[bug#45104] pull: Add a "with-substitutes" option.

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Mathieu Othacehe <othacehe@gnu.org>
To: "Christopher Baines" <mail@cbaines.net>,
	"Ludovic Courtès" <ludo@gnu.org>
Cc: 45104@debbugs.gnu.org
Subject: [bug#45104] pull: Add a "with-substitutes" option.
Date: Tue, 15 Dec 2020 11:24:55 +0100	[thread overview]
Message-ID: <878s9zfjt4.fsf@gnu.org> (raw)
In-Reply-To: <877dpktzot.fsf@gnu.org> ("Ludovic Courtès"'s message of "Mon, 14 Dec 2020 12:05:54 +0100")

Hey Chris and Ludo,

> Agreed on these points.

Yes I think you are definitely right on that point.

>                                 (and (evaluation-complete? evaluation)
>                                      (string=? "guix-modular-master"
>                                                (evaluation-spec
>                                                 evaluation))))

On Berlin, evaluations can be completed for days, but the associated
builds never started. I think that searching directly for a completed
build provides a stronger guarantee of available substitutes.

> ;; Pull the latest commit fully built on berlin.guixsd.org.
> (list (channel
>        (name 'guix)
>        (url "https://git.savannah.gnu.org/git/guix.git")
>        (commit (pk 'commit (latest-commit-successfully-built)))))

Providing such a procedure definitely makes sense though.

>   (channel-with-substitutes-available
>     (channel (name 'guix) …)
>     "https://ci.guix.gnu.org"
>     (specifications->manifest '("emacs" "guile")))

Yes it would be the ultimate thing! However, while finding the latest
commit with an available substitute for a derivation is quite easy,
finding a commit with available derivations for N derivations seems way
more difficult.

> It does mean that we’re asking users to do extra work.  Perhaps there
> could still be a command-line option that would call
> ‘channel-with-substitutes-available’ for you, but at least it would take
> an explicit URL and clarify what Chris mentioned?

Yes, the user would then have to provide the channels that need
available substitutes, the URL to use for the substitution check and
maybe a manifest that also needs available substitutes.

The channels list could default to '("guix") and the URL to
"https://ci.guix.gnu.org" as it would be a sensible default for most
Guix users I think.

> BTW, doing all this is safer today because ‘guix pull’ will detect and
> prevent downgrades.  Though an attacker who manages to break into
> ci.guix.gnu.org could cause all the users of
> ‘channel-with-substitutes-available’ to no longer receive updates or to
> receive them more slowly than they appear in Git simply by making CI
> even slower than it currently is.

Yes, the downgrade check definitely helps here, as it's often what will
happen with our lagging CI. Regarding the security aspect, I think that
breaking into ci.guix.gnu.org can have other way more impacting
consequences.

Thanks,

Mathieu

next prev parent reply	other threads:[~2020-12-15 10:26 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-07 15:39 [bug#45104] pull: Add a "with-substitutes" option Mathieu Othacehe
2020-12-07 17:05 ` zimoun
2020-12-08 19:17 ` Christopher Baines
2020-12-14 11:05   ` Ludovic Courtès
2020-12-14 11:39     ` zimoun
2020-12-15 10:30       ` Mathieu Othacehe
2020-12-15 12:51         ` zimoun
2020-12-15 10:24     ` Mathieu Othacehe [this message]
2020-12-15 22:03       ` Ludovic Courtès
2021-01-29 13:23         ` Mathieu Othacehe
2021-01-29 13:36           ` Mathieu Othacehe
2021-01-31 16:18             ` Ludovic Courtès
2021-01-31 17:37               ` bug#45104: " Mathieu Othacehe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=878s9zfjt4.fsf@gnu.org \
    --to=othacehe@gnu.org \
    --cc=45104@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    --cc=mail@cbaines.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.