Re: Guix mirrors

[Begley Brothers Inc <begleybrothers@gmail.com>]

On Wed, May 20, 2020 at 7:45 PM Begley Brothers Inc
<begleybrothers@gmail.com> wrote:
>
> Thanks to @kozodev on gitlab.com, a possible workaround, available
> immediately, is to document the following in the web pages and alt-F2
> help as appropriate:
>
> 3.6.2 Proceeding with the Installation
>
> 8.1 Using the Configuration System
>
> with (note the inital root init channel path needs to be inserted)
>
> ```bash
> ...
> (use-package-modules screen)
>
> ;; Your `guix system init /etc/conf.scm` or
> ;; susequent `guix pull` and `guix system reconfigure` may
> ;; fail because the Guix server is unavailable - you will see
> ;; HTTPS errors 404, 504, 502.
> ;; In this situtaion, please use one of:
> ;;   - "https://mirror1.com/x/y/z/guix.git"
> ;;   - "https://mirror2.com/a/guix.git"
> ;;   - "https://mirror2.com/d/e/guix.git"
> ;; in the `with-output-to-file` code below. Which you should uncomment,
> ;; then re-run:
> ;;
> ;; # guix system init /etc/conf.scm
> ;;
> ;; NOTE: Air-Gapped Facility Users.
> ;; If you are using guix in an air-gapped facility you will
> ;; need to add your Guix repository and uncomment this code
> ;; *before* running:
> ;;
> ;; # guix system init /etc/conf.scm
> ;;
> ;; There is curently no other way to repoint the init phase
> ;; to your air-gapped repository.
>
> ;;(with-output-to-file "/path/to/roots/first/init/channels.scm"
> ;;  (lambda ()
> ;;    (display "(cons* (channel (name 'guix) (url
> \"https://internal.net/x/y/z/guix.git\")) %default-channels)")))
>
> (operating-system
> ...
> ```
>
> HTH?
>
>
> On Tue, May 19, 2020 at 2:32 AM Begley Brothers Inc
> <begleybrothers@gmail.com> wrote:
> >
> > Hi,
> > Over the last 24 hours I've experienced `guix pull` etc being
> > unavailable (HTTP 504's then 502's) more than available.
> >
> > Is there a reason why a post receive hook can't be added to the guix
> > repo to push to github, gitlab, etc. and in that way at least give
> > users some protection against these outages?
> >
> > There is a mirror[1] possibly (unofficial?) but it looks like it is
> > driven by some chron task.
> >
> > The required post receive hook is well documented[2], and not
> > un-common amoung reputable OS projects:
> >
> > - Android
> > - The Apache Software Foundation
> > - The Chromium Project
> > - The Eclipse Foundation
> > - The FreeBSD Project
> > - The Glasgow Haskell Compiler
> > - GNOME
> > - The Linux kernel source tree
> > - Qt
> >
> > [1]: https://github.com/guix-mirror/guix
> > [2]: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks
> >
> > --
> > Kind Regards
> >
> > Begley Brothers Inc.

PS

I'm not sure if you want to add this to the docs, but there does not
seem to be dedicated functionality to securely deal with secret data
in Guix.
One way to work a around that is to host your own package, and add
that to the channels before you run (as root):

```bash
guix system init /etc/conf.csm
```

These two issues (configurable repo and secret management) are what
I've encountered that blocked "reproducible operating systems" being
true.
Since that is a claim made on the fornt page (https://guix.gnu.org/) I
think adding something like the prior suggestion to the docs mean you
can plausibly claim the statement is not misleading.
Otherwise maybe change the statement to "partially reproducible
systems" and at the "declarative system configuration" link to section
8.1 Using the Configuration System, just add two bullet points that
still in devlopment are 1) configurable init repositories 2) secret
management.

Its debatable whether orchestration is a necessary function for the
"reproducible operating systems" claim to be considered (reasonably)
true. Hashicorp/Terraform and  Packet/Tinkerbell would disagree.
I should note I haven't mentioned the FSF/GNU/Guix sponor and their
orchestration product mainly because it is Apache Airflow adapted to a
cloud use case. Apache Airflow themselves say they are more comparable
to Oozie and Azkaban, so you have to do a lot of heavy lifting to get
your sponsor's product - as best I know there is not OSS project
upstream to your sponsors product.  Happy to stand corrected.

-- 
Kind Regards

Begley Brothers Inc.

The content of this email is confidential and intended for the
recipient specified in message only. It is strictly forbidden to share
any part of this message with any third party, without a written
consent of the sender. If you received this message by mistake, please
reply to this message and follow with its deletion, so that we can
ensure such a mistake does not occur in the future.
This message has been sent as a part of discussion between Begley
Brothers Inc. and the addressee whose name is specified above. Should
you receive this message by mistake, we would be most grateful if you
informed us that the message has been sent to you. In this case, we
also ask that you delete this message from your mailbox, and do not
forward it or any part of it to anyone else. Thank you for your
cooperation and understanding.
Begley Brothers Inc. puts the security of the client at a high
priority. Therefore, we have put efforts into ensuring that the
message is error and virus-free. Unfortunately, full security of the
email cannot be ensured as, despite our efforts, the data included in
emails could be infected, intercepted, or corrupted. Therefore, the
recipient should check the email for threats with proper software, as
the sender does not accept liability for any damage inflicted by
viewing the content of this email.
The views and opinions included in this email belong to their author
and do not necessarily mirror the views and opinions of the company.
Our employees are obliged not to make any defamatory clauses,
infringe, or authorize infringement of any legal right. Therefore, the
company will not take any liability for such statements included in
emails. In case of any damages or other liabilities arising, employees
are fully responsible for the content of their emails.