From mboxrd@z Thu Jan 1 00:00:00 1970 From: P via "Development of GNU Guix and the GNU System distribution." Subject: Re: How to reference external program used in shell-scripts? Date: Tue, 03 Sep 2019 13:48:26 +0000 Message-ID: <5N_UMBvLW0XcZzRVKR4nqoYJaDH4yarA6gh7dteO6-GxllsHFtS1N7d4Q-Ffc4Mx4sfnFQVKlBCx8A40o45SXUPlfWdbVd_9S2972A9_DTM=@protonmail.com> References: <72f51f57-3d1a-15f3-458b-cf036841c15a@crazy-compilers.com> <87pnlfww2k.fsf@elephly.net> <87d0hewwfu.fsf@elephly.net> <670e61cd-d3e3-6a91-0773-715d19f5052a@crazy-compilers.com> <87h85tsfdm.fsf@gnu.org> Reply-To: P Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:60437) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i59Ao-0000ow-Vr for guix-devel@gnu.org; Tue, 03 Sep 2019 09:48:45 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i59Am-0002lJ-M2 for guix-devel@gnu.org; Tue, 03 Sep 2019 09:48:42 -0400 Received: from mail-40135.protonmail.ch ([185.70.40.135]:63853) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i59Al-0002kC-Tr for guix-devel@gnu.org; Tue, 03 Sep 2019 09:48:40 -0400 In-Reply-To: <87h85tsfdm.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: "guix-devel@gnu.org" =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original Me= ssage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Tuesday, September 3, 2019 1:01 PM, Ludovic Court=C3=A8s = wrote: > Hello Hartmut, > > Hartmut Goebel h.goebel@crazy-compilers.com skribis: > > > My concerns are not about building, but about installing. A concrete > > example: > > > > - Ansible is a Python program running ssh via a path to > > /gnu/store/=E2=80=A6-openssh-8.0p1/bin/ssh > > > > - Mary installs ansible. > > - Now openssh shows a serious bug and Mary updates openssh using "gui= x > > -u openssh" > > > > > > Obviously this will not update ansible, and ansible will still use the > > old, vulnerable version of openssh. > > OTOH, if ansible would run ssh via $PATH, ansible would pick up the new > > version of openssh. > > The whole idea of functional software deployment is that it=E2=80=99s sta= teless: > you can tell that /gnu/store/=E2=80=A6-ansible-1.2.3 will always behave t= he > same, no matter what other programs are available on your machine. > > Introducing =E2=80=9Cdynamic binding=E2=80=9D (e.g., looking up programs = in $PATH) would > allow for faster security updates in the example you gave, but that > would be at the expense of that core property I described above. It > would be a regression. > > I think what we need in this case is (1) fast security updates, which is > what grafts help us achieve, and (2) documentation that clarifies what > the deployment model is, such that Mary would know that =E2=80=98ansible= =E2=80=99 also > needs to be upgraded in the example above. > > Ludo=E2=80=99. What about the performance side? Can we tell Guix that an input is runtime only? Or only needed in certain s= tages of the build? Or is that better accomplished by splitting a package? For example, if a large package (let's say... written in Rust) uses Lua for= a utility script at run time, but doesn't touch it at build time changing = the Lua version should not result in a recompilation.