* Guix as a non-optional dependency in another project, and Guix resources requirements. @ 2024-03-16 1:03 Denis 'GNUtoo' Carikli 2024-03-20 12:15 ` pelzflorian (Florian Pelz) 2024-05-06 12:34 ` Simon Tournier 0 siblings, 2 replies; 19+ messages in thread From: Denis 'GNUtoo' Carikli @ 2024-03-16 1:03 UTC (permalink / raw) To: help-guix; +Cc: Adrien 'neox' Bourmault [-- Attachment #1: Type: text/plain, Size: 3761 bytes --] Hi, I'm one of the co-maintainers of GNU Boot, a project aimed at replace nonfree boot firmwares that comes with computers with fully free software. For that we reuse software like Coreboot, GRUB, SeaBIOS, etc that are combined into installable images. Most of the code is still inherited from the latest release(s) of Libreboot that produced fully free software releases and currently consists in shell scripts that build these software components (by running ./configure, make etc directly in the shell scripts). Right now we only use Guix as an optional dependency to build the website: if people use './configure --enable-guix', it uses 'guix time-machine [...] -- shell [...]' under the hood to make the build reproducible, install all dependencies, etc. Having Guix optional and not used by default means that people who use --enable-guix already have Guix installed and take know how to update it with guix pull. So if we have Guix as a non-optional dependency, if we take care of automatizing the installation and update of Guix, users would then be able to build GNU Boot directly without having to lean Guix basics first, and worry about learning Guix later on when they contribute to GNU Boot or Guix directly. My first tentative was to automatically install Guix from the host distribution package manager (if Guix is not already there) and update it to the revision we need (if it's not already at a more recent revision). So I took care (in script(s) that are run automatically) of different distros package managers (apt, pacman, yum, etc) and exporting the right variables / sourcing the right scripts, and I still need to handle distributions without a guix package and to enable the substitutes for new Guix installations. But beside that I'm not sure I'm on the right track because: - First and most importantly, running 'guix pull' can fail sometimes, especially if there is not enough RAM per core. A fix that work is to lower the number of cores used with 'guix pull -c 1 -M 1' for instance. But the issue is that I'm unsure how much RAM per core is needed. Maybe 2GiB or 3GiB? Also if users have heavy desktop usage (browser(s) with a ton of tabs open) could that value change? I could ask help from GNU Boot users for testing to find that value but maybe the Guix community already knows more about this. The big downside of my approach here is that if for some reason the script I made uses a 'memory per core' value that is too low, it would probably makes things way more difficult for contributors than having to read the Guix manual upfront in the first place, because it would fail and they won't understand why. So they'd need to understand both Guix, the code I wrote, and what caused the issue. - If Guix was already installed on a host distribution, I'm not sure how to handle substitutes. Ideally I'd like to be able to enable them just for GNU Boot and not change the way they are handled for other Guix usage. Also if substitutes are not used it probably affect the amount of RAM per core required. One way around here could be to build Guix ourselves and somehow find a way to have different defaults, but building that Guix could probably a long time. Are there projects that had similar issues / questions? Or is what I'm trying to do a can of worms and I'd better point users to the Guix manual instead? PS: Is this mail posted on the right mailing list? In one hand these questions are about Guix usage, but in another the people who might know the answer probably need to have a very good understanding of Guix internals and/or of how to write the Guix manual. Denis. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-16 1:03 Guix as a non-optional dependency in another project, and Guix resources requirements Denis 'GNUtoo' Carikli @ 2024-03-20 12:15 ` pelzflorian (Florian Pelz) 2024-03-21 16:26 ` Adrien 'neox' Bourmault 2024-03-22 0:52 ` Denis 'GNUtoo' Carikli 2024-05-06 12:34 ` Simon Tournier 1 sibling, 2 replies; 19+ messages in thread From: pelzflorian (Florian Pelz) @ 2024-03-20 12:15 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli; +Cc: help-guix, Adrien 'neox' Bourmault Hello Denis. I believe automatically invoking package managers for users does not give users control. Telling them what to run, yes, but running the commands for them does not seem like good practice, if it can be avoided. If I were a user, I would mostly like to understand. In particular, the GNU Boot description on Savannah says it aims to replace boot code with 100% free software; the Canoeboot FAQ says it is impossible to get completely rid of Intel ME. I have never flashed Intel/AMD machines, so what do I know. Last time I checked, guix operations like pull needed almost 2GB RAM, because of Guile compilation not optimizing for memory use yet. Regards, Florian ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-20 12:15 ` pelzflorian (Florian Pelz) @ 2024-03-21 16:26 ` Adrien 'neox' Bourmault 2024-03-21 16:35 ` Adrien 'neox' Bourmault 2024-03-22 0:52 ` Denis 'GNUtoo' Carikli 1 sibling, 1 reply; 19+ messages in thread From: Adrien 'neox' Bourmault @ 2024-03-21 16:26 UTC (permalink / raw) To: pelzflorian (Florian Pelz), Denis 'GNUtoo' Carikli; +Cc: help-guix [-- Attachment #1: Type: text/plain, Size: 1673 bytes --] Le mercredi 20 mars 2024 à 13:15 +0100, pelzflorian (Florian Pelz) a écrit : > Hello Denis. > > I believe automatically invoking package managers for users does not > give users control. Telling them what to run, yes, but running the > commands for them does not seem like good practice, if it can be > avoided. If I were a user, I would mostly like to understand. Hi Florian, and thanks for your feedback about that. I personally do not agree with your opinion, because I see Guix like a package manager but also as a reproductible build system and environment, which is a really good thing. > > In particular, the GNU Boot description on Savannah says it aims to > replace boot code with 100% free software; the Canoeboot FAQ says it is > impossible to get completely rid of Intel ME. I have never flashed > Intel/AMD machines, so what do I know. I absolutely don't understand what you're trying to tell here. GNU Boot does not support any board where Intel ME is mandatory to operate the board. Indeed, it's impossible to remove Intel ME from boards that requires it, and this is why we can never support these boards unless someone retroengineers these boards and is able to find a way to fully get rid of ME. > > Last time I checked, guix operations like pull needed almost 2GB RAM, > because of Guile compilation not optimizing for memory use yet. Yes, I know that and this is something I measured myself. Thanks again for your feedback and happy hacking! -- Adrien Bourmault Maintainer, GNU Boot project Associate member, Free Software Foundation GPG : 393D4CC68136F39799DA75F295F65F55F682A17A [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 228 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-21 16:26 ` Adrien 'neox' Bourmault @ 2024-03-21 16:35 ` Adrien 'neox' Bourmault 2024-03-22 0:16 ` Denis 'GNUtoo' Carikli 0 siblings, 1 reply; 19+ messages in thread From: Adrien 'neox' Bourmault @ 2024-03-21 16:35 UTC (permalink / raw) To: pelzflorian (Florian Pelz), Denis 'GNUtoo' Carikli; +Cc: help-guix [-- Attachment #1: Type: text/plain, Size: 444 bytes --] Le jeudi 21 mars 2024 à 17:26 +0100, Adrien 'neox' Bourmault a écrit : > > > > Last time I checked, guix operations like pull needed almost 2GB RAM, > > because of Guile compilation not optimizing for memory use yet. > > Yes, I know that and this is something I measured myself. Sorry, I did not see earlier this was a question Denis asked. I measured that recently and did not have the time to tell him. Thanks for your answer. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 228 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-21 16:35 ` Adrien 'neox' Bourmault @ 2024-03-22 0:16 ` Denis 'GNUtoo' Carikli 2024-04-08 15:52 ` Andreas Enge 0 siblings, 1 reply; 19+ messages in thread From: Denis 'GNUtoo' Carikli @ 2024-03-22 0:16 UTC (permalink / raw) To: Adrien 'neox' Bourmault; +Cc: pelzflorian (Florian Pelz), help-guix [-- Attachment #1: Type: text/plain, Size: 829 bytes --] On Thu, 21 Mar 2024 17:35:25 +0100 Adrien 'neox' Bourmault <neox@gnu.org> wrote: > Sorry, I did not see earlier this was a question Denis asked. I > measured that recently and did not have the time to tell him. Thanks > for your answer. Thanks a lot for the test. The issue here is also that a given measure is very important as it gives some indication, but I'm also not sure that 2GiB is enough with all the situations. For instance a user with a browser and tons of open tabs may need more RAM for Guix. This is also why my initial plan was to ask many people to test, but I then figured out that it was probably best to ask Guix users and contributors first as they might already a precise enough value that we could use, or have insight on if what I am trying to do is a good idea or design. Denis. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-22 0:16 ` Denis 'GNUtoo' Carikli @ 2024-04-08 15:52 ` Andreas Enge 2024-04-08 20:32 ` Felix Lechner via 2024-04-09 9:33 ` pelzflorian (Florian Pelz) 0 siblings, 2 replies; 19+ messages in thread From: Andreas Enge @ 2024-04-08 15:52 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli Cc: Adrien 'neox' Bourmault, pelzflorian (Florian Pelz), help-guix Hello, Am Fri, Mar 22, 2024 at 01:16:28AM +0100 schrieb Denis 'GNUtoo' Carikli: > The issue here is also that a given measure is very important as it > gives some indication, but I'm also not sure that 2GiB is enough with > all the situations. For instance a user with a browser and tons of open > tabs may need more RAM for Guix. I have a virtual machine that essentially runs an nginx instance and had 1GB of memory. This was not enough to do a "guix pull". I asked the people who provide the machine to me to ramp up to 2GB, but this was still not enough. Now I dare not ask for more, as I already felt ridiculous enough asking for 2GB for what essentially amounts to "apt-get update". This is not exactly good advertisement for our system... Andreas ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-04-08 15:52 ` Andreas Enge @ 2024-04-08 20:32 ` Felix Lechner via 2024-04-11 15:36 ` Andreas Enge 2024-04-09 9:33 ` pelzflorian (Florian Pelz) 1 sibling, 1 reply; 19+ messages in thread From: Felix Lechner via @ 2024-04-08 20:32 UTC (permalink / raw) To: Andreas Enge; +Cc: help-guix Hi Andreas, On Mon, Apr 08 2024, Andreas Enge wrote: > I have a virtual machine that ... had 1GB of memory. This was not > enough to do a "guix pull". I operated a 1 GB web server that ran Guix on Linode for a while. Did you configure a swap partition? Kind regards Felix ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-04-08 20:32 ` Felix Lechner via @ 2024-04-11 15:36 ` Andreas Enge 2024-04-11 17:32 ` Felix Lechner via 0 siblings, 1 reply; 19+ messages in thread From: Andreas Enge @ 2024-04-11 15:36 UTC (permalink / raw) To: Felix Lechner; +Cc: help-guix Hello, Am Mon, Apr 08, 2024 at 01:32:25PM -0700 schrieb Felix Lechner: > I operated a 1 GB web server that ran Guix on Linode for a while. Did > you configure a swap partition? actually I did not, good idea! Am Tue, Apr 09, 2024 at 05:23:56AM -0700 schrieb Felix Lechner: > There is also 'guix deploy' from a stronger machine, which I recommend > for any VPS. And this is another good idea, thanks! I tried to reproduce the problem, but so far could not; maybe something changed, maybe I made a mistake previously. I tried to monitor memory usage by a very crude "cat /proc/meminfo|head -3"; the minimum values I saw were around these: MemTotal: 2024516 kB MemFree: 31768 kB MemAvailable: 140064 kB This happened when building guix-base, which seems to be particularly memory hungry. So if I understand correctly, 2GB is about the amount of memory needed for "guix pull". Now I have been running out of disk space, but this is another problem. Andreas ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-04-11 15:36 ` Andreas Enge @ 2024-04-11 17:32 ` Felix Lechner via 0 siblings, 0 replies; 19+ messages in thread From: Felix Lechner via @ 2024-04-11 17:32 UTC (permalink / raw) To: Andreas Enge; +Cc: help-guix Hi Andreas, On Thu, Apr 11 2024, Andreas Enge wrote: > So if I understand correctly, 2GB is about the amount of memory needed > for "guix pull". Probably. By the way, nothing in my messages should be interpreted to say that Guix's memory usage is acceptable. I am merely trying to help. > Now I have been running out of disk space, but this is another > problem. Please have a look at zram [1] which compresses many of your memory pages and requires no device at all (thus saving valuable disk space), or zswap [2] which compresses your swap pages. The latter reduces the size of your swap partition while keeping the same capacity. [3] Kind regards Felix [1] https://en.wikipedia.org/wiki/Zram [2] https://en.wikipedia.org/wiki/Zswap [3] https://stackoverflow.com/questions/18437205/difference-between-zram-and-zswap ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-04-08 15:52 ` Andreas Enge 2024-04-08 20:32 ` Felix Lechner via @ 2024-04-09 9:33 ` pelzflorian (Florian Pelz) 2024-04-09 12:23 ` Felix Lechner via 1 sibling, 1 reply; 19+ messages in thread From: pelzflorian (Florian Pelz) @ 2024-04-09 9:33 UTC (permalink / raw) To: Andreas Enge Cc: Denis 'GNUtoo' Carikli, Adrien 'neox' Bourmault, help-guix Andreas Enge <andreas@enge.fr> writes: > I have a virtual machine that essentially runs an nginx instance and had > 1GB of memory. This was not enough to do a "guix pull". I asked the people > who provide the machine to me to ramp up to 2GB, but this was still not > enough. Now I dare not ask for more, as I already felt ridiculous enough > asking for 2GB for what essentially amounts to "apt-get update". > This is not exactly good advertisement for our system... > > Andreas If other processeses do indeed consume much of the 2GB, you could make Guix pull an older commit for which substitutes are already available: info "(guix)Channels with Substitutes" Actually maybe 1GB is already enough then. Regards, Florian ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-04-09 9:33 ` pelzflorian (Florian Pelz) @ 2024-04-09 12:23 ` Felix Lechner via 0 siblings, 0 replies; 19+ messages in thread From: Felix Lechner via @ 2024-04-09 12:23 UTC (permalink / raw) To: pelzflorian (Florian Pelz), Andreas Enge Cc: Denis 'GNUtoo' Carikli, Adrien 'neox' Bourmault, help-guix Hi, On Tue, Apr 09 2024, pelzflorian (Florian Pelz) wrote: > you could make Guix pull an older commit There is also 'guix deploy' from a stronger machine, which I recommend for any VPS. It's a breeze to set up but does currently come with some security implications. It requires automated SSH access to the root account on the targeted equipment. Kind regards Felix ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-20 12:15 ` pelzflorian (Florian Pelz) 2024-03-21 16:26 ` Adrien 'neox' Bourmault @ 2024-03-22 0:52 ` Denis 'GNUtoo' Carikli 2024-03-22 9:17 ` pelzflorian (Florian Pelz) 1 sibling, 1 reply; 19+ messages in thread From: Denis 'GNUtoo' Carikli @ 2024-03-22 0:52 UTC (permalink / raw) To: pelzflorian (Florian Pelz); +Cc: help-guix, Adrien 'neox' Bourmault [-- Attachment #1: Type: text/plain, Size: 3028 bytes --] On Wed, 20 Mar 2024 13:15:17 +0100 "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote: > Hello Denis. Hi, > I believe automatically invoking package managers for users does not > give users control. Telling them what to run, yes, but running the > commands for them does not seem like good practice, if it can be > avoided. If I were a user, I would mostly like to understand. Here it's more a question of design and what to do or not to do automatically. For instance command line users do understand 'ls' or 'find' without needing to look at its source code or to change it. Many scripts also use 'ls' or 'find'. Here running 'guix build' commands automatically makes sense and as I understand many people sharing their Guix configurations do that, at least to setup the load path (-L, --load-path). Since we want to reuse the output of guix build (because we want to integrate guix progressively) there is no other way. The question here is more how far to go with the rest (guix pull, substitutes, etc), and you get a point with that. When there is setup-specific configuration to do, your advise is usually good as documentation is easier to get right than a very specific tool that works only in a subset of the cases. An example here is if you want to install GNU/Linux on a WiFi access point and that requires you to setup a TFTP server, in that case a documentation is better than fragile scripts. But here Guix is very reproducible there is not a lot to configure for the users here, so it somewhat makes automatizing updates and configuration a bit more relevant than other cases. Though your answer also make me think once we have everything as Guix packages, what we automatize (updates, etc) would still need to be kept working not to break contributors or users habits. So the automatizing would most likely need to be moved in a Makefile. > In particular, the GNU Boot description on Savannah says it aims to > replace boot code with 100% free software; the Canoeboot FAQ says it > is impossible to get completely rid of Intel ME. GNU Boot description talks about boot software, not boot code (more on that below). The devices we support either have no Management Engine (so we don't need to get rid of something that isn't there), or have a management engine hardware with its OS being completely removed. What we remove is the OS (which is software) of the management engine hardware. We don't remove hardware. In practice there is a bootrom inside the Management Engine (that contains some code that is read-only as the name implies), but we can consider that as hardware as it is not modifiable by anybody. In any case we don't have to redistribute any nonfree software so that bootrom has no impact on Guix usage or in our strategy to upstream packages inside Guix. And since that bootrom cannot be updated anyway, we don't have the risk of having to later on provide (nonfree) updates for users either. Denis. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-22 0:52 ` Denis 'GNUtoo' Carikli @ 2024-03-22 9:17 ` pelzflorian (Florian Pelz) 2024-03-25 0:26 ` Denis 'GNUtoo' Carikli 0 siblings, 1 reply; 19+ messages in thread From: pelzflorian (Florian Pelz) @ 2024-03-22 9:17 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli; +Cc: help-guix, Adrien 'neox' Bourmault Hello. Sorry for not being precise. Invoking guix build or guix shell is fine in my opinion, but “apt-get install” is not. Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes: > Here running 'guix build' commands automatically makes sense and as I > understand many people sharing their Guix configurations do that, at > least to setup the load path (-L, --load-path). Yes. It can be trusted to continue working. Guix also supports i686 more or less; it will not be dropped, so memory use can be trusted to not be more than i686 can do. > The devices we support either have no Management Engine (so we don't > need to get rid of something that isn't there), Ohh. > or have a management > engine hardware with its OS being completely removed. > > What we remove is the OS (which is software) of the management engine > hardware. We don't remove hardware. > > In practice there is a bootrom inside the Management Engine (that > contains some code that is read-only as the name implies), but we can > consider that as hardware as it is not modifiable by anybody. Adrien 'neox' Bourmault <neox@gnu.org> writes: > GNU Boot does not > support any board where Intel ME is mandatory to operate the board. Indeed, it's > impossible to remove Intel ME from boards that requires it, and this is why we > can never support these boards unless someone retroengineers these boards and is > able to find a way to fully get rid of ME. Thank you, neox and Denis, for telling about the extent of the removal. Side note, as an observer from outside, it also seems relevant how the project goal is different from Canoeboot. Is the difference that GNU Boot seeks to integrate more with FSDG distros like Guix? That the build system is more traditional? Leah takes it personal, but on the Canoeboot FAQ, I find “GNU Boot does support downloading, deblobbing and re-compressing U-Boot archives, and in fact does a better job of *that* than Canoeboot in some ways, but it does not yet actually build U-Boot, and it does not boot U-Boot in any way, on any actual mainboards.” Regards, Florian ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-22 9:17 ` pelzflorian (Florian Pelz) @ 2024-03-25 0:26 ` Denis 'GNUtoo' Carikli 2024-03-25 17:34 ` pelzflorian (Florian Pelz) 0 siblings, 1 reply; 19+ messages in thread From: Denis 'GNUtoo' Carikli @ 2024-03-25 0:26 UTC (permalink / raw) To: pelzflorian (Florian Pelz); +Cc: help-guix, Adrien 'neox' Bourmault [-- Attachment #1: Type: text/plain, Size: 5309 bytes --] On Guix integration: -------------------- On Fri, 22 Mar 2024 10:17:39 +0100 "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote: > Side note, as an observer from outside, it also seems relevant how the > project goal is different from Canoeboot. Is the difference that GNU > Boot seeks to integrate more with FSDG distros like Guix? Right now our goal is more to work with upstream Guix to add packages in Guix for what we need, and then use these packages to build the images that we distribute in ftp.gnu.org/gnu/gnuboot. We already added grub-coreboot in Guix but we need to add more (at least seabios-coreboot, and the Coreboot memtest86+, and Coreboot itself if possible). Since both GNU Boot maintainers are also Guix users, it also enable us to collaborate with Guix by sending patches and through that somewhat share the maintenance with Guix of a very small number of packages. GNU Boot is also based on an older version of the Libreboot build system that does everything with shell scripts, and we already adapted it to be able to easily replace build commands (./configure, make) by 'guix shell' commands. Since writing Guix packages is relatively easy and that Guix is well documented, if contributors can use 'guix build', then the rest is pretty straightforward and they can learn it step by step, by looking at examples, asking other GNU Boot or Guix contributors for help, etc. So this is why the integration of Guix as a dependency in GNU Boot is something really crucial and that it has to be done right: we don't want to loose contributors because there is too much setup, or because our automatic way to install and update Guix fails. What you suggested could indeed be the way to go: replace the code to at least install and configure Guix with a pointer to the installation section of the official Guix manual, and improve it along the way if we need to (by mentioning more distro packages for instance). This should take care of the substitutes configuration issue. But then we would still like to somehow make guix time-machine --commit=<hash> work automatically, so we need to somehow fetch that revision, and if possible without touching the current guix revision not to mess up the system of people that also use Guix for other things. For that we probably need to add an option to guix pull and upstream that. Since that could take some time, we could start by detecting if the revision we need is not there and in that case at the same time point users to the Guix manual to run guix pull, and warn about the issue of changing guix revision, store the older guix revision in a well known place and provide instructions to restore it. As for supporting various guix build options (like '-c, --cores=N', '--max-jobs=N'), we could probably make that configurable in GNU Boot with the help of autotools. > Guix also supports i686 more or less; it will not be dropped, so > memory use can be trusted to not be more than i686 can do. That's a good point. Once we build all our software with Guix, doing that would also enable building on i686 for free[1]. Answers to your other questions: -------------------------------- Another key difference with Canoeboot is that we also want to work directly with various upstream projects like GRUB or Coreboot to make sure we can keep maintaining the same devices over time. This decision also probably aligns well with Guix goals as having too much extra patch can be a burden to maintain and many distributions have formal or informal policies to limit that to the strict minimum. There are probably other differences as well (website build system, etc) but they might not be very relevant to the use of Guix has a mandatory dependency. Also note that GNU Boot is still pretty new (and doesn't even have an official release yet) so over time there might be more technical differences. > Leah takes it personal, but on the Canoeboot FAQ, I find “GNU Boot > does support downloading, deblobbing and re-compressing U-Boot > archives, and in fact does a better job of *that* than Canoeboot in > some ways, but it does not yet actually build U-Boot, and it does not > boot U-Boot in any way, on any actual mainboards.” If I understood right, Canoeboot dropped that functionality, and it's still in the code of GNU Boot, but I wouldn't rely on that until GNU Boot starts releasing deblobbed u-boot archives or that it's integrated upstream in Guix in some form. References: ----------- [1]The FSDG distributions versions mentioned in the build documentation (https://www.gnu.org/software/gnuboot/web/docs/build/) do not support i686. Using Guix would fix that. All that is because we want to continue supporting the KGPE-D16 (that Guix also uses for its infrastructure), and that right now we use an older Coreboot revision for it, which requires older compiler revisions. We have plans for re-upstreaming this mainboard in Coreboot in a sustainable way (so it doesn't get dropped again) but in the future we might need help to complete that task that either with coding (we might be able to provide reverse engineered documentation to write maintainable code) or funding. Denis. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-25 0:26 ` Denis 'GNUtoo' Carikli @ 2024-03-25 17:34 ` pelzflorian (Florian Pelz) 2024-03-27 1:28 ` Denis 'GNUtoo' Carikli 0 siblings, 1 reply; 19+ messages in thread From: pelzflorian (Florian Pelz) @ 2024-03-25 17:34 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli; +Cc: help-guix, Adrien 'neox' Bourmault Hello, what you intend does sound very interesting. As for “guix time-machine”, I do not see the problem: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes: > But then we would still like to somehow make guix time-machine > --commit=<hash> work automatically, so we need to somehow fetch that > revision, and if possible without touching the current guix revision > not to mess up the system of people that also use Guix for other > things. For that we probably need to add an option to guix pull and > upstream that. > > Since that could take some time, we could start by detecting if the > revision we need is not there and in that case at the same time point > users to the Guix manual to run guix pull, and warn about the issue of > changing guix revision, store the older guix revision in a well known > place and provide instructions to restore it. “guix time-machine” is confined to the store and does not leave traces, like “guix build” and unlike “guix pull”. It is basically “guix pull” without traces. > We already added grub-coreboot in Guix Ahh that was your work, GNU Booters; great job! (Although I have no machine to try yet.) > What you suggested could indeed be the way to go: replace the code to > at least install and configure Guix with a pointer to the installation > section of the official Guix manual, and improve it along the way if we > need to (by mentioning more distro packages for instance). This should > take care of the substitutes configuration issue. Simplifying install docs is being discussed and we would like more feedback: https://issues.guix.gnu.org/69977 At the same time, me citing the Arch Wiki’s negative stance on distros’ guix packages <https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00068.html> and the dealing with the recent Guix local privilege escalation vulnerability <https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00238.html> hopefully will not cost us our Debian package. > As for supporting various guix build options (like '-c, --cores=N', > '--max-jobs=N'), we could probably make that configurable in GNU Boot > with the help of autotools. I do not know, but maybe the Autotools of Guix itself use something like this to deal with “make -j4”. I’m looking forward to reading much of the info you gave in this mail on a GNU Boot website, or if the info is there already I just missed it. Regards, Florian ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-25 17:34 ` pelzflorian (Florian Pelz) @ 2024-03-27 1:28 ` Denis 'GNUtoo' Carikli 2024-03-27 11:22 ` pelzflorian (Florian Pelz) 0 siblings, 1 reply; 19+ messages in thread From: Denis 'GNUtoo' Carikli @ 2024-03-27 1:28 UTC (permalink / raw) To: pelzflorian (Florian Pelz); +Cc: help-guix, Adrien 'neox' Bourmault [-- Attachment #1: Type: text/plain, Size: 5837 bytes --] On Mon, 25 Mar 2024 18:34:18 +0100 "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote: > Hello, what you intend does sound very interesting. As for “guix > time-machine”, I do not see the problem [...] Let's say a user install Guix 1.4.0 and GNU Boot use a guix commit after v1.4.0, as I understand guix time-machine will fail. Here we have code to detect that situation already, the issue is more what to do when this situation happens. A second problem is if a user install guix and runs guix pull right after but doesn't run guix pull again, and that in the future we start using commits/revisions newer than the ones the user had right after running guix pull. Especially in the second case, running an additional 'guix pull' behind the back of the user can have some bad consequences if the user is also using Guix for other things and for some reasons didn't plan to update guix yet. So my current plan is just to detect that the commit is not there and tell the user to run guix pull and also give the user a way to restore the old guix revision afterward if needed. It's not ideal but it could work right now for all use cases. > Simplifying install docs is being discussed and we would like more > feedback: > > https://issues.guix.gnu.org/69977 > > At the same time, me citing the Arch Wiki’s negative stance on > distros’ guix packages > <https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00068.html> > and the dealing with the recent Guix local privilege escalation > vulnerability > <https://lists.gnu.org/archive/html/guix-devel/2024-03/msg00238.html> > hopefully will not cost us our Debian package. Thanks, I'll read all these threads. > > As for supporting various guix build options (like '-c, --cores=N', > > '--max-jobs=N'), we could probably make that configurable in GNU > > Boot with the help of autotools. > > I do not know, but maybe the Autotools of Guix itself use something > like this to deal with “make -j4”. My question was more about the user interface and if it was the right thing to do. As for the code implementing it[1], it was pretty easy to do for me and it integrates fine with the current GNU Boot structure: if users run './autogen.sh && ./configure' they can still use the scripts manually, so this avoids too much invasive changes. I still need to do some cleanups though and complete that work (as some things are still missing, like handling 'guix pull' to make sure that guix-time-machine works). [1]https://git.savannah.gnu.org/cgit/gnuboot.git/log/?h=GNUtoo/guix-configure > I’m looking forward to reading much of the info you gave in this mail > on a GNU Boot website, or if the info is there already I just missed > it. The issue is that there is a chicken and egg issue as for the code/documentation to be merged in GNU Boot, we need to figure out the questions I asked in this thread. And there is also a second chicken and egg: we don't want to add a dependency on Guix without a real use case that really requires Guix in some non-optional way (more on that below). As for the code that is actually merged, building the GNU Boot website can be done with guix shell but to do that the user needs to pass --enable-guix to the ./configure in that directory: https://git.savannah.gnu.org/cgit/gnuboot.git/tree/website-build We used Guix shell here because it makes Guix optional, so we didn't need to have the Guix part being ultra robust/polished/documented. If it worked for users already familiar with Guix, it was good enough. And we also already merged code to update Guix: https://git.savannah.gnu.org/cgit/gnuboot.git/tree/resources/dependencies/guix https://git.savannah.gnu.org/cgit/gnuboot.git/tree/resources/scripts/misc/guix.sh but this is not run automatically, and not mentioned in the documentation either. So users that know about it could run it manually but that's pretty much it. So in the meantime the code/documentation we have on Guix non-optional integration in GNU Boot is available in various branches as it is not ready yet. And we don't want to make Guix non-optional for the website right now, as it works fine in the way it is. And the idea is to try to integrate Guix as a required dependency with the least amount of changes. So it will probably be done to build some tools first like with this branch: https://git.savannah.gnu.org/cgit/gnuboot.git/log/?h=GNUtoo/guix-configure This kind of changes really makes sense as it would enable us to fix some installation instructions for some devices which would make the first release closer, and it limits the risk of breakages since it doesn't modify in any way the binaries to install. As for deeper integration that can build GRUB with Guix, it can be found here: https://git.savannah.gnu.org/cgit/gnuboot.git/log/?h=GNUtoo/guix Note that this branch is older and will probably be rebased / cleaned up much later (probably after the release). To get there we converted the Libreboot directory structures to resemble more packages with tasks[2], and that is merged already. So that enables us to then just remove the shell commands that build grub and replace that with a call to guix build and keep the rest of the shell commands that reuses the output. [2]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=857afa42a8ade870115391b09d712b110e6a1066 It's done in this commit for instance: https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?h=GNUtoo/guix&id=f96d93160d6c29cb45b999c56f03ec8a4312140d But as explained before, this commit need to be rebased, split, cleaned up, etc. For instance it was made at a time where grub-coreboot wasn't in Guix yet, so now we can simply use the upstream package instead. Denis. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-27 1:28 ` Denis 'GNUtoo' Carikli @ 2024-03-27 11:22 ` pelzflorian (Florian Pelz) 2024-04-01 22:02 ` Denis 'GNUtoo' Carikli 0 siblings, 1 reply; 19+ messages in thread From: pelzflorian (Florian Pelz) @ 2024-03-27 11:22 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli; +Cc: help-guix, Adrien 'neox' Bourmault Hi there. Some corrections. Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes: > On Mon, 25 Mar 2024 18:34:18 +0100 > "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote: >> Hello, what you intend does sound very interesting. As for “guix >> time-machine”, I do not see the problem [...] > Let's say a user install Guix 1.4.0 and GNU Boot use a guix commit after > v1.4.0, as I understand guix time-machine will fail. No, it does not fail. I just tried from a pre-v1.4.0 installer to time-machine --commit=9f11c33b6d2c16e710fa2ef3c74f985e2b885350, commit 9f11c33b6d2c16e710fa2ef3c74f985e2b885350 Author: Sou Bunnbu (宋文武) <iyzsong@gmail.com> Date: Sat Mar 16 13:14:37 2024 +0800 gnu: Add logtalk. * gnu/packages/prolog.scm (logtalk): New package. Change-Id: I99e04e70b32c498b5da1f094752279e4668f3865 I can run logtalk binaries. >> I do not know, but maybe the Autotools of Guix itself use something >> like this to deal with “make -j4”. > My question was more about the user interface and if it was the right > thing to do. As for the code implementing it[1], it was pretty easy to > do for me and it integrates fine with the current GNU Boot structure: if > users run './autogen.sh && ./configure' they can still use the scripts > manually, so this avoids too much invasive changes. So from reading the Guix build machinery, Makefile.am runs https://git.savannah.gnu.org/cgit/guix.git/plain/build-aux/compile-all.scm and they use (getenv "MAKEFLAGS") to check if make gets any --jobserver flag that specifies the number of parallel compilations. This seems slightly nicer than a non-standard configure option, but is also more complicated in that Makefile.am calls out to compile-all.scm to do the work. Presumably Guix developers like writing Scheme more than writing shell scripts. > And we also already merged code to update Guix: > https://git.savannah.gnu.org/cgit/gnuboot.git/tree/resources/dependencies/guix > https://git.savannah.gnu.org/cgit/gnuboot.git/tree/resources/scripts/misc/guix.sh > but this is not run automatically, and not mentioned in the > documentation either. So users that know about it could run it manually > but that's pretty much it. Yes, I read in your scripts you check the Guix caches. Of course guix shell and time-machine modify not only the store but also the caches, I’ve said it wrong. But GNU Boot calling “guix time-machine” and thereby modifying the user .cache directory is OK, in my opinion. Why do you need so many different Guix versions? Are there regressions or is it just that you have tried building different parts of Libreboot with different versions of Guix? > And the idea is to try to integrate Guix as a required dependency with > the least amount of changes. So it will probably be done to build some > tools first like with this branch: > https://git.savannah.gnu.org/cgit/gnuboot.git/log/?h=GNUtoo/guix-configure That is, you move Libreboot’s build system stepwise towards using guix build instead. Sounds good from outside; I have not perused all the links throughly. It is very interesting, though. Regards, Florian ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-27 11:22 ` pelzflorian (Florian Pelz) @ 2024-04-01 22:02 ` Denis 'GNUtoo' Carikli 0 siblings, 0 replies; 19+ messages in thread From: Denis 'GNUtoo' Carikli @ 2024-04-01 22:02 UTC (permalink / raw) To: pelzflorian (Florian Pelz); +Cc: help-guix, Adrien 'neox' Bourmault [-- Attachment #1: Type: text/plain, Size: 5191 bytes --] On Wed, 27 Mar 2024 12:22:40 +0100 "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote: > Hi there. [...] Hi > Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> writes: > > On Mon, 25 Mar 2024 18:34:18 +0100 > > "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> wrote: > >> Hello, what you intend does sound very interesting. As for “guix > >> time-machine”, I do not see the problem [...] > > Let's say a user install Guix 1.4.0 and GNU Boot use a guix commit > > after v1.4.0, as I understand guix time-machine will fail. > > No, it does not fail. Thanks a lot, this is very interesting as it could simplify a lot the code. In addition running guix time-machine doesn't modify the current Guix version so it's not invasive. I recall that when I tried it on older versions of Guix, it did fail, but maybe more recent versions don't fail anymore. I'd need to do more tests with that to understand when it fails or doesn't fail and somehow get/require the right conditions and then remove all the code that isn't needed anymore. > >> I do not know, but maybe the Autotools of Guix itself use something > >> like this to deal with “make -j4”. > > My question was more about the user interface and if it was the > > right thing to do. As for the code implementing it[1], it was > > pretty easy to do for me and it integrates fine with the current > > GNU Boot structure: if users run './autogen.sh && ./configure' they > > can still use the scripts manually, so this avoids too much > > invasive changes. > > So from reading the Guix build machinery, Makefile.am runs > > https://git.savannah.gnu.org/cgit/guix.git/plain/build-aux/compile-all.scm > > and they use (getenv "MAKEFLAGS") to check if make gets any > --jobserver flag that specifies the number of parallel compilations. > This seems slightly nicer than a non-standard configure option, but > is also more complicated in that Makefile.am calls out to > compile-all.scm to do the work. Thanks for that information. This could make things work out of the box without more configuration. Though I still need to think about that one as the code is much harder to understand than with configuration options. > Why do you need so many different Guix versions? Are there > regressions or is it just that you have tried building different > parts of Libreboot with different versions of Guix? We don't necessarily need multiple Guix versions but I think it fits better in the current design if we allow that. The old structure of Libreboot we inherited was converted to look more like packages. Now each "package" has a directory in resources/packages/ like resources/packages/grub for instance. And inside the package directory there are shell scripts with specific names like download, build that are tasks. Because of that it makes sense to treat each "package" separately and allow the use of different Guix versions. So practically speaking if I want to replace the code that builds SeaBIOS with shell scripts I could first write a local guix seabios-coreboot package that I add inside resources/packages/seabios/seabios.scm and call guix build inside resources/packages/seabios/payload (which builds SeaBIOS for Coreboot). At this point I could use Guix 1.4.0 if there are no security issues in SeaBIOS or its dependencies for Guix 1.4.0. But once seabios-coreboot is upstreamed in Guix it would make sense to get rid of resources/packages/seabios/seabios.scm completely if possible (if we use the same build options, don't have extra patches, etc) and instead update the shell script that calls guix build to use the Guix version where seabios-coreboot was added. Thanks to that it's easier to update each package without affecting the rest. When everything will have been converted to use Guix packages we would need to think again if using a single Guix revision could make sense or not depending on the amount of risk of breakages. The main advantage of a single revision would be to have way faster builds. > That is, you move Libreboot’s build system stepwise towards using guix > build instead. Sounds good from outside; I have not perused all the > links throughly. It is very interesting, though. The main rationale behind that is to have at any point something that still works. Using Guix just for specific packages like GRUB enable to test the resulting images like with any other changes, and also consistently update the documentation along the way and so on. We can even write some automatic tests that work with images made before Guix is integrated and after without needing any special consideration. And finally it also lowers a lot the odds of having never-ending work to do the conversion, and never finishing nor making any releases, especially because some of the tasks (like building Coreboot) are not trivial (it requires an ada compiler and Guix doesn't have one yet). And all that also makes it easier to collaborate with upstream as we don't need to rush to convert everything to Guix packages, so it leaves time to upstream things. Denis. [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 19+ messages in thread
* Re: Guix as a non-optional dependency in another project, and Guix resources requirements. 2024-03-16 1:03 Guix as a non-optional dependency in another project, and Guix resources requirements Denis 'GNUtoo' Carikli 2024-03-20 12:15 ` pelzflorian (Florian Pelz) @ 2024-05-06 12:34 ` Simon Tournier 1 sibling, 0 replies; 19+ messages in thread From: Simon Tournier @ 2024-05-06 12:34 UTC (permalink / raw) To: Denis 'GNUtoo' Carikli, help-guix; +Cc: Adrien 'neox' Bourmault Hi Denis, On sam., 16 mars 2024 at 02:03, Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> wrote: > - First and most importantly, running 'guix pull' can fail sometimes, > especially if there is not enough RAM per core. A fix that work is to > lower the number of cores used with 'guix pull -c 1 -M 1' for > instance. > > But the issue is that I'm unsure how much RAM per core is needed. > Maybe 2GiB or 3GiB? Also if users have heavy desktop usage > (browser(s) with a ton of tabs open) could that value change? > > I could ask help from GNU Boot users for testing to find that value > but maybe the Guix community already knows more about this. > > The big downside of my approach here is that if for some reason the > script I made uses a 'memory per core' value that is too low, it > would probably makes things way more difficult for contributors than > having to read the Guix manual upfront in the first place, because it > would fail and they won't understand why. So they'd need to > understand both Guix, the code I wrote, and what caused the issue. > > - If Guix was already installed on a host distribution, I'm not sure > how to handle substitutes. Ideally I'd like to be able to enable them > just for GNU Boot and not change the way they are handled for other > Guix usage. Also if substitutes are not used it probably affect the > amount of RAM per core required. > > One way around here could be to build Guix ourselves and somehow find > a way to have different defaults, but building that Guix could > probably a long time. Well, from my understanding, with or without substitutes is the key here. Without substitutes, yeah we hit the Guile compilation boundaries, especially about RAM. With substitutes, the story is different. :-) The only operation that is expensive is: “Computing Guix derivation”. Then the rest is substitutable. Here, we could also speak network requirements but that’s another story. ;-) I have never measured the RAM requirement of this step. I would be surprised if it’s more than 2GiB… but who know! :-) Your users do not need to run a complete Guix but only something that can be determined beforehand and compliant with the rest of your project. Somehow, you have two choices: + Rely on substitutes from Guix project. The advantage is that you have nothing to do, just invoke the right command with your custom script. The main drawback is that your script is subject to Guix project policy when deleting substitutes. To my knowledge, this policy is clear but the effects are hard to predict. + Serve your own substitutes. The advantage is that you control which substitutes are available. The drawback is that you need to setup “guix publish”. Do not take me wrong about the substitutes. You only need the result of some derivations (see ’compile-guix’ procedure in (guix self) module); the ones that “guix pull” builds. Doing that, your script might pinpoint a specific Guix revision and you also serve the substitute requirements for that revision. Bah the first question is the RAM of “Computing Guix derivation”? Cheers, simon ^ permalink raw reply [flat|nested] 19+ messages in thread
end of thread, other threads:[~2024-05-06 12:35 UTC | newest] Thread overview: 19+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2024-03-16 1:03 Guix as a non-optional dependency in another project, and Guix resources requirements Denis 'GNUtoo' Carikli 2024-03-20 12:15 ` pelzflorian (Florian Pelz) 2024-03-21 16:26 ` Adrien 'neox' Bourmault 2024-03-21 16:35 ` Adrien 'neox' Bourmault 2024-03-22 0:16 ` Denis 'GNUtoo' Carikli 2024-04-08 15:52 ` Andreas Enge 2024-04-08 20:32 ` Felix Lechner via 2024-04-11 15:36 ` Andreas Enge 2024-04-11 17:32 ` Felix Lechner via 2024-04-09 9:33 ` pelzflorian (Florian Pelz) 2024-04-09 12:23 ` Felix Lechner via 2024-03-22 0:52 ` Denis 'GNUtoo' Carikli 2024-03-22 9:17 ` pelzflorian (Florian Pelz) 2024-03-25 0:26 ` Denis 'GNUtoo' Carikli 2024-03-25 17:34 ` pelzflorian (Florian Pelz) 2024-03-27 1:28 ` Denis 'GNUtoo' Carikli 2024-03-27 11:22 ` pelzflorian (Florian Pelz) 2024-04-01 22:02 ` Denis 'GNUtoo' Carikli 2024-05-06 12:34 ` Simon Tournier
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).