Re: [Nix-dev] Using a remote machine for builds with two NixOS machines.
Hi, On 30/09/15 21:31, rocon...@theorem.ca wrote: > I have a slow laptop that needs a custom kernel. It usually takes > overnight to recompile a kernel, so to combat this, I've recently set up > my laptop to use my desktop to perform builds. > > Since this process isn't so well documented, I though I would try to > make a record of what I did, or rather what I would do if I were doing > this again. I'll replace the contents of > https://nixos.org/wiki/Distributed_build with this, if there are no > complaints. > > > Step 1. Create and exchange signing keys. Creating signing keys is not necessary if you set nix.trustedUsers = [ "nixBuild" ]; on the build machine. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS-Wiki alternative. Was: What license does the content of the nixos wiki and the manuals have?
Hi, On 25/09/15 16:04, Matthias Beyer wrote: >> This is essentially how the NixOS homepage is built, i.e., a git repository + >> Template Toolkit + a makefile. And of course you can make pull requests on >> GitHub. But I wouldn't call that a wiki, since you can't easily edit it from >> a >> browser, or make it world-writable. But if we do want go that way, another >> possibility is GitHub Pages + Jekyll. > > github pages + jekyll is _exactly_ what I proposed. Ah sorry, I didn't read properly. >> The main advantage of using a GitHub wiki is that we then don't have to >> manage >> user accounts and deal with spammers. > > As we would use github for PR merging when using a static-site-wiki. So this > holds true for static pages as I proposed, too. Right. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] What license does the content of the nixos wiki and the manuals have?
Hi, On 25/09/15 12:50, Kirill Elagin wrote: > I’d like to also point out another problem. > In case some of contributors do not agree to the new terms, how are we going > to > delete their contributions? My understanding is that simply deleting the > content > in question from the page is not enough, it’s wiki actually. We’ll have to see > how, for example, Wikipedia deals with this kind of issues, I’m sure they > often > have to remove copyrighted content. You can always nuke a page along with history. However, an alternative to relicensing is to combine it with a move to a different Wiki, which many people have wanted in the past anyway. For instance, we could set up a GitHub wiki, and people could copy their own contributions to the new wiki. The new wiki should of course have a license from the start. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS-Wiki alternative. Was: What license does the content of the nixos wiki and the manuals have?
Hi, On 25/09/15 14:24, Matthias Beyer wrote: > So, an idea came up - why not using static pages for all of this? If you > want to do contributions via git, you can use github. If one want to > host it, one can use github pages and build it with travis-ci. These > things are documented and they _work_ for other people, so why not for > a wiki? > > To be able to build pages with travis-ci and github pages, one needs a > static site compiler. This is essentially how the NixOS homepage is built, i.e., a git repository + Template Toolkit + a makefile. And of course you can make pull requests on GitHub. But I wouldn't call that a wiki, since you can't easily edit it from a browser, or make it world-writable. But if we do want go that way, another possibility is GitHub Pages + Jekyll. The main advantage of using a GitHub wiki is that we then don't have to manage user accounts and deal with spammers. But as you say, the downside is that we can't customize much. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] What license does the content of the nixos wiki and the manuals have?
Hi, On 24/09/15 16:07, Matthias Beyer wrote: > I push this topic now, as I still have no answer on what license the > wiki contents have. I don't think the wiki currently has a license. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Providing Debian, Arch etc. packages counterproductive?
Hi, On 22/09/15 11:35, Thomas Hunger wrote: > I can think of two solutions 1) make the packages set up nix correctly so > nix-env is usable out of the box and 2) Remove all custom packages and tell > people to use the installer script. +1 on option 2. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Changing Nix expressions / Git branches during a build
Hi, On 07/09/15 18:13, Bryan Gardiner wrote: > I'm wondering if it's safe to take a single nixpkgs repository, kick > off a build (nix-build, nixos-rebuild, etc.), and then once packages > are compiling, to change Git branches, edit things, and build more > packages without affecting the existing build. Yes, that's completely safe. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Jar files
Hi, On 28/08/15 15:02, Daniel Peebles wrote: So is the solution to make our java packaging never produce any jars, and explicitly unpack any we encounter? The simple solution is to generate uncompressed JARs (jar -0). But that should be rarely needed since Java packages typically don't store paths to runtime dependencies (though putting the paths to JAR dependencies in JAR manifests would be a nice way to get RPATH-like behaviour!). -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] upgrade from hydra-0.1pre1863-fed1cc8 to hydra-0.1pre2039-b0c8eec on the hydra channel requires database changes?
Hi, On 17/08/15 04:52, Anthony Bucci wrote: I am using the hydra channel http://hydra.nixos.org/jobset/hydra/master/channel/latest, and have had hydra-0.1pre1863-fed1cc8 operating for a little bit now. Tonight I just updated that channel, and saw there was a new hydra version, hydra-0.1pre2039-b0c8eec. After installing this and attempting to run hydra-queue-runner, I was told there was a missing database table systemstatus. The web interface via hydra-server was virtually unusable, as it threw long DBI errors that I neglected to copy-paste before rolling back. Could somebody please direct me to some description of the database changes that must be made to successfully run hydra-0.1pre2039-b0c8eec? You should run `hydra-init`. That will upgrade the database schema. See also https://github.com/NixOS/hydra/commit/b0c8eecd3732c09563342a159d31e14cf9bee59e#commitcomment-12760249 for a description of recent changes. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Did services become pure?
Hi, On 14/08/15 15:30, Manuel Pages wrote: cat: /root/cron.conf: Permission denied Since 201f9beddbf5786262bcff11482f0aa30914bb34, files listed in services.cron.cronFiles must be readable at build time (they're no longer concatenated at startup time). The reason was that doing the concatenation at startup time was kind of silly, because if you want that kind of non-declarative behaviour, you can just use /var/cron/tabs/root. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Some beginner Nix/nixpkgs questions
Hi, On 05/08/15 12:33, Alex Dean wrote: On 1 - We prefer having only the latest version when possible.. I don't think I understand this. If I am using Packer to build an Amazon AMI and install Kafka via Nix, then all it takes is a single commit to Nixpkgs for me to end up with a different Kafka version on an image built on Tuesday to an image built on Monday. I understand the concept of always deploy the latest XXX available, but the presumption of it is unworkable from a devops perspective. To get reproducible deployments, you wouldn't use the latest version of Nixpkgs, but a specific version. For example, $ nix-env -f https://github.com/NixOS/nixpkgs/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz -iA hello installs GNU Hello from Nixpkgs revision 8a3eea05. So that will always give you the same version of Hello. To add your own packages or versions of packages missing in Nixpkgs, you *can* create a private branch of Nixpkgs. But another way is to write a Nix expression for your packages that builds upon Nixpkgs. For example: with import (fetchTarball https://github.com/NixOS/nixpkgs/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz) {}; pkgs // { oldHello = stdenv.mkDerivation { name = hello-2.6; src = fetchurl { url = http://ftp.gnu.org/gnu/hello/hello-2.6.tar.xz; sha256 = 1f4901a723gg876c50f0siiq1ki4ls0xl7ngi2dh4dm4h3idygbl; }; }; } Now nix-env -f expr.nix -iA oldHello will install hello 2.6, while nix-env -f expr.nix -iA hello will install 2.9. Regarding *why* Nixpkgs generally only contains one version of a package: this is for maintainability (e.g. it would be bad if we had to backport a security fix to dozens of old versions of a package) and cost (it wouldn't be feasible for our continuous build system to create binaries for all those old versions). 3. How do I operate a private repository of packages? This would be done by distributing the Nix expressions for your packages to the machines via whatever means you like (Git, rsync, ...), and setting up a binary cache to ensure that machines don't have to build those packages from source. One way is to build the packages on a central machine and run nix-serve to make its Nix store available to the other machines via HTTP. See http://nixos.org/nix/manual/#ssec-binary-cache-substituter for details. Another method is to use nix-push to create a binary cache that can be served statically. See http://nixos.org/nix/manual/#sec-nix-push for examples. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Hydra seems to be down
Hi, On 02/08/15 16:22, Rob Vermaas wrote: indeed, the frontend and database machine went offline, however we only have access to the machine on Monday. Will let you know when we get it back up. Hydra is back up. However, due to a recent Hydra bug, the Nix store on hydra.nixos.org contains a few packages with incomplete references info (i.e. nix-store -qR for some paths does not show all dependencies). This shows up as builds failing with build input path does not exist. This problem should correct itself after the next staging merge. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] release-15.07
Hi, On 25/07/15 14:56, Vladimír Čunát wrote: On 07/25/2015 02:25 PM, Eelco Dolstra wrote: On 25/07/15 13:36, Vladimír Čunát wrote: What about branching off release-15.07? No, there are still a number of blockers: https://github.com/NixOS/nixpkgs/milestones/15.07 The only remaining blocker is now the closure size increase: https://github.com/NixOS/nixpkgs/issues/8990 There are some pending fixes for this issue in the staging branch. So once those are merged, we should be able to branch 15.07. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Tex rebuild after unstable update
Hi, On 27/07/15 13:50, Matthias Beyer wrote: I had two nixos-unstable updates in the last two days and both times I had to rebuild tex from source. Any hints where to start investigation on this? If you mean TeXlive: it's not built by Hydra anymore due to its size (https://github.com/NixOS/nixpkgs/commit/7f54f99656de36558a6ca7d78f7e42411aa2163c). -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Tex rebuild after unstable update
Hi, On 27/07/15 15:16, Matthias Beyer wrote: oh, that's sad. Can I somehow pin the local package to a specific commit in the nixpkgs tree? You can probably do something like (untested): environment.systemPackages = [ (import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/3b8e2f7e7a69a3a53a0cb8029973055763b6e309.tar.gz) {}).texlive ]; You can also install texlive using nix-env - that way it won't be updated along with the rest of the system. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] release-15.07
Hi, On 25/07/15 13:36, Vladimír Čunát wrote: Hello Nix(OS)ers! On 05/18/2015 11:54 AM, Domen Kožar wrote: I plan to branch-off release-15.06 on 1st of June. Then we have a month for testing it out. What about branching off release-15.07? No, there are still a number of blockers: https://github.com/NixOS/nixpkgs/milestones/15.07 Also, I just tried booting the 15.07 ISO and it hung. I'll need to investigate a bit further. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Automount for usb thumb drives / other external drives
Hi, On 15/07/15 23:22, Paul Koerbitz wrote: I would like to automatically mount usb sticks that I plug into my laptop. I haven't been able to figure out how to do this in NixOS, what's the easiest option? The standard mechanism used for dealing with removable media is udisks, used by desktop environments like KDE and Xfce to allow non-root users to mount disks. It can also be used from the command-line, e.g. $ udisksctl mount -b /dev/sdb1 Mounted /dev/sdb1 at /run/media/eelco/USBSTICK. Udisks doesn't mount disks automatically on insertion, but this could be done by having a script that listens for the D-Bus messages sent by udisks and then asks udisks to do the mount. In fact, there already is a package that does this: https://github.com/fernandotcl/udisks-glue but it's not in Nixpkgs yet. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] hydra-init
Hi, On 11/07/15 19:15, stewart mackenzie wrote: So I deleted /var/db/postgresql and /var/lib/hydra then following the section Letting nix handle the git repository of this tutorial: https://nixos.org/wiki/Installing_hydra_as_nixos_module then # su hydra Try su - hydra. Otherwise $PERL5LIB will be wrong. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Garbled man pages/incomplete environment
Hi, On 04/07/15 18:24, Jeffrey David Johnson wrote: Man pages are hard to read because they're full of control characters. For example: NIXOS-REBUILD(8) NixOS Reference Pages NIXOS-REBUILD(8) ESC[1mNAMEESC[0m This can be a symptom of $PAGER not being set to less -R. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] --ignore-liveness when nix-store --delete'ing
Hi, On 02/07/15 17:12, stewart mackenzie wrote: Please do not run this command: nix-store --delete --ignore-liveness /nix/store/hash-gnutar-version I have exactly this issue: http://pastebin.com/z5k8bxWQ and wanted to selectively delete the troublesome gnutar package. The above command completely and utterly borked my system. It started deleteing my entire environment, I was left with a terminal that didn't understand 'ls' or and other command, though I could change directory. I could not run any nix* command. Ah! No problem! I thought, I'll just restart into another generation. So grateful manner I say: Thank you dearly for such a well designed system. These generations are insanely great. So ... is this --ignore-liveness expected behaviour? Sort of. nix-store --delete PATH will delete paths that refer to PATH, provided that those paths are themselves garbage, in order to make PATH deletable. But if you pass --ignore-liveness, the referrer closure will be deleted unconditionally. However, I do notice that the nix-store manpage incorrectly states that the existence of referring paths will prevent deletion. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [PATCH] Preserve supplementary groups of build users
Hi Ludo, On 01/07/15 11:12, Ludovic Courtès wrote: Currently, the build environment made by the daemon does not preserve supplementary groups of the build users. Thus, even though the standalone Guix system sets /dev/kvm 660, owned by root:kvm, and adds the build users to the kvm group, build users are unable to access it. The following patch is an attempt to address this bug (see http://bugs.gnu.org/18994) by preserving the supplementary groups of build users in the build environment. In practice, I would expect that supplementary groups would contain only one or two groups: the build users group, and possibly the “kvm” group. Applied, thanks! -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [PATCH] Distinguish between “offloadability” and “substitutability”
Hi, On 01/07/15 17:21, Ludovic Courtès wrote: Nix commit 55586527 (June 2013) changed the semantics of ‘preferLocalBuild’ from “avoid offloading this derivation” to “avoid offloading *or substituting* this derivation” (see http://bugs.gnu.org/18747.) This patch introduces a new special key, ‘substitution’, to specify whether a derivation should be substituted. ‘preferLocalBuild’ is kept, but its initial semantics is restored. Have you seen https://github.com/NixOS/nix/commit/b64988bb3585478676585a0f0aecbcf4e11d4432, which essentially does the same thing? -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] multi-user.target must not be After network.target
Hi, On 30/06/15 18:02, Luca Bruno wrote: The multi-user.target must be kept slim, network should not be a prerequisite. +1 on removing. This dependency was apparently added without much thought here: https://github.com/NixOS/nixpkgs/commit/d18c2afc6fa6076274aa8334f8b58e1f4e1cdc8a -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.15' not found trying to install on RHEL 6.5
Hi, On 26/06/15 12:23, Kirill Elagin wrote: This basically means that Nix expects a different version of libstdc++. Well, the Nix binary tarball includes a copy of libstdc++, so that shouldn't be a problem. It's more likely that (as Tuomas suggested) LD_LIBRARY_PATH is causing a different libstdc++ to be loaded. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [monitor.nixos.org]: Monitor generates patches where the subject does not fit the new scheme
Hi, On 26/06/15 17:30, Matthias Beyer wrote: just wanted to report this: monitor.nixos.org generates patches which do not fit the new scheme of how to name package update commits. Maybe I missed something, but how does this new scheme looks like and where was it announced? https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md Who decided that scheme? BTW, this really should be in the Nixpkgs manual, not in some random markdown file. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] mkDefault behaviour
Hi, On 26/06/15 20:40, Joel Moberg wrote: Sorry this had nothing to do with mkDefault. But I would still like to know why this is happening and why I need to build extra packages. This is because the minimal profile has this line: environment.noXlibs = mkDefault true; which in turn triggers: nixpkgs.config.packageOverrides = pkgs: { dbus = pkgs.dbus.override { useX11 = false; }; }; which means that anything depending on dbus needs to be rebuilt. We probably could be smarter about this (e.g. by only rebuilding dbus.daemon without X11). -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Impossible to use Nix + fetchgit on any Linux configured with LDAP authentication /libnss_sss
Hi, On 23/06/15 14:50, Adrien Devresse wrote: If possible, you could also enable chroot builds. It might be possible to override /etc/nsswitch.conf in the chroot by setting the Nix option build-chroot-dirs = /etc/nsswitch.conf=/path/to/my-nsswitch.conf (where my-nsswitch.conf doesn't contain libnss_nss). However, looking at the code, it may not be possible to override /etc/nsswitch.conf at the moment, but fixing that wouldn't be hard. Would this work as a non-root user ? No, you need to be root to do chroot builds. If the current user is an LDAP-referenced user, this will cause a failure too even if sss is not configured through /etc/nsswitch.conf The user inside the chroot is always called nixbld and has an entry in the chroot's /etc/passwd file, so looking up that user would not require LDAP lookups. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Impossible to use Nix + fetchgit on any Linux configured with LDAP authentication /libnss_sss
Hi, On 23/06/15 11:47, Adrien Devresse wrote: Ideally, libnss_sss should be part of stdenv. That's not going to happen because there are any number of NSS modules that we can't possibly all add to stdenv. Do you have any elegant way in Nix to add a module / modify the stdenv without retriggering a compilation of the entire system ? Yes, by using nscd. If possible, you could also enable chroot builds. It might be possible to override /etc/nsswitch.conf in the chroot by setting the Nix option build-chroot-dirs = /etc/nsswitch.conf=/path/to/my-nsswitch.conf (where my-nsswitch.conf doesn't contain libnss_nss). However, looking at the code, it may not be possible to override /etc/nsswitch.conf at the moment, but fixing that wouldn't be hard. As a hack, it might also be possible to add LD_LIBRARY_PATH to the impureEnvVars attribute of fetchgit and other affected fixed-output derivations. (Fixed-output derivations are allowed to have some impure inputs because their output is guaranteed to be the same regardless of the inputs.) So you could pass in an LD_LIBRARY_PATH pointing to a directory containing the required NSS modules. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Understanding NIX_PATH
Hi, On 13/06/15 15:25, Luca Bruno wrote: If you knew the answer, that's the answer: It's just there if someone wants to use that path., just there for convenience and historical reasons. Nothing more. The upcoming release might be a good opportunity to get rid of it, by the way. Any objections to removing /etc/nixos/nixpkgs from the default $NIX_PATH? -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Haskell in nix-shell scripts
Hi, On 13/06/15 20:44, Peter Simons wrote: users [of nixos-unstable] have to use a slightly modified version of the script that looks as follows: | #! /usr/bin/env nix-shell | #! nix-shell -i runghc -p haskellPackages.ghcWithPackages (p: [p.HTTP]) [...] it turns out that script won't work either. It seemed to work when I tested it on my machine, but that was only because I had runghc in $PATH already. Adding --pure reveals the issue: | #! /usr/bin/env nix-shell | #! nix-shell --pure -i runghc -p haskellPackages.ghcWithPackages (p: [p.HTTP]) The problem is that quoted arguments don't work here at the moment. As a workaround, you can put this in the script: #! /usr/bin/env nix-shell #! nix-shell -i runghc ./script.nix and this in script.nix: with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz) {}; runCommand dummy { buildInputs = [ (haskellPackages.ghcWithPackages (p: [p.HTTP p.tagsoup])) ]; } -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Nix 1.9 released
is made to access any file outside of the Nix search path. This is primarily intended for Hydra to ensure that a Hydra jobset only refers to its declared inputs (and is therefore reproducible). • nix-env now only creates a new “generation” symlink in /nix/var/nix/ profiles if something actually changed. • The environment variable NIX_PAGER can now be set to override PAGER. You can set it to cat to disable paging for Nix commands only. • Failing ... lookups now show position information. • Improved Boehm GC use: we disabled scanning for interior pointers, which should reduce the “Repeated allocation of very large block” warnings and associated retention of memory. This release has contributions from aszlig, Benjamin Staffin, Charles Strahan, Christian Theune, Daniel Hahler, Danylo Hlynskyi Daniel Peebles, Dan Peebles, Domen Kožar, Eelco Dolstra, Harald van Dijk, Hoang Xuan Phu, Jaka Hudoklin, Jeff Ramnani, j-keck, Linquize, Luca Bruno, Michael Merickel, Oliver Dunkl, Rob Vermaas, Rok Garbas, Shea Levy, Tobias Geerinckx-Rice and William A. Kennington III. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Nix database error
Hi, On 05/06/15 01:03, Arseniy Seroka wrote: Trying to execute any nix command (nix-env, nixos-rebuild, nix-store) and getting this `error: querying path in database: database disk image is malformed`. What's that and how to repair? It means SQLite has trouble reading the Nix database (/nix/var/nix/db/db.sqlite). Can you make a backup of that file and then see what this says: $ sqlite3 /nix/var/nix/db/db.sqlite 'pragma integrity_check' -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Impossible to use Nix + fetchgit on any Linux configured with LDAP authentication /libnss_sss
Hi, On 05/06/15 00:10, Adrien Devresse wrote: I triggered this failure (http://pastebin.com/Lw6a0p4J) while trying to use nix on a RHEL 6.5 configuration setup with ldap authentication ( sssd + libnss_sss ). After a bit of research, this is due to the dependency of git on getpwuid and to the fact that the nix glibc do not have by default libnss_sss nor can use the one of the host operating system. Doesn't RHEL 6.5 use nscd? When nscd is enabled, the Nix glibc will use it to perform lookups, so it won't need to be able to find libnss_sss on its own. Can you show the contents of /etc/nsswitch.conf? -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] nixos service using privileged ports as a non-root user
Hi, On 05/06/15 00:37, Oliver Charles wrote: I believe the User option in systemd unit configuration should do this. I think you'll also need: systemd.services.my-unit.serviceConfig.CapabilityBoundingSet = CAP_NET_BIND_SERVICE; Alternatively, socket activation combined with the User setting should work. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [PATCH] Add a ‘verifyStore’ RPC
Hi, On 03/06/15 10:27, Ludovic Courtès wrote: The patch below adds a ‘verifyStore’ RPC with the same signature as the current LocalStore::verifyStore method. Thanks! I've applied this with the following change to disallow repairing by unprivileged users (since it's a potentially dangerous operation): https://github.com/NixOS/nix/commit/d8ddf994e70f97994e0f1fbd382df93cd071b90f Sounds good, although I’m unclear on how things could go wrong: repairing can only rebuild or use approved substitutes, right? Repair may replace store paths non-atomically, which, if interrupted, can leave the system in a broken state. (E.g. if you try to replace glibc and it fails half-way through.) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [PATCH] Add a ‘verifyStore’ RPC
Hi, On 01/06/15 23:20, Ludovic Courtès wrote: The patch below adds a ‘verifyStore’ RPC with the same signature as the current LocalStore::verifyStore method. Thanks! I've applied this with the following change to disallow repairing by unprivileged users (since it's a potentially dangerous operation): https://github.com/NixOS/nix/commit/d8ddf994e70f97994e0f1fbd382df93cd071b90f -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Is $NIX_OTHER_STORES still supported?
Hi Peter, On 31/05/15 11:33, Peter Simons wrote: I've been trying to make my NixOS re-use another machine's store, but I've had no success. I've mounted the other machine's file system as follows: # mkdir /run/nix/remote-stores/other # sshfs -o allow_root other:/ /run/nix/remote-stores/other The other's /nix directory is visible: # ls -ld $NIX_OTHER_STORES drwxr-xr-x 1 root root 4096 Mar 27 2014 /run/nix/remote-stores/other/nix However, my nix-env operations never seem to access that store, even though I know for sure that it contains the derivations I'm installing. Is there anything else I have to do to activate this feature? It's not enabled by default. You need to set NIX_SUBSTITUTERS to include copy-from-other-stores.pl. Check out the NixOS installer, which uses it to ensure that binaries are copied from the installation CD: https://github.com/NixOS/nixos/blob/master/modules/installer/tools/nixos-install.sh However, NIX_OTHER_STORES might be removed at some point because it doesn't work well anymore for access to remote stores since Nix started used SQLite. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] release-15.06 branch happening in 2 weeks
Hi, On 01/06/15 18:54, Domen Kožar wrote: Branch was just created: https://github.com/NixOS/nixpkgs/tree/release-15.06 I feel we should hold off for a day or two more to get systemd 220, gcc 4.9 and Nix 1.9 in, and to revert some recent changes to Nixpkgs that I feel should not make it into a stable release. Yeah, we could cherry-pick all those changes, but that will be a lt of cherry-picking... -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] fetchFrom* improvement
Hi, On 28/05/15 04:00, Arseniy Seroka wrote: Hi! Just wanted to mention for your information this commit [1]. What the point in having meta information attached to fetchurl results? They won't show up in nix-env queries... It also makes the assumption that the source repository of a package is its homepage, which is questionable. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] fetchFrom* improvement
Hi, On 28/05/15 12:43, Jan Malakhovski wrote: The idea of that glorious change is to avoid retyping the url and just write meta = { homepage = src.homepage; }; for the packages that do have their github/bitbucket/... pages as homepages. Ah thanks, that sounds good. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Git branches to track nix channels
Hi, On 20/05/15 22:23, Nicolas Pierron wrote: I did that a while ago, and somebody removed them, because of the potential noise that such branches can caused. Then I pushed the script that I made to keep track of the channel versions. You can use this script in your nixpkgs working directory, run $ $(git rev-parse --show-cdup)maintainers/scripts/update-channel-branches.sh I think it's preferrable to use standard Git mechanisms (since it doesn't involve trying to parse http://nixos.org/channels/): $ git remote add channels git://github.com/NixOS/nixpkgs-channels.git And then you can rebase your local branch on top of (say) the current nixos-14.12: $ git remote update channels $ git rebase channels/nixos-14.12 -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] boostHeaders disappeared
Hi, On 20/05/15 15:06, Lluís Batlle i Rossell wrote: long time ago I introduced a package boostHeaders, that only installed the boost headers without building any lib. The purpose of that package was to avoid the heavy build load of boost. For what I remember, building all boost involved bjam taking 2GB of RAM, and heavy task for g++. This is a huge task for some ARM computers. Hm, isn't building packages like gcc also a problem on such constrained systems? I'd prefer not to have multiple Boost packages again. Boost's build script does have a --with-libraries flag, maybe we can expose that as a function argument? Then you could say something like boost.override { libraries = [ ]; } -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Leap Second
Hi, On 19/05/15 07:10, Roger Qiu wrote: Will NixOS be affected by the leap second issue that's coming up on June 30 2015? You shouldn't have issues if you're running ntpd. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to install pmount properly?
Hi, On 14/05/15 10:00, Matthias Beyer wrote: I want to use pmount for mounting external devices - but after installing it, when using it, it tells me Error: this program needs to be installed suid root How to do that properly? I installed via nix-env -iA nixpkgs.pmount pmount is not supported on NixOS. The supported way to deal with external media is via udisks, which works in all desktop environments, and can be used from the command line as well, e.g. $ udisksctl mount -b /dev/sdb1 Mounted /dev/sdb1 at /run/media/eelco/USBSTICK. You may need services.udisks2.enable = true; in your configuration.nix. (It's enabled automatically if you use KDE, Gnome, Xfce or Enlightenment.) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] i686 Builds?
On 12/05/15 12:49, Lluís Batlle i Rossell wrote: Yes. Maybe it got renamed... It used to be named 'amd32'. It's called x32: http://en.wikipedia.org/wiki/X32_ABI -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Overriding top level /nix directory
Hi, On 07/05/15 20:20, Tyson Whitehead wrote: I don't see any easy way to get this though. This leaves me wondering if a new primop to expose the running toolsets value for the store and state directories is the way to go. Nix 1.9 adds a builtins.storeDir constant. In builders, you can use the $NIX_STORE environment variable. Regarding the state directory, packages generally should not need to know where Nix keeps its state. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] modularize all-packages?
On 07/05/15 14:29, Daniel Peebles wrote: I thought that at some point there was an effort to autogenerate (dynamically, so not nix codegen) the list from readDir. I made an abortive attempt at reducing the size of all-packages.nix a while back: https://github.com/NixOS/nixpkgs/commit/ece61b7cc803d374e81b1094bd9c1f6d5a9ca5d0 It would allow getting rid of all packages that don't override any default arguments (i.e. pass { } to callPackage). -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] modularize all-packages?
Hi, On 07/05/15 15:02, Daniel Peebles wrote: No need to read all the files, right? You import them lazily based on what readDir returns. Yes, but you still need to traverse the directory tree, which itself takes a long time on non-SSD disks. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why is nodejs-7f considered an upgrade to nodejs?
Hi, On 28/04/15 19:04, Richard Wallace wrote: I keep running into this issue whenever I run `nix-env --upgrade` that nix-env thinks that nodePackages.7f is an upgrade to nodejs. Consequently, I have to force a downgrade to the nodejs package after every upgrade. Is there a way to avoid this? No, that package should be renamed. 7f is interpreted by nix-env as a version because it starts with a digit. Starting an attribute name with a digit is not a good idea either. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Using the NixOS Hydra module leads to infinite recursion
Hi, On 19/04/15 01:20, Mateusz Kowalczyk wrote: For a while now I've been binding hydra = fetchgit… and then require = [ ${hydra}/hydra-module.nix ] later down the file and using the module options that way. This worked fine but now I get infinite recursion when I try it. Does anyone know what changed and/or how to fix it? This is probably due to the changes in https://github.com/NixOS/nixpkgs/pull/6794. Basically, you can't use anything from pkgs (such as fetchgit) on the spine of module evaluation (since pkgs itself is the result from module system evaluation, hence the infinite recursion). See https://github.com/NixOS/nixpkgs/issues/7354. A possible workaround might be to do: hydra = (import nixpkgs {}).fetchgit { ... }; That way you're not depending on the pkgs module argument. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] ``Failed to execute opertaion: Connection timed out'' when issuing nixos-rebuild
Hi, On 11/04/15 18:08, Manuel Pages wrote: I'm facing most peculiar issue when I issue commands from nixos-rebuild family — Stopping dbus.service nix-daemon.service systemd-udevd.service *snip* restarting systemd *time passes* Failed to execute opertaion: Connection timed out Failed to execute opertaion: Connection timed out Failed to execute opertaion: Connection timed out ... What version of NixOS is this? Since very recently [1], NixOS will no longer stop dbus during nixos-rebuild, so this shouldn't happen anymore. [1] https://github.com/NixOS/nixpkgs/commit/1c39a47ac87959b2589ef797e519af96d73c27d6 -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Hydra is stuck for a few days
Hi, On 13/04/15 18:33, Jonathan Glines wrote: Could this be related to the fact that I had to build libreoffice (besides some other, less hurting things) yesterday, after a nix-channel update? No, whatever channel you're on hydra should have already built it. You probably have some changes specific to your configuration that are triggering libreoffice to be re-built. Well, libreoffice is not a channel blocker, so the channel can get updated even if libreoffice fails to build. And it did fail recently: http://hydra.nixos.org/job/nixos/trunk-combined/nixpkgs.libreoffice.x86_64-linux -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] About gettext and expat
Hi, On 02/04/15 18:27, Luca Bruno wrote: Gettext is currently depending only on libc. Gettext is an input to gcc, so that's a very important dependency. However gtk 3.16 now requires gettext to process xml files like glade files, and that requires xml support via expat. Gettext is currently compiled so that it finds expat with dlopen, but you know that means putting evil LD_LIBRARY_PATH I'd like to avoid. Anybody knows any drawbacks about making gettext depend on expat? Given that expat is only 300 KB, I don't see a problem. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] What am I doing wrong with ssh-substitutor-hosts?
Hi, On 02/04/15 20:56, Jeffrey David Johnson wrote: I've got two computers with nixos, and I can ssh between them without a password. But if I do a nixos-rebuild with `--option ssh-substitutor-hosts hostname` they still just download everything from cache.nixos.org. It's *substituter*, not substitutor. Also, make sure you're root or a user listed in ‘trusted-users’ in nix.conf. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] hydra build fails on unstable localhost
Hi, On 07/04/15 15:39, stewart mackenzie wrote: hydra-eval-jobs.cc: In lambda function: hydra-eval-jobs.cc:215:16: error: 'initGC' was not declared in this scope initGC(); You need a newer version of nixUnstable. A sufficiently new version is provided by both the Nixpkgs 14.12 and master branches. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Gratuitous generations
Hi, On 30/03/15 14:45, Christian Theune wrote: last year I experimented with self-managing NixOS installations. One thing that I stumbled upon was that regularly triggering nixos-rebuild would create new generations even though the config hadn’t changed. Is there a way to suppress that or a reason why this can’t be suppressed in general? The reason is to ensure that nixos-rebuild switch; nixos-rebuild rollback always rolls back to the configuration just before the switch, not to some earlier configuration. If nixos-rebuild switch is a logical no-op, then the rollback should do nothing, too. Note that generations are cheap (they're just symlinks), but we should probably filter redundant generations from the GRUB boot menu. What I want is to create a simple cronjob that generates Nix OS configuration from an upstream “source of truth”, like users, and not think about convergence but just trigger nixos-rebuild after updating the config. If nothing changed then no new generation should appear IMHO. We could add an option to suppress creating a new generation if nothing has changed. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [***SPAM***] git:// repositories in nixpkgs
Hi, On 27/03/15 17:40, Serge Kosyrev wrote: What is the stance on git:// repositories in nixpkgs? They are generally unavailable from behind corporate firewalls. One package employing this is grub, as of current master. It's generally better to avoid fetchgit since 1) unlike fetchurl, fetchgit calls are not mirrored to tarballs.nixos.org; 2) fetchgit has no concept of mirrors; 3) it adds a dependency on Git. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Shared packages list and collision errors
Hi, On 19/03/15 17:05, Dario Bertini wrote: Can someone point me to an explanation/docs for this behavior? This is because environment.systemPackages ignores collisions. See https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/config/system-path.nix. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Regex in manifest breaks nix-env
Hi, On 17/03/15 18:11, Jeffrey David Johnson wrote: Hi all! My nix-env commands recently stopped working. For example if I try to `nix-env -q`, it says: error: syntax error, unexpected $undefined, expecting '', at /nix/store/ar83fv0d68frfyifz2wl1dm97m6jvxnn-env-manifest.nix:1:153 The contents of `/nix/store/ar83fv0d68frfyifz2wl1dm97m6jvxnn-env-manifest.nix` are: [ { meta = { description = RDF database; downloadPage = http://archive.apache.org/dis t/jena/binaries/; downloadURLRegex = apache-jena-.*[.]tar[.]gz$; homepage = http://j ena.apache.org; license = { fullName = Apache License 2.0; shortName = asl20; spdxI d = Apache-2.0; url = http://spdx.org/licenses/Apache-2.0;; }; maintainers = [ Micha el Raskin 7c6f4...@mail.ru ]; platforms = [ i686-linux x86_64-linux armv5tel-lin ux armv6l-linux armv7l-linux mips64el-linux ]; position = /nix/store/75d9rrzyal2 7mn3fdwc060yrbhnyjihi-nixos-14.12.374.61adf9e/nixos/nixpkgs/pkgs/servers/nosql/apache-je na/binary.nix:29; updateWalker = true; version = 2.12.1; }; name = apache-jena-2.12. 1; out = { outPath = /nix/store/3pl4jn0l4wx434g8vgv1assymvg7card-apache-jena-2.12.1; }; outPath = /nix/store/3pl4jn0l4wx434g8vgv1assymvg7card-apache-jena-2.12.1; outputs = [ out ]; system = x86_64-linux; type = derivation; } ] So the offending part seems to be `downloadURLRegex = apache-jena-.*[.]tar[.]gz$;`. Is the package broken for including a regex? Looks like a bug in the manifest generation, since the '$' should be escaped. And how do I remove/fix it without parsing that? Please try nix-env --rollback to go back to the most recent non-corrupt version. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Firefox has become an unfree package in 'master'
Hi, On 09/03/15 12:08, Kirill Elagin wrote: Isn’t Hydra allowed to build `unfreeRedistributable` packages? No. The only unfree stuff it builds is redistributable firmware. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Fetching variable and unpredictable URL download link
Hi, On 01/03/15 16:21, Anderson Torres wrote: How can I fetchurl a variable url? When I download a dockapp from Windowmaker site, like http://windowmaker.org/dockapps/?download=wmSMPmon-3.1.tar.gz;, it in fact downloads something like wmSMPmon-${a long string of chars, like a checksum}.tar.gz. And the long string is unpredictable. You can use fetchzip instead: fetchzip rec { name = wmSMPmon-3.1.tar.gz; url = http://windowmaker.org/dockapps/?download=${name};; sha256 = 1ahp2vg6w3pzg0aar61gm122q37ljhd8ni6g0p1vp0x1wbavgljl; } It calculates the hash over the unpacked data, so changes in the mtime fields of the archive and other metadata don't matter. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] staging -- master merge imminent
Hi, On 01/03/15 22:15, Lluís Batlle i Rossell wrote: If that commit could be merged into master, it would be nice. I'd be able to commit to master instead. We'd better wait a few days for Hydra to catch up a bit: http://hydra.nixos.org/eval/1173079 A few days passed. I merged staging from the libsigsegv change. I didn't know next commits, so I thought better not to merge them. That kind of defeats the purpose of the staging branch, which is to combine mass rebuild changes. See here: http://comments.gmane.org/gmane.linux.distributions.nixos/13447 -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Customizing calibre PYTHONPATH to support plugins...
Hi, On 28/02/15 19:10, Michael Alan Dorman wrote: I have a plugin for calibre I would like to use that requires pycrypto. I looked at the derivation for calibre, and it seemed to me that it would be sufficient to override it thusly: calibre = pkgs.stdenv.lib.overrideDerivation pkgs.calibre (o: { buildInputs = o.buildInputs ++ [ pythonPackages.pycrypto ]; }); Try this: calibre = pkgs.lib.overrideDerivation pkgs.calibre (o: { nativeBuildInputs = o.nativeBuildInputs ++ [ pkgs.pythonPackages.pycrypto ]; }); This is necessary due to the confusing handling of buildInputs and nativeBuildInputs in mkDerivation: when not doing a cross-build, buildInputs is passed to the builder via the $nativeBuildInputs environment variable, and $buildInputs is empty. It would be better if this remapping were done in the builder itself so that overrideDerivation would work as expected. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Automatic download option for requireFile
Hi, On 22/02/15 19:51, Vladimír Čunát wrote: On 02/22/2015 11:26 AM, Tomasz Kontusz wrote: Talking about laws: are there any guidelines about what software can go into nixpkgs/can be distributed by hydra? I know many distributions try to somehow separate the software illegal in USA (mostly DRM-related/patented stuff). Basically anything is accepted in nixpkgs, even non-redistributable stuff as you see (why else requireFile). FWIW, I'm fairly strongly against inclusion of any package that cannot be installed automatically, i.e., anything that uses requireFile. The reason being that if a package shows up in nix-env -qa, then nix-env -i package should Just Work. There are some unfortunate historic exceptions (like the Oracle JDK) but we should try not to proliferate them. We probably also shouldn't include packages that require obtaining a license key or something similar. I.e. packages should be usable by everybody. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Missing documentation
Hi, On 18/02/15 20:20, Kirill Elagin wrote: Having short reminders instead of long and verbose man pages is _so much better_. And having context-sensitive help is _absolutely marvelous_. We could improve the current man-based situation in two ways: * Have the synopsis section show the available operations. Then running nix-env --help will show the most important information right on the first screen. * Have separate manpages for each subcommand. Then nix-env -q --help could invoke man nix-env-q or something like that. There is a `git help` command that opens a man page indeed, but `git command -h` prints a short summary of options. Ah, I didn't know that. (I always use --help, which invokes man.) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Override nix.maxJobs without editing hardware-configuration.nix?
Hi, On 18/02/15 08:25, James Cook wrote: I can't set nix.maxJobs in configuration.nix, because it is set in hardware-configuration.nix: error: The unique option `nix.maxJobs' is defined multiple times, in `/etc/nixos/hardware-configuration.nix' and `/etc/nixos/configuration.nix'. Of course, I could work around this by editing hardware-configuration.nix, but then the change would be lost the next time I run nixos-generate-config. Is there a better way to do this? This should work: nix.maxJobs = mkForce 4; I guess the option definition in hardware-configuration.nix should be given a lower priority to prevent this problem. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Missing documentation
Hi, On 16/02/15 19:53, Ertugrul Söylemez wrote: Software should be fully documented. If you don't know where the line between regular users and advanced users is, don't draw one in the first place. It's not so much a question of regular vs. advanced use, but whether something is a stable interface. If we document a command like nix-store --register-validity (which is mostly a hack to support the nixos-install bootstrap), we'd pretty much commit to supporting it in the future. If it's undocumented, we can change or remove it in the future. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why are there so many branches in the nixpkgs repo
Hi, On 16/02/15 18:43, Matthias Beyer wrote: what do you think about removing the old branches, as listed below (I guess all before 12-2014 or something) should be removed,... No, they should not be removed, unless they were merged. Deleting history kind of defeats the purpose of having a version management system... However, we could rename dead branches to something like attic/name. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Missing documentation
Hi, On 16/02/15 16:02, Ertugrul Söylemez wrote: +1 to doc fixes! :-) I'll gladly help with peer review for the content or whatever I can within the prose capacity :-) Nobody else? I would just do it, but at the very least I need an explanation of the missing parts. The best way to find out might be to use git blame and see commit history. Okay, I will try that. Regarding --register-validity, it's a bit of internal command that I'm not sure should be documented. But yeah, ‘exportReferencesGraph’ shouldn't refer to it :-) The format is as follows (see decodeValidPathInfo() in store-api.cc): line containing the store path if --hash-given is used, a line containing the hash of the contents of the path (nix-store -q --path) if --hash-given is used, a line containing the size of the contents of the path (nix-store -q --size) the deriver an integer containing the number of references the references, one per line This is repeated until EOF. See pkgs/build-support/kernel/paths-from-graph.pl for an example of a script that generates registration info in this format. Regarding the overhaul of `--help` I will just do it and see what people think about it. Note that I removed --help on purpose because I didn't want to maintain two sets of option documentation. Invoking man is also what tools like Git do, so it's not entirely uncommon. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Linux config options
Hi, On 10/02/15 14:48, Wout Mertens wrote: Just wondering out loud with probably no actionable change: Why are the kernel options implemented as strings (FOO y) instead of an attribute set ({ foo = y: })? Of course that means you can easily import your own .config file as described at https://nixos.org/wiki/How_to_tweak_Linux_kernel_config_options, but would an attribute set not allow things like if the kernel has this feature enabled, install this package or if you enable this module the kernel must have foo set to one of these values? pkgs/os-specific/linux/kernel/manual-config.nix allows passing a config attribute set containing kernel config option, e.g. config = { CONFIG_MODULES = y; CONFIG_FW_LOADER = m; }; I don't know if that's exposed to NixOS modules though. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Missing GeoIP databases
Hi, On 10/02/15 19:50, Christoph-Simon Senjak wrote: I installed geoip, and GEOIPLOOKUP(1) says the databases should be in /nix/store/b952llxwhpd8046r40xkkkjgg1vmcw7q-geoip-1.6.2/share/GeoIP but ... they are not. Is this intentional or is this a bug? More or less intentional, since the upstream geoip package does not contain a database. So you should download it yourself and pass the path on the command line or via the API. However, if there is a free (as in freedom) database somewhere, we could include that by default. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] How to add (self-signed) SSL certificate to NixOS?
Hi, On 04/02/15 23:18, Bjørn Forsman wrote: The following should work: environment.etc.ssl/certs/ca-bundle.crt.source = lib.mkForce ...; Unfortunately it does not. That also results in mismatched duplicate entry ... error. I've added an option ‘security.pki.certificateFiles’. You should now be able to say: security.pki.certificateFiles = [ ./my-certificate.crt ]; -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [FOSDEM] Thank you all
Hi, On 02/02/15 22:29, Domen Kožar wrote: thanks everyone for being part of the FOSDEM stand! It was amazing, we've given away around 700 stickers. Wow, nice :-) A big thanks to you, Wout, Nicolas and everybody else who helped for getting us a bit closer to world domination! -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Please test NixOS/nixpkgs.git on darwin
Hi, On 04/02/15 14:14, Michael Sperber wrote: error: cannot download nix-1.9pre4021_f46e329.tar.xz from any mirror I've fixed this, please update your Nixpkgs. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] [Trinity-on-NixOS] Annoucing my project: packaging Trinity Desktop Environment to Nixpkgs
Hi, On 27/01/15 10:16, Anderson Torres wrote: I am Anderson Torres, a wannabe Computer Scientist (I am studying to admissional exams for a Brazilian CS undergrad course), and there is about one year I am a NixOS user. I want to port/package Trinity for NixOS, because I really liked the old KDE3.x series! I used KDE 3.x when I started using Linux Slackware and open source in 2004. Cool :-) You may find the old KDE 3.x Nix expressions useful: git log --all --pkgs/desktops/kde-3. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Why does Hydra/staging have many parallel evaluations queued?
Hi, On 27/01/15 12:53, Wout Mertens wrote: See http://hydra.nixos.org/jobset/nixpkgs/staging#tabs-evaluations There's 4 evaluations with queued jobs, why don't they get cancelled when the next evaluation happens? Because Hydra doesn't cancel jobs automatically. I've cancelled them manually now. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Can recursive attribute sets refer to quoted attributes?
Hi, On 27/01/15 16:58, Wout Mertens wrote: Nix could be extended to accept `rec { foo.bar = test; bar = ${foo.bar};}'? Well, it was probably a mistake to allow string syntax for variable names in the first place. It might be better to allow '.' to be escaped in variables names: rec { foo\.bar = test; bar = foo\.bar; } Is this an important use case? No, we probably don't want to promote using dots in variable names at all :-) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] environment.allowedLicenses ?
Hi, On 26/01/15 14:19, Matthias Beyer wrote: On 26-01-2015 14:00:10, Eelco Dolstra wrote: Hm, I have the impression the license checking code is becoming pretty heavy at this point. For instance, what (realistically) is the use case for whitelisting? Whitelisting a non-free license. Doesn't that also require whitelisting all free licenses used by a configuration? I actually think we should *remove* meta.license entirely (because it doesn't provide useful info to users and tends to be wrong or incomplete anyway), and replace it with attributes that have operational meaning: I'm heavily against this. Having the license in the package information is (IMHO) the right way to do this. Removing the license of a package is removing information about the package, which I do not consider a good idea at all. You could remove the maintainer and version, too, if you remove the license. Well, those have an actionable meaning (namely, who to contact regarding problems in the package, and whether nix-env -u should consider a package newer). OTOH, most users don't care whether a package is licensed under the 3-clause or 2-clause BSD license. People who do care about the exact license of a package should use a tool like Ninka do extract the actual license, rather than depend on meta.license (since, as I said, it tends to be incomplete or wrong). -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Can recursive attribute sets refer to quoted attributes?
Hi, On 26/01/15 10:55, Peter Simons wrote: consider the following recursive attribute set: rec { foo.bar = test; } Is there any way to refer to foo.bar within that set? No, except by giving the entire set a name, e.g. let attrs = rec { foo.bar = ...; x = attrs.foo.bar; }; in attrs -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS configuration unit tests
Hi, On 23/01/15 15:04, Wout Mertens wrote: I'm thinking that it might be a good idea to have unit tests for the configuration.nix descriptions. That way we can be more sure that a change doesn't have unintended consequences. For example, we could have tests like if you set config.foo and config.bar, the evaluation should fail and if you set config.foo then config.baz should get a value. One specific use case is the license whitelisting/blacklisting (https://github.com/NixOS/nixpkgs/pull/5892), where we don't ever want to inadvertently allow forbidden licenses. Any thoughts on how to implement this? An approach might be a shell script that runs a few nix-instantiate command lines and expects errors and values, but how would that integrate with the nixos tests? Basically by adding a job like this to nixos/release.nix (not tested): bla = runCommand bla { buildInputs = [ nix ]; src = ./..; } '' # Ugly hack to make read-only evaluation work. export NIX_DB_DIR=$TMPDIR export NIX_STATE_DIR=$TMPDIR nix-store --init echo '{ config.foo = true; config.bar = true; }' foo.nix nix-instantiate --dry-run $src/nixos -A system \ -I nixos-configuration=$(pwd)/foo.nix ... ''; and then add this job to tested in nixos/release-combined.nix to make the NixOS channel depend on it. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] PAM SSH agent auth question
Hi, On 13/01/15 05:00, aldiyen wrote: Anyone know why the NixOS PAM config that gets generated when the sshAgentAuth setting is set to true includes files owned by the user (within that user's home directory)? It seems like this could be rather insecure, given that an attacker who obtained the ability to write files using the current user's permissions could simply write new SSH keys into these authorized keys files and obtain access to whatever services are configured to allow SSH agent-based authentication (including, perhaps, su and/or sudo) Would it make more sense to change this to reference only the /etc/pam/authorized_keys.d/%u path? I'm inclined to agree, but it's worth noting that the use of user-owned authorized key files is sanctioned by the pam_ssh_agent_auth manpage: http://pamsshagentauth.sourceforge.net/ -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] mercury
Hi, On 07/01/15 02:41, Karn Kallio wrote: The attached patch advances the version of the Mercury compiler from 14.01 to 14.01.1 Applied, thanks! -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] hydra.nixos.org stopped scheduling jobs
Hi, On 04/01/15 14:21, Peter Simons wrote: It seems building OK now. I don't know if anyone has intervened... Hydra builds a couple of hundred packages per day, but it does so at a snails pace. The queue gets stopped automatically when free disk space drops below a certain level (10 GB or so), which is happening all the time now. Apparently the garbage collector cannot reclaim enough disk space anymore, suggesting we have too many roots (i.e. active Nixpkgs/NixOS jobsets). The Nix store on that machine has 3.6 TB of disk space BTW. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Supported Darwin versions
Hi, On 05/01/15 04:25, John Wiegley wrote: Here are the results of running curl https://nixos.org/nix/install | sh right now on various versions: 10.6 sorry, there is no binary distribution of Nix for your platform This suggests that uname -s / -m returns something different than Darwin and x86_64 on 10.6. 10.8 error: the group ‘nixbld’ specified in ‘build-users-group’ does not exist Huh. That shouldn't happen in a single user install. Each VM I'm using is a virgin install + updates + Xcode + CLI tools, nothing else Is 10.9 our lowest target now, or should I open new issues for these last two errors? Nixpkgs master currently has MACOSX_DEPLOYMENT_TARGET set to 10.9, so anything lower probably won't work. This was done to work around some Xcode 6.1 issue: https://github.com/NixOS/nixpkgs/commit/899d81b37ba6dc26431b82b40300505f19504e03 But with a stdenv that doesn't depend on Xcode, we may be able to lower MACOSX_DEPLOYMENT_TARGET. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Static Executable: Patchelf fails me
Hi, On 05/01/15 00:24, Moritz Ulrich wrote: $ patchelf ./s3d.run patchelf: patchelf.cc:292: void ElfFileElf_Ehdr, Elf_Phdr, Elf_Shdr, Elf_Addr, Elf_Off, Elf_Dyn, Elf_Sym::parse() [with Elf_Ehdr = Elf64_Ehdr; Elf_Phdr = Elf64_Phdr; Elf_Shdr = Elf64_Shdr; Elf_Addr = long unsigned int; Elf_Off = long unsigned int; Elf_Dyn = Elf64_Dyn; Elf_Sym = Elf64_Sym]: Assertion `shstrtabIndex shdrs.size()' failed. Aborted The error message could be more elegant, but the main issue is that patchelf cannot work on static binaries because there is nothing to patch: no ELF interpreter section, no DT_NEEDED entries, etc. Setting LD_PRELOAD with pkgs.libredirect doesn't have any effect. (Is this expected?) Same thing, LD_PRELOAD doesn't work with static binaries because it affects the dynamic linker, which doesn't get used for static executables. If there is a dynamic executable hidden inside the static executable via UPX compression or something similar, I guess you need to decompress it first and then apply patchelf. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] hydra.nixos.org stopped scheduling jobs
Hi, On 05/01/15 13:04, Domen Kožar wrote: We could delete some nixos/nixpkgs jobset, as there are many not needed anymore. Well, builds for jobsets that are disabled *and* hidden are not kept anyway, so it's not necessary to delete them. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] hydra.nixos.org stopped scheduling jobs
Hi, On 05/01/15 13:11, Eelco Dolstra wrote: On 05/01/15 13:04, Domen Kožar wrote: We could delete some nixos/nixpkgs jobset, as there are many not needed anymore. Well, builds for jobsets that are disabled *and* hidden are not kept anyway, so it's not necessary to delete them. I've now hidden some disabled jobsets, so that should cause a lot of stuff to be GC'ed. (Actually I don't remember *why* jobsets need to be disabled *and* hidden rather than just disabled...) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] less: When assumptions ruin the world
Hi, On 02/01/15 12:57, Michael Jones wrote: If it helps at all, git seems to use GIT_PAGER first and then falls back to PAGER and then to `less` for the commands that use it. Perhaps nix could respect a NIX_PAGER env var? I've implemented this now, with the same semantics as GIT_PAGER and SYSTEMD_PAGER. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] less: When assumptions ruin the world
Hi, On 02/01/15 14:49, Ertugrul Söylemez wrote: There is a very good reason for this principle. If a program does more than what it's intended to do, then it hurts composability. There shouldn't be an issue with composability here, because Nix will only run the pager when stdout is a terminal. So things work fine if you pipe Nix into another command. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS as dom0 for Xen
Hi, On 20/12/14 21:37, Thomas Strobel wrote: I plan to use NixOS as dom0 for Xen. There is an old, deactivated nixos module available that I thought of using. But before I go ahead, I just wanted to ask why dom0 support for Xen was dropped in NixOS? Just bitrot. I had a Xen NixOS at some point, but I switched to using KVM VMs so I didn't need it anymore. Anything that I should keep in mind when trying to reestablish dom0 support? It would be great to have an automated test for Xen Dom0. Not sure if Xen works in our QEMU testing framework though :-) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Enable openntpd instead ntp by default
Hi, On 21/12/14 21:32, Paul Colomiets wrote: I'm not sure was it discussed before, but I want to ask if we should enable openntpd instead of ntpd by default? +1 on switching to openntpd or systemd-timesyncd (with a preference for the latter for better integration with the rest of the system, such as automatically handling network reconfiguration events from networkd). -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Avoiding threads in the daemon
Hi, On 19/12/14 19:20, Eelco Dolstra wrote: I see a few ways to get PID namespaces back: * Do a regular fork followed by clone(... | CLONE_NEWPID | CLONE_PARENT) (after which the intermediate process can exit). This has been implemented in bd0f362d2fad1dd5f28e762011888b5eabd21280. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Breaking changes log
Hi, On 18/12/14 17:18, Wout Mertens wrote: As a summary answer to all the answers, I think we should adopt a change log as described at http://keepachangelog.com/ We already have a place to document breaking changes, namely the NixOS release notes in nixos/doc/manual/release-notes. I'm not in favour of having multiple, out-of-sync locations to keep this info. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Breaking changes log
Hi, On 19/12/14 15:10, Wout Mertens wrote: We already have a place to document breaking changes, namely the NixOS release notes in nixos/doc/manual/release-__notes. I'm not in favour of having multiple, out-of-sync locations to keep this info. Right, but those are not very human-readable nor is there any attempt to make them machine-parseable (for displaying diffs from nixos-rebuild and tests). It's probably a lot easier and well-defined to generate something from XML than from some poorly specified, ad-hoc Markdown-like language. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Avoiding threads in the daemon
Hi, On 18/12/14 17:32, Ludovic Courtès wrote: Thus, I think Nix commit 49fe95 (which introduces monitor-fd.hh, which uses std::thread just for convenience) should be reverted, along with the subsequent commits to that file; then commit 524f89 can be reverted. I really don't want to get rid of threads because they're useful and I want to use them more in the future (e.g. build.cc would be much simpler if it used threads rather than the current event-driven approach; nix-daemon could handle client connections with a thread rather than a process; etc.). I see a few ways to get PID namespaces back: * Do a regular fork followed by clone(... | CLONE_NEWPID | CLONE_PARENT) (after which the intermediate process can exit). * Call setuid/setgid via syscall() to bypass the locking in the Glibc wrappers. However, there might be other problematic functions so this is not a great solution. * Get the Glibc folks to provide a way to run at-fork handlers with clone(). Clearly the first option is the easiest. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Avoiding threads in the daemon
Hi, On 19/12/14 19:41, Shea Levy wrote: Can't you unshare in the parent then setns back after fork? In a multi-threaded program, that sounds incredibly racy :-) (Though it's not clear to me whether unshare() works on the current process or the current thread. Manpage says process...) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Nix 1.8 released
Hi, I'm pleased to announce the availability of a new stable release of the Nix package manager. Release 1.8 can be found at http://hydra.nixos.org/release/nix/nix-1.8 and http://nixos.org/releases/nix/nix-1.8 It has the following changes and new features: • Breaking change: to address a race condition, the remote build hook mechanism now uses nix-store --serve on the remote machine. This requires build slaves to be updated to Nix 1.8. • Nix now uses HTTPS instead of HTTP to access the default binary cache, cache.nixos.org. • nix-env selectors are now regular expressions. For instance, you can do $ nix-env -qa '.*zip.*' to query all packages with a name containing zip. • nix-store --read-log can now fetch remote build logs. If a build log is not available locally, then ‘nix-store -l’ will now try to download it from the servers listed in the ‘log-servers’ option in nix.conf. For instance, if you have the configuration option log-servers = http://hydra.nixos.org/log then it will try to get logs from http://hydra.nixos.org/log/base name of the store path. This allows you to do things like: $ nix-store -l $(which xterm) and get a log even if xterm wasn't built locally. • New builtin functions: attrValues, deepSeq, fromJSON, readDir, seq. • nix-instantiate --eval now has a --json flag to print the resulting value in JSON format. • nix-copy-closure now uses nix-store --serve on the remote side to send or receive closures. This fixes a race condition between nix-copy-closureE and the garbage collector. • Derivations can specify the new special attribute allowedRequisites, which has a similar meaning to allowedReferences. But instead of only enforcing to explicitly specify the immediate references, it requires the derivation to specify all the dependencies recursively (hence the name, requisites) that are used by the resulting output. • On Mac OS X, Nix now handles case collisions when importing closures from case-sensitive file systems. This is mostly useful for running NixOps on Mac OS X. • The Nix daemon has new configuration options allowed-users (specifying the users and groups that are allowed to connect to the daemon) and trusted-users (specifying the users and groups that can perform privileged operations like specifying untrusted binary caches). • The configuration option build-max-jobs now defaults to the number of available CPU cores. • Build users are now used by default when Nix is invoked as root. This prevents builds from accidentally running as root. • Nix now includes systemd units and Upstart jobs. • Speed improvements to nix-store --optimise. • Language change: the == operator now ignores string contexts (the “dependencies” of a string). • Nix now filters out Nix-specific ANSI escape sequences on standard error. They are supposed to be invisible, but some terminals show them anyway. • Various commands now automatically pipe their output into the pager as specified by the PAGER environment variable. • Several improvements to reduce memory consumption in the evaluator. This release has contributions from Adam Szkoda, Aristid Breitkreuz, Bob van der Linden, Charles Strahan, darealshinji, Eelco Dolstra, Gergely Risko, Joel Taylor, Ludovic Courtès, Marko Durkovic, Mikey Ariel, Paul Colomiets, Ricardo M. Correia, Ricky Elrod, Robert Helgesson, Rob Vermaas, Russell O'Connor, Shea Levy, Shell Turner, Sönke Hahn, Steve Purcell, Vladimír Čunát and Wout Mertens. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] gcc vs gfortran
Hi Andreas, On 10/12/14 12:07, Andreas Herrmann wrote: gfortran48 is defined as an override of gcc48 with the following arguments: langFortran = true; langCC = false; langC = false; To me this suggests that the package gfortran comes with a Fortran compiler, but does not offer a C, or a C++ compiler. But, if I look at the built derivation I find that there are programs cc, cpp, gcc, and g++ alongside f77, and gfortran. Is that intentional, and if so why? Looks like a bug. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Making Nix use pivot_root in addition to chroot
Hi, On 04/12/14 12:24, Harald van Dijk wrote: Is there any interest in getting something like this in Nix? I would be perfectly happy to clean this patch up, get it into better shape, but I'd like to avoid doing so if (for whatever reason) it is decided that Nix should not be using this. Looks good to me. Being able to use all that user namespace magic would be great :-) -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Make wrappers be binaries instead of shell scripts?
Hi, On 18/11/14 16:39, Mateusz Kowalczyk wrote: As long as it's optional: debugging wrappers does happen and if it's binary then there's no hope. Of course there is: a wrapper just sets some environment variables before calling another program, so you can see its effect by doing strace -eexecve -v. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev