.0/bin/qemu-system-x86_64 
-kernel /gnu/store/y5aiijqiqna1y8ypn6c0jp367813xxnc-linux-libre-4.20.3/bzImage 
-initrd /gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system/initrd -append 
"--root=/dev/vda1 --system=/gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system 
--load=/gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system/boot" -enable-kvm 
-no-reboot -net nic,model=virtio -object 
rng-random,filename=/dev/urandom,id=guixsd-vm-rng -device 
virtio-rng-pci,rng=guixsd-vm-rng -virtfs 
local,path="/gnu/store",security_model=none,mount_tag="TAGjoptajej2oynju6yvboauz7pl6uj"
 -vga std -drive 
file=/gnu/store/4mz1qqv7h5g5885q1aq0izlmy01knf1g-qemu-image,if=virtio,cache=writeback,werror=report
 -m  256
--8<---cut here---end--->8---

4. converting the file above

--8<---cut here---start->8---
$ virsh --connect qemu:///system domxml-from-native qemu-argv 
container-minimal.args

  unnamed
  894f668e-32a5-4331-9d30-8604b89ae359
  262144
  262144
  1
  
hvm

/gnu/store/y5aiijqiqna1y8ypn6c0jp367813xxnc-linux-libre-4.20.3/bzImage
/gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system/initrd
--root=/dev/vda1 
--system=/gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system 
--load=/gnu/store/9xgqs9zf51i9binqjl5hgl8gl7ql40hc-system/boot
  
  

  
  
  destroy
  destroy
  destroy
  

/gnu/store/4pnx934k40wni57r5swj2kr29l1j549f-qemu-3.1.0/bin/qemu-system-x86_64

  
  
  
  


  






  
  


  
  






  

--8<---cut here---end--->8---

5. unfortunately some command line args are not automatically converted,
so I have to "manually" convert it [1]... also adapting some parametrs
to my needs (e.g. name, memory, network, graphics); saving as
container-minimal-fixed.xml



signature.asc
Description: PGP signature


container-minimal-fixed.xml
Description: XML document

6. register the domain definition in libvirtd

--8<---cut here---start->8---
$ virsh --connect qemu:///system define container-minimal-fixed.xml
Domain container-minimal defined from container-minimal-fixed.xml
--8<---cut here---end--->8---

7. start the VM, connect via SPICE and see the VM does not boot due to
an error in procedure mount, falling back to the guile REPL; the backtrace
is:

--8<---cut here---start

Re: system vm

[Catonano]

2018-05-17 16:39 GMT+02:00 Ludovic Courtès <l...@gnu.org>:

> Hello,
>
> Catonano <caton...@gmail.com> skribis:
>
> > ~/GNU/guix$ ./pre-inst-env guix system vm
> > ~/configs/vm-config-desktop.scm--image-size=10GB
> > --share=$HOME/transit=/transit
> >
> > These are the last lines I can see in the terminal
> >
> > ...
> > [1.084823] 9p: Installing v9fs 9p2000 file system support
> > [1.086036] FS-Cache: Netfs '9p' registered for caching
> > configuring QEMU networking...
> > [1.102362] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
> > loading '/gnu/store/rgpivnrpwr9mxadaxh2yq5g54ffnjkp9-linux-vm-loader'...
> > [1.137673] random: fast init done
> > environment variable `PATH' set to
> > `/gnu/store/qbqzhwbl90kpmvz1r31rwl940n1cs33s'
> > creating partition table with 2 partitions (20.0 MiB, 40.0 MiB)...
> > [1.568159] tsc: Refined TSC clocksource calibration: 2494.260 MHz
> > [1.569060] clocksource: tsc: mask: 0x max_cycles:
> > 0x23f40b6s
> > [2.080097] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
> >
> >
> > and it remains like this for several minutes
>
> This is a bug caused by a recent Linux-libre upgrade:
>
>   https://bugs.gnu.org/31268
>
> Ludo’.
>

Ah ! Thanks !

Re: system vm

[Tobias Geerinckx-Rice]

May 17, 2018 4:39 PM, l...@gnu.org wrote:
> This is a bug caused by a recent Linux-libre upgrade:
> 
> https://bugs.gnu.org/31268

Oh :-)

Thanks!

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

Re: system vm

[Ludovic Courtès]

Hello,

Catonano <caton...@gmail.com> skribis:

> ~/GNU/guix$ ./pre-inst-env guix system vm
> ~/configs/vm-config-desktop.scm--image-size=10GB
> --share=$HOME/transit=/transit
>
> These are the last lines I can see in the terminal
>
> ...
> [1.084823] 9p: Installing v9fs 9p2000 file system support
> [1.086036] FS-Cache: Netfs '9p' registered for caching
> configuring QEMU networking...
> [1.102362] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
> loading '/gnu/store/rgpivnrpwr9mxadaxh2yq5g54ffnjkp9-linux-vm-loader'...
> [1.137673] random: fast init done
> environment variable `PATH' set to
> `/gnu/store/qbqzhwbl90kpmvz1r31rwl940n1cs33s'
> creating partition table with 2 partitions (20.0 MiB, 40.0 MiB)...
> [1.568159] tsc: Refined TSC clocksource calibration: 2494.260 MHz
> [1.569060] clocksource: tsc: mask: 0x max_cycles:
> 0x23f40b6s
> [2.080097] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
>
>
> and it remains like this for several minutes

This is a bug caused by a recent Linux-libre upgrade:

  https://bugs.gnu.org/31268

Ludo’.

Re: system vm

[Catonano]

2018-05-17 15:34 GMT+02:00 Tobias Geerinckx-Rice :

> Catonano,
>
> May 17, 2018 3:20 PM, "Catonano"  wrote:
> >>> These are the last lines I can see in the terminal
> >>
> >> [dmesg snipped]
> >>
> >>> and it remains like this for several minutes
> >>>
> >>> Discouragaed, I interrupted it
>
> My kernel's finally finished and I'm able to reproduce this.
>

Good. That's the step 0
Thanks !

Re: system vm

[Tobias Geerinckx-Rice]

Catonano,

May 17, 2018 3:20 PM, "Catonano"  wrote:
>>> These are the last lines I can see in the terminal
>> 
>> [dmesg snipped]
>> 
>>> and it remains like this for several minutes
>>> 
>>> Discouragaed, I interrupted it

My kernel's finally finished and I'm able to reproduce this.

Unfortunately I can't realistically run Qemu on my laptop and have to
catch a wifiless train... now.

> brevity is ok

That signature's somewhat tongue-in-cheek, but I do try. :-)

Brief regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

Re: system vm

[Catonano]

2018-05-17 14:46 GMT+02:00 Tobias Geerinckx-Rice <m...@tobias.gr>:

> Catonano,
>
> May 17, 2018 11:23 AM, "Catonano" <caton...@gmail.com> wrote:
> > After a while, I'm attempting at creating a vm image, with this line (I
> had stored the comand line
> > in a notes file)
> >
> > ~/GNU/guix$ ./pre-inst-env guix system vm ~/configs/vm-config-desktop.scm
> --image-size=10GB
> > --share=$HOME/transit=/transit
> >
> > These are the last lines I can see in the terminal
>
> [dmesg snipped]
>
> > and it remains like this for several minutes
> >
> > Discouragaed, I interrupted it
>
> Slim chance, but... what happens when you hit  a few times? I've
> got used to doing so on my VT-only & serial-console machines, where the
> log-in prompt never wins against the onslaught of dmesgs.
>
> Kind regards,
>
> T G-R
>
> Sent from a Web browser. Excuse or enjoy my brevity.
>


brevity is ok

the terminal scrolls but apart from that, nothing happens

Re: system vm

[Tobias Geerinckx-Rice]

Catonano,

May 17, 2018 11:23 AM, "Catonano" <caton...@gmail.com> wrote:
> After a while, I'm attempting at creating a vm image, with this line (I had 
> stored the comand line
> in a notes file)
> 
> ~/GNU/guix$ ./pre-inst-env guix system vm ~/configs/vm-config-desktop.scm 
> --image-size=10GB
> --share=$HOME/transit=/transit
> 
> These are the last lines I can see in the terminal

[dmesg snipped]

> and it remains like this for several minutes
> 
> Discouragaed, I interrupted it

Slim chance, but... what happens when you hit  a few times? I've
got used to doing so on my VT-only & serial-console machines, where the
log-in prompt never wins against the onslaught of dmesgs.

Kind regards,

T G-R

Sent from a Web browser. Excuse or enjoy my brevity.

system vm

[Catonano]

After a while, I'm attempting at creating a vm image, with this line (I had
stored the comand line in a notes file)

~/GNU/guix$ ./pre-inst-env guix system vm
~/configs/vm-config-desktop.scm--image-size=10GB
--share=$HOME/transit=/transit

These are the last lines I can see in the terminal

...
[1.084823] 9p: Installing v9fs 9p2000 file system support
[1.086036] FS-Cache: Netfs '9p' registered for caching
configuring QEMU networking...
[1.102362] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
loading '/gnu/store/rgpivnrpwr9mxadaxh2yq5g54ffnjkp9-linux-vm-loader'...
[1.137673] random: fast init done
environment variable `PATH' set to
`/gnu/store/qbqzhwbl90kpmvz1r31rwl940n1cs33s'
creating partition table with 2 partitions (20.0 MiB, 40.0 MiB)...
[1.568159] tsc: Refined TSC clocksource calibration: 2494.260 MHz
[1.569060] clocksource: tsc: mask: 0x max_cycles:
0x23f40b6s
[2.080097] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready


and it remains like this for several minutes

Discouragaed, I interrupted it

Is this expected ?

Is anyone running into any similar glitch ?

Thanks

Re: bug#31268: 'guix system vm-image' hangs

[Ludovic Courtès]

Hello Mark,

Mark H Weaver  skribis:

> FYI, I just pushed commit 8c21c64e59d3f4d223d8aeef91f06fdde7de1ab7 which
> updates linux-libre to 4.16.6.  Would you like to see if the problem
> still persists?

It does.

I instrumented the code to see what happens.  Opening /dev/vda works
fine, invoking “parted --version” works, so it’s really just ‘parted’
that hangs when asked to do the real thing (with 0% CPU consumption.)

However, if we strace it as with the patch below, it succeeds.  It
doesn’t seem to be a simple timing issue because adding (sleep 2) before
the parted invocation doesn’t make a difference.

To be continued…

Ludo’.

diff --git a/gnu/build/vm.scm b/gnu/build/vm.scm
index 527b4c495..b73c8f912 100644
--- a/gnu/build/vm.scm
+++ b/gnu/build/vm.scm
@@ -242,9 +242,21 @@ actual /dev name based on DEVICE."
  partition-size)
 partitions)
", "))
-  (apply invoke "parted" "--script"
+  (pk 'parted (which "parted"))
+  (pk 'parted2 (stat (which "parted")))
+  (pk 'opts device partitions offset)
+  (pk 'actual-options "parted" "--script"
  device "mklabel" label-type
  (options partitions offset))
+  (pk 'stat device (stat device))
+  (invoke "parted" "--version")
+  ;; (pk 'open-device device (open-fdes device O_WRONLY))
+  (pk 'parted)
+  (apply invoke "strace" "-s" "123"
+ "parted" "--script"
+ device "mklabel" label-type
+ (options partitions offset))
+  (pk 'parted-done)
 
   ;; Set the 'device' field of each partition.
   (reverse
diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm
index 09a11af86..ba54a71dd 100644
--- a/gnu/system/vm.scm
+++ b/gnu/system/vm.scm
@@ -304,7 +304,7 @@ the image."
   (ice-9 binary-ports))
 
  (let ((inputs
-'#$(append (list qemu parted e2fsprogs dosfstools)
+'#$(append (list strace qemu parted e2fsprogs dosfstools)
(map canonical-package
 (list sed grep coreutils findutils gawk))
(if register-closures? (list guix) '(

Re: bug#31268: 'guix system vm-image' hangs

[Mark H Weaver]

George myglc2 Clemmer <myg...@gmail.com> writes:

> On 04/26/2018 at 03:37 Eric Bavier writes:
>
>> Hi George,
>>
>> I've seen the same lately with 'guix system vm':
>>
>> On Wed, 25 Apr 2018 21:39:30 -0400
>> George myglc2 Clemmer <myg...@gmail.com> wrote:
>>
>>> 'guix system vm-image' hangs on guix (GNU Guix) 0.14.0.4439-eb88e built
>>> from source today. Please see log except below. It worked on guix (GNU
>>> Guix) 0.14.0.4196-2c92a. built <2018-04-18 Wed>

[...]

>> I bisected the git repo to commit:
>>
>> ```
>> commit ba39d3280759fb20a4ff0092a5afac721a5fa769
>> Author: Mark H Weaver <m...@netris.org>
>> Date:   Tue Apr 24 16:51:45 2018 -0400
>>
>> gnu: linux-libre: Update to 4.16.4.
>>
>> * gnu/packages/linux.scm (%linux-libre-version): Update to 4.16.4.
>> (%linux-libre-hash): Update hash.

FYI, I just pushed commit 8c21c64e59d3f4d223d8aeef91f06fdde7de1ab7 which
updates linux-libre to 4.16.6.  Would you like to see if the problem
still persists?

   Mark

Re: 'guix system vm-image' hangs

[Eric Bavier]

Hi George,

I've seen the same lately with 'guix system vm':

On Wed, 25 Apr 2018 21:39:30 -0400
George myglc2 Clemmer <myg...@gmail.com> wrote:

> 'guix system vm-image' hangs on guix (GNU Guix) 0.14.0.4439-eb88e built
> from source today. Please see log except below. It worked on guix (GNU
> Guix) 0.14.0.4196-2c92a. built <2018-04-18 Wed>
> 
> TIA - George
> 
[...]
> environment variable `PATH' set to 
> `/gnu/store/1n3cvnxrz1m6jqc09d9m1grbfbs91kmv-qemu-minimal-2.12.0/bin:/gnu/store/h8670f6j1rawhhaz8wvdy5gv79lny0am-parted-3.2/sbin:/gnu/store/nm305rpb2mvridkyj4l3636nc9ql4lf9-e2fsprogs-1.43.6/bin:/gnu/store/nm305rpb2mvridkyj4l3636nc9ql4lf9-e2fsprogs-1.43.6/sbin:/gnu/store/0sq2nflm42x0znkv44add0gk82khkcb6-dosfstools-4.1/sbin:/gnu/store/0hl513mnpkhszm2hjai2w9cxmpxs0vgq-sed-4.4/bin:/gnu/store/1h44pkgdd7n6s3i2vjh54awsvfmc219j-grep-3.1/bin:/gnu/store/kgzvfby2ggi1xawsh5vjh4s93qk2dp9k-coreutils-8.28/bin:/gnu/store/k7r2m2wgj8x8jjhccwjsiimp0dlzxb7i-findutils-4.6.0/bin:/gnu/store/ahxc89r6npzf2bbl8yg5vdjicskzzjf3-gawk-4.1.4/bin:/gnu/store/cwwvdxd9d778a2xp8vbb38vl62rx992g-guix-0.14.0-11.ab85cf7/bin:/gnu/store/cwwvdxd9d778a2xp8vbb38vl62rx992g-guix-0.14.0-11.ab85cf7/sbin'
> creating partition table with 2 partitions (10190.0 MiB, 40.0 MiB)...
> [1.344115] tsc: Refined TSC clocksource calibration: 3392.348 MHz
> [1.344865] clocksource: tsc: mask: 0x max_cycles: 
> 0x30e6121e742, max_idle_ns: 440795321217 ns
> [1.856062] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
>   C-c C-c

Same log output on my end.

> g1@g1 ~/src/vm/vms/sysi20$ guix --version
> guix (GNU Guix) 0.14.0.4439-eb88e
> 

I bisected the git repo to commit:

```
commit ba39d3280759fb20a4ff0092a5afac721a5fa769
Author: Mark H Weaver <m...@netris.org>
Date:   Tue Apr 24 16:51:45 2018 -0400

gnu: linux-libre: Update to 4.16.4.

* gnu/packages/linux.scm (%linux-libre-version): Update to 4.16.4.
(%linux-libre-hash): Update hash.

```

Perhaps we should open a bug.

`~Eric


pgpaxsDp53Cdd.pgp
Description: OpenPGP digital signature

'guix system vm-image' hangs

[George myglc2 Clemmer]

'guix system vm-image' hangs on guix (GNU Guix) 0.14.0.4439-eb88e built
from source today. Please see log except below. It worked on guix (GNU
Guix) 0.14.0.4196-2c92a. built <2018-04-18 Wed>

TIA - George

Note: full log is avail.

g1@g1 ~/src/vm/vms/sysi20$ guix system vm-image --image-size=10G sysi19.scm
substitute: updating list of substitutes from 'https://mirror.hydra.gnu.org'... 
100.0%
The following derivations will be built:
   /gnu/store/s6k5yvpv7ynbrrzmxndga7y6w7zd0hcd-qemu-image.drv
   /gnu/store/82gwqkkzdc7jwfs7v5442qz3mj3fw7bx-parameters.drv
   /gnu/store/yngnp5b7c9316bkc2h1jqcgmkqj2j72z-init.drv
[...]
[0.558501] sr 1:0:0:0: Attached scsi generic sg0 type 5
[0.562147] Freeing unused kernel memory: 1780K
[0.562741] Write protecting the kernel read-only data: 18432k
[0.563853] Freeing unused kernel memory: 2024K
[0.565010] Freeing unused kernel memory: 216K
GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread
GC Warning: Couldn't read /proc/stat
Welcome, this is GNU's early boot Guile.
Use '--repl' for an initrd REPL.

loading kernel modules...
[0.627471] usbcore: registered new interface driver usb-storage
[0.630380] usbcore: registered new interface driver uas
[0.637058] hidraw: raw HID events driver (C) Jiri Kosina
[0.638165] usbcore: registered new interface driver usbhid
[0.638838] usbhid: USB HID core driver
[0.646823] isci: Intel(R) C600 SAS Controller Driver - version 1.2.0
[0.674476] PCI Interrupt Link [LNKC] enabled at IRQ 11
[0.701700] PCI Interrupt Link [LNKD] enabled at IRQ 10
[0.729258] PCI Interrupt Link [LNKA] enabled at IRQ 10
[0.757009] PCI Interrupt Link [LNKB] enabled at IRQ 11
[0.815977] virtio_blk virtio5: [vda] 20971520 512-byte logical blocks (10.7 
GB/10.0 GiB)
[0.827477] FS-Cache: Loaded
[0.830625] 9pnet: Installing 9P2000 support
[0.831776] 9p: Installing v9fs 9p2000 file system support
[0.832546] FS-Cache: Netfs '9p' registered for caching
configuring QEMU networking...
[0.846491] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
loading '/gnu/store/30bcjgk80467cgb8fjbpw3ldss5wmn2d-linux-vm-loader'...
[0.880302] random: fast init done
environment variable `PATH' set to 
`/gnu/store/1n3cvnxrz1m6jqc09d9m1grbfbs91kmv-qemu-minimal-2.12.0/bin:/gnu/store/h8670f6j1rawhhaz8wvdy5gv79lny0am-parted-3.2/sbin:/gnu/store/nm305rpb2mvridkyj4l3636nc9ql4lf9-e2fsprogs-1.43.6/bin:/gnu/store/nm305rpb2mvridkyj4l3636nc9ql4lf9-e2fsprogs-1.43.6/sbin:/gnu/store/0sq2nflm42x0znkv44add0gk82khkcb6-dosfstools-4.1/sbin:/gnu/store/0hl513mnpkhszm2hjai2w9cxmpxs0vgq-sed-4.4/bin:/gnu/store/1h44pkgdd7n6s3i2vjh54awsvfmc219j-grep-3.1/bin:/gnu/store/kgzvfby2ggi1xawsh5vjh4s93qk2dp9k-coreutils-8.28/bin:/gnu/store/k7r2m2wgj8x8jjhccwjsiimp0dlzxb7i-findutils-4.6.0/bin:/gnu/store/ahxc89r6npzf2bbl8yg5vdjicskzzjf3-gawk-4.1.4/bin:/gnu/store/cwwvdxd9d778a2xp8vbb38vl62rx992g-guix-0.14.0-11.ab85cf7/bin:/gnu/store/cwwvdxd9d778a2xp8vbb38vl62rx992g-guix-0.14.0-11.ab85cf7/sbin'
creating partition table with 2 partitions (10190.0 MiB, 40.0 MiB)...
[1.344115] tsc: Refined TSC clocksource calibration: 3392.348 MHz
[1.344865] clocksource: tsc: mask: 0x max_cycles: 
0x30e6121e742, max_idle_ns: 440795321217 ns
[1.856062] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
  C-c C-c
g1@g1 ~/src/vm/vms/sysi20$ guix --version
guix (GNU Guix) 0.14.0.4439-eb88e

Re: system vm fails (reprise)

[Catonano]

2018-03-20 13:45 GMT+01:00 Björn Höfling <bjoern.hoefl...@bjoernhoefling.de>
:

> On Tue, 20 Mar 2018 11:54:54 +0100
> l...@gnu.org (Ludovic Courtès) wrote:
>
> > Catonano <caton...@gmail.com> skribis:
> >
> > > 2018-03-16 23:20 GMT+01:00 Björn Höfling
> > > <bjoern.hoefl...@bjoernhoefling.de> :
> > >
> > >> On Fri, 16 Mar 2018 21:54:24 +0100
> > >> Catonano <caton...@gmail.com> wrote:
> > >>
> > >> > 2018-03-16 21:38 GMT+01:00 Marius Bakke <mba...@fastmail.com>:
> > >> >
> > >> > > Catonano <caton...@gmail.com> writes:
> > >> > >
> > >> > > > ~$ guix system vm ~/configs/vm-config-desktop.scm \
> > >> > > >>--image-size=10GB \
> > >> > > >>--share=$HOME/transit=/transit
> > >> > > > guix system: error: build failed: error parsing derivation
> > >> > > > `/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv':
> > >> > > > expected string `Derive(['
> >
> > [...]
> >
> > >> guix gc
> > >> -d /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
> > >>
> > >> And then start again with your `guix system vm ...`
> > >>
> > >>
> > >> Björn
> > >>
> > >
> > >
> > > After "guix gc" it works !!
> >
> > Looks like you had corrupt files, which is a bad sign.
>
>
> Marius opened a bug for this one:
>
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30875
>
> Björn
>


Yes Björn, thank you, I saw it

Re: system vm fails (reprise)

[Björn Höfling]

On Tue, 20 Mar 2018 11:54:54 +0100
l...@gnu.org (Ludovic Courtès) wrote:

> Catonano <caton...@gmail.com> skribis:
> 
> > 2018-03-16 23:20 GMT+01:00 Björn Höfling
> > <bjoern.hoefl...@bjoernhoefling.de> :
> >  
> >> On Fri, 16 Mar 2018 21:54:24 +0100
> >> Catonano <caton...@gmail.com> wrote:
> >>  
> >> > 2018-03-16 21:38 GMT+01:00 Marius Bakke <mba...@fastmail.com>:
> >> >  
> >> > > Catonano <caton...@gmail.com> writes:
> >> > >  
> >> > > > ~$ guix system vm ~/configs/vm-config-desktop.scm \  
> >> > > >>--image-size=10GB \
> >> > > >>--share=$HOME/transit=/transit  
> >> > > > guix system: error: build failed: error parsing derivation
> >> > > > `/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv':
> >> > > > expected string `Derive(['  
> 
> [...]
> 
> >> guix gc
> >> -d /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
> >>
> >> And then start again with your `guix system vm ...`
> >>
> >>
> >> Björn
> >>  
> >
> >
> > After "guix gc" it works !!  
> 
> Looks like you had corrupt files, which is a bad sign.


Marius opened a bug for this one:

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30875

Björn

Re: system vm fails (reprise)

[Ludovic Courtès]

Catonano <caton...@gmail.com> skribis:

> 2018-03-16 23:20 GMT+01:00 Björn Höfling <bjoern.hoefl...@bjoernhoefling.de>
> :
>
>> On Fri, 16 Mar 2018 21:54:24 +0100
>> Catonano <caton...@gmail.com> wrote:
>>
>> > 2018-03-16 21:38 GMT+01:00 Marius Bakke <mba...@fastmail.com>:
>> >
>> > > Catonano <caton...@gmail.com> writes:
>> > >
>> > > > ~$ guix system vm ~/configs/vm-config-desktop.scm \
>> > > >>--image-size=10GB \
>> > > >>--share=$HOME/transit=/transit
>> > > > guix system: error: build failed: error parsing derivation
>> > > > `/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv':
>> > > > expected string `Derive(['

[...]

>> guix gc -d /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
>>
>> And then start again with your `guix system vm ...`
>>
>>
>> Björn
>>
>
>
> After "guix gc" it works !!

Looks like you had corrupt files, which is a bad sign.

Ludo’.

Re: system vm fails (reprise)

[Catonano]

2018-03-16 23:20 GMT+01:00 Björn Höfling <bjoern.hoefl...@bjoernhoefling.de>
:

> On Fri, 16 Mar 2018 21:54:24 +0100
> Catonano <caton...@gmail.com> wrote:
>
> > 2018-03-16 21:38 GMT+01:00 Marius Bakke <mba...@fastmail.com>:
> >
> > > Catonano <caton...@gmail.com> writes:
> > >
> > > > ~$ guix system vm ~/configs/vm-config-desktop.scm \
> > > >>--image-size=10GB \
> > > >>--share=$HOME/transit=/transit
> > > > guix system: error: build failed: error parsing derivation
> > > > `/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv':
> > > > expected string `Derive(['
> > >
> > > This is very odd.  Can you paste the output of:
> > >
> > > cat /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv ?
> > >
> > > Does it make any difference if you drop --image-size (which is now
> > > autodetected) and/or --share?
> > >
> >
> >
> > catonano@xps ~/projects/guix$ cat
> > /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
> > catonano@xps ~/projects/guix$
> >
> > also
> >
> > catonano@xps ~/projects/guix$ ls -lha
> > /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
> > -r--r--r-- 2 root root 0  1 gen  1970
> >
> > catonano@xps ~/projects/guix$
> >
> >
> > it's an empty file !
>
> Just a blind guess, not sure if that thing is alive or dead:
>
> Can you try:
>
> guix gc -d /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
>
> And then start again with your `guix system vm ...`
>
>
> Björn
>


After "guix gc" it works !!

Thanks !!

Re: system vm fails (reprise)

[Marius Bakke]

Catonano <caton...@gmail.com> writes:

> ~$ guix system vm ~/configs/vm-config-desktop.scm \
>>--image-size=10GB \
>>--share=$HOME/transit=/transit
> guix system: error: build failed: error parsing derivation
> `/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv': expected
> string `Derive(['

This is very odd.  Can you paste the output of:

cat /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv ?

Does it make any difference if you drop --image-size (which is now
autodetected) and/or --share?


signature.asc
Description: PGP signature

Re: system vm fails (reprise)

[Catonano]

2018-03-16 21:38 GMT+01:00 Marius Bakke <mba...@fastmail.com>:

> Catonano <caton...@gmail.com> writes:
>
> > ~$ guix system vm ~/configs/vm-config-desktop.scm \
> >>--image-size=10GB \
> >>--share=$HOME/transit=/transit
> > guix system: error: build failed: error parsing derivation
> > `/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv': expected
> > string `Derive(['
>
> This is very odd.  Can you paste the output of:
>
> cat /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv ?
>
> Does it make any difference if you drop --image-size (which is now
> autodetected) and/or --share?
>


catonano@xps ~/projects/guix$ cat
/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
catonano@xps ~/projects/guix$

also

catonano@xps ~/projects/guix$ ls -lha
/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
-r--r--r-- 2 root root 0  1 gen  1970
/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv
catonano@xps ~/projects/guix$


it's an empty file !

This is without the --share thing

catonano@xps ~/projects/guix$ guix system vm
~/configs/vm-config-desktop.scm \
>--image-size=10GB
Backtrace:
In guix/gexp.scm:
637:2 19 (_ _)
In guix/monads.scm:
485:9 18 (_ _)
In guix/gexp.scm:
   519:22 17 (_ _)
In guix/store.scm:
  1362:38 16 (_ #)
In guix/derivations.scm:
   718:24 15 (derivation # "etc" _ _ # _ …)
   674:39 14 (derivation-hash #  855daa0>)
   642:19 13 (derivation/masked-inputs _)
In srfi/srfi-1.scm:
   592:29 12 (map1 (#< path: "/gnu/store/2qpk1f…> …))
   592:29 11 (map1 (#< path: "/gnu/store/2xg333…> …))
   592:29 10 (map1 (#< path: "/gnu/store/57car5…> …))
   592:29  9 (map1 (#< path: "/gnu/store/75a9hf…> …))
   592:29  8 (map1 (#< path: "/gnu/store/7fb2pw…> …))
   592:29  7 (map1 (#< path: "/gnu/store/bw12nm…> …))
   592:17  6 (map1 (#< path: "/gnu/store/dp8ywh…> …))
In guix/derivations.scm:
   644:39  5 (_ _)
In guix/memoization.scm:
100:0  4 (_ # "/gnu/store/dp8ywhh…" …)
In guix/derivations.scm:
   634:22  3 (_)
   494:17  2 (read-derivation-from-file "/gnu/store/dp8ywhh22n8ixikq…")
In ice-9/ports.scm:
   444:17  1 (call-with-input-file _ _ #:binary _ #:encoding _ # _)
In unknown file:
   0 (scm-error misc-error #f "~A ~S ~S" ("failed to par…" …) …)

ERROR: In procedure scm-error:
failed to parse derivation # ()
catonano@xps ~/projects/guix$ guix system vm
~/configs/vm-config-desktop.scm


and this is without the image size thing

catonano@xps ~/projects/guix$ guix system vm
~/configs/vm-config-desktop.scm \
>--share=$HOME/transit=/transit
guix system: error: build failed: error parsing derivation
`/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv': expected
string `Derive(['
catonano@xps ~/projects/guix$

Re: system vm fails (reprise)

[Marius Bakke]

Catonano <caton...@gmail.com> writes:

> Ok, so in running
>
> sudo -E guix ...
>
> I had messed up my installation, so guix pull didn't work anymore
>
> I think I fixed it now
>
> guix pull ust worked, I reconfigured my system
>
> but this still happens
>
> $ ./pre-inst-env guix system vm ~/configs/vm-config-desktop.scm \
>>--image-size=10GB \
>>--share=$HOME/transit=/transit
> guix system: error: build failed: error parsing derivation
> `/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv': expected
> string `Derive(['

Do you get the same error if you don't use "./pre-inst-env"?

What does 'git describe' output in your repository?


signature.asc
Description: PGP signature

system vm fails (reprise)

[Catonano]

Ok, so in running

sudo -E guix ...

I had messed up my installation, so guix pull didn't work anymore

I think I fixed it now

guix pull ust worked, I reconfigured my system

but this still happens

$ ./pre-inst-env guix system vm ~/configs/vm-config-desktop.scm \
>--image-size=10GB \
>--share=$HOME/transit=/transit
guix system: error: build failed: error parsing derivation
`/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv': expected
string `Derive(['
catonano@xps ~/projects/guix$

Re: system vm fails

[Catonano]

2018-03-16 18:35 GMT+01:00 Catonano :

>
>
> 2018-03-16 18:14 GMT+01:00 Marius Bakke :
>
>> Catonano  writes:
>>
>> > and from a checked out gix I get
>> >
>> > ~/projects/guix$ sudo ./pre-inst-env guix pull
>> > guix pull: error: Guile-Git is missing but it is now required by 'guix
>> > pull'.
>> > Install it by running:
>> >
>> >   guix package -i guile-git
>> >   export
>> > GUILE_LOAD_PATH=$HOME/.guix-profile/share/guile/site/2.2:$GU
>> ILE_LOAD_PATH
>> >   export
>> > GUILE_LOAD_COMPILED_PATH=$HOME/.guix-profile/lib/guile/2.2/
>> site-ccache:$GUILE_LOAD_COMPILED_PATH
>>
>> When using a git checkout, you must run "./configure [...]" again every
>> time you wish to add new libraries to the environment.
>>
>
>
> thank you
>
> that didn't help :-/
>




Ok

Chris Webber saved my day

I hhad messed p the permissions on ~/.cache/guix somehow

He suggested me to restore them and al of a sudden everything worked again !

Re: system vm fails

[Catonano]

2018-03-16 18:14 GMT+01:00 Marius Bakke :

> Catonano  writes:
>
> > and from a checked out gix I get
> >
> > ~/projects/guix$ sudo ./pre-inst-env guix pull
> > guix pull: error: Guile-Git is missing but it is now required by 'guix
> > pull'.
> > Install it by running:
> >
> >   guix package -i guile-git
> >   export
> > GUILE_LOAD_PATH=$HOME/.guix-profile/share/guile/site/2.2:$
> GUILE_LOAD_PATH
> >   export
> > GUILE_LOAD_COMPILED_PATH=$HOME/.guix-profile/lib/guile/
> 2.2/site-ccache:$GUILE_LOAD_COMPILED_PATH
>
> When using a git checkout, you must run "./configure [...]" again every
> time you wish to add new libraries to the environment.
>


thank you

that didn't help :-/

Re: system vm fails

[Catonano]

and from a checked out gix I get

~/projects/guix$ sudo ./pre-inst-env guix pull
guix pull: error: Guile-Git is missing but it is now required by 'guix
pull'.
Install it by running:

  guix package -i guile-git
  export
GUILE_LOAD_PATH=$HOME/.guix-profile/share/guile/site/2.2:$GUILE_LOAD_PATH
  export
GUILE_LOAD_COMPILED_PATH=$HOME/.guix-profile/lib/guile/2.2/site-ccache:$GUILE_LOAD_COMPILED_PATH


2018-03-16 16:36 GMT+01:00 Catonano <caton...@gmail.com>:

>
>
> 2018-03-16 16:12 GMT+01:00 Catonano <caton...@gmail.com>:
>
>>
>>
>> 2018-03-16 15:57 GMT+01:00 Leo Famulari <l...@famulari.name>:
>>
>>> On Thu, Mar 15, 2018 at 10:02:02PM +0100, Catonano wrote:
>>> > after some time that I didn't try, I issued this command
>>> >
>>> > ~$ guix system vm ~/configs/vm-config-desktop.scm \
>>> > >--image-size=10GB \
>>> > >--share=$HOME/transit=/transit
>>> >
>>> >
>>> > and I got
>>> >
>>> >
>>> > Backtrace:
>>>
>>> What is the output of `guix --version`?
>>>
>>
>>
>> catonano@xps ~$ guix --version
>> guix (GNU Guix) 1b5905fe689716e73ad7defc1bf8c6a13966f3c1
>> Copyright (C) 2018 the Guix authors
>> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.h
>> tml>
>> This is free software: you are free to change and redistribute it.
>> There is NO WARRANTY, to the extent permitted by law.
>> catonano@xps ~$
>>
>>
>
> I just realized that
>
> sudo guix pull
>
> gives me
>
> guix pull: error: could not find bootstrap binary 'guile-2.0.9.tar.xz' for
> system 'x86_64-linux'
>
> last time I used
>
> sudo -E guix pull
>

Re: system vm fails

[Catonano]

2018-03-16 16:12 GMT+01:00 Catonano <caton...@gmail.com>:

>
>
> 2018-03-16 15:57 GMT+01:00 Leo Famulari <l...@famulari.name>:
>
>> On Thu, Mar 15, 2018 at 10:02:02PM +0100, Catonano wrote:
>> > after some time that I didn't try, I issued this command
>> >
>> > ~$ guix system vm ~/configs/vm-config-desktop.scm \
>> > >--image-size=10GB \
>> > >--share=$HOME/transit=/transit
>> >
>> >
>> > and I got
>> >
>> >
>> > Backtrace:
>>
>> What is the output of `guix --version`?
>>
>
>
> catonano@xps ~$ guix --version
> guix (GNU Guix) 1b5905fe689716e73ad7defc1bf8c6a13966f3c1
> Copyright (C) 2018 the Guix authors
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.
> html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
> catonano@xps ~$
>
>

I just realized that

sudo guix pull

gives me

guix pull: error: could not find bootstrap binary 'guile-2.0.9.tar.xz' for
system 'x86_64-linux'

last time I used

sudo -E guix pull

Re: system vm fails

[Catonano]

2018-03-16 15:57 GMT+01:00 Leo Famulari <l...@famulari.name>:

> On Thu, Mar 15, 2018 at 10:02:02PM +0100, Catonano wrote:
> > after some time that I didn't try, I issued this command
> >
> > ~$ guix system vm ~/configs/vm-config-desktop.scm \
> > >--image-size=10GB \
> > >--share=$HOME/transit=/transit
> >
> >
> > and I got
> >
> >
> > Backtrace:
>
> What is the output of `guix --version`?
>


catonano@xps ~$ guix --version
guix (GNU Guix) 1b5905fe689716e73ad7defc1bf8c6a13966f3c1
Copyright (C) 2018 the Guix authors
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
catonano@xps ~$

Re: system vm fails

[Leo Famulari]

On Thu, Mar 15, 2018 at 10:02:02PM +0100, Catonano wrote:
> after some time that I didn't try, I issued this command
> 
> ~$ guix system vm ~/configs/vm-config-desktop.scm \
> >--image-size=10GB \
> >--share=$HOME/transit=/transit
> 
> 
> and I got
> 
> 
> Backtrace:

What is the output of `guix --version`?


signature.asc
Description: PGP signature

Re: system vm fails

[Catonano]

I tried with a checked out guix and I got what follows


...
validating RUNPATH of 1 binaries in
"/gnu/store/kydnvbnz4vy4b7j2j595jjkc678lvn03-xdg-user-dirs-0.17/bin"...
phase `validate-runpath' succeeded after 0.0 seconds
starting phase `validate-documentation-location'
phase `validate-documentation-location' succeeded after 0.0 seconds
starting phase `delete-info-dir-file'
phase `delete-info-dir-file' succeeded after 0.0 seconds
starting phase `patch-dot-desktop-files'
phase `patch-dot-desktop-files' succeeded after 0.0 seconds
starting phase `install-license-files'
installing 1 license files
phase `install-license-files' succeeded after 0.0 seconds
starting phase `reset-gzip-timestamps'
phase `reset-gzip-timestamps' succeeded after 0.0 seconds
starting phase `compress-documentation'
compressing documentation in
'/gnu/store/kydnvbnz4vy4b7j2j595jjkc678lvn03-xdg-user-dirs-0.17/share/man'
with "gzip" and flags ("--best" "--no-name")
phase `compress-documentation' succeeded after 0.0 seconds
guix system: error: build failed: error parsing derivation
`/gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv': expected
string `Derive(['


the file /gnu/store/dp8ywhh22n8ixikqdvsb6w6qbn4iw899-environment.drv' seems
to be empty. I opened it with nano

system vm fails

[Catonano]

after some time that I didn't try, I issued this command

~$ guix system vm ~/configs/vm-config-desktop.scm \
>--image-size=10GB \
>--share=$HOME/transit=/transit


and I got


Backtrace:
In srfi/srfi-1.scm:
   592:29 19 (map1 (#< path: "/gnu/store/1w63bv…> …))
   592:29 18 (map1 (#< path: "/gnu/store/29lkk2…> …))
   592:29 17 (map1 (#< path: "/gnu/store/2b2d0d…> …))
   592:29 16 (map1 (#< path: "/gnu/store/2r3bal…> …))
   592:29 15 (map1 (#< path: "/gnu/store/3a8fqh…> …))
   592:29 14 (map1 (#< path: "/gnu/store/4clx1c…> …))
   592:29 13 (map1 (#< path: "/gnu/store/4xvb3r…> …))
   592:29 12 (map1 (#< path: "/gnu/store/6m75lp…> …))
   592:29 11 (map1 (#< path: "/gnu/store/6zy8h2…> …))
   592:29 10 (map1 (#< path: "/gnu/store/72n0a3…> …))
   592:29  9 (map1 (#< path: "/gnu/store/75z1k3…> …))
   592:29  8 (map1 (#< path: "/gnu/store/7fb2pw…> …))
   592:29  7 (map1 (#< path: "/gnu/store/998x1z…> …))
   592:17  6 (map1 (#< path: "/gnu/store/ajqj00…> …))
In guix/derivations.scm:
   644:39  5 (_ _)
In guix/memoization.scm:
100:0  4 (_ # "/gnu/store/ajqj00q…" …)
In guix/derivations.scm:
   634:22  3 (_)
   494:17  2 (read-derivation-from-file "/gnu/store/ajqj00qwkah0hgvs…")
In ice-9/ports.scm:
   444:17  1 (call-with-input-file _ _ #:binary _ #:encoding _ # _)
In unknown file:
   0 (scm-error misc-error #f "~A ~S ~S" ("failed to par…" …) …)

ERROR: In procedure scm-error:
failed to parse derivation # ()

Re: Avoiding the need to set user passwords for 'guix system vm-image'

[myglc2]

On 02/01/2018 at 21:41 Hartmut Goebel writes:

> Am 01.02.2018 um 02:41 schrieb George myglc2 Clemmer:
>> Is there a way to pre-populate user accounts with public keys?
>
> Yes, there is: Just search the manual for "authorized-keys" to find the
> documentation.
>
> You may also want to have a look at the real-world examples
> 
> and
> .

Many thanks. Duh! dunno how I missed that in the doc ;-)  - George

Re: Avoiding the need to set user passwords for 'guix system vm-image'

[myglc2]

On 02/01/2018 at 15:23 Leo Famulari writes:

> On Wed, Jan 31, 2018 at 08:41:44PM -0500, George myglc2 Clemmer wrote:
>> How do I avoid the need to set user passwords for vm-images created with
>> 'guix system vm-image'?
>
> It's possible to put the encrypted user passwords in the GuixSD configuration 
> file:
>
> "password (default: #f)
>
> You would normally leave this field to #f, initialize user passwords
> as root with the passwd command, and then let users change it with
> passwd. Passwords set with passwd are of course preserved across
> reboot and reconfiguration.
>
> If you do want to have a preset password for an account, then this
> field must contain the encrypted password, as a string. See crypt in
> The GNU C Library Reference Manual, for more information on password
> encryption, and Encryption in GNU Guile Reference Manual, for
> information on Guile’s crypt procedure."
>
> https://www.gnu.org/software/guix/manual/html_node/User-Accounts.html#User-Accounts
>
>> Is there a way to pre-populate user accounts with public keys?
>
> And, at least with the OpenSSH service, to include the public keys:
>
> (service openssh-service-type
>  (openssh-configuration
>(x11-forwarding? #t)
>(permit-root-login 'without-password)
>(authorized-keys
>  `(("alice" ,(local-file "alice.pub"))
>("bob" ,(local-file "bob.pub"))
>
> I haven't tried it, but I think it should be possible to pass the public
> key as a string instead of using local-file if necessary.
>
> https://www.gnu.org/software/guix/manual/html_node/Networking-Services.html#index-openssh_002dservice_002dtype
>
>> A sample config sure would be appreciated ;-)
>
> Sorry, I've never tried either of these things before :)

Many thanks. Duh! dunno how I missed that in the doc ;-)  - George

Re: Avoiding the need to set user passwords for 'guix system vm-image'

[Hartmut Goebel]

Am 01.02.2018 um 02:41 schrieb George myglc2 Clemmer:
> Is there a way to pre-populate user accounts with public keys?

Yes, there is: Just search the manual for "authorized-keys" to find the
documentation.

You may also want to have a look at the real-world examples

and
.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel  | h.goe...@crazy-compilers.com   |
| www.crazy-compilers.com | compilers which you thought are impossible |

Avoiding the need to set user passwords for 'guix system vm-image'

[George myglc2 Clemmer]

How do I avoid the need to set user passwords for vm-images created with
'guix system vm-image'?

Is there a way to pre-populate user accounts with public keys?

Or is there some other cool thing I  missed?

A sample config sure would be appreciated ;-)

TIA - George

Re: How do I control which guix 'system vm-image' puts into the image?

[Ludovic Courtès]

Hello!

myglc2  skribis:

> How do I control which version of guix is built into an image?

The image contains the ‘guix’ package indirectly specified in the
‘operating-system’ configuration.

Namely, the ‘services’ fields of your ‘operating-system’ declaration is
(very likely) a superset of ‘%base-services’.  ‘%base-services’ includes
‘guix-service’, which automatically adds the ‘guix’ package provided by
(gnu packages package-management) to /run/current-system/profile.

As you can see in (gnu packages package-management), the ‘guix’ package
is a Git snapshot dating back to May 14th.

HTH!

Ludo’.

Re: How do I control which guix 'system vm-image' puts into the image?

[myglc2]

myglc2 <myg...@gmail.com> writes:

Please note clarifications ...

> Running GuixSD I am using git checkout 'b006ba5 [behind 15] pull: Update
> the version string.' with ‘/home/g1/.config/guix/latest’ ->
> ‘../../src/guix’
>
> When I do 'guix system vm-image'; run the image; and do 'M-x
> guix-installed-system-packages' I see a bunch of packages with a "-"
> showing in the Synopsis column and "(This package is obsolete)" shows
> in the "Outputs" field.
>
> In an earlier exchange, Alex explained that this means that the version
> of the package found in the store _does not match_ the package version
> specified by the version of guix in use by emacs. I hope I got that
> right :-0
>
> 'guix system reconfigure system.scm' seems to be using my git checkout
> just fine because with ...
>
> (with-eval-after-load 'geiser-guile
>   (add-to-list 'geiser-guile-load-path "~/src/guix"))
>
> ... in my emacs init file, I don't see any "obsolete" packages when I do
> 'M-x guix-installed-system-packages'

... on the "builder" machine on which I created the image.
>
> So... I developed the theory that 'guix system vm-image' was using a
> obsolete version of guix from the store instead of the version in my my
> git checkout (confused yet?).
>
> So I add guix to 'system.scm'

... and used 'guix system reconfigure system.scm' on the "builder"
machine ...

> to put it in the store in hopes that 'guix
> system vm_image' would pick it up from there. I still have "obsolete"
> packages showing in my vm-image.
>
> So... heere is the question:
>
> How do I control which version of guix is built into an image?
>
> TIA - George
>
> Attached: script (img) used to make and run the vm-image and referenced 
> configs.

Re: 'guix system vm' questions

[Leo Famulari]

On Wed, Jun 29, 2016 at 11:48:42AM -0400, Leo Famulari wrote:
> How does OpenSSH get entropy without blocking on first boot?

According to 'INSTALL' in the OpenSSH source code, OpenSSH gets random
numbers from the "libcrypto" backup, which for us is OpenSSL, which uses
/dev/urandom.

Re: 'guix system vm' questions

[myglc2]

David Craven  writes:

> So I packaged rng-tools and created a shepherd service, but I realized
> that the service needs to be started before the activation part of the
> lsh service. What's the best way to do this?
>
> https://git.lysator.liu.se/lsh/lsh/blob/master/src/lsh-make-seed.c#L1075
>
> On Wed, Jun 29, 2016 at 8:23 PM, David Craven  wrote:
>> HW_RANDOM_VIRTIO is enabled in the default kernel.
>>
>> Starting the vm like this enables the hwrng:
>> /gnu/store/3rqbwx34kfa789jbywfbxl90nids08cf-run-vm.sh -device virtio-rng-pci
>> and it works as can be verified by
>> cat /dev/hwrng
>>
>> The only missing components from what I can tell is packaging rng-tools
>> and adding a service to add /dev/hwrng to the entropy pool on boot.
>>
>> https://git.kernel.org/cgit/utils/kernel/rng-tools/rng-tools.git/
>>
>>> We should look into QEMU's VirtIO RNG, which could help here:
>>> http://wiki.qemu-project.org/Features-Done/VirtIORNG

This sounds great. I see you submitted patches. Am I correct in thinking
that the next step is to add an lsh-option option that uses rmg-tools
instead of lsh-make-seed to set the yarrow seed?

TIA - George

Re: 'guix system vm' questions

[myglc2]

l...@gnu.org (Ludovic Courtès) writes:

> myglc2  skribis:
>
>> Leo Famulari  writes:
>>
>>> On Wed, Jun 29, 2016 at 10:10:35AM -0400, Thompson, David wrote:
 On Wed, Jun 29, 2016 at 2:57 AM, myglc2  wrote:
 > I have a headless server running Guix/Debian 8.3 on which I would like
 > to run some guix vms. So far, I have a script (see mkvm.sh, attached)
 > that runs a single vm. It has some issues:
 >
 > 1) lsh-service hangs waiting for keystrokes on the QEMU console
 
 LSH needs to be initialized with a key on first boot, which is why you
 need to type to create entropy.  This sucks for automation, so I would
 recommend OpenSSH instead, but we don't have an openssh-service yet.
>>>
>>> In your operating system configuration, you can pass 'initialize? #f' to
>>> lsh-service to skip the SSH seed and host-key initialization. You will
>>> need to initialize the LSH service later, before you can use it.
>>
>> I tried that and ... lsh spun looking for a seed file advising me to run
>> 'lsh-make-seed', and then stopped.
>
> Yeah this is expected: lshd won’t start if it cannot find a seed;
> eventually, the Shepherd…
>
>> Service SSH-daemeon has started.
>> No seed file. Please create on by running 
>> lwh-make-seed -o "/var/spool/lsh/yarrow-seed-file".
>> lshd: No rendomness generator available.
>> Service ssh-daemon has been disabled.
>>   (Respawning too fast.)
>
> … disables it.
>
>> v1 login: root
>> root@v1 ~# lsh-make-seed 
>> -bash: lsh-make-seed: command not found
>
> I guess ‘lsh-service-type’ should be changed to extend
> ‘profile-service-type’ such that this command is available.  WDYT?

Well I can't see how it will help in my use case. I can't think of why
it would be useful in practice, since lsh-make-seed is already being
called with --sloppy by 'ssh-service initialize? #t'.

The only reasons I can think of are ...

- to enable a user at the console to manually reproduce what
   'ssh-service initialize? #t' does, and

- to avoid it being reported as a bug

... which is why I didn't report it as a bug.

Re my use case, am I correct in believing that the only way to address
it is to enhance lsh-service with an alternative initialization scheme
that does not require console input?

If so, maybe we should rename the current initialize to ...

INITIALIZE-REQUIRING-CONSOLE-INPUT?

... and add a new one named ...

INITIALIZE-UNATTENDED?

WDYT? - George

Re: 'guix system vm' questions

[Ludovic Courtès]

myglc2  skribis:

> Leo Famulari  writes:
>
>> On Wed, Jun 29, 2016 at 10:10:35AM -0400, Thompson, David wrote:
>>> On Wed, Jun 29, 2016 at 2:57 AM, myglc2  wrote:
>>> > I have a headless server running Guix/Debian 8.3 on which I would like
>>> > to run some guix vms. So far, I have a script (see mkvm.sh, attached)
>>> > that runs a single vm. It has some issues:
>>> >
>>> > 1) lsh-service hangs waiting for keystrokes on the QEMU console
>>> 
>>> LSH needs to be initialized with a key on first boot, which is why you
>>> need to type to create entropy.  This sucks for automation, so I would
>>> recommend OpenSSH instead, but we don't have an openssh-service yet.
>>
>> In your operating system configuration, you can pass 'initialize? #f' to
>> lsh-service to skip the SSH seed and host-key initialization. You will
>> need to initialize the LSH service later, before you can use it.
>
> I tried that and ... lsh spun looking for a seed file advising me to run
> 'lsh-make-seed', and then stopped.

Yeah this is expected: lshd won’t start if it cannot find a seed;
eventually, the Shepherd…

> Service SSH-daemeon has started.
> No seed file. Please create on by running 
> lwh-make-seed -o "/var/spool/lsh/yarrow-seed-file".
> lshd: No rendomness generator available.
> Service ssh-daemon has been disabled.
>   (Respawning too fast.)

… disables it.

> v1 login: root
> root@v1 ~# lsh-make-seed 
> -bash: lsh-make-seed: command not found

I guess ‘lsh-service-type’ should be changed to extend
‘profile-service-type’ such that this command is available.  WDYT?

Besides, we should add a service for OpenSSH’s sshd.

Thanks,
Ludo’.

Re: 'guix system vm' questions

[myglc2]

Leo Famulari  writes:

> On Wed, Jun 29, 2016 at 10:10:35AM -0400, Thompson, David wrote:
>> On Wed, Jun 29, 2016 at 2:57 AM, myglc2  wrote:
>> > I have a headless server running Guix/Debian 8.3 on which I would like
>> > to run some guix vms. So far, I have a script (see mkvm.sh, attached)
>> > that runs a single vm. It has some issues:
>> >
>> > 1) lsh-service hangs waiting for keystrokes on the QEMU console
>> 
>> LSH needs to be initialized with a key on first boot, which is why you
>> need to type to create entropy.  This sucks for automation, so I would
>> recommend OpenSSH instead, but we don't have an openssh-service yet.
>
> In your operating system configuration, you can pass 'initialize? #f' to
> lsh-service to skip the SSH seed and host-key initialization. You will
> need to initialize the LSH service later, before you can use it.

I tried that and ... lsh spun looking for a seed file advising me to run
'lsh-make-seed', and then stopped.

'lsh-make-seed' was not available.

Maybe this is a bug?


What I saw on the VM:

### lsh spins and stops showing
[...]
Respawning ssh-daemon.
Service SSH-daemeon has started.
No seed file. Please create on by running 
lwh-make-seed -o "/var/spool/lsh/yarrow-seed-file".
lshd: No rendomness generator available.
Service ssh-daemon has been disabled.
  (Respawning too fast.)

### lsh-make-seed seems to be missing
v1 login: root
root@v1 ~# lsh-make-seed 
-bash: lsh-make-seed: command not found


guix version:

Note: running from git checkout
  File: ‘/home/g1/.config/guix/latest’ -> ‘../../dev/guix’
* master  242ad41 download: Use basic 
authentication when userinfo is present in URI.


test script: attached below


lsh
Description: Binary data

'guix system vm' questions

[myglc2]

I have a headless server running Guix/Debian 8.3 on which I would like
to run some guix vms. So far, I have a script (see mkvm.sh, attached)
that runs a single vm. It has some issues:

1) lsh-service hangs waiting for keystrokes on the QEMU console

2) passwords need to be set in the QEMU console

3) on the vm, 'guix package -i' throws an error, e.g.,

   (on the console)
   v1 login: u1
   password: 
   $ guix package -i
   accepted connection from pid 390, user u1
   guix package: error: build failed: changing ownership of '/path/store': 
Read-only file system

4) I can't log in to the vm like I expected, e.g. 'ssh u1@10.0.2.15'
   times out

5) I would like to have the user 'u1' share read/write access to the
   $HOME directory and be able to use $HOME/.ssh credentials

Your suggestions &/or sample configurations would be most welcome.

TIA - George

PS I am running this guix git checkout ...
   * master  d6e374a gnu: mafft: Update to 
7.299.

#!/bin/bash

# make and run a Guix VM

set -x
VMNUM=1
tmpdir=vm$VMNUM
rm -fr $tmpdir
mkdir $tmpdir

# vm.config
cat > "$tmpdir/vm.scm"<