Re: [Nix-dev] Logo improvement ideas
There is an open alternative for Myriad: Vegur. N. On Sat, Sep 12, 2015, 4:11 AM Tim Cuthbertson wrote: > On Sat, Sep 12, 2015 at 2:10 AM, Daniel Peebles > wrote: > > Does anyone feel like the S in the NixOS typeface in the new logos is too > > narrow? I love the new graphical logo proposals, but the typeface > bothers me > > a little. > > Ahh yes, I meant to mention that - I don't really care about the > typeface much (well I care, but the existing one looks fine to me). > But I don't have it installed. According to the current logo svg, it's > "Myriad Web", which comes with various Adobe products (Photoshop, > Illustrator, etc). Since I'm using Linux/Inkscape, I don't have access > to it, and haven't seen any legal way of getting / using it outside of > purchasing Adobe CS. It apparently comes with acrobat reader, but that > license does _not_ cover use outside of reader. Or so I read on the > internet somewhere ;) > > So it may be legally OK for someone who has bought Adobe CS to render > out the logo with the "Myriad Pro" font. But I can't do it, and being > an open-source project, it's probably a better idea to opt for a more > openly available font. > > So, yeah.. I don't have any motivation to change the font for > aesthetic reasons, only for practical reasons. > > > On Fri, Sep 11, 2015 at 10:14 AM, Tim Cuthbertson > wrote: > >> > >> I've now updated this form with the remaining options, so I think it > >> is nearly ready to go. > >> > >> I'll let it stew for a few days in case anyone has suggestions for > >> improvement before we start collecting results, but does anyone know > >> who we'd talk to to get a link somewhere official (twitter / planet / > >> etc)? > >> > >> On Fri, Sep 11, 2015 at 9:03 PM, Oliver Charles > >> wrote: > >> > On Thu, Sep 10, 2015 at 1:35 PM Tim Cuthbertson > wrote: > >> >> > >> >> If nobody authoritative wants to set up a poll, I can certainly do > one > >> >> :) > >> >> I'm a little bit busy at the moment, but as long as we're not in a > >> >> hurry... > >> >> > >> >> To prevent overwhelming people with options, and after letting these > >> >> stew for a little while, I'd be happy to limit choices to: > >> >> > >> >> * shapes: just circle and hex. I think circle is strictly better than > >> >> "straight", and I think "slant" is too disorganised / unclean to be a > >> >> winner. > >> >> > >> >> * colours: "feature" and "half". The plain versions are probably too > >> >> boring to bother with. > >> >> > >> >> So that only leaves 4 proposals, across those two axis. I can include > >> >> more if people think it's worth it, but I don't want to overwhelm. > >> >> > >> >> I've made a start here: > >> >> > >> >> > >> >> > >> >> > https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform > >> > > >> > > >> > Looks like a step in the right direction! I can't think of anything > else > >> > I'd > >> > add. > >> ___ > >> nix-dev mailing list > >> nix-dev@lists.science.uu.nl > >> http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Logo improvement ideas
On Sat, Sep 12, 2015 at 4:37 AM, Nicolas Pierron wrote: > Instead of giving 4 choices for each logo, you should ask to rank the logo. I think so too, although I was unable to find an easy way to do this with google forms. > Also, I would love to have more choices. > > For example, I think the hex logo would be nicer with the weight of > the straight lambda. > > Maybe instead of asking for specific logo, we could ask for different > details, such as the thickness (small, medium, large, Huge) of the > lambda, or the ending > (round like the old one, surround-circle, surround-hex, > surround-tangent), and the space between the lambda (no space, tiny, > huge), the color of the lambda (uniform, feature, half), and the the > shade and the colors. I get the logic behind this, but I don't think it's a good idea. Aspects of a logo are rarely independent. As a silly analogy, if half the respondents liked a "unicorn" logo and half liked a "whale" logo, this sort of process might produce a narwhal - which nobody actually wanted. If you had everyone in a room, and you could iterate on this process, I think it might work. But in an open-source project you'd probably have to do it with a series of polls or something, and I suspect people would fatigue easily and not bother seeing it through. I'm certainly happy to hold off on the poll, and let interested parties (perhaps yourself) submit additional variants for consideration. If you're interested in this, the variants for this poll all came from the "logo-poll.svg" in my repo. But I think the community should be given the choice between a few promising candidates, rather than creating a "build-your-own-nixos-logo" construction kit and trying to figure out how to converge the results back into a single coherent logo. Cheers, - Tim. > On Fri, Sep 11, 2015 at 4:14 PM, Tim Cuthbertson wrote: >> I've now updated this form with the remaining options, so I think it >> is nearly ready to go. >> >> I'll let it stew for a few days in case anyone has suggestions for >> improvement before we start collecting results, but does anyone know >> who we'd talk to to get a link somewhere official (twitter / planet / >> etc)? >> >> On Fri, Sep 11, 2015 at 9:03 PM, Oliver Charles >> wrote: >>> On Thu, Sep 10, 2015 at 1:35 PM Tim Cuthbertson wrote: If nobody authoritative wants to set up a poll, I can certainly do one :) I'm a little bit busy at the moment, but as long as we're not in a hurry... To prevent overwhelming people with options, and after letting these stew for a little while, I'd be happy to limit choices to: * shapes: just circle and hex. I think circle is strictly better than "straight", and I think "slant" is too disorganised / unclean to be a winner. * colours: "feature" and "half". The plain versions are probably too boring to bother with. So that only leaves 4 proposals, across those two axis. I can include more if people think it's worth it, but I don't want to overwhelm. I've made a start here: https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform >>> >>> >>> Looks like a step in the right direction! I can't think of anything else I'd >>> add. >> ___ >> nix-dev mailing list >> nix-dev@lists.science.uu.nl >> http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > > -- > Nicolas Pierron > http://www.linkedin.com/in/nicolasbpierron - http://nbp.name/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Logo improvement ideas
On Sat, Sep 12, 2015 at 2:10 AM, Daniel Peebles wrote: > Does anyone feel like the S in the NixOS typeface in the new logos is too > narrow? I love the new graphical logo proposals, but the typeface bothers me > a little. Ahh yes, I meant to mention that - I don't really care about the typeface much (well I care, but the existing one looks fine to me). But I don't have it installed. According to the current logo svg, it's "Myriad Web", which comes with various Adobe products (Photoshop, Illustrator, etc). Since I'm using Linux/Inkscape, I don't have access to it, and haven't seen any legal way of getting / using it outside of purchasing Adobe CS. It apparently comes with acrobat reader, but that license does _not_ cover use outside of reader. Or so I read on the internet somewhere ;) So it may be legally OK for someone who has bought Adobe CS to render out the logo with the "Myriad Pro" font. But I can't do it, and being an open-source project, it's probably a better idea to opt for a more openly available font. So, yeah.. I don't have any motivation to change the font for aesthetic reasons, only for practical reasons. > On Fri, Sep 11, 2015 at 10:14 AM, Tim Cuthbertson wrote: >> >> I've now updated this form with the remaining options, so I think it >> is nearly ready to go. >> >> I'll let it stew for a few days in case anyone has suggestions for >> improvement before we start collecting results, but does anyone know >> who we'd talk to to get a link somewhere official (twitter / planet / >> etc)? >> >> On Fri, Sep 11, 2015 at 9:03 PM, Oliver Charles >> wrote: >> > On Thu, Sep 10, 2015 at 1:35 PM Tim Cuthbertson wrote: >> >> >> >> If nobody authoritative wants to set up a poll, I can certainly do one >> >> :) >> >> I'm a little bit busy at the moment, but as long as we're not in a >> >> hurry... >> >> >> >> To prevent overwhelming people with options, and after letting these >> >> stew for a little while, I'd be happy to limit choices to: >> >> >> >> * shapes: just circle and hex. I think circle is strictly better than >> >> "straight", and I think "slant" is too disorganised / unclean to be a >> >> winner. >> >> >> >> * colours: "feature" and "half". The plain versions are probably too >> >> boring to bother with. >> >> >> >> So that only leaves 4 proposals, across those two axis. I can include >> >> more if people think it's worth it, but I don't want to overwhelm. >> >> >> >> I've made a start here: >> >> >> >> >> >> >> >> https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform >> > >> > >> > Looks like a step in the right direction! I can't think of anything else >> > I'd >> > add. >> ___ >> nix-dev mailing list >> nix-dev@lists.science.uu.nl >> http://lists.science.uu.nl/mailman/listinfo/nix-dev > > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Pkgs with unstable links
Hi, > I would like to ask if we can create repo on github (nixos/foobar) > and upload there such pkgs? Or even are there some free fileservers > where we can store such things? That's a pretty tedious problem and > indeed we need to solve it. And while we're at it, we should also mirror all of rPackages somewhere, because these people frequently modify their release archives in-place, breaking hundreds of our builds in the process. :-( Peter ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Pkgs with unstable links
Hello, nixers! There are several pkgs in nixpkgs that have links with dynamic content. For example "teamviewer10" or "google-music". If developers update their product, link won't change but hashsum will be different. And we will need to catch new version and push changes to master asap. So I would like to ask if we can create repo on github (nixos/foobar) and upload there such pkgs? Or even are there some free fileservers where we can store such things? That's a pretty tedious problem and indeed we need to solve it. -- Sincerely, Arseniy Seroka ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Nix on Windows
I don't use Nix on Windows but wanted to say the technical report was very interesting! One thing that stood out was that using bash was much slower than using sed, is that change now on Linux as well? Just wondering... Wout. On Tue, Sep 8, 2015 at 1:15 PM Florian Friesdorf wrote: > > Hi, > > We got around to publish the technical report we were preparing as part > of our work on porting nix and nixpkgs to cywin: > > http://ternaris.com/lab/nix-on-windows.html > > As a next task https://nixos.org/wiki/Nix_on_Windows should probably be > updated based on this. > > Is anybody using Nix on cygwin and could help with that? > > -- > Florian Friesdorf > GPG FPR: 7A13 5EEE 1421 9FC2 108D BAAF 38F8 99A3 0C45 F083 > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > -- Wout. (typed on mobile, excuse terseness) ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] syncthing vs. restructured go packages
Everything should be correct now. On Mon, Sep 7, 2015, 23:58 William Kennington wrote: > This should all be doable. I'll take a look in the morning. > > On Mon, Sep 7, 2015, 23:40 Christian Theune wrote: > >> Hi, >> >> the recent refactoring broke syncthing. >> >> a) it’s back to using go 1.5, whereas official syncthing prefers go 1.4 >> at the moment. They reverted their official builds when they noticed >> breakage after accidentally switching to 1.5 in a recent release. >> >> b) something is meddling with the version string. the buildFromGithub in >> go-packages.nix ends up cutting off the last digit in the version number. >> Instead of v0.11.24 (when I tried to update it) it says its going to >> install “go1.5-syncthing-v.0.11.2”. >> >> Help? >> >> Christian >> >> — >> Christian Theune · c...@flyingcircus.io · +49 345 219401 0 >> Flying Circus Internet Operations GmbH · http://flyingcircus.io >> Forsterstraße 29 · 06112 Halle (Saale) · Deutschland >> HR Stendal HRB 21169 · Geschäftsführer: Christian. Theune, Christian. >> Zagrodnick >> >> ___ >> nix-dev mailing list >> nix-dev@lists.science.uu.nl >> http://lists.science.uu.nl/mailman/listinfo/nix-dev >> > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Logo improvement ideas
Instead of giving 4 choices for each logo, you should ask to rank the logo. Also, I would love to have more choices. For example, I think the hex logo would be nicer with the weight of the straight lambda. Maybe instead of asking for specific logo, we could ask for different details, such as the thickness (small, medium, large, Huge) of the lambda, or the ending (round like the old one, surround-circle, surround-hex, surround-tangent), and the space between the lambda (no space, tiny, huge), the color of the lambda (uniform, feature, half), and the the shade and the colors. On Fri, Sep 11, 2015 at 4:14 PM, Tim Cuthbertson wrote: > I've now updated this form with the remaining options, so I think it > is nearly ready to go. > > I'll let it stew for a few days in case anyone has suggestions for > improvement before we start collecting results, but does anyone know > who we'd talk to to get a link somewhere official (twitter / planet / > etc)? > > On Fri, Sep 11, 2015 at 9:03 PM, Oliver Charles wrote: >> On Thu, Sep 10, 2015 at 1:35 PM Tim Cuthbertson wrote: >>> >>> If nobody authoritative wants to set up a poll, I can certainly do one :) >>> I'm a little bit busy at the moment, but as long as we're not in a >>> hurry... >>> >>> To prevent overwhelming people with options, and after letting these >>> stew for a little while, I'd be happy to limit choices to: >>> >>> * shapes: just circle and hex. I think circle is strictly better than >>> "straight", and I think "slant" is too disorganised / unclean to be a >>> winner. >>> >>> * colours: "feature" and "half". The plain versions are probably too >>> boring to bother with. >>> >>> So that only leaves 4 proposals, across those two axis. I can include >>> more if people think it's worth it, but I don't want to overwhelm. >>> >>> I've made a start here: >>> >>> >>> https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform >> >> >> Looks like a step in the right direction! I can't think of anything else I'd >> add. > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev -- Nicolas Pierron http://www.linkedin.com/in/nicolasbpierron - http://nbp.name/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
2015-09-11 19:03 GMT+01:00 Tuomas Tynkkynen :
> 2015-09-11 15:05 GMT+03:00 Tomasz Czyż :
> >
>
> >
> > Mhm, that's definitely not cool. I thought it will appear only inside
> initrd
> > image :[
>
> A copy of the initrd is always kept in /nix/store, but also the .drv file
> and
> potentially any generated scripts (for building the initrd) might
> contain the key.
>
> > Do you think is there any other way to put this key in initrd?
>
> GRUB supports loading multiple initrd images at once. For example,
> on Arch Linux the generated grub.cfg contains this:
>
> menuentry 'Arch Linux' --class arch --class gnu-linux /* etc. */ {
> # ...
> initrd /boot/intel-ucode.img /boot/initramfs-linux.img
> }
>
> So one approach would be to create a initrd with just the keyfile
> (outside Nix), place it on the /boot partition, and then somehow
> make the grub.cfg generator emit the proper initrd line(s).
>
wow, I was not aware that stuff is even possible. I have to read more about
how to access stuff from the other initrd.
Btw, I search through /nix/store and the key copied with "echp ${key} >
/key" is not there, so probably it's only inside a script, which is still
bad.
Thanks a lot.
Tom
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
2015-09-11 15:05 GMT+03:00 Tomasz Czyż :
>
>
> Mhm, that's definitely not cool. I thought it will appear only inside initrd
> image :[
A copy of the initrd is always kept in /nix/store, but also the .drv file and
potentially any generated scripts (for building the initrd) might
contain the key.
> Do you think is there any other way to put this key in initrd?
GRUB supports loading multiple initrd images at once. For example,
on Arch Linux the generated grub.cfg contains this:
menuentry 'Arch Linux' --class arch --class gnu-linux /* etc. */ {
# ...
initrd /boot/intel-ucode.img /boot/initramfs-linux.img
}
So one approach would be to create a initrd with just the keyfile
(outside Nix), place it on the /boot partition, and then somehow
make the grub.cfg generator emit the proper initrd line(s).
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Logo improvement ideas
Does anyone feel like the S in the NixOS typeface in the new logos is too narrow? I love the new graphical logo proposals, but the typeface bothers me a little. On Fri, Sep 11, 2015 at 10:14 AM, Tim Cuthbertson wrote: > I've now updated this form with the remaining options, so I think it > is nearly ready to go. > > I'll let it stew for a few days in case anyone has suggestions for > improvement before we start collecting results, but does anyone know > who we'd talk to to get a link somewhere official (twitter / planet / > etc)? > > On Fri, Sep 11, 2015 at 9:03 PM, Oliver Charles > wrote: > > On Thu, Sep 10, 2015 at 1:35 PM Tim Cuthbertson wrote: > >> > >> If nobody authoritative wants to set up a poll, I can certainly do one > :) > >> I'm a little bit busy at the moment, but as long as we're not in a > >> hurry... > >> > >> To prevent overwhelming people with options, and after letting these > >> stew for a little while, I'd be happy to limit choices to: > >> > >> * shapes: just circle and hex. I think circle is strictly better than > >> "straight", and I think "slant" is too disorganised / unclean to be a > >> winner. > >> > >> * colours: "feature" and "half". The plain versions are probably too > >> boring to bother with. > >> > >> So that only leaves 4 proposals, across those two axis. I can include > >> more if people think it's worth it, but I don't want to overwhelm. > >> > >> I've made a start here: > >> > >> > >> > https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform > > > > > > Looks like a step in the right direction! I can't think of anything else > I'd > > add. > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Using binary caches with Nixops
Thanks -- I had tried just --option binary-caches .. and it didn't seem to be working. I'm trying out nixops for deploying build environments (and so far it's working really well). I am trying to keep the build time as short as possible for clients. Binary cache seems to be one way to do that. Thanks again for your answer! best --Michael. On Fri, Sep 11, 2015, at 02:05 AM, Rob Vermaas wrote: > Hi Michael, > > You can add your cache to binary-caches in your nix.conf, or you can > pass '--option extra-binary-caches ' to nixops deploy. > > Cheers, > Rob > > On Thu, Sep 10, 2015 at 9:55 PM, M. P. Ashton wrote: > > What is the right way to make Nixops use an alternative binary cache to > > build virtual machines -- something other than https://cache.nixos.org/? > > > > Thanks in advance! --Michael > > ___ > > nix-dev mailing list > > nix-dev@lists.science.uu.nl > > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > > -- > Rob Vermaas > > [email] rob.verm...@gmail.com > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
Thanks for all the tips Bryan.
2015-09-11 16:02 GMT+01:00 Bryan Gardiner :
> On Fri, Sep 11, 2015 at 03:39:34PM +0100, Tomasz Czyż wrote:
> > 2015-09-11 15:31 GMT+01:00 Bryan Gardiner :
> >
> > > On Fri, Sep 11, 2015 at 01:05:36PM +0100, Tomasz Czyż wrote:
> > > > 2015-09-11 13:01 GMT+01:00 Tuomas Tynkkynen >:
> > > >
> > > > > (Argh, replying to the list this time...)
> > > > >
> > > > > 2015-09-09 9:03 GMT+03:00 Bryan Gardiner :
> > > > > > On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> > > > > [...]
> > > > > >
> > > > > > How about doing something like:
> > > > > >
> > > > > > preLVMCommands =
> > > > > > let key = builtins.readFile ./keyfile; in
> > > > > > "echo '${key}' >/key"
> > > > > >
> > > > >
> > > > > Do note that by doing this, the key will get embedded somewhere in
> > > > > /nix/store, with world-readable unix permissions.
> > > >
> > > > Mhm, that's definitely not cool. I thought it will appear only inside
> > > > initrd image :[
> > > > Do you think is there any other way to put this key in initrd?
> > >
> > > If you don't want it in plain text, you could compress or obfuscate it
> > > by any means, then reverse that in the initrd... The
> > > extraUtilsCommands method will certainly result in "not simply plain
> > > text." Though this is security by obscurity, and I don't know a quick
> > > way to truly secure it without having to enter your password an extra
> > > time. Nix doesn't support non-world-readable data in the store.
> > >
> > Thanks for explenation.
> >
> > >
> > > Can Grub pass its unlock password to the initrd? If so, you could
> > > decrypt the keyfile with that, and only put an encrypted keyfile in
> > > the store.
> > >
> > Not really, that's why I want to put key inside initrd. Otherwise I could
> > decrypt partitions with the pass from grub.
> >
> > >
> > > Or maybe you could restrict non-root users from accessing the initrds
> > > in the store via grsec or apparmor.
> > >
> > Mhm, I see.
> > What about putting something into initrd but not adding it to nixstore?
> > Do you think is there any initrd hook I can use to add stuff?
>
> That could work, if you find how the initrd is copied over. Grub
> manages to make /boot/grub have 700 permissions, so if you extract +
> insert + rebuild the initrd during its installation, and make
> /boot/kernels 700 as well? In my readings of nixpkgs/nixos, I haven't
> gotten to the bottom of the rabbit hole and found out how nixos
> modules *actually* have an effect on the world yet :).
>
> Cheers,
> Bryan
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
--
Tomasz Czyż
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
On Fri, Sep 11, 2015 at 03:39:34PM +0100, Tomasz Czyż wrote:
> 2015-09-11 15:31 GMT+01:00 Bryan Gardiner :
>
> > On Fri, Sep 11, 2015 at 01:05:36PM +0100, Tomasz Czyż wrote:
> > > 2015-09-11 13:01 GMT+01:00 Tuomas Tynkkynen :
> > >
> > > > (Argh, replying to the list this time...)
> > > >
> > > > 2015-09-09 9:03 GMT+03:00 Bryan Gardiner :
> > > > > On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> > > > [...]
> > > > >
> > > > > How about doing something like:
> > > > >
> > > > > preLVMCommands =
> > > > > let key = builtins.readFile ./keyfile; in
> > > > > "echo '${key}' >/key"
> > > > >
> > > >
> > > > Do note that by doing this, the key will get embedded somewhere in
> > > > /nix/store, with world-readable unix permissions.
> > >
> > > Mhm, that's definitely not cool. I thought it will appear only inside
> > > initrd image :[
> > > Do you think is there any other way to put this key in initrd?
> >
> > If you don't want it in plain text, you could compress or obfuscate it
> > by any means, then reverse that in the initrd... The
> > extraUtilsCommands method will certainly result in "not simply plain
> > text." Though this is security by obscurity, and I don't know a quick
> > way to truly secure it without having to enter your password an extra
> > time. Nix doesn't support non-world-readable data in the store.
> >
> Thanks for explenation.
>
> >
> > Can Grub pass its unlock password to the initrd? If so, you could
> > decrypt the keyfile with that, and only put an encrypted keyfile in
> > the store.
> >
> Not really, that's why I want to put key inside initrd. Otherwise I could
> decrypt partitions with the pass from grub.
>
> >
> > Or maybe you could restrict non-root users from accessing the initrds
> > in the store via grsec or apparmor.
> >
> Mhm, I see.
> What about putting something into initrd but not adding it to nixstore?
> Do you think is there any initrd hook I can use to add stuff?
That could work, if you find how the initrd is copied over. Grub
manages to make /boot/grub have 700 permissions, so if you extract +
insert + rebuild the initrd during its installation, and make
/boot/kernels 700 as well? In my readings of nixpkgs/nixos, I haven't
gotten to the bottom of the rabbit hole and found out how nixos
modules *actually* have an effect on the world yet :).
Cheers,
Bryan
pgpKBcKw7T2f3.pgp
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
2015-09-11 15:31 GMT+01:00 Bryan Gardiner :
> On Fri, Sep 11, 2015 at 01:05:36PM +0100, Tomasz Czyż wrote:
> > 2015-09-11 13:01 GMT+01:00 Tuomas Tynkkynen :
> >
> > > (Argh, replying to the list this time...)
> > >
> > > 2015-09-09 9:03 GMT+03:00 Bryan Gardiner :
> > > > On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> > > [...]
> > > >
> > > > How about doing something like:
> > > >
> > > > preLVMCommands =
> > > > let key = builtins.readFile ./keyfile; in
> > > > "echo '${key}' >/key"
> > > >
> > >
> > > Do note that by doing this, the key will get embedded somewhere in
> > > /nix/store, with world-readable unix permissions.
> >
> > Mhm, that's definitely not cool. I thought it will appear only inside
> > initrd image :[
> > Do you think is there any other way to put this key in initrd?
>
> If you don't want it in plain text, you could compress or obfuscate it
> by any means, then reverse that in the initrd... The
> extraUtilsCommands method will certainly result in "not simply plain
> text." Though this is security by obscurity, and I don't know a quick
> way to truly secure it without having to enter your password an extra
> time. Nix doesn't support non-world-readable data in the store.
>
Thanks for explenation.
>
> Can Grub pass its unlock password to the initrd? If so, you could
> decrypt the keyfile with that, and only put an encrypted keyfile in
> the store.
>
Not really, that's why I want to put key inside initrd. Otherwise I could
decrypt partitions with the pass from grub.
>
> Or maybe you could restrict non-root users from accessing the initrds
> in the store via grsec or apparmor.
>
Mhm, I see.
What about putting something into initrd but not adding it to nixstore?
Do you think is there any initrd hook I can use to add stuff?
Tom
>
> Cheers,
> Bryan
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
--
Tomasz Czyż
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
On Fri, Sep 11, 2015 at 01:05:36PM +0100, Tomasz Czyż wrote:
> 2015-09-11 13:01 GMT+01:00 Tuomas Tynkkynen :
>
> > (Argh, replying to the list this time...)
> >
> > 2015-09-09 9:03 GMT+03:00 Bryan Gardiner :
> > > On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> > [...]
> > >
> > > How about doing something like:
> > >
> > > preLVMCommands =
> > > let key = builtins.readFile ./keyfile; in
> > > "echo '${key}' >/key"
> > >
> >
> > Do note that by doing this, the key will get embedded somewhere in
> > /nix/store, with world-readable unix permissions.
>
> Mhm, that's definitely not cool. I thought it will appear only inside
> initrd image :[
> Do you think is there any other way to put this key in initrd?
If you don't want it in plain text, you could compress or obfuscate it
by any means, then reverse that in the initrd... The
extraUtilsCommands method will certainly result in "not simply plain
text." Though this is security by obscurity, and I don't know a quick
way to truly secure it without having to enter your password an extra
time. Nix doesn't support non-world-readable data in the store.
Can Grub pass its unlock password to the initrd? If so, you could
decrypt the keyfile with that, and only put an encrypted keyfile in
the store.
Or maybe you could restrict non-root users from accessing the initrds
in the store via grsec or apparmor.
Cheers,
Bryan
pgpJfPUIow3dc.pgp
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Logo improvement ideas
I've now updated this form with the remaining options, so I think it is nearly ready to go. I'll let it stew for a few days in case anyone has suggestions for improvement before we start collecting results, but does anyone know who we'd talk to to get a link somewhere official (twitter / planet / etc)? On Fri, Sep 11, 2015 at 9:03 PM, Oliver Charles wrote: > On Thu, Sep 10, 2015 at 1:35 PM Tim Cuthbertson wrote: >> >> If nobody authoritative wants to set up a poll, I can certainly do one :) >> I'm a little bit busy at the moment, but as long as we're not in a >> hurry... >> >> To prevent overwhelming people with options, and after letting these >> stew for a little while, I'd be happy to limit choices to: >> >> * shapes: just circle and hex. I think circle is strictly better than >> "straight", and I think "slant" is too disorganised / unclean to be a >> winner. >> >> * colours: "feature" and "half". The plain versions are probably too >> boring to bother with. >> >> So that only leaves 4 proposals, across those two axis. I can include >> more if people think it's worth it, but I don't want to overwhelm. >> >> I've made a start here: >> >> >> https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform > > > Looks like a step in the right direction! I can't think of anything else I'd > add. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Logo improvement ideas
On 10-09-2015 22:34:35, Tim Cuthbertson wrote: > > I've made a start here: > > https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform > > Is it OK to require a google login? I'm assuming everyone has access > to one, and it'd prevent the laziest attempts at skewing the results. > No. I don't have a google login and we really shouldn't assume everyone has one. Though I cannot provide an alternative, sorry. -- Mit freundlichen Grüßen, Kind regards, Matthias Beyer Proudly sent with mutt. Happily signed with gnupg. pgpvdTf9tPBll.pgp Description: PGP signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Problem when running some JVM librairies under NixOS
Thanks Daniel, All! That was the issue indeed, I was able to configure my project to use my local installation and by doing that avoid getting binaries embedde in jar files... Cheers On 28 August 2015 at 14:58, Daniel Peebles wrote: > Yeah, I'm pretty sure the dynamic linker is the issue here. Alois, you'll > probably have to unpack the jar, patchelf it to point at the proper one, > and then repack the jar. Or just have it the whole thing depend explicitly > on a proper Nix store path :) > > On Fri, Aug 28, 2015 at 8:47 AM, wrote: > >> On Friday, August 28, 2015 14:26:22 Alois Cochard wrote: >> >> > I have just migrated my development workstation from ArchLinux to NixOS, >> >> > and I'm facing a small issues when developing my JVM applications. >> >> > >> >> > The problem manifest itself with two libraries (embedded mongodb, and >> >> > embedded protobuf compiler) which have in common one thing: >> >> > - They extract some file in the `/tmp` folder and start an executable >> from >> >> > the extracted files >> >> > >> >> > I won't show the detail of the exception here, but basically it seems >> like >> >> > the files get deleted (file not found) before being able to start the >> >> > external process. >> >> > >> >> > Everything was working fine on my previous distribution, and I'm trying >> to >> >> > understand what could trigger the problem? Is there anything specific >> when >> >> > it comes to dealing with the `/tmp` directory in Nix? >> >> >> >> /tmp is one of the few things we're yet to lay our hands on, so it works >> just like in any other distro. The most likely reason is you misunderstood >> the error message or the error message is broken. For example, when an >> executable file has a broken dynamic loader link, you get a weird "not >> found message" when the file you're executing actually exists. >> >> >> >> ___ >> nix-dev mailing list >> nix-dev@lists.science.uu.nl >> http://lists.science.uu.nl/mailman/listinfo/nix-dev >> >> > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > -- *Λ\ois* http://twitter.com/aloiscochard http://github.com/aloiscochard ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
2015-09-11 13:01 GMT+01:00 Tuomas Tynkkynen :
> (Argh, replying to the list this time...)
>
> 2015-09-09 9:03 GMT+03:00 Bryan Gardiner :
> > On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
> [...]
> >
> > How about doing something like:
> >
> > preLVMCommands =
> > let key = builtins.readFile ./keyfile; in
> > "echo '${key}' >/key"
> >
>
> Do note that by doing this, the key will get embedded somewhere in
> /nix/store, with world-readable unix permissions.
>
Mhm, that's definitely not cool. I thought it will appear only inside
initrd image :[
Do you think is there any other way to put this key in initrd?
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
--
Tomasz Czyż
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
(Argh, replying to the list this time...)
2015-09-09 9:03 GMT+03:00 Bryan Gardiner :
> On Tue, Sep 08, 2015 at 08:09:16PM +0100, Tomasz Czyż wrote:
[...]
>
> How about doing something like:
>
> preLVMCommands =
> let key = builtins.readFile ./keyfile; in
> "echo '${key}' >/key"
>
Do note that by doing this, the key will get embedded somewhere in
/nix/store, with world-readable unix permissions.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Logo improvement ideas
On Thu, Sep 10, 2015 at 1:35 PM Tim Cuthbertson wrote: > If nobody authoritative wants to set up a poll, I can certainly do one :) > I'm a little bit busy at the moment, but as long as we're not in a hurry... > > To prevent overwhelming people with options, and after letting these > stew for a little while, I'd be happy to limit choices to: > > * shapes: just circle and hex. I think circle is strictly better than > "straight", and I think "slant" is too disorganised / unclean to be a > winner. > > * colours: "feature" and "half". The plain versions are probably too > boring to bother with. > > So that only leaves 4 proposals, across those two axis. I can include > more if people think it's worth it, but I don't want to overwhelm. > > I've made a start here: > > > https://docs.google.com/forms/d/1oMKuPCIz5bmUokrN6mllYpIDH7cmVQTzuZAcUdGH1HM/viewform Looks like a step in the right direction! I can't think of anything else I'd add. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How do I install nslookup?
On 09/10/2015 01:36 PM, Yasuaki Kudo wrote:
> [yasu@nixos:~]$ command-not-found DBI
> connect('dbname=/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite','',...)
> failed: unable to open database file at
> /run/current-system/sw/bin/command-not-found line 12. cannot open
> database
> `/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite'
> at /run/current-system/sw/bin/command-not-found line 12.
>
> Some articles on the Internet suggests I need to add the unstable
> channel.
>
> Do i really need to do this? I would rather not have anyting
> unstable because I am just a beginner...
Yes, you need to add a(ny) channel and update it, as root. That should
get the database of executables for the channel.
Vladimir
smime.p7s
Description: S/MIME Cryptographic Signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add file to initrd?
No problem Bryan, I actually did mean to reply on-list! On Thu, Sep 10, 2015 at 01:58:05PM -0700, Bryan Gardiner wrote: > On Thu, Sep 10, 2015 at 09:22:13PM +0100, Tomasz Czyż wrote: > > I have a problem with this method as you cannot copy the file outside > > extras tree. > > > > I used: > > > >''cp /my.key $out/key" - the final file is in /nix/store/X/here > > (hard to access, if hash will change this stuff stop work. > > > >"cp /my.key $out/../../key" or "cp /my.key /key" doesn't work, > > permission error, so I cannot put key in the root of initrd. > > I don't have encrypted boot going myself... I'm passing on a reply I > got off-list from Leroy (bcc'ed, thanks, hope you don't mind), whose > config works using boot.initrd.extraUtilsCommands: > > On Wed, Sep 09, 2015 at 07:40:21PM +1200, Leroy Hopson wrote: > > Hi Bryan, > > > > I have a similar setup. I'm using `boot.initrd.extraUtilsCommands` as > > Evygeny suggested. > > > > Here is a link to the relevant section of my configuration: > > https://github.com/lihop/nixos/blob/7b1b0a7fd4396713573c35368791e32843feb957/devices/desktop.nix#L59-L72 > > > > Regards, > > Leroy > > He's putting the keyfile in the initrd's /bin, then I suspect that > $PATH is only "/bin" in his keyFile = ...; arguments. If that's the > case, then with your first cp command above, your keyfile should > simply be at "/key" in your initrd, no need to know the hash. > > Cheers, > Bryan > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Haskell: Stackage and Nix
Hi folks, > I am also interested in handling Stackage packages with NixOS. I created https://github.com/NixOS/cabal2nix/issues/205 to get that effort underway. Best regards, Peter ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Haskell: Stackage and Nix
Hi! I am also interested in handling Stackage packages with NixOS. I personally think that NixOS itself does all the things Stackage do and more. Unfortunately, I am to build several existing projects which use Stackage and not Nix. Nikita, are you going to patch Stack with patchelf or construct a chroot env instead? Regards, Sergey 2015-07-14 1:57 GMT+03:00 Nikita Karetnikov : > Is there a way to build packages from Stackage? It'd be cool to have a > separate namespace for that, so I could refer to a package as > stackagePackages.something. > > That's the only relevant post I've found: > http://article.gmane.org/gmane.linux.distributions.nixos/15724 > > But it seems to require a lot of work. > > For the record, I'm aware of Stack and trying it now, but it's also not > pleasant because you have to manage non-Haskell libs yourself. > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
