From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: Re: Advice about GuixSD on Serveraptor?
Date: Tue, 21 Mar 2017 16:46:20 -0400
Message-ID: <20170321204620.GA30143@jasmine>
References: <20170209183609.5rztohnqhsleifll@wasp>
	<20170213214717.GA11352@jasmine> <20170313003252.GA12094@jasmine>
	<20170321180638.GA3027@jasmine> <87mvcenzvw.fsf@dustycloud.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="h31gzZEtNLTqOjlF"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34103)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cqQfi-0007Zb-UN
	for guix-devel@gnu.org; Tue, 21 Mar 2017 16:46:29 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1cqQfe-0003Pj-RG
	for guix-devel@gnu.org; Tue, 21 Mar 2017 16:46:26 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:58786)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1cqQfe-0003PZ-Gz
	for guix-devel@gnu.org; Tue, 21 Mar 2017 16:46:22 -0400
Content-Disposition: inline
In-Reply-To: <87mvcenzvw.fsf@dustycloud.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Christopher Allan Webber <cwebber@dustycloud.org>
Cc: guix-devel@gnu.org


--h31gzZEtNLTqOjlF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 21, 2017 at 03:22:43PM -0500, Christopher Allan Webber wrote:
> Leo Famulari writes:
> > I can easily create an image to use for this, but I don't want to do it
> > if others think I am going beyond the level of trust placed in me by the
> > Guix project.
>=20
> So, if you provided the source scheme to generate the image, and signed
> the image, people would both have the option to generate the image
> themselves, or download your signed binary image if they trust you?

Not exactly...

Serveraptor offers users a set of images to choose from, but they don't
have a method by which users can upload their own images. You'd have to
make a special arrangement for that.

So what I'm doing here is trying to provide Serveraptor with a GuixSD
image that they'd offer to users.

People could regenerate the image themselves, but it would be difficult
to verify that it matches what is offered by Serveraptor.

There are VPS providers that provide an image upload system but, as far
as I know, none of them accept raw QEMU images. They all want
ISO-formatted images.

> Honestly, at this point the most important thing is to get things to the
> point where we have *a* documented process to install GuixSD on these
> servers; once we have that, and assuming we also have documentation /
> tooling where people could reproduce the whole process (even if they
> used the image you provided, as long as they could reproduce that step
> too) I think we're in a much better state than we are... and we could
> refine further from there.

My idea is to create a bare-bones GuixSD image using `guix system
vm-image` and provide that to Serveraptor. Users would boot directly
into the system and reconfigure it to fit their needs.=20

If by "install GuixSD" you mean "boot the GuixSD USB install and
initialize the system", that does work, but it's not very satisfying
because Serveraptor's management interface does not expose the
virtualized storage devices, so it's difficult (impossible?) to reclaim
the partition used by the installer.

--h31gzZEtNLTqOjlF
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAljRkRwACgkQJkb6MLrK
fwgsIxAA1RsgK329R31Ytuh/uarypIpC427DgzOyKGA66RD3JPHuk6wyrd/JVokL
BFY8Y/iEvCWPJzbS19C+07r5hjjyqkopcP46yyUGXM9rSY1Rd7SdbqhJm072Fmh9
FsAI1mPFuistCJkgiZeGgeV/v+o0437OYU8BvXExH4uMUjnxJC75LPt5tuhIW5UY
VJEFCXzjrDLayIAb7kHBY+h32Klvkmtt5VgD3LuwaSQTEzGZON296Wa4xvz1L8kT
HfNPZG01uQFP+4ZhdCJDyakj5QR9Wn4KS7/bFEc8iwS2Sywwyj9feq0Gkd9/F6zY
e+t8OzE32/Tu4svkTQE+NAgwbfvo86cXs8kj1Xg9RZqDjtJ1cEHviCbEPAE59Pgd
puTDfqiDJ6gwkmIhfUoXCFu4HCVewrhyDttBXsXWIa4nzjDDje4rumsYwNjZb46f
qDwz6ZSPdM4elca/YaNfy6U7H/6PimUjuJjzo7iwxh/iaJlUvIu3mBUh+c28UKg2
3cG5jyXHzYSwNJrN0c1cy5ZFH41CxWfTStPFvhkS9Jd5Qr6TOou5/Y9NVmbHWUVg
1gEsYxQx8f36HNkrykiBjycPqYVVbATf1wGeNyAxHZbc92jM1cfsuaOt3mqfij0w
1y+TF3vr2tZDDW/dOyE1Tbea7VNHsfMh0uLG0+wPKbW35PLvwho=
=ad/7
-----END PGP SIGNATURE-----

--h31gzZEtNLTqOjlF--