Re: [Nix-dev] Malicious installation methods

[Tomasz Kontusz]

Dnia 17 czerwca 2016 13:12:57 CEST, Yui Hirasawa  napisał(a):
>I recently noticed that you recommend very malicious installation
>methods on your download page for nix[1]
>
>Retrieving code straight from the internet and blindly executing is
>never a good thing and you don't give any sort of recommendation for
>the
>user to inspect the script before running it. This completely defeats
>the point of having reproducible builds when your system can be
>completely infected when you install the package manager. This also
>means that anything installed through the package manager is
>potentially
>malicious as well.
The installer, when run, will fetch more code for users to blindly execute (as 
most of that code will be provided in compiled form). How is blindly running an 
installer worse than running other code from the same provider?

>> $ curl https://nixos.org/nix/install | sh
>
>And this isn't made any better by the fact that you want users to run
>the script blindly as the superuser.
>
>> This script requires that you have sudo access to root,
The installer needs elevated privileges to do it's job.

>I ask you to PLEASE remove this installation method from the
>recommendations on the page because it makes it look like you don't
>care
>about computer secuirty one bit.
Now, that's an interesting point. Are there many people who never installed nix 
because the installer is the recommended installation method?

>PS. There are ways of detecthing when something is piped straight to an
>interpreter and thus even if someone did curl and read the output and
>then curled into a shell they could still get infected as serving
>different pages depending on the circumstances isn't all that
>difficult.
This assumes https://nixos.org is already malicious - and then you shouldn't 
run *anything* that comes from there.

>[1]: https://nixos.org/nix/download.html
>___
>nix-dev mailing list
>nix-dev@lists.science.uu.nl
>http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Open source team messaging: mattermost

[Tomasz Kontusz]

Dnia 29 lutego 2016 20:59:06 CET, Arseniy Seroka  
napisał(a):
>IRC is awesome thing, why do we need to replace it?
IRC replacements typically offer:
* history
* long messages with sane visualisation (like hiding parts of them in history 
until requested) - this greatly reduces the need for pastebins, and keeps 
everything in one place
* email notifications
* some light styling that works the same for everyone in the channel

And all of that is integrated from the start, without the need to setup 
bouncers and looking through history on some other service.
Also, IIRC mattermost has a nice visualisation of threads of discussion while 
still keeping the "common channel" feel (but I might be mistaking it with other 
service).

As much as I like IRC for being a standardised protocol with many clients, it 
has not aged well. And movements to refresh it (like IRCv3) are pretty slow. 
Also you can't ignore the barrier to entry being much higher than for a 
browser-based chat app.
-- 
Wysłane za pomocą K-9 Mail.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] builder for ‘*.drv’ failed to produce output path ‘*’

[Tomasz Kontusz]

You need to create $out in your builder. Just "cp -r ./build $out" after 
the "make pgloader" will be a good start - at least you'll see if it's 
usable :-)

On 13.12.2015 23:39, Tinker wrote:
> Hi
>
> I'm trying to write a nix package for pgloader (a db migration tool
> written by someone else and can be found at
> https://github.com/dimitri/pgloader).
>
> When I run it as `nix-build -A pgloader` then I get:
>
> builder for ‘/nix/store/gz38vqm47i0vfyiqdz6qmqyx7ywprji5-pgloader-3.2.2.drv’
> failed to produce output path
> ‘/nix/store/v5ya763xia00lp40yx6z5c0h6l1cvla2-pgloader-3.2.2’
> error: build of
> ‘/nix/store/gz38vqm47i0vfyiqdz6qmqyx7ywprji5-pgloader-3.2.2.drv’
> failed
>
> I'm trying to figure out what it means but maybe someone can already
> shed a light?
>
> The package does not have a 'make install', is that why it's
> complaining out the missing output path?
> What would be the way forward given I don't own the source of the
> utility itself?
>
> default.nix (other comments welcome as well):
> ===
> { stdenv, fetchurl, sbcl, unzip, curl, git, openssl, sqlite, freetds,
> lispPackages, cacert }:
>
> stdenv.mkDerivation {
>name = "pgloader-3.2.2";
>buildInputs = [ sbcl unzip curl git openssl sqlite freetds
> lispPackages.cl-ssl cacert ];
>
> LD_LIBRARY_PATH="${lispPackages.cl-ssl}/lib:${openssl}/lib:${sqlite}/lib:${freetds}/lib";
>SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt;
>CURL_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt;
>
>builder = builtins.toFile "builder.sh" "
>  source $stdenv/setup
>
>  PATH=$sbcl/bin:$PATH
>
>  unzip $src
>  cd pgloader-*
>  sed -i 's/COMPRESS_CORE ?= yes/COMPRESS_CORE ?= no/' Makefile
>  make COMPRESS_CORE=no pgloader
>";
>
>src = fetchurl {
>  url = https://github.com/dimitri/pgloader/archive/master.zip;
>  md5 = "8b93075a1a5848a674101d90850dc90e";
>  #url = https://github.com/dimitri/pgloader/archive/v3.2.2.zip;
>  #md5 = "4d00eb55bf7dbea0a8e55248d2bbb96d";
>};
>inherit sbcl;
> }
> ===
>
> t
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOS/Nixpkgs repository labels

[Tomasz Kontusz]

GitHub should already know about that, is a label useful? It will always be at 
least a bit out of date too.

Dnia 27 listopada 2015 11:56:04 CET, Matthias Beyer  
napisał(a):
>On 27-11-2015 11:37:54, Pascal Wittmann wrote:
>> On 11/22/2015 11:06 PM, Nicolas Pierron wrote:
>> > I invite other contributors to join me on this triaging effort,
>such
>> > that this system is not only made for me.
>> 
>> I have just added the label "2.status: merge conflict", to indicate
>> which PRs are unmergable.
>> 
>
>We could write a bot for such trivial things.
>Maybe there's also one available somewhere...
>
>-- 
>Mit freundlichen Grüßen,
>Kind regards,
>Matthias Beyer
>
>Proudly sent with mutt.
>Happily signed with gnupg.
>
>
>
>
>___
>nix-dev mailing list
>nix-dev@lists.science.uu.nl
>http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How to stop all packages to stop compiling from binary

[Tomasz Kontusz]

When using a channel you should have the core packages available as binaries. 
What is your cache configuration in nix.conf? Do you have any overrides?

Dnia 1 listopada 2015 22:22:34 CET, rohit yadav  
napisał(a):
>Hi All-
>
>I upgraded my channel from 14.12 to 15.09 and now all the packages are
>being compiled from source. How do I make it to get the pre-build
>binaries?
>
>Thanks,
>Rohit
>
>
>
>
>___
>nix-dev mailing list
>nix-dev@lists.science.uu.nl
>http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] No such file or directory

[Tomasz Kontusz]

It looks a bit like a filesystem corruption - make sure to run fsck on it (or 
scrub it, if it's btrfs)

Dnia 10 września 2015 01:31:20 CEST, Arseniy Seroka  
napisał(a):
>I don't know that happened but the solution is:
>```
>cd /nix/var/nix/profiles/per-user/root
>rm -rf channels
>cp -r channel--link channel # please note, that `ln` did't
>work
>nixos-rebuild switch
>```
>
>2015-09-10 2:15 GMT+03:00 Arseniy Seroka :
>
>> Hello!
>> I've just tried to use any nixos (and nix) command and got:
>> ```
>> > nix-env -q
>> error: getting status of ‘/nix/var/nix/profiles/per-user/root/P
>�P�b�
>> ’: No such file or directory
>> > sudo nixos-rebuild switch
>> error: getting status of ‘/nix/var/nix/profiles/per-user/root/��$�� �
>�h�
>> ’: No such file or directory
>> building Nix...
>> error: reading from file: Is a directory
>> error: getting status of ‘/nix/var/nix/profiles/per-user/root/0��s�
>�5mq
>> ’: No such file or directory
>> error: getting status of ‘/nix/var/nix/profiles/per-user/root/ �Sn�
>��c��
>> ’: No such file or directory
>> /tmp/nixos-rebuild.D4PZ5o/nix
>> �� ’: No such file or directoryvar/nix/profiles/per-user/root/P
>�@
>> building the system configuration...
>> error: getting status of ‘/nix/var/nix/profiles/per-user/root/�Yw�
>�
>> ’: No such file or directory
>> ```
>> Did `sudo nix-store --verify --check-contents --repair` and
>everything is
>> ok.
>> My nixos.version is `16.03pre68239.bd84eba (Dingo).`
>>
>> What's that? And how to fix it?
>> Yesterday I could make a rebuild successfully..
>>
>> --
>> Sincerely,
>> Arseniy Seroka
>>
>
>
>
>-- 
>Sincerely,
>Arseniy Seroka
>
>
>
>
>___
>nix-dev mailing list
>nix-dev@lists.science.uu.nl
>http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Jar files

[Tomasz Kontusz]

Nix only scans for hashes, and there's a good chance they'll be kept intact 
when compressing.

If that's not good enough, then you'll have to make a file with references 
either by hand or by unpacking the jars. I don't know how often this will 
actually be needed - is Java retaining paths to dependencies after compilation?

Dnia 28 sierpnia 2015 15:02:19 CEST, Daniel Peebles pumpkin...@gmail.com 
napisał(a):
Hi all,

We don't have much of a Java presence in Nixpkgs, but I was thinking of
growing it. This leads to what seems like a bit of a thorny issue: most
java code is distributed in jars, which are glorified zip files. Can
anyone
see the problem?

The one I'm afraid of is one of runtime dependencies: normally we're
fine
embedding other nix store paths in code, under the assumption that the
literal string will show up somewhere in the resulting binary. If you
zip
the result, that's no longer true without smarter scanning logic.

So is the solution to make our java packaging never produce any jars,
and
explicitly unpack any we encounter? That feels kind of gross.
Alternately,
we could have a post-processor that scans the unpacked zip files for
store
paths and then replicates them somewhere in nix-support. Also doesn't
feel
ideal!

Are there other options? Am I misunderstanding something or is this
really
an issue?

Thanks,
Dan




___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Ideas for systematically avoiding unwanted runtime dependencies

[Tomasz Kontusz]

On 08/27/2015 12:15 AM, Daniel Peebles wrote:
Right now I'm struggling with my image pulling in gcc because it 
legitimately depends on icu4c, which mysteriously retains a runtime 
dependency on gcc. Regardless of specifics, individual packages can 
usually be fixed to reduce their runtime footprint, but I'm looking 
for ideas for how to do so in a systematic manner, so we don't just 
notice these things by accident and fix them one by one. Does anyone 
have any thoughts?
For specific known-problematic packages we could use allowedReferences 
(see http://nixos.org/nix/manual/#sec-advanced-attributes) to make sure 
we have control over runtime dependencies.


I'm not sure how that would work with multiple outputs, but if it was 
per-output we could even use it by default (most packages don't need 
references to gcc in their default output :-)).


Also, multiple outputs won't really help with this problem because 
there's nothing stopping these packages from retaining references to 
many of our outputs.


Thanks,
Dan


[1] https://github.com/NixOS/nixpkgs/issues/5895


___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] nix-shell unpackPhase does not work on my system

[Tomasz Kontusz]

After unpackPhase you have to enter the unpacked source directory, then you can 
run configurePhase

Dnia 20 sierpnia 2015 18:13:49 CEST, Massimo Zaniboni 
massimo.zanib...@gmail.com napisał(a):
 But on my Mint system, the nix-shell does not see the
configurePhase
 and all other *Phase commands.

I tried also on a Mint system installed from scratch on a distinct VM, 
for excluding problems on my system.


___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] crosscompiling question

[Tomasz Kontusz]

I think the only way is to build in qemu on the host, or copy-closure whole 
system profiles (and then link and activate them by name).

Lluís Batlle i Rossell vi...@viric.name napisał:
On Tue, Jul 14, 2015 at 09:03:06AM +0200, Tomas Hlavaty wrote:
 Like this, I would like to crosscompile packages on my desktop and
then
 copy-closure them to the board.  However, they are different paths in
 the store.  How can I actually achive this?  Is there some trick I am
 missing?

Different recipes give different store paths. The recipe of
cross-building
is quite different from the recipe of native building.

If you expect the cross-built 'hello' to have the same hash as the
natively built, I don't know any trick. They are effectively built
differently, and thus, they have a different store path.

I don't know of any way in nix that can relate cross-built packages
with
natively built.

-- 
(Escriu-me xifrat si saps PGP / Write ciphered if you know PGP)
PGP key D4831A8A - https://emailselfdefense.fsf.org/
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] restarting a mongodb

[Tomasz Kontusz]

I think you can add `systemd.services.mongodb.requires = 
[mongo.mount]` to tell systemd to mount (and wait for) /mongo when 
starting MongoDB.

On 07/08/2015 07:13 AM, stewart mackenzie wrote:
 Hello all,

 So rebuilding our database server with this bit in our config:

 ```

  services = {
  mongodb = {
  enable = true;
  bind_ip = 0.0.0.0;
  dbpath = /mongo/db;
  };
  };
  fileSystems./mongo = {
  device = /dev/xvdb;
  fsType = ext4;
  autoFormat = true;
  };
 ```

 resulted in this issue:

 ```

 starting the following units: cron.service, fetch-ec2-data.service,
 kmod-static-nodes.service, network-local-commands.service,
 network-setup.service, nix-daemon.service, nscd.service, ntpd.service,
 print-host-key.service, rngd.service, systemd-logind.service,
 systemd-modules-load.service, systemd-sysctl.service,
 systemd-tmpfiles-clean.timer, systemd-tmpfiles-setup-dev.service,
 systemd-udev-settle.service, systemd-udev-trigger.service,
 systemd-udevd.service, systemd-vconsole-setup.service
 the following new units were started: mongo-bak.mount, mongo.mount,
 postfix.service
 warning: the following units failed: mongodb.service

 ● mongodb.service - MongoDB server
 Loaded: loaded
 (/nix/store/5kvf87w82nk9kfh5p2iamdq7gzc9nfr3-unit-mongodb.service/mongodb.service)
 Active: failed (Result: exit-code) since Wed 2015-07-08 12:38:15
 HKT; 12ms ago
Process: 15082
 ExecStart=/nix/store/ifx5xm0m625gv003v1zsn15pr447zwmf-mongodb-2.6.5/bin/mongod
 --quiet --config
 /nix/store/18ahs474r1gbpkacy22rl6vy7q8jwxfq-mongodb.conf (code=exited,
 status=100)
Process: 15041
 ExecStartPre=/nix/store/sig4djkyinm552svg58ryzvs0apxjbf2-unit-script/bin/mongodb-pre-start
 (code=exited, status=0/SUCCESS)

 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 mongod.27017[15137]: [initandlisten] warning caught exception
 (assertion src/mongo/db/dur_journal.cpp:362) in preallocateFiles,
 continuing
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 mongod.27017[15137]: [initandlisten] exception in initAndListen: 13516
 couldn't open file /mongo/db/journal/j._0 for writing errno:2 No such
 file or directory, terminating
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 mongod.27017[15137]: [initandlisten] dbexit:
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 mongod.27017[15137]: [initandlisten] shutdown: going to close
 listening sockets...
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 mongod.27017[15137]: [initandlisten] shutdown: going to flush
 diaglog...
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 mongod[15082]: ERROR: child process failed, exited with error number
 100
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 systemd[1]: mongodb.service: control process exited, code=exited
 status=100
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 systemd[1]: Failed to start MongoDB server.
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 systemd[1]: Unit mongodb.service entered failed state.
 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal
 systemd[1]: mongodb.service failed.
 warning: error(s) occured while switching to the new configuration
 ```

 It seems the mongo db directory didn't exist yet as it was probably
 still formatting.

 Please note the autoFormat = true; in the script.

 We ran the script immediately afterwards and it ran without failures.

 As this is the database (which we're deprecating for datomic) it's important.
 How do I avoid such errors in future?

 Thanks in advance
 Stewart
 ___
 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] funding nixos documentation

[Tomasz Kontusz]

On 06/03/2015 08:21 PM, Jeffrey David Johnson wrote:
 Oops, replying to the whole list now.

 Begin forwarded message:

 Date: Wed, 3 Jun 2015 11:20:10 -0700
 From: Jeffrey David Johnson jef...@gmail.com
 To: Joachim Schiele j...@lastlog.de
 Subject: Re: [Nix-dev] funding nixos documentation


 I like the idea but can't personally pay for it :(

 I see you have a paper on http://nixos.org/docs/papers.html
 comparing Nix to other package managers. I think that would be a great
 topic for documentation! Maybe a series of short tutorials for people
 coming from Debian, Arch, Gentoo, brew on OSX, etc.

 Also, long shot idea: we could put together a list of bounties. Pledge
 amounts toward particular fixes/goals and then when someone
 accomplishes them they post a paypal/bitcoin address to get paid. I'm
 not sure how to make it binding or pay up front or resolve disputes
 though.
Actually there are already systems for bounties 
(https://www.bountysource.com/ is one) - do people here have any 
experience with those?
Would it make sense to have one of such platforms endorsed by nixos.org?

 Jeff

 On Wed, 03 Jun 2015 16:43:07 +0200
 Joachim Schiele j...@lastlog.de wrote:

 hey,

 if someone is willing to pay me for nixos documentation updates i would
 love to do some contribution(s)/rework.

 just let me know if you are interested.

 goals i consider importatnt:
 - nix/nixpkgs documentation
 - nix-shell examples
 - create a nix tutorial
 - create an offline version of the wiki
 - create an offline version of package/option search

 please contact me if you have interest in paying me for such things.

 regards,
 joachim schiele

 ___
 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev
 ___
 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Git commit hashes

[Tomasz Kontusz]

Colin Putney co...@wiresong.com napisał:
On Tue, Jun 2, 2015 at 9:15 AM, Colin Putney co...@wiresong.com
wrote:

 Hi all,

 I'm running a small cluster with several custom-built services, and
I'd
 like to include git commit hashes in my logs so that I can easily
find the
 source code that's producing them. I thought this would be
 straight-forward, but it's turning out to be surprisingly difficult.

 Running `git describe`


Ugh, premature send. Sorry.

In principle, including the git hash in the output of a build should be
deterministic: for any given working copy, there is one and only one
commit
hash. In practice, though, running git describe without introducing
impurity seems to be impossible. Anybody figured out how to do this?

You can pass leaveDotGit = true into fetchgit, or pass the commit into the 
build script as a separate variable.


Colin




___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Fwd: Re: write_file '/etc/passwd.tmp' - syswrite: Bad address

[Tomasz Kontusz]

I'm not sure, I've seen a similar problem some time in the last month. I 
assumed it's a broken file (laptop HDD, btrfs is a young FS, I kind of expect 
occasional problem :-)), but fsck showed no problems with any passwd file.

Wout Mertens wout.mert...@gmail.com napisał:
Well, that looks like hardware corruption somewhere. Might I recommend
using zfs or btrfs as your filesystem to ensure integrity?

On Sat, May 16, 2015, 4:58 PM Amy de Buitléir a...@nualeargais.ie
wrote:

 Wout Mertens wout.mertens at gmail.com writes:

  so weird... what was the corruption?

 Halfway through the file, there was stuf like this:

 ÃU+0083ÂU+0083ÃU+0082ÂU+0083ÃU+0083ÂU+0082...
 ___
 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev





___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
-- 
Wysłane za pomocą K-9 Mail.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How to test my service definition without actually installing it?

[Tomasz Kontusz]

I'm so bad at sending mail to the list :-( still learning to reply-all.

Yes, that would rebuild the whole system. I normally build on top of 
nixos-unstable (there's a separate repo with branches for channels) instead of 
master, this helps with rebuilds.
If you don't want to rebuild your whole system you can use nixops with local 
containers - that's how I normally test services that I won't run locally.

BTW thanks for working on taskd service, I'd love to use one :-)

Matthias Beyer m...@beyermatthias.de napisał:
(Also send to the list, as you did not reply to the list as well)

But I need to specify my git clone of the repo, right?

And when doing this, my whole system gets rebuild using the
definitions from master, so almost everything.

I guess I can fix this by rebasing onto the unstable tracker git
branches, can I?

On 14-05-2015 10:17:44, Tomasz Kontusz wrote:
 You can use nixos-rebuild test to switch without polluting grub
 
 Matthias Beyer m...@beyermatthias.de napisał:
 Hi,
 
 I'm currently working on
 
 https://github.com/NixOS/nixpkgs/pull/7771
 
 (taskwarrior-server service definition for nixos)
 
 How to test my service definition without installing it aka. without
 polluting my boot manager with boot entries? How to install it
 without rebuilding my complete system because of the switch from
 the nixos-unstable channel to the master branch channel.
 
 Or am I getting something wrong with the last sentence?
 
 -- 
 Mit freundlichen Grüßen,
 Kind regards,
 Matthias Beyer
 
 Proudly sent with mutt.
 Happily signed with gnupg.
 
 


 
 ___
 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev
 
 -- 
 Wysłane za pomocą K-9 Mail.

-- 
Mit freundlichen Grüßen,
Kind regards,
Matthias Beyer

Proudly sent with mutt.
Happily signed with gnupg.

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] i686 Builds?

[Tomasz Kontusz]

I'm on x86_64 and use some of those for running games (mostly what the steam 
package already pulls in, plus a few more that were needed for specific games).

The idea to only build them after x86_64 sounds pretty good. Actually, are all 
packages build together with the tests or only after they pass?

Shea Levy s...@shealevy.com napisał:
Hi all,

Do we still have users running 32-bit machines? It would reduce the
load on 
hydra significantly if we could drop support for i686, though of course
if 
people are still relying on it we shouldn't make the change yet.

~Shea
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Fwd: Re: Possible bug in ssh key module

[Tomasz Kontusz]

Oops, replied to the wrong address.


 Wiadomość oryginalna 
Od: Tomasz Kontusz tomasz.kont...@gmail.com
Wysłane: Tue May 12 10:25:21 CEST 2015
Do: Anand Patil anand.prabhakar.pa...@gmail.com
Temat: Re: [Nix-dev] Possible bug in ssh key module

It would still be nice if the middle yelled at you instead of using obviously 
wrong inputs.

Actually, is there any practice already in place for this kind of checks? Like 
how picky should they be, and should they be overridable

Anand Patil anand.prabhakar.pa...@gmail.com napisał:
Hi Bas, yep, it was just that. Sorry for the false alarm.

Thanks,
Anand

On Mon, May 11, 2015 at 12:52 AM, Bas van Dijk v.dijk@gmail.com
wrote:
 On 11 May 2015 at 04:45, Anand Patil
anand.prabhakar.pa...@gmail.com wrote:
 Hi everyone,


 Just wanted to point out a small possible bug in NixOS version
 15.05pre61966.75ebc3c (Dingo). I noticed that when I add an
 authorizedKeys option to my user like so:

 openssh.authorizedKeys.keys = [ ssh-rsa stuff ];

 the contents of /etc/ssh/authorized_keys.d/anand look like

 ssh-rsa
 stuff

 with a newline after the ssh-rsa,

 Hi Anand,

 The implementation looks correct. It only adds newlines between the
keys:


https://github.com/NixOS/nixpkgs/blob/75ebc3cf1dc1365be5a05018fc8e5409c66025cb/nixos/modules/services/networking/ssh/sshd.nix#L55

 Are you sure your string doesn't contain a newline? Maybe your text
 editor added a newline when it wrapped the string.

 Bas
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.
-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] i686 Builds?

[Tomasz Kontusz]

By amd32 do you mean amd64 with 32 bit pointers?

Lluís Batlle i Rossell vi...@viric.name napisał:
amd32 should be ready in the kernel and gcc/glibc. We just need someone
to
prepare nix/nixpgks/nixos for this. :)

On Tue, May 12, 2015 at 12:05:29PM +0200, Christian Theune wrote:
 Hi,
 
 same here.
 
 Many interpreted languages (like Python) are affected by this as they
tend to be quite pointer-happy. As pointer-size doubles from 32bit to
64bit we find that in most applications we have about 70% increase when
moving to 64-bit ending up with 1.7 as much memory as before. So we
also currently run applications in 32-bit virtual machines and rather
use many 3GiB processes than a few bigger ones. Moving from 3GiB to
64bit requires about 5GiB just to even out the pointer-size effects.
 
 Supposedly the amd64 instruction set has some benefits that make e.g.
Python run faster on certain computational stuff, but I don’t have
prove for that.
 
 In the long term we will include 64-bit in the mix anyway as some
applications (Mongo, sigh) are quite trigger happy with allocating
virtual (non residential) memory for mmapping insane numbers of
insanely large files …
 
 Christian
 
  On 12 May 2015, at 11:59, Lluís Batlle i Rossell vi...@viric.name
wrote:
  
  My experience is equal with Marco, about memory and my usage of
i686. i686
  is important for me too.
  
  On Tue, May 12, 2015 at 11:43:47AM +0200, Marco Maggesi wrote:
  I use 32 bit a lot.
  First of all, I use it on some old machines with 32bit hardware.
  But, more importantly, I use it regularly on virtuabox and xen
virtual
  machines.
  In my experience, for most of my use cases the 32bit require less
memory
  (which is often not abundant on virtual instances) and it is thus
generally
  faster for many computing tasks .  I made some tests with HOL
Light (the
  theorem prover).  The bare program has memory occupation which
almost the
  double in the 64bit version (~1.2Gb) with respect to the 32bit
version
  (~0.7Gb).  On a virtual machine with 2Gb of ram, the 32 bit it is
often
  10%-20% faster on typical usage and 50% faster or more when the
computation
  requires more memory.
  In my experience, the version 32 bit can be more convenient than
the 64bit
  version in a variety of situations.
  So, please, do not give-up with 32 bit support.
  Marco
  
  
  
  2015-05-12 11:08 GMT+02:00 Luke Clifton ltclif...@gmail.com:
  
  +1
  
  This seems like a good idea.
  
  On 12 May 2015 at 06:45, William Kennington
will...@wkennington.com
  wrote:
  
  Maybe it would make more sense to only build the i686 builds if
our
  tested set of x86_64 binaries build correctly. We would still
release with
  both but it would cut down on a lot of redundant failures.
  
  On Mon, May 11, 2015 at 3:39 PM Ryan Trinkle
ryan.trin...@gmail.com
  wrote:
  
  I encountered an i686 user just the other day!  I don't use it
  personally, but having solid support in Nix was fantastic,
especially
  because older, 32-bit machines tend to be slower, which makes
Nix's binary
  caching functionality even more important.
  
  On Mon, May 11, 2015 at 6:36 PM, Shea Levy s...@shealevy.com
wrote:
  
  Hi all,
  
  Do we still have users running 32-bit machines? It would
reduce the
  load on
  hydra significantly if we could drop support for i686, though
of course
  if
  people are still relying on it we shouldn't make the change
yet.
  
  ~Shea
  ___
  nix-dev mailing list
  nix-dev@lists.science.uu.nl
  http://lists.science.uu.nl/mailman/listinfo/nix-dev
  
  
  ___
  nix-dev mailing list
  nix-dev@lists.science.uu.nl
  http://lists.science.uu.nl/mailman/listinfo/nix-dev
  
  
  ___
  nix-dev mailing list
  nix-dev@lists.science.uu.nl
  http://lists.science.uu.nl/mailman/listinfo/nix-dev
  
  
  
  ___
  nix-dev mailing list
  nix-dev@lists.science.uu.nl
  http://lists.science.uu.nl/mailman/listinfo/nix-dev
  
  
  
  ___
  nix-dev mailing list
  nix-dev@lists.science.uu.nl
  http://lists.science.uu.nl/mailman/listinfo/nix-dev
  
  
  --
  (Escriu-me xifrat si saps PGP / Write ciphered if you know PGP)
  PGP key D4831A8A - https://emailselfdefense.fsf.org/
  ___
  nix-dev mailing list
  nix-dev@lists.science.uu.nl
  http://lists.science.uu.nl/mailman/listinfo/nix-dev
 
 —
 Christian Theune · c...@flyingcircus.io · +49 345 219401 0
 Flying Circus Internet Operations GmbH · http://flyingcircus.io
 Forsterstraße 29 · 06112 Halle (Saale) · Deutschland
 HR Stendal HRB 21169 · Geschäftsführer: Christian. Theune, Christian.
Zagrodnick
 



-- 
(Escriu-me xifrat si saps PGP / Write ciphered if you know PGP)
PGP key D4831A8A - https://emailselfdefense.fsf.org/
___
nix-dev mailing list

[Nix-dev] Fwd: Re: Gratuitous generations

[Tomasz Kontusz]

Argh, responded to the wrong address again :-/


 Wiadomość oryginalna 
Od: Tomasz Kontusz tomasz.kont...@gmail.com
Wysłane: Tue Mar 31 08:37:07 CEST 2015
Do: Serge Kosyrev _deepf...@feelingofgreen.ru
Temat: Re: [Nix-dev] Gratuitous generations

Cool idea! I'm sure you'll be happy to know that's how nix profiles (the system 
one too) work already :-)

Serge Kosyrev _deepf...@feelingofgreen.ru napisał:
Christian Theune c...@flyingcircus.io writes:
 We could add an option to suppress creating a new generation if
nothing has changed.

 Sounds like an idea to start working on this. If your main concern is
to avoid
 accidentally breaking the switch/rollback semantics while providing
this then
 maybe at some point the option could be dropped.

 Mulling over this: I’m not sure what the clear expectation is on the
 switch/rollback scenario when nothing is changing. Knowing that
rolback always
 gets me to the point prior to the last switch (independently whether
something was
 changed or not) is a simple rule (which is good). I can also see that
rollback
 fixes the last change. This would require users to understand when a
rebuild
 introduced a change or not. This would require an additional concept
to be
 present, the overhead of that is currently unclear to me.

Just a somewhat silly idea..

What if we had a more pervasive content-addressing (CAS) --
i.e. generations were named by a hash of its contents -- hashes of the
constituent derivatations and relevant meta information?

In the case nothing truly changed, we'd get the same hash.

Mapping the hashes to a monotonic progression of numbers could then be
added atop.

-- 
regards,
Серёга Косырев
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.
-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Automatic download option for requireFile

[Tomasz Kontusz]

Talking about laws: are there any guidelines about what software can go into 
nixpkgs/can be distributed by hydra?
I know many distributions try to somehow separate the software illegal in USA 
(mostly DRM-related/patented stuff).

Kirill Elagin kirela...@gmail.com napisał:
As far as I understand, this is already happening if possible. That is,
once you agree to have packages with unfree licenses, they will be
fetched
for you. And will we have to accept licenses one by one or altogether
(as
it is happening now) is a separate discussion.
The problem with Oracle JDK and similar software is that the user is
required to accept the license specifically on their web site. Doing
what
you propose would probably be illegal (otherwise other distros would
have
implemented this, right?), so it might be a good idea to consult
lawyers
first ;).

On Sat, Feb 21, 2015, 18:00 Thomas Strobel ts...@cam.ac.uk wrote:

 Hi,

 I intend to add an automatic download option for software packages
where
 the user needs to accept a special license, like for example
oraclejdk.
 At the moment the nixpkgs build tool points to a specific download
page,
 and the users have to download the package themselves.
 I would like to add the possibility to accept the package specific
 license in the general nixpkgs config, e.g., with
 config.license.oraclejdk.accept=true; in the user's nixpkgs
 configuration, and then have the build tool downloading the package
 directly.

 Before I go ahead and implement it, what do you think about it?


 Cheers,
 Thomas
 ___
 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev





___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Fwd: Re: Override nix.maxJobs without editing hardware-configuration.nix?

[Tomasz Kontusz]

Oops, wrong address


 Wiadomość oryginalna 
Od: Tomasz Kontusz tomasz.kont...@gmail.com
Wysłane: Wed Feb 18 09:19:17 CET 2015
Do: James Cook james.c...@utoronto.ca
Temat: Re: [Nix-dev] Override nix.maxJobs without editing   
hardware-configuration.nix?

You can use nix.maxJobs = mkForce 4 - see 
https://nixos.org/nixos/manual/sec-writing-modules.html#sec-option-definitions

James Cook james.c...@utoronto.ca napisał:
I can't set nix.maxJobs in configuration.nix, because it is set in
hardware-configuration.nix:

error: The unique option `nix.maxJobs' is defined multiple times, in
`/etc/nixos/hardware-configuration.nix' and
`/etc/nixos/configuration.nix'.

Of course, I could work around this by editing
hardware-configuration.nix, but then the change would be lost the next
time I run nixos-generate-config. Is there a better way to do this?

(Context: with hyperthreading, my laptop presents 8 cores, but doesn't
really have an appropriate amount of RAM for 8 simultaneous builds.)

Thanks,
  James
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.
-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Why does fetchgit not look at the URL to determine the cache location?

[Tomasz Kontusz]

Rico Huijbers rix0...@gmail.com napisał:
Hi,
 (...)

Shouldn’t fetchgit build the hash from URL and rev, as opposed to the
provided hash? Or am I doing it wrong?
I think adding the rev to output hash is a good idea, but not the URL. URL can 
change without changing fetchgit's output. (Well, rev can too, but I think 
that's less common)

But I'm not sure if this can be implemented without adding a file with the rev 
to the output (or extending fixed-output derivations).

Regards,
Rico
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Wysłane za pomocą K-9 Mail.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] nixops waits forever for SSH

[Tomasz Kontusz]

Oops, did I not send my previous message to the ML?

This is the problem I've had on Ubuntu 14.04, I just changed the IP range for 
vboxnet0 in VBox GUI and removed other interfaces from there (I also 
reinstalled virtualbox before that, but it didn't help).
I'll give more details when I'm home.

Richard Wallace rwall...@thewallacepack.net napisał:
I cannot ping it.  As Eelco pointed out, vboxnet0 isn't getting
assigned
the right IP address.  Is this the same issue you had?  How did change
your
VBox network configuration to get it working?


On Fri, Aug 22, 2014 at 12:56 AM, Tomasz Kontusz
tomasz.kont...@gmail.com
wrote:

 Can you ping the IP that nixops gave you? I had a similar problem,
and it
 turned out to be caused by misconfigured networking in VBox

 Richard Wallace rwall...@thewallacepack.net napisał:

 On Thu, Aug 21, 2014 at 4:19 PM, Luca Bruno lethalma...@gmail.com
 wrote:

 Try disabling the firewall in the nixos configuration.


 In trivial.nix, I replaced
   networking.firewall.allowedTCPPorts = [ 80 ];

 with

   networking.firewall.enable = false;

 nixops was still unable to determine when the ssh server came up in
the
 virtual machine.



 About the virtualbox issue, it's possible that the vbox kernel of
your
 linux box is not compatible with the nixpkgs virtualbox.


 That's about what I'd figured too.  It's not so bad, I'll just have
a
 ~/nix/bin that I'll put in the PATH.  That way I can circumvent the
purity
 of nix-shell somewhat.



 On Fri, Aug 22, 2014 at 1:15 AM, Richard Wallace 
 rwall...@thewallacepack.net wrote:

 Hello again,

 I finally got `nixops deploy -d trivial` to create a virtualbox
image
 and start it - I had to abandon using virtualbox from nixpkgs and
instead
 put the VBoxManage installed by Arch on my PATH.

 During startup, the IP address is determined correctly and then
nixops
 says, waiting for SSH... and then just waits forever.  I can see
in the
 virtualbox console that SSH started, but nixops is unable to see
that.  Is
 there a step I am missing?  vboxdrv, vboxnetadp and vboxnetflt are
all
 loaded correctly.

 Thanks again,
 Rich

 ___
 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev




 --
 www.debian.org - The Universal Operating System


 --

 nix-dev mailing list
 nix-dev@lists.science.uu.nl
 http://lists.science.uu.nl/mailman/listinfo/nix-dev


 --
 Wysłane za pomocą K-9 Mail.


-- 
Wysłane za pomocą K-9 Mail.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Binary packages for custom store path installs

[Tomasz Kontusz]

Mateusz Kowalczyk fuuze...@fuuzetsu.co.uk napisał:
In the Nix manual it says:

##

It is best not to change the Nix store from its default, since doing so
makes it impossible to use pre-built binaries from the standard Nixpkgs
channels — that is, all packages will need to be built from source.

##

I'd like to know why it is impossible. I don't understand why it
matters
in the slightest whether the store sits at /nix/store or
somewhereelse/nix/store. Why does it even know the difference?
Built packages include absolute paths to things they depend on, so you'd have 
to rewrite them on install.
Rewriting those paths might be an interesting experiment, but it will have 
problems with archives (tarballs, jars) that might contain store paths.

Are there
plans to improve on this? After all, everything would still be in the
same relative location to the store. I'm not even sure if it actually
means that it is in fact impossible with how nix is designed as opposed
to ‘it's not currently implemented’.
I would love to know someone has come up with an idea on how to fix this, but 
hadn't heard about one.
It might be impossible without making all packages portable (as in only 
using relative paths), and I don't think it'll work with how RPATH is used in 
nix.

In environments where one only has regular user rights resources are
often constrained, be it hard drive space, memory or computational
power. Incurring the penalty of having to compile everything on top of
that merely because the store is not sitting at the top of the file
system is rather sub-optimal so it would be great if there was a
solution.

-- 
Wysłane za pomocą K-9 Mail.___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev