From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Andy Wingo <wingo@pobox.com>
Newsgroups: gmane.lisp.guile.devel,gmane.comp.gnu.guix.devel
Subject: Re: "guix potluck", a moveable feast
Date: Sun, 02 Apr 2017 12:52:39 +0200
Message-ID: <87y3vj84js.fsf@pobox.com>
References: <87d1cxh5f0.fsf@igalia.com> <87o9wfenkk.fsf@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: blaine.gmane.org 1491130395 29256 195.159.176.226 (2 Apr 2017 10:53:15 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sun, 2 Apr 2017 10:53:15 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
Cc: guix-devel@gnu.org, guile-devel@gnu.org
To: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Sun Apr 02 12:53:06 2017
Return-path: <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>
Envelope-to: guile-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>)
	id 1cud7z-00068I-S2
	for guile-devel@m.gmane.org; Sun, 02 Apr 2017 12:53:00 +0200
Original-Received: from localhost ([::1]:54402 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>)
	id 1cud85-0008Gh-JV
	for guile-devel@m.gmane.org; Sun, 02 Apr 2017 06:53:05 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47498)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <wingo@pobox.com>) id 1cud7u-0008G2-9C
	for guile-devel@gnu.org; Sun, 02 Apr 2017 06:52:56 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <wingo@pobox.com>) id 1cud7q-0000L7-77
	for guile-devel@gnu.org; Sun, 02 Apr 2017 06:52:54 -0400
Original-Received: from pb-sasl2.pobox.com ([64.147.108.67]:63539
	helo=sasl.smtp.pobox.com)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <wingo@pobox.com>)
	id 1cud7q-0000KH-02; Sun, 02 Apr 2017 06:52:50 -0400
Original-Received: from sasl.smtp.pobox.com (unknown [127.0.0.1])
	by pb-sasl2.pobox.com (Postfix) with ESMTP id 65AD46998F;
	Sun,  2 Apr 2017 06:52:48 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc
	:subject:references:date:in-reply-to:message-id:mime-version
	:content-type:content-transfer-encoding; s=sasl; bh=bNxqDYbUBjjO
	9W2p4h0iP63n96U=; b=rvUHNusUVuTh1MAJSR5C4S+A1H8N5ktCM195uktyaw5A
	tnCpIK8wfcnhJdTCIuzPnPo2OSjN5vs6Up5f0gAjTetV9ZbtRdY5Zv+r8Vwzo2F7
	f4rB9gsjKPJEOaAs3wySJ6EfPlflOkpggpRg257lOKetokORJSfJnAH6chKqZFk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:cc
	:subject:references:date:in-reply-to:message-id:mime-version
	:content-type:content-transfer-encoding; q=dns; s=sasl; b=ZrJybS
	vK1qWopETnklouE+kiSVcoUr+wZgcBkRcN9E+vPcWRmpaJHsXQ5N+Q+Y+jBbFJzC
	RDTHpYRNjbNaF8MH8COdCyfRV/SXRu/HpnHlsc/REjeWXh/LlGMNFeHYL6pzdP92
	fV+yY7X9qzwk3CksiDnxBEih62tyPku8Eu7HM=
Original-Received: from pb-sasl2.nyi.icgroup.com (unknown [127.0.0.1])
	by pb-sasl2.pobox.com (Postfix) with ESMTP id 5C9886998E;
	Sun,  2 Apr 2017 06:52:48 -0400 (EDT)
Original-Received: from clucks (unknown [88.160.190.192])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pb-sasl2.pobox.com (Postfix) with ESMTPSA id 66A0F6998D;
	Sun,  2 Apr 2017 06:52:46 -0400 (EDT)
In-Reply-To: <87o9wfenkk.fsf@gnu.org> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
	=?utf-8?Q?s?= message of "Sun, 02 Apr 2017 01:05:15 +0200")
X-Pobox-Relay-ID: 81B78248-1792-11E7-97EA-85AB91A0D1B0-02397024!pb-sasl2.pobox.com
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 64.147.108.67
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Developers list for Guile,
	the GNU extensibility library" <guile-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-devel>,
	<mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guile-devel/>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-devel>,
	<mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org
Original-Sender: "guile-devel" <guile-devel-bounces+guile-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.lisp.guile.devel:19090 gmane.comp.gnu.guix.devel:36744
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.devel/19090>

Hi :)

Thanks all for review; comments and suggestions very welcome.  Choosing
this message to reply to.

On Sun 02 Apr 2017 01:05, ludo@gnu.org (Ludovic Court=C3=A8s) writes:

> Andy Wingo <wingo@igalia.com> skribis:
>
>>   (1) Install Guix as a user.  (This needs to be easier.)
>>   (2) guix channel add potluck https://gitlab.com/potluck/potluck master
>>   (3) guix channel enable potluck
>
> So users would see the union of independent potluck =E2=80=9Cdishes=E2=80=
=9D, right?

Yes I think so: a union of all potluck "dishes" with the Guix package
set as well.

Christopher Webber asks about breakage due to version skew between peer
channels and channels and Guix itself.  I think I would like to just
ignore this problem for now: if you add channels and things break
somehow due to an update in Guix or an update in some channel, then the
workaround is to disable channels until developers fix things.

> The sandbox would have transitive access to a lot of modules; I wonder
> if this might somehow make it easier to escape the sandbox, by
> increasing the attack surface.  For instance,
>
>   (source-module-closure '((guix packages)) #:select? (const #t))

I think the strategy here would be to avoid making a sandbox binding set
that is "unsafe".  Having source-module-closure in that binding set
would seem to make it unsafe.

> I think the server should resolve package specifications when the
> potluck.scm file is submitted, and insert each package in the Guix
> package graph of the moment.  Does that make sense?  Maybe that=E2=80=99s=
 what
> you were describing when you talk about rewriting potluck.scm files
> so?

Yes I think this is a good idea.

Incidentally I am now thinking that all the potluck stuff should be in a
potluck dir; you run "guix potluck init" and it makes

  potluck/README.md
  potluck/mypackage.scm

and the .scm files should evaluate to a single package, like:

  (import-packages ...)
  (package
   ...)

The rewrite would create files like:

  gnu/packages/potluck/gitlab-com-wingo-foo-master/mypackage.scm
  gnu/packages/potluck/gitlab-com-wingo-foo-master/mypackage2.scm

These files would look like:

  (define-module (gnu packages potluck gitlab-com-wingo-foo-master mypackag=
e)
    #:pure
    ;; The sandbox.  We've already verified that the user code works in
    ;; this sandbox when we rewrite the package, so this allows us to
    ;; provide a stable language for sandbox packages
    #:use-module (guix potluck environment)
    ;; The individual module imports, resolved by channel manager.
    #:use-module ((gnu packages guile) #:select (guile))
    ...
    #:export (mypackage))

  (define mypackage
    (package ....))

You can compile files from the channel, so guix startup time will be
only minimally affected.

>> There is a particular concern about staging: there is staged Scheme code
>> in these modules that runs inside build processes in guix-daemon.  I
>> don't have any nice solution here.
>
> What=E2=80=99s the problem anyway?  The build environment is a =E2=80=9Cs=
andbox=E2=80=9D so it=E2=80=99s
> not a problem if staged code attempts to do nasty things.

I guess so, yeah.

Andy