From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id aEUsA5CftGMOcQAAbAwnHQ (envelope-from ) for ; Tue, 03 Jan 2023 22:35:12 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id GFgyA5CftGMfmgAAauVa8A (envelope-from ) for ; Tue, 03 Jan 2023 22:35:12 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D4371320AA for ; Tue, 3 Jan 2023 22:35:11 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pCovh-0002TE-Qb; Tue, 03 Jan 2023 16:34:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pCovg-0002T5-Lo for guix-devel@gnu.org; Tue, 03 Jan 2023 16:34:40 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pCovg-00076X-54; Tue, 03 Jan 2023 16:34:40 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=ZF897CD8N3wDDTka0kXCAZXTRVVSfgfMe+6wRVvUvJs=; b=bUlccLRq3qvZwFkqCRNI izI+xwMWDzsT/S23GcDTgxdNQ03J1lxKROr8z3HI4oDN4umSe2fhj3XYQXsdTOmvDd+7ljbVO6KC4 SrOzNfoUfKzH6YuSO5H91TCUF0dliQa3SRyngekig3oJLMox/KepbEbuoEhiNFzQCHUg5p8UR5yGb lp2Er+PFdlOzOgM2lYvByfUgUFKozk5o4lfVXt0YyRARIB6mQq/ayv4dCL2YHOOg4oZeUU4OMHtmu Jfkt1zy6u+chVPSKwxsvSUG2KkRlFC74yL9YkwvLlbpnhV0BndTczCimmtlYmqnvfahph/dAxlHSx mfvY1b7npy2G3w==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pCovf-0004zz-Nj; Tue, 03 Jan 2023 16:34:39 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Stephen Paul Weber Cc: guix-devel@gnu.org, 0@psycoti.ca Subject: Re: git-fetch without a hash References: <87h6xo2wz8.fsf@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 14 =?utf-8?Q?Niv=C3=B4se?= an 231 de la =?utf-8?Q?R=C3=A9volution=2C?= jour du =?utf-8?Q?Gr=C3=A8s?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 03 Jan 2023 22:34:37 +0100 In-Reply-To: (Stephen Paul Weber's message of "Tue, 3 Jan 2023 14:31:20 -0500") Message-ID: <87o7rf715e.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1672781711; a=rsa-sha256; cv=none; b=bhY4tvO2b+6KAbch7dKBE++XpciZBamMHhxFfFBAuf0iObwF3jq+MDh/X9JG9RcWMKe+tb 9sXrJMIS2bOO9HUibiEJAg1fght2ra841Fb9q0F1i8iBMpK7c07PvQuNEf9J2iNg9IKuWO WssGLNcAiLT5GuoPWDLe5Xp1NOddWmeQ2buZ96ccJv/fsBDiVycAQdQjnkCgyYUcWhYYgI YThmHKtWgn5x/jUhxaj/EqHLo6nU9ELcYaNWpuvSSVqitAz3JKpbAjcLJ41dakU6aZYdsv xNfmluK1UVVwLVNGFCB+Y5/m4lWBVY/e2LWoji6i0wz4artwAYdfx5dWTi++8Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=bUlccLRq; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1672781711; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=ZF897CD8N3wDDTka0kXCAZXTRVVSfgfMe+6wRVvUvJs=; b=HkGw5JsaJNDvelXXApph0GUNd3KOvlGiAlvRvBD4B/Ha75PzF6S7LTLD0+2kKsiA/NnMBP 17zvq1wHrk1M9UpSaKYsAOUv9KXzo8IeoJss/4pxjqAgEOAMnMPHvO4IOxSB/clXYQdinF IlsgIempTmeSDFrXRbT6tGX4zrIWS2m/vetfQSUD5+hrqxrq/i++bmoHLYjT4Hx3FxWsAo lc9+qOn/2drFdnIPn8BByiXFrTjPHl6607IsHfeqMvdkgr6UL5UNuX528quQo7tG8mLPyL KSpv2YDLhNltW5zIZHLJsBJ5DJzj1Vg3hSvGJ4OpQ65jFIXZMOmzwL73hjuQiw== X-Spam-Score: -9.00 X-Migadu-Queue-Id: D4371320AA Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=bUlccLRq; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -9.00 X-TUID: y1fu3kWRCcI3 Hi! Stephen Paul Weber skribis: >>> However, there's no real reason that git-fetch *needs* to be >>> fixed-output in terms of having a hash pre-defined, at least for local >>> development and other purposes. So is there a way around this? >> >> =E2=80=A2 write (package (source (git-checkout =E2=80=A6)) =E2=80=A6) > > This works well. Now I'm curious how to know what can go in the > (source) field? Obviously not just (origin)... Any =E2=80=9Cfile-like object=E2=80=9D can go there: a package (though that= makes little sense), a =E2=80=9Ccomputed-file=E2=80=9D, etc. >>> If having a way around it is not desirable should url-fetch consider >>> this an error as well? >> >>I=E2=80=99m not sure; do you have an example where it=E2=80=99s not behav= ing as >>expected? > > Yes. When using (sha256 #f) url-fetch still has network access and > works to download things, which is inconsistent vs other fetchers. Hmm indeed: --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> ,use(guix) scheme@(guile-user)> ,verbosity 3 scheme@(guile-user)> ,build (origin (method url-fetch) (uri "mirror://gnu/hello/hello-2.12.1.tar.gz") (sha256 #f)) substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 10= 0.0% substitute: updating substitutes from 'https://guix.bordeaux.inria.fr'... 1= 00.0% building /gnu/store/lz34lhyxhq5wxj87fnd465hmwbhv17bn-hello-2.12.1.tar.gz.dr= v... Starting download of /gnu/store/xfc7gsn10j09bi89ldbpfbppfkcldfy9-hello-2.12= .1.tar.gz >From https://ftpmirror.gnu.org/gnu/hello/hello-2.12.1.tar.gz... following redirection to `https://mirror.cyberbits.eu/gnu/hello/hello-2.12.= 1.tar.gz'... downloading from https://ftpmirror.gnu.org/gnu/hello/hello-2.12.1.tar.gz ... hello-2.12.1.tar.gz 1009KiB = 18= .4MiB/s 00:00 [##################] 100.0% successfully built /gnu/store/lz34lhyxhq5wxj87fnd465hmwbhv17bn-hello-2.12.1= .tar.gz.drv $5 =3D "/gnu/store/xfc7gsn10j09bi89ldbpfbppfkcldfy9-hello-2.12.1.tar.gz" --8<---------------cut here---------------end--------------->8--- In this case, the derivation uses the =E2=80=9Cdownload=E2=80=9D built-in b= uilder: --8<---------------cut here---------------start------------->8--- scheme@(guile-user)> ,lower (origin (method url-fetch) (uri "mirror://gnu/hello/hello-2.12.1.tar.gz") (sha256 #f)) $6 =3D # /gnu/store/xfc7gsn10j09bi89ldbpfbppfkcldfy9-hello-2.12.1.= tar.gz 7f3ff487c000> scheme@(guile-user)> (derivation-outputs $6) $7 =3D (("out" . #< path: "/gnu/store/xfc7gsn10j09bi89ld= bpfbppfkcldfy9-hello-2.12.1.tar.gz" hash-algo: sha256 hash: #f recursive?: = #f>)) scheme@(guile-user)> (fixed-output-derivation? $6) $8 =3D #f --8<---------------cut here---------------end--------------->8--- As it turns out, guix-daemon turns off the chroot for all built-in builders, fixed-output or not; quoth =E2=80=98build.cc=E2=80=99: /* Note: built-in builders are *not* running in a chroot environment so that we can easily implement them in Guile without having it as a derivation input (they are running under a separate build user, though). */ useChroot =3D settings.useChroot && !isBuiltin(drv); I was actually surprised to see this, this wasn=E2=80=99t really intended. = The good news is that this is safe AFAICS: there=E2=80=99s only one built-in bu= ilder to date, and that=E2=80=99s =E2=80=9Cdownload=E2=80=9D. Now I wonder whether we should keep this =E2=80=9Cfeature=E2=80=9D or not. = Probably not. Thoughts? Besides, we can think about adding more builtins, such as a =E2=80=9Cgit-download=E2=80=9D builtin, which would let us break potential = cycles. Ludo=E2=80=99.