From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 8A/ILZTYxV51KgAA0tVLHw (envelope-from ) for ; Thu, 21 May 2020 01:25:40 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id eLqyKZTYxV4nBQAAB5/wlQ (envelope-from ) for ; Thu, 21 May 2020 01:25:40 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3120C9404C2 for ; Thu, 21 May 2020 01:25:40 +0000 (UTC) Received: from localhost ([::1]:42626 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jbZxr-00085k-07 for larch@yhetil.org; Wed, 20 May 2020 21:25:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42314) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jbZxi-00085L-5l for guix-devel@gnu.org; Wed, 20 May 2020 21:25:30 -0400 Received: from mail-lj1-x243.google.com ([2a00:1450:4864:20::243]:38176) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jbZxg-0008Vh-EP for guix-devel@gnu.org; Wed, 20 May 2020 21:25:29 -0400 Received: by mail-lj1-x243.google.com with SMTP id m18so6229614ljo.5 for ; Wed, 20 May 2020 18:25:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=oBxQkqQOtLJ71pm0fhjRzA3PKKucx8X3Xuh3mFv2fp0=; b=DBlWfJa0lv6BIGEV8XQLRBLdrjgpPYr11H2z9lhJaxbh6ZhMtwPrwaLHcQHYVmWqA8 hEXrhMzdHNsWQvndYqx1FqkEaiOfqfwMiIGAEn5PgwHlnptBeHD6ltY3aT0ay5mt2f+t hSdqRTJOeuURuJFM4/hsT5V6y0CiAgj9Oj1CBmt5Vq/34M7Jgh+yjVAdpVvOGpFuej8O kP88/EpYFC/fcxFUMh4Y/ZklvSASfGL2NKUOgYcMfLs4YhL03PZ99ny2P15OFDAsZLF7 idHY7j5DI0S/Bqiu+KkqbfyfJUdd83zZtWbHFCXmjHKe7Z64ajQ9pYy/vwaEWtZyho4b DPVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=oBxQkqQOtLJ71pm0fhjRzA3PKKucx8X3Xuh3mFv2fp0=; b=gOlwvA4WPx6riLHAFUwcD0RrmBUYQTmR3YbM4MRMEgL1vAwWzclIq9UF62nZdSXMSE OtWiTUFWA0FJxOUd7xyfIqBW74wUoqMnM6NbVc9+Tc88IdSGOw+xQnlnOKwBbSnZuxAp 1VlsYoxZAf053st3QIAazSOYD7jYeKsbG9QnMYfyjJPhDHsQWZ4aT2auEh6l/NwcHWhw QCWEkxlEJgGp1lS1N2yVSquwefE6zgBdzC7DGdZSowbdGnsIPfvAfjsLtgYf3RKBHwvC mWbueRFFO9yTW/hT90suffx61xycJi+0E/iwHdDi1nUv7iUegENsUSSY9vMNuTQfLWJ4 R9yA== X-Gm-Message-State: AOAM530fqml1k3bMsTLwM4i9QvadoZJ3DUKvqb9kvkVMWto64rWpAye9 cLV1CkTBmQ1KQVDQ2ZuwFRNVHzHkEfvJ1JhnOBt7IlS1GwE= X-Google-Smtp-Source: ABdhPJwWJ+1WFH8c+me9DDsaYdnQwp2HBMPxTyPryn40PMb0ZP81qx12aQj6h/bVpyqJiT+ULAQOqowwVxA6YmL1V3M= X-Received: by 2002:a2e:9093:: with SMTP id l19mr3941728ljg.27.1590024326102; Wed, 20 May 2020 18:25:26 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Begley Brothers Inc Date: Wed, 20 May 2020 20:24:49 -0500 Message-ID: Subject: Re: Guix mirrors To: guix-devel Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2a00:1450:4864:20::243; envelope-from=begleybrothers@gmail.com; helo=mail-lj1-x243.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20161025 header.b=DBlWfJa0; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -1.71 X-TUID: f84zwj5/TESo On Wed, May 20, 2020 at 7:45 PM Begley Brothers Inc wrote: > > Thanks to @kozodev on gitlab.com, a possible workaround, available > immediately, is to document the following in the web pages and alt-F2 > help as appropriate: > > 3.6.2 Proceeding with the Installation > > 8.1 Using the Configuration System > > with (note the inital root init channel path needs to be inserted) > > ```bash > ... > (use-package-modules screen) > > ;; Your `guix system init /etc/conf.scm` or > ;; susequent `guix pull` and `guix system reconfigure` may > ;; fail because the Guix server is unavailable - you will see > ;; HTTPS errors 404, 504, 502. > ;; In this situtaion, please use one of: > ;; - "https://mirror1.com/x/y/z/guix.git" > ;; - "https://mirror2.com/a/guix.git" > ;; - "https://mirror2.com/d/e/guix.git" > ;; in the `with-output-to-file` code below. Which you should uncomment, > ;; then re-run: > ;; > ;; # guix system init /etc/conf.scm > ;; > ;; NOTE: Air-Gapped Facility Users. > ;; If you are using guix in an air-gapped facility you will > ;; need to add your Guix repository and uncomment this code > ;; *before* running: > ;; > ;; # guix system init /etc/conf.scm > ;; > ;; There is curently no other way to repoint the init phase > ;; to your air-gapped repository. > > ;;(with-output-to-file "/path/to/roots/first/init/channels.scm" > ;; (lambda () > ;; (display "(cons* (channel (name 'guix) (url > \"https://internal.net/x/y/z/guix.git\")) %default-channels)"))) > > (operating-system > ... > ``` > > HTH? > > > On Tue, May 19, 2020 at 2:32 AM Begley Brothers Inc > wrote: > > > > Hi, > > Over the last 24 hours I've experienced `guix pull` etc being > > unavailable (HTTP 504's then 502's) more than available. > > > > Is there a reason why a post receive hook can't be added to the guix > > repo to push to github, gitlab, etc. and in that way at least give > > users some protection against these outages? > > > > There is a mirror[1] possibly (unofficial?) but it looks like it is > > driven by some chron task. > > > > The required post receive hook is well documented[2], and not > > un-common amoung reputable OS projects: > > > > - Android > > - The Apache Software Foundation > > - The Chromium Project > > - The Eclipse Foundation > > - The FreeBSD Project > > - The Glasgow Haskell Compiler > > - GNOME > > - The Linux kernel source tree > > - Qt > > > > [1]: https://github.com/guix-mirror/guix > > [2]: https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks > > > > -- > > Kind Regards > > > > Begley Brothers Inc. PS I'm not sure if you want to add this to the docs, but there does not seem to be dedicated functionality to securely deal with secret data in Guix. One way to work a around that is to host your own package, and add that to the channels before you run (as root): ```bash guix system init /etc/conf.csm ``` These two issues (configurable repo and secret management) are what I've encountered that blocked "reproducible operating systems" being true. Since that is a claim made on the fornt page (https://guix.gnu.org/) I think adding something like the prior suggestion to the docs mean you can plausibly claim the statement is not misleading. Otherwise maybe change the statement to "partially reproducible systems" and at the "declarative system configuration" link to section 8.1 Using the Configuration System, just add two bullet points that still in devlopment are 1) configurable init repositories 2) secret management. Its debatable whether orchestration is a necessary function for the "reproducible operating systems" claim to be considered (reasonably) true. Hashicorp/Terraform and Packet/Tinkerbell would disagree. I should note I haven't mentioned the FSF/GNU/Guix sponor and their orchestration product mainly because it is Apache Airflow adapted to a cloud use case. Apache Airflow themselves say they are more comparable to Oozie and Azkaban, so you have to do a lot of heavy lifting to get your sponsor's product - as best I know there is not OSS project upstream to your sponsors product. Happy to stand corrected. -- Kind Regards Begley Brothers Inc. The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. This message has been sent as a part of discussion between Begley Brothers Inc. and the addressee whose name is specified above. Should you receive this message by mistake, we would be most grateful if you informed us that the message has been sent to you. In this case, we also ask that you delete this message from your mailbox, and do not forward it or any part of it to anyone else. Thank you for your cooperation and understanding. Begley Brothers Inc. puts the security of the client at a high priority. Therefore, we have put efforts into ensuring that the message is error and virus-free. Unfortunately, full security of the email cannot be ensured as, despite our efforts, the data included in emails could be infected, intercepted, or corrupted. Therefore, the recipient should check the email for threats with proper software, as the sender does not accept liability for any damage inflicted by viewing the content of this email. The views and opinions included in this email belong to their author and do not necessarily mirror the views and opinions of the company. Our employees are obliged not to make any defamatory clauses, infringe, or authorize infringement of any legal right. Therefore, the company will not take any liability for such statements included in emails. In case of any damages or other liabilities arising, employees are fully responsible for the content of their emails.