From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Long term plan for GuixSD security: microkernels, ocap,
	RISC-V support
Date: Thu, 30 Aug 2018 14:31:42 +0200
Message-ID: <87tvncvxw1.fsf@gnu.org>
References: <87d0u9s1x0.fsf@dustycloud.org> <876000nd8d.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43490)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1fvM71-0002lT-Va
	for guix-devel@gnu.org; Thu, 30 Aug 2018 08:31:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1fvM6y-00029H-Rk
	for guix-devel@gnu.org; Thu, 30 Aug 2018 08:31:47 -0400
In-Reply-To: <876000nd8d.fsf@gnu.org> ("Ludovic
	\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
	\=\?utf-8\?Q\?s\?\= message of "Fri, 24 Aug 2018 14:46:58 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Christopher Lemmer Webber <cwebber@dustycloud.org>
Cc: guix-devel@gnu.org

Hello Guix!

ludo@gnu.org (Ludovic Court=C3=A8s) skribis:

> Specifically there are two things we can implement:
>
>   1. A =E2=80=98guix run=E2=80=99 command along the lines of
>      <https://lists.gnu.org/archive/html/help-guix/2018-01/msg00108.html>.
>
>   2. A mechanism that would allow, say, =E2=80=98guix package -i PKG --po=
la=E2=80=99 to
>      automatically add =E2=80=9Cleast-authority wrappers=E2=80=9D around =
the binaries of
>      PKG, pretty much like =E2=80=98guix pack --relocatable=E2=80=99 does=
 (see
>      =E2=80=98wrapped-package=E2=80=99 in (guix scripts pack)).

Speaking of which, a colleague of mine told me about Whalebrew
<https://github.com/bfirsh/whalebrew>, which takes a somewhat similar
approach:

  Whalebrew creates aliases for Docker images so you can run them as if
  they were native commands. It's like Homebrew, but with Docker images.

  Docker works well for packaging up development environments, but there
  are lots of tools that aren't tied to a particular project: awscli for
  managing your AWS account, ffmpeg for converting video, wget for
  downloading files, and so on. Whalebrew makes those things work with
  Docker, too.

There=E2=80=99s this important difference:

  Packages are Docker images published on Docker Hub.

Ludo=E2=80=99.