unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: ng0 <contact.ng0@cryptolab.net>
To: Christopher Allan Webber <cwebber@dustycloud.org>
Cc: guix-devel@gnu.org, guile-devel@gnu.org
Subject: Re: "guix potluck", a moveable feast
Date: Sat, 1 Apr 2017 16:01:53 +0000	[thread overview]
Message-ID: <20170401160153.eqmv5qybaxbk3msw@abyayala> (raw)
In-Reply-To: <87d1cwrxlv.fsf@dustycloud.org>

Christopher Allan Webber transcribed 1.8K bytes:
> Andy Wingo writes:
> 
> > Hi!
> 
> Hi!
> 
> > potluck.guixsd.org needs to be isolated from other hosts because it will
> > load potluck.scm files from untrusted sources; we hope the sandbox works
> > but we need a bit of defense-in-depth.
> 
> Well now I see the motivation behind (ice-9 sandbox) ... :)
> 
> > As I mentioned, I think it would be nice to be able to install some
> > potluck packages directly from git, without requiring those packages to
> > make releases and update the potluck.scm.  But until then, we can make
> > it so that the source is fixed in the potluck.scm as it is with other
> > Guix packages, and therefore that any update to potluck.scm in the
> > source git branch registered with potluck.guixsd.org constitutes a new
> > release which replaces the old one.  A developer should signal
> > potluck.guixsd.org about the update via a re-invocation of "guix potluck
> > add".  Maybe "guix potluck add" could remember the branch, dunno.
> >
> > Anyway!  The result of the "guix potluck channel-manager" is a stream of
> > guix modules as a continually updated git tree -- a guix channel.  I am
> > thinking that we need to rewrite these files to be more "normal" -- like
> > starting with a (define-module), but a #:pure module and an appropriate
> > set of imports to enforce the sandbox.  We should be able to compile
> > this module, to prevent the potluck channel from slowing things down.
> > So basically the channel-manager rewrites the potluck.scm files.
> 
> It sounds nice!
> 
> One challenge though... what do we do about multiple channels
> introducing version skew?  (Maybe I'm abusing that term?)  This isn't
> something we've dealt with before in Guix... if my channel adds
> something that depends on your channel's package definition, do I
> explicitly set a revision for your channel?  Otherwise else, your
> channel could change as you upgrade your software version, and that
> might unexpectedly break my channel...
> 
I think there's something we can learn from Gentoo here.
You might or might not know their 'overlays' (I don't know the exact
gentoo rfc when they introduced them but it's been very long ago).
They do this kind of thing. They have no opinion other than that
'portage', in Guix terms 'master branch at savannah', takes the highest
priority by default. You can explicitly change this.
If you start using a specific overlay and use a software recipe from it
which does exists in multiple overlays, it's like this:
- if you don't edit the specific file which tells portage about this
  recipe, it picks the highest stable version.
- if you get rid of stable and allow everything, it picks the highest
  version and has no opinion from where it comes.
- if you specifically point out the overlay for it, it picks the version
  from there, no questions asked. well actually it asks questions if you
  tell it to do so ;)

So I think we could have some way to define the priority of the channel,
a value to define stable / unstable (similar to Gentoo's "experimental"
and "official" classification of overlays).

No warranty that this is accurate, I tried to explain Gentoo overlays
without assuming too much or explaining too much of it.
In case I misunderstood the question, enjoy your 2 minutes of
'Things Gentoo did excellent'.

  reply	other threads:[~2017-04-01 15:02 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-03-31 14:44 "guix potluck", a moveable feast Andy Wingo
2017-04-01 14:50 ` Christopher Allan Webber
2017-04-01 16:01   ` ng0 [this message]
2017-04-01 23:05 ` Ludovic Courtès
2017-04-02  2:20   ` Chris Marusich
2017-04-02  9:24     ` Ludovic Courtès
2017-04-04  2:20       ` Chris Marusich
2017-04-02 10:52   ` Andy Wingo
2017-04-02 14:45     ` Christopher Allan Webber
2017-04-04 12:01     ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170401160153.eqmv5qybaxbk3msw@abyayala \
    --to=contact.ng0@cryptolab.net \
    --cc=cwebber@dustycloud.org \
    --cc=guile-devel@gnu.org \
    --cc=guix-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).