From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: Advice about GuixSD on Serveraptor? Date: Tue, 21 Mar 2017 16:46:20 -0400 Message-ID: <20170321204620.GA30143@jasmine> References: <20170209183609.5rztohnqhsleifll@wasp> <20170213214717.GA11352@jasmine> <20170313003252.GA12094@jasmine> <20170321180638.GA3027@jasmine> <87mvcenzvw.fsf@dustycloud.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34103) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cqQfi-0007Zb-UN for guix-devel@gnu.org; Tue, 21 Mar 2017 16:46:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cqQfe-0003Pj-RG for guix-devel@gnu.org; Tue, 21 Mar 2017 16:46:26 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:58786) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cqQfe-0003PZ-Gz for guix-devel@gnu.org; Tue, 21 Mar 2017 16:46:22 -0400 Content-Disposition: inline In-Reply-To: <87mvcenzvw.fsf@dustycloud.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Christopher Allan Webber Cc: guix-devel@gnu.org --h31gzZEtNLTqOjlF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 21, 2017 at 03:22:43PM -0500, Christopher Allan Webber wrote: > Leo Famulari writes: > > I can easily create an image to use for this, but I don't want to do it > > if others think I am going beyond the level of trust placed in me by the > > Guix project. >=20 > So, if you provided the source scheme to generate the image, and signed > the image, people would both have the option to generate the image > themselves, or download your signed binary image if they trust you? Not exactly... Serveraptor offers users a set of images to choose from, but they don't have a method by which users can upload their own images. You'd have to make a special arrangement for that. So what I'm doing here is trying to provide Serveraptor with a GuixSD image that they'd offer to users. People could regenerate the image themselves, but it would be difficult to verify that it matches what is offered by Serveraptor. There are VPS providers that provide an image upload system but, as far as I know, none of them accept raw QEMU images. They all want ISO-formatted images. > Honestly, at this point the most important thing is to get things to the > point where we have *a* documented process to install GuixSD on these > servers; once we have that, and assuming we also have documentation / > tooling where people could reproduce the whole process (even if they > used the image you provided, as long as they could reproduce that step > too) I think we're in a much better state than we are... and we could > refine further from there. My idea is to create a bare-bones GuixSD image using `guix system vm-image` and provide that to Serveraptor. Users would boot directly into the system and reconfigure it to fit their needs.=20 If by "install GuixSD" you mean "boot the GuixSD USB install and initialize the system", that does work, but it's not very satisfying because Serveraptor's management interface does not expose the virtualized storage devices, so it's difficult (impossible?) to reclaim the partition used by the installer. --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAljRkRwACgkQJkb6MLrK fwgsIxAA1RsgK329R31Ytuh/uarypIpC427DgzOyKGA66RD3JPHuk6wyrd/JVokL BFY8Y/iEvCWPJzbS19C+07r5hjjyqkopcP46yyUGXM9rSY1Rd7SdbqhJm072Fmh9 FsAI1mPFuistCJkgiZeGgeV/v+o0437OYU8BvXExH4uMUjnxJC75LPt5tuhIW5UY VJEFCXzjrDLayIAb7kHBY+h32Klvkmtt5VgD3LuwaSQTEzGZON296Wa4xvz1L8kT HfNPZG01uQFP+4ZhdCJDyakj5QR9Wn4KS7/bFEc8iwS2Sywwyj9feq0Gkd9/F6zY e+t8OzE32/Tu4svkTQE+NAgwbfvo86cXs8kj1Xg9RZqDjtJ1cEHviCbEPAE59Pgd puTDfqiDJ6gwkmIhfUoXCFu4HCVewrhyDttBXsXWIa4nzjDDje4rumsYwNjZb46f qDwz6ZSPdM4elca/YaNfy6U7H/6PimUjuJjzo7iwxh/iaJlUvIu3mBUh+c28UKg2 3cG5jyXHzYSwNJrN0c1cy5ZFH41CxWfTStPFvhkS9Jd5Qr6TOou5/Y9NVmbHWUVg 1gEsYxQx8f36HNkrykiBjycPqYVVbATf1wGeNyAxHZbc92jM1cfsuaOt3mqfij0w 1y+TF3vr2tZDDW/dOyE1Tbea7VNHsfMh0uLG0+wPKbW35PLvwho= =ad/7 -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF--