From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp1 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id uO4YDkOP2F/cBwAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 15 Dec 2020 10:26:11 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1 with LMTPS
	id gK7bCUOP2F+sGgAAbx9fmQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 15 Dec 2020 10:26:11 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id EAEBA940222
	for <larch@yhetil.org>; Tue, 15 Dec 2020 10:26:10 +0000 (UTC)
Received: from localhost ([::1]:55364 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1kp7Wz-0005KT-Oz
	for larch@yhetil.org; Tue, 15 Dec 2020 05:26:09 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:42208)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kp7Ws-0005K2-U2
 for guix-patches@gnu.org; Tue, 15 Dec 2020 05:26:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:44169)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1kp7Ws-00062J-ML
 for guix-patches@gnu.org; Tue, 15 Dec 2020 05:26:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1kp7Ws-0007vt-Hv
 for guix-patches@gnu.org; Tue, 15 Dec 2020 05:26:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#45104] pull: Add a "with-substitutes" option.
Resent-From: Mathieu Othacehe <othacehe@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 15 Dec 2020 10:26:02 +0000
Resent-Message-ID: <handler.45104.B45104.160802790830418@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 45104
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: Christopher Baines <mail@cbaines.net>,
 Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Received: via spool by 45104-submit@debbugs.gnu.org id=B45104.160802790830418
 (code B ref 45104); Tue, 15 Dec 2020 10:26:02 +0000
Received: (at 45104) by debbugs.gnu.org; 15 Dec 2020 10:25:08 +0000
Received: from localhost ([127.0.0.1]:55715 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1kp7W0-0007uY-HQ
 for submit@debbugs.gnu.org; Tue, 15 Dec 2020 05:25:08 -0500
Received: from eggs.gnu.org ([209.51.188.92]:48844)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <othacehe@gnu.org>) id 1kp7Vy-0007u4-AB
 for 45104@debbugs.gnu.org; Tue, 15 Dec 2020 05:25:06 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:48925)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <othacehe@gnu.org>)
 id 1kp7Vs-0005b1-6o; Tue, 15 Dec 2020 05:25:00 -0500
Received: from 225.71.114.78.rev.sfr.net ([78.114.71.225]:56324 helo=cervin)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <othacehe@gnu.org>)
 id 1kp7Vr-0006qz-5p; Tue, 15 Dec 2020 05:24:59 -0500
From: Mathieu Othacehe <othacehe@gnu.org>
References: <87eek1vd4g.fsf@gnu.org> <87a6uohztw.fsf@cbaines.net>
 <877dpktzot.fsf@gnu.org>
Date: Tue, 15 Dec 2020 11:24:55 +0100
In-Reply-To: <877dpktzot.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s
 message of "Mon, 14 Dec 2020 12:05:54 +0100")
Message-ID: <878s9zfjt4.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Cc: 45104@debbugs.gnu.org
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -2.81
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Migadu-Queue-Id: EAEBA940222
X-Spam-Score: -2.81
X-Migadu-Scanner: scn0.migadu.com
X-TUID: SCUa7J3iaNMZ


Hey Chris and Ludo,

> Agreed on these points.

Yes I think you are definitely right on that point.

>                                 (and (evaluation-complete? evaluation)
>                                      (string=3D? "guix-modular-master"
>                                                (evaluation-spec
>                                                 evaluation))))

On Berlin, evaluations can be completed for days, but the associated
builds never started. I think that searching directly for a completed
build provides a stronger guarantee of available substitutes.

> ;; Pull the latest commit fully built on berlin.guixsd.org.
> (list (channel
>        (name 'guix)
>        (url "https://git.savannah.gnu.org/git/guix.git")
>        (commit (pk 'commit (latest-commit-successfully-built)))))

Providing such a procedure definitely makes sense though.

>   (channel-with-substitutes-available
>     (channel (name 'guix) =E2=80=A6)
>     "https://ci.guix.gnu.org"
>     (specifications->manifest '("emacs" "guile")))

Yes it would be the ultimate thing! However, while finding the latest
commit with an available substitute for a derivation is quite easy,
finding a commit with available derivations for N derivations seems way
more difficult.

> It does mean that we=E2=80=99re asking users to do extra work.  Perhaps t=
here
> could still be a command-line option that would call
> =E2=80=98channel-with-substitutes-available=E2=80=99 for you, but at leas=
t it would take
> an explicit URL and clarify what Chris mentioned?

Yes, the user would then have to provide the channels that need
available substitutes, the URL to use for the substitution check and
maybe a manifest that also needs available substitutes.

The channels list could default to '("guix") and the URL to
"https://ci.guix.gnu.org" as it would be a sensible default for most
Guix users I think.

> BTW, doing all this is safer today because =E2=80=98guix pull=E2=80=99 wi=
ll detect and
> prevent downgrades.  Though an attacker who manages to break into
> ci.guix.gnu.org could cause all the users of
> =E2=80=98channel-with-substitutes-available=E2=80=99 to no longer receive=
 updates or to
> receive them more slowly than they appear in Git simply by making CI
> even slower than it currently is.

Yes, the downgrade check definitely helps here, as it's often what will
happen with our lagging CI. Regarding the security aspect, I think that
breaking into ci.guix.gnu.org can have other way more impacting
consequences.

Thanks,

Mathieu