[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Questions about Cuirass
From: |
Maxime Devos |
Subject: |
Re: Questions about Cuirass |
Date: |
Fri, 21 Oct 2022 11:01:02 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.1 |
On 20-10-2022 23:19, James Hobson wrote:
Hello!
Currently evaluating guix for embedded systems at work. But I have a few
questions that I can’t quite work out from the docs. Please feel no obligation
to answer!
Please note that my guix journey is at its very beginning. I’ve not even had a
go at packaging!
Question 1
We would need to host the guix substitute server in an airgapped environment.
The server would contain plain guix packages, our in house packages, and maybe
patched guix packages. Would that be possible without having to rebuild the
entire guix package set? We don’t have so many build machines, especially not
for armv7.
You can tell Cuirass to only build a selection of packages (and their
dependencies), by using a manifest, then not all of Guix is compiled but
only what's necessary for your particular purpose.
Also, your Cuirass instance still needs access to the source code of the
packages somehow, which will need to be somehow be squared with your
'airgapped environment', though maybe 'copy over the result of guix
build --sources=transitive" would be acceptable (*).
(*) except that this is after application of snippet; some kind of
"--sources=raw,transitive" may be needed.
Question 2 [...]
I don't know the answer to this.
Question 3
Our software is sadly proprietary. Is there a way for guix build to selectively
unpack and patch all non-proprietary sources so that we can provide it to
anyone who asks? I feel like if this isn’t a thing already, I guess I can write
it in scheme?
I assume you meant 'patch all non-proprietary' -> 'patch out all
proprietary', such that at least the free parts can be used?
In that case, this is done already in some package definitions in Guix,
by a 'snippet' removing parts that are non-free, such that they are not
built and are not part of "guix build --source". (See: ‘Snippets versus
Phases’ in the documentation, though it doesn't mention non-free things
directly).
The Guix user can still access the unpatched source code though, by
inspecting the package definition and removing the snippet, so it looks
to me like that option is only good for 'you aren't allowed to modify
this part of the source code + guix build --source must produce
something free', not for 'you aren't allowed to see or distribute this'
situations.
Alternatively, you could avoid all this complexity by making your
software free.
Greetings,
Maxime.
OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature