From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 2O7XGo12A2Z1NgAA62LTzQ:P1 (envelope-from ) for ; Wed, 27 Mar 2024 02:29:49 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id 2O7XGo12A2Z1NgAA62LTzQ (envelope-from ) for ; Wed, 27 Mar 2024 02:29:49 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=cyberdimension.org header.s=dkim header.b="E/xXsqAG"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1711502989; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=+4l06Y8m9jQvpOloRnJuGgl3nvPqY09xYqpSJlnSiYk=; b=gu28NiImf5pmMW2QHUmKgv2UA8keRZnYKod7DjOv5k+nDhvcaKp7eMybvsPodxK1Eq2ou7 5U0Pb7ZfjX88NErsY86ovFlSA6SmzV76OItMs0S7zSwL28mALDQBUeNwZK9AYetstfXzTh TOo/QLUIbHdrbwKWCXOsPOu/4RlcQuGxf/FLiBit4ymHPHxunMTEwr5L5eHbJ827OetjmA K8ee133swnryJQvJdRNZNAUvYK/hJsWN5b95VtZoLyobNBHiMXtauDLHqv+fqrHBma5tB0 eIMQHKumYL7SMbi0HIURGsR1wWRBeoCgu56jzEDJm3nQJKBtgt4GKR0mVIRYkg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=cyberdimension.org header.s=dkim header.b="E/xXsqAG"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1711502989; a=rsa-sha256; cv=none; b=YtM/u8g4zD1F4cY/TKoTDafRjYk8Yw8e+M0ZekgD9cFZzeChUbzxVI7Auy70FmOoYMNypa OXl+58bNxHDSdI3pQHFEvaBeHkEU7wOWJ0JRt5BV7j61hJ+t6FSUsil9sspPlrO9qGBK6K Ru0Zw3lQ1lf2jwebyDjuuUTAS2Na/ntZs0OAP/JEVvEQ1aMgeSIV6i//hPiwr07pdE0fIy pm1ju0xV1XfhniRa3ZDzgLENDHkfU908ebC415XQ/8RimjyI4wN4aIxOh00P86unY4NbBu jw/2yShkVwOvLPCdpGPGYk0Cf94uwnhQCWlqK6rTgzvQV5C8Jkv6imv00zih/w== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EB1F1A061 for ; Wed, 27 Mar 2024 02:29:48 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rpI6Q-0005JG-5x; Tue, 26 Mar 2024 21:29:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rpI6M-0005Iy-MZ for help-guix@gnu.org; Tue, 26 Mar 2024 21:29:16 -0400 Received: from cyberdimension.org ([80.67.179.20] helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rpI6J-0003YW-NG; Tue, 26 Mar 2024 21:29:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=dkim; bh=42JBZ6n2q7rIivi cA1nEJrBHtAAWadfUREwGFxOZtSk=; h=references:in-reply-to:subject:cc:to: from:date; d=cyberdimension.org; b=E/xXsqAGkYfL4ZKXhydQOnvwsvFYcWpTaSj 6V/vj25ofEp2kn+nQebCh4QdQVRA8gnrR9Ajkaag/RE4mjgLOqqPpdGh0VNyRM28Bz4sWd HoTRI7mNy4jQLo1NNCgfze3CqkN6r4TylCByPz1l4dCKpk3mtJWALEEZAS9oXoeJwfG7st phlB9O2rizo2WFymsVmRAqGjshpxBbneI+HDg0izDx6i8uN5W+gPesgMLBKte0HGGk64SY KiLYadIZs5QGZMZcrJXS8aWB1AOdTksDZkJSgmzxkQkKOIKEFclJ7gpPqjoiDjfWuDX51J 6vWSOfd0R9xQ0NKWkrjXTsrxh/A== Received: from primary_laptop (localhost [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id d23714b8; Wed, 27 Mar 2024 01:29:06 +0000 (UTC) Date: Wed, 27 Mar 2024 02:28:47 +0100 From: Denis 'GNUtoo' Carikli To: "pelzflorian (Florian Pelz)" Cc: help-guix@gnu.org, Adrien 'neox' Bourmault Subject: Re: Guix as a non-optional dependency in another project, and Guix resources requirements. Message-ID: <20240327022847.7b3376b9@primary_laptop> In-Reply-To: <87y1a6md0l.fsf@pelzflorian.de> References: <20240316020307.6bf7335c@primary_laptop> <87y1ad6qwa.fsf@pelzflorian.de> <20240322015224.6e7e92cf@primary_laptop> <87il1eeibw.fsf@pelzflorian.de> <20240325012653.4ad16320@primary_laptop> <87y1a6md0l.fsf@pelzflorian.de> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.37; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/H.EIXz3pivCba=wxPtyvoEy"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=80.67.179.20; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Queue-Id: EB1F1A061 X-Spam-Score: -6.94 X-Migadu-Spam-Score: -6.94 X-Migadu-Scanner: mx10.migadu.com X-TUID: Y97LSjxY0VfA --Sig_/H.EIXz3pivCba=wxPtyvoEy Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Mon, 25 Mar 2024 18:34:18 +0100 "pelzflorian (Florian Pelz)" wrote: > Hello, what you intend does sound very interesting. As for =E2=80=9Cguix > time-machine=E2=80=9D, I do not see the problem [...] Let's say a user install Guix 1.4.0 and GNU Boot use a guix commit after v1.4.0, as I understand guix time-machine will fail. Here we have code to detect that situation already, the issue is more what to do when this situation happens. A second problem is if a user install guix and runs guix pull right after but doesn't run guix pull again, and that in the future we start using commits/revisions newer than the ones the user had right after running guix pull. Especially in the second case, running an additional 'guix pull' behind the back of the user can have some bad consequences if the user is also using Guix for other things and for some reasons didn't plan to update guix yet. So my current plan is just to detect that the commit is not there and tell the user to run guix pull and also give the user a way to restore the old guix revision afterward if needed. It's not ideal but it could work right now for all use cases. > Simplifying install docs is being discussed and we would like more > feedback: >=20 > https://issues.guix.gnu.org/69977 > > At the same time, me citing the Arch Wiki=E2=80=99s negative stance on > distros=E2=80=99 guix packages > > and the dealing with the recent Guix local privilege escalation > vulnerability > > hopefully will not cost us our Debian package. Thanks, I'll read all these threads. > > As for supporting various guix build options (like '-c, --cores=3DN', > > '--max-jobs=3DN'), we could probably make that configurable in GNU > > Boot with the help of autotools. >=20 > I do not know, but maybe the Autotools of Guix itself use something > like this to deal with =E2=80=9Cmake -j4=E2=80=9D. My question was more about the user interface and if it was the right thing to do. As for the code implementing it[1], it was pretty easy to do for me and it integrates fine with the current GNU Boot structure: if users run './autogen.sh && ./configure' they can still use the scripts manually, so this avoids too much invasive changes. I still need to do some cleanups though and complete that work (as some things are still missing, like handling 'guix pull' to make sure that guix-time-machine works). [1]https://git.savannah.gnu.org/cgit/gnuboot.git/log/?h=3DGNUtoo/guix-confi= gure > I=E2=80=99m looking forward to reading much of the info you gave in this = mail > on a GNU Boot website, or if the info is there already I just missed > it. The issue is that there is a chicken and egg issue as for the code/documentation to be merged in GNU Boot, we need to figure out the questions I asked in this thread. And there is also a second chicken and egg: we don't want to add a dependency on Guix without a real use case that really requires Guix in some non-optional way (more on that below). As for the code that is actually merged, building the GNU Boot website can be done with guix shell but to do that the user needs to pass --enable-guix to the ./configure in that directory: https://git.savannah.gnu.org/cgit/gnuboot.git/tree/website-build We used Guix shell here because it makes Guix optional, so we didn't need to have the Guix part being ultra robust/polished/documented. If it worked for users already familiar with Guix, it was good enough. And we also already merged code to update Guix: https://git.savannah.gnu.org/cgit/gnuboot.git/tree/resources/dependencies/g= uix https://git.savannah.gnu.org/cgit/gnuboot.git/tree/resources/scripts/misc/g= uix.sh but this is not run automatically, and not mentioned in the documentation either. So users that know about it could run it manually but that's pretty much it. So in the meantime the code/documentation we have on Guix non-optional integration in GNU Boot is available in various branches as it is not ready yet. And we don't want to make Guix non-optional for the website right now, as it works fine in the way it is. And the idea is to try to integrate Guix as a required dependency with the least amount of changes. So it will probably be done to build some tools first like with this branch: https://git.savannah.gnu.org/cgit/gnuboot.git/log/?h=3DGNUtoo/guix-configure This kind of changes really makes sense as it would enable us to fix some installation instructions for some devices which would make the first release closer, and it limits the risk of breakages since it doesn't modify in any way the binaries to install. As for deeper integration that can build GRUB with Guix, it can be found here: https://git.savannah.gnu.org/cgit/gnuboot.git/log/?h=3DGNUtoo/guix Note that this branch is older and will probably be rebased / cleaned up much later (probably after the release). To get there we converted the Libreboot directory structures to resemble more packages with tasks[2], and that is merged already. So that enables us to then just remove the shell commands that build grub and replace that with a call to guix build and keep the rest of the shell commands that reuses the output. [2]https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?id=3D857afa42a8ade= 870115391b09d712b110e6a1066 It's done in this commit for instance: https://git.savannah.gnu.org/cgit/gnuboot.git/commit/?h=3DGNUtoo/guix&id=3D= f96d93160d6c29cb45b999c56f03ec8a4312140d But as explained before, this commit need to be rebased, split, cleaned up, etc. For instance it was made at a time where grub-coreboot wasn't in Guix yet, so now we can simply use the upstream package instead. Denis. --Sig_/H.EIXz3pivCba=wxPtyvoEy Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmYDdk8ACgkQX138wUF3 4mODYg//QSoJ0Ckor3vPEQkIsSKXNdGyCAryj5xFrFn6ZgzuOPQc+ZN7xfl0/atz Y/W4SCxaKGqymxsG8KF0UVYn/mjMY9hp2Caj2WmWz5AI578X27A2DEdz/fLjNoS6 wnEUobS0/k7YtxaE0m1B1KpnUUaEGjrwXBz3x9h+RHf/cNdBp5iu1liBHgcvEB+a 8BNI1Nnybgud4PBPw20K9nXsFE1AVsB7CTkjpZE8LoT7W+6x/JBdmEcJO9ya5apD FFIcI4M+QvvHaxktKD0XRqemipS/4jkTT44YPhREope6wn5N32XKkP+Qxd3BiMbm ysCvyxdlBGEOzcpEx5NTql8xewz5M2h0APDMJzyVGamNfmUPYM3xekW/6I3pRxYE X2O2OtzsS9UkJyI5jvOg4BwDTatuCHkth5ju4/5qvdyp9fq82zSXj0aH/fMYSzd/ /WdiOyI2XtUea63hjlCtaimtMJ1+UH+iWsP+zmJZXJZSubxgru7+a63gh+PGLC9D zB36vYUDfu5AKj/ztctQfEwJw6SAnsT48D3z7xF8MCehmkxRoHLkK0N3RznbAa4a HRL6JLXhP/x3LkfIpfteyzH0oDc0+foqKm7VDA7zLMVthdM8jWYtBH8hr3ftJWC+ DzjqUG1d2qLyA0QqvRBewoPgiUk29/XccnnNL49rl1/Vgx1akdk= =JaF7 -----END PGP SIGNATURE----- --Sig_/H.EIXz3pivCba=wxPtyvoEy--