From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Newsgroups: gmane.lisp.guile.devel,gmane.comp.gnu.guix.devel Subject: Re: "guix potluck", a moveable feast Date: Tue, 04 Apr 2017 14:01:09 +0200 Message-ID: <87k270tm9m.fsf@gnu.org> References: <87d1cxh5f0.fsf@igalia.com> <87o9wfenkk.fsf@gnu.org> <87y3vj84js.fsf@pobox.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: blaine.gmane.org 1491307292 7491 195.159.176.226 (4 Apr 2017 12:01:32 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Tue, 4 Apr 2017 12:01:32 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) Cc: guix-devel@gnu.org, guile-devel@gnu.org To: Andy Wingo Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Tue Apr 04 14:01:22 2017 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cvN9B-0000Op-JP for guile-devel@m.gmane.org; Tue, 04 Apr 2017 14:01:17 +0200 Original-Received: from localhost ([::1]:35420 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cvN9H-0000Bd-Kd for guile-devel@m.gmane.org; Tue, 04 Apr 2017 08:01:23 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55326) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cvN99-0000BW-Te for guile-devel@gnu.org; Tue, 04 Apr 2017 08:01:17 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cvN95-0002Dl-Rt for guile-devel@gnu.org; Tue, 04 Apr 2017 08:01:16 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40409) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cvN95-0002Dc-OY; Tue, 04 Apr 2017 08:01:11 -0400 Original-Received: from [193.50.110.182] (port=49730 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1cvN95-0003xQ-4Y; Tue, 04 Apr 2017 08:01:11 -0400 X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 15 Germinal an 225 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu In-Reply-To: <87y3vj84js.fsf@pobox.com> (Andy Wingo's message of "Sun, 02 Apr 2017 12:52:39 +0200") X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Original-Sender: "guile-devel" Xref: news.gmane.org gmane.lisp.guile.devel:19096 gmane.comp.gnu.guix.devel:36797 Archived-At: Hey! Andy Wingo skribis: > On Sun 02 Apr 2017 01:05, ludo@gnu.org (Ludovic Court=C3=A8s) writes: > >> Andy Wingo skribis: >> >>> (1) Install Guix as a user. (This needs to be easier.) >>> (2) guix channel add potluck https://gitlab.com/potluck/potluck master >>> (3) guix channel enable potluck >> >> So users would see the union of independent potluck =E2=80=9Cdishes=E2= =80=9D, right? > > Yes I think so: a union of all potluck "dishes" with the Guix package > set as well. > > Christopher Webber asks about breakage due to version skew between peer > channels and channels and Guix itself. I think I would like to just > ignore this problem for now: if you add channels and things break > somehow due to an update in Guix or an update in some channel, then the > workaround is to disable channels until developers fix things. OK, that sounds reasonable. >> The sandbox would have transitive access to a lot of modules; I wonder >> if this might somehow make it easier to escape the sandbox, by >> increasing the attack surface. For instance, >> >> (source-module-closure '((guix packages)) #:select? (const #t)) > > I think the strategy here would be to avoid making a sandbox binding set > that is "unsafe". Having source-module-closure in that binding set > would seem to make it unsafe. Sorry, I used =E2=80=98source-module-closure=E2=80=99 just to show that (sy= stem foreign) is being pulled, and (system foreign) is =E2=80=9Csudo=E2=80=9D. :-) So I think we=E2=80=99d have to make sure the sandbox cannot access (system foreign) transitively. >> I think the server should resolve package specifications when the >> potluck.scm file is submitted, and insert each package in the Guix >> package graph of the moment. Does that make sense? Maybe that=E2=80=99= s what >> you were describing when you talk about rewriting potluck.scm files >> so? > > Yes I think this is a good idea. > > Incidentally I am now thinking that all the potluck stuff should be in a > potluck dir; you run "guix potluck init" and it makes > > potluck/README.md > potluck/mypackage.scm > > and the .scm files should evaluate to a single package, like: > > (import-packages ...) > (package > ...) > > The rewrite would create files like: > > gnu/packages/potluck/gitlab-com-wingo-foo-master/mypackage.scm > gnu/packages/potluck/gitlab-com-wingo-foo-master/mypackage2.scm > > These files would look like: > > (define-module (gnu packages potluck gitlab-com-wingo-foo-master mypack= age) > #:pure > ;; The sandbox. We've already verified that the user code works in > ;; this sandbox when we rewrite the package, so this allows us to > ;; provide a stable language for sandbox packages > #:use-module (guix potluck environment) > ;; The individual module imports, resolved by channel manager. > #:use-module ((gnu packages guile) #:select (guile)) > ... > #:export (mypackage)) > > (define mypackage > (package ....)) > > You can compile files from the channel, so guix startup time will be > only minimally affected. Sounds good! Ludo=E2=80=99.