From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id mIYuEi8FA2dUfQAAqHPOHw:P1 (envelope-from ) for ; Sun, 06 Oct 2024 21:46:23 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id mIYuEi8FA2dUfQAAqHPOHw (envelope-from ) for ; Sun, 06 Oct 2024 23:46:23 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=PBQRFZxe; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=MdUPRHoi; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1728251183; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=Q1dWktniqilpb7evBneMicltxMRROhXrlTfrTJmnHg4=; b=F9mQKv++Gx6IRKLcYwl+hJc0l/BoVxojo17EvjmELOZGNqLgNttvEOmbdlOdLoMjSaWd9c rfqRK90o7pLdYXS3+R/D7FsYHLIp6s4fapP1XXLG7/j1mFb3warwxpDgE5L6klNI5pWKva Xyn7vu8AVG316PqWY5mC+GZwNcaVzXbSn8jyI7zU0CDUsMAClAPtds8CFfBTEJ8T8JaTGD 4YJUzrtO+XPM1XoP8bWtJy+wtc4lmTE9Os4J/79iMHVDNHp1+sUFIYR9IAozOqwH3VT25v FxzLe9AtW3aGLbsYbw1DanSTXPx1vAESfOR3dDohen93Ra6UPa8BkiBhAAHs3Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=PBQRFZxe; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=MdUPRHoi; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1728251183; a=rsa-sha256; cv=none; b=Utb7J6e+jRU8sH+AoijcOZt5RHPYCEJHKX7TijAFlOORmhrxjBnUs9YrYno17KlWf9ogoc onaKd44V76XLQGUyF7K3fZpmvu329JkisTOQrRpqEBln/G5ptJbIvaP9frzeNJQRNWx/8i Vp+uyKEnml1Q0Gd2FUK7TvEphqn2P2s5jGT+XZWyuze/KPrCdqrELUkkmOfjbYGg+lCpAE 8D2fu1p9OjTrYadJexgoxd8Haly/O9JObbHCEiE+XrTZR3PT8bein0ZwG9wm76b3NK7Wq9 QOsz6ixmHln+jGIU/K9Lr3L6fIVaL9+LBYIPPj0sOw/1dLfKztrGu/PXT3zi8g== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 33FC38EEAD for ; Sun, 06 Oct 2024 23:46:22 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sxZ4i-0004v4-HO; Sun, 06 Oct 2024 17:46:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sxZ4e-0004ul-8S for guix-patches@gnu.org; Sun, 06 Oct 2024 17:45:56 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sxZ4e-0004Sx-0D for guix-patches@gnu.org; Sun, 06 Oct 2024 17:45:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=Q1dWktniqilpb7evBneMicltxMRROhXrlTfrTJmnHg4=; b=PBQRFZxevpaqlSivmIOUPb0IY4IZlZCRx7RC59jNcXS9blX8CTcz50+Mf5Nn73AQHFQJUURD4rbHiUD9vX699IwGpZXsWEXT17qxPZxMkTmuaxiKdQEtQnkEKj9uSm2wydQQxEkDdTU5N1EiumNIpalOTH8lVq4UCq77tWtqyUReRTY2GfHW9P7dCYe2UmKKpyAOWtkYfNFJ+Ii4vdXRodeiHwAoHfaGdvvaqMQ9dJy+lP5+l9HO6P9eiHKn/Gg8y39excV9Ls08dA5FCXcvekKwVNTvdKIqiNiSEZdzD+pYWGnCcQcjar/AavLOQJ2FZyHOhPU4WgahtOJJePGebQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sxZ4k-00035G-0y; Sun, 06 Oct 2024 17:46:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72925] [PATCH v10] gnu: Add jpm. Resent-From: Suhail Singh Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org, "Suhail Singh" Resent-Date: Sun, 06 Oct 2024 21:46:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72925 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Omar Bassam Cc: 72925@debbugs.gnu.org, Suhail Singh Received: via spool by 72925-submit@debbugs.gnu.org id=B72925.172825115911846 (code B ref 72925); Sun, 06 Oct 2024 21:46:01 +0000 Received: (at 72925) by debbugs.gnu.org; 6 Oct 2024 21:45:59 +0000 Received: from localhost ([127.0.0.1]:42635 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sxZ4h-000350-6Q for submit@debbugs.gnu.org; Sun, 06 Oct 2024 17:45:59 -0400 Received: from mail-qk1-f193.google.com ([209.85.222.193]:52254) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sxZ4f-00034h-6B for 72925@debbugs.gnu.org; Sun, 06 Oct 2024 17:45:58 -0400 Received: by mail-qk1-f193.google.com with SMTP id af79cd13be357-7a9b72749bcso331050385a.0 for <72925@debbugs.gnu.org>; Sun, 06 Oct 2024 14:45:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1728251085; x=1728855885; darn=debbugs.gnu.org; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:from:to:cc:subject:date:message-id:reply-to; bh=Q1dWktniqilpb7evBneMicltxMRROhXrlTfrTJmnHg4=; b=MdUPRHoi9ruGWED3b9fd7BElKOkgfaTG0utmb1u4zLgGByoXHGIUo/xTfbZ8q9Roze KaOHlJ4TGEwlhmAY3338m2P7R1T0+q4dWuiW/ocEHuiCfSK+jlersu4t2CE/cEtTpgMD W3tmWIMpCDNjgF2WcLAGRpGne8n3pbLOGcmfGp2VvbeT91ickX4vZyQ63WMa33CiSRwa 6zPzLJ9AuL2H/Jf+WMkZuKLzjOvR1t2zX8xFvqt7WZhn7xJLalm82QE9FuhJZKr7Sqow tx22AnnwhnT7a/18rro1yRJT6WT4Odq855zZc69XPPFEhk7IqN+M3CqQaJw3lOr16SEG shSQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1728251085; x=1728855885; h=mime-version:user-agent:message-id:date:references:in-reply-to :subject:cc:to:from:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Q1dWktniqilpb7evBneMicltxMRROhXrlTfrTJmnHg4=; b=ntJysMNdTRIHC6CNNUQPIA1Wy1+xeOAfWwqgdW5jg+2+5rE02KAZ7Ffc6k1rPPEzjN 2KMcFUlcLmIx7ST4QeuZeOiK6W/q3m8s/+bq43kCTi8zRJ4nDhH+WSrtaEG92GRxySiY 8NcNcrWKKpELZhKFy17I7D7RG0Nz1g30vHfT2yLBwC3NR+5/dhPoTjcoWl7wFxQjUHZy z8QWrLTjtoQINyDFrY/yKdcj0nQaJv57julPF/b+IDc1mevzHr73GJm50MIdiamOvFFf gUApj9P6nKQcY1vb17TAi32VDHMPp6g34h2kni0fLJgYgSjPROhXdlxsYnylbNV9TJSU k8Kw== X-Forwarded-Encrypted: i=1; AJvYcCVmFmX3q9Sf/p0096xg70/r95GR2hquJKeK4qNkDD9fWZGU9vyHSKcG5kxoMmwiebEMGp7QOQ==@debbugs.gnu.org X-Gm-Message-State: AOJu0YyBvNVgzcU72/9wCJl5BqFtopmi3uZO/yZc5QXcG2e0mMPA5wlx PB6XCRyvbsWyPWVdqaXBWvRTxsH22BfZx9zd9DqvGXZx624usmIq442debdg X-Google-Smtp-Source: AGHT+IFUEsJX/+D7L49GWJvLwy5YcWq+jwi5dImO23+7vMKrmyha70xLgmjBuH6WIofWsEsHuKZerQ== X-Received: by 2002:a05:620a:319e:b0:7a9:be63:7b40 with SMTP id af79cd13be357-7ae6f422235mr1407000685a.3.1728251084615; Sun, 06 Oct 2024 14:44:44 -0700 (PDT) Received: from gnus (bras-base-mtrlpq0776w-grc-23-65-94-70-53.dsl.bell.ca. [65.94.70.53]) by smtp.gmail.com with ESMTPSA id d75a77b69052e-45da755aa8csm20169991cf.57.2024.10.06.14.44.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 06 Oct 2024 14:44:44 -0700 (PDT) From: Suhail Singh In-Reply-To: <87bjzxgggw.fsf@omar-Latitude-5540.mail-host-address-is-not-set> (Omar Bassam's message of "Sun, 06 Oct 2024 22:48:47 +0300") References: <6e198e7dc1f64bea3a2b1498fb69e597e4d03360.1728148557.git.suhail@bayesians.ca> <87o73xgyf2.fsf@omar-Latitude-5540.mail-host-address-is-not-set> <87msjh5j5f.fsf@gmail.com> <87bjzxgggw.fsf@omar-Latitude-5540.mail-host-address-is-not-set> Date: Sun, 06 Oct 2024 17:44:42 -0400 Message-ID: <8734l86h4l.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: 3.00 X-Spam-Score: 3.00 X-Migadu-Queue-Id: 33FC38EEAD X-TUID: NgOPjyYRU+G1 Omar Bassam writes: >> This should be doable without propagating any other inputs. For example >> by ensuring that jpm sets appropriate environment variables (such as >> $CPATH , $C_INCLUDE_PATH , $CPLUS_INCLUDE_PATH etc.) or flags when >> invoking the compiler. If so, that would be the preferred approach. We >> only want to propagate those inputs that are strictly necessary. >> >> I do know that when I had tried to remove gcc-toolchain (without doing >> anything else) I encountered some errors during "jpm install -l sh" (in >> a pure shell). However, I did not spend any effort in simplifying this, >> and I agree that we should try to. >> >> I look forward to seeing what you come up with in v11 :) >> > > I gave tried replacing gcc-toolchain with gcc and both the "jpm install" > commands and the "jpm build" commands worked fine for me without any > issues. I didn't need to set up any C related environemnt variables. > What kind of error where you getting? I am unable to get the exact message at the moment (due to non-technical and unrelated reasons), but it was some missing header file. As I mentioned in the quoted message above, however, what would be better than propagating gcc, g++ etc would be to ensure that jpm passes appropriate flags when invoking them. Have you looked into that? >>>> + ;; NOTE: Below ensures that the user provides the CA certificates they >>>> + ;; desire (as opposed to bundling `nss-certs' in propagated-inputs, which >>>> + ;; isn't recommended) and when they do, that they are respected. >>> >>> Why isn't bundling nss-certs recommended? >> >> Doing so would deprive the user of the choice of which CAs to trust. >> I.e., if we were to bundle nss-certs we are taking an opinionated stance >> that the user agrees with Mozilla project's stance on these matters. >> > > But how will the user know that they will need to install nss-certs in > the shell or that they need to setup these SSL environemnt variables? Are you saying that when you test in a _non-pure_ shell where system certificates are available, you observe failures? In pure containers, the failure one observes if the user hasn't done something to make certificates available is a commonly known occurrence. See for patch to change this default for networked containers. Note that if you're not using a pure container, things should just work. Please correct me if I am mistaken. > I agree of giving the user the freedom to enable or disable this but I > truly believe we need to provide sane defaults. Bundling nss-certs would depart from the current conventions in Guix (as I have recently come to understand). For what it's worth, I also (now) agree that it's not the place for _a package_ to make the determination of which CAs to trust vs not. However, since I don't have commit authority, you are welcome to ignore my opinions. My goal was simply to demonstrate a working patch that didn't depart from current conventions. I believe I did that. Perhaps there is a discussion to be had, to revise said conventions and/or to better understand the tradeoffs of said and related conventions. However, the guix-devel mailing list may be a better place for such discussions, and it might help your cause of upstreaming jpm if those discussions didn't block this patch. >>> What are the difference between search-paths and >>> native-search-paths. >> >> These are documented in the info manual. However, it's not clear to me >> _why_ native-search-paths is the right thing to use in this situation. >> I posted a message on guix-devel regarding this: >> . >> > > OK, please let me know when you get to the bottom of this. I invite you to join the discussion on guix-devel. It's possible that things that make sense to me, may not to you. >>> And were you able to run the "jpm install" command without >>> nss-certs. Because, for me I was unable to do so. When I added back >>> the nss-certs in propagated-inputs, it worked fine. >> >> That is expected behaviour. >> >> The way to test it, when in a pure container, would be by explicitly >> ensuring that certificates of trusted CAs are included in the profile. >> On way to do so would by adding nss-certs alongside jpm when invoking >> the shell. >> >> Relying on the package to provide nss-certs isn't desirable. We simply >> want to ensure that when the certs are provided that the package _is >> able to use_ them. This is what the native-search-paths line >> accomplishes. > > I still don't understand why is it an expected behaviour if jpm by > default is expected to download packages mainly from github? It is the expected behaviour given my understanding of current packaging practices in Guix. I have nothing more to add beyond what I've already said on this topic. Regards, -- Suhail