unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
From: Danny Milosavljevic <dannym@scratchpost.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: Problem bootstrapping Guix - "make update-guix-package" result: no code for module (gcrypt hash)
Date: Mon, 12 Oct 2020 10:22:25 +0200	[thread overview]
Message-ID: <20201012102225.309e50c5@scratchpost.org> (raw)
In-Reply-To: <87blhg27bb.fsf@gnu.org>

[-- Attachment #1: Type: text/plain, Size: 2114 bytes --]

Hi Ludo,

On Mon, 05 Oct 2020 14:20:08 +0200
Ludovic Courtès <ludo@gnu.org> wrote:

> Danny Milosavljevic <dannym@scratchpost.org> skribis:
> 
> > I'm trying to bootstrap current Guix (master) from Guix past (1.1.0 binary
> > tarball).
> >
> > The goal is: I want to have only guix-the-package-manager at a specific guix
> > commit (!) available inside a Docker image.  
> 
> Why build Guix from source?  I guess it’s enough to do:
> 
>   guix pull --commit=XYZ
> 
> if all you want is Guix at commit XYZ.  Or am I missing something?

I'm doing a project for Heads where we are trying to switch over their build
system to something that makes their builds more reproducible (for example
Guix).

They are using github and gitlab test runners for a lot of things, so one of
the ways we are trying to do continuous integration is to do the following:

(1) Have guix-the-package-manager be built and published on
repository.gitlab.com.  It eventually does "./pre-inst-env guix pack guix"
and then puts the result into a new docker container.  I can't see how to do that
after a guix pull.  Note that I don't want to also carry garbage (this entire
thing has to be verified for security eventually, so...).  Currently, guix
is being bootstrapped from Alpine, and I don't want Alpine to remain in there.

(2) Use the result in order to build boards using tiny Dockerfiles
which would just say

  FROM repository.gitlab.com/guix-on-docker
  RUN guix build heads-kgpe-d16

and throw away the derivation (or publish it, too?)--but keep the log file
and exit status.

Note that (1) should pin a specific Guix commit for a long time since Heads
does not want to build on a moving target since they do hash verification
on bootup, and firmware is hard to keep working (i.e. someone has to
manually verify, on real hardware, whether stuff still works after an
update of the toolchain).  And Heads basically is ONLY security-relevant
stuff.

But you are right--I'll now instead just guix gc and then copy /gnu and
/var/guix and /etc/guix into a "FROM scratch" Docker image.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

  reply	other threads:[~2020-10-12  8:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-24 15:47 Problem bootstrapping Guix - "make update-guix-package" result: no code for module (gcrypt hash) Danny Milosavljevic
2020-10-05 12:20 ` Ludovic Courtès
2020-10-12  8:22   ` Danny Milosavljevic [this message]
2020-10-13 13:04     ` Ludovic Courtès

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201012102225.309e50c5@scratchpost.org \
    --to=dannym@scratchpost.org \
    --cc=guix-devel@gnu.org \
    --cc=ludo@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).