From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andreas Enge <andreas@enge.fr>
Subject: Re: Server for Guix Hydra/Slave ?
Date: Sat, 5 Mar 2016 12:04:11 +0100
Message-ID: <20160305110411.GA23510@solar>
References: <87oaav9o0k.fsf@grrlz.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55027)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andreas@enge.fr>) id 1acA0R-0002y6-7T
	for guix-devel@gnu.org; Sat, 05 Mar 2016 06:04:20 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <andreas@enge.fr>) id 1acA0O-0001bt-0W
	for guix-devel@gnu.org; Sat, 05 Mar 2016 06:04:19 -0500
Received: from mailrelay2.public.one.com ([91.198.169.125]:38951)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <andreas@enge.fr>) id 1acA0N-0001bh-M7
	for guix-devel@gnu.org; Sat, 05 Mar 2016 06:04:15 -0500
Content-Disposition: inline
In-Reply-To: <87oaav9o0k.fsf@grrlz.net>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Nils Gillmann <niasterisk@grrlz.net>
Cc: guix-devel@gnu.org

Hi Nils,

thanks for the generous offer of a server donation!

So what could be done?

On Thu, Mar 03, 2016 at 11:48:11PM +0100, Nils Gillmann wrote:
> It's a 36€ / year server (I don't believe in the security of OVH,
> but others say it's okay, I personally favor in-berlin.de over
> most providers I had), specs:
> Mainboard Intel Corporation DN2800MT CPU Intel(R) Atom(TM) CPU
> N2800 @ 1.86GHz Cores : 4 Cache : 512 KB Speed : 1862 MHz RAM 1 x
> 2048 MB
> Atom™ N2800 640 346 2c / 4t  1.86 GHz+ 2 GB 500 GB 100 Mbit/s /128

The specs look a bit too low to make it useful as a build slave, compared
to what we already have; especially the low RAM could make a few packages
fail, I think. Even more so since the bottleneck right now is not compilation
power, but processing power by the hydra backend. Also, as you mention,
there is a security question: Right now, we implicitly trust all build
machines through the signature of hydra. If we add too many "random" machines
in "random" data centres, this will not help the trust in the binaries.

On the other hand, an additional mirror cache could always be useful;
with mirror.guixsd.org, we are experimenting right now, so I do not know
whether an additional mirror will make a big difference or not. But the
interesting thing is that this could be done completely independently of the
central hydra infrastructure: Just set it up yourself and advertise it on the
list or on IRC, and then people can use it. You should probably avoid
downloading all the content on hydra and just act as a cache upon an external
request. There would be no security implication, as the packages are signed
by hydra.

Andreas