GNU bug report logs - #31284
[PATCH 0/1] guix: Add git-fetch/impure.

Previous Next

Package: guix;

Reported by: Chris Marusich <cmmarusich <at> gmail.com>

Date: Fri, 27 Apr 2018 08:13:01 UTC

Severity: normal

Tags: patch

Done: Chris Marusich <cmmarusich <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Chris Marusich <cmmarusich <at> gmail.com>
To: "Thompson\, David" <dthompson2 <at> worcester.edu>
Cc: 31284 <at> debbugs.gnu.org
Subject: bug#31284: [PATCH 0/1] guix: Add git-fetch/impure.
Date: Fri, 27 Apr 2018 21:45:04 -0700

[Message part 1 (text/plain, inline)]
Hi David and Mark,

Thank you both for taking a look at this!

"Thompson, David" <dthompson2 <at> worcester.edu> writes:

> When I encountered a similar situation at work I opted to use https
> cloning with a password token in the url. Then there was no external
> state (like an rsa key) needed.

This is good to know!  I hadn't considered putting the secret into the
URL.  I can see how that might be a simple and appropriate solution in
some situations.  However, it would also be nice if Guix could fetch Git
repositories over SSH using public key authentication.  In some
situations, SSH public key authentication may be the only option.

Mark H Weaver <mhw <at> netris.org> writes:

> My hacky approach has been to manually add a tarball of the desired
> sources using "guix download file:///home/mhw/foo.tar.gz" and then to
> add a bogus origin but with the correct hash.  If a file with a matching
> hash is already in the store, then it will be used, and the other fields
> of the 'origin' will effectively be ignored.

That's a neat trick!  It looks like it would work well for ad-hoc
hacking.  But how does it scale?  Imagine if you wanted to do this for
10 packages, or 100.  The manual upkeep could become quite painful.  It
would be so much nicer if Guix could just download the source
automatically, as usual!

You've both said that you would prefer not to add git-fetch/impure to
Guix.  Can you help me to understand why you feel that way?  I really
think it would be nice if Guix could fetch Git repositories over SSH
using public key authentication, so I'm hoping that we can talk about it
and figure out an acceptable way to implement it.

-- 
Chris

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 84 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.