187 Matching Annotations
  1. Apr 2023
    1. The Answer to the Original Issue

      This is the pinning solution.

    2. If channels were to be removed, it would be more clearer to everybody including new users, what the real use and power of nix is, and all documentation would go straight to pinning. Then only after understanding this, can people write higher level abstract tools to provide an auto-updating "channel" like interface to the underlying pinning concept.

      great channels vs pinning summary

    3. One effect of this is that you get reproducibility. Note that this is not binary reproducibility, since it's still possible for the compilation of code to give different resulting binaries. But it is reproducibility within the context of Nix universe.
    4. No pinning isn't about which channels you get. Pinning pins to a content addressed commit hash of nixpkgs or any nixpkgs even your own fork. Channels is orthogonal and probably a mistake and should be removed.

      Wonder what the consensus on channels nowadays?

    5. What's "pinning"? Is this ever explained to a new user? Where? (Yes, I understand what it is now, but new users probably will not, meaning it doesn't exist to them.) Your packages never get bug-fix updates Your packages never get security updates Broken package expressions never get fixed. If you need to update one package, you must update them all. This can be seen as either consistency, or limitation. It depends on the use case.

      Again, the entire comment is great.

    6. The main thing I want to accomplish is to distinguish between the versions of packages, and the versions of derivations.
    7. What I want is to let a channel have several derivations for a package, each with its own version. This is current behavior. I then want my derivation to depend on a specific package name and version. Since versions are currently put into some package names, this is current behavior, though it would be cleaner to just use separate names. I then want my derivation to pattern match a range of versions. This is not current behavior. The current channel will provide a package with the greatest version number matched by the range provided that it has defined.

      Another good one.

    8. To summarize what I have read here (correct me if I am wrong) @mayhewluke described some real drawbacks of how derivations are currently implemented: Derivations cannot use a specific version of a package. Derivations are limited to a very small subset of real versions for dependencies.

      This entire comment is gold

    9. You always have the option of adding missing versions of certain packages to your local database by means of an override as described in http://nixos.org/nixpkgs/manual/#how-to-create-nix-builds-for-your-own-private-haskell-packages. You can register aeson-0.8.1.1 in your copy of Nixpkgs without needing to change the Nixpkgs git repository at all.

      what

    10. So what happens if I have to fix a bug in an old project that was using 0.8.1.1? In that particular case, Nix won't help you and you are better off using a cabal-install sandbox or a stack build.

      Is this still the case?

    11. To be certain, you can just copy those by nix-copy-closure. Note that version numbers of direct dependencies don't contain all the information at all.
    12. We keep multiple versions in nixpkgs only when there's a good reason to. Nix is able to handle any number of versions/configurations, but on the other hand it's much more convenient when all (or most) use just a single one. It leads to better sharing of the effort in many respects: simplified maintenance, testing, sharing of the binaries, etc. It's what most distros do. (Only gentoo diverges from the big ones I know, and they pay a price for it.) When we do create more variants, we just name them (attribute paths), e.g. gcc48 and gcc49 or ffmpeg and ffmpeg-full.

      mull this over

  2. Aug 2021
  3. May 2021
    1. The command nix-shell will build the dependencies of the specified derivation, but not the derivation itself. It will then start an interactive shell in which all environment variables defined by the derivation path have been set to their corresponding values, and the script $stdenv/setup has been sourced. This is useful for reproducing the environment of a derivation for development.

      QUESTION: What exactly does nix-shell execute from the Nix expression (i.e., shell.nix, default.nix, etc.)?

      ANSWER: Based on my current understanding, the answer is everything. It calls $stdenv/setup (see annotation below) to set up the most basic environment variables (TODO: expand on this), and "injects" the most common tools (e.g., gcc, sed) into it.

      It also defines the phases (TODO: verify this) and builder functions, such as genericBuilder. For example, the default builder is just two lines:

      source $stdenv/setup
      genericBuild
      

      TODO: pkgs/stdenv/generic/builder.sh is a mystery though.

      QUESTION: Once dropping into nix-shell, how do I know what phases to execute by looking at a default.nix? (E.g., [..]freeswitch/default.nix)

      ANSWER: As far as I can tell, one can override the phases in their Nix build expression (to build the derivation, see at the bottom), but they won't get executed as only the $stdenv/setup (see above) will get sourced, and no builders are called that, in return, invoke the phases (again, see above).

      So if one is using nix-shell

      • to create/hack on a package, the person has to manually invoke the builder or phases (TODO: still fuzzy on this subject)

      • to set up an environment, then one doesn't even have to worry about builders/phases because we just use nix-shell to clear the environment and to inject tools that we need for a given task

      QUESTION: When dropping into nix-shell, is this Nix expression (i.e., freeswitch/default.nix) executed? Or just parts of it?

      ANSWER: As stated above, all of the input Nix expression is evaluated, but no builders and build phases are called; although, nothing prevents one to override the phases, in case they are creating/hacking on a package.

      QUESTION:

      The command nix-shell will build the dependencies of the specified derivation, but not the derivation itself.

      What is the "derivation" here exactly? I know that it is a build expression, but does that mean the default.nix (or other Nix expression) nix-shell is invoked with?

      <sup>This statement also seems like a contradiction with how `nix-shell` works (i.e., if one issues `nix-shell -p curl`, then `curl` will be available in that sub-shell), but `-p` acts like a shortcut to as if `curl` had been listed in `buildInputs` so this is not the case.</sup>

      ANSWER: I have the feeling my confusion comes from the fact that the term "derivation" is used ambiguously in the manuals, sometimes to mean multiple things (see list below).

      TODO: Substantiate this claim, and make sure that it not coming from my misunderstanding certain topics.

      • Nix build expression (such as default.nix) whose output is going to become the store derivation itself (see last item at the bottom about the Nix manual's glossary definition)

      • store derivation.

      Had multiple cracks at unambiguously define what a derivation is, and here's a list of these:

      QUESTION: What is the difference between nix-shell -p and nix-shell invoked with a Nix expression of mkShell (or other that achieves the similar effect)?

      QUESTION: nix-shell does not create a sub-shell, so what does it do? (clarification: so nix-shell indeed does it; I confused it with nix shell)

  4. Feb 2021
    1. A Nix expression describes everything that goes into a package build action (a “derivation”)

      Come up with an ultimate definition for what a "derivation" is.

      So round up all the places where it is mentioned across Nix* manuals, and check out these:


      From Nix Pills section 6.1. The derivation function (see annotation):

      A derivation from a Nix language view point is simply a set, with some attributes. Therefore you can pass the derivation around with variables like anything else.

      So there is clearly an ambiguity between what derivations are perceived to be and what is stated in the Eelco Dolstra's PhD thesis. Or maybe I'm having issues with reading comprehension again...

    2. For each output declared in outputs, the corresponding environment variable is set to point to the intended path in the Nix store for that output. Each output path is a concatenation of the cryptographic hash of all build inputs, the name attribute and the output name. (The output name is omitted if it’s out.)

      QUESTION: So when I see $out in a builder script, it refers to the default output path because the output attribute in the Nix expression has never been explicitly set, right?

    3. A derivation causes that derivation to be built prior to the present derivation; its default output path is put in the environment variable.

      That is, if an input attribute is a reference to a derivation in the Nix store, then

      1. that derivation is built first (after a binary substitute is not found, I presume), and
      2. the path to the built package (for a better word) is handed to the shell build script.
    4. derivationA description of a build action. The result of a derivation is a store object. Derivations are typically specified in Nix expressions using the derivation primitive. These are translated into low-level store derivations (implicitly by nix-env and nix-build, or explicitly by nix-instantiate).

      Organically related to the annotation regarding my nix-shell confusion.

      The dissection of this definition to show why I find it lacking:

      A description of a build action.

      The first (couple) time(s) I read the manuals, this description popped up in many places, and I identified it with Nix expression every time, thinking that a derivation is a synonym for Nix expression.

      Maybe it is, because it clearly tries to disambiguate between store derivations and derivation in the last sentence.

      The result of a derivation is a store object.

      Is this store object the same as a store derivation?

      Derivations are typically specified in Nix expressions using the `derivation primitive. These are translated into low-level store derivations (implicitly by nix-env and nix-build, or explicitly by nix-instantiate).

      QUESTION: So, the part of the Nix build expression (such as default.nix) where the derivation primitive is called (explicitly or implicitly, as in mkDerivation) is the derivation, that will be ultimately be translated into store derivations?

      ANSWER: Start at section 15.4 Derivation.


      QUESTION: Also, why is typically used here? Can one define derivations outside of Nix expressions?

      ANSWER(?): One could I guess, because store derivations are ATerms (see annotation at the top), and the Nix expression language is just a tool to translate parameterized build actions into concrete terms to build a software package. The store derivations could be achieved using different means; e.g., the way Guix uses Guile scheme to get the same result))


      I believe, that originally, derivation was simply a synonym to store derivation. Maybe it still is, and I'm just having difficulties with reading comprehension but I think the following would be less misleading (to me and apart from re-writing the very first sentence):

      Derivations are typically the result of Nix expressions calling the derivation primitive explicitly, or implicitly usingmkDerivation`. These are translated into low-level store derivations (implicitly by nix-env and nix-build, or explicitly by nix-instantiate).

    5. $stdenv/setup

      QUESTION: Does this refer to pkgs/stdenv/generic/setup.sh? According to 6.5 Phases in the Nixpkgs manual?

      ANSWER: I'm pretty sure it does. It sets up the environment (not sure how yet; I see the env vars, but not the basic commands - sed, awk, etc. - that are listed below) and defines a bunch of functions (such as genericBuilder) but it doesn't call these functions!

    6. The function mkDerivation in the Nixpkgs standard environment is a wrapper around derivation that adds a default value for system and always uses Bash as the builder, to which the supplied builder is passed as a command-line argument. See the Nixpkgs manual for details.

      "Documented" in the Nixpkgs manual under 6.1 Using stdenv.

      Used the double-quotes above because I don't consider it well documted. Will give it a try too; worst case scenario is that I'll fail as well.

    7. C.12. Release 1.6 (2013-09-10)In addition to the usual bug fixes, this release has several new features:The command nix-build --run-env has been renamed to nix-shell.
    8. See annotations with the build-phases tag.


      Why are the build phases not enumerated in the Nix manual? If the instructions on how to create a derivation (and thus, a package) then why not go all in instead of spreading out information in different manuals, making the subject harder to grasp?...

      (By the way, it is documented in the Nixpkgs manual under 6.5 Phases; not sure why it is not called build phases when every page refers to them like that.)

    9. Chapter 14. A Simple Nix Expression

      This such a stupid move to go through a derivation example before introducing the language.

    10. Add the package to the file pkgs/top-level/all-packages.nix. The Nix expression written in the first step is a function; it requires other packages in order to build it. In this step you put it all together, i.e., you call the function with the right arguments to build the actual package.

      In addition to this rant, step 3. should be more generic, instead of tying it to Nixpkgs; at least, either show how to build your own Nix expression repo, or don't add this step, but it is not at all necessary to write a derivation. There is a Nixpkgs manual for a reason.

    11. $ nix-env -i firefox --substituters ssh://alice@avalon This works similar to the binary cache substituter that Nix usually uses, only using SSH instead of HTTP

      So a substitute is a built binary for a given derivation, and a substituter is a server (or binary cache) that serves pre-built binaries, right?

      Update: in the next line it says that "it will fall back to using the binary cache substituter", so I guess that answers it.

    12. substitute

      this is another key topic. Also:

      • substitute vs. substituter => this (I think)

      See annotations with the substitute tag

    13. When you ask Nix to install a package, it will first try to get it in pre-compiled form from a binary cache. By default, Nix will use the binary cache https://cache.nixos.org; it contains binaries for most packages in Nixpkgs. Only if no binary is available in the binary cache, Nix will build the package from source. So if nix-env -i subversion results in Nix building stuff from source, then either the package is not built for your platform by the Nixpkgs build servers, or your version of Nixpkgs is too old or too new.

      binary caches tie in with substitutes somehow; get to the bottom of it. See annotations with the substitute tag.

      Maybe this?

    14. closure

      Another gem: who knows what a "closure" is.

      [This highlight] (a couple lines below) implicitly explains it though:

      The command nix-copy-closure copies a Nix store path along with all its dependencies to or from another machine via the SSH protocol. It doesn’t copy store paths that are already present on the target machine.

      or this, also just a couple lines below:

      the closure of a store path (that is, the path and all its dependencies)

    15. the closure of a store path (that is, the path and all its dependencies)
    16. The command nix-copy-closure copies a Nix store path along with all its dependencies to or from another machine via the SSH protocol. It doesn’t copy store paths that are already present on the target machine. For example, the following command copies Firefox with all its dependencies:
    17. subscribes you to a channel that always contains that latest version of the Nix Packages collection.

      That is a misleading statement. The latest version is where the master branch points, isn't it?

      So a channel points to a Nixpkgs commit (on a branch named after the channel) where all packages inside are deemed stable, and all packages are built to have available binary substitutes by a (hydra) build farm.

    18. A Nix channel is just a URL that points to a place that contains a set of Nix expressions and a manifest.
    19. garbage collector roots

      Definitely avoid this, when a term is used but only introduced formally way later. (There is also a reference to "garbage collector roots" almost at the beginning as well.)

    20. $ nix-env --switch-profile /nix/var/nix/profiles/my-profile $ nix-env --switch-profile /nix/var/nix/profiles/default These commands switch to the my-profile and default profile, respectively. If the profile doesn’t exist, it will be created automatically.

      learn more about profiles; creating new profiles was new info

    21. Chapter 10. ProfilesProfiles and user environments are Nix’s mechanism for implementing the ability to allow different users to have different configurations, and to do atomic upgrades and rollbacks.
    22. user environment
    23. In Nix, different users can have different “views” on the set of installed applications. That is, there might be lots of applications present on the system (possibly in many different versions), but users can have a specific selection of those active — where “active” just means that it appears in a directory in the user’s PATH. Such a view on the set of installed applications is called a user environment, which is just a directory tree consisting of symlinks to the files of the active applications.
    24. nix-env -qas

      ... and it takes AGES to complete

    25. 4.3.1. Change the Nix store path prefix

      There is a lot of place in this manual (and probably in the others as well) where the prefix is referred to (usually with italics, such as "prefix/store"), so in the book

      • this should be linked to this section (or the one in the book), and

      • establish a clear and well-communicated notation to convey this

    26. At the same time, it is not possible for one user to inject a Trojan horse into a package that might be used by another user.
    27. Chapter 6. SecurityNix has two basic security models. First, it can be used in “single-user mode”, which is similar to what most other package management tools do: there is a single user (typically root) who performs all package management operations. All other users can then use the installed packages, but they cannot perform package management operations themselves.Alternatively, you can configure Nix in “multi-user mode”. In this model, all users can perform package management operations — for instance, every user can install software without requiring root privileges. Nix ensures that this is secure. For instance, it’s not possible for one user to overwrite a package used by another user with a Trojan horse.

      Would have been nice to link these to the install chapter where single- and multi-user modes were mentioned.

      How would this look in a topic-based documentation? I would think that his chapter would be listed in the pre-requisites, and it could be used to buld different reading paths (or assemblies in DocBook, I believe) such as practical, depth-first (if there are people like me who want to understand everything first), etc.

    28. reentrancy
    29. You can uninstall Nix simply by running: $ rm -rf /nix
    30. $ mkdir /nix $ chown alice /nix

      Traditionally, when a command should be invoked with sudo, it is either included in the example, or the shell indicator is # instead of $.

    31. To explicitly select a single-user installation on your system:

      It should be noted in this section also that since nix 2.1.0, single user install is the default.

    32. nix-shell '<nixpkgs>' -A pan

      What is happening here exactly?

      nix-shell's syntax synopsis always bugged because it looks like this

      SYNOPSIS
      nix-shell [--arg name value] [--argstr name value] [{--attr | -A} attrPath] [--command cmd] [--run cmd] [--exclude regexp] [--pure] [--keep name] {{--packages | -p} packages...  | [path]}
      

      and the canonical example is nix-shell '<nixpkgs>' -A pan; what tripped me up is that path is usually the first in examples, and I thought that the position of arguments are strict. As it turns out, nix-shell -A pan '<nixpkgs> is just as valid.

      Side note<br> Apparently there is no standard for man pages. See 1, 2.

      '<nixpkgs>' path is the one specified in the NIX_PATH environment variable, and -A pan looks up the pan attribute in pkgs/top-level/all-packages.nix in the Nixpkgs repo.

    33. since packages aren’t overwritten, the old versions are still there after an upgrade. This means that you can roll back to the old version:

      Wouldn't hurt to tell folks that this is a convenience layer, and one could also just use the old package from the /nix/store, even though that path would be long and obscure; one could use symlinks of course.

      Or, onc could just use nix-shell -p that specifies a specific version (that's already in the store), but, of course, it's not that simple...

      https://github.com/NixOS/nixpkgs/issues/9682

    1. A derivation from a Nix language view point is simply a set, with some attributes. Therefore you can pass the derivation around with variables like anything else.
    2. the single repository technique. The natural implementation in Nix is to create a top-level Nix expression, and one expression for each package. The top-level expression imports and combines all expressions in a giant attribute set with name -> package pairs. But isn't that heavy? It isn't, because Nix is a lazy language, it evaluates only what's needed! And that's why nixpkgs is able to maintain such a big software repository in a giant attribute set.

      This is the gist of how Nixpkgs works (and how it is organized).

    3. 17.3. Fixed point

      QUESTION: What is a fixed-point of a function?

      ANSWER: See this video) at least, and the Fixed-point (mathematics)) wikipedia article:

      In mathematics, a fixed point (sometimes shortened to fixpoint, also known as an invariant point) of a function is an element of the function's domain that is mapped to itself by the function. That is to say, c is a fixed point of the function f if f(c) = c. This means

      f(f(...f(c)...)) = f n(c) = c
      

      an important terminating consideration when recursively computing f. A set of fixed points is sometimes called a fixed set.

      For example, if f is defined on the real numbers by f(x)=x^{2}-3x+4,}, then 2 is a fixed point of f, because f(2) = 2.

      There is also the wiki article fixed-point combinator that actually plays a role here, but read through the articles in this order.

      Then dissect the Stackoverflow thread What is a Y combinator?, and pay attention to the comments! For example:

      According to Mike Vanier's description, your definition for Y is actually not a combinator because it's recursive. Under "Eliminating (most) explicit recursion (lazy version)" he has the lazy scheme equivalent of your C# code but explains in point 2: "It is not a combinator, because the Y in the body of the definition is a free variable which is only bound once the definition is complete..." I think the cool thing about Y-combinators is that they produce recursion by evaluating the fixed-point of a function. In this way, they don't need explicit recursion. – GrantJ Jul 18 '11 at 0:02

      (wut?)

      Other resources in no particular order:


      QUESTION: How the hell did they come up with the idea of using this with Nix and package management? (..and who? I remember a video saved somewhere, but maybe that was about overlays)


      QUESTION: ... and how does it work in this context?

      ANSWER: Well, not an answer yet, but this may be something in the right direction:

      http://blog.tpleyer.de/posts/2020-01-29-Nix-overlay-evaluation-example.html

    4. there's no ldconfig cache either. So where does bash find libc?

      QUESTION: What is ldconfig cache?

      QUESTION: What is libc and why does Bash need it?

    5. Derivations/packages are stored in the Nix store as follows: /nix/store/hash-name, where the hash uniquely identifies the derivation (this isn't quite true, it's a little more complex), and the name is the name of the derivation.

      QUESTION: So the Nix store houses derivations and not the built packages?

      QUESTION: Are the hashes in the Nix store not unique?

    6. In Nix there is the notion of a derivation rather than a package. The difference can be subtle at the beginning, so I will often use the words interchangeably.

      Doesn't really say anything but thought it important to highlight this first mention of derivations in the Nix Pills.

    7. From an administrator's point of view: you can use containers. The typical solution nowadays is to create a container per service, especially when different versions are needed. That somewhat solves the problem, but at a different level and with other drawbacks. For example, needing orchestration tools, setting up a shared cache of packages, and new machines to monitor rather than simple services.

      This is a very good pointer; I guess it refers to systemd services when it mentions "simple services".

    1. Specifying a name and a src is the absolute minimum Nix requires.

      Didn't they mean what mkDerivation requires?

      I have been jumping around in this manual, so not sure about what arguments does derivation require.

    2. For convenience, you can also use pname and version attributes and mkDerivation will automatically set name to "${pname}-${version}" by default.

      The error messages are not helpful when one messes up the input attribute set ofmkDerivation (i.e., either name, or pname and version attributes have to be present); see Nixpkgs issue #113520.

    3. 6.1. Using stdenv
    4. fetchpatch works very similarly to fetchurl with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.
    5. 19.3. Submitting security fixes Security fixes are submitted in the same way as other changes and thus the same guidelines apply. If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. CVE-2019-13636.patch in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.: (fetchpatch { name = "CVE-2019-11068.patch"; url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch"; sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8"; }) If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch. Critical security fixes may by-pass the staging branches and be delivered directly to release branches such as master and release-*.
    6. 18.6. Patches Patches available online should be retrieved using fetchpatch. patches = [ (fetchpatch { name = "fix-check-for-using-shared-freetype-lib.patch"; url = "http://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=8f5d285"; sha256 = "1f0k043rng7f0rfl9hhb89qzvvksqmkrikmm38p61yfx51l325xr"; }) ];

      ... and from Chapter 11:

      fetchpatch works very similarly to fetchurl with the same arguments expected. It expects patch files as a source and and performs normalization on them before computing the checksum. For example it will remove comments or other unstable parts that are sometimes added by version control systems and can change over time.

      ... and also adding highlight of 19.3. Submitting security fixes

      because these are the only places I've seen fetchpatch mentioned.

      From the wild in freeswitch/default.nix in Nixpkgs:

      stdenv.mkDerivation rec {
        pname = "freeswitch";
        version = "1.10.5";
        src = fetchFromGitHub {
          owner = "signalwire";
          repo = pname;
          rev = "v${version}";
          sha256 = "18dhyb19k28dcm1i8mhqvvgm2phsrmrwyjmfn79glk8pdlalvcha";
        };
      
        patches = [
          # https://github.com/signalwire/freeswitch/pull/812 fix mod_spandsp, mod_gsmopen build, drop when updating from 1.10.5
          (fetchpatch {
            url = "https://github.com/signalwire/freeswitch/commit/51fba83ed3ed2d9753d8e6b13e13001aca50b493.patch";
            sha256 = "0h2bmifsyyasxjka3pczbmqym1chvz91fmb589njrdbwpkjyvqh3";
          })
        ];
        postPatch = ''
          patchShebangs     libs/libvpx/build/make/rtcd.pl
          substituteInPlace libs/libvpx/build/make/configure.sh \
            --replace AS=\''${AS} AS=yasm
      
          # Disable advertisement banners
          for f in src/include/cc.h libs/esl/src/include/cc.h; do
            {
              echo 'const char *cc = "";'
              echo 'const char *cc_s = "";'
            } > $f
          done
        '';
      
    7. 6.5. Phases

      Not sure why this isn't called build phases... See also.

    1. nix-channel --list #<output> nixpkgs https://nixos.org/channels/nixpkgs-unstable The command returns a name for each channel (e.g., nixpkgs) and an URL. Note When running nix-env with the parameter -A, one can select the channel to get the package from. Such a command looks like nix-env -iA channelname.packagename.

      Instead of #<output> it should have said channel-name instead at the top nix-channel example to keep it consistent.

    2. However, using channels is not fully reproducible, as a channel may evolve to incorporate updates.

      TODO: Find other sources about this topic. I remember this mentioned already (and it makes) sense, but need to learn more.

      TODO: What is a better alternative? An own repo? Flakes? Can cachix help?

      It says right below that pinning can help but keep looking.

      When package reproducibility become a major concern, as it is the case in this tutorial, it is preferable to refer to a pinned version of the nixpkgs repository instead — i.e, a specific commit of the repository or an immutable archived tarball. The ability to pin the version of nixpkgs is powerful, it will ensure that a package is always constructed from the same Nix source. As we go deeper in the tutorial we avoid using channels in favor of pinned environments.

    3. However, it makes the “Making the package available to the user” more complex. Nix heavily relies on environment variables to make this possible

      And symlinks

    1. example: get an environment which is used to build irssi (also see nix-shell) $ nix-build $NIXPKGS --run-env -A irssi example: get a persistent environment which is used to build irssi $ nix-build $NIXPKGS --run-env -A irssi --add-root

      nix-build <path> --run-env has been superseded by nix-shell. From Nix manual section C.12. Release 1.6 (2013-09-10):

      The command nix-build --run-env has been renamed to nix-shell.

    2. git clone --depth=1 https://github.com/nixos/nixpkgs

      i should remember this to only get last commit, which basically means to only care about the data, and discard commit history.

    1. NIX_PATHA colon-separated list of directories used to look up Nix expressions enclosed in angle brackets (i.e., <path>). For instance, the value

      It would be helpful to

      1. formally describe the formats for NIXPATH, and
      2. note the allowed angle bracket syntax accordingly

      <path> will work with the prefixless format, but not with the prefixed one, and it may be helpful to spell this out explicitly.

      0 [14:16:19] nix repl
      Welcome to Nix version 2.3.10. Type :? for help.
      
      nix-repl> :l <nixpkgs/doc>  
      Added 40 variables.
      
      nix-repl> :l <doc>
      error: file 'doc' was not found in the Nix search path (add it using $NIX_PATH or -I)
      

      I always saw a NIXPATH used with the prefix syntax so far:

      $ echo $NIX_PATH
      nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root
      

      but NIX_PATH documentation shows that the prefixless format is also valid.

      $ export NIX_PATH=/home/toraritte:/nix/var/nix/profiles/per-user/root/channels/nixos
      
      $ printenv NIX_PATH
      /home/toraritte:/nix/var/nix/profiles/per-user/root/channels/nixos
      
      $ nix repl
      Welcome to Nix version 2.3.10. Type :? for help.
      
      nix-repl> :l <nixpkgs>
      Added 12439 variables.
      
  5. Dec 2020
    1. Several commands (RSET, DATA, QUIT) are specified as not permitting parameters.

      That is, they don't accept options, only data arguments. E.g., DATA's argument is the RFC 822 message format with headers and message body.

    2. The model for this is that distinct buffers are provided to hold the types of data objects; that is, there is a reverse-path buffer, a forward-path buffer, and a mail data buffer.

      !

    3. 2.3.1. Mail Objects SMTP transports a mail object. A mail object contains an envelope and content. The SMTP envelope is sent as a series of SMTP protocol units (described in Section 3). It consists of an originator address (to Klensin Standards Track [Page 11] RFC 5321 SMTP October 2008 which error reports should be directed), one or more recipient addresses, and optional protocol extension material

      The SMTP envelope is sent as a series of SMTP protocol units (described in Section 3). It consists of

      • an originator address (to which error reports should be directed),

      MAIL FROM that refers to the originator (a.k.a., reverse path, backward-pointing address) of the request

      • one or more recipient addresses,

      Multiple RCPT TO for each "to:" rfc822 message header in the mail data (see annotation)

      • and optional protocol extension material.

      DATA (see below)


      (See also envelope-vs-mail tags.)

    4. The third step in the procedure is the DATA command (or some alternative specified in a service extension). DATA <CRLF>

      Third part of the envelope: DATA.

    5. When the RFC 822 format ([28], [4]) is being used, the mail data include the header fields such as those named Date, Subject, To, Cc, and From.

      This just answered my question regarding the quote from "Postfix: The Definitive Guide":

      ENVELOPE ADDRESSES AND MESSAGE HEADERS A common source of confusion for email users is the fact that the To: address in email message headers has nothing to do with where a message is actually delivered. The envelope address controls message delivery. In practice, when you compose a message and provide your MUA with a To: address, your MUA uses that same address as the envelope destination address, but this is not required nor is it always the case. From the MTA’s point of view, message headers are part of the content of an email message. The delivery of a message is determined by the addresses specified during the SMTP conversation. These addresses are the envelope addresses , and they are the only thing that determine where messages go. See Section 2.2.8 later in the chapter for an explanation of the SMTP protocol.

      Mailing lists and spam are common examples of when the envelope destination address differs from the To: address of the message headers.

      Also an answer to this question.

    6. An SMTP-capable host SHOULD support both the alias and the list models of address expansion for multiple delivery. When a message is delivered or forwarded to each address of an expanded list form, the return address in the envelope ("MAIL FROM:") MUST be changed to be the address of a person or other entity who administers the list. However, in this case, the message header section (RFC 5322 [4]) MUST be left unchanged; in particular, the "From" field of the header section is unaffected.

      Another section that serves well to understand the difference between email data and SMTP envelope.

    7. To expand an alias, the recipient mailer simply replaces the pseudo- mailbox address in the envelope with each of the expanded addresses in turn; the rest of the envelope and the message body are left unchanged. The message is then delivered or forwarded to each expanded address.

      This annotation explains what this paragraph means and dispels my confusion regarding how 3mails with multiple recipients will get processed (also, SMTP envelope vs mail data).

      MS Outlook's "distribution list" is the same as an rfc5321 alias.

    8. The return (backward-pointing) address in the envelope is changed so that all error messages generated by the final deliveries will be returned to a list administrator, not to the message originator, who generally has no control over the contents of the list and will typically find error messages annoying.
      1. This the only difference between an SMTP alias and list; expanding recipients to RCPT commands is the same.
      1. Another great example to highlight the difference between SMTP envelope and mail data: the envelope's MAIL FROM (see annotation) is different from to the mail data's rfc822 From:.
    9. If the Klensin Standards Track [Page 19] RFC 5321 SMTP October 2008 recipient is known not to be a deliverable address, the SMTP server returns a 550 reply, typically with a string such as "no such user - " and the mailbox name (other circumstances and reply codes are possible).

      Will the entire transaction be canceled? "Transaction" in the name of this a section implies yes, but what if all the recipients are valid?

      See replies below but the answer is no; an RCPT command is specified for each recipient in the mail data, these RCPT commands will be evaluated in sequence,, and any SMTP (error) notifications will be sent to the address in the MAIL FROM command (which is not necessarily the same as the mail data's From: header).

    10. There exist mailing lists that perform additional, sometimes extensive, modifications to a message and its envelope. Such mailing lists need to be viewed as full MUAs, which accept a delivery and post a new message.

      I guess Mailman would qualify (e.g., Reply-to header munging)

    11. the reverse-path (originator) address specification command (MAIL)

      Sometimes "reverse path" or "originator" address is also referred to "backward-pointing" address (and those instances also refer to the MAIL command mostly).

    12. The second step in the procedure is the RCPT command. This step of the procedure can be repeated any number of times.

      This step of the procedure can be repeated any number of times. !

      So the section

      3.9.1. Alias

      To expand an alias, the recipient mailer simply replaces the pseudo-mailbox address in the envelope with each of the expanded addresses in turn; the rest of the envelope and the message body are left unchanged. The message is then delivered or forwarded to each expanded address.

      means that for each "to:" rfc822 message header in the mail data (i.e., SMTP envelope's DATA) a RCPT TO command will be added.

    13. An important mail facility is a mechanism for multi-destination delivery of a single message, by transforming (or "expanding" or "exploding") a pseudo-mailbox address into a list of destination mailbox addresses.

      So this section describes how distribution list addresses or mailing list addresses are expanded into individual email addresses of the members of those lists, and not how emails are delivered to multiple addresses when more than one recipient is specified in a MUA.

    14. 2yz
    15. However, in practice, some servers do not perform recipient verification until after the message text is received. These servers SHOULD treat a failure for one or more recipients as a "subsequent failure" and return a mail message as discussed in Section 6 and, in particular, in Section 6.1. Using a "550 mailbox not found" (or equivalent) reply code after the data are accepted makes it difficult or impossible for the client to determine which recipients failed.

      Seems relevant for the question above.

    16. If the verb is initially accepted and the 354 reply issued, the DATA command should fail only if the mail transaction was incomplete (for example, no recipients),

      How could this specific scenario be even possible? It just said in the previous paragraph that

      If there was no MAIL, or no RCPT, command, or all such commands were rejected, the server MAY return a "command out of sequence" (503) or "no valid recipients" (554) reply in response to the DATA command.

    17. 5yz

      This was unexpected; why wasn't the canonical format (i.e., 5xx) used instead?

    18. Since it has been a common source of errors, it is worth noting that spaces are not permitted on either side of the colon following FROM in the MAIL command or TO in the RCPT command. The syntax is exactly as given above.

      !

    19. Similarly, servers MAY decline to accept mail that is destined for other hosts or systems.

      For a personal mail server, this sounds like a reasonable advice to follow.

    20. An SMTP session is initiated when a client opens a connection to a server and the server responds with an opening message.

      Is SMTP stateless or stateful? See thread above.

    21. However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged.

      What does this mean? Then what is the point of preserving the case if one can't act on it?

    22. Verbs and argument values (e.g., "TO:" or "to:" in the RCPT command and extension name keywords) are not case sensitive, with the sole exception in this specification of a mailbox local-part (SMTP Extensions may explicitly specify case-sensitive elements). That is, a command verb, an argument value other than a mailbox local-part, and free form text MAY be encoded in upper case, lower case, or any mixture of upper and lower case with no impact on its meaning. The local-part of a mailbox MUST BE treated as case sensitive.

      The local-part of a mailbox MUST BE treated as case sensitive.

      Meaning that email addresses are case sensitive (the part before @, that is).

    23. The terms "message content" and "mail data" are used interchangeably in this document to describe the material transmitted after the DATA command is accepted and before the end of data indication is transmitted.

      The terms "message content" and "mail are used interchangeably

    24. RFC 3463 [25], specifies further structuring of the reply strings, including the use of supplemental and more specific completion codes (see also RFC 5248 [26]).

      To-do: look at the mentioned RFCs.

    25. SMTP sessions are stateful

      SMTP is stateless but SMTP sessions (just as HTTP/HTTPS sessions) are stateful.

    26. CNAME RR

      RR - resource record

    27. The means by which an SMTP client, once it has determined a target domain, determines the identity of an SMTP server to which a copy of a message is to be transferred, and then performs that transfer, is covered by this document. To effect a mail transfer to an SMTP server, an SMTP client establishes a two-way transmission channel to that SMTP server. An SMTP client determines the address of an appropriate host running an SMTP server by resolving a destination domain name to either an intermediate Mail eXchanger host or a final target host.

      What does "SMTP client" refer to in this context? A MUA?

    28. However, RFC 821 specifies some features that were not in significant use in the Internet by the mid-1990s and (in appendices) some additional transport models. Those sections are omitted here in the interest of clarity and brevity; readers needing them should refer to RFC 821.

      Important?

    1. CNAME A <domain-name> which specifies the canonical or primary name for the owner. The owner name is an alias.

      The second sentence ruins understanding this definition for me. Does this mean that CNAME is basically an alias, but it is the highest priority one (hence the designation "primary")?

  6. Nov 2020
    1. performs fully automated deployment. This is a good thing because it ensures that deployments are reproducible.It performs provisioning.

      What is the difference between provisioning and deployment?

    2. missing virtual machines

      Typo? Missing -> spinning

  7. Oct 2020
    1. HTTP CLIENT SERVICE START/STOP An HTTP client can be configured to start when starting the Inets application or started dynamically in runtime by calling the Inets application API inets:start(httpc, ServiceConfig) or inets:start(httpc, ServiceConfig, How), see inets(3). The configuration options are as follows: {profile, profile()} Name of the profile, see DATA TYPES. This option is mandatory. {data_dir, path()} Directory where the profile can save persistent data. If omitted, all cookies are treated as session cookies. The client can be stopped using inets:stop(httpc, Pid) or inets:stop(httpc, Profile).

      inets:start() will automatically start the httpc service also!

      https://stackoverflow.com/a/64212985/1498178

    2. profile() = atom()

      This should be profile() = default | atom() because the httpc service is automatically started with the default profile (called default) when inets is started.

      See also How to get more information about error when starting Inets httpd?

    1. The HTTP client default profile is started when the Inets application is started and is then available to all processes on that Erlang node.
  8. Aug 2020
    1. Commonly the above definition is called the identity function. But in fact we should think of it as a whole family of functions. We should really say that id is an identity function for all types a. In other words, for every type T you might come up with, there is an identity function called id, which is of type T -> T. This is the type-checker’s view anyway, and by turning on the RankNTypes extension we can be explicit about that in our code: {-# LANGUAGE RankNTypes #-} id :: forall a. a -> a id x = x

      This is such a nice description of forall. It should be combined with forall is the type-level "lambda" (also saved it here).

    2. Now it is much clearer that id is really a family of infinitely many functions. It is fair to say that it is an abstract function (as opposed to a concrete one), because its type abstracts over the type variable a. The common and proper mathematical wording is that the type is universally quantified (or often just quantified) over a.

      This was very neatly put, and forall above is also spot on.

    3. It also adds safety through a property called parametricity. If we pretend that there are no infinite loops or exceptions (it’s okay to do that, so we will do it throughout this article), then the function is actually fully determined by its type. In other words, if we see the type a -> a, we know that the corresponding value must be the identity function.

      If this would be the first time I came across parametricity, I wouldn't understand what it means.

      https://en.wikipedia.org/wiki/Parametricity

      In programming language theory, parametricity is an abstract uniformity property enjoyed by parametrically polymorphic functions, which captures the intuition that all instances of a polymorphic function act the same way.

      That is, a function with the type signature a -> a has only one implementation: it can only return its input. In a similar fashion, a -> b -> a will only return the first argument and ignore the second. And so on.

    4. In other words you cannot choose the definition of a value based on its type (for now).

      What does this mean?

    1. and so rows cannot exist as a value.

      From Turning a map of data constructors into a row type (purescript discourse):

      rows don’t have corresponding values, they only exist at the type level. If you do only purely want a row and not something like a Variant result you could return a proxy though.

    1. Quantified Types

      My main issue with this book is that the difficulty is exponentially increasing, and by "keeping it simple" (i.e., trying to use simple terms) it is even harder to do a proper research.

      For example:

      1. The name of this chapter

      This chapter should have been called Explicitly quantified type or Explicit universal quantification as it is too general as is, and doing a search to get to know more when someone has no formal/previous functional programming background, makes very hard.

      Most importantly though, even if Haskell not mentioned, the word "explicit" would have been important.

      It is also more about generic parameters than about quantification itself, and forall is kind of introduced but it is totally misleading.

      2. forall

      The post “forall” is the type-level “lambda” (saved) is the best, most succinct explanation of forall that I ever found. Unfortunately not before going down the rabbit hole.. (See links below.) One still needs to know about

      • typeclasses
      • generic parameters
      • constraints
      • what pragmas are but after that, it is straightforward.

      (Jordan's Reference section on forall also doesn't help much.)

      forall is also mandatory in PureScript (which is also not mentioned when introducing it), and I believe a comparison (the way the above post did) with Haskell is important, but at the right time. At least Jordan's Reference tries to put it off until later, but still before explaining concepts required to understand it.

      3. The "rabbit hole" links

      These are all good resources, but not for uninitiated mortals, and at a lower level (such as where I am now) they raise more questions than answers.

    1. # Build a developer-level executable file spago bundle-app --main Module.Path.To.Main --to dist/index.js node dist/index.js # Build a production-level Node-backend file via Parcel spago bundle-app --main Module.Path.To.Main --to dist/bundle-output.js parcel build dist/bundle-output.js --target "node" -o app.js

      These are the spago equivalents for pulp browserify I guess.

    2. spago build --watch --clear-screen

      Is this the same as pscid?

    1. builtins.attrValues set

      TODO: Is this the same as lib.attrsets.attrValues in nixpkgs?

    2. builtins.elem x xsReturn true if a value equal to x occurs in the list xs, and false otherwise.

      equalElem or eqElem would have been more fortunate. In this form I would believe that it does what builtins.elemAt does.

    3. baseNameOf sReturn the base name of the string s, that is, everything following the final slash in the string. This is similar to the GNU basename command.

      works both on strings and paths

    4. String Concatenation string1 + string2 leftString concatenation.
    1. 5.1.2.6. lib.attrsets.attrValuesattrValues :: AttrSet -> [Any]

      TODO Is this an alias to builtins.attrValues?

    2. type Option type, providing type-checking and value merging.

      This is vague to the point of being useless, given the Nix expression language is untyped.

      A snippet from freeswitch.nix:

            configTemplate = mkOption {
              type = types.path;
              # omitted
            };
            configDir = mkOption {
              type = with types; attrsOf path;
              # omitted
            };
      
      • Where does types come from?

        See NixOS manual at "Option types".

      • What is the difference between the path types? (I guess, the second one is attribute set consisting only of paths.)

    3. TODO: document lib.mkIf

      Found a description in the NixOS manual:

      The special function mkIf causes the evaluation of the conditional to be “pushed down” into the individual definitions, as if you had written:

      config = {
        environment.systemPackages = if
      config.services.httpd.enable then [ ... ] else [];
        ...
      };
      
    4. TODO: document lib.mkDefault

      Not mentioned in any of the manuals (i.e., nix, nixpkgs, NixOS), only the NixOS options page has 1 mention:

      Some promising search result (in the order of relevance):


      From source:

        mkOverride = priority: content:
          { _type = "override";
            inherit priority content;
          };
      
        mkDefault = mkOverride 1000; # used in config sections of non-user modules to set a default
      

      It seems that all the mkOverride calls set up a priority for certain actions.

    5. 5.1.7. NixOS / nixpkgs option handling

      What is an option?

      From the link below to the source, it's just an attribute set with all the function parameters (see below) plus a _type attribute name to allow for type level operations (because Nix is untyped).

        mkOption =
          {
          # Default value used when no definition is given in the configuration.
          default ? null,
          # Textual representation of the default, for the manual.
          defaultText ? null,
          # Example value used in the manual.
          example ? null,
          # String describing the option.
          description ? null,
          # Related packages used in the manual (see `genRelatedPackages` in ../nixos/lib/make-options-doc/default.nix).
          relatedPackages ? null,
          # Option type, providing type-checking and value merging.
          type ? null,
          # Function that converts the option value to something else.
          apply ? null,
          # Whether the option is for NixOS developers only.
          internal ? null,
          # Whether the option shows up in the manual.
          visible ? null,
          # Whether the option can be set only once
          readOnly ? null,
          # Deprecated, used by types.optionSet.
          options ? null
          } @ attrs:
          attrs // { _type = "option"; };
      

      How does it fit in a big scheme of things?

      ?

    6. 5.1.2.25. lib.attrsets.recursiveUpdateUntil

      If there is recursiveUpdateUntil (i.e., mergeUntil) then mergeWith would also be welcome.

    7. 5.1.2.26. lib.attrsets.recursiveUpdaterecursiveUpdate :: AttrSet -> AttrSet -> AttrSet

      Would be nice to have an alias called merge.

    8. String -> Any -> { name = String; value = Any }

      Fix: add semicolon after last Any. (same above in the main type signature)

    9. mapAttrsToList :: (String -> Any -> Any) -> AttrSet -> Any Located at lib/attrsets.nix:233 in <nixpkgs>. Call fn for each attribute in the given set and return the result in a list.

      So the type signature

      (String -> Any -> Any) -> AttrSet -> Any
                                           ^^^
      

      should be

      
      (String -> Any -> Any) -> AttrSet -> List
                                           ^^^^
      

      instead, right?

    10. 5.1.2.11. lib.attrsets.collectcollect :: (Any -> Bool) -> AttrSet -> [Any]
    11. 5.1.2.7. lib.attrsets.catAttrscatAttrs :: String -> [AttrSet] -> [Any] Located at lib/attrsets.nix:113 in <nixpkgs>. Collect each attribute named `attr' from the list of attribute sets, sets.

      Then why not call it collectVals?... (Following the distinctive naming convention between lib.attrsets.attrVals and lib.attrsets.attrValues.)

      Especially because there is lib.attrsets.collect:

      catAttrs :: String -> [AttrSet] -> [Any]
      collect :: (Any -> Bool) -> AttrSet -> [Any]
      

      (Call it filterVals? There are filterAttrs* functions but those return an attribute set, so no collision.)

    12. Attribute-Set

      This should read "Attribute Set Functions". Nowhere else is attribute sets spelled as "attribute-set".

      edit: Alright, "attribute-set" is used in total of 4 times, whereas "attribute set" is used 112 times.

    1. > (square: (x: y: square x + square y) 3 7) (x: x*x)58

      This can be written up in many other forms, plus the possibility of currying deserves to be pointed out:

      $ nix repl
      nix-repl> (sq: (x: y: sq y + sq x) 2 7) (x: x*x)
      53
      
      nix-repl> (sq: (x: y: sq y + sq x)) (x: x*x)     
      «lambda @ (string):1:11»
      
      nix-repl> (sq: (x: y: sq y + sq x)) (x: x*x) 2
      «lambda @ (string):1:14»
      
      nix-repl> (sq: (x: y: sq y + sq x)) (x: x*x) 2 7
      53
      
      nix-repl> (sq: x: y: sq y + sq x) (x: x*x) 2 7   
      53
      
  9. Jul 2020
    1. The keys will be copied to the heap for the process calling get/0, but the values will not.

      What does this mean?

    1. If the run-time dependencies were shared across all applications depending on the same rebar.config file,

      This sentence is straightforward but I only understood it just now.

      rebar.config can specify the dependencies of all the applications in the umbrella project, but they are not necessarily run-time dependencies. Also, the relx example from the rebar.config above shows how to include an app/lib (in this case, recon) in the final production release, even if it is not a run-time dependency.

      This guide also expands on it a paragraph below:

      The Rebar3 maintainers therefore just decided to keep a clear distinction between the applications that need fetching for the project to build or run (in rebar.config), and the run-time dependencies of each OTP application (in the .app file) which may be part of the default OTP install, and would therefore not be included in rebar.config. Other build tools in the ecosystem let you achieve similar results, but they default to including everything at run-time whereas Rebar3 asks of developers to always be specific in their intent.

    1. mark the workers as permanent or transient, so that if they fail they get restarted

      restart defines when a terminated child process must be restarted.

      • A permanent child process is always restarted.
      • A temporary child process is never restarted (even when the supervisor's restart strategy is rest_for_one or one_for_all and a sibling's death causes the temporary process to be terminated).
      • A transient child process is restarted only if it terminates abnormally, that is, with another exit reason than normal, shutdown, or {shutdown,Term}. https://erlang.org/doc/man/supervisor.html
    1. The most commonly supported tool for this is kerl. Kerl is a wrapper around downloading, compiling, and loading various Erlang/OTP versions on a single system, and will abstract away most annoying operations.
    1. prevent its disclosure to any person not authorized to create the subscriber's digital signature

      So the signature can be used by another entity to create the digital signature if authorized beforehand.

      So if there is a statement that "I authorize [organization] to create a cryptographic key-pair on my behalf, and create the digital signature."

  10. Jun 2020
    1. fetchgit Used with Git. Expects url to a Git repo, rev, and sha256. rev in this case can be full the git commit id (SHA1 hash) or a tag name like refs/tags/v1.0.

      Not only is there no fetchgit (the right one is fetchGit), but there is also no sha256 argument.

      Backtracking: Got to IRC log https://logs.nix.samueldr.com/nixos/2018-08-14 (save on archive.org), search for Unsupported argument 'sha256' to 'fetchGit' (or part of it), and an answer will point to:<br> https://github.com/NixOS/nix/blob/master/src/libexpr/primops/fetchGit.cc#L198-L215

      We are again back to trying things out on hearsay.


      In the home-manager NixOS wiki it also shows a ref argument to fetchGit but it is not documented anywhere. Yay. Anyway, it works without it too.

    1. Why is Nix written in C++ rather than a functional language like Haskell?[ ] Mainly because Nix is intended to be lightweight, easy to learn and portable (zero dependencies). Since 24. April 2017 thanks to Shea Levy and the crowdfunding of 54 community members, nix does not have Perl as dependency anymore.

      There is hnix that is still actively developed (as of 2020/06/21).

    1. Basic Install environment.systemPackages = with pkgs; [ vim ]; or environment.systemPackages = with pkgs; [ vim_configurable ];

      What is the difference between the vim and vim_configurable packages?

      I believe the source for the latter is here.

    1. The easiest way I've found to manage that is to copy hardware-configuration.nix and a minimal version of configuration.nix and import it into the NixOps config for the corresponding machine. (I keep them in a git submodule, but keeping them in the same repo could also make sense.) 1 Pick your reaction

      If I understood it correctly, take the hardware-configration.nix from the target machine, and put it into the NixOps config.

      Also relevant: Minimal NixOS config for Nixops deployment (discourse)

  11. docs.microsoft.com docs.microsoft.com
    1. az disk revoke-access Revoke a resource's read access to a managed disk.

      Here's why it's important to revoke access (rom Upload a VHD to Azure or copy a managed disk to another region - Azure PowerShell):

      After the upload is complete, and you no longer need to write any more data to the disk, revoke the SAS. Revoking the SAS will change the state of the managed disk and allow you to attach the disk to a VM.

    1. Install the latest version of NixOps. $ nix-env -i nixops

      ... or list it in environment.systemPackages in /etc/nixos/configuration.nix, and nixos-rebuild switch.

    1. extraUsers

      extraUsers have been renamed to users. See related commits.

    2. boot.initrd.luks.devices = [ { name = "root"; device = "/dev/nvme0n1p2"; preLVM = true; } ];

      This will still work on 20.03 but will show a warning as name = "root"; is deprecated, and luksroot should be used instead (see boot.initrd.luks.devices NixOS option) .

      boot.initd.luks.devices = {
        luksroot = {
          device = "/nev/sda2";
          preLVM = true;
        };
      };
      
    3. # cryptsetup luksFormat $LVM_PARTITION

      Got a warning here but it seems to be safe to ignore.

      WARNING: Locking directory /run/cryptsetup is missing!
      
    4. Networking

      This didn't work out of the box, therefore worth looking at the Arch linux wpa_supplicant docs.

      wpa_cli also wouldn't work, and needed to make sure that I had the right SSID so this link is also helpful to list available wifi networks.

    5. Note that from here on in we’ll be in root prompts the whole time. The NixOS install environment helpfully drops you in a shell with root logged in.

      On 20.03 install drops users to a non-privileged terminal so sudo su has to be entered to become root. (Otherwise the first steps in "Networking" will fail immediately.)

      Saving this here for posterity: https://stackoverflow.com/questions/55191125/cant-seem-to-get-sudo-working-under-nixos

  12. May 2020
    1. In OTP 22 we introduced the new experimental socket API. The idea behind this API is to have a stable intermediary API that can be used to create features that are not part of the higher-level gen_* APIs. We have now come one step further in our plan to replace the inet driver by making it possible to use the gen_tcp API with socket as an optional back-end. To make it easy to test with existing code using gen_tcp a new option {inet_backend, socket | inet} can be used to select the socket implementation instead of the default inet implementation.

      Q1: So inet and socket are competing socket implementations then?

      Q2: inets is higher level abstraction layer on top of inet? (Just as HTTP is higher level than transport protocols.)

      Q3 (corollary of Q1 and Q2): inets could be then rewritten to use socket instead? (And used just like gen_tcp with the inet_backend option?)

  13. Apr 2020
    1. hypermedia

      Hypertext is text which contains links to other texts. The term was coined by Ted Nelson around 1965 (see History ).

      HyperMedia is a term used for hypertext which is not constrained to be text: it can include graphics, video and sound , for example. Apparently Ted Nelson was the first to use this term too. https://www.w3.org/WhatIs.html

      Most Web navigation is done by clicking text-based links that open new pages in a Web browser. These links, which are often blue and underlined, are referred to as hypertext, since they allow the user to jump from page to page. Hypermedia is an extension of hypertext that allows images, movies, and Flash animations to be linked to other content.

      The most common type of hypermedia is an image link. Photos or graphics on the Web are often linked to other pages. For example, clicking a small "thumbnail" image may open a larger version of the picture in a new window. Clicking a promotional graphic may direct you to an advertiser's website. Flash animations and videos can also be turned into hyperlinks by embedding one or more links that appear during playback. https://techterms.com/definition/hypermedia

      See also hypermedia tags in hypothes.is

    1. If we refer to the CAP theorem, Mnesia sits on the CP side, rather than the AP side, meaning that it won't do eventual consistency, will react rather badly to netsplits in some cases, but will give you strong consistency guarantees if you expect the network to be reliable (and you sometimes shouldn't).

      We start out with the TL;DR treatise: The mnesia database is not CP, nor AP. And it cannot be CA, because CA doesn’t make any meaningful sense. In short, it is broken with respect to the CAP theorem. https://medium.com/@jlouis666/mnesia-and-cap-d2673a92850

    1. nix path-info shows information about store paths, replacing nix-store -q. A useful feature is the option --closure-size (-S). For example, the following command show the closure sizes of every path in the current NixOS system closure, sorted by size: nix path-info -rS /run/current-system | sort -nk2

      The Nixpkgs pull request template has a checkbox "Determined the impact on package closure size (by running nix path-info -S before and after)" but there is only 4 instances of path-info in the Nix manual (and none in the Nixpkgs manual).

      nix --help says

      path-info        query information about store paths
      

      so the command works at the bottom but what switches are available for example? From the examples, -r and -S is valid but where are they documented?

      nix path-info -rS $(readlink -f $(which vim))

    1. Applicative order versus normal order According to the description of evaluation given in 1.1.3, the interpreter first evaluates the operator and operands and then applies the resulting procedure to the resulting arguments. This is not the only way to perform evaluation. An alternative evaluation model would not evaluate the operands until their values were needed. Instead it would first substitute operand expressions for parameters until it obtained an expression involving only primitive operators, and would then perform the evaluation.

      Applicative-order and normal-order evaluation sound like synonyms to eager/strict versus _lazy_evaluation strategies respectively, but there are differences:

      The bottom line seems to be that

      • strict/eager = normal order
      • lazy ~= applicative BUT all terms are evaluated at most once
    1. recursion equations

      Does this refer to recurrence relations?

      Not much found for recursion equations, and those seem to suggest the two terms are interchangeable. However: Recurrence vs Recursive

      See wikipedia on recurrence relation also.

    1. Thus, programs must be written for people to read, and only incidentally for machines to execute.
    1. Each breakthrough in hardware technology leads to more massive programming enterprises, new organizational principles, and an enrichment of abstract models. Every reader should ask himself periodically “Toward what end, toward what end?”—but do not ask it too often lest you pass up the fun of programming for the constipation of bittersweet philosophy.
    2. The source of the exhilaration associated with computer programming is the continual unfolding within the mind and on the computer of mechanisms expressed as programs and the explosion of perception they generate. If art interprets our dreams, the computer executes them in the guise of programs!
    1. Origin servers SHOULD NOT fold multiple Set-Cookie header fields into a single header field. The usual mechanism for folding HTTP headers fields (i.e., as defined in [RFC2616]) might change the semantics of the Set-Cookie header field because the %x2C (",") character is used by Set-Cookie in a way that conflicts with such folding.

      "Fold" should be replaced with "combine" to make this paragraph consistent with the HTTP/1 specs (RFC 2616, RFC 7230).

      https://www.rfc-editor.org/errata/eid6093 https://stackoverflow.com/questions/3241326/

    1. api-version A query string parameter, indicating the API version for the IMDS endpoint. Please use API version 2018-02-01 or greater.

      Couldn't find where the exhaustive list of API versions are listed, but found this on the Azure Instance Metadata Service (aka IMDS) page:

      2017-04-02, 2017-08-01, 2017-12-01, 2018-02-01, 2018-04-02, 2018-10-01, 2019-02-01, 2019-03-11, 2019-04-30, 2019-06-01, 2019-06-04, 2019-08-01, 2019-08-15

      Also:

      The version 2019-11-01 is currently getting deployed and may not be available in all regions.

  14. Mar 2020
    1. Voltage is the pressure from an electrical circuit's power source that pushes charged electrons (current) through a conducting loop, enabling them to do work such as illuminating a light.

      This is by far the best explanation I found.

  15. Nov 2019
    1. name = "vim-with-plugins";

      How does one find what vim packages are available? (That nix vim-derivations/attributes, such as vimHugeX)

    2. { packageOverrides = pkgs: rec { foo = pkgs.foo.override { ... }; }; }

      Why is rec needed here, and not in the example under 2.6.1?

      Based on what I saw with other examples, rec is usually included when a_package.override is used inside packageOverrides. But why?

    1. 3. Deployment as Memory Management

      The entire chapter 3 is worth reading. Great resource on what a package (or more broadly, a component) is in regards to Nix.

      Specifically "3.1 What is a component?"

    1. packages

      There is no officially prescribed reading order of the Nix manuals, but it's safe to say that one should start this, the Nix manual. Then it would be prudent to briefly describe what a package is in the context of Nix and/or (at east) link to the definition.

      I like how Dolstra's thesis has an entire section on the topic (that is, on the more general concept of components).

    2. You can have multiple versions or variants of a package installed at the same time.

      It is clear now that there can be multiple versions of the same package in the store, but how does one call them (e.g., if is an executable application)? Simply by using the full Nix store path (and create and manage one's own symlinks, with stow or manually)??

    1. haskell-overridez is a tool and library of nix functions that simplify the use of overrides while developing haskell projects with nixpkgs.

  16. Oct 2019
    1. fixed-point

      "fixed-point", "fix point" seems to be most important concept in Nix, because overrides, overridePackages, overlays are built using it.

    2. Overlays
    3. buildEnv
    4. override

      First mention of the override attribute, so where is it coming from?

    5. stdenv.lib.licenses

      Find out where stdenv.lib functions are documented.

    6. builtins.elem

      builtins.elem x xs

      Return true if a value equal to x occurs in the list xs, and false otherwise.

    7. builtins.parseDrvName

      builtins.parseDrvName s

      Split the string s into a package name and version. The package name is everything up to but not including the first dash followed by a digit, and the version is everything following that dash. The result is returned in a set { name, version }. Thus, builtins.parseDrvName "nix-0.12pre12876" returns { name = "nix"; version = "0.12pre12876"; }.

    8. This option is a function which accepts a package as a parameter, and returns a boolean. The following example configuration accepts a package and always returns false: { allowUnfreePredicate = (pkg: false); }

      What is a package in this context? That is, the callback's pkg parameter. Is it a derivation?

      If I understood it correctly, whenever referencing other packages as inputs, those are actually derivations, that are just attribute sets.