From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:37606) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iBKBc-000351-Rl for guix-patches@gnu.org; Fri, 20 Sep 2019 10:47:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iBKBa-0002y7-RE for guix-patches@gnu.org; Fri, 20 Sep 2019 10:47:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:49464) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iBKBZ-0002wy-Sz for guix-patches@gnu.org; Fri, 20 Sep 2019 10:47:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iBKBZ-0000lF-NI for guix-patches@gnu.org; Fri, 20 Sep 2019 10:47:01 -0400 Subject: [bug#37466] [PATCH 2/4] gnu: Add heads. Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:37476) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iBKAh-0002TC-El for guix-patches@gnu.org; Fri, 20 Sep 2019 10:46:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iBKAf-0002at-8K for guix-patches@gnu.org; Fri, 20 Sep 2019 10:46:07 -0400 Received: from lepiller.eu ([2a00:5884:8208::1]:56154) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iBKAb-0002ZB-J8 for guix-patches@gnu.org; Fri, 20 Sep 2019 10:46:04 -0400 Date: Fri, 20 Sep 2019 16:45:42 +0200 In-Reply-To: <20190920154954.35713605@scratchpost.org> References: <20190920010248.28082-1-dannym@scratchpost.org> <20190920073149.2933-1-dannym@scratchpost.org> <20190920073149.2933-2-dannym@scratchpost.org> <20190920140529.234c55ad@alma-ubu> <20190920154954.35713605@scratchpost.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Julien Lepiller Message-ID: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 37466@debbugs.gnu.org, dannym@scratchpost.org, bjoern.hoefling@bjoernhoefling.de Le 20 septembre 2019 15:49:54 GMT+02:00, Danny Milosavljevic a =C3=A9crit : >Hi Bj=C3=B6rn, > >On Fri, 20 Sep 2019 14:05:29 +0200 >Bj=C3=B6rn H=C3=B6fling wrote: > >> That's the non-free kernel, right? > >Right=2E > >> Besides that neither DNS nor Google knows that host=2E > >Hmm, you're right, but it worked for me=2E Doesn't work now=2E >Using "www" is probably better anyhow (and works)=2E > >> In general, this long list of source-files looks a bit strange: I >think >> all/most of these packages are already a Guix package, where >> the source code is (more or less) verified to be FSDG-compatible, >> possibly with a snipped=2E Now this package is just getting a huge list >of >> unreviewed source tarballs in=2E Hm=2E >>=20 >> Could we at least somehow reference the source package from Guix? > >Well, heads provides an initrd and they want reproducible builds for it >for >security purposes--that's the main reason they build a "cross" compiler >too: >To have the compiler produce verifiable executables=2E > >So basically if we change the version or anything, the hashes won't >match >any more and any person going along their installation guide should >abort the installation--because heads has presumably been tampered >with=2E > >Not sure what to do about it=2E > >Maybe at least linux-libre produces bitwise identical outputs to Linux >for what they care about=2E I'll try it=2E Not sure about heads, but some build systems specify the exact version of = their dependencies, but we don't package all of them in guix=2E In that cas= e, the guix build-system overwrites the declared hash with the actual hash = of the package that is used instead=2E Can't you do something similar?