From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id sFd4NE+NUGYmewAAe85BDQ:P1 (envelope-from ) for ; Fri, 24 May 2024 14:51:28 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id sFd4NE+NUGYmewAAe85BDQ (envelope-from ) for ; Fri, 24 May 2024 14:51:27 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=l41STfcZ; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=riseup.net ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1716555087; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=k1jllUTzejV/vkklBwZMgJDAZeXWp3yXBe65edT58qQ=; b=JhtTeJxOs5ulmWc0zIxfG+rKN5S2yqnPOtzuA0ip1IzfqIjJQEAX7pZaQP0ZAGs3SDcqHD 0voBQCfHWgvKYCwi0bPPHYVPoOuf7mHF6RdADi9qaHTcpmO1cqD5mIZGg/Rzue8pWsGk7D 6d7lG2sxknzoPaDAgFajzR/sEpizPyYyRilDze7pCE4yrg1IjtRTDOnUaWpEWqOq0/UWFF UbLfngFKwkYhzGad/nhk99/FBHYE+/PSrfFq99sYwEhE0L3Wi2W3PWNw2iT63tkitO0Uts inrhhtuNkctUJ17CiyL/NcQnrdFnNMOJ4P1iRL3gmUIpsM9SDlk81lO6WIXP7A== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=riseup.net header.s=squak header.b=l41STfcZ; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=riseup.net ARC-Seal: i=1; s=key1; d=yhetil.org; t=1716555087; a=rsa-sha256; cv=none; b=lTSnXEvX/4g4EN5wH14wEHYCEP0D0nraQWjK5NGhqia2QQEdzwLwcnQv3Gd1zU5cYKWSjs OwsxuC/qxTYfAAwtcCKxVGRzM6qbrsmmVdjI/1DhrZjj7x1k2+8LchbBRkixA4hXja4ct1 DEyus/yMSecTptucOslB5qUPNKvwrCZ0d/UUjhurkqCzH0sRjcstoSXp6PcItVqCgiCMC7 /im75Pfdwu3xf50pqZYxeR/ZBmA38Vw4uKDFnytcMn9M5E9rPRVRCAeit32rKsfC1Apem6 JwSXtsBhf/HOIybh+SUkvyBvvvTTHY+k716mTg5jacEXEMaBtDy0pLDqdwgFRw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B20636BD3B for ; Fri, 24 May 2024 14:51:27 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sAUNr-00040b-4p; Fri, 24 May 2024 08:50:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sAUNo-0003zy-No for guix-devel@gnu.org; Fri, 24 May 2024 08:50:52 -0400 Received: from mx0.riseup.net ([198.252.153.6]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sAUNl-0008Rr-Pg for guix-devel@gnu.org; Fri, 24 May 2024 08:50:51 -0400 Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx0.riseup.net (Postfix) with ESMTPS id 4Vm4dz5dd8z9w6l for ; Fri, 24 May 2024 12:50:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1716555047; bh=tfJ9KiulchjnGZb8rpaYd1aQBruWFhunl41TEHii3Iw=; h=Date:From:To:Subject:From; b=l41STfcZT1p1XdTLYv3CD+14N9zvKme79LGGdGvSiiLnUFKyLmwz9fe9Ffc175KmB vPrnHqeBdSYWumlAM95hBtsfAo4wNJdJiwi8+0BTPKOMCm79m9LARx+hD2wqcWABYQ TpDh9guH+jN7iKgwOhTrUS+Fqt/HhnRws0uBocjo= X-Riseup-User-ID: 895B1573A434E3D1C0110F9B3F4D8E9F3F302ABE7E90A80B607E1CF039E20542 Received: from [127.0.0.1] (localhost [127.0.0.1]) by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4Vm4dz4mK8zFpxj for ; Fri, 24 May 2024 12:50:47 +0000 (UTC) MIME-Version: 1.0 Date: Fri, 24 May 2024 12:50:47 +0000 From: raingloom@riseup.net To: Guix Devel Subject: watchdog triggered auto-rollback Message-ID: <5521e876c1944cf001dd4cac4553f738@riseup.net> Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=198.252.153.6; envelope-from=raingloom@riseup.net; helo=mx0.riseup.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -10.90 X-Migadu-Queue-Id: B20636BD3B X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -10.90 X-TUID: kaRRxv+ydNN3 Since I've been experimenting with a foolproof unikernel based static website deployment lately, I realized I should write down this idea I've been chewing for a while: It would be very nice to have automatic system rollbacks when certain things break. One example is broken SSH config that makes a machine unreachable. Local testing is useful, but like in the SSH example, some issues only become apparent when you are deploying to the production environment. Would others find this useful? Where in the stack would this be solved? Could we, for example, catch an issue in the init system and still perform a rollback? Or if not a full rollback, then at least a reboot into the previous config? (And if that is also broken, then the one before, etc, etc) Obviously there are a lot of edge cases and potential bugs in this mechanism as well. Sticking with the SSH example, rolling back to a version that was kept around where the authorized keys are different would also make the machine unreachable via SSH.