guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#45104] pull: Add a "with-substitutes" option.

From: Ludovic Courtès
Subject: [bug#45104] pull: Add a "with-substitutes" option.
Date: Tue, 15 Dec 2020 23:03:45 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) 
Hi,

Mathieu Othacehe <othacehe@gnu.org> skribis:

>>                                 (and (evaluation-complete? evaluation)
>>                                      (string=? "guix-modular-master"
>>                                                (evaluation-spec
>>                                                 evaluation))))
>
> On Berlin, evaluations can be completed for days, but the associated
> builds never started. I think that searching directly for a completed
> build provides a stronger guarantee of available substitutes.

Yes, something like you proposed probably makes more sense.

My point is just that we could make the procedure available as part of
the API and document it as something people can use in their channels
file.

>> ;; Pull the latest commit fully built on berlin.guixsd.org.
>> (list (channel
>>        (name 'guix)
>>        (url "https://git.savannah.gnu.org/git/guix.git";)
>>        (commit (pk 'commit (latest-commit-successfully-built)))))
>
> Providing such a procedure definitely makes sense though.
>
>>   (channel-with-substitutes-available
>>     (channel (name 'guix) …)
>>     "https://ci.guix.gnu.org";
>>     (specifications->manifest '("emacs" "guile")))
>
> Yes it would be the ultimate thing! However, while finding the latest
> commit with an available substitute for a derivation is quite easy,
> finding a commit with available derivations for N derivations seems way
> more difficult.

Right!

>> It does mean that we’re asking users to do extra work.  Perhaps there
>> could still be a command-line option that would call
>> ‘channel-with-substitutes-available’ for you, but at least it would take
>> an explicit URL and clarify what Chris mentioned?
>
> Yes, the user would then have to provide the channels that need
> available substitutes, the URL to use for the substitution check and
> maybe a manifest that also needs available substitutes.
>
> The channels list could default to '("guix") and the URL to
> "https://ci.guix.gnu.org"; as it would be a sensible default for most
> Guix users I think.

Yes, choosing good defaults can make it less intimidating.

>> BTW, doing all this is safer today because ‘guix pull’ will detect and
>> prevent downgrades.  Though an attacker who manages to break into
>> ci.guix.gnu.org could cause all the users of
>> ‘channel-with-substitutes-available’ to no longer receive updates or to
>> receive them more slowly than they appear in Git simply by making CI
>> even slower than it currently is.
>
> Yes, the downgrade check definitely helps here, as it's often what will
> happen with our lagging CI. Regarding the security aspect, I think that
> breaking into ci.guix.gnu.org can have other way more impacting
> consequences.

Yeah, though here we’re opening a new vulnerability channel, independent
of substitutes.  It changes the threat model.

Thanks,
Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]