From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: Re: Tracking and inspecting how Guix changes over time Date: Sat, 09 Feb 2019 16:18:17 +0100 Message-ID: <87bm3lrnwm.fsf@gnu.org> References: <87k1ia5sd4.fsf@cbaines.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:59274) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gsUOn-0007Bu-PE for guix-devel@gnu.org; Sat, 09 Feb 2019 10:18:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gsUOj-0002N1-TN for guix-devel@gnu.org; Sat, 09 Feb 2019 10:18:31 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:52926) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gsUOc-0002Ec-AR for guix-devel@gnu.org; Sat, 09 Feb 2019 10:18:26 -0500 In-Reply-To: <87k1ia5sd4.fsf@cbaines.net> (Christopher Baines's message of "Fri, 08 Feb 2019 13:20:39 +0000") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Christopher Baines Cc: guix-devel@gnu.org Hello! Christopher Baines skribis: > In summary, I've started playing around with a new service, I'm > currently calling it the "Guix Data Service". The code is here [1], it's > based off of Ricardo's excellent Mumi, and at the moment only does one > thing, a basic comparison of two different versions (commits) of Guix > for the few commits it has data for. I've got it up and running here > [2]. > > 1: https://git.cbaines.net/guix/data-service/ > 2: https://prototype-guix-data-service.cbaines.net/ Woow, impressive! I=E2=80=99m sure this is going to be useful in different ways: for patch review, which is your main target, but also for things like the hpcguix-web interface, which could provide information about package history, or to bisect packaging issues, possibly connected to a =E2=80=98guix weather=E2=80=99 service. > The following links relate to a couple of patches affecting the Ruby > build system. > > Issue: https://issues.guix.info/issue/34385 > Patchwork series: https://patchwork.cbaines.net/project/guix-patches/list= /?series=3D535 > Laminar job: https://laminar.cbaines.net/jobs/patchwork-test-series/= 889 > Git commits: https://git.cbaines.net/guix/patches/log/?h=3Dseries-53= 5-version-1&qt=3Drange&q=3Dbase-for-series-535-version-1..series-535-versio= n-1 > Comparison: https://prototype-guix-data-service.cbaines.net/compare= ?base_commit=3D6fd72f7094885dc3dbb10431996c445251094915&target_commit=3D7d7= 0e05d7064f31a8de60b04d22ac16c1953b7a9 Neat! With tight integration of all these things, coupled with info from =E2=80=98guix weather=E2=80=99 and =E2=80=98guix lint=E2=80=99 and =E2= =80=98guix challenge=E2=80=99, for example, we=E2=80=99d have an unequaled QA tool! > As far as I can see, guix pull/the channels code directly evaluates some > Guile code from the source repository. It would be great if this could > somehow be isolated to guard against any malicious patches that try to > attack the machine running the Guix Data Service, I haven't thought much > about how yet. > > Similarly, using the inferiors approach to extract out information from > Guix requires running a REPL from the target Guix. This could also pose > security issues. I was wondering if it was possible to run the REPL > within a container, to at least isolate it a bit from the system. Yes, we should definitely run that code in a container. Note that, for =E2=80=98guix pull=E2=80=99, I think it=E2=80=99s OK to run that code on th= e user=E2=80=99s machine as-is in the sense that the user is going to run code coming from the channels they specified anyway. For an automated system like this, it=E2=80=99s a bit different, so using a container makes a lot of sense. I=E2=80=99d suggest having an option direc= tly in (guix inferior) to allow users to choose whether to run an inferior in separate name spaces. WDYT? (There=E2=80=99s also (ice-9 sandbox) but I think it=E2=80=99s too restrict= ive to be applicable here.) > One other point is that while I've gone with the "web service" approach > here, I think it would be very useful to have a "guix compare" command > that did something similar. Indeed. Part of it is already available in =E2=80=98guix pull=E2=80=99, bu= t we could certainly move the common logic in (guix inferior compare), say. Let=E2=80= =99s try to have as much of this available as UI-independent Guix modules. This is really exciting, thanks for sharing! Ludo=E2=80=99.