From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Raghav Gururajan" Subject: Thoughts on making Guix even better Date: Sun, 23 Feb 2020 02:49:12 +0000 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:48245) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j5hKX-0002Z7-CY for guix-devel@gnu.org; Sat, 22 Feb 2020 21:49:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j5hKV-0002UU-UH for guix-devel@gnu.org; Sat, 22 Feb 2020 21:49:16 -0500 Received: from knopi.disroot.org ([178.21.23.139]:52004) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1j5hKV-0002T6-GS for guix-devel@gnu.org; Sat, 22 Feb 2020 21:49:15 -0500 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 536EA281E7 for ; Sun, 23 Feb 2020 03:49:13 +0100 (CET) Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 183mvTHQxjcM for ; Sun, 23 Feb 2020 03:49:12 +0100 (CET) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Hello Guix!=0A=0AI have been thinking about this for a long time and woul= d like to share it now.=0A=0AThe transactional upgrades and roll-backs ar= e available to both Guix Package and Guix System. But I see a important d= ifference which might be crucial to guix's development and use.=0A=0AGUIX= PACKAGE:=0A=0AThe guix package transactions are MODULAR. That is, you ca= n upgrade packages selectively. For example, you can upgrade all packages= except one/few (or) only upgrade one/few.=0A=0AGUIX SYSTEM:=0A=0AThe gui= x system transactions are NON-MODULAR. That is, you cannot selectively re= configure certain parts of the system. For example, you either reconfigur= e the system as a whole (or) you do not reconfigure the system at all.=0A= =0AIMPLICATIONS:=0A=0ALets assume we have 5 packages in profile. Package = 1, 3 and 5 has non-critical updates. Package 4 has non-critical update bu= t it breaks. Package 2 has critical update (CVE). We can either upgrade a= ll packages except package 4 (or) we can upgrade only package 2.=0A=0ALet= s assume we have 5 services/packages in system. Package/Service 1, 3 and = 5 has non-critical updates. Package/Service 4 has non-critical update but= it breaks. Package/Service 2 has critical update (CVE). Now, when we rec= onfigure the system, all packages/services will upgrade, package/service = 4 will break the system. We can of course do '--roll-back' and take the s= ystem to previous working state. But that will leave the system with crit= ical vulnerability. Therefore, we cannot reconfigure package/service 2 or= any other parts of the system, until the package/service 4 is fixed. Thi= s window/gap puts guix system at great risk and instability.=0A=0ASUGGEST= ION:=0A=0AWe can brain-storm and implement a way to make guix system tran= sactions modular. Any ideas?=0A=0AThank you!=0A=0ARegards,=0ARaghav "RG" = Gururajan.