From unknown Fri Aug 15 16:23:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#38441] [PATCH 0/5] Record operating system provenance info Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 30 Nov 2019 22:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 38441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38441@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.157515302425596 (code B ref -1); Sat, 30 Nov 2019 22:31:02 +0000 Received: (at submit) by debbugs.gnu.org; 30 Nov 2019 22:30:24 +0000 Received: from localhost ([127.0.0.1]:35277 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBFv-0006el-FR for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:30:23 -0500 Received: from lists.gnu.org ([209.51.188.17]:32788) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBFu-0006ee-3b for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:30:22 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:42414) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ibBFs-0005nX-PZ for guix-patches@gnu.org; Sat, 30 Nov 2019 17:30:21 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_40 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41752) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ibBFs-0003A0-5F; Sat, 30 Nov 2019 17:30:20 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53682 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ibBFr-00032o-Je; Sat, 30 Nov 2019 17:30:19 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sat, 30 Nov 2019 23:30:13 +0100 Message-Id: <20191130223013.14257-1-ludo@gnu.org> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.8 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) Hello Guix! This patch series allows ‘guix system’ to record provenance info about a system in its output: the system itself (e.g., /run/current-system) now contains three more files: “channels.scm”, “configuration.scm”, and “provenance” (a summary of the first two files.) That means you can always inspect a deployed system to find its own “source”. In some cases, you can even run something like: guix time-machine \ -C /var/guix/profiles/system-N-link/channels.scm -- \ system reconfigure \ /var/guix/profiles/system-N-link/configuration.scm to rebuild generation N of your system. Pretty cool, no? :-) Otherwise you can simply run: guix system describe to see where your OS comes from. Provenance tracking is implemented as a service. The service is automatically added by ‘guix system init’, ‘reconfigure’, and by ‘guix deploy’. For other commands, one can pass ‘--save-provenance’ to turn it on. This was long overdue! This has interesting implications on trustworthiness: you can distribute a VM/Docker image with provenance info, and anyone can reproduce it and ensure they obtain the same bits (well, ideally, because I guess a few steps may still not be bit-reproducible). Thoughts? Thanks, Ludo’. Ludovic Courtès (5): services: Add 'provenance-service-type'. guix system: Use 'provenance-service-type', add "--save-provenance". machine: Add provenance tracking to each machine operating system. guix system: "list-generations" displays provenance info. guix system: Add "describe" action. doc/guix.texi | 109 +++++++++++++++++++++++++++++++++++++--- gnu/machine.scm | 7 ++- gnu/services.scm | 87 ++++++++++++++++++++++++++++++++ gnu/system.scm | 10 ++++ guix/scripts/pull.scm | 1 + guix/scripts/system.scm | 107 ++++++++++++++++++++++++++++++++------- 6 files changed, 293 insertions(+), 28 deletions(-) -- 2.24.0 From unknown Fri Aug 15 16:23:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#38441] [PATCH 1/5] services: Add 'provenance-service-type'. References: <20191130223013.14257-1-ludo@gnu.org> In-Reply-To: <20191130223013.14257-1-ludo@gnu.org> Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 30 Nov 2019 22:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38441@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 38441-submit@debbugs.gnu.org id=B38441.157515312325847 (code B ref 38441); Sat, 30 Nov 2019 22:33:02 +0000 Received: (at 38441) by debbugs.gnu.org; 30 Nov 2019 22:32:03 +0000 Received: from localhost ([127.0.0.1]:35283 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHX-0006if-2j for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:03 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33580) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHV-0006i5-CG for 38441@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:01 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41771) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ibBHQ-00046s-63; Sat, 30 Nov 2019 17:31:56 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53688 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ibBHP-0003Ia-JN; Sat, 30 Nov 2019 17:31:55 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sat, 30 Nov 2019 23:31:44 +0100 Message-Id: <20191130223148.14336-1-ludo@gnu.org> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.8 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) * gnu/services.scm (object->pretty-string) (channel->code, channel->sexp, provenance-file) (provenance-entry): New procedures. (provenance-service-type): New variable. * gnu/system.scm (operating-system-with-provenance): New procedure. * doc/guix.texi (Service Reference): Document 'provenance-service-type'. --- doc/guix.texi | 44 ++++++++++++++++++++++++ gnu/services.scm | 87 ++++++++++++++++++++++++++++++++++++++++++++++++ gnu/system.scm | 10 ++++++ 3 files changed, 141 insertions(+) diff --git a/doc/guix.texi b/doc/guix.texi index 661aa41785..fd40b6535f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26970,6 +26970,50 @@ programs under @file{/run/current-system/profile}. Other services can extend it by passing it lists of packages to add to the system profile. @end defvr +@cindex provenance tracking, of the operating system +@defvr {Scheme Variable} provenance-service-type +This is the type of the service that records @dfn{provenance meta-data} +in the system itself. It creates several files under +@file{/run/current-system}: + +@table @file +@item channels.scm +This is a ``channel file'' that can be passed to @command{guix pull -C} +or @command{guix time-machine -C}, and which describes the channels used +to build the system, if that information was available +(@pxref{Channels}). + +@item configuration.scm +This is the file that was passed as the value for this +@code{provenance-service-type} service. By default, @command{guix +system reconfigure} automatically passes the OS configuration file it +received on the command line. + +@item provenance +This contains the same information as the two other files but in a +format that is more readily processable. +@end table + +In general, these two pieces of information (channels and configuration +file) are enough to reproduce the operating system ``from source''. + +@quotation Caveats +This information is necessary to rebuild your operating system, but it +is not always sufficient. In particular, @file{configuration.scm} +itself is insufficient if it is not self-contained---if it refers to +external Guile modules or to extra files. If you want +@file{configuration.scm} to be self-contained, we recommend that modules +or files it refers to be part of a channel. + +Besides, provenance meta-data is ``silent'' in the sense that it does +not change the bits contained in your system, @emph{except for the +meta-data bits themselves}. Two different OS configurations or sets of +channels can lead to the same system, bit-for-bit; when +@code{provenance-service-type} is used, these two systems will have +different meta-data and thus different store file names, which makes +comparison less trivial. +@end quotation +@end defvr @node Shepherd Services @subsection Shepherd Services diff --git a/gnu/services.scm b/gnu/services.scm index 394470ba7d..e7a3a95e43 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -25,6 +25,8 @@ #:use-module (guix profiles) #:use-module (guix discovery) #:use-module (guix combinators) + #:use-module (guix channels) + #:use-module (guix describe) #:use-module (guix sets) #:use-module (guix ui) #:use-module ((guix utils) #:select (source-properties->location)) @@ -39,6 +41,7 @@ #:use-module (srfi srfi-35) #:use-module (ice-9 vlist) #:use-module (ice-9 match) + #:autoload (ice-9 pretty-print) (pretty-print) #:export (service-extension service-extension? service-extension-target @@ -82,6 +85,7 @@ ambiguous-target-service-error-target-type system-service-type + provenance-service-type boot-service-type cleanup-service-type activation-service-type @@ -370,6 +374,89 @@ by the initrd once the root file system is mounted."))) ;; The service that produces the boot script. (service boot-service-type #t)) + +;;; +;;; Provenance tracking. +;;; + +(define (object->pretty-string obj) + "Like 'object->string', but using 'pretty-print'." + (call-with-output-string + (lambda (port) + (pretty-print obj port)))) + +(define (channel->code channel) + "Return code to build CHANNEL, ready to be dropped in a 'channels.scm' +file." + `(channel (name ',(channel-name channel)) + (url ,(channel-url channel)) + (branch ,(channel-branch channel)) + (commit ,(channel-commit channel)))) + +(define (channel->sexp channel) + "Return an sexp describing CHANNEL. The sexp is _not_ code and is meant to +be parsed by tools; it's potentially more future-proof than code." + `(channel (name ,(channel-name channel)) + (url ,(channel-url channel)) + (branch ,(channel-branch channel)) + (commit ,(channel-commit channel)))) + +(define (provenance-file channels config-file) + "Return a 'provenance' file describing CHANNELS, a list of channels, and +CONFIG-FILE, which can be either #f or a containing the OS +configuration being used." + (scheme-file "provenance" + #~(provenance + (version 0) + (channels #+@(if channels + (map channel->sexp channels) + '())) + (configuration-file #+config-file)))) + +(define (provenance-entry config-file) + "Return system entries describing the operating system provenance: the +channels in use and CONFIG-FILE, if it is true." + (define profile + (current-profile)) + + (define channels + (and=> profile profile-channels)) + + (mbegin %store-monad + (let ((config-file (cond ((string? config-file) + (local-file config-file "configuration.scm")) + ((not config-file) + #f) + (else + config-file)))) + (return `(("provenance" ,(provenance-file channels config-file)) + ,@(if channels + `(("channels.scm" + ,(plain-file "channels.scm" + (object->pretty-string + `(list + ,@(map channel->code channels)))))) + '()) + ,@(if config-file + `(("configuration.scm" ,config-file)) + '())))))) + +(define provenance-service-type + (service-type (name 'provenance) + (extensions + (list (service-extension system-service-type + provenance-entry))) + (default-value #f) ;the OS config file + (description + "Store provenance information about the system in the system +itself: the channels used when building the system, and its configuration +file, when available."))) + + +;;; +;;; Cleanup. +;;; + (define (cleanup-gexp _) "Return a gexp to clean up /tmp and similar places upon boot." (with-imported-modules '((guix build utils)) diff --git a/gnu/system.scm b/gnu/system.scm index a353b1a5c8..525b1a171d 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -110,6 +110,7 @@ system-linux-image-file-name operating-system-with-gc-roots + operating-system-with-provenance boot-parameters boot-parameters? @@ -539,6 +540,15 @@ bookkeeping." gc-root-service-type roots) (operating-system-user-services os))))) +(define* (operating-system-with-provenance os #:optional config-file) + "Return a variant of OS that stores its own provenance information, +including CONFIG-FILE, if available. This is achieved by adding an instance +of PROVENANCE-SERVICE-TYPE to its services." + (operating-system + (inherit os) + (services (cons (service provenance-service-type config-file) + (operating-system-user-services os))))) + ;;; ;;; /etc. -- 2.24.0 From unknown Fri Aug 15 16:23:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#38441] [PATCH 2/5] guix system: Use 'provenance-service-type', add "--save-provenance". Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 30 Nov 2019 22:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38441@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 38441-submit@debbugs.gnu.org id=B38441.157515312825880 (code B ref 38441); Sat, 30 Nov 2019 22:33:02 +0000 Received: (at 38441) by debbugs.gnu.org; 30 Nov 2019 22:32:08 +0000 Received: from localhost ([127.0.0.1]:35288 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHb-0006jL-LA for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:08 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33584) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHW-0006i7-Q7 for 38441@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:03 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41772) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ibBHR-00047f-LZ; Sat, 30 Nov 2019 17:31:57 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53688 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ibBHQ-0003Ia-H3; Sat, 30 Nov 2019 17:31:56 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sat, 30 Nov 2019 23:31:45 +0100 Message-Id: <20191130223148.14336-2-ludo@gnu.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191130223148.14336-1-ludo@gnu.org> References: <20191130223148.14336-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.8 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) * guix/scripts/system.scm (show-help, %options): Add "--save-provenance". (process-action): Define 'save-provenance?' and 'transform'; call 'transform' on the OS. * doc/guix.texi (Invoking guix system): Document it under 'reconfigure'. (Service Reference): Mention that 'provenance-service-type' is automatically added by 'reconfigure' & 'init'. --- doc/guix.texi | 61 +++++++++++++++++++++++++++++++++++------ guix/scripts/system.scm | 47 ++++++++++++++++++++----------- 2 files changed, 84 insertions(+), 24 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index fd40b6535f..3dc2fd1318 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -25839,6 +25839,15 @@ switch to it@footnote{This action (and the related actions @code{switch-generation} and @code{roll-back}) are usable only on systems already running Guix System.}. +@quotation Note +@c The paragraph below refers to the problem discussed at +@c . +It is highly recommended to run @command{guix pull} once before you run +@command{guix system reconfigure} for the first time (@pxref{Invoking +guix pull}). Failing to do that you would see an older version of Guix +once @command{reconfigure} has completed. +@end quotation + This effects all the configuration specified in @var{file}: user accounts, system services, global package list, setuid programs, etc. The command starts system services specified in @var{file} that are not @@ -25857,14 +25866,27 @@ It also adds a bootloader menu entry for the new OS configuration, entries for older configurations to a submenu, allowing you to choose an older system generation at boot time should you need it. -@quotation Note -@c The paragraph below refers to the problem discussed at -@c . -It is highly recommended to run @command{guix pull} once before you run -@command{guix system reconfigure} for the first time (@pxref{Invoking -guix pull}). Failing to do that you would see an older version of Guix -once @command{reconfigure} has completed. -@end quotation +@cindex provenance tracking, of the operating system +Upon completion, the new system is deployed under +@file{/run/current-system}. This directory contains @dfn{provenance +meta-data}: the list of channels in use (@pxref{Channels}) and +@var{file} itself, when available. This information is useful should +you later want to inspect how this particular generation was built. + +In fact, assuming @var{file} is self-contained, you can later rebuild +generation @var{n} of your operating system with: + +@example +guix time-machine \ + -C /var/guix/profiles/system-@var{n}-link/channels.scm -- \ + system reconfigure \ + /var/guix/profiles/system-@var{n}-link/configuration.scm +@end example + +You can think of it as some sort of built-in version control! Your +system is not just a binary artifact: @emph{it carries its own source}. +@xref{Service Reference, @code{provenance-service-type}}, for more +information on provenance tracking. @item switch-generation @cindex generations @@ -26126,6 +26148,25 @@ This works as per @command{guix build} (@pxref{Invoking guix build}). Return the derivation file name of the given operating system without building anything. +@cindex provenance tracking, of the operating system +@item --save-provenance +As discussed above, @command{guix system init} and @command{guix system +reconfigure} always save provenance information @i{via} a dedicated +service (@pxref{Service Reference, @code{provenance-service-type}}). +However, other commands don't do that by default. If you wish to, say, +create a virtual machine image that contains provenance information, you +can run: + +@example +guix system vm-image --save-provenance config.scm +@end example + +That way, the resulting image will effectively ``embed its own source'' +in the form of meta-data in @file{/run/current-system}. With that +information, one can rebuild the image to make sure it really contains +what it pretends to contain; or they could use that to derive a variant +of the image. + @item --file-system-type=@var{type} @itemx -t @var{type} For the @code{disk-image} action, create a file system of the given @@ -27013,6 +27054,10 @@ channels can lead to the same system, bit-for-bit; when different meta-data and thus different store file names, which makes comparison less trivial. @end quotation + +This service is automatically added to your operating system +configuration when you use @command{guix system reconfigure} or +@command{guix system init}. @end defvr @node Shepherd Services diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index e49c9d36b9..b22945658e 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -722,7 +722,9 @@ and TARGET arguments." (return (primitive-eval (lowered-gexp-sexp lowered)))))) (define* (perform-action action os - #:key skip-safety-checks? + #:key + save-provenance? + skip-safety-checks? install-bootloader? dry-run? derivations-only? use-substitutes? bootloader-target target @@ -917,16 +919,18 @@ Some ACTIONS support additional ARGS.\n")) --image-size=SIZE for 'vm-image', produce an image of SIZE")) (display (G_ " --no-bootloader for 'init', do not install a bootloader")) + (display (G_ " + --save-provenance save provenance information")) (display (G_ " --share=SPEC for 'vm', share host file system according to SPEC")) + (display (G_ " + --expose=SPEC for 'vm', expose host file system according to SPEC")) (display (G_ " -N, --network for 'container', allow containers to access the network")) (display (G_ " -r, --root=FILE for 'vm', 'vm-image', 'disk-image', 'container', and 'build', make FILE a symlink to the result, and register it as a garbage collector root")) - (display (G_ " - --expose=SPEC for 'vm', expose host file system according to SPEC")) (display (G_ " --full-boot for 'vm', make a full boot sequence")) (display (G_ " @@ -977,6 +981,9 @@ Some ACTIONS support additional ARGS.\n")) (option '("full-boot") #f #f (lambda (opt name arg result) (alist-cons 'full-boot? #t result))) + (option '("save-provenance") #f #f + (lambda (opt name arg result) + (alist-cons 'save-provenance? #t result))) (option '("skip-checks") #f #f (lambda (opt name arg result) (alist-cons 'skip-safety-checks? #t result))) @@ -1040,24 +1047,32 @@ resulting from command-line parsing." file-or-exp)) obj) + (define save-provenance? + (or (assoc-ref opts 'save-provenance?) + (memq action '(init reconfigure)))) + (let* ((file (match args (() #f) ((x . _) x))) (expr (assoc-ref opts 'expression)) (system (assoc-ref opts 'system)) - (os (ensure-operating-system - (or file expr) - (cond - ((and expr file) - (leave - (G_ "both file and expression cannot be specified~%"))) - (expr - (read/eval expr)) - (file - (load* file %user-module - #:on-error (assoc-ref opts 'on-error))) - (else - (leave (G_ "no configuration specified~%")))))) + (transform (if save-provenance? + (cut operating-system-with-provenance <> file) + identity)) + (os (transform + (ensure-operating-system + (or file expr) + (cond + ((and expr file) + (leave + (G_ "both file and expression cannot be specified~%"))) + (expr + (read/eval expr)) + (file + (load* file %user-module + #:on-error (assoc-ref opts 'on-error))) + (else + (leave (G_ "no configuration specified~%"))))))) (dry? (assoc-ref opts 'dry-run?)) (bootloader? (assoc-ref opts 'install-bootloader?)) -- 2.24.0 From unknown Fri Aug 15 16:23:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#38441] [PATCH 3/5] machine: Add provenance tracking to each machine operating system. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 30 Nov 2019 22:33:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38441@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 38441-submit@debbugs.gnu.org id=B38441.157515312825888 (code B ref 38441); Sat, 30 Nov 2019 22:33:03 +0000 Received: (at 38441) by debbugs.gnu.org; 30 Nov 2019 22:32:08 +0000 Received: from localhost ([127.0.0.1]:35290 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHc-0006jN-56 for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:08 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33588) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHX-0006iC-Lg for 38441@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:04 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41773) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ibBHS-00048v-Hx; Sat, 30 Nov 2019 17:31:58 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53688 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ibBHS-0003Ia-1M; Sat, 30 Nov 2019 17:31:58 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sat, 30 Nov 2019 23:31:46 +0100 Message-Id: <20191130223148.14336-3-ludo@gnu.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191130223148.14336-1-ludo@gnu.org> References: <20191130223148.14336-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.8 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) * gnu/machine.scm (): Rename accessor to '%machine-operating-system'. (machine-operating-system): New procedure. * doc/guix.texi (Service Reference): Mention it. --- doc/guix.texi | 4 ++-- gnu/machine.scm | 7 ++++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 3dc2fd1318..198792c54a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -27056,8 +27056,8 @@ comparison less trivial. @end quotation This service is automatically added to your operating system -configuration when you use @command{guix system reconfigure} or -@command{guix system init}. +configuration when you use @command{guix system reconfigure}, +@command{guix system init}, or @command{guix deploy}. @end defvr @node Shepherd Services diff --git a/gnu/machine.scm b/gnu/machine.scm index 05b03b21d4..b342fe2144 100644 --- a/gnu/machine.scm +++ b/gnu/machine.scm @@ -93,11 +93,16 @@ make-machine machine? this-machine - (operating-system machine-operating-system) ; + (operating-system %machine-operating-system); (environment machine-environment) ; symbol (configuration machine-configuration ; configuration object (default #f))) ; specific to environment +(define (machine-operating-system machine) + "Return the operating system of MACHINE." + (operating-system-with-provenance + (%machine-operating-system machine))) + (define (machine-display-name machine) "Return the host-name identifying MACHINE." (operating-system-host-name (machine-operating-system machine))) -- 2.24.0 From unknown Fri Aug 15 16:23:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#38441] [PATCH 4/5] guix system: "list-generations" displays provenance info. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 30 Nov 2019 22:33:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38441@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 38441-submit@debbugs.gnu.org id=B38441.157515312925899 (code B ref 38441); Sat, 30 Nov 2019 22:33:03 +0000 Received: (at 38441) by debbugs.gnu.org; 30 Nov 2019 22:32:09 +0000 Received: from localhost ([127.0.0.1]:35292 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHc-0006jV-ET for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:09 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33590) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHY-0006iE-Hg for 38441@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:04 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41774) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ibBHT-00049s-Dm; Sat, 30 Nov 2019 17:31:59 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53688 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ibBHS-0003Ia-U6; Sat, 30 Nov 2019 17:31:59 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sat, 30 Nov 2019 23:31:47 +0100 Message-Id: <20191130223148.14336-4-ludo@gnu.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191130223148.14336-1-ludo@gnu.org> References: <20191130223148.14336-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.8 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) * guix/scripts/pull.scm (channel-commit-hyperlink): Export. * guix/scripts/system.scm (display-system-generation) [display-channel]: New procedure. Read the "provenance" file of GENERATION and display channel info and the configuration file name when available. --- guix/scripts/pull.scm | 1 + guix/scripts/system.scm | 49 +++++++++++++++++++++++++++++++++++++++-- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index 19410ad141..04cc51829d 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -60,6 +60,7 @@ #:use-module (ice-9 format) #:export (display-profile-content channel-list + channel-commit-hyperlink with-git-error-handling guix-pull)) diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index b22945658e..0ddb40a03c 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -36,9 +36,11 @@ #:use-module (guix records) #:use-module (guix profiles) #:use-module (guix scripts) + #:use-module (guix channels) #:use-module (guix scripts build) #:autoload (guix scripts package) (delete-generations delete-matching-generations) + #:autoload (guix scripts pull) (channel-commit-hyperlink) #:use-module (guix graph) #:use-module (guix scripts graph) #:use-module (guix scripts system reconfigure) @@ -456,9 +458,30 @@ list of services." ;;; Generations. ;;; +(define (sexp->channel sexp) + "Return the channel corresponding to SEXP, an sexp as found in the +\"provenance\" file produced by 'provenance-service-type'." + (match sexp + (('channel ('name name) + ('url url) + ('branch branch) + ('commit commit)) + (channel (name name) (url url) + (branch branch) (commit commit))))) + (define* (display-system-generation number #:optional (profile %system-profile)) "Display a summary of system generation NUMBER in a human-readable format." + (define (display-channel channel) + (format #t " ~a:~%" (channel-name channel)) + (format #t (G_ " repository URL: ~a~%") (channel-url channel)) + (when (channel-branch channel) + (format #t (G_ " branch: ~a~%") (channel-branch channel))) + (format #t (G_ " commit: ~a~%") + (if (supports-hyperlinks?) + (channel-commit-hyperlink channel) + (channel-commit channel)))) + (unless (zero? number) (let* ((generation (generation-file-name profile number)) (params (read-boot-parameters-file generation)) @@ -468,7 +491,13 @@ list of services." (root-device (if (bytevector? root) (uuid->string root) root)) - (kernel (boot-parameters-kernel params))) + (kernel (boot-parameters-kernel params)) + (provenance (catch 'system-error + (lambda () + (call-with-input-file + (string-append generation "/provenance") + read)) + (const #f)))) (display-generation profile number) (format #t (G_ " file name: ~a~%") generation) (format #t (G_ " canonical file name: ~a~%") (readlink* generation)) @@ -495,7 +524,23 @@ list of services." (else root-device))) - (format #t (G_ " kernel: ~a~%") kernel)))) + (format #t (G_ " kernel: ~a~%") kernel) + + (match provenance + (#f #t) + (('provenance ('version 0) + ('channels channels ...) + ('configuration-file config-file)) + (unless (null? channels) + ;; TRANSLATORS: Here "channel" is the same terminology as used in + ;; "guix describe" and "guix pull --channels". + (format #t (G_ " channels:~%")) + (for-each display-channel (map sexp->channel channels))) + (when config-file + (format #t (G_ " configuration file: ~a~%") + (if (supports-hyperlinks?) + (file-hyperlink config-file) + config-file)))))))) (define* (list-generations pattern #:optional (profile %system-profile)) "Display in a human-readable format all the system generations matching -- 2.24.0 From unknown Fri Aug 15 16:23:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#38441] [PATCH 5/5] guix system: Add "describe" action. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 30 Nov 2019 22:33:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38441@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 38441-submit@debbugs.gnu.org id=B38441.157515312925906 (code B ref 38441); Sat, 30 Nov 2019 22:33:03 +0000 Received: (at 38441) by debbugs.gnu.org; 30 Nov 2019 22:32:09 +0000 Received: from localhost ([127.0.0.1]:35294 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHd-0006jg-23 for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:09 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33594) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBHZ-0006iG-GG for 38441@debbugs.gnu.org; Sat, 30 Nov 2019 17:32:05 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41775) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ibBHU-0004A9-AU; Sat, 30 Nov 2019 17:32:00 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53688 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ibBHT-0003Ia-Po; Sat, 30 Nov 2019 17:32:00 -0500 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sat, 30 Nov 2019 23:31:48 +0100 Message-Id: <20191130223148.14336-5-ludo@gnu.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191130223148.14336-1-ludo@gnu.org> References: <20191130223148.14336-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.8 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) * guix/scripts/system.scm (show-help): Add "describe". (process-command): Handle it. (guix-system): Likewise. * doc/guix.texi (Invoking guix system): Document it. --- doc/guix.texi | 4 ++++ guix/scripts/system.scm | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index 198792c54a..cb4b0b45e7 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26240,6 +26240,10 @@ bootloader boot menu: @table @code +@item describe +Describe the current system generation: its file name, the kernel and +bootloader used, etc., as well as provenance information when available. + @item list-generations List a summary of each generation of the operating system available on disk, in a human-readable way. This is similar to the diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 0ddb40a03c..ccff68f1ab 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -921,6 +921,8 @@ Some ACTIONS support additional ARGS.\n")) reconfigure switch to a new operating system configuration\n")) (display (G_ "\ roll-back switch to the previous operating system configuration\n")) + (display (G_ "\ + describe describe the current system\n")) (display (G_ "\ list-generations list the system generations\n")) (display (G_ "\ @@ -1187,6 +1189,12 @@ argument list and OPTS is the option alist." ((pattern) pattern) (x (leave (G_ "wrong number of arguments~%")))))) (list-generations pattern))) + ((describe) + (match (generation-number %system-profile) + (0 + (error (G_ "no system generation, nothing to describe~%"))) + (generation + (display-system-generation generation)))) ((search) (apply (resolve-subcommand "search") args)) ;; The following commands need to use the store, but they do not need an @@ -1226,7 +1234,8 @@ argument list and OPTS is the option alist." (case action ((build container vm vm-image disk-image reconfigure init extension-graph shepherd-graph - list-generations delete-generations roll-back + list-generations describe + delete-generations roll-back switch-generation search docker-image) (alist-cons 'action action result)) (else (leave (G_ "~a: unknown action~%") action)))))) -- 2.24.0 From unknown Fri Aug 15 16:23:09 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#38441] [PATCH 0/5] Record operating system provenance info Resent-From: zimoun Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 02 Dec 2019 12:14:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38441 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 38441@debbugs.gnu.org Received: via spool by 38441-submit@debbugs.gnu.org id=B38441.15752887941558 (code B ref 38441); Mon, 02 Dec 2019 12:14:02 +0000 Received: (at 38441) by debbugs.gnu.org; 2 Dec 2019 12:13:14 +0000 Received: from localhost ([127.0.0.1]:37187 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibkZl-0000P4-M5 for submit@debbugs.gnu.org; Mon, 02 Dec 2019 07:13:13 -0500 Received: from mail-qk1-f196.google.com ([209.85.222.196]:44367) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibkZj-0000Oq-KU for 38441@debbugs.gnu.org; Mon, 02 Dec 2019 07:13:12 -0500 Received: by mail-qk1-f196.google.com with SMTP id i18so7035254qkl.11 for <38441@debbugs.gnu.org>; Mon, 02 Dec 2019 04:13:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=BrtVY+hEMI1gAHePznOTOAvRsx1Eaf6C42jtvfwi4Ks=; b=DXaSaZVfbu75pb2ACEq+UEjbYbJv0R8VM18LN06cv34SxVW9QuYlUCub0lGwlNic3H UGirjKsoAk0hUhJlcK/R6oVs2sRfP4MOKgGX0lqU/v4aV7nwc+dumB6TzN3UgUtzlDFZ mjrHusGUiZzVjPEuhTltb5AUYcABcFIprOc+5cLramOKP8a5nFVc1ZcuT2lrdvstkVcg 6HTnhuwwGlxvKZ5b3XECaUEw2dCOZ66FqbOwGymLHKihYCESDjv2Iezh/gHBxkyYs50R F97wmkPYpsjK9jPs5Tc993jNvx5Id1K1E7nNYM31Td/n8CPSXMZrgKi32CF+U6lmsnot /XRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=BrtVY+hEMI1gAHePznOTOAvRsx1Eaf6C42jtvfwi4Ks=; b=Vhkzpn8Lb4QEk8Vvms3nbr3VspomPjJfD9MRNiO3ZD37vm5lRX92nwkyk2OHEQwYPK sFkyeC+9WIE7v8Hv+jrRQLu19wWQjZoquQ7PLFUDEg8mbEYRqynPItoxlWGAHIt+8sSw 2ja+RrxVVfMPaMDQd/ZVsmsQi1NeVQAH3SfThv//wG37QVPS+JDtTcOUNqecEq8cJN6S 4isrdRmwPHIRBI5hYagXqrcbYTzP2ivXgeXqMoj6EaGxFFvUzBDCwpoMkwEGTHS85Eji j+omOzY9NB1UmGP+Z+cky82rZ+7uw0yHE7ZsTFfr2vtxu7pO0Xv0OcWaEQ5uEU7vAt68 0YMA== X-Gm-Message-State: APjAAAUC7AzaQdhDmCJjb+7F92L8qdZEr8eDQP7AEqaEHv2IPFbRmtpy I2Van6Up8n6BYlRxnb6tL2lkobXaouAenZ/1Arc= X-Google-Smtp-Source: APXvYqxcfxI9h6YVOQje3v+pmI+DQre+M26M/75Lneo/3Q7TabnPesLTcQ+YAiWru0JPnLKTFHkoJkibURjDTMz91/U= X-Received: by 2002:a37:4f10:: with SMTP id d16mr32285814qkb.80.1575288786085; Mon, 02 Dec 2019 04:13:06 -0800 (PST) MIME-Version: 1.0 References: <20191130223013.14257-1-ludo@gnu.org> In-Reply-To: <20191130223013.14257-1-ludo@gnu.org> From: zimoun Date: Mon, 2 Dec 2019 13:12:55 +0100 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.1 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.1 (-) Hi Ludo, On Sat, 30 Nov 2019 at 23:31, Ludovic Court=C3=A8s wrote: [...] > Thoughts? Really cool! This is a killer feature IMHO compared to the Dockerfile approach. Let spread the world. ;-) Cheers, simon From unknown Fri Aug 15 16:23:09 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#38441: closed (Re: [bug#38441] [PATCH 0/5] Record operating system provenance info) Message-ID: References: <877e3980il.fsf@gnu.org> <20191130223013.14257-1-ludo@gnu.org> X-Gnu-PR-Message: they-closed 38441 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 38441@debbugs.gnu.org Date: Sat, 07 Dec 2019 00:04:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1575677042-17074-1" This is a multi-part message in MIME format... ------------=_1575677042-17074-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #38441: [PATCH 0/5] Record operating system provenance info which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 38441@debbugs.gnu.org. --=20 38441: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D38441 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1575677042-17074-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 38441-done) by debbugs.gnu.org; 7 Dec 2019 00:03:56 +0000 Received: from localhost ([127.0.0.1]:47174 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1idNZk-0004R6-0a for submit@debbugs.gnu.org; Fri, 06 Dec 2019 19:03:56 -0500 Received: from eggs.gnu.org ([209.51.188.92]:45162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1idNZi-0004Qt-UE for 38441-done@debbugs.gnu.org; Fri, 06 Dec 2019 19:03:55 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:53799) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1idNZd-0000Jf-KJ for 38441-done@debbugs.gnu.org; Fri, 06 Dec 2019 19:03:49 -0500 Received: from [102.78.176.9] (port=14853 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1idNZd-0007s5-1B for 38441-done@debbugs.gnu.org; Fri, 06 Dec 2019 19:03:49 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 38441-done@debbugs.gnu.org Subject: Re: [bug#38441] [PATCH 0/5] Record operating system provenance info References: <20191130223013.14257-1-ludo@gnu.org> Date: Sat, 07 Dec 2019 01:03:46 +0100 In-Reply-To: <20191130223013.14257-1-ludo@gnu.org> ("Ludovic \=\?utf-8\?Q\?Cou\?\= \=\?utf-8\?Q\?rt\=C3\=A8s\=22's\?\= message of "Sat, 30 Nov 2019 23:30:13 +0100") Message-ID: <877e3980il.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 38441-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello! Ludovic Court=C3=A8s skribis: > services: Add 'provenance-service-type'. > guix system: Use 'provenance-service-type', add "--save-provenance". > machine: Add provenance tracking to each machine operating system. > guix system: "list-generations" displays provenance info. > guix system: Add "describe" action. Pushed! zimoun skribis: > Really cool! > > This is a killer feature IMHO compared to the Dockerfile approach. Let > spread the world. ;-) Glad you like it, thanks for your feedback! :-) Ludo=E2=80=99. ------------=_1575677042-17074-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 30 Nov 2019 22:30:24 +0000 Received: from localhost ([127.0.0.1]:35277 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBFv-0006el-FR for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:30:23 -0500 Received: from lists.gnu.org ([209.51.188.17]:32788) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ibBFu-0006ee-3b for submit@debbugs.gnu.org; Sat, 30 Nov 2019 17:30:22 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:42414) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ibBFs-0005nX-PZ for guix-patches@gnu.org; Sat, 30 Nov 2019 17:30:21 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_40 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:41752) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ibBFs-0003A0-5F; Sat, 30 Nov 2019 17:30:20 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53682 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ibBFr-00032o-Je; Sat, 30 Nov 2019 17:30:19 -0500 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/5] Record operating system provenance info Date: Sat, 30 Nov 2019 23:30:13 +0100 Message-Id: <20191130223013.14257-1-ludo@gnu.org> X-Mailer: git-send-email 2.24.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -0.8 (/) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.8 (-) Hello Guix! This patch series allows ‘guix system’ to record provenance info about a system in its output: the system itself (e.g., /run/current-system) now contains three more files: “channels.scm”, “configuration.scm”, and “provenance” (a summary of the first two files.) That means you can always inspect a deployed system to find its own “source”. In some cases, you can even run something like: guix time-machine \ -C /var/guix/profiles/system-N-link/channels.scm -- \ system reconfigure \ /var/guix/profiles/system-N-link/configuration.scm to rebuild generation N of your system. Pretty cool, no? :-) Otherwise you can simply run: guix system describe to see where your OS comes from. Provenance tracking is implemented as a service. The service is automatically added by ‘guix system init’, ‘reconfigure’, and by ‘guix deploy’. For other commands, one can pass ‘--save-provenance’ to turn it on. This was long overdue! This has interesting implications on trustworthiness: you can distribute a VM/Docker image with provenance info, and anyone can reproduce it and ensure they obtain the same bits (well, ideally, because I guess a few steps may still not be bit-reproducible). Thoughts? Thanks, Ludo’. Ludovic Courtès (5): services: Add 'provenance-service-type'. guix system: Use 'provenance-service-type', add "--save-provenance". machine: Add provenance tracking to each machine operating system. guix system: "list-generations" displays provenance info. guix system: Add "describe" action. doc/guix.texi | 109 +++++++++++++++++++++++++++++++++++++--- gnu/machine.scm | 7 ++- gnu/services.scm | 87 ++++++++++++++++++++++++++++++++ gnu/system.scm | 10 ++++ guix/scripts/pull.scm | 1 + guix/scripts/system.scm | 107 ++++++++++++++++++++++++++++++++------- 6 files changed, 293 insertions(+), 28 deletions(-) -- 2.24.0 ------------=_1575677042-17074-1--