timezone offset issues
Greetings Guixers :) Hope someone here can assist and point me in the right direction. I posted a bug about this too (https://debbugs.gnu.org/cgi/bugreport.cgi?bug=40585) Having similar issues to https://issues.guix.info/issue/35746 but not quite the same. I'm having time offset issues in various applications on guix system. My timezone is set to (operating-system (host-name "swift") (timezone "Africa/Johannesburg") (locale "en_US.utf8") Which in terminal is correct ds swift ~ $ date Sun 12 Apr 2020 09:54:27 PM SAST So I'm +0200, yet many applications report there time in UTC which is frustrating. Apps being: - qutebrowser - ungoogled-chromium - ms teams (via flatpak) icecat works, when the privacy feature (ResistFingerprinting) is disabled in about:config . I was chatting to the maintainer of qutebrowser, str1ngs, on #guix and he did not have the same issue on his guix system. Which is really strange. He tried various debugging with me and in the end I think he said: divansantana and QDateTime works as well [21:12] it's something qtwebenine or javascript related My locale, in case that's relevant: $ locale LANG=en_US.utf8 LC_CTYPE="en_US.utf8" LC_NUMERIC="en_US.utf8" LC_TIME="en_US.utf8" LC_COLLATE="en_US.utf8" LC_MONETARY="en_US.utf8" LC_MESSAGES="en_US.utf8" LC_PAPER="en_US.utf8" LC_NAME="en_US.utf8" LC_ADDRESS="en_US.utf8" LC_TELEPHONE="en_US.utf8" LC_MEASUREMENT="en_US.utf8" LC_IDENTIFICATION="en_US.utf8" LC_ALL= I test the browser timezone via browsing to https://play.grafana.org/ for instance. But I've noticed the issue in multiple sites. Perhaps this is a separate issue but in notmuch I notice similar: In some emails it gives time in UTC Date: Thu, 09 Apr 2020 12:55:21 + While other emails it gives +0200 time. Date: Sun, 12 Apr 2020 21:04:01 +0200 The notmuch issue is a separate problem and is fixed with this: (setq notmuch-show-relative-dates t) ;; always show the date/time in my local timezone (defun my-adjust-timezone-notmuch-show-date-header (args) "Change date ARGS to my locale's format." (let* ((header-symbol (car args)) (header-value (cadr args))) (if (string-equal header-symbol "Date") (list header-symbol (format-time-string "%c" (mail-header-parse-date header-value))) args))) (advice-add 'notmuch-show-insert-header :filter-args #'my-adjust-timezone-notmuch-show-date-header) Am I the only one with these timezone inconsistencies?
Getting network-manager-openconnect to work
(string-append "modprobe.blacklist=" "pcspkr,snd_pcsp") (string-append "net.ifnames=0") (string-append "kvm_intel.nested=1"))) (kernel linux-4.19) (firmware (cons* linux-firmware %base-firmware)) (initrd (lambda (fs . args) (apply base-initrd fs #:extra-modules %extra-linux-modules args))) (bootloader (bootloader-configuration (bootloader grub-efi-bootloader) (target "/boot/efi") )) (mapped-devices (list (mapped-device (source (uuid "3e7beb3b-1037-4ee8-9048-5e048afafbd0")) (target "crypt") (type luks-device-mapping (file-systems (cons* (file-system (device "/dev/nvme0n1p1") (type "msdos") (mount-point "/boot/efi")) (file-system (device "/dev/mapper/crypt") (mount-point "/") (type "ext4") (dependencies mapped-devices)) %base-file-systems)) (swap-devices '("/mnt/swapfile")) (users (cons (user-account (name "ds") (comment "Divan Santana") (group "users") (supplementary-groups '("adbusers";for adb "wheel" "kvm" "audio" "video" "lp" "docker" "libvirt" "input" ;; "lpadmin" "cdrom" "netdev")) (home-directory "/home/ds")) %base-user-accounts)) (groups (cons (user-group (system? #t) (name "adbusers")) %base-groups)) (packages (append (map specification->package '( "bash-completion" "binutils" "bridge-utils" "dmidecode" "dnsmasq" "docker" "docker-cli" "docker-compose" "dosfstools" "dtach" "ethtool" "font-adobe-source-code-pro" "font-adobe-source-sans-pro" "font-adobe-source-serif-pro" "font-adobe100dpi" "font-adobe75dpi" "font-awesome" "font-bitstream-vera" "font-dejavu" "font-fantasque-sans" "font-fira-code" "font-fira-mono" "font-fira-sans" "font-gnu-freefont-ttf" "font-google-roboto" "font-hack" "font-inconsolata" "font-iosevka" "font-liberation" "font-misc-misc" "font-tamzen" "font-ubuntu" ;; "font-symbola" ;; missing "git" ;; "arc-theme" ;; fixme, should be in core only "gnome-themes-standard" ;; fixme, should be in core only "iptables" "light" "lsof" "mlocate" "mobile-broadband-provider-info" "modem-manager" "neovim" "netcat" "network-manager-applet" "network-manager-openconnect" "network-manager-vpnc" "net-tools" "nss" ;; FIXME: is not providing certutil "nss-certs" "ntfs-3g" "openconnect" "openssh" "parted" "qemu" "rsync" "setxkbmap" "slock" "usb-modeswitch" "usb-modeswitch-data" "udiskie" "xcape" "xdotool" ;; simulate keyboard/mouse presses "xev" &q
guix browsers timezones are set to GMT
Hi Guix I see timezones in browsers on my guix system are set to GMT. An example would be qutebrowser and guessing ungoogled-chromium which use qtwebengine. Example website is browsing to https://play.grafana.org/d/00012/grafana-play-home?orgId=1 in qutebrowser one can run ":jseval alert(new Date().toString())" From https://play.grafana.org/ and it reports GMT+ . Browsing to the above with epiphany results in the correct local timezone being set. I understand for fingerprinting and privacy it's nice to have a website not detect your correct timezone, though I'd prefer to have my timezone detected correctly in these browsers. Does guix do something special in the packaging of qutebrowser/ungoogled-chromium/qtwebengine that causes this? It seems to not occur on my colleagues systems with the same browsers. I see my timezone on my system like so: (operating-system (host-name "example") (timezone "Africa/Johannesburg") (locale "en_US.utf8")
Re: pass free(): double free detected in tcache 2
> I believe this is the upstream issue: https://dev.gnupg.org/T4762 Looks like that's it. Thanks.
Re: pass free(): double free detected in tcache 2
> Could you do me a few things? > > 1. Run `guix describe` > 2. Show me what packages you have listed in your system configuration. > 3. Show me what packages you have installed in your main user-profile. > > From there we might get a better idea of what is going on. Thanks :) Noted for next time.
pass free(): double free detected in tcache 2
Hi Guix Since my guix system update from: Generation 188 Nov 19 2019 22:37:41 file name: /var/guix/profiles/system-188-link canonical file name: /gnu/store/dvj16fi2psiffb8pxpzpfpgrkbkg5nki-system label: GNU with Linux 5.3.10 bootloader: grub-efi root device: /dev/mapper/crypt kernel: /gnu/store/vccvajs99f27axpaa79g71z7s2psfhxx-linux-5.3.10/bzImage to Generation 189 Nov 30 2019 23:49:57 file name: /var/guix/profiles/system-189-link canonical file name: /gnu/store/a73ssfniyfwqzjfpab3y2504lm7q0ni1-system label: GNU with Linux 5.3.14 bootloader: grub-efi root device: /dev/mapper/crypt kernel: /gnu/store/v7riv27agdd8jz6p4q2wd67bkwhk8qm7-linux-5.3.14/bzImage when I run: $ pass show somep...@example.com I get free(): double free detected in tcache 2 The pass version is the same, so I'm guessing this a bug in something else? Anyone know?
split dns with dnsmasq and networkmanager broken since 1.10.10 -> 1.14.4
Hi Guix, I've configured split DNS with dnsmasq and networkmanager and been using that for quite a while on guix system. Since a recent update this split DNS setup has stopped working. Booting the older guix system confirms all just works. I'm not quite sure what could be wrong. Here is the details: Older system profile with these versions works: kernel 5.2.17 lr29sc29fi0gpy48b2qzbjs6b744m0d6-dnsmasq-2.80 v481hl6d8syq8x9g3hrhmbbdw5qq612l-network-manager-1.10.10 Newer setup with these versions does not: Kernel 5.3.7 snzrgg9qb6zf3jbshxb4j97ja90ppkng-dnsmasq-2.80 9ciqpyc6jzn1ia607w8s8ziy42jgasv2-network-manager-1.14.4 I've compared the way the processes are started, all looks the same, except the versions. Here is a comparison of dnsmasq procs. Working proc on top, broken on bottom. /gnu/store/lr29sc29fi0gpy48b2qzbjs6b744m0d6-dnsmasq-2.80/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d /gnu/store/snzrgg9qb6zf3jbshxb4j97ja90ppkng-dnsmasq-2.80/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d Comparison of networkmanager, old and new. /gnu/store/v481hl6d8syq8x9g3hrhmbbdw5qq612l-network-manager-1.10.10/sbin/NetworkManager --config=/gnu/store/ib8k67r4lnqw52lwkw4dzds4a2dj4xwi-NetworkManager.conf --no-daemon /gnu/store/9ciqpyc6jzn1ia607w8s8ziy42jgasv2-network-manager-1.14.4/sbin/NetworkManager --config=/gnu/store/ib8k67r4lnqw52lwkw4dzds4a2dj4xwi-NetworkManager.conf --no-daemon Only other thing of interest, on the newer/problematic guix system, it seems that if you start dnsmasq manually (via sudo) on another port it seems to function fine. I can't start it easily on port 53 since NM kills it when NM runs. so running this to start it in parallel to the broken dnsmasq works: sudo /gnu/store/snzrgg9qb6zf3jbshxb4j97ja90ppkng-dnsmasq-2.80/sbin/dnsmasq -p 54 --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --cache-size=400 --clear-on-reload --conf-file=/dev/null --proxy-dnssec --enable-dbus=org.freedesktop.NetworkManager.dnsmasq --conf-dir=/etc/NetworkManager/dnsmasq.d Testing with dig @127.0.0.1 -p 54 somewhere.example.com shows correct lookup. But that's not of much help to me since it's on port 54 and not 53. Any ideas?
Re: bug#37369: Getting network-manager-openconnect to work
pelzflorian (Florian Pelz) writes: > On Sat, Sep 28, 2019 at 04:16:40PM +0200, Divan Santana wrote: >> So firstly I can't edit the connection as my user, without sudo. Not >> sure if I need to be in some group to do that? >> > > P.S. I use > > (users (cons (user-account >(name "florian") >(comment "Florian Pelz") >(group "users") >(supplementary-groups '("wheel" "netdev" >"audio" "video" >"httpd" "kvm")) >(home-directory "/home/florian")) > %base-user-accounts)) > > which is the default when installing Guix with the GNOME desktop plus > unrelated httpd and kvm. > netdev group seems relevant. This is mine (users (cons (user-account (name "ds") (comment "Divan Santana") (group "users") (supplementary-groups '("adbusers";for adb "wheel" "kvm" "audio" "video" "lp" "docker" ;; "lpadmin" "cdrom" "netdev")) ;;(shell #~(string-append #$zsh "/bin/zsh")) (home-directory "/home/ds")) %base-user-accounts)) Already had netdev. Seems same as yours. I'll look into it more sometime. Thanks
Re: bug#37369: Getting network-manager-openconnect to work
pelzflorian (Florian Pelz) writes: > Hello! > > There might be a workaround: > > NetworkManager stopped segfaulting for me after I “edited” the > openconnect VPN connection in nm-connection-editor without making any > changes to the connection. Apparently this fixed get_secrets_done_cb > being passed what GDB calls an “” as the connection > and crashing in nm_connection_get_setting_by_name. I need to repeat > this nm-connection-editor editing after every reboot. > > Does editing the VPN connection in nm-connection-editor fix the > problem for you, Divan Santana? So firstly I can't edit the connection as my user, without sudo. Not sure if I need to be in some group to do that? I then edited something like so: ds@swift ~ $ sudo nm-connection-editor Password: (nm-connection-editor:1990): Gtk-WARNING **: 16:01:57.175: Could not find the icon 'pan-down-symbolic-ltr'. The 'hicolor' theme was not found either, perhaps you need to install it. You can get a copy from: http://icon-theme.freedesktop.org/releases (nm-connection-editor:1990): Gtk-WARNING **: 16:02:01.028: Could not load a pixbuf from /org/gtk/libgtk/theme/Adwaita/assets/check-symbolic.svg. This may indicate that pixbuf loaders or the mime database could not be found. GLib-GIO-Message: 16:02:08.131: Using the 'memory' GSettings backend. Your settings will not be saved or shared with other applications. Once I edited the connection and tried to connect it still fails for me like this: ds@swift ~ $ sudo nmcli con up vpn-example --ask Error: openconnect failed: Could not find "openconnect" binary A password is required to connect to 'vpn-example'. Gateway (vpn.secrets.gateway): ^Cds@swift ~ $ On arch, with the same connection file, it works on CLI with above command. I then tried starting nm-applet and then running: ds@swift ~ $ sudo nmcli con up vpn-example It then brings up the GUI and shows me a certificate for remote gateway. Asks me to select my group and enter username and password. So it appears like it's working. It then fails to auth for some reason. Sep 28 16:07:16 localhost NetworkManager[506]: [1569679636.8722] vpn-connection[0x1cae420,ed432bd4-9078-493d-a9c3-fb7ac4199917,"vpn-example",0]: VPN service disappeared Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0578] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/10) Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0847] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external') Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0860] keyfile: add connection in-memory (3a679fd7-0450-43ef-8e48-63850b1f0798,"tun0") Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0871] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external') Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0878] device (tun0): Activation: starting connection 'tun0' (3a679fd7-0450-43ef-8e48-63850b1f0798) Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0882] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external') Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0886] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external') Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0888] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external') Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0889] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external') Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0891] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external') Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.0893] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external') Sep 28 16:11:33 localhost nscd: 464 monitored file `/etc/resolv.conf` was written to Sep 28 16:11:33 localhost NetworkManager[506]: [1569679893.1084] device (tun0): Activation: successful, device activated. Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 11 tun0 10.7.246.164:123 Sep 28 16:11:34 localhost ntpd[507]: Listen normally on 12 tun0 [fe80::60db:5ddd:b445:60e9%11]:123 Sep 28 16:11:36 localhost nscd: 464 monitored file `/etc/resolv.conf` was moved into place, adding watch Sep 28 16:11:47 localhost NetworkManager[506]: [1569679907.3367] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed') Sep 28 16:11:48 localhost ntpd[507]: Deleting interface #11 tun0, 10.7.246.164#123, interface stats: received=0, sent=0, dropped=0, active_time=14 secs Sep 28 16:11:48 loca
Re: internal 3g modem
pelzflorian (Florian Pelz) writes: > On Fri, Sep 27, 2019 at 12:35:38PM +0200, Divan Santana wrote: >> Hi Guix, >> >> Hopefully someone knowledgeable with these things here can help out. :) >> >> I'm trying to get the internal 3g modem to work in my Dell laptop >> running guix. >> […] >> I think this is the internal modem device: >> >> Bus 002 Device 003: ID 413c:81b6 Dell Computer Corp. DW5811e Snapdragon⢠>> X7 LTE > > ModemManager has a list of supported devices. Your modem is not > listed there, but older similar modems “Should work”, it says. Did it > work on another distro before? > > I have no experience with dial-up modems, but apparently ppp can be > used somehow to connect with those. Network-manager can be made to > use ppp, but I do not know if that works in Guix right now. Good point. I booted up a live ubuntu 18.08.3 disk and it detected the modem and just worked. I'm not quite sure how to troubleshoot this further. I'll have a think about it.
Re: bug#37369: Getting network-manager-openconnect to work
pelzflorian (Florian Pelz) writes: > Hello! > > There might be a workaround: > > NetworkManager stopped segfaulting for me after I “edited” the > openconnect VPN connection in nm-connection-editor without making any > changes to the connection. Apparently this fixed get_secrets_done_cb > being passed what GDB calls an “” as the connection > and crashing in nm_connection_get_setting_by_name. I need to repeat > this nm-connection-editor editing after every reboot. > > Does editing the VPN connection in nm-connection-editor fix the > problem for you, Divan Santana? I'll let you know. > No patch at all is required for me. nmtui works fine without the patch. > This issue is not present in Arch Linux using the more recent > NetworkManager 1.20.2. I have not yet attempted to upgrade Guix’ > NetworkManager to a more recent version.
internal 3g modem
Hi Guix, Hopefully someone knowledgeable with these things here can help out. :) I'm trying to get the internal 3g modem to work in my Dell laptop running guix. Ideally with networkmanager/modemmanager would be great. Using nm-connection-editor and selecting mobile broadband, it says can't find any device. Creating the connection manually and running it says: ds@swift ~ $ sudo nmcli con up modem-internal Error: Connection activation failed: No suitable device found for this connection. Creating this file and trying to start the connecting with mbim-network results in this: ds@swift ~ $ cat /etc/mbim-network.conf APN=internet ds@swift ~ $ ll /dev/cdc-wdm1 crw--- 1 root root 180, 1 2019-09-27 12:09:35 /dev/cdc-wdm1 ds@swift ~ $ sudo mbim-network /dev/cdc-wdm1 start Loading profile at /etc/mbim-network.conf... APN: internet APN auth protocol: unset APN user: unset APN password: unset mbim-proxy: no Querying subscriber ready status 'mbimcli -d /dev/cdc-wdm1 --query-subscriber-ready-status --no-close '... [/dev/cdc-wdm1] Subscriber ready status retrieved: Ready state: 'initialized' Subscriber ID: '655071911202447' SIM ICCID: '89270761914025156856' Ready info: 'none' Telephone numbers: (0) 'unknown' [/dev/cdc-wdm1] Session not closed: TRID: '3' Saving state at /tmp/mbim-network-state-cdc-wdm1... (TRID: 3) Querying registration state 'mbimcli -d /dev/cdc-wdm1 --query-registration-state --no-open=3 --no-close '... [/dev/cdc-wdm1] Registration status: Network error: 'unknown' Register state: 'home' Register mode: 'automatic' Available data classes: 'umts, hsdpa, hsupa' Current cellular class: 'gsm' Provider ID: '65507' Provider name: 'FNB' Roaming text: 'unknown' Registration flags: 'packet-service-automatic-attach' [/dev/cdc-wdm1] Session not closed: TRID: '4' Saving state at /tmp/mbim-network-state-cdc-wdm1... (TRID: 4) Attaching to packet service with 'mbimcli -d /dev/cdc-wdm1 --attach-packet-service --no-open=4 --no-close '... Saving state at /tmp/mbim-network-state-cdc-wdm1... (TRID: 5) Starting network with 'mbimcli -d /dev/cdc-wdm1 --connect=apn='internet' --no-open=5 --no-close '... Network started successfully Saving state at /tmp/mbim-network-state-cdc-wdm1... (TRID: 7) ds@swift ~ $ sudo mbimcli -d /dev/cdc-wdm1 --query-ip-configuration --no-open=11 --no-close [/dev/cdc-wdm1] IPv4 configuration available: 'address, gateway, dns, mtu' IP [0]: '10.122.106.8/28' Gateway: '10.122.106.9' DNS [0]: '41.50.20.29' DNS [1]: '41.50.20.61' MTU: '1500' [/dev/cdc-wdm1] IPv6 configuration available: 'none' [/dev/cdc-wdm1] Session not closed: TRID: '12' ds@swift ~ $ sudo ip link set wwan0 up ds@swift ~ $ sudo dhclient -v wwan0 Internet Systems Consortium DHCP Client 4.4.1 Copyright 2004-2018 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/wwan0/52:da:30:0c:9c:de Sending on LPF/wwan0/52:da:30:0c:9c:de Sending on Socket/fallback DHCPDISCOVER on wwan0 to 255.255.255.255 port 67 interval 6 times out. I think this is the internal modem device: Bus 002 Device 003: ID 413c:81b6 Dell Computer Corp. DW5811e Snapdragon⢠X7 LTE Device Descriptor: bLength18 bDescriptorType 1 bcdUSB 3.00 bDeviceClass0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 9 idVendor 0x413c Dell Computer Corp. idProduct 0x81b6 bcdDevice0.06 iManufacturer 1 Sierra Wireless, Incorporated iProduct2 DW5811e Snapdragon⢠X7 LTE iSerial 3 LF81212090021022 bNumConfigurations 1 It seems from the above it's /almost/ working using mbimcli. I'm not sure why MM doesn't detect it.
Re: vagrant
Hey Chris, Thanks for the helpful reply. >> One of the last packages I miss and would like on my Guix system would >> be vagrant. >> >> I use it for work for testing infra as code. >> >> Anyone else got a way to get it working? I'm surprised it's not yet >> packaged for Guix. > > It would be a great addition! Have you searched the email lists, bug > reports, and patches for information? Noted for future. > I checked them just now and found > this old email from Danny (CC'd on this email): > > https://lists.gnu.org/archive/html/guix-devel/2018-08/msg00037.html > > He attached a work-in-progress vagrant.scm file. Check it out: > > https://lists.gnu.org/archive/html/guix-devel/2018-08/txtEVOTXFX2k8.txt > Would you like to try improving upon that? I'll try it out sometime and see what I can do. > FYI, I find it useful to bookmark the following URLs. It makes it easy > to search for prior discussions quickly: > > help-guix: https://lists.gnu.org/archive/html/help-guix/ > guix-devel: https://lists.gnu.org/archive/html/guix-devel/ > Guix Patches: https://debbugs.gnu.org/cgi/pkgreport.cgi?package=guix-patches > Guix Bugs: https://debbugs.gnu.org/cgi/pkgreport.cgi?pkg=guix Done.
vagrant
Hi Guix, One of the last packages I miss and would like on my Guix system would be vagrant. I use it for work for testing infra as code. Anyone else got a way to get it working? I'm surprised it's not yet packaged for Guix. Greetings :) -- Divan
Getting network-manager-openconnect to work
Hi Guix, I'm glad openconnect and network-manager-openconnect are now in Guix! It would be nice to get it to work via network-manager, though I suppose it's not essential. Using openconnect directly works for me. $ sudo openconnect vpn.somewhere.com Trying to get it work via network-manager gives an error like so: $ sudo nmcli con up vpn-fnb --ask Error: openconnect failed: Could not find "openconnect" binary A password is required to connect to 'vpn-fnb'. Gateway (vpn.secrets.gateway): Even though my services configuration has this vpn-plugins set. (modify-services %desktop-services (network-manager-service-type config => (network-manager-configuration (inherit config) (dns "dnsmasq") (vpn-plugins (list network-manager-openconnect)) )) Anyone else seen this?
Re: network-manager-openconnect setup - [External Email]
>> Trying to use it, after I installed it system wide and rebooted I get >> this; >> >> ~ á sudo nmcli con up vpn-fnb --ask >> Error: Connection activation failed: The VPN service >> 'org.freedesktop.NetworkManager.openconnect' was not installed. >> >> I read the manual which says: >> >> ‘vpn-plugins’ (default: ‘'()’) >> This is the list of available plugins for virtual private >> networks (VPNs). An example of this is the >> ‘network-manager-openvpn’ package, which allows NetworkManager >> to manage VPNs via OpenVPN. >> >> I therefore tried this in my config >> >> (network-manager-service-type >> config => (network-manager-configuration >> (inherit config) >> (dns "dnsmasq") >> (vpn-plugins '("network-manager-openconnect")) >> )) > > If nothing else, you should go with the `network-manager-openconnect' > package object here. In your snippet, you are referring to the string > "network-manager-openconnect" instead. > > Something like the following should solve your immediate issue: > (vpn-plugins (list network-manager-openconnect)) Makes total sense and fixed my issue. lol. Thank you! >> This email is subject to a disclaimer. >> >> Visit the FNB website and view the email disclaimer by clicking the "About >> FNB + Legal" and "Legal Matters" links. >> If you are unable to access our website, please contact us to send you a >> copy of the email disclaimer. > You might want to reconsider adding this disclaimer, as this is a > mailing list with publicly available archive at > https://secure-web.cisco.com/1ZqvkATgEJFvkJ0wXj8_z-wGnZxvhwLIU37BHOD45mu8BrI5hPANkSnMovtDIesYvFhfwcMF9SB3LrdwGv93tSbkjtod_wj4NEdkVwwobbtbyHtHDuSZmzbnjuguSGq3xrsU_kSNmXaJl44RuAvnuqUGgit_azcAyomzTSbRzxxPvsZrevJ1kJyhakR0ZmLg9Y9-4lDg3KCILV3yD_PNoNNdlRyr9a4zGkQs1-2oWt6O4N0dskups5ky9TWpAX22wKjkcV6lkhkMPOmMi3E8VyDcL73U6--0xfUNoANQas0ab0nBJMe46uj4kPbYxL5xyes5MYR0tfu0uQ3-wt9Gf1g/https%3A%2F%2Flists.gnu.org%2Farchive%2Fhtml%2Fhelp-guix%2F My personal mail server was down due to upstream ISP blocking incoming port 80 (go figure!), which broke my SSL cert renewals, so I temporarily used work mail. :grin:
Re: network-manager-openconnect setup - [External Email]
>> Bonus points for anyone who knows why when I copy and paste into Emacs I >> get these weird characters. >> >>588:24 2 (inferior-package->manifest-entry "network-manager-opeâ¦" â¦) > > The weird characters above, "â¦", should be a "HORIZONTAL ELLIPSIS" > character "…" with unicode scalar value U+2026. In the UTF-8 encoding, > the horizontal ellipsis is represented by three bytes with hex codes E2, > 80, and A6. The three weird characters "â¦" are what you get when > those three bytes are misinterpreted as Latin-1, a.k.a. ISO-8859-1 > encoding. > > Guile only outputs Unicode HORIZONTAL ELLIPSIS in backtraces if your > current locale has an encoding for that character. Otherwise, it will > print three ASCII periods ("...") instead. So, it appears that your > locale environment variables (the ones printed by the "locale" command) > are configured for a UTF-8 locale. > > I guess that somewhere else in your system, something is configured to > use Latin-1 (ISO-8859-1) encoding. It could be Emacs itself, or perhaps > your terminal emulator. Mark, really appreciate above - thanks. It sorted my issue out.
network-manager-openconnect setup
Hi Guix, I'm glad to see network-manager-openconnect is now packaged! :) Thank you to who ever did that. Trying to use it, after I installed it system wide and rebooted I get this; ~ á sudo nmcli con up vpn-fnb --ask Error: Connection activation failed: The VPN service 'org.freedesktop.NetworkManager.openconnect' was not installed. I read the manual which says: ‘vpn-plugins’ (default: ‘'()’) This is the list of available plugins for virtual private networks (VPNs). An example of this is the ‘network-manager-openvpn’ package, which allows NetworkManager to manage VPNs via OpenVPN. I therefore tried this in my config (network-manager-service-type config => (network-manager-configuration (inherit config) (dns "dnsmasq") (vpn-plugins '("network-manager-openconnect")) )) But I get this error: --8<---cut here---start->8--- ~ á sudo -E guix system reconfigure ~/.config/guix/system-config/swift.scm Password: Backtrace: In srfi/srfi-1.scm: 592:29 19 (map1 (# â¦)) 592:29 18 (map1 (# â¦)) 592:29 17 (map1 (# â¦)) 592:29 16 (map1 (# â¦)) 592:29 15 (map1 (# â¦)) 592:29 14 (map1 (# â¦)) 592:29 13 (map1 (# â¦)) 592:29 12 (map1 (# â¦)) 592:29 11 (map1 (# â¦)) 592:29 10 (map1 (# â¦)) 592:29 9 (map1 (# â¦)) 592:29 8 (map1 (# â¦)) 592:29 7 (map1 (# â¦)) 592:29 6 (map1 (# â¦)) 592:29 5 (map1 (# â¦)) 592:29 4 (map1 (# â¦)) 592:17 3 (map1 ("network-manager-openconnect" #)) In guix/inferior.scm: 588:24 2 (inferior-package->manifest-entry "network-manager-opeâ¦" â¦) 363:4 1 (inferior-package-input-field "network-manager-openconâ¦" â¦) 307:18 0 (inferior-package-field _ _) guix/inferior.scm:307:18: In procedure inferior-package-field: In procedure struct_vtable: Wrong type argument in position 1 (expecting struct): "network-manager-openconnect" --8<---cut here---end--->8--- What am I doing wrong? Seperate topic: Bonus points for anyone who knows why when I copy and paste into Emacs I get these weird characters. 588:24 2 (inferior-package->manifest-entry "network-manager-opeâ¦" â¦) This email is subject to a disclaimer. Visit the FNB website and view the email disclaimer by clicking the "About FNB + Legal" and "Legal Matters" links. If you are unable to access our website, please contact us to send you a copy of the email disclaimer.
Re: Issues with guix offload
> Did you eventually find out? I tried looking through the strace output but didn't come right with that. In the end I just built another box. Was easier to resolve.
Re: Noob issues with maintaining a guix laptop system
Julien Lepiller writes: > Le 4 juin 2019 08:17:11 GMT+02:00, ison a écrit : >>Just to be clear, when a reconfigure fails you can make any necessary >>changes >>and run it again. Guix operations are atomic so it doesn't actually >>change the >>state of your system in any way until it finishes. >> >>But, if you're asking about rolling back the "guix pull" so that you >>can run >>reconfigure with the older versions as if you had never ran "guix pull" >>in the >>first place, then I think you could try this: >>guix describe >>which should print out the "commit" used when you last reconfigured the >>system. >>Then you could try the following command with replaced >>with the >>value you got above: >>guix pull --commit= >>That should make sure your package data matches what was used last time >>you >>successfully reconfigured. Cool, I'll note for next time it happens and report back if I get stuck. Thanks a lot > That's a good suggestion, except guix describe will tell you the connit of > the currently installed guix, which is the one you've guix pull'ed to. > > I thenk you can use guix package to manage the guix pull profile, like so: > > guix package -p /var/guix/profiles/per-user/current-guix --list-generations > > You can also use --roll-back or switch directly to an older generation. > > But in general I think it would be better for you to report your failure(s) > so we can help and fix them :) > >> >>As for the swapfile, it should work exactly how you showed. >>That error makes me think the problem is with how you set up the >>swapfile. Did >>you run "dd" to allocate space for the swapfile? > > And run mkswap on it? I thought I did that, but perhaps not. Either way, your guys advise helped, it's working now, after a mkswap. Thanks!
Issues with guix offload
Hi All :) So my guix offload to my build box used to work, no troubles. As of late it fails. Perhaps due to an update, or because I renamed the user account on the remote box. I think all is correct in terms of configuration but still fails with the below. Not sure how to further troubleshoot it: ~ sudo guix offload test guix offload: testing 1 build machines defined in '/etc/guix/machines.scm'... guix offload: Guix is usable on 'cp3.santanas.co.za' (test returned "/gnu/store/883yjkl46dxw9mzykykmbs0yzwyxm17z-test") guix offload: 'cp3.santanas.co.za' is running GNU Guile 2.2.4 sending 1 store item (0 MiB) to 'cp3.santanas.co.za'... exporting path `/gnu/store/sxxrzcpagpr87ldp82l9q634q7bbp8g5-export-test' guix offload: error: unknown error while sending files over SSH Seems something like this fails too guix copy --to=cp3.santanas.co.za emacs ~ ssh d...@cp3.santanas.co.za guile --version guile (GNU Guile) 2.2.4 ~ ssh d...@cp3.santanas.co.za guix repl --version guix repl (GNU Guix) 1.0.1-3.4a54ed7 Doing this (against sshd pid) on the build server results in a 2m file output. Where can I upload that? root@cp3 ~# strace -p 287 -s 300 -o log -f Not sure what to look for in the log output. Any ideas?
Noob issues with maintaining a guix laptop system
Hi All, Issues of a noob with no lisp programming skills has in maintaining a guix laptop system. * how to do a system reconfigure on an older guix generation? Sometimes I do a guix pull and attempt a reconfigure. Due to various reasons, the reconfigure may fail. I now want to do a reconfigure, but on the older guix generation profile. How do I go about doing that? I've tried rolling back my guix profile, but running =guix pull --list-generations= fails. #+begin_example ~ ᐅ guix pull --list-generations Generation 1Oct 12 2018 20:44:32 guix aa227b3 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: aa227b3be3d7728331a08dbd139c47c9b271dc23 guix-chromium 16130df repository URL: https://gitlab.com/mbakke/guix-chromium.git branch: master commit: 16130df2cc9a3424caa8230323b7d49c445f0813 Generation 2Oct 13 2018 15:35:07 guix d781469 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: d7814696b884a7c5e4a58f539ece53f4998689a3 guix-chromium 16130df repository URL: https://gitlab.com/mbakke/guix-chromium.git branch: master commit: 16130df2cc9a3424caa8230323b7d49c445f0813 Backtrace: 10 (primitive-load "/home/ds/.config/guix/current/bin/guix") In guix/ui.scm: 1747:12 9 (run-guix-command _ . _) In ice-9/boot-9.scm: 829:9 8 (catch _ _ # …) 829:9 7 (catch _ _ # …) 829:9 6 (catch _ _ # …) 829:9 5 (catch system-error # …) In guix/scripts/pull.scm: 479:15 4 (_) 462:4 3 (display-profile-content-diff "/var/guix/profiles/per-…" …) In guix/memoization.scm: 100:0 2 (_ # "/var/guix/profiles/per-…" …) In guix/scripts/pull.scm: 363:21 1 (_) In guix/inferior.scm: 151:7 0 (port->inferior _ _) guix/inferior.scm:151:7: In procedure port->inferior: no binding `console-setup' in module (gnu packages xorg) #+end_example Any ideas? * Adding a swap device from a file on disk Something like this: ~ sudo file /mnt/swapfile Password: /mnt/swapfile: Linux/i386 swap file (new style) with SWSUSP1 image (operating-system ... (swap-devices '("/mnt/swapfile")) ... ) But fails with: #+begin_example guix system: error: exception caught while executing 'start' on service 'swap-/mnt/swapfile': In procedure swapon: "/mnt/swapfile": Invalid argument #+end_example
Re: getting applications from Nix to have access to fonts
Benjamin Slade writes: > I'm having trouble getting external applications, specifically things > installed via Nix, to have access to fonts, which often is the > difference between them working or not working. > > For instance, I installed Gargoyle (the text adventure/interactive > fiction interpreter - http://ccxvii.net/gargoyle/ ) from Nix. If I set > gtk2 to use something other than 'sans' as the default font, when I try > to launch Gargoyle, it hangs, with the terminal output `Fontconfig > error: Cannot load default config file`. I have similar issues with > other pieces of software; those which don't hang, usually just have > access to whatever fonts they're actually packaged with, and not any of > the fonts on my system (including fonts installed via Nix itself). > > In #guixsd, pkill9 recommended adding `~/.local/bin` to PATH in > ~/.profile, and creating a wrapper like this: > > <#+BEGIN_SRC bash> > #!/bin/sh > # Wrapper to run Gargoyle built and packaged by Nix > > MESA_LIB=$(dirname $(realpath /run/current-system/profile/lib/libGL.so)) #To > get webgl working > export LD_LIBRARY_PATH="$MESA_LIB${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" > #export FONTCONFIG_PATH="$(guix build > fontconfig)/etc/fonts${FONTCONFIG_PATH:+:}$FONTCONFIG_PATH" > export FONTCONFIG_PATH="$(guix build fontconfig)/etc/fonts" > > exec -a "$0" "/nix/var/nix/profiles/per-user/$USER/profile/bin/gargoyle" "$@" > <-#+END_SRC---> > > > However, even doing this, I end up with exactly the same issues. (And > I've tried calling the script directly, e.g. with > `~/.local/bin/gargoyle`, just in case the PATH from .profile wasn't > working correctly.) > > Does anyone have any insight or suggestions on how to resolve this? Did you ever come right with this? Have a work around? This email is subject to a disclaimer. Visit the FNB website and view the email disclaimer by clicking the "About FNB + Legal" and "Legal Matters" links. If you are unable to access our website, please contact us to send you a copy of the email disclaimer.
Running docker safely on guixsd
Hi Guix, I'm certainly not an expert on docker etc. As per Arch Docker wiki [1] anyone added to docker group is root equivalent. [1] https://wiki.archlinux.org/index.php/Docker#Installation Also I think it's quite easy to fire up a docker container with privileged mode, by accident. I'm just wondering what's best practice from a security perspective to run docker images on guixsd? Would be nice perhaps if there was a way to block privileged docker containers by default. Any suggestions and input on around this would be appreciated. Divan
Re: Some general guix questions
Pierre Neidhardt writes: > 1. System-wide installation means packages are readily available to all users, >which can be nice, but users then don't have the freedom to remove them. >For maximal flexibility, it's often best to leave system-wide packages to > the >bare minimum and let users choose what they want. > >If you are preparing a distribution for an organization, requirements could >be different. Your mileage may vary. > > 2. I also combine emacs-guix and helm-system-packages a lot ;) >My personal take at this issue is to generate the manifest from all > installed >packages with the following shell script: > > --8<---cut here---start->8--- > cat<"$PKG_ROOT/guix" > (specifications->manifest > '( > EOF > > guix package -I | awk '{printf("\"%s", $1); if($3!="out") {printf("%s", > ":" $3)}; print "\""}' | LC_ALL=C sort >>"$PKG_ROOT/guix" > echo "))" >>"$PKG_ROOT/guix" > --8<---cut here---end--->8--- > > There might be better ways to do this. Brilliant. Thanks Pierre.
Re: Some general guix questions
George Clemmer writes: > Divan Santana writes: > >> Hi great guix community, >> >> 1. What is the recommendations around when to install a package system >>wide (via guix system reconfigure manifest.scm) vs in your user >>profile? I'm confused if i3/various X packages and other desktop >>packages should be installed in one or the other? Or even the pros >>and cons of each. Is this in the manual? > > FWIW, when you run a single-user system (e.g. a desktop or server that > only you use), it can be convenient to install any packages that you > want available in root system-wide. E.g, I use ... > > (define sys-packages > '( > "cups" > "emacs-no-x" > "emacs-guix" > "emacs-magit" > "emacs-paredit" > "freeipmi" > "git" > "glibc-utf8-locales" > "mdadm" > "mosh" > "nss-certs" > "openssh" > "qemu" > "screen" > "smartmontools" > )) > ... > (packages (append (map specification->package > sys-packages) > %base-packages)) > >> 2. One can install packages via a manifest or via a frontend tool like >>emacs-guix or helm system packages. I like the former, because >>it's like your system is defined in a manifest and evaluated, and >>you can keep track in git etc, suppose infrastructure as code. But >>I like the latter too and I believe some others do too. Is there a >>way to get the best of both worlds here? Any thoughts on the >>matter. > > I find it convenient to maintain a Guix manifest under Git but I feel > free to "dabble" using emacs-guix. I "roll back" to the manifest set by > using the emacs-guix Generation-List running 'guix package -m'. > >> 3. If I run guix system vm --fallback system.scm I get a vm I can run, >>which is really awesome. If I then do a guix pull and guix system >>vm --fallback system.scm I get /another/ VM which I can run. How is >>the previous VMs garbage collected, I wonder? > > Your 'guix system vm' results will be protected from gc if you specify > the ‘--root=FILE’ option. > > HTH - George It does help. Thanks.
Re: Some general guix questions
Tonton writes: > On Tue, 08 Jan 2019 18:43:06 +0200 > Divan Santana wrote: > >> 3. If I run guix system vm --fallback system.scm I get a vm I can run, >>which is really awesome. If I then do a guix pull and guix system >>vm --fallback system.scm I get /another/ VM which I can run. How is >>the previous VMs garbage collected, I wonder? > > A note on garbage collection in guix: most everything lives in the store. > vm's, packages, your operating system, previous generations of operating > systems. > > All entries can have what's called GC roots. As far as I understand a root is > a symbolic link somewhere else on the filesystem. So if you create a vm it > will remain in your store until guix gc is run WHILE the vm has no roots. > > So to clear space you would have to delete the roots for previous generations > of your system or packages. guix package has a command for this, guix system > does not have this yet (I think). A roundabout way to delete system > generations is to delete the symlink/root in '/var/guix/profiles/' and then > run guix gc. Be careful what you delete. Great thanks!
Some general guix questions
Hi great guix community, 1. What is the recommendations around when to install a package system wide (via guix system reconfigure manifest.scm) vs in your user profile? I'm confused if i3/various X packages and other desktop packages should be installed in one or the other? Or even the pros and cons of each. Is this in the manual? 2. One can install packages via a manifest or via a frontend tool like emacs-guix or helm system packages. I like the former, because it's like your system is defined in a manifest and evaluated, and you can keep track in git etc, suppose infrastructure as code. But I like the latter too and I believe some others do too. Is there a way to get the best of both worlds here? Any thoughts on the matter. 3. If I run guix system vm --fallback system.scm I get a vm I can run, which is really awesome. If I then do a guix pull and guix system vm --fallback system.scm I get /another/ VM which I can run. How is the previous VMs garbage collected, I wonder? Thanks very much, -- Divan
guix gc error: build failed: executing SQLite statement: FOREIGN KEY constraint failed
Hi All, Not sure why my guix gc is doing this. How can I go about fixing this? guix gc results in --8<---cut here---start->8--- deleting `/gnu/store/lxnis4mw71rd0pvjrhs6dyl5ijzgn08b-imagemagick-6.9.10-8-doc' guix gc: error: build failed: executing SQLite statement: FOREIGN KEY constraint failed --8<---cut here---end--->8---
Re: guixsd system reconfigure errors
>> adding group 'tty'... >> groupadd: GID '996' already exists >> >> [...] >> >> Not sure if the system got in a strange state as a result of me changing >> my first user accounts name. Perhaps. > > Could you share a minimal operating system configuration file that > reproduces the issue, and describe any specific steps you took that will > reproduce it (e.g., changing your first user account's name)? You can > use "guix system vm" to quickly prototype a system for reproducing the > issue (see "Invoking guix system" in the manual), and this will make it > easier for everyone to pitch in and investigate. OK. Cool. I'll try do that sometime and feedback. >> guix system: unloading service 'term-auto'... >> shepherd: Removing service 'term-auto'... >> shepherd: Done. >> guix system: loading new services: user-homes term-auto... >> shepherd: Evaluating user expression (register-services (primitive-load >> "/gnu/st?") #). >> shepherd: Service user-homes could not be started. >> shepherd: Service term-auto could not be started. >> >> The last two lines. Are these normal safe to ignore errors? Known bug or >> something specific to my system? > > During reconfigure, Guix does not (currently) attempt to restart > currently running services. So this is normal. When you reboot, the > new version of the services should be used; you should reboot and verify > that they are running to complete the reconfigure action. If things > don't work out, you can always select the previous version from the GRUB > menu or run "guix system roll-back" to go back to the previous system > generation. Ah, ok. > Hope that helps! It does thanks.
guixsd system reconfigure errors
Hi Guix, A couple of errors I get upon a reconfigure: --8<---cut here---start->8--- adding group 'tty'... groupadd: GID '996' already exists --8<---cut here---end--->8--- --8<---cut here---start->8--- ~ ᐅ sudo grep tty /etc/passwd /etc/shadow /etc/group Password: ~ ᐅ sudo grep 996 /etc/passwd /etc/shadow /etc/group /etc/passwd:nobody:x:65534:996::/nonexistent:/gnu/store/1g9r9lk412srqwggv1wv33j4fby7jpg1-shadow-4.6/sbin/nologin /etc/passwd:ntpd:x:999:996:NTP daemon user:/var/empty:/gnu/store/1g9r9lk412srqwggv1wv33j4fby7jpg1-shadow-4.6/sbin/nologin /etc/passwd:geoclue:x:996:981:GeoClue daemon user:/var/empty:/run/current-system/profile/sbin/nologin /etc/group:nogroup:x:996: --8<---cut here---end--->8--- Not sure if the system got in a strange state as a result of me changing my first user accounts name. Perhaps. How can I fix the above? Secondly: --8<---cut here---start->8--- guix system: unloading service 'term-auto'... shepherd: Removing service 'term-auto'... shepherd: Done. guix system: loading new services: user-homes term-auto... shepherd: Evaluating user expression (register-services (primitive-load "/gnu/st?") #). shepherd: Service user-homes could not be started. shepherd: Service term-auto could not be started. --8<---cut here---end--->8--- The last two lines. Are these normal safe to ignore errors? Known bug or something specific to my system? Thanks, -- Divan
Re: [HOWTO] Start X server manually instead of using a login manager
Alex Kost writes: > Hello, > > People often ask how they can use startx/xinit on GuixSD. It is > possible, although it is not as easy as on other distros. Hopefully, > this tutorial will answer some questions on the subject. > > At first, a couple of points: > > - We will run X server with user privileges, so if something goes wrong, > look at the X log, which is placed at "~/.local/share/xorg/Xorg.N.log" > by default. > > - We will run "xinit", not "startx": the latter is just a wrapper that > does some preparations and runs "xinit". (startx is a usual shell > script with a usual script's behavior: it does not like that Guix > violates Filesystem Hierarchy Standard, so it successfully fails to > start). > > Now the steps you need to do to use "xinit": > > 1. Install xinit, X server and required modules to some guix profile, >for example: > > guix package -i xinit xorg-server xf86-input-libinput xf86-video-fbdev > xf86-video-nouveau > > 2. Make "~/.xinitrc" file. If you don't know what its content should >be, just put "exec xterm" there, or even better read: > > https://wiki.archlinux.org/index.php/Xinit > > 3. Running "xinit" requires specifying multiple arguments, so you will >probably make an auxiliary script to run it. This script will look >like this: > > --8<---cut here---start->8--- > #!/bin/sh > > DIR=$HOME/.guix-profile > > $DIR/bin/xinit -- $DIR/bin/Xorg :0 vt1 -keeptty \ >-configdir $DIR/share/X11/xorg.conf.d \ >-modulepath $DIR/lib/xorg/modules > --8<---cut here---end--->8--- > > Note that using the current terminal ("vt1" in this case) and > "-keeptty" is required, otherwise X server refuses to start without > root privileges. > > For testing purposes, you may change the above arguments to ":1 vt2", > switch to vt2 (Ctrl-Alt-F2) and run this script. > > 4. Finally (if the above script works), you can remove login manager >from your os services (if you use %desktop-services): > > --8<---cut here---start->8--- > (use-modules > ;; ... > (srfi srfi-1) ; for 'remove' > (gnu services desktop) > (gnu services xorg)) > > (operating-system > ;; ... > (services >(remove (lambda (service) > (eq? (service-kind service) slim-service-type)) >%desktop-services))) > --8<---cut here---end--->8--- To help others, a few other notes. To auto start x upon login one can do something like --8<---cut here---start->8--- (mingetty-service (mingetty-configuration (tty "tty1") (auto-login "ds"))) --8<---cut here---end--->8--- And this in you bashrc/zshrc. --8<---cut here---start->8--- if [[ ! $DISPLAY && $XDG_VTNR -eq 1 ]]; then exec $HOME/bin/startx.sh fi --8<---cut here---end--->8--- Also I needed to set these in order for my icons to be detected again. Failing to do so, the icons aren't found and some apps crash like libreoffice. --8<---cut here---start->8--- export XDG_DATA_DIRS="/run/current-system/profile/share:$HOME/.guix-profile/share:/run/current-system/profile/share" export XDG_CONFIG_DIRS="$HOME/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg" export XDG_CONFIG_HOME="$HOME/.config" export XDG_CACHE_HOME="$HOME/.cache" export XDG_DATA_HOME="$HOME/.local/share" --8<---cut here---end--->8--- I'm still strangely getting this error when my terminals (termite) launch since switching to this method: tput: unknown terminal "xterm-termite" Not sure why that is yet.
Re: [HOWTO] Start X server manually instead of using a login manager
Hi Alex, Alex Kost writes: > People often ask how they can use startx/xinit on GuixSD. It is > possible, although it is not as easy as on other distros. Hopefully, > this tutorial will answer some questions on the subject. This is really great and appreciated. Thank you very much. -- Divan
Re: root certificate
myg...@gmail.com writes: > On 06/11/2018 at 12:59 Joshua Branson writes: > >> Divan Santana writes: >> >>> Hi Guix :) >>> >>> How does one import a root certificate for GuixSD? >> >> This probably isn't helpful, but what is a root certificate? >> >>> >>> I didn't see it in the manual. >>> >>> (Hopefully I didn't miss it. I need to read up on using info within Emacs >>> better.) >>> -- >>> Divan > > Hello Divan, > > If you want to a bundle of standard CA certificates install "nss-certs". > It is probably already be installed as a system package since most of > the example GuixSd configs include it. But I have encountered at least > one situation where I needed to also install in as a user package, > e.g. 'guix package -i nss-certs'. > > For details please see ... > > (guix) Application Setup > > ... or ... > > https://www.gnu.org/software/guix/manual/guix.html So in my case, I have a root CA certificate for our organisition and many internal sites have a certificate issued from this CA. I want to import this self signed root CA so all sites with certs issued by this org CA is trusted OS wide. To do this on Arch one can: #+begin_src sh wget -O /etc/ca-certificates/trust-source/anchors/fnb-ca.pem http://http://fqdn/pub/org-ca.crt trust extract-compat #+end_src Debian Family #+begin_src sh mkdir /usr/share/ca-certificates/extra wget -O /usr/share/ca-certificates/extra/fnb-ca.crt http://http://fqdn/pub/org-ca.crt dpkg-reconfigure ca-certificates #+end_src I was hoping one could do the above within the system manifest file config.scm ? Else perhaps we do: wget -O /etc/ca-certificates/trust-source/anchors/fnb-ca.pem http://http://fqdn/pub/org-ca.crt trust extract-compat Doing a command like this would make most of the apps(curl/wget/browser) on the system trust these sites. -- Divan
Re: root certificate
Joshua Branson writes: > Divan Santana writes: > >> Hi Guix :) >> >> How does one import a root certificate for GuixSD? > > This probably isn't helpful, but what is a root certificate? https://en.wikipedia.org/wiki/Root_certificate In cryptography and computer security, a root certificate is a public key certificate that identifies a root certificate authority (CA).[1] Root certificates are self-signed and form the basis of an X.509-based public key infrastructure (PKI). So in my case, I have a root CA certificate for our organisition and many internal sites have a certificate issued from this CA. >> I didn't see it in the manual. >> >> (Hopefully I didn't miss it. I need to read up on using info within Emacs >> better.) >> -- >> Divan -- Divan
root certificate
Hi Guix :) How does one import a root certificate for GuixSD? I didn't see it in the manual. (Hopefully I didn't miss it. I need to read up on using info within Emacs better.) -- Divan
cssh doesn't seem to work out the box
Hi Guix, I installed cssh and trying to use it like so: cssh `cat /tmp/servers` but it breaks with: Can't locate Tk.pm in @INC (you may need to install the Tk module) (@INC contains: /gnu/store/w60y4wh55iqxp56migmy7427n8aib9wj-perl-x11-protocol-0.56/lib/perl5/site_perl/5.26.1/x86_64-linux-thread-multi /gnu/store/w60y4wh55iqxp56migmy7427n8aib9wj-perl-x11-protocol-0.56/lib/perl5/site_perl/5.26.1 /gnu/store/9fvfncp68w6lkf5578vc24hiyrpxczsl-perl-tk-804.034/lib/perl5/site_perl/5.26.1/x86_64-linux /gnu/store/4f6vc8chh94di6qby5k13dvgp6dybvc9-perl-5.26.1/lib/perl5/site_perl/5.26.1/x86_64-linux-thread-multi /gnu/store/4f6vc8chh94di6qby5k13dvgp6dybvc9-perl-5.26.1/lib/perl5/site_perl/5.26.1 /gnu/store/4f6vc8chh94di6qby5k13dvgp6dybvc9-perl-5.26.1/lib/perl5/5.26.1/x86_64-linux-thread-multi /gnu/store/4f6vc8chh94di6qby5k13dvgp6dybvc9-perl-5.26.1/lib/perl5/5.26.1) at /gnu/store/0ckwbr6jvbs3mq5i46kmn4cyhriv3sqj-clusterssh-3.28/bin/.cssh-real line 66. BEGIN failed--compilation aborted at /gnu/store/0ckwbr6jvbs3mq5i46kmn4cyhriv3sqj-clusterssh-3.28/bin/.cssh-real line 66. Does this work for anyone else? On guixsd. -- Divan
dvorak
Hi Guix, There's been several mails and configs I've seen for dvorak configuration. Though, I can't seem to find any info or examples on how to configure dvorak for grub. I have an encrypted boot and on boot up grub asks for crypt passphrase as does the system on boot up. While talking about luks, is it normal/best practice to have the passphrase on start up ask twice? Once for boot vol at grub, and once for /root I suppose? And how can one configure dvorak for the keymap early? This Arch Wiki article[1] mentions how to do this for grub. [1]: https://wiki.archlinux.org/index.php/GRUB/Tips_and_tricks#Manual_configuration_of_core_image_for_early_boot For the console once booted up (console-keymap-service "dvorak") works. For X, I'd like to configure it in .xsession on .xinitrc or the i3 config. I think that won't be a problem and have seen examples for that. -- Divan
Re: Installing GuixSD on an external USB hard drive
Chris Marusich <cmmarus...@gmail.com> writes: > Hi Divan! > > Thank you for taking the time to write to us about the problem. These > kinds of but reports are very helpful! Your welcome. Thanks for the great reply. > On Tue, Apr 17, 2018, 06:43 Divan Santana <di...@santanas.co.za> wrote: > >> OK, I think this is a bug. > > > It could be. Please report it to bug-g...@gnu.org. If you have an > operating system configuration file that reproduces the problem > consistently, please share it in your report. In particular, if you can > reproduce the problem using "guix system vm", it will make things much > easier for us to debug. The manual describes how to use that command: > > https://www.gnu.org/software/guix/manual/html_node/Invoking-guix-system.html I need to spend time on this and try reproduce it and report it properly. For the moment I've worked around it. > > The way I worked around it was to: > > >> 1) remount /gnu/store rw >> >> 2) >> >> cd >> >> /gnu/store/n9ym4yl7s55pm57rnc5whjlzjgvxas32-linux-libre-4.16.2/lib/modules/4.16.2-gnu/kernel/drivers/usb/storage/ >> cp usb_storage.ko usb-storage.ko >> > > That's good to know, but you should not modify files in the store or mount > it rw. Absolutely. I just did it to try test the theory. I've undone the hack and will see if things break later. But this is a test system. > It can lead to unpredictable behavior because doing so may violate > certain invariants. When hacking around on a throw-away system to > investigate an issue like this, don't this might be useful, but on systems > you care about, essentially the only way you should interact with the store > is via the public Guix scheme APIs and the Guix command line tools, since > they will ensure that the store's invariants are never violated. > Again, thank you for the report! I hope everything is smooth sailing from > this point on. Thanks again. Doubt it will be smooth sailing lol. But I'm learning and guix is awesome and hope to continue learning and cotribute more in time. -- Divan
Re: Installing GuixSD on an external USB hard drive
myg...@gmail.com writes: > On 04/16/2018 at 20:04 Divan Santana writes: > >> Hi Guix, >> >> So I'm installing GuixSD on an external USB hard drive. >> >> This is obviously quite useful to test and setup all before you switch >> to it. I plan to eventually install on laptop. >> >> I could do it in a VM but... >> >> Anyway, the install went flawless and docs are great. >> >> *After a reboot*, I did a guix pull and system reconfigure. >> >> (I did change the drive letter, since post reboot grub was on sdb, not c) > > Hi Divan, > > GuixSD is intolerant to a change in logical assignment of the boot drive > after the the "git init" ... > > Ref: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=23072 > > Maybe your problem is related? Thanks! Seems similar, though I think not quite the same. -- Divan
Re: Installing GuixSD on an external USB hard drive
Divan Santana <di...@santanas.co.za> writes: > Hi Guix, > > So I'm installing GuixSD on an external USB hard drive. > > This is obviously quite useful to test and setup all before you switch > to it. I plan to eventually install on laptop. > > I could do it in a VM but... > > Anyway, the install went flawless and docs are great. > > *After a reboot*, I did a guix pull and system reconfigure. > > (I did change the drive letter, since post reboot grub was on sdb, not c) > > I got an error saying: > > unknown location, you may need these modules in the initrd: uas > usb_storage . > > It then pastes the snippet of code. Really cool and useful. > > Though, bit confused why the install worked and rebooted, yet post > reboot I now require it? > > Moving on, I add the snippet of code but it errors out with: > > usb_storage module not found. > > A find shows the module is in the 4.16 dir, named usb-storage. > > Note - not _. > > I thought perhaps that's the issue so I changed the code to specify mod > usb-storage (not _). > > However I then get the orig error, that I should add usb_storage mod in > initrd-modules. > > Suppose the question is why is usb_storage not found? > > Any ideas? > > (sorry for lack of exact messages, don't have remote access to system at mo) OK, I think this is a bug. The way I worked around it was to: 1) remount /gnu/store rw 2) cd /gnu/store/n9ym4yl7s55pm57rnc5whjlzjgvxas32-linux-libre-4.16.2/lib/modules/4.16.2-gnu/kernel/drivers/usb/storage/ cp usb_storage.ko usb-storage.ko As said earlier guix doesn't allow me to specify usb-storage in the scm file and it suggests usb_storage, which it fails to find without the above hack. Prob gets it from lsmod which reports usb_storage while the file is usb-storage.ko This is obviously not right. Prob a simple fix but out of my capabilities at the mo. lol -- Divan
Re: Installing GuixSD on an external USB hard drive
Pierre Neidhardt <ambre...@gmail.com> writes: > But did you _add_ the module into the initrd? This should be done in your > configuration file upon which you run `guix system reconfigure`. > > (operating-system >;... > >(initrd-modules (append (list "usb_module") > %base-initrd-modules)) > > Also see the info page "(guix) operating-system Reference". Yes I did add it exactly like that. Well with "uas" too. I did say that in my email: > It then pastes the snippet of code. > Moving on, *I add the snippet of code* but it errors out with: > usb_storage module not found. Hence, it's obviously reading the code since it produces a diff error. The Q is why it doesn't find the module. -- Divan
Installing GuixSD on an external USB hard drive
Hi Guix, So I'm installing GuixSD on an external USB hard drive. This is obviously quite useful to test and setup all before you switch to it. I plan to eventually install on laptop. I could do it in a VM but... Anyway, the install went flawless and docs are great. *After a reboot*, I did a guix pull and system reconfigure. (I did change the drive letter, since post reboot grub was on sdb, not c) I got an error saying: unknown location, you may need these modules in the initrd: uas usb_storage . It then pastes the snippet of code. Really cool and useful. Though, bit confused why the install worked and rebooted, yet post reboot I now require it? Moving on, I add the snippet of code but it errors out with: usb_storage module not found. A find shows the module is in the 4.16 dir, named usb-storage. Note - not _. I thought perhaps that's the issue so I changed the code to specify mod usb-storage (not _). However I then get the orig error, that I should add usb_storage mod in initrd-modules. Suppose the question is why is usb_storage not found? Any ideas? (sorry for lack of exact messages, don't have remote access to system at mo) -- Divan
Re: using guix for ruby development
Christopher Baines <m...@cbaines.net> writes: > Divan Santana <di...@santanas.co.za> writes: > >> Divan Santana <di...@santanas.co.za> writes: >>> Is there a simple way of getting these gems installed to use guix system >>> libs so things don't break? >> >> So for this particular project I managed to get it working via changing >> the Gemfile to up the version on nokogiri to 1.8 so I can use the >> nokogiri from guix. Did the same with ffi which had similar issue. >> >> That's not ideal as one may need a diff version or the gem may not be >> packaged yet. >> >> Any thoughts? > > I've been putting up with using bundler and rubygems for a little while > now, although I'd still like to switch to only using Guix packages one > day. Yes that would be ideal. One day. > My current workflow when I use Bundler/Rubygems is to using Guix to > provide the right version of Ruby, and then Direnv to setup the > environment. > > This would be a .envrc file that would work for nokogiri. > > use guix --ad-hoc ruby@2.3 gcc-toolchain pkg-config libxml2 libxslt > > layout ruby > > > To use this, you'd need to create a file called .envrc with the above 2 > lines, and then run direnv allow to allow it to be loaded. After it > loads, assuming you're using bundler, you should run gem install > bundler. This works better than using the Guix package for bundler, as > that uses a specific Ruby version, which might not be the one you've > specified in the environment. After bundler is installed, run bundle > install. When things break, which they will, I just rm -rf .direnv, and > start again. > > So, in summary. > > # create the .envrc file > direnv allow > gem install bundler > bundle This is really awesome and saved the day for me. It works well! I read up a bit on the above because wasn't that familiar with some of the direnv magic above. use guix --ad-hoc ruby@2.4.3 gcc-toolchain pkg-config libxml2 libxslt layout ruby Thanks a lot! This setup also works nicely with emacs-direnv. However with an old puppet 3 project using ruby 2.1.10 setup using the below I get these weird errors. Any idea? $ cd ~/src/fnb/puppet-main direnv: loading .envrc direnv: using guix --ad-hoc ruby@2.1.10 gcc-toolchain pkg-config libxml2 libxslt direnv: export +BUNDLE_BIN +CPLUS_INCLUDE_PATH +C_INCLUDE_PATH +GEM_HOME +LIBRARY_PATH +PKG_CONFIG_PATH ~GEM_PATH ~PATH ~/src/fnb/puppet-main $ cat .envrc use guix --ad-hoc ruby@2.1.10 gcc-toolchain pkg-config libxml2 libxslt layout ruby $ which ruby /gnu/store/izam4vc9zp4q4wzrfm77pix5nscc4d48-profile/bin/ruby 15:36 admin@laptop 0 29602 ~/src/fnb/puppet-main $ which gem /gnu/store/izam4vc9zp4q4wzrfm77pix5nscc4d48-profile/bin/gem 15:36 admin@laptop 0 34372 ~/src/fnb/puppet-main $ which bundle /home/admin/src/fnb/puppet-main/.direnv/bin/bundle 15:37 admin@laptop 0 39143 ~/src/fnb/puppet-main $ ruby -v ruby 2.1.10p492 (2016-04-01 revision 54464) [x86_64-linux] 15:37 admin@laptop 0 48688 ~/src/fnb/puppet-main $ which irb /gnu/store/izam4vc9zp4q4wzrfm77pix5nscc4d48-profile/bin/irb 15:37 admin@laptop 0 53463 ~/src/fnb/puppet-main $ irb /gnu/store/k7ipxfl30xazwp940kmvp1wx44gx854c-ruby-2.1.10/lib/ruby/2.1.0/fileutils.rb:250:in `mkdir': Permission denied @ dir_s_mkdir - /home/admin/.guix-profile/lib/ruby/vendor_ruby/extensions/x86_64-linux/2.1.0-static (Errno::EACCES) from /gnu/store/k7ipxfl30xazwp940kmvp1wx44gx854c-ruby-2.1.10/lib/ruby/2.1.0/fileutils.rb:250:in `fu_mkdir' from /gnu/store/k7ipxfl30xazwp940kmvp1wx44gx854c-ruby-2.1.10/lib/ruby/2.1.0/fileutils.rb:224:in `block (2 levels) in mkdir_p' Was getting similar issues when running bundle there. -- Divan
Re: using guix for ruby development
Marius Bakke <mba...@fastmail.com> writes: > Divan Santana <di...@santanas.co.za> writes: > >> Divan Santana <di...@santanas.co.za> writes: >> >>> Hi all, >>> >>> So I'm *trying* to use guix on Parabola Linux to provide the rubies and >>> replace some other functionality of like chruby for instance. >>> >>> I'm a bit of a noob with guix and even ruby, so it's a bit of a >>> challenge. >>> >>> I've read through these nice notes[1] by Pjotr. The answers I'm looking >>> for, may well be in there but I might have missed it. >>> >>> [1]: >>> - https://gitlab.com/pjotrp/guix-notes/blob/master/RUBY.org >>> - https://gitlab.com/pjotrp/guix-notes/blob/master/RUBYGEMS-Nokogiri.org >>> >>> I've also used the linked in script[2] which helps. >>> >>> [2]: https://gitlab.com/pjotrp/guix-notes/blob/master/scripts/ruby-guix-env >>> >>> Anyway the issue: >>> >>> $ gem env >>> RubyGems Environment: >>> - RUBYGEMS VERSION: 2.6.14 >>> - RUBY VERSION: 2.4.3 (2017-12-14 patchlevel 205) [x86_64-linux] >>> - INSTALLATION DIRECTORY: >>> /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0 >>> - USER INSTALLATION DIRECTORY: /home/admin/.gem/ruby/2.4.0 >>> - RUBY EXECUTABLE: >>> /gnu/store/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/bin/ruby >>> - EXECUTABLE DIRECTORY: >>> /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/bin >>> - SPEC CACHE DIRECTORY: >>> /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/specs >>> - SYSTEM CONFIGURATION DIRECTORY: >>> /gnu/store/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/etc >>> - RUBYGEMS PLATFORMS: >>> - ruby >>> - x86_64-linux >>> - GEM PATHS: >>>- /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0 >>>- /home/admin/.guix-profile/lib/ruby/vendor_ruby >>>- /home/admin/.guix-profile/lib/ruby/gems/2.4.0/ >>> - GEM CONFIGURATION: >>>- :update_sources => true >>>- :verbose => true >>>- :backtrace => false >>>- :bulk_threshold => 1000 >>>- "gem" => "--no-rdoc" >>> - REMOTE SOURCES: >>>- https://rubygems.org/ >>> - SHELL PATH: >>>- >>> /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/bin >>>- /home/admin/src/ds-config/guile/scripts >>>- /home/admin/src/ds-config/bin >>>- /home/admin/.node_modules/node_modules/.bin >>>- /home/admin/.guix-profile/bin >>>- /home/admin/src/ds-config/guile/scripts >>>- /home/admin/src/ds-config/bin >>>- /home/admin/.node_modules/node_modules/.bin >>>- /home/admin/.guix-profile/bin >>>- /usr/local/sbin >>>- /usr/local/bin >>>- /usr/bin >>>- /usr/lib/jvm/default/bin >>>- /usr/bin/site_perl >>>- /usr/bin/vendor_perl >>>- /usr/bin/core_perl >>> >>> So I'm in a ruby project. I type `bundle install` to install the gems. >>> >>> It goes and fetches the missing gems and installs them in >>> /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/gems/ >>> >>> That's great. I fire up the project[3] with: >>> >>> [3]: https://gitlab.com/gitlab-com/gitlab-docs (using an older commit >>> because ruby25 is not yet in guix repos. >>> >>> $ bundle exec nanoc live >>> >>> Captain! We’ve been hit! >>> >>> LoadError: liblzma.so.5: cannot open shared object file: No such file or >>> directory - >>> /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/gems/nokogiri-1.7.2/lib/nokogiri/nokogiri.so >>> >>> $ ldd >>> /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/gems/nokogiri-1.7.2/lib/nokogiri/nokogiri.so >>> linux-vdso.so.1 (0x76b1) >>> libm.so.6 => /usr/lib/libm.so.6 (0x7f469080f000) >>> libdl.so.2 => /usr/lib/libdl.so.2 (0x7f469060b000) >>> liblzma.so.5 => /usr/lib/liblzma.so.5 (0x7f46903e5000) >>> libz.so.1 => /usr/lib/libz.so.1 (0x7f46901ce000) >>> libpth
Re: using guix for ruby development
Divan Santana <di...@santanas.co.za> writes: > Hi all, > > So I'm *trying* to use guix on Parabola Linux to provide the rubies and > replace some other functionality of like chruby for instance. > > I'm a bit of a noob with guix and even ruby, so it's a bit of a > challenge. > > I've read through these nice notes[1] by Pjotr. The answers I'm looking > for, may well be in there but I might have missed it. > > [1]: > - https://gitlab.com/pjotrp/guix-notes/blob/master/RUBY.org > - https://gitlab.com/pjotrp/guix-notes/blob/master/RUBYGEMS-Nokogiri.org > > I've also used the linked in script[2] which helps. > > [2]: https://gitlab.com/pjotrp/guix-notes/blob/master/scripts/ruby-guix-env > > Anyway the issue: > > $ gem env > RubyGems Environment: > - RUBYGEMS VERSION: 2.6.14 > - RUBY VERSION: 2.4.3 (2017-12-14 patchlevel 205) [x86_64-linux] > - INSTALLATION DIRECTORY: > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0 > - USER INSTALLATION DIRECTORY: /home/admin/.gem/ruby/2.4.0 > - RUBY EXECUTABLE: > /gnu/store/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/bin/ruby > - EXECUTABLE DIRECTORY: > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/bin > - SPEC CACHE DIRECTORY: > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/specs > - SYSTEM CONFIGURATION DIRECTORY: > /gnu/store/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/etc > - RUBYGEMS PLATFORMS: > - ruby > - x86_64-linux > - GEM PATHS: >- /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0 >- /home/admin/.guix-profile/lib/ruby/vendor_ruby >- /home/admin/.guix-profile/lib/ruby/gems/2.4.0/ > - GEM CONFIGURATION: >- :update_sources => true >- :verbose => true >- :backtrace => false >- :bulk_threshold => 1000 >- "gem" => "--no-rdoc" > - REMOTE SOURCES: >- https://rubygems.org/ > - SHELL PATH: >- > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/bin >- /home/admin/src/ds-config/guile/scripts >- /home/admin/src/ds-config/bin >- /home/admin/.node_modules/node_modules/.bin >- /home/admin/.guix-profile/bin >- /home/admin/src/ds-config/guile/scripts >- /home/admin/src/ds-config/bin >- /home/admin/.node_modules/node_modules/.bin >- /home/admin/.guix-profile/bin >- /usr/local/sbin >- /usr/local/bin >- /usr/bin >- /usr/lib/jvm/default/bin >- /usr/bin/site_perl >- /usr/bin/vendor_perl >- /usr/bin/core_perl > > So I'm in a ruby project. I type `bundle install` to install the gems. > > It goes and fetches the missing gems and installs them in > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/gems/ > > That's great. I fire up the project[3] with: > > [3]: https://gitlab.com/gitlab-com/gitlab-docs (using an older commit > because ruby25 is not yet in guix repos. > > $ bundle exec nanoc live > > Captain! We’ve been hit! > > LoadError: liblzma.so.5: cannot open shared object file: No such file or > directory - > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/gems/nokogiri-1.7.2/lib/nokogiri/nokogiri.so > > $ ldd > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/gems/nokogiri-1.7.2/lib/nokogiri/nokogiri.so > linux-vdso.so.1 (0x76b1) > libm.so.6 => /usr/lib/libm.so.6 (0x7f469080f000) > libdl.so.2 => /usr/lib/libdl.so.2 (0x7f469060b000) > liblzma.so.5 => /usr/lib/liblzma.so.5 (0x7f46903e5000) > libz.so.1 => /usr/lib/libz.so.1 (0x7f46901ce000) > libpthread.so.0 => /usr/lib/libpthread.so.0 (0x7f468ffb) > libcrypt.so.1 => /usr/lib/libcrypt.so.1 (0x7f468fd78000) > libc.so.6 => /usr/lib/libc.so.6 (0x7f468f9c1000) > /usr/lib64/ld-linux-x86-64.so.2 (0x7f4690f97000) > > Guessing the reason is because it seems to compile against the OS system > and not the "guix system". And that could cause problems? > > Other gems also are like this. > > $ ldd > /home/admin/.gem/sx7ih0vgp7q8zj7k58xjvnp3yghig0ll-ruby-2.4.3/2.4.0/gems/ffi-1.9.18/lib/ffi_c.so > linux-vdso.so.1 (0x7ffd1bdf1000) > libffi.so.6 => /usr/lib/libffi.so.6 (0x7f6af531e000) > libpthread.so.0 => /usr/lib/libpthread.so.0 (0x7f6af510) > libdl.so.2 => /usr/lib/libdl.so.2 (0x7f6af4efc000) > l
ledger fails to install - 5 tests failed out of 352
Hello fellow Guixers, So ledger fails to install with the following #+BEGIN_EXAMPLE 99% tests passed, 5 tests failed out of 352 Total Test time (real) = 37.60 sec The following tests FAILED: 47 - BaselineTest_dir-import_py (Failed) 49 - BaselineTest_dir-python_py (Failed) 59 - BaselineTest_feat-import_py (Failed) 104 - BaselineTest_opt-datetime-format (Failed) 201 - BaselineTest_opt-time-report (Failed) Errors while running CTest make: *** [Makefile:153: test] Error 8 phase `check' failed after 37.6 seconds builder for `/gnu/store/f548wcr2crf7a8ghrn34xk37p65j5isc-ledger-3.1.1.drv' failed with exit code 1 derivation '/gnu/store/f548wcr2crf7a8ghrn34xk37p65j5isc-ledger-3.1.1.drv' offloaded to 'guixsd.santanas.co.za' failed: build of `/gnu/store/f548wcr2crf7a8ghrn34xk37p65j5isc-ledger-3.1.1.drv' failed guix system: error: build failed: build of `/gnu/store/f548wcr2crf7a8ghrn34xk37p65j5isc-ledger-3.1.1.drv' failed #+END_EXAMPLE What can one do to fix this error and get it working again? Suppose we could install an older version of ledger if there is an older version in the substitutes (correct word?) if it exists. -- Divan
Re: Issues with my configuration - zsh shell default
Fredrik Salomonssonwrites: [...] > 2) > >> There is no module “(gnu packages zsh)”. “zsh” is now in “(gnu packages >> shells)”. > > > >> (use-package-modules shells) >> (users (cons (user-account >> (name "admin") >> (comment "") >> (group "users") >> (supplementary-groups '("wheel" "netdev" >> "audio" "video")) >> (shell #~(string-append #$zsh "/bin/zsh")) >> (home-directory "/home/admin")) >>%base-user-accounts)) > > > This worked for me. Thanks. What is the best way of looking up what package > belongs to what module? In case I hit more of this in the future. Good Q. I have no idea. I guessed. I'm still new to all this too :-)
Re: Issues with my configuration - zsh shell default
> 2) Change shell for user to zsh. > I followed https://gitlab.com/rain1/guix-wiki/wikis/FAQ on how to change > shell to zsh but getting this error when reconfiguring: > >> guix system: error: failed to load '/etc/config.scm': >> ice-9/boot-9.scm:2795:6: In procedure resolve-interface: >> ice-9/boot-9.scm:2795:6: no code for module (gnu packages zsh) > > I can install zsh using guix package -i zsh and start it manually. This works for me: (use-package-modules shells) (users (cons (user-account (name "admin") (comment "") (group "users") (supplementary-groups '("wheel" "netdev" "audio" "video")) (shell #~(string-append #$zsh "/bin/zsh")) (home-directory "/home/admin")) %base-user-accounts)) Though I'm not yet sure how to change the root accounts shell to zsh. Anyone know that? Ricardo Wurmus <rek...@elephly.net> writes: > Hi Fredrik, > >> 1) Mounting a nfs disk. >> I tried adding the nfs mount to file-systems. >> >>> (file-system >>>(device "fafner:/srv/nfs4/Valhalla") >>>(title 'device) >>>(mount-point "/media/Valhalla") >>>(type "nfs4") >>>(check? #f)) >> >> It works after I reconfigure guix >> >>> sudo guix system reconfigure /etc/config.scm >> >> But when I reboot, guixsd will not start it just hangs in the boot process. >> Looks like a lot of services are failing. > > Do you want this to be mounted on boot? I don’t think there’s a way to > express that a mount should happen after the network has come up (yet). > > You can only tell Guix not to try to mount the disk on boot. Use > auto-mounting to mount the disk on demand at a later point. (We don’t > have a service for autofs yet.) > > Your contributions in this area would be welcome! > >> 2) Change shell for user to zsh. >> I followed https://gitlab.com/rain1/guix-wiki/wikis/FAQ on how to change >> shell to zsh but getting this error when reconfiguring: >> >>> guix system: error: failed to load '/etc/config.scm': >>> ice-9/boot-9.scm:2795:6: In procedure resolve-interface: >>> ice-9/boot-9.scm:2795:6: no code for module (gnu packages zsh) > > There is no module “(gnu packages zsh)”. “zsh” is now in “(gnu packages > shells)”. > >> 3) Keyboard mapping. > […] > >> The question is how do I translate this to GuixSD? Closest I could find in >> the manual was about the X window, but didn't find anything that directly >> matches what I want. > > Here’s what I do in my config: > > --8<---cut here---start->8--- > (define dvorak-evdev > (call-with-input-file "/etc/config.d/evdev.conf" read-string)) > > […] > > (operating-system … > (services … > (modify-services %desktop-services > (slim-service-type >config => (slim-configuration > (inherit config) > (startx (xorg-start-command >#:configuration-file >(xorg-configuration-file > #:extra-config > (list dvorak-evdev)) > …))) > --8<---cut here---end--->8--- > > You can use something like that to add to the xorg configuration file. > Just put your snippet in a file and slurp it up. > >> 4) /bin/env >> In the manual, under Base Services >> <https://www.gnu.org/software/guix/manual/guix.html#Base-Services> it >> describes how to add env to /bin. I tried adding that snippet to my >> services but I don't see env in /bin after I reconfigure. > > Not sure about this one. Your config looks okay to me. I’m not using > this myself, so I don’t know if there’s a bug in our documentation. > >> I've also noticed some odd issues with my keyboards that are running the qmk >> firmware <https://github.com/qmk/qmk_firmware>. I've setup that my space >> have a dual action, it's register as space when pressing and ctrl when >> holding the key. But when using them in GuixSD it results in a 1s delay >> every time I press space. Which gives a very sluggish impression when >> typing in the terminal. It works fine if I disable that feature. I have not >> experienced that issue in any other distro. > > Don’t know about this one. Is any kernel firmware loading mechanism > involved or do you suspect an xorg configuration problem? -- Best regards, Divan Santana Red Hat Certified Architect RHCA | CCNA | MCSE Mobile: +27 82 787 8522 Email: di...@santanas.co.za
Re: Using tramp with guixsd install image
Ludovic Courtès <l...@gnu.org> writes: > Divan Santana <di...@santanas.co.za> skribis: > > [...] > >>> The VM image should contain a valid /bin/sh already, doesn’t it? >> >> No it doesn't. >> >> There is no '/bin/sh' on the guixsd-usb-install-0.13.0.x86_64-linux.xz >> image/VM. > > Oops, indeed. I’ve just fixed it: > > > https://git.savannah.gnu.org/cgit/guix.git/commit/?id=50cb948f1c584344c63129e535c2fe7b54332a87 Great - thanks.
Re: guixsd install questions
Ludovic Courtès <l...@gnu.org> writes: > Divan Santana <di...@santanas.co.za> skribis: > >> Ludovic Courtès <l...@gnu.org> writes: > > [...] > >>> My guess is that you’d need to explicitly mark one of the mapped device >>> as depending on the other; this cannot be guessed. >>> >>> If you run “guix system shepherd-graph” on your config you’ll probably >>> see that there’s no such dependency. >>> >>> Currently dependencies among mapped devices cannot be expressed, but >>> that’s easy to fix (by providing a ‘dependencies’ field as in >>> ‘file-system’.) >> >> So I've tried altering the code and asked on IRC a while back too. I >> tried some of the suggestions that were given but none of them worked. >> >> Would you be able to "spell out" for someone clueless what the code >> should look like to express the dependencies. >> >> Currently the code looks like this >> >> (bootloader (grub-configuration (device "/dev/vdb"))) >> (mapped-devices (list >>(mapped-device >> (source (list "/dev/vdb1" "/dev/vdc1")) >> (target "/dev/md0") >> (type raid-device-mapping)) >>(mapped-device >> (source (uuid "1c0f1601-97f4-4a3d-9528-cd76130ff919")) >> (target "crypt") >> (type luks-device-mapping >> (file-systems (cons (file-system >>(device "/dev/mapper/crypt") >>(title 'device) >>(mount-point "/") >>(type "ext4")) >> %base-file-systems)) > > You can have your file system depend on the two mapped devices like > this: > >(file-systems (cons (file-system > (device "/dev/mapper/crypt") > (title 'device) > (mount-point "/") > (type "ext4") > (dependencies mapped-devices)) >%base-file-systems)) > > What *cannot* be expressed yet is dependencies among mapped devices. > For that we need to extend the record with a > ‘dependencies’ field like does. Ah, I thought there was a workaround to get the combination of mdadm+luks working. Currently with your above suggestion it fails to boot post install at grub with: error: file `/gnu/store...-raw-initrd' not found. > You’re welcome to start working on it if you feel like it (and I’d be > happy to help!) and/or submit it to bug-g...@gnu.org. I wish. Maybe one day. My coding skills are MIA and time is very limited. But I do hope to start contributing in some way in time (besides my FSF financial support). > I hope this is a bit clearer now! Thanks. :-)
Re: Using tramp with guixsd install image
Alex Kost <alez...@gmail.com> writes: > Divan Santana (2017-06-30 22:15 +0200) wrote: > >> Hi, >> >> Trying to use my emacs (on arch linux) with the guixsd system from the >> 0.13 image and ssh-daemon. By image, this is a fresh VM booted >> guixsd-usb-install-0.13.0.x86_64-linux and about to install guixsd . >> >> This Used to work with 0.12 image. >> >> Now I have this set >> >> ;; ;; TRAMP and guix settings >> (setq tramp-default-method "scp") >> ;; https://lists.gnu.org/archive/html/help-guix/2016-10/msg00049.html >> (setq tramp-remote-path >> (append tramp-remote-path >> '("~/.guix-profile/bin" "~/.guix-profile/sbin" >> "/run/current-system/profile/bin" >> "/run/current-system/profile/sbin"))) > > With this ^^^ your additional paths are "shadowed" by the default > value of 'tramp-remote-path'. Try to make it reverse: > >(setq tramp-remote-path > (append '("~/.guix-profile/bin" "~/.guix-profile/sbin" >"/run/current-system/profile/bin" >"/run/current-system/profile/sbin") > tramp-remote-path)) The above does make sense. I've tried it your suggested way and unfortunately I'm getting the same results. For some reason my emacs tramp is looking for /bin/sh still and has the same initial error reported. > However I don't think you need to set all these paths manually. > > The different behavior between 0.12 and 0.13 may be caused by this > commit: > > > http://git.savannah.gnu.org/cgit/guix.git/commit/?id=dc7010911dd3285fe9089352e92c77501595d100 > > i.e. your problem may occur because 'tramp-default-remote-path' is the > first element of 'tramp-remote-path' variable now. I think this wouldn't affect me as my emacs is from arch linux repositories? >> How can one configure tramp to work without the above hack? > > I don't know if it will help you or not, but here is the setting I have > in my emacs config, which works for me for years: > > (with-eval-after-load 'tramp-sh > (push 'tramp-own-remote-path tramp-remote-path)) The above didn't work for me either.
Re: guixsd install questions
Hi Ludo, Ludovic Courtès <l...@gnu.org> writes: > Hello! > > Divan Santana <di...@santanas.co.za> skribis: > >> Then do the install with this guile code: >> >> #+BEGIN_SRC scheme >> ;; two devices in raid0 striped with LUKS full disk encryption. >> (bootloader (grub-configuration (device "/dev/vdb"))) >> (mapped-devices (list >>(mapped-device >> (source (list "/dev/vdb1" "/dev/vdc1")) >> (target "/dev/md0") >> (type raid-device-mapping)) >>(mapped-device >> (source (uuid "fb29c6f6-b2c0-4c87-8651-4962b7125dc0")) >> (target "crypt") >> (type luks-device-mapping >> #+END_SRC >> >> >> And this too: >> >> #+BEGIN_SRC scheme >> (file-systems (cons (file-system >>(device "root") >>(title 'label) >>(mount-point "/") >>(type "ext4")) >> %base-file-systems)) >> #+END_SRC >> >> >> The above fails. So tried another install with device like so > > Do you know how it fails? I don't have exact details of how it fails. > My guess is that you’d need to explicitly mark one of the mapped device > as depending on the other; this cannot be guessed. > > If you run “guix system shepherd-graph” on your config you’ll probably > see that there’s no such dependency. > > Currently dependencies among mapped devices cannot be expressed, but > that’s easy to fix (by providing a ‘dependencies’ field as in > ‘file-system’.) So I've tried altering the code and asked on IRC a while back too. I tried some of the suggestions that were given but none of them worked. Would you be able to "spell out" for someone clueless what the code should look like to express the dependencies. Currently the code looks like this (bootloader (grub-configuration (device "/dev/vdb"))) (mapped-devices (list (mapped-device (source (list "/dev/vdb1" "/dev/vdc1")) (target "/dev/md0") (type raid-device-mapping)) (mapped-device (source (uuid "1c0f1601-97f4-4a3d-9528-cd76130ff919")) (target "crypt") (type luks-device-mapping (file-systems (cons (file-system (device "/dev/mapper/crypt") (title 'device) (mount-point "/") (type "ext4")) %base-file-systems)) Pre-install I configured the disks like so: #+BEGIN_EXAMPLE fdisk, one partition of each only marked as fd mdadm --create --level=0 --raid-devices=2 /dev/md0 /dev/vd[bc]1 cryptsetup luksFormat /dev/md0 cryptsetup luksOpen /dev/md0 crypt mkfs.ext4 -L root -m2 /dev/mapper/crypt mount /dev/mapper/crypt /mnt #+END_EXAMPLE
Using tramp with guixsd install image
Hi, Trying to use my emacs (on arch linux) with the guixsd system from the 0.13 image and ssh-daemon. By image, this is a fresh VM booted guixsd-usb-install-0.13.0.x86_64-linux and about to install guixsd . This Used to work with 0.12 image. Now I have this set ;; ;; TRAMP and guix settings (setq tramp-default-method "scp") ;; https://lists.gnu.org/archive/html/help-guix/2016-10/msg00049.html (setq tramp-remote-path (append tramp-remote-path '("~/.guix-profile/bin" "~/.guix-profile/sbin" "/run/current-system/profile/bin" "/run/current-system/profile/sbin"))) And I try open path: =/ssh:root@192.168.122.236:/mnt/etc/config.scm= However this results in "pid died" message. (Sometimes my emacs even crashes.) Anyway, after a bit of debugging there is a tramp buffer that pops up briefly and reports env /bin/sh no such file If in the VM, I do a hack like ln -s /run/current-system/profile/bin/sh /bin/sh Then tramp works without issue. How can one configure tramp to work without the above hack? (sorry this is more of an emacs then guix question) Divan
Re: Security questions around using Guix to package apps
Ludovic Courtès <l...@gnu.org> writes: > Hello Divan, > > Divan Santana <di...@santanas.co.za> skribis: > >> If guix is installed on a system and configured to point to substitutes >> that the same nonroot user has access to submit and approve packages in, >> can that nonroot user on the system gain root. Therefore would one need >> to review the submitted packages to avoid the user gaining root. >> >> (This is talking about guix package manager on a foreign distro like >> RedHat) >> >> I'm guessing it's not possible. Though would be nice to have >> feedback from those that are more familiar with it. > > We owe this design to Eelco Dolstra et al. of Nix. There’s a very good > analysis in this paper: > > https://nixos.org/~eelco/pubs/secsharing-ase2005-final.pdf > > Hopefully it answers all your questions and more. If not, come back > here. :-) Thanks Ludo. :-)
Re: Security questions around using Guix to package apps
Leo Famulari <l...@famulari.name> writes: > Hello! > > On Tue, Jun 27, 2017 at 11:19:24AM +0200, Divan Santana wrote: >> Though the customers/users require to ship applications. They normally do >> this >> with something like RPMs and a yum repository. >> >> The problem with this is: >> 1. yum/rpm requires root to install/upgrade/remove packages. >> 2. One can ship certain files in an RPM install it via yum and gain full >> root. >> 3. One can therefore use the RPMs/yum to gain full root. > > [...] > >> * Getting to the actual question >> Therefore can one ship files in a guix package and as nonroot install this >> package. Then use the files the package provided as a nonroot user to gain >> root? >> >> Or written another way, if guix is installed on a system and configured to >> point >> to substitutes that the same nonroot user has access to submit and approve >> packages in, can that nonroot user on the system gain root. Therefore would >> one >> need to review the submitted packages to avoid the user gaining root. >> >> ** Some theoretical examples of doing this >> >> 1. >> One example to do this would be to create a shell script with =sudo su -= (or >> similar problematic) contents then byte compile it and ship that in the >> application with setuid permission bit set on it? >> >> If this was possible with Guix, putting =/gnu= on it's own FS with mount >> option >> of =setuid=0= should solve this. > > There are two ways to deploy Guix: Guix on another distro, or GuixSD. > > On GuixSD, only privileged users can create setuid binaries. > > For Guix on another distro, nobody can create setuid binaries from > Guix packages, at least not without root privileges, and not without > some hacks. As far as I know, while using Guix on a foreign distro, > setuid programs are not supported at all. > > See the manual section Setuid Programs for more information: > > https://www.gnu.org/software/guix/manual/html_node/Setuid-Programs.html Thanks for this link and reply. This link helps specifically with the setuid concern. I figured with guix this probably wouldn't be an issue. >> 2. >> Ship a sudo file and install it in =/etc/sudoers.d= though I'm not sure if >> that's possible with Guix since it's kind of it it's own chroot. Unless it >> supports post-scripts section and that gets executed as root (doubt it). > > Guix packages don't touch the filesystem outside of /gnu/store and /tmp > (while building). And on GuixSD, only root can add users to the sudo > group. So, we don't need to worry about this scenario. Cool, thanks I thought as much. > Of course, there may be bugs. But Guix has been designed to prevent > the sort of privilege escalation you describe. Cool. > Does that answer your questions? Does anyone else have anything to add? Yes, I think so. Though I guess in summary my question is simple. If guix is installed on a system and configured to point to substitutes that the same nonroot user has access to submit and approve packages in, can that nonroot user on the system gain root. Therefore would one need to review the submitted packages to avoid the user gaining root. (This is talking about guix package manager on a foreign distro like RedHat) I'm guessing it's not possible. Though would be nice to have feedback from those that are more familiar with it. It sounds like guix is designed to not allow a nonroot user to gain root no matter what (customer) package is available in the "repositories". Thanks for the feedback!
Re: guixsd install questions
Ludovic Courtès <l...@gnu.org> writes: > Hello! > > Divan Santana <di...@santanas.co.za> skribis: > >> Then do the install with this guile code: >> >> #+BEGIN_SRC scheme >> ;; two devices in raid0 striped with LUKS full disk encryption. >> (bootloader (grub-configuration (device "/dev/vdb"))) >> (mapped-devices (list >>(mapped-device >> (source (list "/dev/vdb1" "/dev/vdc1")) >> (target "/dev/md0") >> (type raid-device-mapping)) >>(mapped-device >> (source (uuid "fb29c6f6-b2c0-4c87-8651-4962b7125dc0")) >> (target "crypt") >> (type luks-device-mapping >> #+END_SRC >> >> >> And this too: >> >> #+BEGIN_SRC scheme >> (file-systems (cons (file-system >>(device "root") >>(title 'label) >>(mount-point "/") >>(type "ext4")) >> %base-file-systems)) >> #+END_SRC >> >> >> The above fails. So tried another install with device like so > > Do you know how it fails? No unfortunately I didn't document it at the time. Though I'll do a better job of it next time I give it a go and give feedback. > My guess is that you’d need to explicitly mark one of the mapped device > as depending on the other; this cannot be guessed. > > If you run “guix system shepherd-graph” on your config you’ll probably > see that there’s no such dependency. > > Currently dependencies among mapped devices cannot be expressed, but > that’s easy to fix (by providing a ‘dependencies’ field as in > ‘file-system’.) I'll give this a try thanks. >> That failed, I then tried the UUID method, via =blkid >> /dev/mapper/crypt=, get the UUID and did another install with this >> snippet instead: >> >> #+BEGIN_SRC scheme >> (file-systems (cons (file-system >>(device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")) >>(title 'uuid) >>(mount-point "/") >>(type "ext4")) >> %base-file-systems)) >> #+END_SRC >> >> This fails with waiting for root device. > > Probably same problem as above. > > For now, using just RAID or just LUKS will work; it’s the combination > that’s not supported yet. >> * How to recover a failed install. How to chroot a broken system and >> fix? >> >> You can see why I'm asking this. When my failed crypt install fails, I >> sometimes just want to reconfigure the system to try another method. >> >> Now when I run =guix system init /mnt/etc/config.scm /mnt= to recover >> the install to the same preveiously install disk it re-downloads, >> re-compiles and redoes the whole install, instead of just perhaps >> changing grub to (attempt to) fix my crypt issue. >> >> Ideally I want to chroot into the installed (and broken) environment and >> do a =guix system reconfigure /etc/config.scm=. >> >> How can one do this? > > I guess you could boot the install image, mount the target file system, > chroot in it, run guix-daemon in there, and run ‘guix system > reconfigure’ there. > > That should work though that’s inconvenient at best. I'll give it a try and let you know. >> * How to use a proxy to do the install >> >> This is from the boot install media. >> >> I've read the docs on using proxy though it's not working like I expect. >> Prob doing something wrong. >> >> I've done the following >> >> On tt1 I did =herd stop guix-daemon= >> Then exported proxy like so: >> export http_proxy=http://server.domain.co.za:8080/ ; export >> ftp_proxy=$http_proxy ; export https_proxy=$http_proxy >> >> =herd start guix-daemon= > > The ‘http_proxy’ variable needs to be set in the environment of the > ‘guix-daemon’ process itself, which is why this doesn’t work. We should > make it easier to choose a proxy, for instance by having the daemon > honor client-provided proxy settings. Hmm, so what exactly do I need to do to get the http_proxy variable set in the guix-daemon environment? I've tried exporting on command line, then starting the daemon but that didn't work. > Thanks a lot for your detailed feedback! Thanks a lot for the awesome work on GuixSD!
Re: guixsd install questions
Marius Bakke <mba...@fastmail.com> writes: >> * How to get sshd running on install image for easier remote install. >> >> Useful for a VM: >> >> I'm doing this nasty hack for now. >> >> Get ssh working on boot image: >> #+BEGIN_EXAMPLE >> guix package -i shadow openssh >> export PATH="/root/.guix-profile/bin:/root/.guix-profile/sbin${PATH:+}$PATH" >> zile /etc/passwd # add sshd account >> zile /etc/shadow # add sshd account >> mkdir /etc/ssh >> echo "PermitRootLogin yes" > /etc/ssh/sshd_config >> ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key >> `which sshd` >> passwd root >> #+END_EXAMPLE >> >> Sure there's a better way then the above hack? > > Hi Divan, > > That is a nasty hack indeed. Yet it's about the best approach right now. > > I think it could be useful to ship a SSH server in the install image. > You can generate a disk image containing a service for "lsh" by adding > something like this to the file "gnu/system/install.scm", under > "%installation-services". > > (lsh-service #:port-number 22 >#:root-login? #t >#:password-authentication? #f >;; The root account is passwordless, so >;; make sure a password is required. >#:allow-empty-passwords? #f) > > Then generate a new disk image with > `guix system disk-image --image-size=1G gnu/system/install.scm`. > > Can you try that? If it works, feel free to submit it as a patch to the > "guix-devel" mailing list and we can consider adding it to the next > release. Thanks a ton for the feedback. I'll certainly try look into this and when I do, give feedback. -- Best regards, Divan Santana
guixsd install questions
Hi All, Few newbie questions regarding install. * How to get sshd running on install image for easier remote install. Useful for a VM: I'm doing this nasty hack for now. Get ssh working on boot image: #+BEGIN_EXAMPLE guix package -i shadow openssh export PATH="/root/.guix-profile/bin:/root/.guix-profile/sbin${PATH:+}$PATH" zile /etc/passwd # add sshd account zile /etc/shadow # add sshd account mkdir /etc/ssh echo "PermitRootLogin yes" > /etc/ssh/sshd_config ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key `which sshd` passwd root #+END_EXAMPLE Sure there's a better way then the above hack? Then then use Emacs tramp to put my install system manifest in place: Using emacs to remotely edit the file, which requires sshd on the install image. #+BEGIN_SRC emacs-lisp ;; TRAMP and guix settings (setq tramp-default-method "ssh") ;; workaround for guixsd ;; https://lists.gnu.org/archive/html/help-guix/2016-10/msg00049.html ;; Make sure we work on remote guixsd machines :) (setq tramp-remote-path (append tramp-remote-path '("~/.guix-profile/bin" "~/.guix-profile/sbin" "/run/current-system/profile/bin" "/run/current-system/profile/sbin"))) #+END_SRC Then one can open this path: =/ssh:root@192.168.122.236:/mnt/etc/config.scm= with tramp. * How to setup encrypted root with mdadm software raid 0? I've done the following and none are working yet. Partitioning #+BEGIN_EXAMPLE fdisk, one partition of each only marked as fd mdadm --create --level=0 --raid-devices=2 /dev/md0 /dev/vd[bc]1 cryptsetup luksFormat /dev/md0 cryptsetup luksOpen /dev/md0 crypt mkfs.ext4 -L root -m2 /dev/mapper/crypt mount /dev/mapper/crypt /mnt #+END_EXAMPLE Then do the install with this guile code: #+BEGIN_SRC scheme ;; two devices in raid0 striped with LUKS full disk encryption. (bootloader (grub-configuration (device "/dev/vdb"))) (mapped-devices (list (mapped-device (source (list "/dev/vdb1" "/dev/vdc1")) (target "/dev/md0") (type raid-device-mapping)) (mapped-device (source (uuid "fb29c6f6-b2c0-4c87-8651-4962b7125dc0")) (target "crypt") (type luks-device-mapping #+END_SRC And this too: #+BEGIN_SRC scheme (file-systems (cons (file-system (device "root") (title 'label) (mount-point "/") (type "ext4")) %base-file-systems)) #+END_SRC The above fails. So tried another install with device like so #+BEGIN_SRC scheme (file-systems (cons (file-system (device "/dev/mapper/crypt") (title 'device) (mount-point "/") (type "ext4")) %base-file-systems)) #+END_SRC That failed, I then tried the UUID method, via =blkid /dev/mapper/crypt=, get the UUID and did another install with this snippet instead: #+BEGIN_SRC scheme (file-systems (cons (file-system (device (uuid "4dab5feb-d176-45de-b287-9b0a6e4c01cb")) (title 'uuid) (mount-point "/") (type "ext4")) %base-file-systems)) #+END_SRC This fails with waiting for root device. * How to recover a failed install. How to chroot a broken system and fix? You can see why I'm asking this. When my failed crypt install fails, I sometimes just want to reconfigure the system to try another method. Now when I run =guix system init /mnt/etc/config.scm /mnt= to recover the install to the same preveiously install disk it re-downloads, re-compiles and redoes the whole install, instead of just perhaps changing grub to (attempt to) fix my crypt issue. Ideally I want to chroot into the installed (and broken) environment and do a =guix system reconfigure /etc/config.scm=. How can one do this? * How to use a proxy to do the install This is from the boot install media. I've read the docs on using proxy though it's not working like I expect. Prob doing something wrong. I've done the following On tt1 I did =herd stop guix-daemon= Then exported proxy like so: export http_proxy=http://server.domain.co.za:8080/ ; export ftp_proxy=$http_proxy ; export https_proxy=$http_proxy =herd start guix-daemon= =guix package -i something= and note the proxy is not working. Try do the install =guix system init /mnt/etc/config.scm /mnt= and note the proxy env is not being used. Greetings from South Africa :) -- Best regards, Divan Santana
Switching to GuixSD - some packages missing for me
I'd love to try out and properly switch to GuixSD. I've always been a huge Arch fan, and lately Parabola but there are many things that look great about GuixSD. Glad to see this distro and the work going on here. I know it's still in early early dev stage but a few blocker packages preventing me to switch are: 1) virt-manager - Since I may rely on a few VMs more as GuixSD has limited packages for now. Unless there is another easy way to run VMs? I'm not too familar with using qemu directly... 2) Davmail is GPL, would be nice if it was packaged. For Exchange email support. 3) Gajim omemo support is nice to have too. 4) parcellite clipboard. Unless there is another good clipboard program in the repos? (without pulling in too many deps) 5) libpurple and sipe is another nice to have. Bitblee libpurple+sipe even nicer. For the most part is seems almost all the essentials for me are there. Excited to see the progress with the distro. Wish you all the best of luck and hope one day in the future to get involved - can't at the moment. -- Best regards, Divan Santana