Re: Preservation of Guix Report

Hi again, Rereading this a few hours later, I found an error. Timothy Sample writes: > It’s surprising to me that SWH is not already getting these from > “sources.json”. I picked an arbitrary one, “rust-quote-0.6”, and it’s > simply not in “sources.json”. It is in fact there! I made a mistak

Re: Tricking peer review

On Fri, Oct 15, 2021 at 08:54:09PM +0200, Ludovic Courtès wrote: > The trick is easy: we give a URL that’s actually 404, with the hash of a > file that can be found on Software Heritage (in this case, that of > ‘grep-3.4.tar.xz’). When downloading the source, the automatic > content-addressed fall

Re: Tricking peer review

On Tue, Oct 19, 2021 at 10:39:12AM +0200, zimoun wrote: > Drifting from the initial comment. One could name “tragic” commits are > commits which break “guix pull”. It is rare these days but there are > some reachable ones via “guix time-machine”. That's a good point. Is it a good idea to teach G

Re: Public guix offload server

On Thu, Oct 21, 2021 at 02:23:49AM +0530, Arun Isaac wrote: > WDYT? How does everyone else handle big builds? Do you have access to > powerful workstations? For my first several years with Guix... I handled big builds patience and care. I could have spent a small amount of money on powerful yet e

Re: Public guix offload server

On Wed, Oct 20, 2021 at 11:06:05PM +0200, Tobias Geerinckx-Rice wrote: > Guix is not content-addressed. Any [compromised] user can upload arbitrary > malicious binaries with store hashes identical to the legitimate build. > These malicious binaries can then be downloaded by other clients, which >

Re: Public guix offload server

Hi Arun, Arun Isaac 写道： If security is a problem with a public access guix offload server, we could make it semi-public and available at least to people with commit access. Giving access only to people with commit access is a given, but any shared offload server is a huge shared security ri

Re: Incentives for review

Hello, Em terça-feira, 19 de outubro de 2021, às 12:41:23 -03, Ludovic Courtès escreveu: > zimoun skribis: > > On Tue, 19 Oct 2021 at 14:56, Ludovic Courtès wrote: > [...] > > I would like to see us committers do more review work. But I also view > things from a different angle: everyone con

Public guix offload server

Hi Guix, This is a follow-up to the "Incentives for review" thread. I think it would be nice to have a public/semi-public access `guix offload' server. My own machine is relatively slow and has a spinning disk. I can't really review "big patches" (in the sense of build time) without ruining a fe

Preservation of Guix Report

Hi everyone! Early this summer I did a bunch of work trying to figure out which Guix sources are preserved by the SWH archive. I’m finally ready to share some preliminary results! https://ngyro.com/pog-reports/2021-10-20/ This report is already quite outdated, though. It only covers commit

Re: --with-source version not honored?

Hi zimoun writes: > It reminds me this thread: > > Thanks this is an interesting thread - I stumbled upon a quirk trying to find the right combination of switches. I found that if I do this (which I think is bad): guix envir

Re: --with-source version not honored?

Thanks for the reply. Julien Lepiller writes: > evaluated before you can import the package. Maybe (package-version > this-package) would work? Yes! (package-version this-package) worked perfectly - thanks for your help.

Re: Disarchive and SHA

Hi, On Wed, 20 Oct 2021 at 12:23, zimoun wrote: > --8<---cut here---start->8--- > (define-public zabbix-agentd [...] >(sha256 > (base32 "100n1rv7r4pqagxxifzpcza5bhrr2fklzx7gndxwiyq4597p1jvn" > --8<---cut here---end--

Strange behavior with package input rewriting

Hello, everyone. I'm new to Guix and Guile and recently started to tinker with package variants. But I have bumped into some strange guix behavior. I'm not sure, if this is a bug or my misconfiguration. Everything started after I had built the full chain of rust compilers from the very beginning

Re: [off-topic]

Hi, For French-speaker, here Emacs+Org+Guix at the previous Guix wrokshop: I also recom

Re: --with-source version not honored?

Hi, On Wed, 20 Oct 2021 at 13:27, Julien Lepiller wrote: > > I think your incantation is incorrect: you build foobar@9.0.1, and you > replace the source of foobar@9.5.0 only. It reminds me this thread:

Re: --with-source version not honored?

I think your incantation is incorrect: you build foobar@9.0.1, and you replace the source of foobar@9.5.0 only. For the rest of your question, I think there is actually no way to fix that: when you use ",version", it gets evaluated before you can import the package. Maybe (package-version this-

Disarchive and SHA

Hi, Trying to investigate why, for instance, --8<---cut here---start->8--- $ guix lint -c archival zabbix-agentd gnu/packages/monitoring.scm:167:5: zabbix-agentd@5.2.6: Disarchive entry refers to non-existent SWH directory 'e664cd5e820df2a194a5c6a64f1216148033

Re: Tricking peer review

Hi, On Wed, 20 Oct 2021 at 10:22, Giovanni Biscuolo wrote: > I think the "final" result of this discussion should be condensed in a > few (one?) additional paragraphs in the Contributing section of the Guix > manual Run “guix lint” is already listed. What do you have in mind about more additio

--with-source version not honored?

Hi all, I'm using the following incantation: guix build --with-source=foobar@9.5.0=/opt/thirdparty/foobar/foobar950_beta/linux64 <--with-source=gurobipy@9.5.0=/opt/thirdparty/gurobi/gurobi950_beta/linux64> foobar However the package build is failing with: (copy-file "lib/libfoobar.so.9.0.1" "/

patches for new packages proper workflow (Re: Tricking peer review)

Hi, zimoun writes: [...] >> All in all, it’s probably not as worrisome as it first seems. However, >> it’s worth keeping in mind when reviewing a package. > > I agree with a minor comment. From my opinion, not enough patches are > going via guix-patches and are pushed directly. > > For instan

[off-topic]

Hello, I noticed an interesting report^1 on the holistic approach from Emacs and how its 'additive solutions' assist problem solving for researchers. Given Guix's emphasis on reproducible research I felt it worth sharing given overlapping concerns. https://www.ingentaconnect.com/content/matthe

Re: Tricking peer review

Hi Simon and Ludovic, very interesting thread, thank you! I think the "final" result of this discussion should be condensed in a few (one?) additional paragraphs in the Contributing section of the Guix manual zimoun writes: [...] > - url-fetch: the attacker has to introduce the tarballs into

Re: EXWM

André A. Gomes writes: > Jan Nieuwenhuizen writes: > >> I just tried adding my ~/.exwm into my init.el and running a nested >> emacs and now I get a GUI dialog: >> >> Replace existing window manager? Y/N >> >> Not great! Not very suprisingly, the extra unnecessary initialization >> /does/ hu