From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: Re: Guix beyond 1.0: =?utf-8?Q?let=E2=80=99s?= have a roadmap! Date: Sun, 07 Jul 2019 16:09:24 +0200 Message-ID: <87ef32aqcr.fsf@gnu.org> References: <877e97vws8.fsf@gnu.org> <87blyeqdc1.fsf@gnu.org> <42aa38f7-1414-4138-9f77-c0895ec19c77@www.fastmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:45925) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hk7r5-0004jk-LZ for guix-devel@gnu.org; Sun, 07 Jul 2019 10:09:28 -0400 In-Reply-To: <42aa38f7-1414-4138-9f77-c0895ec19c77@www.fastmail.com> (Alex Griffin's message of "Mon, 01 Jul 2019 13:12:32 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Alex Griffin Cc: guix-devel@gnu.org Hi, "Alex Griffin" skribis: > On Mon, Jul 1, 2019, at 10:06 AM, Ludovic Court=C3=A8s wrote: >> > ** TODO run-time configuration system for services, similar to OpenWrt= 's UCI >>=20 >> What does it mean? (I don=E2=80=99t know UCI.) > > UCI is a configuration language and tool layered on top of the underlying= packages. It gives a single machine-readable configuration format to every= thing, and then uses it to generate the real config files used by services.= It's the thing that lets you change your router settings from the OpenWrt = web interface or command line. > > It's a lot like Guix system declarations, except service configuration ha= ppens at runtime. I guess the thing I really want though is a web interface. Giovanni Biscuolo skribis: > UCI [1] short description: =C2=ABsmall utility written in C (a shell > script-wrapper is available as well) and is intended to centralize the > whole configuration of a device running OpenWrt.=C2=BB > > How UCI works [2]: > =C2=ABApplications are made UCI-compatible by simply writing the original > configuration file (which is read by the program) according to the > chosen settings in the corresponding UCI file. This is done upon running > the initialization scripts in /etc/init.d/. See Init scripts for more > information. Thus, when starting a daemon with such a UCI-compatible > initialization script, you should be aware that the program's original > configuration file gets overwritten.=C2=BB Interesting! Perhaps there are lessons to be learned from OpenWRT=E2=80=99s experience building UCI and its web interface? And also from Augeas. >> > ** TODO support automatic GPG/signify signature verification of origin= objects >>=20 >> For users or for packagers? > > For packagers. If a package ships with a cryptographic signature, we coul= d commit it with the package and have Guix double check our source integrit= y. This would be especially helpful with `guix refresh`, because I suspect = not everybody is as diligent about integrity checking when Guix just genera= tes a working hash for you. Note: s/integrity/authenticity/ =E2=80=98guix refresh=E2=80=99 automatically checks OpenPGP signatures when= they exist. However, that authenticity check is necessarily out-of-band: there=E2=80=99s nothing we can commit in Guix proper regarding that check. The good thing is that we have complete history of all the changes made to Guix, so anyone can at any time authenticate the source code that Guix refers to. Perhaps what we could do is provide users with a tool to authenticate the source code of specific packages, pretty much like =E2=80=98guix refres= h=E2=80=99 does. What=E2=80=99s more important, though, is authenticating checkouts of Guix itself since it=E2=80=99s at the root of everything: . Thanks, Ludo=E2=80=99.