From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Sassmannshausen Subject: bug#32022: bug#22629: =?UTF-8?Q?=E2=80=9CStable=E2=80=9D?= branch Date: Mon, 03 Sep 2018 16:10:36 +0200 Message-ID: <87r2iau0wz.fsf@pompo.co> References: <87vb5vsffd.fsf@gnu.org> <87pny2iks2.fsf@gnu.org> <877ekagtg9.fsf@netris.org> <87zhx5msfl.fsf@pompo.co> <87lg8pccys.fsf_-_@netris.org> <87zhx59gh3.fsf@elephly.net> <875zzs9wzl.fsf@netris.org> <874lfcxd2v.fsf_-_@gnu.org> <87wos8lzcj.fsf@pompo.co> <878t4nqzqv.fsf@gnu.org> Reply-To: alex@pompo.co Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59335) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fwpaJ-0006Ok-V6 for bug-guix@gnu.org; Mon, 03 Sep 2018 10:12:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fwpaI-0006sU-ME for bug-guix@gnu.org; Mon, 03 Sep 2018 10:12:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:39431) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fwpaH-0006sB-TS for bug-guix@gnu.org; Mon, 03 Sep 2018 10:12:06 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fwpaH-0003fy-MA for bug-guix@gnu.org; Mon, 03 Sep 2018 10:12:05 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-reply-to: <878t4nqzqv.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 26608@debbugs.gnu.org, 22629@debbugs.gnu.org, 32022@debbugs.gnu.org Hi Ludo, Ludovic Court=C3=A8s writes: > Hi Alex, > > (Cc=E2=80=99ing and , > which are related.) > > Alex Sassmannshausen skribis: > >> I don't know if this is what Konrad desires, but from my perspective, a >> desirable part of the definition of stable would be a that the build >> farms have produced a set of binaries/substitutes for a given Guix >> revision that is "good enough". > > I just had a bright idea (yes!): this can be addressed by writing > something like this in ~/.config/guix/channels.scm: > > (map latest-commit-with-substitutes-available > %default-channels) > > The hypothetical =E2=80=98latest-commit-with-substitutes-available=E2=80= =99 would use > (git) and (guix ci) to find the latest commit for which substitutes of > interest are available, and would return: > > (channel > ;; =E2=80=A6 > (commit "cabbag3")) ;the ideal commit This sounds incredibly interesting =E2=80=94 and it is testament once again= to the power of Guix that this kind of solution could be feasible! Thinking this through in my head somewhat, I had the following thoughts: - This procedure is invoked client side, where the channel is defined - That means the git searching is done client side, on every invocation of guix (I guess this might be cacheable?) - So the downside vis-a-vis a maintained "stable branch" would be a price in performance as experienced by the end user - The upside of course would be automatic curation of a stable branch that saves a ton of volunteer effort and work I have no idea what the performance cost would be. I guess you would use "guix weather" to turn the set of requested packages into a manifest which can then be checked with it. So the cost would be one of the following scenarios: Option a) - fetch set of packages in a given commit - query guix weather for 100% substitutes - iterate until a match - then perform the appropriate guix pull Option b) - perform a guix pull to the latest commit - query guix weather for 100% substitutes - until success, step back one step at a time through guix pull (because of the cost of guix pull this seems unfeasible) Option c) Implement some form of substitute cache set querying on build farms, as part of guix weather, so the 100% match is done on the build farm instead of the client. Dunno. There may be some things that already exist in Guix land that I'm missing. It's a super exciting approach for sure. > This has to be done with great care to prevent a downgrade attack and to > make sure the user doesn=E2=80=99t miss out on security updates, but mayb= e we > could provide a procedure that makes reasonable choices. Right =E2=80=94 so at the very least it would have to prevent us going "bac= k in time" from the guix pull commit we are currently at. The question of security updates is tricky at the moment already =E2=80=94 I would hazard a guess that many people bail out of upgrading when they can't get substitutes for their entire profile / system right now, which means they are not getting security upgrades for package (a) when a substitute for (b) fails. Thanks for your thoughts =E2=80=94 super intriguing! Alex