all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: "Gábor Boskovits" <boskovits@gmail.com>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Guix-devel <guix-devel@gnu.org>,
	Raghav Gururajan <raghavgururajan@disroot.org>
Subject: Re: Thoughts on making Guix even better
Date: Mon, 9 Mar 2020 07:18:31 +0100	[thread overview]
Message-ID: <CAE4v=piCRGmsuXxxJ0jUy5kHFLjx5WPCpOcQpM2P6qq_5XZpnQ@mail.gmail.com> (raw)
In-Reply-To: <87o8t68t4o.fsf@gnu.org>

[-- Attachment #1: Type: text/plain, Size: 3216 bytes --]

Hello,

Ludovic Courtès <ludo@gnu.org> ezt írta (időpont: 2020. márc. 8., Vas
21:54):

> Hi,
>
> "Raghav Gururajan" <raghavgururajan@disroot.org> skribis:
>
> > The guix system transactions are NON-MODULAR. That is, you cannot
> selectively reconfigure certain parts of the system. For example, you
> either reconfigure the system as a whole (or) you do not reconfigure the
> system at all.
> >
> > IMPLICATIONS:
> >
> > Lets assume we have 5 packages in profile. Package 1, 3 and 5 has
> non-critical updates. Package 4 has non-critical update but it breaks.
> Package 2 has critical update (CVE). We can either upgrade all packages
> except package 4 (or) we can upgrade only package 2.
> >
> > Lets assume we have 5 services/packages in system. Package/Service 1, 3
> and 5 has non-critical updates. Package/Service 4 has non-critical update
> but it breaks. Package/Service 2 has critical update (CVE). Now, when we
> reconfigure the system, all packages/services will upgrade, package/service
> 4 will break the system. We can of course do '--roll-back' and take the
> system to previous working state. But that will leave the system with
> critical vulnerability. Therefore, we cannot reconfigure package/service 2
> or any other parts of the system, until the package/service 4 is fixed.
> This window/gap puts guix system at great risk and instability.
>
> On one hand, I agree that it’d be nice to be able to update just parts
> of the system, like you explain.
>
> On the other hand, that would lead to an unknown and possibly
> unreproducible system state, which defeats what declarative
> (“non-modular”) system upgrades bring.
>
> Besides, I don’t see how one could introduce this “imperative” approach
> at the system level, technically.
>
> All in all, it would be best if the situations that make “modular system
> upgrades” appear necessary didn’t occur in the first place.
>
> Thoughts?
>

I believe that there are two points where it would be possible to improve
the situation.
1. Improve tooling to modularize the  configurations: like allowing an
inferior like feature for services, and adding tests to this (this is a way
of service versioning), or even setting up a convention to include scheme
files from a location, like ./services.d files get included, and the
expression they evaluated to are added to the services field if something
like this makes sense.
Make it possible for services to specify upgrade actions to run when the
version changes, or to fail when manual intervention is needed for a
correct upgrade.
2. Allow post install action configuration, for example stating that this
list of services should be restarted. Also allow to guess the right post
install action if none specified, and allow the services to add features to
this guessing mechanism, like which configuration changes require restart.
Make it possible to reload services by arranging their configs in a way
that reloads work.

In both of these cases it might be needed to inspect the previous system,
but the system provision information should be enough for that. Wdyt?

>
> Ludo’.
>
Best regards,
g_bor

>
>

[-- Attachment #2: Type: text/html, Size: 4130 bytes --]

  reply	other threads:[~2020-03-09  6:18 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-23  2:49 Thoughts on making Guix even better Raghav Gururajan
2020-02-23 20:28 ` Jonathan Frederickson
2020-03-08 20:54 ` Ludovic Courtès
2020-03-09  6:18   ` Gábor Boskovits [this message]
2020-03-09  7:28     ` Konrad Hinsen
     [not found] <24c65c56c37b309c108f75fb9e3e4681866e7fac.camel@student.tugraz.at>
2020-02-23 17:14 ` Leo Prikler
2020-03-01 10:26 ` Raghav Gururajan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAE4v=piCRGmsuXxxJ0jUy5kHFLjx5WPCpOcQpM2P6qq_5XZpnQ@mail.gmail.com' \
    --to=boskovits@gmail.com \
    --cc=guix-devel@gnu.org \
    --cc=ludo@gnu.org \
    --cc=raghavgururajan@disroot.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.