Re: Connection refused to Guix-hosted SSH

[Oleg Pykhalov]

"dabb...@gmail.com"  writes:

[…]

> Sure. I receive a bunch of messages of this form:
>
> Oct 14 10:04:23 localhost vmunix: [ 5869.880044] audit: type=1326
> audit(1665734663.369:6): auid=4294967295 uid=989 gid=983
> ses=4294967295 subj=unconfined pid=599 comm="sshd"
> exe="/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd"
> sig=31 arch=4003 syscall=414 compat=0 ip=0xb7f94549 code=0x0
> Oct 14 10:04:23 localhost shepherd[1]: 0 connections still in use
> after sshd-5 termination.
> Oct 14 10:04:23 localhost shepherd[1]: Service sshd-5 (PID 598) exited with 
> 255.
> Oct 14 10:04:23 localhost shepherd[1]: Service sshd-5 has been disabled.
> Oct 14 10:04:23 localhost shepherd[1]: Transient service sshd-5
> terminated, now unregistered.
> Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 has been started.
> Oct 14 10:05:43 localhost vmunix: [ 5950.061859] audit: type=1326
> audit(1665734743.553:7): auid=4294967295 uid=989 gid=983
> ses=4294967295 subj=unconfined pid=601 comm="sshd"
> exe="/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd"
> sig=31 arch=4003 syscall=414 compat=0 ip=0xb7fba549 code=0x0
> Oct 14 10:05:43 localhost shepherd[1]: 0 connections still in use
> after sshd-6 termination.
> Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 (PID 600) exited with 
> 255.
> Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 has been disabled.
> Oct 14 10:05:43 localhost shepherd[1]: Transient service sshd-6
> terminated, now unregistered.
>
> I see "Service sshd-6 (PID 600) exited with 255." but I don't know
> what it means nor why.
> In order to gain more insight I've tried to connect with verbose
> output "ssh -v test@localhost" and this is the output

255 usually means something wrong with a program execution (e.g. missing
binary).  In the current case it should a Shell program by SSH default.

Could you try to specify a non-interactive program manually? E.g.:

ssh -vvv 127.0.0.1 -- /run/current-system/profile/bin/id

It should output SSH client log and ‘id’ program output.


Oleg.



signature.asc
Description: PGP signature

Re: Don't Unquote Me

[Philip McGrath]

On Friday, October 14, 2022 3:32:55 PM EDT ( wrote:
> On Fri Oct 14, 2022 at 7:38 PM BST, jgart wrote:
> > > Nope; they're special built-in forms like ``lambda'' and ``define''.
> > 
> > So, they are ordinary functions defined in guile?
> > 
> > Or by built-ins you mean that they are implemented in C?
> > 
> > I'll read through the guile source code a bit later ;()
> 
> They are fundumental forms. You cannot define ``quote'' et al in terms of
> any other feature. Just like there's no way to implement ``lambda'' in
> Guile, because ``lambda'' is a fundumental form. So yes, they will be
> implemented in C as part of the Guile core.
> 

Well, `quasiquote`, `unquote`, and `unquote-splicing` can straightforwardly be 
defined as macros in a simpler core language that provides `quote`. That's how 
they are implemented in Racket. You can find the source, which is fairly close 
to portable Scheme, in:

--8<---cut here---start->8---
less $(guix shell racket-minimal -- racket -e '(display (collection-file-path 
"qq-and-or.rkt" "racket/private"))')
--8<---cut here---end--->8---

The only reason the implementation is a bit verbose is that is at quite an 
early step in building `racket/base` from the primitive `#%kernel` language 
understood by the core compiler and runtime system: the same file contains the 
implementation of `let`.

(Similarly, you need one of `lambda` or `case-lambda` to be primitive, but not 
necessarily both.)

The situation with `quote` is a bit trickier because `quote` encompasses a few 
different features. In practice, most languages in the Scheme family choose to 
implement `quote` as a primitive syntactic form (including Racket [1]), but 
many of its features, even those that seem quite magical, could be implemented 
as derived constructs with a sufficiently expressive macro system. For example, 
here's a portable implementation of the part of `quote` which creates a symbol 
corresponding to some syntactic identifier:

--8<---cut here---start->8---
#!r6rs
(import (rnrs))
(define-syntax quote-symbol
  (lambda (stx)
(syntax-case stx ()
  ((_ id)
   (identifier? #'id)
   #`(string->symbol #,(symbol->string (syntax->datum #'id)))
(write (quote-symbol hooray))
--8<---cut here---end--->8---

You could get the right allocation behavior either by relying on "The 
Guaranteed Optimization Clause of the Macro-Writer's Bill of Rights"[2] or by 
using a macro system that provides functions like 
`syntax-local-lift-expression`[3].

The implementation above relies on the base language having a built-in notion 
of string literals, which feels a little like cheating because we typically 
explain the concept of literals in terms of `quote`. Indeed, in `#lang 
racket/base`, the expression:

"hooray"

expands to:

(#%datum . "hooray")

which then expands to:

(quote "hooray")

where the expander introduces `#%datum` with the lexical context of `"hooray"` 
to provide languages a means of hygienically interposing on the meaning of 
literal data. In other words, self-quoting literals are not primitive in Racket.

For some deep thoughts along these lines, I highly recommend this mailing list 
post by Ryan Culpepper, who designed Racket's `syntax-parse`: 
https://groups.google.com/g/racket-users/c/HaSmcTN0SA4/m/1XYa-mL5AgAJ

Returning to the original question, regardless of all of the above, you can 
tell that `quote` et al. can't be functions, primitive or derived, because of 
how evaluation works in Scheme-like languages. As an example, consider the 
expression:

(quote (hello world))

If `quote` were bound to a function, to evaluate that expression, we would need 
to first evaluate `hello` and `world` and then apply the value of `hello` to 
the value of `world`. We'd then apply the value of `quote` to the result.

Obviously that doesn't work: an essential aspect of `quote` is that it doesn't 
evaluate its subform.

-Philip

[1]: 
https://docs.racket-lang.org/reference/syntax-model.html#%28part._fully-expanded%29
[2]: https://www.youtube.com/watch?v=LIEX3tUliHw
[3]: 
https://docs.racket-lang.org/reference/stxtrans.html#%28def._%28%28quote._~23~25kernel%29._syntax-local-lift-expression%29%29

signature.asc
Description: This is a digitally signed message part.

Re: Connection refused to Guix-hosted SSH

[Felix Lechner via]

Hi,

On Fri, Oct 14, 2022 at 1:02 PM dabb...@gmail.com  wrote:
>
> I'm puzzled, as I don't understand exactly what went wrong...

How about the output from the client with

ssh -vvv

Also, it may be helpful to post the contents of your sshd_config.

> Connection from 127.0.0.1 port 33818 on 127.0.0.1 port  rdomain ""

Do you have reverse DNS configured? For example, please see here
https://serverfault.com/questions/206365/ssh-reverse-dns-lookup

Kind regards
Felix Lechner

Re: Connection refused to Guix-hosted SSH

[dabb...@gmail.com]

On Fri, Oct 14, 2022 at 7:06 PM Felix Lechner
 wrote:
>
> Hi,
>
> On Fri, Oct 14, 2022 at 1:54 AM dabb...@gmail.com  wrote:
> >
> > Finally, I also tried to manually start sshd on port 
>
> I think that is a fabulous idea, especially if you can prevent
> daemonization with -d (or -D).
>
> > this is the output /etc/ssh/sshd_config: No such file or directory
>
> The sshd_config is in /gnu/store. It is generated by 'guix system
> reconfigure'. You can see all available versions with
>
> ls -ld /gnu/store/*sshd-config
>
> In a bind, I would pick one that should work and pass it via -f.

I just have 3 versions in /gnu/store/, all of them very similar one
another. I just picked up the first one and tried running sshd -d -p
 -f /gnu/store/path_to_sshd_config
The server starts up waiting for connections. Then, on another tty
(and another user), I try to connect to port  in localhost: client
side receives "Connection reset by 127.0.0.1 port ", while the
server side reports this:

debug1: sshd version OpenSSH_8.9, OpenSSL 1.1.1q  5 Jul 2022
debug1: private host key #0: ssh-rsa
SHA256:stg5akPHR8JGdXPXmqUYJhhZFj1UmEmWx19el4EiHGM
debug1: private host key #1: ecdsa-sha2-nistp256
SHA256:zfyEMyjDdSOHX3e9byADPp5sm7Pu6zdq2jnQSWbDo+4
debug1: private host key #2: ssh-ed25519
SHA256:tBpk8+XR3GalUmNqIxT6ITf5Tyy8WKVSxBULZjAmQqI
debug1: 
rexec_argv[0]='/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd'
debug1: rexec_argv[1]='-d'
debug1: rexec_argv[2]='-f'
debug1: rexec_argv[3]='/gnu/store/h5hri15x24vljfahpwv1b4dva69nbis3-sshd_config'
debug1: rexec_argv[4]='-p'
debug1: rexec_argv[5]=''
debug1: Set /proc/self/oom_score_adj from 0 to -1000
debug1: Bind to port  on 0.0.0.0.
Server listening on 0.0.0.0 port .
debug1: Bind to port  on ::.
Server listening on :: port .
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
debug1: sshd version OpenSSH_8.9, OpenSSL 1.1.1q  5 Jul 2022
debug1: private host key #0: ssh-rsa
SHA256:stg5akPHR8JGdXPXmqUYJhhZFj1UmEmWx19el4EiHGM
debug1: private host key #1: ecdsa-sha2-nistp256
SHA256:zfyEMyjDdSOHX3e9byADPp5sm7Pu6zdq2jnQSWbDo+4
debug1: private host key #2: ssh-ed25519
SHA256:tBpk8+XR3GalUmNqIxT6ITf5Tyy8WKVSxBULZjAmQqI
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 33818 on 127.0.0.1 port  rdomain ""
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9
debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x0400
debug1: permanently_set_uid: 989/983 [preauth]
debug1: list_hostkey_types:
rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug1: monitor_read_log: child log fd closed
debug1: do_cleanup
debug1: Killing privsep child 366

I'm puzzled, as I don't understand exactly what went wrong...

> To find the version that is actually used by your current system
> generation and corresponds to your latest config.scm would require
> some sleuthing. You may have to examine the symbolic links in the
> system profile and, possibly, in /gnu/store. You may be able to get
> better advice about that in #guix on IRC.
>
> Either way, please do not make any manual changes to /gnu/store,
> however tempting it may appear.
>
> Kind regards
> Felix Lechner

Thanks again, regards

Re: Don't Unquote Me

[(]

On Fri Oct 14, 2022 at 7:38 PM BST, jgart wrote:
> > Nope; they're special built-in forms like ``lambda'' and ``define''.
>
> So, they are ordinary functions defined in guile?
>
> Or by built-ins you mean that they are implemented in C?
>
> I'll read through the guile source code a bit later ;()

They are fundumental forms. You cannot define ``quote'' et al in terms of any
other feature. Just like there's no way to implement ``lambda'' in Guile,
because ``lambda'' is a fundumental form. So yes, they will be implemented in
C as part of the Guile core.

-- (

Re: How to open: Usb, hdd and other storage sata

[Niklas Schmidt]

Hello everybody,

I can't speak for Thunar or any other graphical file manager, but I 
think many file managers do in some way or another support File System 
in Userspace (FUSE).


I use Udisks to mount storage media without "sudo".

In my operating system definition, I add my user to the fuse group:

  (users
   (cons* (user-account (name "nschmidt")
   (group "users")
   (supplementary-groups '("fuse" "wheel")))
 %base-user-accounts))
  
  (groups

   (cons* (user-group (name "fuse"))
 %base-groups))
  
  (packages

   (append
(list fuse gvfs udisks)
%base-packages))

For this I had to add:

 (use-service-modules desktop)
 (use-package-modules freedesktop ; udisks
 gnome  ; gvfs
 linux) ; fuse

Mounting and unmounting goes like so:

 $ udisksctl mount -b /dev/sdb
 Mounted /dev/sdb at /media/nschmidt/3437-6CE7.

 $ udisksctl unmount -b /dev/sdb

(Use lsblk to find out the block device node path /dev/sdX.)

I am not sure if this is of any help with Thunar. Currently, I do not 
have a storage medium at hand to test either.



Best regards
Niklas

Re: Don't Unquote Me

[jgart]

On Fri, 14 Oct 2022 07:59:14 +0100 "("  wrote:
> On Fri Oct 14, 2022 at 5:03 AM BST, jgart wrote:
> > Are `unqote`, `quote` and `unquote-splice` functions after they get
> > desugared from their reader macro representation?
> 
> Nope; they're special built-in forms like ``lambda'' and ``define''.

So, they are ordinary functions defined in guile?

Or by built-ins you mean that they are implemented in C?

I'll read through the guile source code a bit later ;()

Re: Connection refused to Guix-hosted SSH

[Felix Lechner via]

Hi,

On Fri, Oct 14, 2022 at 1:54 AM dabb...@gmail.com  wrote:
>
> Finally, I also tried to manually start sshd on port 

I think that is a fabulous idea, especially if you can prevent
daemonization with -d (or -D).

> this is the output /etc/ssh/sshd_config: No such file or directory

The sshd_config is in /gnu/store. It is generated by 'guix system
reconfigure'. You can see all available versions with

ls -ld /gnu/store/*sshd-config

In a bind, I would pick one that should work and pass it via -f.

To find the version that is actually used by your current system
generation and corresponds to your latest config.scm would require
some sleuthing. You may have to examine the symbolic links in the
system profile and, possibly, in /gnu/store. You may be able to get
better advice about that in #guix on IRC.

Either way, please do not make any manual changes to /gnu/store,
however tempting it may appear.

Kind regards
Felix Lechner

Re: How to open: Usb, hdd and other storage sata

[kiasoc5]

On Fri, Oct 14 2022, 01:46:20 PM +0200
101ab--- via  wrote:

> Hello, excuse my English. Can you give me a hint?
> I am new to guix. I have installed the OS but I have no idea how to
> open my usb drives and my hdd? Lsusb shows my usb storage but file
> manager is silent. I am using xfce.

Since you are using xfce, I would check the Thunar settings. There
should be something that lets Thunar automatically mount drives.

-- 

Re: How to open: Usb, hdd and other storage

[Wojtek Kosior via]

Hi there!

> Hello, excuse my English. Can you give me a hint?
> I am new to guix. I have installed the OS but I have no idea how to
> open my usb drives and my hdd? Lsusb shows my usb storage but file
> manager is silent. I am using xfce.

There exist some facilities to have external media pop up in file
menagers but I don't have experience setting those up in Guix. Perhaps
someone else will help here. Before that happens, I can recommend a
really lame command-line workaround.

Choose a directory in the filesystem where you want your USB to be
"mounted". That is, where you want the contents of your flash drive to
appear. A typical location is `/mnt/` or some directory under `/mnt/`.

Check what drives your system sees. For example with

ls /dev/sd*

Most commonly, you'll see a `/dev/sda` special file which represents
your computer's HDD/SSD and `/dev/sda1`, `/dev/sda2`, etc. which
represents the partitions on that device. Analogously, `/dev/sdb`,
`/dev/sdc`, etc. shall represent another devices (usually other
HDDs/SSDs and flash drives) and `/dev/sdb1`, `/dev/sdb2`, `/dev/sdc1`,
etc. shall represent their partitions.

There do exist some ways to check which special file corresponds to
which device. Personally, however, I never remember those ways and I
usually just guess which file is the one for my USB. So, assuming
`/dev/sdb1` is the data partition of your flash drive, you can do

sudo mount /dev/sdb1 /mnt/

and confirm with your password. If no error is shown, you can check with

ls /mnt

If this command lists the files from your flash drive, you successfully
mounted it over `/mnt/`. You can now navigate there with your file
manager and read the files. If not, you can try with another of the
`/dev/sd*` files.

In some cases a flash drive might just have a filesystem on it, without
any partitions. In this case something like

sudo mount /dev/sdc /mnt/

may work.

Also, the contents of storage mounted this way are "owned" by root.
That means you need to copy files to `/mnt/` using sudo to have them
stored on you flash drive. Same with deletion of files.

Once you're done, you can do

sudo umount /mnt/


Best,
Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
PGP: https://koszko.org/key.gpg
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A

Meet Kraków saints!   #54: blessed Wojciech Nierychlewski
Poznaj świętych krakowskich!  #54: błogosławiony Wojciech Nierychlewski
https://pl.wikipedia.org/wiki/Wojciech_Nierychlewski
-- (sig_end)


pgpenyhZgLjXE.pgp
Description: OpenPGP digital signature

How to open: Usb, hdd and other storage sata

[101ab--- via]

Hello, excuse my English. Can you give me a hint?
I am new to guix. I have installed the OS but I have no idea how to open my usb 
drives and my hdd? Lsusb shows my usb storage but file manager is silent. I am 
using xfce.

Thanks a lot in advance for the answer. I really looked for this information in 
search, manual, but i couldn't find anything there. If you can, please show me 
this point in the manual. Thank you very much for your work

How to open: Usb, hdd and other storage

[101ab--- via]

Hello, excuse my English. Can you give me a hint?
I am new to guix. I have installed the OS but I have no idea how to open my usb 
drives and my hdd? Lsusb shows my usb storage but file manager is silent. I am 
using xfce.

Thanks a lot in advance for the answer. I really looked for this information in 
search, manual, but i couldn't find anything there. If you can, please show me 
this point in the manual. Thank you very much for your work

Re: program prepared with `guix pack` unusable by end users

[zimoun]

Hi,

On ven., 14 oct. 2022 at 11:09, Wojtek Kosior via  wrote:

> I accidently just replied to you, Simon, instead of making a "reply
> all". I'm reposting the same now, sorry for the nuisance...

Do not worry. :-)

> So, I did run `guix shell -L. hydrilla`. First, I got a warning about
>
>> ambiguous package specification `hydrilla'

That’s expected because:

--8<---cut here---start->8---
(define-public hydrilla
  (package
(name "hydrilla")

[...]

(define-public hydrilla-dist-tarball
  (let ((base hydrilla)
(filename (string-append "hydrilla-" %hydrilla-version ".tar.gz")))
(package
  (inherit base)
  (source (local-file
--8<---cut here---end--->8---

It means that the package ’hydrilla’ has the name “hydrilla” and because
the package ’hydrilla-dist-tarball’ inherits then it also has the name
“hydrilla”.  Idem for the version field.

Therefore,

guix shell -L . hydrilla

refers to 2 possible packages.  All Guix CLI commands use “name“ and
“version” for looking up to packages and not the symbols.


Well, then I tried to reproduce your failure in order to understand what
is going wrong but I hit this:

--8<---cut here---start->8---
$ guix build -L . python-pyopenssl@22.0.0
The following derivations will be built:
  /gnu/store/gyc6sw8a9vq09z6p7plv3k5sjjvrcz9i-python-pyopenssl-22.0.0.drv
  /gnu/store/rfawn8bnr1vz71gcm6dz171gfpk0fwai-pyOpenSSL-22.0.0.tar.xz.drv
building 
/gnu/store/rfawn8bnr1vz71gcm6dz171gfpk0fwai-pyOpenSSL-22.0.0.tar.xz.drv...
pyOpenSSL-22.0.0/

[...]

pyOpenSSL-22.0.0/tox.ini
patching file src/OpenSSL/SSL.py
Hunk #1 FAILED at 1421.
Hunk #2 FAILED at 2449.
2 out of 2 hunks FAILED -- saving rejects to file src/OpenSSL/SSL.py.rej
patching file tests/test_ssl.py
Hunk #1 FAILED at 1928.
1 out of 1 hunk FAILED -- saving rejects to file tests/test_ssl.py.rej
source is at 'pyOpenSSL-22.0.0'
applying 
'/gnu/store/4cd1x970w3jg3rwaiqg174x56mvkihij-python2-pyopenssl-openssl-compat.patch'...
Backtrace:

[...]

ERROR:
  1. &invoke-error:
  program: 
"/gnu/store/z39hnrwds1dgcbpfgj8dnv2cngjb2xbl-patch-2.7.6/bin/patch"
  arguments: ("--force" "--no-backup-if-mismatch" "-p1" "--input" 
"/gnu/store/4cd1x970w3jg3rwaiqg174x56mvkihij-python2-pyopenssl-openssl-compat.patch")

[...]

builder for 
`/gnu/store/rfawn8bnr1vz71gcm6dz171gfpk0fwai-pyOpenSSL-22.0.0.tar.xz.drv' 
failed with exit code 1
build of 
/gnu/store/rfawn8bnr1vz71gcm6dz171gfpk0fwai-pyOpenSSL-22.0.0.tar.xz.drv failed
View build log at 
'/var/log/guix/drvs/rf/awn8bnr1vz71gcm6dz171gfpk0fwai-pyOpenSSL-22.0.0.tar.xz.drv.gz'.
cannot build derivation 
`/gnu/store/gyc6sw8a9vq09z6p7plv3k5sjjvrcz9i-python-pyopenssl-22.0.0.drv': 1 
dependencies couldn't be built
guix build: error: build of 
`/gnu/store/gyc6sw8a9vq09z6p7plv3k5sjjvrcz9i-python-pyopenssl-22.0.0.drv' failed
--8<---cut here---end--->8---

That’s because your package ’python-pyopenssl-for-haketilo’ inherit from
’python-pyopenssl’ defined in (gnu packages python-crypto).  The issue
is that the ’origin’ also inherits

   (origin
 (inherit (package-source base))
 
and thus

   (patches (search-patches "python2-pyopenssl-openssl-compat.patch"

does not make sense anymore because this patch is against 21.0.0 and
your variant is about 22.0.0.


Well, further investigations about what could be wrong for “guix pack”
needs a way to reproduce. :-)  Could you fix or point a working example
in your Git repository?


Thanks,
simon

Re: program prepared with `guix pack` unusable by end users

[Wojtek Kosior via]

Hi again!

I accidently just replied to you, Simon, instead of making a "reply
all". I'm reposting the same now, sorry for the nuisance...

Thanks for your effort explaining email message ids m(_ _)m

> I am confused because, if I understand correctly, this tarball generated
> under ./dist is built using ’python3 -m build -s’, so from my
> understanding it is not the “normal Guix way”.  

OK, it seems I forgot to mention 1 thing - `python3 -m build -s` does
not really "build" a Python package. It builds a Python source tarball.
Like the ones that are pulled from PyPI as part of the Guix packaging
of many (most?) Python libraries available. The `python3 -m build`
command, without `-s`, would be used to build a Python wheel which I
suppose you thought I was doing.

> The point is to pack this definition…
> [...]
> …instead of this one.
>
>
> Could you give a try?  Something along the commands proposed by ’(’ in
> [1].  

Although I know it cannot help with my problem, for the reasons I wrote
to "(" in [1], I will do so for the sake of politeness.

So, I did run `guix shell -L. hydrilla`. First, I got a warning about

> ambiguous package specification `hydrilla'  

And a message indicating it chose the `hydrilla-dist-tarball`
definition. This is consistent with what I knew about package
resolution. So I now tried with
`guix shell -L. -e (@ (hydrilla) hydrilla)`. Also, I knew the build
would fail due to setuptools_scm being unable to find the `git`
command, so I temporarily added git to the native-inputs of `hydrilla`.

I got a failure in `sanity-check` phase. I saw that failure before -
this is what made me use `python3 -m build -s` in the first place, as I
described in [1]. The error was

> starting phase `sanity-check'
> validating 'hydrilla' 
> /gnu/store/fj5ijdxsw6nz23ymxf397kd7d5h3pbrj-hydrilla-3.0b2.dev1+g9f26ebf.d20221013/lib/python3.9/site-packages
> ...checking requirements: OK
> ...trying to load module hydrilla: OK
> ...trying to load endpoint console_scripts haketilo: ERROR:
> Traceback (most recent call last):
>   File 
> "/gnu/store/b6j1qw1a5rkbfvcy7lc9fm95abbzpa4x-python-3.9.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
>  line 2458, in resolve
> return functools.reduce(getattr, self.attrs, module)
> AttributeError: module 'hydrilla.mitmproxy_launcher.launch' has no attribute 
> 'launch'
> 
> The above exception was the direct cause of the following exception:
> 
> Traceback (most recent call last):
>   File "/gnu/store/35ix1m6m8a5s21j02ajhdyqxb2xkshfb-sanity-check.py", line 
> 85, in 
> ep.load()
>   File 
> "/gnu/store/b6j1qw1a5rkbfvcy7lc9fm95abbzpa4x-python-3.9.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
>  line 2450, in load
> return self.resolve()
>   File 
> "/gnu/store/b6j1qw1a5rkbfvcy7lc9fm95abbzpa4x-python-3.9.9/lib/python3.9/site-packages/pkg_resources/__init__.py",
>  line 2460, in resolve
> raise ImportError(str(exc)) from exc
> ImportError: module 'hydrilla.mitmproxy_launcher.launch' has no attribute 
> 'launch'  

That was followed by analogous errors for every entry point in the package.

I verified using `less` that
`/gnu/store/fj5ijdxsw6nz23ymxf397kd7d5h3pbrj-hydrilla-3.0b2.dev1+g9f26ebf.d20221013/lib/python3.9/site-packages/hydrilla/mitmproxy_launcher/launch.py`
is an empty file. Most other files in there are also empty but not all.
For example,
`/gnu/store/fj5ijdxsw6nz23ymxf397kd7d5h3pbrj-hydrilla-3.0b2.dev1+g9f26ebf.d20221013/lib/python3.9/site-packages/hydrilla/server/malcontent.py`
has proper contents.

As I said, this is the same problem I experienced before. To avoid any
ambiguity - using `hydrilla` recipe instead of `hydrilla-dist-tarball`
causes Guix to use the entirety of sources from current directory which
means
* `.git/` is included (it has to be for setuptools_scm to be able to
  cope with a git checkout that does not contain
  `src/hydrilla.egg-info/`)
* `src/hydrilla/_version.py` and `src/hydrilla.egg-info/` may also get
  included if they are present (i.e. if `python3 -m build -s` was
  already run at least once in git sources) but they are going to be
  ignored by setuptools_scm when Guix starts building the package
  because it sees `.git/`

Of course, the `hydrilla` package definition works properly when used
in an unpacked source tarball of my project (as opposed to git
chcekout). That's what I intended it for, after all.

Anyway, whether I use the `hydrilla` definition from my unpacked source
tarball or the `hydrilla-dist-tarball` definition from git checkout, it
all works well, namely
* guix environment/shell command builds my project properly and the
  `haketilo` command works inside the shell
* guix pack -RR builds a working pack that I can successfully use and
  that I also successfully tried out on a Debian Buster system

The problem that made me create this thread - that an end user fails to
use the pack on his system[2] and Python interpreter from inside the pack
behaves as if hydrilla from inside the pack w

Re: Connection refused to Guix-hosted SSH

[dabb...@gmail.com]

On Thu, Oct 13, 2022 at 11:05 PM Felix Lechner
 wrote:
>
> Hi,

Hi Felix

> On Wed, Oct 12, 2022 at 1:33 PM dabb...@gmail.com  wrote:
> >
> > I can't login with private credentials.
>
> Did you set a password interactively? Otherwise you can set an initial
> password with something like (password (crypt "alice" "$6$abc")) [1]

Password was set interactively. Now I've added a third user "test"
with a prescribed/crypted password and I can login to it from terminal
but, again, not from ssh client.

> Either way, I would also have a look at the output of
>
> fgrep -i ssh /var/log/messages
>
> on the server.

Sure. I receive a bunch of messages of this form:

Oct 14 10:04:23 localhost vmunix: [ 5869.880044] audit: type=1326
audit(1665734663.369:6): auid=4294967295 uid=989 gid=983
ses=4294967295 subj=unconfined pid=599 comm="sshd"
exe="/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd"
sig=31 arch=4003 syscall=414 compat=0 ip=0xb7f94549 code=0x0
Oct 14 10:04:23 localhost shepherd[1]: 0 connections still in use
after sshd-5 termination.
Oct 14 10:04:23 localhost shepherd[1]: Service sshd-5 (PID 598) exited with 255.
Oct 14 10:04:23 localhost shepherd[1]: Service sshd-5 has been disabled.
Oct 14 10:04:23 localhost shepherd[1]: Transient service sshd-5
terminated, now unregistered.
Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 has been started.
Oct 14 10:05:43 localhost vmunix: [ 5950.061859] audit: type=1326
audit(1665734743.553:7): auid=4294967295 uid=989 gid=983
ses=4294967295 subj=unconfined pid=601 comm="sshd"
exe="/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd"
sig=31 arch=4003 syscall=414 compat=0 ip=0xb7fba549 code=0x0
Oct 14 10:05:43 localhost shepherd[1]: 0 connections still in use
after sshd-6 termination.
Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 (PID 600) exited with 255.
Oct 14 10:05:43 localhost shepherd[1]: Service sshd-6 has been disabled.
Oct 14 10:05:43 localhost shepherd[1]: Transient service sshd-6
terminated, now unregistered.

I see "Service sshd-6 (PID 600) exited with 255." but I don't know
what it means nor why.
In order to gain more insight I've tried to connect with verbose
output "ssh -v test@localhost" and this is the output

OpenSSH_8.9p1, OpenSSL 1.1.1q  5 Jul 2022
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/pcp/.ssh/id_rsa type 0
debug1: identity file /home/pcp/.ssh/id_rsa-cert type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/pcp/.ssh/id_ed25519 type -1
debug1: identity file /home/pcp/.ssh/id_ed25519-cert type -1
debug1: identity file /home/pcp/.ssh/id_ed25519_sk type -1
debug1: identity file /home/pcp/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/pcp/.ssh/id_xmss type -1
debug1: identity file /home/pcp/.ssh/id_xmss-cert type -1
debug1: identity file /home/pcp/.ssh/id_dsa type -1
debug1: identity file /home/pcp/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9
debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x0400
debug1: Authenticating to localhost:22 as 'test'
debug1: load_hostkeys: fopen /home/pcp/.ssh/known_hosts: No such file
or directory
debug1: load_hostkeys: fopen /home/pcp/.ssh/known_hosts2: No such file
or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file
or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1...@openssh.com MAC:
 compression: none
debug1: kex: client->server cipher: chacha20-poly1...@openssh.com MAC:
 compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection reset by 127.0.0.1 port 22

The lines about missing known_hosts were suspicious, but even touching
a new .ssh/knwon_hosts does not help.
The line with "expecting SSH2_MSG_KEX_ECDH_REPLY" is also suspicious
but I don't know how to solve it.

Finally, I also tried to manually start sshd on port  and this is the output
/etc/ssh/sshd_config: No such file or directory

I don't know if shepherd has a different way of launching the daemon.
I expect that a sshd_config must exist somewhere... I would really
like to give a look at it

> Kind regards
> Felix Lechner
>
> [1] 
> https://guix.gnu.org/en/manual/devel/en/html_node/Using-the-Configuration-System.html

Thank you, regards

Re: Calling gpg encrypt inside mixed-text-file

[(]

Hey Reza,

On Fri Oct 14, 2022 at 9:40 AM BST, Reza Housseini wrote:
> (service radicale-service-type
> (radicale-configuration
>  (config-file (mixed-text-file "radicale.conf" "
> [auth]
> type = htpasswd
> htpasswd_filename = " (local-file "my-password.gpg ") "
> htpasswd_encryption = plain
> "
>
> This obviously does not work, but how would I achieve to call gpg 
> --decrypt --quiet inside the mixed-text-file?

You'll need two things; ``computed-file'', and the ``(ice-9 popen)'' standard
library module. ``computed-file'' allows you to build a file-like object from
arbitrary code. Have a look here for an example from my configuration,

  https://git.sr.ht/~unmatched-paren/conf/tree/root/item/home.scm#L168

which removes all ``//'' comments from ``waybar.json'' before writing the
result to the store path.

Also see the Guix and Guile manuals on these two subjects,

  ``(ice-9 popen)'': 
https://www.gnu.org/software/guile/manual/html_node/Pipes.html
  ``computed-file'': 
https://guix.gnu.org/manual/en/html_node/G_002dExpressions.html#index-computed_002dfile

-- (

Calling gpg encrypt inside mixed-text-file

[Reza Housseini]

Hi list

In a system configuration I won't to add a password file from a gpg 
encrypted file in the following manner:


(service radicale-service-type
  (radicale-configuration
   (config-file (mixed-text-file "radicale.conf" "
[auth]
type = htpasswd
htpasswd_filename = " (local-file "my-password.gpg ") "
htpasswd_encryption = plain
"

This obviously does not work, but how would I achieve to call gpg 
--decrypt --quiet inside the mixed-text-file?


Best

--
Reza Housseini

This message is signed with my GnuPG key:

C0F3 0812 9AF2 80F4 0830 C2C1 C375 C6AF 0512 5C52


OpenPGP_0xC375C6AF05125C52.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: Connection refused to Guix-hosted SSH

[dabb...@gmail.com]

On Thu, Oct 13, 2022 at 7:30 AM Oleg Pykhalov  wrote:
>
> Hi,

Hi oleg

[...]
>
> > From another machine I can correctly ping this system at the static
> > address, but I can't login with private credentials. Actually, I can't
> > connect even with password, because every time my client ends with
> > "Network error: Software caused connection abort".
>
> Is another machine in the same network 10.168.214.102/24?

Yes, with IP 10.168.214.155

> A default gateway should be specified if not.
>
> (static-networking
>  (routes
>(list (network-route
>   (destination "default")
>   (gateway "???"
>  ...)

I've tried now your suggestion, but even with that it doesn't work

> > Within guix, if I run "ssh pcp@localhost" I receive a "Connection
> > reset by 127.0.0.1 port 22" (I don't know if it is supposed to work on
> > localhost).
>
> It is supposed.

This is a bad sign... no matter my network (client-server)
configuration, localhost should always be reachable (from within the
server)

> What does ‘sudo herd status’ show?

Started:
 + console-font-tty1
 + console-font-tty2
 + console-font-tty3
 + console-font-tty4
 + console-font-tty5
 + console-font-tty6
 + file-system-/dev/pts
 + file-system-/dev/shm
 + file-system-/gnu/store
 + file-system-/sys/firmware/efi/efivars
 + file-system-/sys/kernel/debug
 + file-systems
 + guix-daemon
 + loopback
 + mcron
 + networking
 + nscd
 + root
 + root-file-system
 + ssh-daemon
 + swap-713766
 + syslogd
 + term-tty1
 + term-tty2
 + term-tty3
 + term-tty4
 + term-tty5
 + term-tty6
 + udev
 + urandom-seed
 + user-file-systems
 + user-processes
 + virtual-terminal
Stopped:
 - term-console
One-shot:
 * host-name
 * sysctl
 * user-homes

If I invoke "sudo herd status ssh" I obtain this output:

Status of ssh-daemon:
  It is started.
  Running value is ("#" "#").
  It is enabled.
  Provides (ssh-daemon ssh sshd).
  Requires (syslogd loopback).
  Conflicts with ().
  Will be respawned.

It seems to me that everything is correctly running...

> > I've also tried to manaully add the pub keys in ".ssh/authorized_keys"
> > for both users, with no luck. What am I missing?!
>
> By default on Guix system that should work as well as specifing keys in
> the system configuration file.
>
> Make sure that .ssh directory has 0700 permissions, which is required by
> SSH daemon.
>
>
> Oleg.

In principle I had no .ssh folder, I've only added it later in a
desperate attempt to solve the issue. Now I set the permissions as
your suggestion but it does not solve the issue.
What else can I check? Where can I find the sshd config file that Guix
built "under the hood" using my config.scm?! Just to double check that
the everything is properly set...

Thanks

Re: program prepared with `guix pack` unusable by end users

[zimoun]

Hi, Wojtek,
On jeu., 13 oct. 2022 at 18:20, Wojtek Kosior via  wrote:

> It took me a couple of minutes to understand what you're talking
> about. Indeed, instead of copy-pasting the  address
> I clicked "Reply" on some random email from Guix mailing list and
> changed the subject. For years I've been certain that messages are
> categorized into threads by their subject. Now, as you wrote this, I
> assume there must be some thread meta-data that is invisibly sent by
> our user agents when we use "Reply" or "Reply all".
>
> Who would have thought? In the past, when I saw email software nicely
> present thread emails as a tree of responses, I was thinking "wow,
> this program must be using some really successful heuristic for
> determining what is the response to what". Lol

The header of an email contains many information, for example the one
you replied in the other thread, 

--8<---cut here---start->8---
[...]
Date: Thu, 13 Oct 2022 07:33:06 +0100
Message-Id: 
Subject: Re: Greetd autologin?
From: "(" 
To: "kiasoc5" , 
References: 
In-Reply-To: 
[...]
--8<---cut here---end--->8---

and your message in this other thread,

--8<---cut here---start->8---

[...]

Received: from [77.252.47.255] (helo=koszkonutek-tmp.pl.eu.org)
 by koszko.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from ) id 1oisT6-0007ax-Ue
 for help-guix@gnu.org; Thu, 13 Oct 2022 09:17:25 +0200
Date: Thu, 13 Oct 2022 09:17:22 +0200
To: 
Subject: program prepared with `guix pack` unusable by end users
Message-ID: <20221013091722.59d9e...@koszkonutek-tmp.pl.eu.org>
In-Reply-To: 
References: 
 
X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)

[...]

List-Id: 
List-Unsubscribe: ,
 
List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,
 
Errors-To: help-guix-bounces+larch=yhetil@gnu.org
Sender: "Help-Guix" 
Reply-to:  Wojtek Kosior 
From:  Wojtek Kosior via 

[...]
--8<---cut here---end--->8---

and such headers are hidden by most of mail clients.


Quickly said, the thread is built using the fields Message-ID and
In-Reply-To.  If you give a look at the header of the message you
answered, it contains the Message-ID field:

CNKL38E5T0RV.1VYM8R2V0O1QM@guix-framework

and your message contains the field In-Reply-To

CNKL38E5T0RV.1VYM8R2V0O1QM@guix-framework

and that chain builds the thread, somehow.


> Doing as you requested. Although this is suboptimal as well since now
> the topic is split between 2 threads :/

Communication is never optimal. ;-)


>> Why do you pack ’hydrilla-dist-tarball’ instead of just ’hydrilla’.
>> 
>> Guix should take care of everything; not necessary when packing a
>> Python bundle as you are doing.
>
> It's ok, `hydrilla-dist-tarball` refers to a package that is built in
> the package in the normal Guix way. The name just indicates that
> tarball generated under `./dist/` is used instead of the project file
> tree. If you're curious, I explain the crazy details in my previous
> email response to "(".

I am confused because, if I understand correctly, this tarball generated
under ./dist is built using ’python3 -m build -s’, so from my
understanding it is not the “normal Guix way”.


> It sometimes happens that to keep my message concise I write what seems
> to be the most important and attach links to other stuff that the
> reader can look at to understand everything. Here that "stuff" was the
> project repo which contains hydrilla.scm with both package definitions.
>
> And most of the time I learn that I failed to be clear enough and that
> people don't have time to read my links. Well, I'm sorry for the
> confusion. Although I'm starting to lose hope that I will learn to
> communicate with ppl online without so many misunderstandings :/

Communication, especially when we are not native English, is not
straightforward. :-)


> The hydrilla.scm that I was loading with `-L .` is now attached. Is
> there anything wrong in it?

Thanks.  Note that I have already given a look before answering you. ;-)


> ;; Use this variant when building from a downloaded release tarball.
> (define-public hydrilla
>   (package
> (name "hydrilla")
> (version %hydrilla-version)
> (source (local-file %source-dir #:recursive? #t))
> (build-system python-build-system)
> (arguments
>  `(#:phases
>(modify-phases %standard-phases
>  (replace 'check
>(lambda* (#:key tests? #:allow-other-keys)
>  (when tests?
>(invoke "pytest")))
> (propagat