Re: [Nix-dev] Malicious installation methods
Dnia 17 czerwca 2016 13:12:57 CEST, Yui Hirasawanapisał(a): >I recently noticed that you recommend very malicious installation >methods on your download page for nix[1] > >Retrieving code straight from the internet and blindly executing is >never a good thing and you don't give any sort of recommendation for >the >user to inspect the script before running it. This completely defeats >the point of having reproducible builds when your system can be >completely infected when you install the package manager. This also >means that anything installed through the package manager is >potentially >malicious as well. The installer, when run, will fetch more code for users to blindly execute (as most of that code will be provided in compiled form). How is blindly running an installer worse than running other code from the same provider? >> $ curl https://nixos.org/nix/install | sh > >And this isn't made any better by the fact that you want users to run >the script blindly as the superuser. > >> This script requires that you have sudo access to root, The installer needs elevated privileges to do it's job. >I ask you to PLEASE remove this installation method from the >recommendations on the page because it makes it look like you don't >care >about computer secuirty one bit. Now, that's an interesting point. Are there many people who never installed nix because the installer is the recommended installation method? >PS. There are ways of detecthing when something is piped straight to an >interpreter and thus even if someone did curl and read the output and >then curled into a shell they could still get infected as serving >different pages depending on the circumstances isn't all that >difficult. This assumes https://nixos.org is already malicious - and then you shouldn't run *anything* that comes from there. >[1]: https://nixos.org/nix/download.html >___ >nix-dev mailing list >nix-dev@lists.science.uu.nl >http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Open source team messaging: mattermost
Dnia 29 lutego 2016 20:59:06 CET, Arseniy Serokanapisał(a): >IRC is awesome thing, why do we need to replace it? IRC replacements typically offer: * history * long messages with sane visualisation (like hiding parts of them in history until requested) - this greatly reduces the need for pastebins, and keeps everything in one place * email notifications * some light styling that works the same for everyone in the channel And all of that is integrated from the start, without the need to setup bouncers and looking through history on some other service. Also, IIRC mattermost has a nice visualisation of threads of discussion while still keeping the "common channel" feel (but I might be mistaking it with other service). As much as I like IRC for being a standardised protocol with many clients, it has not aged well. And movements to refresh it (like IRCv3) are pretty slow. Also you can't ignore the barrier to entry being much higher than for a browser-based chat app. -- Wysłane za pomocą K-9 Mail. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] builder for ‘*.drv’ failed to produce output path ‘*’
You need to create $out in your builder. Just "cp -r ./build $out" after the "make pgloader" will be a good start - at least you'll see if it's usable :-) On 13.12.2015 23:39, Tinker wrote: > Hi > > I'm trying to write a nix package for pgloader (a db migration tool > written by someone else and can be found at > https://github.com/dimitri/pgloader). > > When I run it as `nix-build -A pgloader` then I get: > > builder for ‘/nix/store/gz38vqm47i0vfyiqdz6qmqyx7ywprji5-pgloader-3.2.2.drv’ > failed to produce output path > ‘/nix/store/v5ya763xia00lp40yx6z5c0h6l1cvla2-pgloader-3.2.2’ > error: build of > ‘/nix/store/gz38vqm47i0vfyiqdz6qmqyx7ywprji5-pgloader-3.2.2.drv’ > failed > > I'm trying to figure out what it means but maybe someone can already > shed a light? > > The package does not have a 'make install', is that why it's > complaining out the missing output path? > What would be the way forward given I don't own the source of the > utility itself? > > default.nix (other comments welcome as well): > === > { stdenv, fetchurl, sbcl, unzip, curl, git, openssl, sqlite, freetds, > lispPackages, cacert }: > > stdenv.mkDerivation { >name = "pgloader-3.2.2"; >buildInputs = [ sbcl unzip curl git openssl sqlite freetds > lispPackages.cl-ssl cacert ]; > > LD_LIBRARY_PATH="${lispPackages.cl-ssl}/lib:${openssl}/lib:${sqlite}/lib:${freetds}/lib"; >SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt; >CURL_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt; > >builder = builtins.toFile "builder.sh" " > source $stdenv/setup > > PATH=$sbcl/bin:$PATH > > unzip $src > cd pgloader-* > sed -i 's/COMPRESS_CORE ?= yes/COMPRESS_CORE ?= no/' Makefile > make COMPRESS_CORE=no pgloader >"; > >src = fetchurl { > url = https://github.com/dimitri/pgloader/archive/master.zip; > md5 = "8b93075a1a5848a674101d90850dc90e"; > #url = https://github.com/dimitri/pgloader/archive/v3.2.2.zip; > #md5 = "4d00eb55bf7dbea0a8e55248d2bbb96d"; >}; >inherit sbcl; > } > === > > t > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS/Nixpkgs repository labels
GitHub should already know about that, is a label useful? It will always be at least a bit out of date too. Dnia 27 listopada 2015 11:56:04 CET, Matthias Beyernapisał(a): >On 27-11-2015 11:37:54, Pascal Wittmann wrote: >> On 11/22/2015 11:06 PM, Nicolas Pierron wrote: >> > I invite other contributors to join me on this triaging effort, >such >> > that this system is not only made for me. >> >> I have just added the label "2.status: merge conflict", to indicate >> which PRs are unmergable. >> > >We could write a bot for such trivial things. >Maybe there's also one available somewhere... > >-- >Mit freundlichen Grüßen, >Kind regards, >Matthias Beyer > >Proudly sent with mutt. >Happily signed with gnupg. > > > > >___ >nix-dev mailing list >nix-dev@lists.science.uu.nl >http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to stop all packages to stop compiling from binary
When using a channel you should have the core packages available as binaries. What is your cache configuration in nix.conf? Do you have any overrides? Dnia 1 listopada 2015 22:22:34 CET, rohit yadavnapisał(a): >Hi All- > >I upgraded my channel from 14.12 to 15.09 and now all the packages are >being compiled from source. How do I make it to get the pre-build >binaries? > >Thanks, >Rohit > > > > >___ >nix-dev mailing list >nix-dev@lists.science.uu.nl >http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] No such file or directory
It looks a bit like a filesystem corruption - make sure to run fsck on it (or scrub it, if it's btrfs) Dnia 10 września 2015 01:31:20 CEST, Arseniy Serokanapisał(a): >I don't know that happened but the solution is: >``` >cd /nix/var/nix/profiles/per-user/root >rm -rf channels >cp -r channel--link channel # please note, that `ln` did't >work >nixos-rebuild switch >``` > >2015-09-10 2:15 GMT+03:00 Arseniy Seroka : > >> Hello! >> I've just tried to use any nixos (and nix) command and got: >> ``` >> > nix-env -q >> error: getting status of ‘/nix/var/nix/profiles/per-user/root/P >�P�b� >> ’: No such file or directory >> > sudo nixos-rebuild switch >> error: getting status of ‘/nix/var/nix/profiles/per-user/root/��$�� � >�h� >> ’: No such file or directory >> building Nix... >> error: reading from file: Is a directory >> error: getting status of ‘/nix/var/nix/profiles/per-user/root/0��s� >�5mq >> ’: No such file or directory >> error: getting status of ‘/nix/var/nix/profiles/per-user/root/ �Sn� >��c�� >> ’: No such file or directory >> /tmp/nixos-rebuild.D4PZ5o/nix >> �� ’: No such file or directoryvar/nix/profiles/per-user/root/P >�@ >> building the system configuration... >> error: getting status of ‘/nix/var/nix/profiles/per-user/root/�Yw� >� >> ’: No such file or directory >> ``` >> Did `sudo nix-store --verify --check-contents --repair` and >everything is >> ok. >> My nixos.version is `16.03pre68239.bd84eba (Dingo).` >> >> What's that? And how to fix it? >> Yesterday I could make a rebuild successfully.. >> >> -- >> Sincerely, >> Arseniy Seroka >> > > > >-- >Sincerely, >Arseniy Seroka > > > > >___ >nix-dev mailing list >nix-dev@lists.science.uu.nl >http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Jar files
Nix only scans for hashes, and there's a good chance they'll be kept intact when compressing. If that's not good enough, then you'll have to make a file with references either by hand or by unpacking the jars. I don't know how often this will actually be needed - is Java retaining paths to dependencies after compilation? Dnia 28 sierpnia 2015 15:02:19 CEST, Daniel Peebles pumpkin...@gmail.com napisał(a): Hi all, We don't have much of a Java presence in Nixpkgs, but I was thinking of growing it. This leads to what seems like a bit of a thorny issue: most java code is distributed in jars, which are glorified zip files. Can anyone see the problem? The one I'm afraid of is one of runtime dependencies: normally we're fine embedding other nix store paths in code, under the assumption that the literal string will show up somewhere in the resulting binary. If you zip the result, that's no longer true without smarter scanning logic. So is the solution to make our java packaging never produce any jars, and explicitly unpack any we encounter? That feels kind of gross. Alternately, we could have a post-processor that scans the unpacked zip files for store paths and then replicates them somewhere in nix-support. Also doesn't feel ideal! Are there other options? Am I misunderstanding something or is this really an issue? Thanks, Dan ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Ideas for systematically avoiding unwanted runtime dependencies
On 08/27/2015 12:15 AM, Daniel Peebles wrote: Right now I'm struggling with my image pulling in gcc because it legitimately depends on icu4c, which mysteriously retains a runtime dependency on gcc. Regardless of specifics, individual packages can usually be fixed to reduce their runtime footprint, but I'm looking for ideas for how to do so in a systematic manner, so we don't just notice these things by accident and fix them one by one. Does anyone have any thoughts? For specific known-problematic packages we could use allowedReferences (see http://nixos.org/nix/manual/#sec-advanced-attributes) to make sure we have control over runtime dependencies. I'm not sure how that would work with multiple outputs, but if it was per-output we could even use it by default (most packages don't need references to gcc in their default output :-)). Also, multiple outputs won't really help with this problem because there's nothing stopping these packages from retaining references to many of our outputs. Thanks, Dan [1] https://github.com/NixOS/nixpkgs/issues/5895 ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] nix-shell unpackPhase does not work on my system
After unpackPhase you have to enter the unpacked source directory, then you can run configurePhase Dnia 20 sierpnia 2015 18:13:49 CEST, Massimo Zaniboni massimo.zanib...@gmail.com napisał(a): But on my Mint system, the nix-shell does not see the configurePhase and all other *Phase commands. I tried also on a Mint system installed from scratch on a distinct VM, for excluding problems on my system. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] crosscompiling question
I think the only way is to build in qemu on the host, or copy-closure whole system profiles (and then link and activate them by name). Lluís Batlle i Rossell vi...@viric.name napisał: On Tue, Jul 14, 2015 at 09:03:06AM +0200, Tomas Hlavaty wrote: Like this, I would like to crosscompile packages on my desktop and then copy-closure them to the board. However, they are different paths in the store. How can I actually achive this? Is there some trick I am missing? Different recipes give different store paths. The recipe of cross-building is quite different from the recipe of native building. If you expect the cross-built 'hello' to have the same hash as the natively built, I don't know any trick. They are effectively built differently, and thus, they have a different store path. I don't know of any way in nix that can relate cross-built packages with natively built. -- (Escriu-me xifrat si saps PGP / Write ciphered if you know PGP) PGP key D4831A8A - https://emailselfdefense.fsf.org/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] restarting a mongodb
I think you can add `systemd.services.mongodb.requires = [mongo.mount]` to tell systemd to mount (and wait for) /mongo when starting MongoDB. On 07/08/2015 07:13 AM, stewart mackenzie wrote: Hello all, So rebuilding our database server with this bit in our config: ``` services = { mongodb = { enable = true; bind_ip = 0.0.0.0; dbpath = /mongo/db; }; }; fileSystems./mongo = { device = /dev/xvdb; fsType = ext4; autoFormat = true; }; ``` resulted in this issue: ``` starting the following units: cron.service, fetch-ec2-data.service, kmod-static-nodes.service, network-local-commands.service, network-setup.service, nix-daemon.service, nscd.service, ntpd.service, print-host-key.service, rngd.service, systemd-logind.service, systemd-modules-load.service, systemd-sysctl.service, systemd-tmpfiles-clean.timer, systemd-tmpfiles-setup-dev.service, systemd-udev-settle.service, systemd-udev-trigger.service, systemd-udevd.service, systemd-vconsole-setup.service the following new units were started: mongo-bak.mount, mongo.mount, postfix.service warning: the following units failed: mongodb.service ● mongodb.service - MongoDB server Loaded: loaded (/nix/store/5kvf87w82nk9kfh5p2iamdq7gzc9nfr3-unit-mongodb.service/mongodb.service) Active: failed (Result: exit-code) since Wed 2015-07-08 12:38:15 HKT; 12ms ago Process: 15082 ExecStart=/nix/store/ifx5xm0m625gv003v1zsn15pr447zwmf-mongodb-2.6.5/bin/mongod --quiet --config /nix/store/18ahs474r1gbpkacy22rl6vy7q8jwxfq-mongodb.conf (code=exited, status=100) Process: 15041 ExecStartPre=/nix/store/sig4djkyinm552svg58ryzvs0apxjbf2-unit-script/bin/mongodb-pre-start (code=exited, status=0/SUCCESS) Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal mongod.27017[15137]: [initandlisten] warning caught exception (assertion src/mongo/db/dur_journal.cpp:362) in preallocateFiles, continuing Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal mongod.27017[15137]: [initandlisten] exception in initAndListen: 13516 couldn't open file /mongo/db/journal/j._0 for writing errno:2 No such file or directory, terminating Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal mongod.27017[15137]: [initandlisten] dbexit: Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal mongod.27017[15137]: [initandlisten] shutdown: going to close listening sockets... Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal mongod.27017[15137]: [initandlisten] shutdown: going to flush diaglog... Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal mongod[15082]: ERROR: child process failed, exited with error number 100 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal systemd[1]: mongodb.service: control process exited, code=exited status=100 Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal systemd[1]: Failed to start MongoDB server. Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal systemd[1]: Unit mongodb.service entered failed state. Jul 08 12:38:15 ip-172-30-0-78.ap-southeast-1.compute.internal systemd[1]: mongodb.service failed. warning: error(s) occured while switching to the new configuration ``` It seems the mongo db directory didn't exist yet as it was probably still formatting. Please note the autoFormat = true; in the script. We ran the script immediately afterwards and it ran without failures. As this is the database (which we're deprecating for datomic) it's important. How do I avoid such errors in future? Thanks in advance Stewart ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] funding nixos documentation
On 06/03/2015 08:21 PM, Jeffrey David Johnson wrote: Oops, replying to the whole list now. Begin forwarded message: Date: Wed, 3 Jun 2015 11:20:10 -0700 From: Jeffrey David Johnson jef...@gmail.com To: Joachim Schiele j...@lastlog.de Subject: Re: [Nix-dev] funding nixos documentation I like the idea but can't personally pay for it :( I see you have a paper on http://nixos.org/docs/papers.html comparing Nix to other package managers. I think that would be a great topic for documentation! Maybe a series of short tutorials for people coming from Debian, Arch, Gentoo, brew on OSX, etc. Also, long shot idea: we could put together a list of bounties. Pledge amounts toward particular fixes/goals and then when someone accomplishes them they post a paypal/bitcoin address to get paid. I'm not sure how to make it binding or pay up front or resolve disputes though. Actually there are already systems for bounties (https://www.bountysource.com/ is one) - do people here have any experience with those? Would it make sense to have one of such platforms endorsed by nixos.org? Jeff On Wed, 03 Jun 2015 16:43:07 +0200 Joachim Schiele j...@lastlog.de wrote: hey, if someone is willing to pay me for nixos documentation updates i would love to do some contribution(s)/rework. just let me know if you are interested. goals i consider importatnt: - nix/nixpkgs documentation - nix-shell examples - create a nix tutorial - create an offline version of the wiki - create an offline version of package/option search please contact me if you have interest in paying me for such things. regards, joachim schiele ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Git commit hashes
Colin Putney co...@wiresong.com napisał: On Tue, Jun 2, 2015 at 9:15 AM, Colin Putney co...@wiresong.com wrote: Hi all, I'm running a small cluster with several custom-built services, and I'd like to include git commit hashes in my logs so that I can easily find the source code that's producing them. I thought this would be straight-forward, but it's turning out to be surprisingly difficult. Running `git describe` Ugh, premature send. Sorry. In principle, including the git hash in the output of a build should be deterministic: for any given working copy, there is one and only one commit hash. In practice, though, running git describe without introducing impurity seems to be impossible. Anybody figured out how to do this? You can pass leaveDotGit = true into fetchgit, or pass the commit into the build script as a separate variable. Colin ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Fwd: Re: write_file '/etc/passwd.tmp' - syswrite: Bad address
I'm not sure, I've seen a similar problem some time in the last month. I assumed it's a broken file (laptop HDD, btrfs is a young FS, I kind of expect occasional problem :-)), but fsck showed no problems with any passwd file. Wout Mertens wout.mert...@gmail.com napisał: Well, that looks like hardware corruption somewhere. Might I recommend using zfs or btrfs as your filesystem to ensure integrity? On Sat, May 16, 2015, 4:58 PM Amy de Buitléir a...@nualeargais.ie wrote: Wout Mertens wout.mertens at gmail.com writes: so weird... what was the corruption? Halfway through the file, there was stuf like this: ÃU+0083ÂU+0083ÃU+0082ÂU+0083ÃU+0083ÂU+0082... ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to test my service definition without actually installing it?
I'm so bad at sending mail to the list :-( still learning to reply-all. Yes, that would rebuild the whole system. I normally build on top of nixos-unstable (there's a separate repo with branches for channels) instead of master, this helps with rebuilds. If you don't want to rebuild your whole system you can use nixops with local containers - that's how I normally test services that I won't run locally. BTW thanks for working on taskd service, I'd love to use one :-) Matthias Beyer m...@beyermatthias.de napisał: (Also send to the list, as you did not reply to the list as well) But I need to specify my git clone of the repo, right? And when doing this, my whole system gets rebuild using the definitions from master, so almost everything. I guess I can fix this by rebasing onto the unstable tracker git branches, can I? On 14-05-2015 10:17:44, Tomasz Kontusz wrote: You can use nixos-rebuild test to switch without polluting grub Matthias Beyer m...@beyermatthias.de napisał: Hi, I'm currently working on https://github.com/NixOS/nixpkgs/pull/7771 (taskwarrior-server service definition for nixos) How to test my service definition without installing it aka. without polluting my boot manager with boot entries? How to install it without rebuilding my complete system because of the switch from the nixos-unstable channel to the master branch channel. Or am I getting something wrong with the last sentence? -- Mit freundlichen Grüßen, Kind regards, Matthias Beyer Proudly sent with mutt. Happily signed with gnupg. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. -- Mit freundlichen Grüßen, Kind regards, Matthias Beyer Proudly sent with mutt. Happily signed with gnupg. -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] i686 Builds?
I'm on x86_64 and use some of those for running games (mostly what the steam package already pulls in, plus a few more that were needed for specific games). The idea to only build them after x86_64 sounds pretty good. Actually, are all packages build together with the tests or only after they pass? Shea Levy s...@shealevy.com napisał: Hi all, Do we still have users running 32-bit machines? It would reduce the load on hydra significantly if we could drop support for i686, though of course if people are still relying on it we shouldn't make the change yet. ~Shea ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Fwd: Re: Possible bug in ssh key module
Oops, replied to the wrong address. Wiadomość oryginalna Od: Tomasz Kontusz tomasz.kont...@gmail.com Wysłane: Tue May 12 10:25:21 CEST 2015 Do: Anand Patil anand.prabhakar.pa...@gmail.com Temat: Re: [Nix-dev] Possible bug in ssh key module It would still be nice if the middle yelled at you instead of using obviously wrong inputs. Actually, is there any practice already in place for this kind of checks? Like how picky should they be, and should they be overridable Anand Patil anand.prabhakar.pa...@gmail.com napisał: Hi Bas, yep, it was just that. Sorry for the false alarm. Thanks, Anand On Mon, May 11, 2015 at 12:52 AM, Bas van Dijk v.dijk@gmail.com wrote: On 11 May 2015 at 04:45, Anand Patil anand.prabhakar.pa...@gmail.com wrote: Hi everyone, Just wanted to point out a small possible bug in NixOS version 15.05pre61966.75ebc3c (Dingo). I noticed that when I add an authorizedKeys option to my user like so: openssh.authorizedKeys.keys = [ ssh-rsa stuff ]; the contents of /etc/ssh/authorized_keys.d/anand look like ssh-rsa stuff with a newline after the ssh-rsa, Hi Anand, The implementation looks correct. It only adds newlines between the keys: https://github.com/NixOS/nixpkgs/blob/75ebc3cf1dc1365be5a05018fc8e5409c66025cb/nixos/modules/services/networking/ssh/sshd.nix#L55 Are you sure your string doesn't contain a newline? Maybe your text editor added a newline when it wrapped the string. Bas ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] i686 Builds?
By amd32 do you mean amd64 with 32 bit pointers? Lluís Batlle i Rossell vi...@viric.name napisał: amd32 should be ready in the kernel and gcc/glibc. We just need someone to prepare nix/nixpgks/nixos for this. :) On Tue, May 12, 2015 at 12:05:29PM +0200, Christian Theune wrote: Hi, same here. Many interpreted languages (like Python) are affected by this as they tend to be quite pointer-happy. As pointer-size doubles from 32bit to 64bit we find that in most applications we have about 70% increase when moving to 64-bit ending up with 1.7 as much memory as before. So we also currently run applications in 32-bit virtual machines and rather use many 3GiB processes than a few bigger ones. Moving from 3GiB to 64bit requires about 5GiB just to even out the pointer-size effects. Supposedly the amd64 instruction set has some benefits that make e.g. Python run faster on certain computational stuff, but I don’t have prove for that. In the long term we will include 64-bit in the mix anyway as some applications (Mongo, sigh) are quite trigger happy with allocating virtual (non residential) memory for mmapping insane numbers of insanely large files … Christian On 12 May 2015, at 11:59, Lluís Batlle i Rossell vi...@viric.name wrote: My experience is equal with Marco, about memory and my usage of i686. i686 is important for me too. On Tue, May 12, 2015 at 11:43:47AM +0200, Marco Maggesi wrote: I use 32 bit a lot. First of all, I use it on some old machines with 32bit hardware. But, more importantly, I use it regularly on virtuabox and xen virtual machines. In my experience, for most of my use cases the 32bit require less memory (which is often not abundant on virtual instances) and it is thus generally faster for many computing tasks . I made some tests with HOL Light (the theorem prover). The bare program has memory occupation which almost the double in the 64bit version (~1.2Gb) with respect to the 32bit version (~0.7Gb). On a virtual machine with 2Gb of ram, the 32 bit it is often 10%-20% faster on typical usage and 50% faster or more when the computation requires more memory. In my experience, the version 32 bit can be more convenient than the 64bit version in a variety of situations. So, please, do not give-up with 32 bit support. Marco 2015-05-12 11:08 GMT+02:00 Luke Clifton ltclif...@gmail.com: +1 This seems like a good idea. On 12 May 2015 at 06:45, William Kennington will...@wkennington.com wrote: Maybe it would make more sense to only build the i686 builds if our tested set of x86_64 binaries build correctly. We would still release with both but it would cut down on a lot of redundant failures. On Mon, May 11, 2015 at 3:39 PM Ryan Trinkle ryan.trin...@gmail.com wrote: I encountered an i686 user just the other day! I don't use it personally, but having solid support in Nix was fantastic, especially because older, 32-bit machines tend to be slower, which makes Nix's binary caching functionality even more important. On Mon, May 11, 2015 at 6:36 PM, Shea Levy s...@shealevy.com wrote: Hi all, Do we still have users running 32-bit machines? It would reduce the load on hydra significantly if we could drop support for i686, though of course if people are still relying on it we shouldn't make the change yet. ~Shea ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- (Escriu-me xifrat si saps PGP / Write ciphered if you know PGP) PGP key D4831A8A - https://emailselfdefense.fsf.org/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev — Christian Theune · c...@flyingcircus.io · +49 345 219401 0 Flying Circus Internet Operations GmbH · http://flyingcircus.io Forsterstraße 29 · 06112 Halle (Saale) · Deutschland HR Stendal HRB 21169 · Geschäftsführer: Christian. Theune, Christian. Zagrodnick -- (Escriu-me xifrat si saps PGP / Write ciphered if you know PGP) PGP key D4831A8A - https://emailselfdefense.fsf.org/ ___ nix-dev mailing list
[Nix-dev] Fwd: Re: Gratuitous generations
Argh, responded to the wrong address again :-/ Wiadomość oryginalna Od: Tomasz Kontusz tomasz.kont...@gmail.com Wysłane: Tue Mar 31 08:37:07 CEST 2015 Do: Serge Kosyrev _deepf...@feelingofgreen.ru Temat: Re: [Nix-dev] Gratuitous generations Cool idea! I'm sure you'll be happy to know that's how nix profiles (the system one too) work already :-) Serge Kosyrev _deepf...@feelingofgreen.ru napisał: Christian Theune c...@flyingcircus.io writes: We could add an option to suppress creating a new generation if nothing has changed. Sounds like an idea to start working on this. If your main concern is to avoid accidentally breaking the switch/rollback semantics while providing this then maybe at some point the option could be dropped. Mulling over this: I’m not sure what the clear expectation is on the switch/rollback scenario when nothing is changing. Knowing that rolback always gets me to the point prior to the last switch (independently whether something was changed or not) is a simple rule (which is good). I can also see that rollback fixes the last change. This would require users to understand when a rebuild introduced a change or not. This would require an additional concept to be present, the overhead of that is currently unclear to me. Just a somewhat silly idea.. What if we had a more pervasive content-addressing (CAS) -- i.e. generations were named by a hash of its contents -- hashes of the constituent derivatations and relevant meta information? In the case nothing truly changed, we'd get the same hash. Mapping the hashes to a monotonic progression of numbers could then be added atop. -- regards, Серёга Косырев ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Automatic download option for requireFile
Talking about laws: are there any guidelines about what software can go into nixpkgs/can be distributed by hydra? I know many distributions try to somehow separate the software illegal in USA (mostly DRM-related/patented stuff). Kirill Elagin kirela...@gmail.com napisał: As far as I understand, this is already happening if possible. That is, once you agree to have packages with unfree licenses, they will be fetched for you. And will we have to accept licenses one by one or altogether (as it is happening now) is a separate discussion. The problem with Oracle JDK and similar software is that the user is required to accept the license specifically on their web site. Doing what you propose would probably be illegal (otherwise other distros would have implemented this, right?), so it might be a good idea to consult lawyers first ;). On Sat, Feb 21, 2015, 18:00 Thomas Strobel ts...@cam.ac.uk wrote: Hi, I intend to add an automatic download option for software packages where the user needs to accept a special license, like for example oraclejdk. At the moment the nixpkgs build tool points to a specific download page, and the users have to download the package themselves. I would like to add the possibility to accept the package specific license in the general nixpkgs config, e.g., with config.license.oraclejdk.accept=true; in the user's nixpkgs configuration, and then have the build tool downloading the package directly. Before I go ahead and implement it, what do you think about it? Cheers, Thomas ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Fwd: Re: Override nix.maxJobs without editing hardware-configuration.nix?
Oops, wrong address Wiadomość oryginalna Od: Tomasz Kontusz tomasz.kont...@gmail.com Wysłane: Wed Feb 18 09:19:17 CET 2015 Do: James Cook james.c...@utoronto.ca Temat: Re: [Nix-dev] Override nix.maxJobs without editing hardware-configuration.nix? You can use nix.maxJobs = mkForce 4 - see https://nixos.org/nixos/manual/sec-writing-modules.html#sec-option-definitions James Cook james.c...@utoronto.ca napisał: I can't set nix.maxJobs in configuration.nix, because it is set in hardware-configuration.nix: error: The unique option `nix.maxJobs' is defined multiple times, in `/etc/nixos/hardware-configuration.nix' and `/etc/nixos/configuration.nix'. Of course, I could work around this by editing hardware-configuration.nix, but then the change would be lost the next time I run nixos-generate-config. Is there a better way to do this? (Context: with hyperthreading, my laptop presents 8 cores, but doesn't really have an appropriate amount of RAM for 8 simultaneous builds.) Thanks, James ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why does fetchgit not look at the URL to determine the cache location?
Rico Huijbers rix0...@gmail.com napisał: Hi, (...) Shouldn’t fetchgit build the hash from URL and rev, as opposed to the provided hash? Or am I doing it wrong? I think adding the rev to output hash is a good idea, but not the URL. URL can change without changing fetchgit's output. (Well, rev can too, but I think that's less common) But I'm not sure if this can be implemented without adding a file with the rev to the output (or extending fixed-output derivations). Regards, Rico ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] nixops waits forever for SSH
Oops, did I not send my previous message to the ML? This is the problem I've had on Ubuntu 14.04, I just changed the IP range for vboxnet0 in VBox GUI and removed other interfaces from there (I also reinstalled virtualbox before that, but it didn't help). I'll give more details when I'm home. Richard Wallace rwall...@thewallacepack.net napisał: I cannot ping it. As Eelco pointed out, vboxnet0 isn't getting assigned the right IP address. Is this the same issue you had? How did change your VBox network configuration to get it working? On Fri, Aug 22, 2014 at 12:56 AM, Tomasz Kontusz tomasz.kont...@gmail.com wrote: Can you ping the IP that nixops gave you? I had a similar problem, and it turned out to be caused by misconfigured networking in VBox Richard Wallace rwall...@thewallacepack.net napisał: On Thu, Aug 21, 2014 at 4:19 PM, Luca Bruno lethalma...@gmail.com wrote: Try disabling the firewall in the nixos configuration. In trivial.nix, I replaced networking.firewall.allowedTCPPorts = [ 80 ]; with networking.firewall.enable = false; nixops was still unable to determine when the ssh server came up in the virtual machine. About the virtualbox issue, it's possible that the vbox kernel of your linux box is not compatible with the nixpkgs virtualbox. That's about what I'd figured too. It's not so bad, I'll just have a ~/nix/bin that I'll put in the PATH. That way I can circumvent the purity of nix-shell somewhat. On Fri, Aug 22, 2014 at 1:15 AM, Richard Wallace rwall...@thewallacepack.net wrote: Hello again, I finally got `nixops deploy -d trivial` to create a virtualbox image and start it - I had to abandon using virtualbox from nixpkgs and instead put the VBoxManage installed by Arch on my PATH. During startup, the IP address is determined correctly and then nixops says, waiting for SSH... and then just waits forever. I can see in the virtualbox console that SSH started, but nixops is unable to see that. Is there a step I am missing? vboxdrv, vboxnetadp and vboxnetflt are all loaded correctly. Thanks again, Rich ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- www.debian.org - The Universal Operating System -- nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Wysłane za pomocą K-9 Mail. -- Wysłane za pomocą K-9 Mail. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Binary packages for custom store path installs
Mateusz Kowalczyk fuuze...@fuuzetsu.co.uk napisał: In the Nix manual it says: ## It is best not to change the Nix store from its default, since doing so makes it impossible to use pre-built binaries from the standard Nixpkgs channels — that is, all packages will need to be built from source. ## I'd like to know why it is impossible. I don't understand why it matters in the slightest whether the store sits at /nix/store or somewhereelse/nix/store. Why does it even know the difference? Built packages include absolute paths to things they depend on, so you'd have to rewrite them on install. Rewriting those paths might be an interesting experiment, but it will have problems with archives (tarballs, jars) that might contain store paths. Are there plans to improve on this? After all, everything would still be in the same relative location to the store. I'm not even sure if it actually means that it is in fact impossible with how nix is designed as opposed to ‘it's not currently implemented’. I would love to know someone has come up with an idea on how to fix this, but hadn't heard about one. It might be impossible without making all packages portable (as in only using relative paths), and I don't think it'll work with how RPATH is used in nix. In environments where one only has regular user rights resources are often constrained, be it hard drive space, memory or computational power. Incurring the penalty of having to compile everything on top of that merely because the store is not sitting at the top of the file system is rather sub-optimal so it would be great if there was a solution. -- Wysłane za pomocą K-9 Mail.___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev