From: amirouche <amirouche@hypermove.net>
To: gnunet-developers@gnu.org, guix-devel@gnu.org
Subject: gnunet-guile reboot & guix (take two)
Date: Sat, 03 Feb 2018 14:10:36 +0100 [thread overview]
Message-ID: <1517663436.2217.0@mail.gandi.net> (raw)
Hello all,
After discussing gnunet & guix at fosdem with gnunet
people I have better picture of where things can go.
The short story is:
1) There is no way to know the gnunet hash aka. gnunet uri
of a substitute before the build.
2) There is no way to associate gnunet hash and guix hash
in a secure/trusted manner over gnunet. Except maybe
if we use GNS to publish guix hash as subdomains of
substitute-server.guix.gnu?
Possible solutions:
a) Add the gnunet-uri of the substitute in the package
definition. This can only work if the package is
reproducible aka. the build is always the same given
the same package definition. For reproducible builds,
it will be possible to offload the build and
the download over gnunet.
b) Use a central repository (!) which must be trusted and
which will provide a map of guix hash <-> gnunet hash
based on builds done locally. This way we can offload
the download of the files to gnunet...
That said, the central repository is still a SPOF.
Solution b) is not a massive improvement over the current
situation, that said maybe that is good enough. It's the
easy solution. We must:
i) change the substitute server to publish over gnunet
new builds and add the gnunet hash to a local
database.
ii) change the substitute server to publish
guix hash <-> gnunet hash association file
iii) change guix, to fetch the association file from
a trusted server and then download over gnunet
the files.
Solution a) is my prefered because it's truly peer-to-peer
but it leads to complicated workflow for builds that are
not reproducible since we must reset the gnunet uri in
the package definition from a trusted build server.
I am not sure how it's possible to rewrite a package
definition in guile right now.
WDYT?
next reply other threads:[~2018-02-03 13:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-03 13:10 amirouche [this message]
2018-02-03 14:46 ` gnunet-guile reboot & guix (take two) Adam Van Ymeren
2018-02-05 13:25 ` Ludovic Courtès
2018-02-05 18:51 ` Ricardo Wurmus
2018-02-09 15:27 ` [GNUnet-developers] " amirouche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1517663436.2217.0@mail.gandi.net \
--to=amirouche@hypermove.net \
--cc=gnunet-developers@gnu.org \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.