From mboxrd@z Thu Jan 1 00:00:00 1970 From: mhw@netris.org Subject: How to include Guix 0.8 in Guix 0.8 Date: Wed, 13 Aug 2014 02:01:32 -0400 Message-ID: <87tx5hlygz.fsf@netris.org> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55620) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHRd7-0005EL-TI for guix-devel@gnu.org; Wed, 13 Aug 2014 02:01:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XHRcx-0007zE-3q for guix-devel@gnu.org; Wed, 13 Aug 2014 02:01:49 -0400 Received: from world.peace.net ([96.39.62.75]:48164) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XHRcx-0007yr-0u for guix-devel@gnu.org; Wed, 13 Aug 2014 02:01:39 -0400 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org Hello all, At present, every version of Guix always contains an older version of itself. We needed a post-0.7 version of Guix to create a USB installer that contains Guix-0.7, but unfortunately it installs an older version of Guix on the hard drive. If you then use the version of Guix on the hard drive to run "guix package -i guix" or "guix system reconfigure", you'll get a still older version of Guix, and so on. It turns out that including Guix 0.8 in Guix 0.8 is not entirely trivial. The problem is that the Guix source tree includes cryptographic hashes of the source code of every package in Guix, including Guix itself. Including the hash of Guix 0.8 in the source code of Guix 0.8 requires solving this equation: = (sha256 (guix-source-with-hash )) I suspect it is hard to find a solution to that equation, and there's no guarantee that such a solution even exists. Therefore, I think we need to avoid including the hash of the latest Guix in our source tree. The good news is that it may be possible to compute the cryptographic hash of the source code of the current version of Guix at build time, from the source tree itself. Essentially, the idea is to do the equivalent of "guix hash -r" on the source tree, but ignoring all files that are not included in the Guix source distribution. Still, there are a few complications: 1. Different versions of 'tar' produce different output, so I think our fixed output derivation for the Guix source code should produce a directory, not a tar file. One possible solution is to always download it from git. Another is to include unpacking in the source derivation. 2. Building Guix from git often modifies the .po files, thus depriving us of a copy of the pristine source. Partly because of complication #2, and also because I'd prefer to adopt a solution that allows _any_ Guix source tree to include itself, even if not in git, here's another idea: Always do "make dist" at build time, and install the built tarball at "make install" time. Every built copy of Guix would always include its own source tarball. Thoughts? Mark