bug#54812: ‘guix system reconfigure’ closes SSH connections
Ludovic Courtès writes: > Ludovic Courtès skribis: > >> With OpenSSH turned into inetd style in commit >> 808b9e850491c7b1d867a5f1f4d5ee6f61f345d4, the service upgrade code used >> by ‘guix system reconfigure’ and ‘guix deploy’ wrongfully decides that >> the ‘sshd-*’ transient services corresponding to individual SSH >> connections should be closed: > > Fixed with: > > eeb8ac43c8 services: shepherd: Do not unload transient services. > a2c759c830 services: herd: Report whether a service is transient. > > Ludo’. Hm. I'm getting this issue. I did a guix pull locally, on the server... doesn't seem to make a difference. I get the very error reported above when using "guix deploy". I guess others aren't? I wonder why I am... - Christine
bug#55415: emacs-minimal-28.1-builder: Unknown # object: "#<"
> Re: bug#55415: emacs-minimal-28.1-builder: Unknown # object: "#<" Unverified solution: replace this ... (arguments (substitute-keyword-arguments (package-arguments emacs) ((#:configure-flags flags ''()) `(list "--with-gnutls=no" "--disable-build-details")) ((#:phases phases) `(modify-phases ,phases (delete 'restore-emacs-pdmp) (delete 'strip-double-wrap) by (arguments (substitute-keyword-arguments (package-arguments emacs) ((#:configure-flags flags ''()) #~(list "--with-gnutls=no" "--disable-build-details")) ((#:phases phases) #~(modify-phases #$phases (delete 'restore-emacs-pdmp) (delete 'strip-double-wrap) in the package definition of 'emacs-minimal'. The other package variants of emacs would also needs this change. The change to #:configure-flags is probably unnecessary but I think it's nice for consistency. Greetings, Maxime. signature.asc Description: This is a digitally signed message part
bug#55415: emacs-minimal-28.1-builder: Unknown # object: "#<"
Hi, Getting this error when I try and update my emacs profile after a recent guix pull: ---8<--- substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 100.0% The following derivations will be built: /gnu/store/jwm349jkbx675lsgkgvlgvyyzg89v4vf-emacs-async-1.9.4.drv /gnu/store/ah6zl6vdns20nwdhahsspnnbxdr4j0bn-emacs-minimal-28.1.drv building /gnu/store/ah6zl6vdns20nwdhahsspnnbxdr4j0bn-emacs-minimal-28.1.drv... ice-9/read.scm:126:4: In procedure read-expr*: /gnu/store/4i6avyj1sf50dmyg1242grbfacwgm4sa-emacs-minimal-28.1-builder:1:2852: Unknown # object: "#<" builder for `/gnu/store/ah6zl6vdns20nwdhahsspnnbxdr4j0bn-emacs-minimal-28.1.drv' failed with exit code 1 build of /gnu/store/ah6zl6vdns20nwdhahsspnnbxdr4j0bn-emacs-minimal-28.1.drv failed View build log at '/var/log/guix/drvs/ah/6zl6vdns20nwdhahsspnnbxdr4j0bn-emacs-minimal-28.1.drv.gz'. cannot build derivation `/gnu/store/jwm349jkbx675lsgkgvlgvyyzg89v4vf-emacs-async-1.9.4.drv': 1 dependencies couldn't be built guix build: error: build of `/gnu/store/jwm349jkbx675lsgkgvlgvyyzg89v4vf-emacs-async-1.9.4.drv' failed --->8--- I have narrowed it down to commit 64557bc695f074af3fcf1eeed8f6696921ef18c5 I have commented out my third party channels (flatwhatson and my own plt channel) and it still fails. Here is a repro: guix describe --format=channels: ---8<--- (list (channel (name 'guix) (url "https://git.savannah.gnu.org/git/guix.git;) (branch #f) (commit "64557bc695f074af3fcf1eeed8f6696921ef18c5") (introduction (make-channel-introduction "9edb3f66fd807b096b48283debdcddccfea34bad" (openpgp-fingerprint "BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA") -->8--- Run: guix pull --commit=64557bc695 guix build emacs-async I'm on a foreign distro if that makes any difference. Thanks. -- s/Fred[re]+i[ck]+/Fredrik/g
bug#55335: openssh-service no longer listens on IPv6
On Sat, 14 May 2022, Ludovic Courtès wrote: Hi, Thinking about it, what do you think is the risk of using AF_INET6 unconditionally? AFAICS it just works. Is there a switch somewhere that might affect that behavior? Yes, I beleive that it's in sysctl: ``` $ sysctl net.ipv6.bindv6only net.ipv6.bindv6only = 0 ``` If enabled, the v6 socket wouldn't work for v4. Disabled is the default on Guix System. I don't know what would happen if v6 were disabled entirely. Hopefully that's not something we have to worry about in 2022. HTH, Jack
bug#53594: no matching pattern #
Hello, The failing code is at gexp.scm:901:23, which corresponds to this: (mlet %store-monad ((obj (lower-object thing system #:target (and (not native?) target 901:(return (match obj ((? derivation? drv) (derivation-input drv (list output))) ((? store-item? item) item) ((? self-quoting?) ;; Some inputs such as can lower to ;; a self-quoting object that FILTERM will filter ;; out. #f That means (lower-object polkit) returned polkit (the package object) instead of a derivation, hence ‘match-error’. This is normally impossible: ‘lower-object’ calls ‘package->derivation’, which returns a derivation. But maybe something weird is happening when ‘build-derivations’ aborts to the build-handler prompt, or when the continuation is eventually resumed; maybe the object cache gets “poisoned” with an incorrect value during that process. So far the only reproducer we have seems to be along the lines of: grab the ISO, run ‘guix pull’ (if it’s the 1.3.0 ISO; if it’s a fresh ISO, that’s not necessary), run ‘guix system init’, watch it crash. Does anyone have a simpler reproducer? To be continued… Ludo’.
bug#55335: openssh-service no longer listens on IPv6
Hi, Christopher Baines skribis: > Switching to listing via IPv6 should support IPv4 connections, as Linux is > capable of translating IPv4 connections to IPv6. I think there's a risk that > switching to this approach will affect some uses of the openssh > service. Therefore, this commit makes this a configuration option, which is #f > by default. [...] > + (make-socket-address #$(if (openssh-listen-via-ipv6? > config) > + #~AF_INET6 > + #~AF_INET) > +INADDR_ANY > #$port-number) Thinking about it, what do you think is the risk of using AF_INET6 unconditionally? AFAICS it just works. Is there a switch somewhere that might affect that behavior? (I still think that changing ‘make-inetd-constructor’ to accept multiple addresses is a better fix longer-term, but if we can have this quick fix, that’s great.) Ludo’.
bug#52577: ‘guix lint’ throws an ugly backtrace if the GitHub updater receives “rate limit exceeded” error
Hi, Xinglu Chen skribis: > When running ‘guix lint -c refresh’ on a package hosted on GitHub, I get > an ugly backtrace when the GitHub rate limit has been reached. > > $ guix lint pipewire [...] >1428:5 5 (check-for-updates #) > 771:2 4 (call-with-networking-fail-safe _ _ _) > In ice-9/boot-9.scm: > 1752:10 3 (with-exception-handler _ _ #:unwind? _ # _) > 1685:16 2 (raise-exception _ #:continuable? _) > 1683:16 1 (raise-exception _ #:continuable? _) > 1685:16 0 (raise-exception _ #:continuable? _) > > ice-9/boot-9.scm:1685:16: In procedure raise-exception: > ERROR: > 1. : > uri: #< scheme: https userinfo: #f host: "api.github.com" port: #f > path: "/repos/PipeWire/pipewire/releases" query: #f fragment: #f> > code: 403 > reason: "rate limit exceeded" > 2. : "https://api.github.com/repos/PipeWire/pipewire/releases: HTTP > download failed: 403 (\"rate limit exceeded\")" This was fixed in March with commit 55e8e283ae398cc476e50e822383797c5f43db4c. Closing! Ludo’.
bug#55335: openssh-service no longer listens on IPv6
Hi, Christopher Baines skribis: > Prior to the switch to the openssh service using inetd, you could connect over > IPv4 or IPv6. With inetd, you can only connect over IPv4, meaning for machines > with just IPv6 connectivity, you can't connect. > > Switching to listing via IPv6 should support IPv4 connections, as Linux is > capable of translating IPv4 connections to IPv6. I think there's a risk that > switching to this approach will affect some uses of the openssh > service. Therefore, this commit makes this a configuration option, which is #f > by default. > > In the future, once it's easy to do so via Guile and the shepherd, it would be > good if two sockets were used, one for IPv4 and one for IPv6. That's not easy > at the moment, as the IPv6 socket conflicts with the IPv4 one, due to the > translation behaviour described above. Yes, I was going to suggest turning the ‘address’ argument of ‘make-inetd-constructor’ into ‘addresses’ (plural), with backward compatibility. For sshd, we’d do: (make-inetd-constructor (append #$openssh-command '("-i")) (list (make-socket-address AF_INET INADDR_ANY #$port-number) (make-socket-address AF_INET6 INADDR_ANY #$port-number))) It’s not that simple, due to the v6-to-v4 translation you mention: --8<---cut here---start->8--- scheme@(guile-user)> (define v4 (make-socket-address AF_INET INADDR_ANY )) scheme@(guile-user)> (define v6 (make-socket-address AF_INET6 INADDR_ANY )) scheme@(guile-user)> (define s4 (socket AF_INET SOCK_STREAM 0)) scheme@(guile-user)> (define s6 (socket AF_INET6 SOCK_STREAM 0)) scheme@(guile-user)> (bind s4 v4) scheme@(guile-user)> (bind s6 v6) ice-9/boot-9.scm:1685:16: In procedure raise-exception: In procedure bind: Address already in use Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue. --8<---cut here---end--->8--- … but it can be made to work: --8<---cut here---start->8--- scheme@(guile-user)> (define s4 (socket AF_INET SOCK_STREAM 0)) scheme@(guile-user)> (define s6 (socket AF_INET6 SOCK_STREAM 0)) scheme@(guile-user)> (define IPPROTO_IPV6 41) scheme@(guile-user)> (define IPV6_V6ONLY 26) scheme@(guile-user)> (setsockopt s6 IPPROTO_IPV6 IPV6_V6ONLY 1) scheme@(guile-user)> (bind s4 v4) scheme@(guile-user)> (bind s6 v6) --8<---cut here---end--->8--- So ‘make-inetd-constructor’ would interpret v6 addresses as v6-only, with the understanding that the caller has to explicitly pass all the relevant addresses. Thoughts? We could release Shepherd shortly with the fixes that have accumulated. The service in Guix would be able to use it, but only if PID 1 is recent enough. Thanks, Ludo’.
bug#54752: import: hackage: `elif` conditionals not supported
Hi Philip, > Since Cabal 2.2 conditional blocks support the `elif` construct [0], but our > hackage importer does not currently support such expressions. This causes > importing packages like `raaz` [1] to fail. attached patch series fixes the import for `raaz` by adding support for elif and other minor adjustments. There still is syntax we do not support, most importantly mixed indentation, which is already documented as xfail via a testcase. I’m adding a few more. Could you have a look please if these make sense? Cheers, Lars >From 6b47c1d399922b60dafa01105daa1b7ea3da3935 Mon Sep 17 00:00:00 2001 From: Lars-Dominik Braun Date: Sat, 30 Apr 2022 15:38:44 +0200 Subject: [PATCH 1/5] import: cabal: Support elif statement. * guix/import/cabal.scm (make-cabal-parser): Replace if-then-else grammar case with elif-else, modify if-then accordingly. (is-elif): New procedure. (lex-elif): Likewise. (is-id): Add elif keyword. (lex-word): Add test for elif. * tests/hackage.scm (test-cabal-if): New variale. (test-cabal-else): Likewise. (test-cabal-elif): Likewise. (test-cabal-elif-brackets): Likewise. (match-ghc-elif): Likewise. ("hackage->guix-package test lonely if statement", "hackage->guix-package test else statement", "hackage->guix-package test elif statement", "hackage->guix-package test elif statement with brackets"): New tests. --- guix/import/cabal.scm | 63 ++ tests/hackage.scm | 102 ++ 2 files changed, 136 insertions(+), 29 deletions(-) diff --git a/guix/import/cabal.scm b/guix/import/cabal.scm index 98d7234098..e1a082a31a 100644 --- a/guix/import/cabal.scm +++ b/guix/import/cabal.scm @@ -149,7 +149,7 @@ (define (make-cabal-parser) (right: IF FLAG EXEC TEST-SUITE CUSTOM-SETUP SOURCE-REPO BENCHMARK LIB COMMON OCURLY) (left: OR) (left: PROPERTY AND) - (right: ELSE NOT)) + (right: ELIF ELSE NOT)) ;; --- rules (body(properties sections) : (append $1 $2)) (sections(sections flags): (append $1 $2) @@ -193,32 +193,32 @@ (define (make-cabal-parser) (LIB open exprs close): `(section library ,$3)) (exprs (exprs PROPERTY) : (append $1 (list $2)) (PROPERTY) : (list $1) -(exprs if-then-else) : (append $1 (list $2)) -(if-then-else) : (list $1) -(exprs if-then) : (append $1 (list $2)) -(if-then): (list $1)) - (if-then-else (IF tests OCURLY exprs CCURLY ELSE OCURLY exprs CCURLY) - : `(if ,$2 ,$4 ,$8) - (IF tests open exprs close ELSE OCURLY exprs CCURLY) - : `(if ,$2 ,$4 ,$8) - ;; The 'open' token after 'tests' is shifted after an 'exprs' - ;; is found. This is because, instead of 'exprs' a 'OCURLY' - ;; token is a valid alternative. For this reason, 'open' - ;; pushes a with a line indentation equal to - ;; the indentation of 'exprs'. - ;; - ;; Differently from this, without the rule above this - ;; comment, when an 'ELSE' token is found, the 'open' token - ;; following the 'ELSE' would be shifted immediately, before - ;; the 'exprs' is found (because there are no other valid - ;; tokens). The 'open' would therefore create a - ;; with the indentation of 'ELSE' and not - ;; 'exprs', creating an inconsistency. We therefore allow - ;; mixed style conditionals. - (IF tests open exprs close ELSE open exprs close) - : `(if ,$2 ,$4 ,$8)) - (if-then (IF tests OCURLY exprs CCURLY) : `(if ,$2 ,$4 ()) -(IF tests open exprs close): `(if ,$2 ,$4 ())) +(exprs elif-else) : (append $1 (list ($2 '(() +(elif-else): (list ($1 '(() + ;; LALR(1) parsers prefer to be left-recursive, which make if-statements slightly involved. + ;; XXX: This technically allows multiple else statements. + (elif-else (elif-else ELIF tests OCURLY exprs CCURLY) : (lambda (y) ($1 (list (append (list 'if $3 $5) y +(elif-else ELIF tests open exprs close) : (lambda (y) ($1 (list (append (list 'if $3 $5) y +(elif-else ELSE OCURLY exprs CCURLY) : (lambda (y) ($1 (list $4))) +;; The 'open' token after 'tests' is shifted after an 'exprs' +;; is found. This is because, instead of 'exprs' a 'OCURLY' +;; token is a valid alternative. For this reason, 'open' +;; pushes a with a line indentation equal to +;; the indentation of 'exprs'. +;; +;; Differently from this, without the
bug#55335: openssh-service no longer listens on IPv6
Hi, Jack Hill skribis: > However, while ssh is now able to connect to the socket, something is > going wrong in the handoff to sshd. I see the following message > printed on the console when trying to connect: > > Uncaught exception in task: > In fibers.scm: > 150:8 4 (_) > In shepherd/service.scm: > 1435:21 3 (_) > 1280:30 2 (socket-address->string #(10 # 37896 0 0)) > In unknown file: > 1 (inet-ntop 2 42540578165178177408896616697074944157) > In ice-9/boot-9.scm: > 1685:16 0 (raise-exception _ #:continualbe? _) > ice-9/boot-9.scm:1685:16: In procecure raise-exception: > Value our of range 0 to 18446744073709551615: > 42540578165178177408896616697074944157 Oops, another embarrassing bug, now fixed in Shepherd commit 27dd4df9d83e9c59668bd9e6ca05a3a4983e10d2. Thanks, Ludo’.
bug#55406: GUIX Image API: wrong fs type and flag
I have a scheme code like (define rpi-boot-partition (partition (size (* 128 (expt 2 20))) (label "BOOT") (file-system "vfat") (flags '()) (initializer (gexp initialize-efi-partition (define rpi-root-partition (partition (size 'guess) (label "RASPIROOT") (file-system "ext4") (flags '(boot)) (initializer (gexp initialize-root-partition (define raspberry-pi-image (image (format 'disk-image) (partitions (list rpi-boot-partition rpi-root-partition The output is like that: $ fdisk -l /gnu/store/hnsfs5a161f5hvymg7ar541qrml62yvv-raspberry-pi-barebones-raw-image Device Boot Start End Sectors Size Id Type /gnu/store/hnsfs5a161f5hvymg7ar541qrml62yvv-raspberry-pi-barebones-raw-image1 1 262144 262144 128M 83 Linux /gnu/store/hnsfs5a161f5hvymg7ar541qrml62yvv-raspberry-pi-barebones-raw-image2 262145 3583688 3321544 1.6G 83 Linux No boot flag is set on the first partition. The file system seems to be incorrect (ext* instead of vfat)
bug#55405: Image API produces incorrect images
I have a scheme code like (define rpi-boot-partition (partition (size (* 128 (expt 2 20))) (label "BOOT") (file-system "vfat") (flags '()) (initializer (gexp initialize-efi-partition (define rpi-root-partition (partition (size 'guess) (label "RASPIROOT") (file-system "ext4") (flags '(boot)) (initializer (gexp initialize-root-partition (define raspberry-pi-image (image (format 'disk-image) (partitions (list rpi-boot-partition rpi-root-partition The output is like that: $ fdisk -l /gnu/store/hnsfs5a161f5hvymg7ar541qrml62yvv-raspberry-pi-barebones-raw-image Device Boot Start End Sectors Size Id Type /gnu/store/hnsfs5a161f5hvymg7ar541qrml62yvv-raspberry-pi-barebones-raw-image1 1 262144 262144 128M 83 Linux /gnu/store/hnsfs5a161f5hvymg7ar541qrml62yvv-raspberry-pi-barebones-raw-image2 262145 3583688 3321544 1.6G 83 Linux No boot flag is set on the first partition. The file system seems to be incorrect (ext* instead of vfat)