[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#68733] [PATCH] machine: ssh: Add 'graft?' field.
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#68733] [PATCH] machine: ssh: Add 'graft?' field. |
|
Date: |
Mon, 29 Jan 2024 14:17:09 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi,
Herman Rimm <herman@rimm.ee> skribis:
> * gnu/machine/ssh.scm (<machine-ssh-configuration>)[graft?]: New field.
> * gnu/scripts/deploy.scm (deploy-machine*): Reparameterize %graft?.
> * doc/guix.texi (Invoking guix deploy): Document it.
>
> Change-Id: Ide83bb465c9f30165f4ddc64e48c1b89484e3e69
> ---
> Hi,
>
> This patch allows disabling grafts per machine by way of a new graft?
> field for machine-ssh-configuration. I don't know what happens when a
> digital-ocean-configuration is used. But that won't matter if %graft?
> can be parameterized in (deploy-managed-host machine) in /gnu/machine/
> ssh.scm. However if %graft? is parameterized alongside %current-system,
> it does not affect grafting. Where should %graft? be parameterized?
[...]
> +@item @code{graft?} (default: @code{#t})
> +If false, system derivations will be built without applying any grafts onto
> +packages. Grafting should be disabled for deployment to machines with a
> +differing architecture.
When deploying to a different architecture, is it enough to set
(build-locally? #f) ?
Now, this field only exists for ‘machine-ssh-configuration’ and not for
Digital Ocean, but perhaps we could add it there?
Overall, I think we should cater to this use case (deploying to a
different architecture) without requiring users to disable grafts,
because that’d be exposing them to security vulnerabilities.
Thanks,
Ludo’.