From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id sMTPH8MnBGcUBQAAe85BDQ:P1 (envelope-from ) for ; Mon, 07 Oct 2024 18:26:11 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id sMTPH8MnBGcUBQAAe85BDQ (envelope-from ) for ; Mon, 07 Oct 2024 20:26:11 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=i0oyvIp9; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=LBy9DGph; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1728325571; a=rsa-sha256; cv=none; b=O0UcsH+YIvJTYdAKiZH+TFKXQmJ203J4vlbz+9AIgn1dFJ4ehag9FWuB8uu4sozVjDOY/I TnmAo2nn0NWResMu3YdyfGRWOZUHNuA80TwVRSBFR0xrwI3BVP40Y1pAJgTBOSMYHocUKm cF8eylvwbu4u4WBYHJlpW6SHlDiecrAXck1xMEMWTOA9vtzoWtbPtZeN5KGnJoXFeji4vd CDOewX+3pSISGV7YjiFWnbE0tIaBQRk1mVgu/e+PbFqFniPyomFipuvL7laY29N11nWpCR G8fEf1lnbig3xKnYTD9rWa6ELROBTH8WwTaDZW23P+djr5i/W+bpOg0xjp2VBQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=i0oyvIp9; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=LBy9DGph; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1728325571; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=XxGwfQHVj1fcFT4q/WPa6Z0HqmI7lYvAg5eQLefKUvE=; b=jX3Fmp8wj0vAvZAASACJaL5nrpZNo0DjdwI5HEKTfm81k+wIvE3u3FH18AI969uvGBLJFk +kxqWqR91bYHa5Rlh9wcNIELvPkja/479/RnjFYxnbxgqePHw8jPJLPjXSfqqrj6cTPLzz VB7EUuGWabBJjuMXj3vFJp155DPn6sp0z6d5xT19fJa68KQiCg+te4b4JISIST7n7esxUI X8B+fMX6VOroHjSuq8VY0a8N3N2oW/N9SOIyHNedFwiM3eXI9a9l6MPjbtG8wXKf6VWzZ5 iFW2o5N4YK27ryO7U2+eEtwNNE9TT9lg+2teMW9R58rLaqz/E+JAC8QCHuW9FQ== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 1D7A71D691 for ; Mon, 07 Oct 2024 20:26:11 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sxsQf-0000Qy-3i; Mon, 07 Oct 2024 14:25:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sxsQc-0000QU-MN for guix-patches@gnu.org; Mon, 07 Oct 2024 14:25:55 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sxsQc-0004pI-Do for guix-patches@gnu.org; Mon, 07 Oct 2024 14:25:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=XxGwfQHVj1fcFT4q/WPa6Z0HqmI7lYvAg5eQLefKUvE=; b=i0oyvIp9Sgk1L82/z1pqYKgkm4RX4tfeOXmFq13b6ajxddPqx/BOPMrmr5VjKnGWBzPNcSGHFSno07Ae/oW2N84DZotmQpO2Ov9SVQdunFal7+XF0wpC84xtasD37Yuyqagr1o+3p4IIv2Wf1UsOlxl6uY9mbPR2xQ9R2ScMoTxUaf5Qjrl8zXTR4abSmEqdSgR+IAg4wOf/MJjvEbD3WElwx68825DUEVy/hxmjrzKjz/LUHbMh1zMGV1L/Jl7VVUvcDDDuYX+f7i3VwQ54BiNSUZt/AYsBlow10oESs8F0Vwvv/+Zz0qkJ/7wwBz85PgFhiPSbdKWKeAnHqMSn/Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sxsQj-0003gO-Tl; Mon, 07 Oct 2024 14:26:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72925] [PATCH v10] gnu: Add jpm. Resent-From: Omar Bassam Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org, "Suhail Singh" Resent-Date: Mon, 07 Oct 2024 18:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72925 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Suhail Singh Cc: 72925@debbugs.gnu.org, Omar Bassam Received: via spool by 72925-submit@debbugs.gnu.org id=B72925.172832555314139 (code B ref 72925); Mon, 07 Oct 2024 18:26:01 +0000 Received: (at 72925) by debbugs.gnu.org; 7 Oct 2024 18:25:53 +0000 Received: from localhost ([127.0.0.1]:47928 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sxsQa-0003fy-LN for submit@debbugs.gnu.org; Mon, 07 Oct 2024 14:25:53 -0400 Received: from mail-ed1-f54.google.com ([209.85.208.54]:46381) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sxsQY-0003fj-4g for 72925@debbugs.gnu.org; Mon, 07 Oct 2024 14:25:50 -0400 Received: by mail-ed1-f54.google.com with SMTP id 4fb4d7f45d1cf-5c89668464cso6337860a12.1 for <72925@debbugs.gnu.org>; Mon, 07 Oct 2024 11:25:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728325476; x=1728930276; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=XxGwfQHVj1fcFT4q/WPa6Z0HqmI7lYvAg5eQLefKUvE=; b=LBy9DGphBPZphszu1yBLCj9USX3W2ANIwPW5JTXUigvTFUGqQIStlblID0nYcB1/u9 IpOciGttcaQPsnqs5vn4A84hbR09VTUpM8+ZBywEPqHRS50PQJdgu/U1EqkAmNCM4bDj yaFlz+KmdNDu9y7yEv7jl23oUdWUlSJgl87p0bej2HZjSW4+qxSN3FLOqS6V6Z4WnFlw 9JPfA3R5trVhthK1EYylI/AQGavCIo1mc6+vohSMBtOu8QwL5COeLuMjfkc4JIU5y9AR SmWVX+m8W3Qlw8IfzwPippoPgwMRRzcHcC5gGg2E3TrfFJrYZHcpV9A6J4RAR9Idx1Ye iJVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728325476; x=1728930276; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=XxGwfQHVj1fcFT4q/WPa6Z0HqmI7lYvAg5eQLefKUvE=; b=SOg7BSQ9pALljrlAl1zEkp1XgOb7JRoMGmbFELE07n++rEeOGIEcFVZQvY0Hj0csPG 9bwst9gHHAt0lmgaIyDICz8+ieYzY+qyQvv/MQxDSwjs0b9ERvQ9jZb02RoNH+ykSvdZ BQNL8kOj1c2NHSQZD3484RdroNrrTH7QJYd10XZur6WlZ9OhuLPcspVOIpGs55Skj3xi KwU4Ue+gmsJK0SbJsqeUMxiqplxGNWy++Lk+u3E5yxyPYJ9Gpw+ydhfy9U9FJu+5uX7y uZXRq84NE+/RdJjXF3NGXlJ4fbN9ART1wjtSmTvKT9iRHP1JZyGXdFTBbJspGma5sDn7 rKEA== X-Forwarded-Encrypted: i=1; AJvYcCX8kh++Ytkd+qdlN9CZwyzirr2Skl5vaVrH3DZLFBQMXJ551J/aZESdsOuozwHAnmpew1RteA==@debbugs.gnu.org X-Gm-Message-State: AOJu0YxaAhWANSq3CZTq6jqAfZXRdDCl/7bnSpgyGs+HVdLZGvCrqpPL 4cwTIP9STWM9humlLLwo4hLlVC0M1voYic9+3iTvWkFSZ7CjvhT/alPa8TZj X-Google-Smtp-Source: AGHT+IHyfWYZzzQ0f1yETtWhcAOv5qTZVVT+BxcSqSUsnB2efwuD1IJ8uIoGV3s2qh64g0zOngP0UA== X-Received: by 2002:a17:907:608b:b0:a99:56e1:bd30 with SMTP id a640c23a62f3a-a9956e1c04bmr360910266b.42.1728325475921; Mon, 07 Oct 2024 11:24:35 -0700 (PDT) Received: from omar-Latitude-5540 ([46.232.152.32]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a99457d756bsm287402266b.92.2024.10.07.11.24.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Oct 2024 11:24:35 -0700 (PDT) From: Omar Bassam X-Google-Original-From: Omar Bassam In-Reply-To: <8734l86h4l.fsf@gmail.com> (Suhail Singh's message of "Sun, 06 Oct 2024 17:44:42 -0400") References: <6e198e7dc1f64bea3a2b1498fb69e597e4d03360.1728148557.git.suhail@bayesians.ca> <87o73xgyf2.fsf@omar-Latitude-5540.mail-host-address-is-not-set> <87msjh5j5f.fsf@gmail.com> <87bjzxgggw.fsf@omar-Latitude-5540.mail-host-address-is-not-set> <8734l86h4l.fsf@gmail.com> Date: Mon, 07 Oct 2024 21:24:33 +0300 Message-ID: <871q0rhiu6.fsf@omar-Latitude-5540.mail-host-address-is-not-set> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.13 X-Spam-Score: -1.13 X-Migadu-Queue-Id: 1D7A71D691 X-Migadu-Scanner: mx10.migadu.com X-TUID: d4xJPMiGon0Y Suhail Singh writes: > Omar Bassam writes: > >>> This should be doable without propagating any other inputs. For example >>> by ensuring that jpm sets appropriate environment variables (such as >>> $CPATH , $C_INCLUDE_PATH , $CPLUS_INCLUDE_PATH etc.) or flags when >>> invoking the compiler. If so, that would be the preferred approach. We >>> only want to propagate those inputs that are strictly necessary. >>> >>> I do know that when I had tried to remove gcc-toolchain (without doing >>> anything else) I encountered some errors during "jpm install -l sh" (in >>> a pure shell). However, I did not spend any effort in simplifying this, >>> and I agree that we should try to. >>> >>> I look forward to seeing what you come up with in v11 :) >>> >> >> I gave tried replacing gcc-toolchain with gcc and both the "jpm install" >> commands and the "jpm build" commands worked fine for me without any >> issues. I didn't need to set up any C related environemnt variables. >> What kind of error where you getting? > > I am unable to get the exact message at the moment (due to non-technical > and unrelated reasons), but it was some missing header file. > > As I mentioned in the quoted message above, however, what would be > better than propagating gcc, g++ etc would be to ensure that jpm passes > appropriate flags when invoking them. Have you looked into that? > I am not really an expert in compiling C programs so I'm not sure what would be the best way to verify this? the "jpm build" command ran fine for me and I don't have any of those C*PATH environment variables set. >>>>> + ;; NOTE: Below ensures that the user provides the CA certificates they >>>>> + ;; desire (as opposed to bundling `nss-certs' in propagated-inputs, which >>>>> + ;; isn't recommended) and when they do, that they are respected. >>>> >>>> Why isn't bundling nss-certs recommended? >>> >>> Doing so would deprive the user of the choice of which CAs to trust. >>> I.e., if we were to bundle nss-certs we are taking an opinionated stance >>> that the user agrees with Mozilla project's stance on these matters. >>> >> >> But how will the user know that they will need to install nss-certs in >> the shell or that they need to setup these SSL environemnt variables? > > Are you saying that when you test in a _non-pure_ shell where system > certificates are available, you observe failures? Yes, it did fail initially even in a non-pure non-container shell. I had to manually set the SSL_CERT_DIR environment variable to /etc/ssl/certs (I'm on Ubuntu). I did not need to set the SSL_CERT_FILE variable. Is it possible to set a default value for that environment variable? I'm not sure though if the /etc/ssl/certs/ is a standard among all Linux distros or just Ubuntu. > > In pure containers, the failure one observes if the user hasn't done > something to make certificates available is a commonly known occurrence. > See for patch to change this default > for networked containers. > > Note that if you're not using a pure container, things should just work. > Please correct me if I am mistaken. > >> I agree of giving the user the freedom to enable or disable this but I >> truly believe we need to provide sane defaults. > > Bundling nss-certs would depart from the current conventions in Guix (as > I have recently come to understand). For what it's worth, I also (now) > agree that it's not the place for _a package_ to make the determination > of which CAs to trust vs not. However, since I don't have commit > authority, you are welcome to ignore my opinions. My goal was simply to > demonstrate a working patch that didn't depart from current conventions. > I believe I did that. > > Perhaps there is a discussion to be had, to revise said conventions > and/or to better understand the tradeoffs of said and related > conventions. However, the guix-devel mailing list may be a better place > for such discussions, and it might help your cause of upstreaming jpm if > those discussions didn't block this patch. > >>>> What are the difference between search-paths and >>>> native-search-paths. >>> >>> These are documented in the info manual. However, it's not clear to me >>> _why_ native-search-paths is the right thing to use in this situation. >>> I posted a message on guix-devel regarding this: >>> . >>> >> >> OK, please let me know when you get to the bottom of this. > > I invite you to join the discussion on guix-devel. It's possible that > things that make sense to me, may not to you. > Thank you, I'm relatively very new to Guix, so I definitely need to read involved more about those discussions. >>>> And were you able to run the "jpm install" command without >>>> nss-certs. Because, for me I was unable to do so. When I added back >>>> the nss-certs in propagated-inputs, it worked fine. >>> >>> That is expected behaviour. >>> >>> The way to test it, when in a pure container, would be by explicitly >>> ensuring that certificates of trusted CAs are included in the profile. >>> On way to do so would by adding nss-certs alongside jpm when invoking >>> the shell. >>> >>> Relying on the package to provide nss-certs isn't desirable. We simply >>> want to ensure that when the certs are provided that the package _is >>> able to use_ them. This is what the native-search-paths line >>> accomplishes. >> >> I still don't understand why is it an expected behaviour if jpm by >> default is expected to download packages mainly from github? > > It is the expected behaviour given my understanding of current packaging > practices in Guix. I have nothing more to add beyond what I've already > said on this topic. > > Regards, BRs, Omar