Re: How to put a file in /gnu/store and set its permissions

[Leo Famulari]

On Sat, Dec 04, 2021 at 04:47:12PM -0600, Nathan Dehnel wrote:
> https://guix.gnu.org/manual/en/html_node/G_002dExpressions.html
> This says to set #:recursive? #t and guix will preserve its
> permissions in the store. I have done this:
> 
> (define guixrig_host_rsa_key
> (local-file "ssh/guixrig_host_rsa_key" #:recursive? #t))
> 
> The file this expression puts in the store has permissions of 444,
> despite the original being 400. How do I prevent guix from changing
> permissions, or manually override them?

In general, the store cannot be used to store secrets.  By design,
everything in the store is made world-readable despite what permissions
are set, for example in a package definition. I'm not sure if that's
documented in the manual; I don't see it in the manual section The Store
[1].

I'm not sure exactly what code ensures that everything in the store is
readable, but it's probably somewhere in the daemon [0], which is what
writes to the store [1].

The question of how to handle secrets in Guix has been discussed many
times over the years and there are some solutions in various services;
maybe there is a canonical solution now. But basically the idea is to
store the secret outside of the store, like in /etc, as defined in a
service configuration in config.scm.

Hopefully some other people can join the conversation with more specific
advice.

[0]
https://git.savannah.gnu.org/cgit/guix.git/tree/nix?h=v1.3.0

[1] I'd guess that canonicaliseTimestampAndPermissions is always called:
https://guix.gnu.org/manual/en/html_node/The-Store.html

How to put a file in /gnu/store and set its permissions

[Nathan Dehnel]

https://guix.gnu.org/manual/en/html_node/G_002dExpressions.html
This says to set #:recursive? #t and guix will preserve its
permissions in the store. I have done this:

(define guixrig_host_rsa_key
(local-file "ssh/guixrig_host_rsa_key" #:recursive? #t))

The file this expression puts in the store has permissions of 444,
despite the original being 400. How do I prevent guix from changing
permissions, or manually override them?

[package-building] configure: error: can not run /tmp/guix-build-.*

[indieterminacy]

Hello,

Im unsuccessful at packaging the (dusty) compiler/parser Preccx.

The logfile reveals this at the build stage:
```
starting phase `build'
mkdir -p build/`src/config.guess`
mkdir -p build/`src/config.guess`/include
sh -c 'cwd=`pwd`; cd build/`src/config.guess` ; \
$cwd/src/configure --srcdir=$cwd/src'
creating cache ./config.cache
checking package version... preccx 2.60
configure: error: can not run 
/tmp/guix-build-preccx-2.60.drv-0/precc-2.60/src/config.sub
make: *** [Makefile:50: build/`src/config.guess`/configure] Error 1
command "make" "-j" "4" failed with status 2
```

Running Make traditonally from the repo's parent-folder appears to work (though 
I
havent installed it yet). It's logfile does manage to evaluate
`src/config.guess` into x86_64-unknown-linux-gnu, in order to create an
acceptable bind/x86_64-unknown-linux-gnu/ directory-pathway.

This is commensurate within the INSTALL files expectations:
```
i) in this directory run  make config; make; make test; make install, or

ii) change to a different build directory. I suggest ./build/
 mkdir -p build/; cd build/
   Then the Makefile needs to be created in that directory by running
 ../src/configure --srcdir=
   After that and still in the build directory, you run
 make;  make install
```

FYI, I did have to tweak two lines when attempting something similar in
a Debian compilation to resolve x2 bad substitution errors but Guix did
not appear to trip over in the same situation. (I dont have my tweaks at hand).

The full log of the traditional make installation (see appendix) does mention 
Debian
install files but I do not know whether they are impactful to the Guix
install or not.

There is no file in my directory /tmp containing the prefix guix-build-
.

Here is my WIP guix package-definition:
```
(define-module (preccx)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix build-system gnu)
  #:use-module (guix download)
  #:use-module (gnu packages build-tools)  
  #:use-module (gnu packages groff))

(define-public preccx
  (package
   (name "preccx")
   (version "2.60")
   (source
(origin
 (method url-fetch)
 (uri (string-append "https://sourceforge.net/projects/"; name 
"/files/preccx/" version "/precc-" version ".tgz/download"))
 (sha256
  (base32 "0lml2h0c5pk1fb1cc7iwbdildrk0cbcl4cfmixh4bpl0swf82dx7"
   (build-system gnu-build-system)
   (arguments
`(#:phases (modify-phases %standard-phases
  (add-before 'build 'set-CC
  (lambda _
(setenv "CC" "gcc")
#t))
  (delete 'configure)) ; rq no configure script
  ;;#:make-flags (list (string-append "CC=" ,(cc-for-target))
  ;; (string-append "prefix=" %output))
  #:tests? #f)) ;; rq   tests-exist deactivated for the moment
   (native-inputs
`(("groff" ,groff)))
   (synopsis "higher order compiler compiler")
   (description
"PRECCX is an infinite-lookahead higher-order compiler-compiler for 
context-dependent grammars. The generated code is ANSI C and ANSI C++; the code 
will compile and run under either C or C++. PRECCX grammars admit EBNF + 
inherited and synthetic attributes")
   (home-page "https://sourceforge.net/projects/preccx/";)
   (license license:gpl2)))

preccx
```

Groff is used as my approximation for Nroff, in order to compile
manpages.

Preccx is a 1990s script, with the last version released in 2007, it has
a patchwork and tests to permit a wide range of OSes from that time
period. Its entirely possible that a fresh makefile would help but the
number of config files and makefiles makes it feel like a can of worms.

Does anybody have any clue regarding how the build script should be
altered?

Kind regards,


Jonathan

indieterminacy@libre.brussels

# Appendix A: Log re Guix package build
```
WARNING: (guile-user): imported module (guix build utils) overrides core 
binding `delete'
starting phase `set-SOURCE-DATE-EPOCH'
phase `set-SOURCE-DATE-EPOCH' succeeded after 0.0 seconds
starting phase `set-paths'
environment variable `PATH' set to 
`/gnu/store/zjwffq7qj1jdzs8brcddq381zkfcpgd2-groff-1.22.4/bin:/gnu/store/v6f44zccwh9z5zk3pjlywjybbi8n2hjh-tar-1.32/bin:/gnu/store/ncydgq2znms5n1d2k5yqshhf58nsixwv-gzip-1.10/bin:/gnu/store/i8h2pcxqdq07ijm3ibkka8f4smn1w48v-bzip2-1.0.8/bin:/gnu/store/9860f1abqj8wjjnwl8a9v54pdcc3bhgf-xz-5.2.4/bin:/gnu/store/60g7r3l01fd7c58yjbm6krgcwj1jkpwg-file-5.38/bin:/gnu/store/n4n560pfvvw50a9369axw5vj5rrqfj1n-diffutils-3.7/bin:/gnu/store/cd5qf3kcnlq35p9k392pjdpdzpsnds70-patch-2.7.6/bin:/gnu/store/hic7snhayfl7m6cpfqqr73nmm19bpqkg-findutils-4.7.0/bin:/gnu/store/swqdvwri9dbv6zssg6v0by7l05hd6wxp-gawk-5.0.1/bin:/gnu/store/ishk7fswcs4gkwcp8mh788z4mvvl9bxh-sed-4.8/bin:/gnu/store/bhs4rj58v8j1narb2454raan2ps38xd8-grep-3.4/bin:/gnu/store/57xj5gcy1j

Re: Issues with CUPS

[Tobias Geerinckx-Rice]

Alexander,

Alexander Asteroth 写道：

- Which PPD file did you import?  Was it[0]?  If not, try that.


I have no idea what it[0] is.


This is about to become amusingly confusing, because I'm in turn 
not sure what ‘it[0]’ refers to above.


If you mean the ‘[0]’: there was a link at the bottom of my mail 
to the PPD I tried.


If you mean the file itself: it's what this form[1] (another link 
below :-) produces from selecting your printer model and clicking 
‘Generate PPD file’.


I did not inspect how that site works, but as modern CUPS 
autogenerates .ppd files from .drv files, I expect it to do the 
same.



The ppd I used before is from the Samsung uld-package


That's the binary-only (and hence unsupportable) .deb, right?

- Why remove foomatic-filters from the default CUPS extensions 
list?


I was not aware that adding filters to the service description 
overrides
the filters default values. I thought it just add's them and 
somewhere

it was remommended adding the hplib-minimal filters, and in my
helplessness I tried everything ;-)


Wait, so it didn't work with the default list?  :-(

Also, was it not clear from the Guix manual that the default list 
should include all viable drivers?  If you have any suggestions to 
improve the wording, please let me know!


Anyway, I gave other Samsung drivers a try and with the 
SCX-5330N I found a

driver that also seems to work with my SCX-4729.


Great!  All's well that ends well.

I find it strange that the foomatic package doesn't offer you 
exact printer model when it probably supports it, but that's not 
really a Guix bug, I think.


Happy printing,

T G-R

[0]: 
https://openprinting.org/ppd-o-matic.php?driver=pxlmono&printer=Samsung-SCX-472x&.submit=Generate+PPD+file&show=1&.cgifields=show&.cgifields=shortgui

[1]: https://www.openprinting.org/driver/pxlmono


signature.asc
Description: PGP signature

Re: Printer configuration failed due to missing filters

[Daniel Meißner]

Hi Tobias,

> Daniel Meißner 写道：
>> I am currently trying to configure my Epson printer on Guix system
>> using system-config-printer.  The printer is connected via USB and is
>> automatically detected in the dialog window that opens if I click on
>> "Add". I select the printer from the list and click on "Forward",
>> then I enter the printer name, a description and a location in the
>> section "Describe Printer".  However, if I click on "Apply", the
>> following error message is printed:
>
> I was unable to reproduce this at all, albeit without an Epson USB
> printer connected, of course.

Using the web-interface of CUPS I could add my printer seamlessly and
even print a test page.  So thanks!  However, as mentioned in [1], the
web interface responded super slowly which was the reason to use
system-config-printer and gnome-control-center in the first place.
After the fix the web-interface now runs smoothly.

However, gnome-control-center still `Failed to add new printer' and
system-config-printer still prints the error message I mentioned before.
As before it adds the printer but refuses to print a test page saying
‘There was an error during the CUPS operation: 'No such file or
directory'’.

Nevertheless, I found that it is possible to print a PDF document from
evince on the very same printer that I added using
system-config-printer.  So the problem seems to lie within
system-config-printer (and not CUPS) searching the right PATH for the
Epson filter.  Additionally, gnome-control-center does not seem to work
at all in that regard because I did not manage to add the printer with
it.

I am happy now since I am able to print but maybe it is worthwhile
investigating this issue with gnome-control-center within the
core-updates-frozen branch.  Because this would be the first place to
try to add printers for new Guix users that use Gnome.  I would be happy
to help although I can probably only try to reproduce this issue on
core-updates-frozen.

Best
Daniel


1: https://lists.gnu.org/archive/html/help-guix/2021-12/msg00010.html

Re: Issues with CUPS

[Daniel Meißner]

Hi Alexander, hi Tobias,

Tobias Geerinckx-Rice writes:
> Alexander Asteroth 写道：
>> When the system is restarted and I try to access cups via
>> localhost:631, after clicking on some (admin) link to add a printer
>> (or similar) it takes 2minutes (exactly) for the page to show up. In
>> /var/log/cups/access_log and .../error_log numerrous repeated entries
>
> This sounds like the bug long fixed on core-updates (‘any day now’ :-)
> that hasn't made it to master yet[0].  A simple
>
>   $ sudo touch /etc/cups/cupsd.conf
>
> to create the file in question should work around it for now.

Thank you very much! I have had the same issues with the web-interface
under http://localhost:631/admin.  After creating the file, it works
perfectly.  I was going to mention this problem in the thread

also, since I thought it was related to my problem there.

Best
Daniel

Re: Issues with CUPS

[Alexander Asteroth]

Hi Tobias,

thanks for the hint (see below). After touching /etc/cups/cupsd.conf it
immediately worked perfectly fine.

W.r.t. your other email:

> - Which PPD file did you import?  Was it[0]?  If not, try that.

I have no idea what it[0] is. The ppd I used before is from the Samsung
uld-package and is called Samsung_SCX-472x_Series.ppd

> - Why remove foomatic-filters from the default CUPS extensions   list?

I was not aware that adding filters to the service description overrides
the filters default values. I thought it just add's them and somewhere
it was remommended adding the hplib-minimal filters, and in my
helplessness I tried everything ;-)

Anyway, I gave other Samsung drivers a try and with the SCX-5330N I found a
driver that also seems to work with my SCX-4729.

... Now it works! Thanks!

Cheers,

Alex


On Fri, Dec 03 2021, 21:25:56, Tobias Geerinckx-Rice  wrote:

> [[PGP Signed Part:Undecided]]
> Alexander,
>
> Alexander Asteroth 写道：
>> When the system is restarted and I try to access cups via
>> localhost:631,
>> after clicking on some (admin) link to add a printer (or similar) it
>> takes 2minutes (exactly) for the page to show up. In
>> /var/log/cups/access_log and .../error_log numerrous repeated
>> entries
>
> This sounds like the bug long fixed on core-updates (‘any day now’ :-)
> that hasn't made it to master yet[0].  A simple
>
>  $ sudo touch /etc/cups/cupsd.conf
>
> to create the file in question should work around it for now.
>
> Maybe remember to delete it post-c-u-merge, or don't; an empty file
> doesn't waste much space.
>
>> I have also another problem related to my printer wich is a Samsung
>> SCX-472x-series (accessed over ethernet). On openprinting.org the
>> suggested driver is
>> (https://www.openprinting.org/printer/Samsung/Samsung-SCX-472x) from
>> Samsung. So far I used it on debian and arch and it worked perfect,
>> but
>> I thik it's non-GPL.
>
> OpenPrinting claims that it's ‘MIT’ but a brief search didn't lead me
> to anything resembling source code.  Samsung's printer division being
> absorbed by HP doesn't help.
>
>> I can import only the ppd file for my printer but this refers to
>> some
>> filter
>
> Yeah, PPD files are just metadata files for actual printers/drivers
> and downloading them separately is usually pointless.
>
>> Any idea how to prodeed to get my printing working?
>
> Not really, I'm afraid.  The only Samsung laser printers I've ever
> used with Guix worked fine with SpliX.  It does not provide a 
> rastertospl filter, only rastertoqpdl.
>
> The most likely path forward is to find the sources to the
> pxlmono{-Samsung,} package if they exist.
>
> I started packaging the Ghostscript Printer Application this week,
> which we'll need when CUPS removes support for printer drivers 
> completely.  I'll check whether it contains anything relevant when I
> get back.  I'm not hopeful.
>
> Kind regards,
>
> T G-R
>
> [0]: https://issues.guix.gnu.org/42068#0
>
> [[End of PGP Signed Part]]



signature.asc
Description: PGP signature