* armhf build machines @ 2015-12-07 9:14 Efraim Flashner 2015-12-07 10:36 ` Andreas Enge 0 siblings, 1 reply; 8+ messages in thread From: Efraim Flashner @ 2015-12-07 9:14 UTC (permalink / raw) To: guix-devel [-- Attachment #1: Type: text/plain, Size: 551 bytes --] The impression I got from looking at the build farm thank-yous on the website was that we have lowered requirements for what we're looking for in armhf build machines, at least in terms of RAM. In terms of freedom the Raspberry Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this something we'd be interested in? -- Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 819 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines 2015-12-07 9:14 armhf build machines Efraim Flashner @ 2015-12-07 10:36 ` Andreas Enge 2015-12-07 18:28 ` Leo Famulari 0 siblings, 1 reply; 8+ messages in thread From: Andreas Enge @ 2015-12-07 10:36 UTC (permalink / raw) To: Efraim Flashner; +Cc: guix-devel On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote: > The impression I got from looking at the build farm thank-yous on the website > was that we have lowered requirements for what we're looking for in armhf > build machines, at least in terms of RAM. In terms of freedom the Raspberry > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this > something we'd be interested in? We are waiting for two new Novena boards that should arrive before the end of the year. The current bottleneck is not the build machines, but hydra; already now the build farm could sustain more jobs in parallel, but we artificially limit them. So I would say that there is currently no need to add more build machines. This may change if we get a physical machine for hydra. Andreas ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines 2015-12-07 10:36 ` Andreas Enge @ 2015-12-07 18:28 ` Leo Famulari 2015-12-07 23:03 ` Ludovic Courtès 0 siblings, 1 reply; 8+ messages in thread From: Leo Famulari @ 2015-12-07 18:28 UTC (permalink / raw) To: Andreas Enge; +Cc: guix-devel On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote: > On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote: > > The impression I got from looking at the build farm thank-yous on the website > > was that we have lowered requirements for what we're looking for in armhf > > build machines, at least in terms of RAM. In terms of freedom the Raspberry > > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this > > something we'd be interested in? > > We are waiting for two new Novena boards that should arrive before the > end of the year. The current bottleneck is not the build machines, but hydra; > already now the build farm could sustain more jobs in parallel, but we > artificially limit them. So I would say that there is currently no need > to add more build machines. This may change if we get a physical machine > for hydra. What sort of machine would be appropriate for hydra? > Andreas > > ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines 2015-12-07 18:28 ` Leo Famulari @ 2015-12-07 23:03 ` Ludovic Courtès 2015-12-08 4:07 ` Mark H Weaver 0 siblings, 1 reply; 8+ messages in thread From: Ludovic Courtès @ 2015-12-07 23:03 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote: >> On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote: >> > The impression I got from looking at the build farm thank-yous on the website >> > was that we have lowered requirements for what we're looking for in armhf >> > build machines, at least in terms of RAM. In terms of freedom the Raspberry >> > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this >> > something we'd be interested in? >> >> We are waiting for two new Novena boards that should arrive before the >> end of the year. The current bottleneck is not the build machines, but hydra; >> already now the build farm could sustain more jobs in parallel, but we >> artificially limit them. So I would say that there is currently no need >> to add more build machines. This may change if we get a physical machine >> for hydra. > > What sort of machine would be appropriate for hydra? Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least. Ludo’. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines 2015-12-07 23:03 ` Ludovic Courtès @ 2015-12-08 4:07 ` Mark H Weaver 2015-12-08 17:18 ` Ludovic Courtès 0 siblings, 1 reply; 8+ messages in thread From: Mark H Weaver @ 2015-12-08 4:07 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel ludo@gnu.org (Ludovic Courtès) writes: > Leo Famulari <leo@famulari.name> skribis: > >> On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote: >>> On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote: >>> > The impression I got from looking at the build farm thank-yous on the website >>> > was that we have lowered requirements for what we're looking for in armhf >>> > build machines, at least in terms of RAM. In terms of freedom the Raspberry >>> > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this >>> > something we'd be interested in? >>> >>> We are waiting for two new Novena boards that should arrive before the >>> end of the year. The current bottleneck is not the build machines, but hydra; >>> already now the build farm could sustain more jobs in parallel, but we >>> artificially limit them. So I would say that there is currently no need >>> to add more build machines. This may change if we get a physical machine >>> for hydra. >> >> What sort of machine would be appropriate for hydra? > > Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least. I would also add that it should run Libreboot, for which the ASUS KGPE-D16 is currently the best supported server-class motherboard. Thanks, Mark ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines 2015-12-08 4:07 ` Mark H Weaver @ 2015-12-08 17:18 ` Ludovic Courtès 2015-12-08 19:39 ` Mark H Weaver 0 siblings, 1 reply; 8+ messages in thread From: Ludovic Courtès @ 2015-12-08 17:18 UTC (permalink / raw) To: Mark H Weaver; +Cc: guix-devel Mark H Weaver <mhw@netris.org> skribis: > ludo@gnu.org (Ludovic Courtès) writes: > >> Leo Famulari <leo@famulari.name> skribis: >> >>> On Mon, Dec 07, 2015 at 11:36:46AM +0100, Andreas Enge wrote: >>>> On Mon, Dec 07, 2015 at 11:14:24AM +0200, Efraim Flashner wrote: >>>> > The impression I got from looking at the build farm thank-yous on the website >>>> > was that we have lowered requirements for what we're looking for in armhf >>>> > build machines, at least in terms of RAM. In terms of freedom the Raspberry >>>> > Pi 2 isn't great, but in terms of cost its pretty inexpensive. Is this >>>> > something we'd be interested in? >>>> >>>> We are waiting for two new Novena boards that should arrive before the >>>> end of the year. The current bottleneck is not the build machines, but hydra; >>>> already now the build farm could sustain more jobs in parallel, but we >>>> artificially limit them. So I would say that there is currently no need >>>> to add more build machines. This may change if we get a physical machine >>>> for hydra. >>> >>> What sort of machine would be appropriate for hydra? >> >> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least. > > I would also add that it should run Libreboot, for which the ASUS > KGPE-D16 is currently the best supported server-class motherboard. Right, I would prefer it as well; I hope we can find such rackable servers. If it turns out that all we can buy in practice is an ME-backdoored server, I *might* be willing to take it, with the understanding that it would become less and less of a single point of trust (assuming more of our package builds become reproducible, and other users publish binaries as well.) WDYT? Ludo’. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines 2015-12-08 17:18 ` Ludovic Courtès @ 2015-12-08 19:39 ` Mark H Weaver 2015-12-09 13:50 ` Ludovic Courtès 0 siblings, 1 reply; 8+ messages in thread From: Mark H Weaver @ 2015-12-08 19:39 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel ludo@gnu.org (Ludovic Courtès) writes: > Mark H Weaver <mhw@netris.org> skribis: > >> ludo@gnu.org (Ludovic Courtès) writes: >> >>> Leo Famulari <leo@famulari.name> skribis: >>> >>>> What sort of machine would be appropriate for hydra? >>> >>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least. >> >> I would also add that it should run Libreboot, for which the ASUS >> KGPE-D16 is currently the best supported server-class motherboard. > > Right, I would prefer it as well; I hope we can find such rackable > servers. > > If it turns out that all we can buy in practice is an ME-backdoored > server, Under what set of circumstances would this be the case? The ASUS KGPE-D16 is widely available. It's even available pre-flashed with Libreboot from minifree.org, the company run by Francis Rowe, the creator of Libreboot. > I *might* be willing to take it, with the understanding that it > would become less and less of a single point of trust (assuming more of > our package builds become reproducible, and other users publish binaries > as well.) If hydra is compromised, then its private key could be stolen and facilitate targetted delivery of malicious binary substitutes to individual users. The existence of other users who run 'guix challenge' would not prevent that, afaict. Anyway, to my mind, the security issues are secondary. We should avoid running non-free software wherever feasible. It is now fairly easy for us to arrange for hydra.gnu.org to run 100% free software from the boot firmware up. Given this, and our commitment to free software, I'm surprised that we would not make this a priority. More thoughts? Regards, Mark ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: armhf build machines 2015-12-08 19:39 ` Mark H Weaver @ 2015-12-09 13:50 ` Ludovic Courtès 0 siblings, 0 replies; 8+ messages in thread From: Ludovic Courtès @ 2015-12-09 13:50 UTC (permalink / raw) To: Mark H Weaver; +Cc: guix-devel Mark H Weaver <mhw@netris.org> skribis: > ludo@gnu.org (Ludovic Courtès) writes: > >> Mark H Weaver <mhw@netris.org> skribis: >> >>> ludo@gnu.org (Ludovic Courtès) writes: >>> >>>> Leo Famulari <leo@famulari.name> skribis: >>>> >>>>> What sort of machine would be appropriate for hydra? >>>> >>>> Something rather big: say 8+ cores, 16+G RAM, fast disk of 3T at least. >>> >>> I would also add that it should run Libreboot, for which the ASUS >>> KGPE-D16 is currently the best supported server-class motherboard. >> >> Right, I would prefer it as well; I hope we can find such rackable >> servers. >> >> If it turns out that all we can buy in practice is an ME-backdoored >> server, > > Under what set of circumstances would this be the case? I don’t know, I’m just showing my ignorance. :-) > The ASUS KGPE-D16 is widely available. It's even available > pre-flashed with Libreboot from minifree.org, the company run by > Francis Rowe, the creator of Libreboot. So that sounds perfect. Does it meet the other requirements above? (We discussed it a couple of times on IRC, but I admit I never took the time to learn more about what’s available.) >> I *might* be willing to take it, with the understanding that it >> would become less and less of a single point of trust (assuming more of >> our package builds become reproducible, and other users publish binaries >> as well.) > > If hydra is compromised, then its private key could be stolen and > facilitate targetted delivery of malicious binary substitutes to > individual users. The existence of other users who run 'guix challenge' > would not prevent that, afaict. > > Anyway, to my mind, the security issues are secondary. We should avoid > running non-free software wherever feasible. It is now fairly easy for > us to arrange for hydra.gnu.org to run 100% free software from the boot > firmware up. Given this, and our commitment to free software, I'm > surprised that we would not make this a priority. This is definitely important, and again, if the servers Francis’ company provides fit the bill, then go for it! Thanks for your feedback, Ludo’. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2015-12-09 13:50 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-12-07 9:14 armhf build machines Efraim Flashner 2015-12-07 10:36 ` Andreas Enge 2015-12-07 18:28 ` Leo Famulari 2015-12-07 23:03 ` Ludovic Courtès 2015-12-08 4:07 ` Mark H Weaver 2015-12-08 17:18 ` Ludovic Courtès 2015-12-08 19:39 ` Mark H Weaver 2015-12-09 13:50 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).