* armhf build machines
@ 2015-12-07 9:14 Efraim Flashner
2015-12-07 10:36 ` Andreas Enge
0 siblings, 1 reply; 8+ messages in thread
From: Efraim Flashner @ 2015-12-07 9:14 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 551 bytes --]
The impression I got from looking at the build farm thank-yous on the website
was that we have lowered requirements for what we're looking for in armhf
build machines, at least in terms of RAM. In terms of freedom the Raspberry
Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this
something we'd be interested in?
--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines
2015-12-07 9:14 armhf build machines Efraim Flashner
@ 2015-12-07 10:36 ` Andreas Enge
2015-12-07 18:28 ` Leo Famulari
0 siblings, 1 reply; 8+ messages in thread
From: Andreas Enge @ 2015-12-07 10:36 UTC (permalink / raw)
To: Efraim Flashner; +Cc: guix-devel
On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote:
> The impression I got from looking at the build farm thank-yous on the website
> was that we have lowered requirements for what we're looking for in armhf
> build machines, at least in terms of RAM. In terms of freedom the Raspberry
> Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this
> something we'd be interested in?
We are waiting for two new Novena boards that should arrive before the
end of the year. The current bottleneck is not the build machines, but hydra;
already now the build farm could sustain more jobs in parallel, but we
artificially limit them. So I would say that there is currently no need
to add more build machines. This may change if we get a physical machine
for hydra.
Andreas
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines
2015-12-07 10:36 ` Andreas Enge
@ 2015-12-07 18:28 ` Leo Famulari
2015-12-07 23:03 ` Ludovic Courtès
0 siblings, 1 reply; 8+ messages in thread
From: Leo Famulari @ 2015-12-07 18:28 UTC (permalink / raw)
To: Andreas Enge; +Cc: guix-devel
On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote:
> On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote:
> > The impression I got from looking at the build farm thank-yous on the website
> > was that we have lowered requirements for what we're looking for in armhf
> > build machines, at least in terms of RAM. In terms of freedom the Raspberry
> > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this
> > something we'd be interested in?
>
> We are waiting for two new Novena boards that should arrive before the
> end of the year. The current bottleneck is not the build machines, but hydra;
> already now the build farm could sustain more jobs in parallel, but we
> artificially limit them. So I would say that there is currently no need
> to add more build machines. This may change if we get a physical machine
> for hydra.
What sort of machine would be appropriate for hydra?
> Andreas
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines
2015-12-07 18:28 ` Leo Famulari
@ 2015-12-07 23:03 ` Ludovic Courtès
2015-12-08 4:07 ` Mark H Weaver
0 siblings, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2015-12-07 23:03 UTC (permalink / raw)
To: Leo Famulari; +Cc: guix-devel
Leo Famulari <leo@famulari.name> skribis:
> On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote:
>> On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote:
>> > The impression I got from looking at the build farm thank-yous on the website
>> > was that we have lowered requirements for what we're looking for in armhf
>> > build machines, at least in terms of RAM. In terms of freedom the Raspberry
>> > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this
>> > something we'd be interested in?
>>
>> We are waiting for two new Novena boards that should arrive before the
>> end of the year. The current bottleneck is not the build machines, but hydra;
>> already now the build farm could sustain more jobs in parallel, but we
>> artificially limit them. So I would say that there is currently no need
>> to add more build machines. This may change if we get a physical machine
>> for hydra.
>
> What sort of machine would be appropriate for hydra?
Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines
2015-12-07 23:03 ` Ludovic Courtès
@ 2015-12-08 4:07 ` Mark H Weaver
2015-12-08 17:18 ` Ludovic Courtès
0 siblings, 1 reply; 8+ messages in thread
From: Mark H Weaver @ 2015-12-08 4:07 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
ludo@gnu.org (Ludovic Courtès) writes:
> Leo Famulari <leo@famulari.name> skribis:
>
>> On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote:
>>> On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote:
>>> > The impression I got from looking at the build farm thank-yous on the website
>>> > was that we have lowered requirements for what we're looking for in armhf
>>> > build machines, at least in terms of RAM. In terms of freedom the Raspberry
>>> > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this
>>> > something we'd be interested in?
>>>
>>> We are waiting for two new Novena boards that should arrive before the
>>> end of the year. The current bottleneck is not the build machines, but hydra;
>>> already now the build farm could sustain more jobs in parallel, but we
>>> artificially limit them. So I would say that there is currently no need
>>> to add more build machines. This may change if we get a physical machine
>>> for hydra.
>>
>> What sort of machine would be appropriate for hydra?
>
> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
I would also add that it should run Libreboot, for which the ASUS
KGPE-D16 is currently the best supported server-class motherboard.
Thanks,
Mark
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines
2015-12-08 4:07 ` Mark H Weaver
@ 2015-12-08 17:18 ` Ludovic Courtès
2015-12-08 19:39 ` Mark H Weaver
0 siblings, 1 reply; 8+ messages in thread
From: Ludovic Courtès @ 2015-12-08 17:18 UTC (permalink / raw)
To: Mark H Weaver; +Cc: guix-devel
Mark H Weaver <mhw@netris.org> skribis:
> ludo@gnu.org (Ludovic Courtès) writes:
>
>> Leo Famulari <leo@famulari.name> skribis:
>>
>>> On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote:
>>>> On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote:
>>>> > The impression I got from looking at the build farm thank-yous on the website
>>>> > was that we have lowered requirements for what we're looking for in armhf
>>>> > build machines, at least in terms of RAM. In terms of freedom the Raspberry
>>>> > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this
>>>> > something we'd be interested in?
>>>>
>>>> We are waiting for two new Novena boards that should arrive before the
>>>> end of the year. The current bottleneck is not the build machines, but hydra;
>>>> already now the build farm could sustain more jobs in parallel, but we
>>>> artificially limit them. So I would say that there is currently no need
>>>> to add more build machines. This may change if we get a physical machine
>>>> for hydra.
>>>
>>> What sort of machine would be appropriate for hydra?
>>
>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
>
> I would also add that it should run Libreboot, for which the ASUS
> KGPE-D16 is currently the best supported server-class motherboard.
Right, I would prefer it as well; I hope we can find such rackable
servers.
If it turns out that all we can buy in practice is an ME-backdoored
server, I *might* be willing to take it, with the understanding that it
would become less and less of a single point of trust (assuming more of
our package builds become reproducible, and other users publish binaries
as well.)
WDYT?
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines
2015-12-08 17:18 ` Ludovic Courtès
@ 2015-12-08 19:39 ` Mark H Weaver
2015-12-09 13:50 ` Ludovic Courtès
0 siblings, 1 reply; 8+ messages in thread
From: Mark H Weaver @ 2015-12-08 19:39 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
ludo@gnu.org (Ludovic Courtès) writes:
> Mark H Weaver <mhw@netris.org> skribis:
>
>> ludo@gnu.org (Ludovic Courtès) writes:
>>
>>> Leo Famulari <leo@famulari.name> skribis:
>>>
>>>> What sort of machine would be appropriate for hydra?
>>>
>>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
>>
>> I would also add that it should run Libreboot, for which the ASUS
>> KGPE-D16 is currently the best supported server-class motherboard.
>
> Right, I would prefer it as well; I hope we can find such rackable
> servers.
>
> If it turns out that all we can buy in practice is an ME-backdoored
> server,
Under what set of circumstances would this be the case? The ASUS
KGPE-D16 is widely available. It's even available pre-flashed with
Libreboot from minifree.org, the company run by Francis Rowe, the
creator of Libreboot.
> I *might* be willing to take it, with the understanding that it
> would become less and less of a single point of trust (assuming more of
> our package builds become reproducible, and other users publish binaries
> as well.)
If hydra is compromised, then its private key could be stolen and
facilitate targetted delivery of malicious binary substitutes to
individual users. The existence of other users who run 'guix challenge'
would not prevent that, afaict.
Anyway, to my mind, the security issues are secondary. We should avoid
running non-free software wherever feasible. It is now fairly easy for
us to arrange for hydra.gnu.org to run 100% free software from the boot
firmware up. Given this, and our commitment to free software, I'm
surprised that we would not make this a priority.
More thoughts?
Regards,
Mark
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines
2015-12-08 19:39 ` Mark H Weaver
@ 2015-12-09 13:50 ` Ludovic Courtès
0 siblings, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2015-12-09 13:50 UTC (permalink / raw)
To: Mark H Weaver; +Cc: guix-devel
Mark H Weaver <mhw@netris.org> skribis:
> ludo@gnu.org (Ludovic Courtès) writes:
>
>> Mark H Weaver <mhw@netris.org> skribis:
>>
>>> ludo@gnu.org (Ludovic Courtès) writes:
>>>
>>>> Leo Famulari <leo@famulari.name> skribis:
>>>>
>>>>> What sort of machine would be appropriate for hydra?
>>>>
>>>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least.
>>>
>>> I would also add that it should run Libreboot, for which the ASUS
>>> KGPE-D16 is currently the best supported server-class motherboard.
>>
>> Right, I would prefer it as well; I hope we can find such rackable
>> servers.
>>
>> If it turns out that all we can buy in practice is an ME-backdoored
>> server,
>
> Under what set of circumstances would this be the case?
I don’t know, I’m just showing my ignorance. :-)
> The ASUS KGPE-D16 is widely available. It's even available
> pre-flashed with Libreboot from minifree.org, the company run by
> Francis Rowe, the creator of Libreboot.
So that sounds perfect. Does it meet the other requirements above?
(We discussed it a couple of times on IRC, but I admit I never took the
time to learn more about what’s available.)
>> I *might* be willing to take it, with the understanding that it
>> would become less and less of a single point of trust (assuming more of
>> our package builds become reproducible, and other users publish binaries
>> as well.)
>
> If hydra is compromised, then its private key could be stolen and
> facilitate targetted delivery of malicious binary substitutes to
> individual users. The existence of other users who run 'guix challenge'
> would not prevent that, afaict.
>
> Anyway, to my mind, the security issues are secondary. We should avoid
> running non-free software wherever feasible. It is now fairly easy for
> us to arrange for hydra.gnu.org to run 100% free software from the boot
> firmware up. Given this, and our commitment to free software, I'm
> surprised that we would not make this a priority.
This is definitely important, and again, if the servers Francis’ company
provides fit the bill, then go for it!
Thanks for your feedback,
Ludo’.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-12-09 13:50 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-12-07 9:14 armhf build machines Efraim Flashner
2015-12-07 10:36 ` Andreas Enge
2015-12-07 18:28 ` Leo Famulari
2015-12-07 23:03 ` Ludovic Courtès
2015-12-08 4:07 ` Mark H Weaver
2015-12-08 17:18 ` Ludovic Courtès
2015-12-08 19:39 ` Mark H Weaver
2015-12-09 13:50 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).