Re: Could Guix System eventually run on top of HyperbolaBSD ? slightly off topic

[Csepp <raingloom@riseup.net>]

Vagrant Cascadian <vagrant@debian.org> writes:

> [[PGP Signed Part:Undecided]]
> On 2022-07-14, zimoun wrote:
>> Well, dreaming about science fiction, it appears me more approachable to
>> have Guix running on something as Debian/kfreeBSD – it could be an
>> interesting project with the help of Debian folks.  Other said, “just”
>> replace the Linux kernel by a variant of the FreeBSD one running with
>> GNU GLibc.
>
> Well, guile-3.0 does not build on Debian GNU/kFreeBSD, so that would be
> a bit of a blocker for a GNU Guix port:
>
>   https://buildd.debian.org/guile-3.0
>
> But guile-2.2 built fine:
>
>   https://buildd.debian.org/guile-2.2
>
> It is a rough port, I have toyed with it now and again ... requires lots
> of patches to code that assume userland based on running kernel; patches
> that upstreams are hesitant to take, etc. It is great as a grueling test
> of coding assumptions, though!
>
> My guess is you would have the same sort of problems with porting GNU
> Guix to any of the *BSD.
>
> Definitely the sort of project that would take someone highly motivated
> over many years...
>
>
> live well,
>   vagrant
>
> [[End of PGP Signed Part]]

If the goal is to produce highly secure servers than I'd like to suggest
unikernels once again. No Guix running on the deployed server, but the
server image is built by and possibly deployed by Guix.
Of course the downside is that they do a whole lot less than OpenBSD or
Linux. But if your use case is already covered, that's actually a
positive, since no extra features means smaller attack surface.
MirageOS could be a good starting point, since we already have a good
chunk of Ocaml tooling integrated into Guix.
http://unikernel.org/projects/
There was a Nix project with similar aims that sadly fizzled out, so
it's probably not exactly an easy task to tackle, but it's much easier
than porting Guix to a new kernel and packaging a userland for that
kernel.