From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id RbHnMeUmJmHQZgEAgWs5BA (envelope-from ) for ; Wed, 25 Aug 2021 13:17:57 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id AFccLeUmJmENbgAA1q6Kng (envelope-from ) for ; Wed, 25 Aug 2021 11:17:57 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 24F5E1E0FB for ; Wed, 25 Aug 2021 13:17:57 +0200 (CEST) Received: from localhost ([::1]:43322 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mIquq-0003Uq-3i for larch@yhetil.org; Wed, 25 Aug 2021 07:17:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56890) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mIquU-0003RS-AV for guix-devel@gnu.org; Wed, 25 Aug 2021 07:17:34 -0400 Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]:36618) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mIquP-0008EG-2d for guix-devel@gnu.org; Wed, 25 Aug 2021 07:17:33 -0400 Received: by mail-wr1-x429.google.com with SMTP id q14so1706308wrp.3 for ; Wed, 25 Aug 2021 04:17:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:in-reply-to:references:date:message-id:mime-version :content-transfer-encoding; bh=pChquGBHMQ5Lpx5bZG3VQJ62kNJFx1EsCT1gqwfdnwQ=; b=IxKHlPxfl07Zo8obFYGfcaeaRXo0qiNpFCRC8zsAo5HWBJQJgtHJ2x6pIzUkITTEeg XJe6uxUw7m3KMNba4A2wvIHkybRyQCXam3jsxzYXXY3Br3wU3Nj+RxnkVpAVefJyYMSG XB5fu938YiYnXrgTn4QdOy5gFRMt74yNUqKWPt53sMFbgc1bNly5Mhgei+cwBdmmH+Qe hdb6n7jdcax3nFI96pe3F4hH1JMRIJvB7MnDOmUuo8kLC7J5fPZnDQvNVc2Av3f6oisj RZpRAOKSLGW6o4UKZJkZ1EtTVhdAsXXjt1nSpbcJmpg6x+ZrrPS+ji4HI7rdBHRVND8T yoYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=pChquGBHMQ5Lpx5bZG3VQJ62kNJFx1EsCT1gqwfdnwQ=; b=OJwUstIeku0oIwUwCCUZQq0GsMI8SN9/oRhynkSpj5hH1eLbT9RruMKs9iJ82r1DE4 Nm3oTM+BgkXhNwzyIxWngLLQ8bw+0Sd4GouXQLW2krYrs9Kbx//wesjN7gFAkoR0Ec2k ty961r9x7wUmgHMMynMTN9xn0EBg5JsgaXcJz2SIl/ztYcD8t8fmSlzCake4bhtz0GXt FuYAkKrAkwGZaw2VDEJstk7kQkZ2M2v2oPdfP8gxj5w7YoZdyTNzkSJMlBCJM1+ux5cw Z4O7mMBpY7P3zG/E3mlTmHKSwcw38iA56Xs9ql7E2DHI3Wr0mVsqxamEr/6mdw8IFrcp RYvQ== X-Gm-Message-State: AOAM531gF9iI9ruCIxJUoKiutG+wYL1xUMHr6uB3hnhQO4ls3xQijObf hky2bxoxTy8huFOabmU1mq6hJrSutfj8Gg== X-Google-Smtp-Source: ABdhPJzu27eBarNUv9sk60+4FF1EisCWM7hXclIasy5bVq5wlsn38iR1lfuTlfWSA1qr7VtMwBOCBw== X-Received: by 2002:adf:ed0c:: with SMTP id a12mr18463037wro.102.1629890247143; Wed, 25 Aug 2021 04:17:27 -0700 (PDT) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id 129sm5087290wmz.26.2021.08.25.04.17.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Aug 2021 04:17:26 -0700 (PDT) From: zimoun To: Sage Gerard , guix-devel@gnu.org Subject: Re: Xiden/Guix design comparison In-Reply-To: <51708424-e8c8-80aa-32bd-a5e71a891a71@sagegerard.com> References: <51708424-e8c8-80aa-32bd-a5e71a891a71@sagegerard.com> Date: Wed, 25 Aug 2021 12:50:35 +0200 Message-ID: <868s0pssqs.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::429; envelope-from=zimon.toutoune@gmail.com; helo=mail-wr1-x429.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1629890277; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=pChquGBHMQ5Lpx5bZG3VQJ62kNJFx1EsCT1gqwfdnwQ=; b=TeEs88OiHB2sFL/2lnHcDVvRvh7k+h6u7ceG1QZFD2gyTMEBA0p1nzEbmpf4eiMWZHqqKB PAmYY0nvraIq1uqsyasyTH8Ab+gbtes4/6DilrH3pF5wKCgFqoEvw7X/iOo6GP12vZ55/9 kf2sDmMmv8eu6e8PBMWNUeraEAf5musrSaNX4gJ1M46Oht0U0Y52fXZbBgXaZ1ww34x+aU yLpk+tmhL6ToeaqVtxPmBJEWHxBx8DItiTaqGuerJD32EgjjPGLqJ4lWz/Hn9Q1rBNE8cX OYkDsz0muGd8OAvNf9bvsuWfe5w21ViZp2i/WkksMf4Z5IjxPIGz8/DXOBMOeg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1629890277; a=rsa-sha256; cv=none; b=RmR/bQ2JxF4MbbDquJqzDr/jlrez8h7rcDG21VyIiiC8wWLvLIC11vlf2E4+J3c5oXc1I+ aFa6n+QCsmxr/fF3Athg9L6gs5FJlCnBQsW9NHmX2SGjTvxFJYrDgOL6T8M4oAyZjH6C8a PGCXC/uVku/qnMtiDnhA3yEt5Q0zm+Kmt8VtXdyu8/z/CWChbkQ3KSmdpCsEUaoGHSkFzb wZ0ABNWEYGaXx1em4tHUOttQV1k8xaOJm2HX5hvg8MK1wlIbVa+oJB+IZJfaYPo+AR4cjK bOSHiDgzFtJ+Pg1kysSS0XOc1oKEirUM87NwMoayrQu6BPNw6uI1aKAhaVbeEA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=IxKHlPxf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.13 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=IxKHlPxf; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 24F5E1E0FB X-Spam-Score: -3.13 X-Migadu-Scanner: scn0.migadu.com X-TUID: 6XZo9dU7XOOK Hi Sage, On Tue, 24 Aug 2021 at 20:33, Sage Gerard wrote: > This is an offshoot Q&A based off Devos' questions in the "How did you > handle making a GNU/Linux distribution?" thread. It pertains to how > Guix compares to Xiden on some points.=20 > > Given the length of both of our emails, I don't expect everyone to > read this. Guix is mentioned for discussion purposes, but I use the > -devel list only because the questions did. Apologies to the mods if > that's not an excuse, since I'm not trying to distract from the > purpose of the list.=20 > > Read on only if you care. I have read your emails and your Reddit post, and also watched your presentation at RacketCon, in addition to the White Paper and some docs. Well, I must admit that I lack context, probably from Racket ecosystem, to get all the points of what Xiden is. To answer to your first email, IIUC, as I said earlier, you should use the Guix binaries=E2=80=93=E2=80=93= probably via the Ryan=E2=80=99s proposal=E2=80=93=E2=80=93to explore your ideas behind X= iden. Because it is guix-devel, my attempt here is to explain what Guix is and maybe you will find how to use it with Xiden. ;-) >From my understanding, Xiden seems like a workflow engine; see for example: Evil is in details but GWL is somehow less strict than Guix itself. GWL defines =E2=80=99process=E2=80=99es which do whatever stuff using programs = and then =E2=80=99workflow=E2=80=99 which is a graph of processes. On the other han= d, Guix defines =E2=80=99package=E2=80=99s which do more or less =E2=80=9Conly=E2= =80=9D: =E2=80=99fetch-from-Internet && ./configure && make && make check && make install=E2=80=99, so a lot of thi= ngs have to be strict, for instance version, method for fetching, etc. And, again, from my understanding, the launcher looks like a flexible and declarative way to describe how the content flows. Maybe give a look at Common Workflow Language [0] or if you have not yet to Dataflow [1] stuff. I do not know if it is relevant, for sure I miss a lot of stuff with Xiden. :-) In Guix, nothing really flows but things are just built. All the other stuff Guix does come from the nice properties that these builds have. 0: 1: Reading your piece of writings, I thought to topics you might be interested in. Speaking about build systems, a good framework to compare them is exposed in =E2=80=9CBuild =C3=A0 la carte=E2=80=9C [2]; it = is a really good reading, IMHO. Guix is now a lot of things, but, from my point of view, at first, Guix is somehow a (glue of) build system: it transforms a graph of dependencies into binaries items; vertexes are package definitions and edges are inputs. Note that Guix consider 2 kind of inputs: explicit and implicit. Roughly speaking and to stay short, the implicit inputs are compilers and various utilities. For instance, the Guix package =E2=80=99racket-minimal=E2=80=99 [3] requires a C compiler which is not lis= ted in the =E2=80=99inputs=E2=80=99 field but is implicit by =E2=80=99gnu-build-system= =E2=80=99. 2: 3: Now, I would like to point issues about trust. Today, when you build Racket from source (milk), you need compilers (yogourt). These compilers come from source (other milk) compiled by compilers (other yogourt). And so on. The question is the size of the initial yogourt you are ready to eat (trust). In case you missed the pedestrian explanations of Trusting Trust by Carl, please watch [4]. I do not know about Microsoft, and about Mac the initial yogourt is really a huge piece. :-) The initial yogourt used by Guix is detailed here [5,6]. 4: 5: 6: My point here is if Xiden works on Mac and the launcher is zero-trust, it could be worth to specify against which attack Xiden is trying to protect. IIUC, not against a Trusting Trust attack. ;-) Guix tries to get a straight path from a minimal set of binaries to modern compilers. The aim [7] is to have human-auditable binaries, somehow. That=E2=80=99s said, this path is running using a (binary) kernel= on the top of hardware, so still a chicken-egg problem. ;-) The question, as always, is against what we protect. Note that another path is tried: formal verification. Somehow, the audit is done by proof-assistant [8,9]; another long story. :-) 7: 8: 9: Last, about preserving semantics, i.e., do not rebuild, it is a difficult task. For instance, I remember the idea exposed in this blog post [10]. And about functional principles applied to deployment, =E2=80=99propellor=E2=80=99 [11,12] by Joey Hess might be interesting. Or = not. :-) 10: 11: 12: Well, all in all, I am off-topic about your questions. Maybe you will find your way. Feel free to expose your ideas. If Guix can help to have better tools. :-) All the best, simon