[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#65866] Bootstrapping without the daemon and all that
|
From: |
Simon Tournier |
|
Subject: |
[bug#65866] Bootstrapping without the daemon and all that |
|
Date: |
Tue, 26 Sep 2023 19:04:33 +0200 |
Hi Ludo,
On Tue, 26 Sept 2023 at 16:05, Ludovic Courtès <ludo@gnu.org> wrote:
> > Moving the Git dependency to a daemon dependency tweaks a bit what we
> > control when “bootstrapping”, no? Maybe I misread or misunderstand a
> > point.
>
> The model in Guix is that there’s a daemon to “emulate” a build “from
> scratch”.
Yes and that "emulate" will be bigger.
> https://guix.gnu.org/en/blog/2019/reproducible-builds-summit-5th-edition/
> (under “Extreme Bootstrapping”)
Thanks for the reference. I have forgotten it. Yes, that's it. :-)
Adding Git as dependency to the daemon is adding Git in the Trusted
Computing Base. It appears to me important to raise and to not hide
under the carpet. :-)
> (The ‘wip-system-bootstrap’ branch still exists!)
Having a potential solution does not make pointless the current concern. ;-)
> Anyway, we’re drifting away from this patch series!
No, it is not drifting. The addition of Git in the trusting trust
story cannot be dismissed, IMHO.
It is not drifting to discuss for reaching some consensus about the
"risk" of enlarging the trusting trust computing base. For example,
is this "risk" worth the corner case of Guile-GnuTLS?
As I said elsewhere, adding something is often much easier than
removing something. Here the addition of Git has some implications
(libgit2, trusted computing base, etc.) and it is always about the
right balance. Do we have the right balance here? The discussion
about concrete concerns for the addition of Git as dependency helps in
reinforcing the consensus that this change is worth despite the
downsides.
To make it explicit: is this series worth the Guile-GnuTLS/Git
circular dependency corner case? Maybe it is already all clear for
you, and your answer is a big YES. :-) And perhaps it is the only
answer. :-) But it does not mean the answer is fully clear for
everybody, at least it is not necessary straightforward for me.
Somehow, do we have a consensus about the way that this series is
worth the Guile-GnuTLS/Git circular dependency corner case? And a
consensus about the way that this series is The Right Thing for that
circular dependency?
Cheers,
simon
- [bug#65866] [PATCH v2 7/8] git-download: Use “builtin:git-download” when available., (continued)
- [bug#65866] [PATCH v2 7/8] git-download: Use “builtin:git-download” when available., Simon Tournier, 2023/09/25
- [bug#65866] [PATCH 0/8] Add built-in builder for Git checkouts, Ludovic Courtès, 2023/09/25
- [bug#65866] [PATCH 0/8] Add built-in builder for Git checkouts, Simon Tournier, 2023/09/25
- [bug#65866] [PATCH 0/8] Add built-in builder for Git checkouts, Maxim Cournoyer, 2023/09/25
- bug#65866: [PATCH 0/8] Add built-in builder for Git checkouts, Ludovic Courtès, 2023/09/26
- [bug#65866] [PATCH 0/8] Add built-in builder for Git checkouts, Simon Tournier, 2023/09/26
- [bug#65866] [PATCH 0/8] Add built-in builder for Git checkouts, Simon Tournier, 2023/09/25
- [bug#65866] [PATCH v2 5/8] build: Add dependency on Git., Ludovic Courtès, 2023/09/22
- [bug#65866] [PATCH v2 5/8] build: Add dependency on Git., Simon Tournier, 2023/09/25
- [bug#65866] Bootstrapping without the daemon and all that, Ludovic Courtès, 2023/09/26
- [bug#65866] Bootstrapping without the daemon and all that,
Simon Tournier <=
[bug#65866] [PATCH 2/8] git-download: Honor the ‘GUIX_DOWNLOAD_FALLBACK_TEST’ environment variable., Ludovic Courtès, 2023/09/11
[bug#65866] [PATCH 3/8] perform-download: Remove unused one-argument clause., Ludovic Courtès, 2023/09/11
[bug#65866] [PATCH 1/8] git-download: Move fallback code to (guix build git)., Ludovic Courtès, 2023/09/11
[bug#65866] [PATCH 7/8] git-download: Use “builtin:git-download” when available., Ludovic Courtès, 2023/09/11