From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id OJPBBFkShF+RcAAA0tVLHw (envelope-from ) for ; Mon, 12 Oct 2020 08:22:49 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id eGKTAFkShF9iJgAAB5/wlQ (envelope-from ) for ; Mon, 12 Oct 2020 08:22:49 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C27D8940237 for ; Mon, 12 Oct 2020 08:22:48 +0000 (UTC) Received: from localhost ([::1]:37906 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kRt6V-0005ca-Nh for larch@yhetil.org; Mon, 12 Oct 2020 04:22:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50084) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kRt6J-0005bb-1H for guix-devel@gnu.org; Mon, 12 Oct 2020 04:22:35 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:48942) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kRt6G-0006iG-OI; Mon, 12 Oct 2020 04:22:34 -0400 Received: from localhost (80-110-126-103.cgn.dynamic.surfer.at [80.110.126.103]) by dd26836.kasserver.com (Postfix) with ESMTPSA id DF6173362167; Mon, 12 Oct 2020 10:22:27 +0200 (CEST) Date: Mon, 12 Oct 2020 10:22:25 +0200 From: Danny Milosavljevic To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Subject: Re: Problem bootstrapping Guix - "make update-guix-package" result: no code for module (gcrypt hash) Message-ID: <20201012102225.309e50c5@scratchpost.org> In-Reply-To: <87blhg27bb.fsf@gnu.org> References: <20200924174705.572790b1@scratchpost.org> <87blhg27bb.fsf@gnu.org> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/YDiZYgx3qQ9gsXfHOV+Oc/c"; protocol="application/pgp-signature"; micalg=pgp-sha512 Received-SPF: none client-ip=85.13.145.193; envelope-from=dannym@scratchpost.org; helo=dd26836.kasserver.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/10/12 04:22:28 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -1.11 X-TUID: XzJCnZHdgjle --Sig_/YDiZYgx3qQ9gsXfHOV+Oc/c Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, On Mon, 05 Oct 2020 14:20:08 +0200 Ludovic Court=C3=A8s wrote: > Danny Milosavljevic skribis: >=20 > > I'm trying to bootstrap current Guix (master) from Guix past (1.1.0 bin= ary > > tarball). > > > > The goal is: I want to have only guix-the-package-manager at a specific= guix > > commit (!) available inside a Docker image. =20 >=20 > Why build Guix from source? I guess it=E2=80=99s enough to do: >=20 > guix pull --commit=3DXYZ >=20 > if all you want is Guix at commit XYZ. Or am I missing something? I'm doing a project for Heads where we are trying to switch over their build system to something that makes their builds more reproducible (for example Guix). They are using github and gitlab test runners for a lot of things, so one of the ways we are trying to do continuous integration is to do the following: (1) Have guix-the-package-manager be built and published on repository.gitlab.com. It eventually does "./pre-inst-env guix pack guix" and then puts the result into a new docker container. I can't see how to d= o that after a guix pull. Note that I don't want to also carry garbage (this enti= re thing has to be verified for security eventually, so...). Currently, guix is being bootstrapped from Alpine, and I don't want Alpine to remain in the= re. (2) Use the result in order to build boards using tiny Dockerfiles which would just say FROM repository.gitlab.com/guix-on-docker RUN guix build heads-kgpe-d16 and throw away the derivation (or publish it, too?)--but keep the log file and exit status. Note that (1) should pin a specific Guix commit for a long time since Heads does not want to build on a moving target since they do hash verification on bootup, and firmware is hard to keep working (i.e. someone has to manually verify, on real hardware, whether stuff still works after an update of the toolchain). And Heads basically is ONLY security-relevant stuff. But you are right--I'll now instead just guix gc and then copy /gnu and /var/guix and /etc/guix into a "FROM scratch" Docker image. --Sig_/YDiZYgx3qQ9gsXfHOV+Oc/c Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl+EEkEACgkQ5xo1VCww uqVxOwgAjN0w2rw7fF7TSsp9FfKepiUsnlYW8OYib7KqxRHL8lwlxDIwtCYsaaLD jLzft2NxetwqW0kiaXvaLsYdBQUJFlGWdjTX0fYWDS5rc6wS8XUPf8EYllcm3Dzg GCyCAf99Bv0M26+Y/q/uWIc1tA29VemYx83ePUmN3gEzAv6b2xhc9lRN23HhvLKP UywKRJkHMXDm5SmTyFWkGL9ytbf9wMGP9cYD+A+H+3HyzfhZHtWsLrbh+Ec3wuSU TuCXfd02x6WiK4ajZXwc7i/MVyyss9KqCNYylMYyPg3uzyrcJOeM13hchqdIzbJG pON2HKNq7yRl7ZzzadOVU6ULvnDkLw== =bXkm -----END PGP SIGNATURE----- --Sig_/YDiZYgx3qQ9gsXfHOV+Oc/c--