From: "Gábor Boskovits" <boskovits@gmail.com>
To: Guix-devel <guix-devel@gnu.org>
Subject: Content addressable store
Date: Wed, 15 May 2019 10:33:18 +0200 [thread overview]
Message-ID: <CAE4v=pj029SPi7o+cjwhrwbq1W0CB2SD-dS2qipfV_RgaY8aWQ@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2221 bytes --]
On IRC at May. 14. 2019, the topic of content addressable store idea was
discussed.
This is also discussed here:
page 143 of https://nixos.org/~eelco/pubs/phd-thesis.pdf (or 135) on the
intentional model
and
https://github.com/NixOS/nix/issues/296.
Thanks for the links roptat.
So, after reading this an initial idea came up, which looks like this:
1. solve the content addressability problem like proposed in the thesis:
- build the derviation like we do it now
- rewrite the self-references to a known constant
- compute the hash after the rewrite
- relocate the package to the store-path indicated by the new hash
2. after the packager builds the package, the content address can be added
to the definition
3. fail tha package build, if it has a content address, but it mismatches
the produced artifact.
4. use flags to allow installing to the original path, and to the content
addressed path.
I propose to default these in such a way, that it installs to the original
path if no content
address specified, and to install to the content addressed path, if the
content address is specfied.
(This might come in hand in the transitional period, so that we can install
the package to both locations)
There are two issues with the approach:
1. only reproducible packages can be content addressed
2. when a package has a content address, then it will be resolved to that
in the dependents, opening up the possibility, that the package points to
the output of another derivation than the one defined in the package. As
per discussion a user using a channel trust the channel code, it was
concluded, that malicious injection can be ignored. What might still
happen, is that upon updating a package, the content address is not
modified, so the dependents still resolve to the old content address, and
have no way of knowing, that the package definition does not actually
build. With proper workflow support this might be manageable.
Benefits of this approach:
- the content addresses do not need a centralized database
- the complications resulting from derivations building to different
outputs is eliminated
- a very good reproducibility indicator is gained
- it can peacfully coexist with our current store.
Wdyt?
[-- Attachment #2: Type: text/html, Size: 12616 bytes --]
reply other threads:[~2019-05-15 8:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAE4v=pj029SPi7o+cjwhrwbq1W0CB2SD-dS2qipfV_RgaY8aWQ@mail.gmail.com' \
--to=boskovits@gmail.com \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).