From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christopher Allan Webber Subject: Re: "guix potluck", a moveable feast Date: Sat, 01 Apr 2017 09:50:04 -0500 Message-ID: <87d1cwrxlv.fsf@dustycloud.org> References: <87d1cxh5f0.fsf@igalia.com> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:42691) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cuKLx-0001iw-Oc for guix-devel@gnu.org; Sat, 01 Apr 2017 10:50:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cuKLw-0007qN-Qw for guix-devel@gnu.org; Sat, 01 Apr 2017 10:50:09 -0400 In-reply-to: <87d1cxh5f0.fsf@igalia.com> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Andy Wingo Cc: guix-devel@gnu.org, guile-devel@gnu.org Andy Wingo writes: > Hi! Hi! > potluck.guixsd.org needs to be isolated from other hosts because it will > load potluck.scm files from untrusted sources; we hope the sandbox works > but we need a bit of defense-in-depth. Well now I see the motivation behind (ice-9 sandbox) ... :) > As I mentioned, I think it would be nice to be able to install some > potluck packages directly from git, without requiring those packages to > make releases and update the potluck.scm. But until then, we can make > it so that the source is fixed in the potluck.scm as it is with other > Guix packages, and therefore that any update to potluck.scm in the > source git branch registered with potluck.guixsd.org constitutes a new > release which replaces the old one. A developer should signal > potluck.guixsd.org about the update via a re-invocation of "guix potluck > add". Maybe "guix potluck add" could remember the branch, dunno. > > Anyway! The result of the "guix potluck channel-manager" is a stream of > guix modules as a continually updated git tree -- a guix channel. I am > thinking that we need to rewrite these files to be more "normal" -- like > starting with a (define-module), but a #:pure module and an appropriate > set of imports to enforce the sandbox. We should be able to compile > this module, to prevent the potluck channel from slowing things down. > So basically the channel-manager rewrites the potluck.scm files. It sounds nice! One challenge though... what do we do about multiple channels introducing version skew? (Maybe I'm abusing that term?) This isn't something we've dealt with before in Guix... if my channel adds something that depends on your channel's package definition, do I explicitly set a revision for your channel? Otherwise else, your channel could change as you upgrade your software version, and that might unexpectedly break my channel...