From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp1.migadu.com ([2001:41d0:403:58f0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms8.migadu.com with LMTPS
	id SAWmEZ/tr2WJGAAA62LTzQ:P1
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 23 Jan 2024 17:47:27 +0100
Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp1.migadu.com with LMTPS
	id SAWmEZ/tr2WJGAAA62LTzQ
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Tue, 23 Jan 2024 17:47:27 +0100
X-Envelope-To: larch@yhetil.org
Authentication-Results: aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=DQrEMzB3;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1706028447;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:resent-cc:
	 resent-from:resent-sender:resent-message-id:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=LjN5svSVGq7GP4pigZm6dQbVRk6NWFxl5bJRNLJQuZ4=;
	b=PwTkFCDMo/k3KONRIrokyGLE6/IUtO2KFp8OQpY1QGO8f5KU2rByjNhrGG5v4KbB9PHKnM
	97iT5PWk3x/ZT0yBseioQK8BgM+B5VkgTmkwBdsAnRm1bIutCrO2C60LtRzTmRsuTqOhGA
	dB/YCAiGVLrypXKpesLXNL9ALIm/vK8+sEYD1+4X218cqhO/oRXr4KihMV+qOCAlVJlOq4
	xNPskk1gFpWGgq7XmXHCpFIpWhR+Wy1k/5UBuqRmI8TJttH3XctxVn917mYy+uVQHsxNL2
	sR3ACQq26iSkawnPrllCGmIc4FkAmksE8MyMdpQ2oW57CSMFVLYQVGH5ZH6RkQ==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=DQrEMzB3;
	spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org";
	dmarc=pass (policy=none) header.from=gnu.org
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1706028447; a=rsa-sha256; cv=none;
	b=ugL/KkX311+GHIRGP/QdGFKe60P3VQAfJkvbZO3Vhivppta8XauuqiGD7XXQUQ8YIvAQoK
	o4pdVkz14xccycXuasUHpyNCER7lXnzCvZuMvY9AStgww9a2vA8HNEqB140it1ECPlct41
	wcBDtIvC5tQHFzo1ZDPmtSp/wyfFuhjErKu9CbuTjFu1vrDOVdKvosOUTNr5Xca6EtAnpW
	KdwFxE7uVaVoTobMmwlafer4hV3lZTrSd+B1+OLvdKUNypWn6nzXIpPfVv58pOjISoa2XM
	x/6Um8TN6i1tTBTiD1TIPHmbLlwgJsuUnYlrw8tGn/RSTaoeCj+0qhrx34OjGQ==
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 0E8EA3F8F5
	for <larch@yhetil.org>; Tue, 23 Jan 2024 17:47:27 +0100 (CET)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1rSJvV-0003BT-43; Tue, 23 Jan 2024 11:47:05 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rSJvO-0003BC-I1
 for guix-patches@gnu.org; Tue, 23 Jan 2024 11:46:59 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rSJvO-00043D-9v
 for guix-patches@gnu.org; Tue, 23 Jan 2024 11:46:58 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rSJvS-0003xV-MH
 for guix-patches@gnu.org; Tue, 23 Jan 2024 11:47:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#68677] [PATCH 0/6] Service for "virtual build machines"
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 23 Jan 2024 16:47:02 +0000
Resent-Message-ID: <handler.68677.B.170602840315179@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 68677
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 68677@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.170602840315179
 (code B ref -1); Tue, 23 Jan 2024 16:47:02 +0000
Received: (at submit) by debbugs.gnu.org; 23 Jan 2024 16:46:43 +0000
Received: from localhost ([127.0.0.1]:43864 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rSJv8-0003wk-Go
 for submit@debbugs.gnu.org; Tue, 23 Jan 2024 11:46:42 -0500
Received: from lists.gnu.org ([2001:470:142::17]:47988)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1rSJv6-0003wW-BU
 for submit@debbugs.gnu.org; Tue, 23 Jan 2024 11:46:41 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1rSJuv-00039r-Cy
 for guix-patches@gnu.org; Tue, 23 Jan 2024 11:46:29 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1rSJuu-00041Z-Vn; Tue, 23 Jan 2024 11:46:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=LjN5svSVGq7GP4pigZm6dQbVRk6NWFxl5bJRNLJQuZ4=; b=DQrEMzB3I0b910
 gFw48G0L/G2EzxpjRFz+NQ3bPC8T7XTc0QPai1GYc+ABj4QeN+vBbn3fHXC5a9rp7fsAxTItQIGaK
 fgRYC83dN0iaC6XldPCLpqcTRqCgohm+KTe2KR2ZFQNkejGdCjlV98/zrCpiWKyHs0OcvRaaecfWE
 qSz9ZH+rqyYj8z07IfQ4rXvqTM/beh94LGIek0LidIA7tfUN7qA3RXir10DBVCW3OKPVIY5CD30Ch
 1dl2y8fR49h+25qXd+SwDvD/r9AiPdt8DVofjzfrW21VHbDTVSt2auAUVkCtmxUdUrUdkIfSKGSbI
 dy9rndBRW8nVK7pmaaDw==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 23 Jan 2024 17:46:17 +0100
Message-ID: <cover.1706027375.git.ludo@gnu.org>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: guix-patches-bounces+larch=yhetil.org@gnu.org
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
X-Migadu-Spam-Score: -6.36
X-Migadu-Queue-Id: 0E8EA3F8F5
X-Spam-Score: -6.36
X-Migadu-Scanner: mx11.migadu.com
X-TUID: 9EyVPk0ex3oQ

Hello Guix!

Lots of talk about reproducibility and how wonderful Guix is, but
as soon as you try to build packages from v1.0.0, released less
than 5 years ago, you hit a “time trap” in Python, in OpenSSL, or
some other ugly build failure—assuming you managed to fetch source
code in the first place¹.

This patch series defines a long-overdue
‘virtual-build-machine-service-type’: a service to run a virtual
machine available for offloading.  My main goal here is to
allow users to build stuff at a past date without having to
change their system clock.  It can also be used to control other
aspects usually not under control: the CPU model, the Linux kernel.

The series includes changes to <virtual-machine> that are not
actually used but can be useful; they come from a previous iteration
that didn’t pan out.

One limitation I’d like to address is the fact that the SSH and
secrets ports are exposed locally, as is already the case with
childhurds (any local user could inject secrets into the VM if
they connect at the right moment when it boots).  Future work
includes switching to AF_VSOCK sockets—see vsock(7).

Some of the code is shared with childhurds.  I don’t know if
we could factorize things further.

Thoughts?

Ludo’.

¹ This blog post by Simon explains the kind of problem one hits
  when traveling to the not-so-distant past:
  https://simon.tournier.info/posts/2023-12-21-repro-paper.html

Ludovic Courtès (6):
  services: secret-service: Make the endpoint configurable.
  vm: Add ‘date’ field to <virtual-machine>.
  vm: Export <virtual-machine> accessors.
  vm: Add ‘cpu-count’ field to <virtual-machine>.
  marionette: Add #:peek? to ‘wait-for-tcp-port?’.
  services: Add ‘virtual-build-machine’ service.

 doc/guix.texi                   | 139 ++++++-
 gnu/build/marionette.scm        |  32 +-
 gnu/build/secret-service.scm    |  62 ++--
 gnu/services/virtualization.scm | 640 ++++++++++++++++++++++++--------
 gnu/system/image.scm            |   1 +
 gnu/system/vm.scm               | 115 +++++-
 gnu/tests/virtualization.scm    | 176 +++++++--
 7 files changed, 933 insertions(+), 232 deletions(-)


base-commit: 299ce524c9f725549ab5548197cc88b085bba2f4
-- 
2.41.0