From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id yAmuNMxb11/8KgAA0tVLHw (envelope-from ) for ; Mon, 14 Dec 2020 12:34:20 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id YHyTMMxb118kSAAA1q6Kng (envelope-from ) for ; Mon, 14 Dec 2020 12:34:20 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 693259402D4 for ; Mon, 14 Dec 2020 12:34:20 +0000 (UTC) Received: from localhost ([::1]:43496 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kon3T-0005J5-D7 for larch@yhetil.org; Mon, 14 Dec 2020 07:34:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:44216) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kon34-0005IB-DZ for guix-devel@gnu.org; Mon, 14 Dec 2020 07:33:55 -0500 Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]:44133) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kon32-00015W-4r for guix-devel@gnu.org; Mon, 14 Dec 2020 07:33:54 -0500 Received: by mail-wr1-x42f.google.com with SMTP id w5so12455911wrm.11 for ; Mon, 14 Dec 2020 04:33:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:in-reply-to:references:date:message-id:mime-version :content-transfer-encoding; bh=Z0PEHpLFokJPHn+tV1fQh+JTLHyO1Ryk+KIcnyyzSU0=; b=hqw2t6VGsW2bh7g2z43fz61WBfal98/6bjmzWms5h5Un3dU8mG5I7UTsSOCKZNpQbO TnbUlMh+N8qXATf7RT4kG/q6e5QmrYiZGoeXMkdi1HCsFn1Di2waaooPuqZ0745xCpLI iBdoohs/0DCLuLFYNa2NSHVahlDJKFPHiXIWsgT01A6aKcV51HM3df2a0rO57jJ/YyUL ZdjMEglqaI5oQnVpcsMHue15UQxJSAkDRqu0HTU5V8WlCS2jO2bXeliRAeufIelNyz64 l/Gv3Y6w5FH8gq/wvnj7WWkpNdj450sWHGw+6CGa0dup8GwhwU3N4AskFC08sccae3Iy Np/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=Z0PEHpLFokJPHn+tV1fQh+JTLHyO1Ryk+KIcnyyzSU0=; b=tNfrkX5gFe/5KnhTB2hWHvn/Xqs9EHwsoxkrKrZLn+1zzA/lFnlZIq+xtZ7k38ODuj aCvXGlDyJRJZ1lXRVMwy4cCCG3/HtOl112ozhg2XW0H4u1XYLYfkm6miwUQ8iLbCwfkU wTAJX1eRPnYZpZtVbrNcu/53Z0W/0DlGZqZCoFyzQdDqHjh5p0Mux4D6ovm0WtKTJiHH SCIO+btcyxrCnv7nhe66ZeG0SGvgbYcvt0qBf7HpJilp5MnzG2Pyrok2AKkYCSY7DvMz 0yVYjsopai/jgGbDJLYEOGS6nbRb5db+i1opgf+8Gt0CYnch36ypfbXyPANMemjIPwAT pNiw== X-Gm-Message-State: AOAM5314Ibm+CjksoN+S8J1mdPsDsR5/FkwAmehl5Vb5rPNcXRy1DVQR AcNJbYezfc0Lp5JaXrvQpMU/QgIRMCI= X-Google-Smtp-Source: ABdhPJyrGY4Yj0BIvy0dVqspY8pwtFjSzHxhx7fpdA/DXpi79w7fskDA7h2itiCciox4z/vCSzxhbA== X-Received: by 2002:a5d:560e:: with SMTP id l14mr28689439wrv.191.1607949226755; Mon, 14 Dec 2020 04:33:46 -0800 (PST) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id h4sm5994810wrt.65.2020.12.14.04.33.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Dec 2020 04:33:44 -0800 (PST) From: zimoun To: Ryan Prior , Development of GNU Guix and the GNU System distribution Subject: Re: Finding versions of packages (was: [outreachy] Walk through the Git history) In-Reply-To: <5ebe44900cb13f637d87309f4567624d16d3ca15@hey.com> References: <5ebe44900cb13f637d87309f4567624d16d3ca15@hey.com> Date: Mon, 14 Dec 2020 13:31:07 +0100 Message-ID: <86lfe0o9h0.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::42f; envelope-from=zimon.toutoune@gmail.com; helo=mail-wr1-x42f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -3.01 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=hqw2t6VG; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 693259402D4 X-Spam-Score: -3.01 X-Migadu-Scanner: scn0.migadu.com X-TUID: X4O9RYYWJO9v Hi, Thanks for your inputs. On Sat, 12 Dec 2020 at 22:08, Ryan Prior wrote: > I propose a different approach: the "guix versions" subcommand provides > direct answers to practical user questions. > - What package versions are available? > - How do I use them? > - Which versions are known to be vulnerable? > - Which have available substitutes? Roughly speaking, it is already possible with the Data Service. Missing glue code to use JSONs. :-) For the last Hacktathon about =E2=80=9Ctime travel=E2=80=9D, I tried to imp= lement something fetching these JSONs, collecting the hash, find intersection about 2 commit ranges, etc. But 1) I do not want to depend on external services, especially when it starts late on 2019 and 2) custom channels will be always missing. (Aside the =E2=80=9Cbug=E2=80=9D with the accuracy of in/out hash commits, = see .) > For example, the command "guix versions esbuild" can provide this > output: > name: esbuild version: 0.8.21 guix-hash: eee3af86c7 name: esbuild > version: 0.8.19 guix-hash: 6374a25357 name: esbuild version: 0.8.16 > guix-hash: 8c3caf9c5d vulnerabilities: cve-2020-1337, cve-2019-1024 > ...and so on. Your proposal is the final aim when I proposed =E2=80=9Cguix git log=E2=80= =9D. It comes from this old discussion: which clearly shows that something is missing; especially when all the information is somehow already there. In my views, =E2=80=9Cguix git log=E2=80=9D is the first actionable step in= the direction of what you are proposing. Your description is what I want too at the end, so I proposed the =E2=80=9Cguix git log=E2=80=9D starting p= oint with then potential incremental improvements. Since ~/.cache/guix/checkouts/ provides all the information required to implement this, what is missing is somehow =E2=80=9Cglue code=E2=80=9D and = all is already there. Even if it is not straightforward to get the accurate commit range: does Gmsh at commit c5372cd488 is the same version as Gmsh at commit 44e65a75, even if both are the code source from upstream 4.6.0? These 2 commits do not have the same derivation because one of the dependency changed. Well, =E2=80=9Cguix versions=E2=80=9D is more comp= licated than it appears at first (parse the commit message). Therefore, =E2=80=9Cguix git log=E2=80=9D is only the first step with a con= crete outcome: guix git log | grep esbuild This path will provide information about performance, what is missing on the Guile-Git side and how to deal with multichannels, etc. Then, yes the next idea=E2=80=93out of the Outreachy scope=E2=80=93is to create a loc= al cache=E2=80=93probably substituable=E2=80=93with all the versions and the c= ommit hash in/out per version, and probably also add bit of graph theory to find commit range with multi-packages multi-version; in order to reduce the number of inferiors to create. Since it is piece of work, the idea is to implement one step after the other. :-) > Then, to make the output directly actionable, we extend Guix to accept > recfile manifests following the same structure, such that given the > following file "packages.rec:" > name: esbuild version: 0.8.19 guix-hash: 6374a25357 name: python- > html5lib version: 1.1 guix-hash: 6374a25357 > =E2=80=A6we can use those exact packages using "guix environment -m > packages.rec", or find which of those packages have substitutes using > "guix weather -m packages.rec" Ah interesting. Personally, I am taking the other direction: adding other =E2=80=9Cformatters=E2=80=9C than =E2=80=99package->recutils=E2=80=99= , for instance =E2=80=99package->bibtex=E2=80=99 or =E2=80=99package->custom=E2=80=99 or = =E2=80=99package->name-it=E2=80=99, because it should be possible to display the information as I want. For example: guix search emacs --format=3Doneline emacs 27.1 The extensible, customizable, self-= documenting text editor=20=20 emacs-with-editor 2.9.4-1.c4768f5 Emacs library for using Emacsclient= as EDITOR=20=20 emacs-restart-emacs 0.1.1-1.9aa90d3 Restart Emacs from within Emacs=20= =20 emacs-spacemacs-theme 0-1.f79c40f Light and dark theme for spacemacs = that supports GUI and terminal=20 [=E2=80=A6] Therefore, adding somehow a formatter compatible with the =E2=80=99--manife= st=E2=80=99 option. All the best, simon