--- Begin Message ---
Subject: |
[PATCH 2/2] scripts: time-machine: Error when attempting to visit too old commits. |
Date: |
Thu, 20 Jul 2023 12:34:01 -0400 |
* doc/guix.texi (Invoking guix time-machine): Document limitation.
* guix/scripts/time-machine.scm (%oldest-possible-commit): New variable.
(guix-time-machine): Raise an error when the channel commit is too old.
Suggested-by: Simon Tournier <zimon.toutoune@gmail.com>
---
doc/guix.texi | 6 ++++++
guix/scripts/time-machine.scm | 23 ++++++++++++++++++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 1d8ebcd72f..30fef813c0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5056,6 +5056,12 @@ Invoking guix time-machine
large number of packages; the result is cached though and subsequent
commands targeting the same commit are almost instantaneous.
+Due to @command{guix time-machine} relying on the ``inferiors''
+mechanism (@pxref{Inferiors}), the oldest commit it can travel to is
+commit @samp{2ca299caf} (``Add (guix inferior) and (guix scripts
+repl).''), dated July 10@sup{th}, 2018. An error is returned when
+attempting to navigate to older commits.
+
@quotation Note
The history of Guix is immutable and @command{guix time-machine}
provides the exact same software as they are in a specific Guix
diff --git a/guix/scripts/time-machine.scm b/guix/scripts/time-machine.scm
index d7c71ef705..36a40a1538 100644
--- a/guix/scripts/time-machine.scm
+++ b/guix/scripts/time-machine.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2019 Konrad Hinsen <konrad.hinsen@fastmail.net>
;;; Copyright © 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
+;;; Copyright © 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -19,13 +20,15 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix scripts time-machine)
+ #:use-module (guix channels)
+ #:use-module (guix diagnostics)
#:use-module (guix ui)
#:use-module (guix scripts)
#:use-module (guix inferior)
#:use-module (guix store)
#:use-module (guix status)
#:use-module ((guix git)
- #:select (with-git-error-handling))
+ #:select (update-cached-checkout with-git-error-handling))
#:use-module ((guix utils)
#:select (%current-system))
#:use-module ((guix scripts pull)
@@ -38,9 +41,16 @@ (define-module (guix scripts time-machine)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-26)
+ #:use-module (srfi srfi-34)
#:use-module (srfi srfi-37)
+ #:use-module (srfi srfi-71)
#:export (guix-time-machine))
+;;; The commit introducing the 'inferiors' mechanism; it is the oldest commit
+;;; that can be travelled to.
+(define %oldest-possible-commit
+ "2ca299caf64489f4e1e665ec1158fb0309b0b565")
+
;;;
;;; Command-line options.
@@ -139,9 +149,20 @@ (define-command (guix-time-machine . args)
(with-git-error-handling
(let* ((opts (parse-args args))
(channels (channel-list opts))
+ (guix-channel (find guix-channel? channels))
(command-line (assoc-ref opts 'exec))
+ (ref (assoc-ref opts 'ref))
+ (checkout commit relation (update-cached-checkout
+ (channel-url guix-channel)
+ #:ref (or ref '())
+ #:starting-commit
+ %oldest-possible-commit))
(substitutes? (assoc-ref opts 'substitutes?))
(authenticate? (assoc-ref opts 'authenticate-channels?)))
+ (unless (memq relation '(ancestor self))
+ (raise (formatted-message
+ (G_ "cannot travel past commit `~a' from July 10th, 2018")
+ (string-take %oldest-possible-commit 12))))
(when command-line
(let* ((directory
(with-store store
--
2.41.0
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#64746] [PATCH v2 3/3] scripts: time-machine: Error when attempting to visit too old commits. |
Date: |
Wed, 16 Aug 2023 21:41:31 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
Hi Simon,
Simon Tournier <zimon.toutoune@gmail.com> writes:
> Hi Maxim,
>
> For the record, I have documented [1] the various roadblocks when using
> “guix time-machine” rebuilding all from source. Time-bomb is one among
> other annoyances – I have in mind the complete bootstrap.
>
> Well, as Ludo pointed, the CI is currently building all the past
> releases. Waiting the fixes for all the bugs, I suggest that we retain
> the substitutes for the release. I mean that,
>
> guix time-machine --commit=v1.X.0 -- help
>
> just works when substitutes are available. If the project is lacking
> disk space, the University of Montpellier (France) is proposing to store
> some binary artifact outputs. At least, they were proposing back on
> past September in 10 Years of Guix event. :-) There is discussion on
> guix-sysadmin, I guess. Maybe we could resume this discussion and
> complete the last steps. WDYT?
That make sense. The current means this can be achieved is by having a
jobset for each release in Cuirass, as hinted in doc/release.org from
the guix-maintenance repo:
--8<---------------cut here---------------start------------->8---
** Adding a Cuirass jobset for branch =version-X.Y.Z=
This jobset will have to be kept until the next release, so that
substitutes remain available. The easiest way to add a new jobset is
directly via the web interface of Cuirass. To be allowed to do so,
you must authenticate with the Cuirass instance via a private TLS
certificate imported into your browser.
--8<---------------cut here---------------end--------------->8---
They should be added declaratively in the guix-maintenance repo to avoid
loosing them. Would you like to give it a try?
[...]
>> diff --git a/doc/guix.texi b/doc/guix.texi
>> index b50feed4c4..a3754b7019 100644
>> --- a/doc/guix.texi
>> +++ b/doc/guix.texi
>> @@ -5060,6 +5060,20 @@ Invoking guix time-machine
>> large number of packages; the result is cached though and subsequent
>> commands targeting the same commit are almost instantaneous.
>>
>> +Due to @command{guix time-machine} relying on the ``inferiors''
>> +mechanism (@pxref{Inferiors}), the oldest commit it can travel to is
>> +commit @samp{6298c3ff} (``v1.0.0''), dated May 1@sup{st}, 2019, which is
>> +the first release that included the inferiors mechanism. An error is
>> +returned when attempting to navigate to older commits.
>
> There is also some issue with bootstrapping depending on your hardware.
>
> About time-bomb, there are also gnutls and openssl or libgit2. It was
> probably transparent for you because there are substitutable, I guess.
> While Python 2 had probably been removed for some reasons.
>
> Well, I would move the workaround to some dedicated block and move this
> comment after the note about security
>
> @quotation Note
> The history of Guix is immutable and @command{guix time-machine}
> provides the exact same software as they are in a specific Guix
> revision. Naturally, no security fixes are provided for old versions
> of Guix or its channels. A careless use of @command{guix time-machine}
> opens the door to security vulnerabilities. @xref{Invoking guix pull,
> @option{--allow-downgrades}}.
> @end quotation
>
> +Due to @command{guix time-machine} relying on the ``inferiors''
> +mechanism (@pxref{Inferiors}), the oldest commit it can travel to is
> +commit @samp{6298c3ff} (``v1.0.0''), dated May 1@sup{st}, 2019, which is
> +the first release that included the inferiors mechanism. An error is
> +returned when attempting to navigate to older commits.
> +
> +@quotation Note
> +Although it should technically be possible to travel to such an old
> +revision, the ease to do so will largely depend on the availability of
> +binary substitutes. When traveling to a distant past, some packages may
> +not easily build from source anymore. One such example are old versions
> +of Python 2 which had time bombs in its test suite, in the form of
> +expiring SSL certificates. This particular problem can be worked around
> +by setting the hardware clock to a value in the past before attempting
> +the build.
> +@end quotation
Good suggestion, done!
> The general syntax is:
>
> @example
>
>
>
>> new file mode 100644
>> index 0000000000..8b62ef75ea
>> --- /dev/null
>> +++ b/tests/guix-time-machine.sh
>
> [...]
>
>> +# Visiting a commit older than v1.0.0 fails.
>> +! guix time-machine --commit=v0.15.0
>
> Cool to add test. But this test needs a network access:
>
> $ ./pre-inst-env guix time-machine --commit=v0.15.0 -- describe
> guix time-machine: error: Git error: failed to resolve address for
> git.savannah.gnu.org: Name or service not known
>
> It’s as I said elsewhere. :-) Well, I have not investigated more but I
> guess a bug in some Git manipulation.
>From my testing, the test doesn't require networking, perhaps because it
doesn't use the --commit or --branch arguments. I've tested that with
this in /etc/hosts, with the first IP being bogus:
--8<---------------cut here---------------start------------->8---
192.168.254.254 git.savannah.gnu.org savannah
--8<---------------cut here---------------end--------------->8---
I've investigated a bit, and it seems that reaching to the network is
only done when using tags or branch names, not exact commits. That is
expected I think, since tags or branch names are not immutable in Git,
while a commit ID is.
I've now installed this change; thanks for the review and suggestions!
--
Thanks,
Maxim
--- End Message ---