Open sss123next opened 2 years ago
Have you tried without hardening such as apparmor And please send a minimal reproducible config
livecd-i686.nix.txt livecd-packages-common.nix.txt livecd-packages-i686.nix.txt livecd-packages-x86_64.nix.txt livecd-shared.nix.txt livecd-x86_64.nix.txt
nix-build '<nixpkgs/nixos>' --no-out-link -A config.system.build.isoImage -I nixos-config=livecd-i686.nix --arg system \"i686-linux\"
problem still occurs without apparamor
a minimal reproducible config means a config where you have as little as possible enabled
hmm, ok, i will make it.
services.xserver.displayManager.startx.enable = true; - des not work on it's own, so
{config, pkgs, ...}:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
services.xserver.displayManager.startx.enable = true;
}
is enough to see what it does not work.
but looks like it does not pull x server, so xinit failing at finding X if add just services.xserver.displayManager.startx.enable = true;
with this:
{config, pkgs, ...}:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
];
services.xserver.displayManager.startx.enable = true;
services.xserver.enable = true;
}
both problems are in place
I marked this as stale due to inactivity. → More info
I suppose there's an issue with dd
or hexdump
and the commands will have to be tried manually to show the error
if [ -r /dev/urandom ]; then
mcookie=`dd if=/dev/urandom bs=16 count=1 2>/dev/null | hexdump -e \\"%08x\\"`
else
mcookie=`dd if=/dev/random bs=16 count=1 2>/dev/null | hexdump -e \\"%08x\\"`
fi
if test x"$mcookie" = x; then
echo "Couldn't create cookie"
exit 1
fi
Describe the bug
services.xserver.displayManager.startx.enable = true; does not work on i686 linux
Steps To Reproduce
{ config, pkgs, ... }:
{ imports = [ # Include the results of the hardware scan. ./hardware-configuration-local.nix ./guix.nix ./network.nix ];
Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.loader.grub.efiSupport = false; boot.kernelPackages = pkgs.linuxPackages_5_13; boot.extraModulePackages = with config.boot.kernelPackages; [ netatop ]; boot.kernelPatches = [ { name = "local-config"; patch = null; extraConfig = '' SECURITY_APPARMOR y SECURITY_APPARMOR_HASH y SECURITY_APPARMOR_HASH_DEFAULT y DEFAULT_SECURITY_APPARMOR y ''; } ];
boot.initrd.compressor = "gzip";
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only security.apparmor = { enable = true; enableCache = true; };
programs.nm-applet.enable = true; programs.usbtop.enable = true;
services.tor.enable = true; services.tor.client.enable = true; services.tor.client.dns.enable = true; services.tor.settings.DNSPort = [ { addr = "127.0.0.1"; port = 5354; } ]; services.dnscrypt-proxy2.enable = true; services.dnscrypt-proxy2.settings = { listen_addresses = [ "127.0.0.1:5353" ]; };
services.unbound.enable = true; services.unbound.settings.forward-zone = [{ name = "."; forward-addr = [ "127.0.0.1@5353" "127.0.0.1@5354" ]; }];
services.unbound.extraConfig = ''
server:
num-threads: 1
prefer-ip4: yes
prefetch: yes
prefetch-key: yes
verbosity: 3
'';
hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = false; services.blueman.enable = true;
Select internationalisation properties.
i18n.defaultLocale = "ru_RU.utf8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
Set your time zone.
time.timeZone = "Europe/Moscow"; time.hardwareClockInLocalTime = false;
environment.systemPackages = with pkgs; [ wget rsync (neovim.override { viAlias = true; vimAlias = true; withRuby = false; }) atop git psmisc atop openvpn iperf lm_sensors ncdu i3lock-color fzf ];
};
Some programs need SUID wrappers, can be configured further or are
started in user sessions.
programs.mtr.enable = true;
programs.gnupg.agent = { enable = true;
enableSSHSupport = true;
}; security.sudo.enable = false; security.sudo.package = ""; services.gnome.gnome-keyring.enable = true; services.chrony.enable = true; services.chrony.servers = [ "pool.ntp.org" "time-a-g.nist.gov" "time-d-g.nist.gov" "time-a-b.nist.gov" "ut1-time.colorado.edu" "ut1-wwv.nist.gov" "time.cloudflare.com" "time.windows.com" "time.apple.com" "clepsydra.dec.com" "clepsydra.labs.hp.com" "clepsydra.hpl.hp.com" "ntp1.vniiftri.ru" "ntp1.niiftri.irkutsk.ru" "vniiftri.khv.ru" "ntp.mobatime.ru" "ntp1.stratum1.ru" "ntp2.stratum2.ru" "stratum1.net" "ntp.ru" "ts1.aco.net" "ntp1.net.berkeley.edu" "ntp.gsu.edu" "ntp.rsu.edu.ru" "ntp.nict.jp" "ntp.se" "ntp.ripe.net" "clock.isc.org" "ntp0.as34288.net" "ntp1.jst.mfeed.ad.jp" "ntp.neel.ch" ];
services.openssh.enable = true; services.openssh.passwordAuthentication = false; services.openssh.forwardX11 = true; networking.wireguard.enable = true; services.lvm.dmeventd.enable = false; services.flatpak.enable = true; xdg.portal.enable = true; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
programs.firejail.enable = true; programs.light.enable = true; services.acpid.enable = true; programs.tmux = { enable = true; historyLimit = 8192; extraConfig = '' set -g mouse on set -g set-titles on set -g mode-keys vi set -g xterm-keys on set -g allow-rename on set -g alternate-screen on ''; clock24 = true; };
Enable CUPS to print documents.
services.printing.enable = true;
Enable sound.
sound.enable = true; hardware.pulseaudio.enable = false; zramSwap.enable = true;
services.xserver.enable = true; services.xserver.layout = "us,ru"; services.xserver.xkbOptions = "grp:alt_shift_toggle"; services.xserver.xkbVariant = "winkeys";
services.xserver.libinput.enable = true;
services.xserver.displayManager.startx.enable = true; services.xserver.windowManager.awesome.enable = true; services.xserver.useGlamor = false;
services.xserver.videoDrivers = [ "intel" ];
hardware.opengl = { enable = true; extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
};
Define a user account. Don't forget to set a password with ‘passwd’.
users.users.sss = { isNormalUser = true; extraGroups = [ "wheel" "audio" "video" "plugdev" "networkmanager" ]; };
This value determines the NixOS release from which the default
settings for stateful data, like file locations and database versions
on your system were taken. It‘s perfectly fine and recommended to leave
this value at the release version of the first install of this system.
Before changing this value read the documentation for this option
(e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.03"; # Did you read the comment?
nix.buildMachines = [ { hostName = "192.168.0.2"; systems = [ "x86_64-linux" "i686-linux" ];
if the builder supports building for multiple architectures,
nixpkgs.config.packageOverrides = pkgs: { nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { inherit pkgs; }; }; powerManagement.cpuFreqGovernor = "schedutil"; }
{config, pkgs, ...}: { imports = [ <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> ./livecd-packages-common.nix
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
]; nixpkgs.config.allowUnfree = true; boot.kernelPackages = pkgs.linuxPackages_5_13; boot.extraModulePackages = with config.boot.kernelPackages; [ netatop ]; boot.kernelPatches = [ { name = "local-config"; patch = null; extraConfig = '' SECURITY_APPARMOR y SECURITY_APPARMOR_HASH y SECURITY_APPARMOR_HASH_DEFAULT y DEFAULT_SECURITY_APPARMOR y ''; } ]; security.apparmor = { enable = true; enableCache = true;
}; boot.kernelModules = [ "netatop" ]; powerManagement.cpuFreqGovernor = "schedutil"; programs.traceroute.enable = true; programs.atop.netatop.enable = true; hardware.ksm.enable = true; zramSwap.enable = true; services.acpid.enable = true; users.extraUsers.root.password = "root"; services.xserver.displayManager.startx.enable = true; services.xserver.windowManager.awesome.enable = true; services.xserver.enable = true; services.xserver.layout = "us,ru"; services.xserver.xkbOptions = "grp:alt_shift_toggle"; services.xserver.xkbVariant = "winkeys"; services.printing.enable = true; sound.enable = true; hardware.pulseaudio.enable = true; services.xserver.libinput.enable = true; xdg.portal.enable = true; hardware.opengl.enable = true; hardware.opengl.driSupport = true; programs.light.enable = true; programs.nm-applet.enable = true; services.tor.enable = true; services.tor.client.enable = true; services.tor.client.dns.enable = true; services.tor.settings.DNSPort = [ { addr = "127.0.0.1"; port = 5354; } ]; services.dnscrypt-proxy2.enable = true; services.dnscrypt-proxy2.settings = { listen_addresses = [ "127.0.0.1:5353" ]; }; services.unbound.enable = true; services.unbound.settings.forward-zone = [{ name = "."; forward-addr = [ "127.0.0.1@5353" "127.0.0.1@5354" ]; }]; hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = false; services.blueman.enable = true; networking.wireguard.enable = true; programs.neovim = { defaultEditor = true; withRuby = false; }; time.timeZone = "Europe/Moscow"; time.hardwareClockInLocalTime = false; services.chrony.enable = true; services.chrony.servers = [ "pool.ntp.org" "time-a-g.nist.gov" "time-d-g.nist.gov" "time-a-b.nist.gov" "ut1-time.colorado.edu" "ut1-wwv.nist.gov" "time.cloudflare.com" "time.windows.com" "time.apple.com" "clepsydra.dec.com" "clepsydra.labs.hp.com" "clepsydra.hpl.hp.com" "ntp1.vniiftri.ru" "ntp1.niiftri.irkutsk.ru" "vniiftri.khv.ru" "ntp.mobatime.ru" "ntp1.stratum1.ru" "ntp2.stratum2.ru" "stratum1.net" "ntp.ru" "ts1.aco.net" "ntp1.net.berkeley.edu" "ntp.gsu.edu" "ntp.rsu.edu.ru" "ntp.nict.jp" "ntp.se" "ntp.ripe.net" "clock.isc.org" "ntp0.as34288.net" "ntp1.jst.mfeed.ad.jp"
"ntp.neel.ch" ]; networking.hostName = "nixos-live"; programs.tmux = { enable = true; historyLimit = 8192; extraConfig = '' set -g mouse on
set -g set-titles on set -g mode-keys vi set -g xterm-keys on set -g allow-rename on set -g alternate-screen on ''; clock24 = true; }; programs.zsh = { enable = true; zsh-autoenv.enable = true; ohMyZsh.enable = true; }; users.defaultUserShell = pkgs.zsh; }
startx /home/sss/.nix-profile/bin/startx: line 168: /bin/mcookie: No such file or directory Couldn't create cookie
xinit
X.Org X Server 1.20.13 X Protocol Version 11, Revision 0 Build Operating System: Nix Current Operating System: Linux sss-netbook 5.13.12 #1-NixOS SMP Wed Aug 18 07:07:08 UTC 2021 i686 Kernel command line: BOOT_IMAGE=(hd0,gpt2)//kernels/7i1qgpa1ciygq0zml4bnnzp8qizl30m1-linux-5.13.12-bzImage init=/nix/store/b1k0bkx4f6z4l4j8f7yxmf3xwc3ia5mw-nixos-system-sss-netbook-21.11pre311289.503209808cd/init loglevel=4 apparmor=1 security=apparmor Build Date: 29 July 2021 06:48:50PM
Current version of pixman: 0.38.4 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/home/sss/.local/share/xorg/Xorg.0.log", Time: Fri Aug 27 01:57:32 2021 (==) Using config file: "/etc/X11/xorg.conf" (==) Using config directory: "/etc/X11/xorg.conf.d" (==) Using system config directory "/nix/store/71cf2dvr08k7alxrws4c5sk55cq8y5zi-xorg-server-1.20.13/share/X11/xorg.conf.d" (EE) Fatal server error: (EE) parse_vt_settings: Cannot open /dev/tty0 (Permission denied) (EE) (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. (EE) Please also check the log file at "/home/sss/.local/share/xorg/Xorg.0.log" for additional information. (EE) (EE) Server terminated with error (1). Closing log file.
xinit
X.Org X Server 1.20.13 X Protocol Version 11, Revision 0 Build Operating System: Nix Current Operating System: Linux sss-netbook 5.13.12 #1-NixOS SMP Wed Aug 18 07:07:08 UTC 2021 i686 Kernel command line: BOOT_IMAGE=(hd0,gpt2)//kernels/7i1qgpa1ciygq0zml4bnnzp8qizl30m1-linux-5.13.12-bzImage init=/nix/store/b1k0bkx4f6z4l4j8f7yxmf3xwc3ia5mw-nixos-system-sss-netbook-21.11pre311289.503209808cd/init loglevel=4 apparmor=1 security=apparmor Build Date: 29 July 2021 06:48:50PM
Current version of pixman: 0.38.4 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/home/sss/.local/share/xorg/Xorg.0.log", Time: Fri Aug 27 01:58:58 2021 (==) Using config file: "/etc/X11/xorg.conf" (==) Using config directory: "/etc/X11/xorg.conf.d" (==) Using system config directory "/nix/store/71cf2dvr08k7alxrws4c5sk55cq8y5zi-xorg-server-1.20.13/share/X11/xorg.conf.d" xf86EnableIOPorts: failed to set IOPL for I/O (Operation not permitted) The XKEYBOARD keymap compiler (xkbcomp) reports:
Expected behavior
X server + ~/.xninitrc should be launched
nix-env --version
outputi have similar config for x86_64 and it seems does not have this problem.
Metadata
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste the result.