From unknown Sat Jun 14 19:38:12 2025 X-Loop: help-debbugs@gnu.org Subject: bug#42964: Potential FSDG issue with debootstrap scripts Resent-From: Denis 'GNUtoo' Carikli Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 21 Aug 2020 04:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 42964 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 42964@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.159798559020189 (code B ref -1); Fri, 21 Aug 2020 04:54:01 +0000 Received: (at submit) by debbugs.gnu.org; 21 Aug 2020 04:53:10 +0000 Received: from localhost ([127.0.0.1]:44748 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k8z38-0005FZ-4Q for submit@debbugs.gnu.org; Fri, 21 Aug 2020 00:53:10 -0400 Received: from lists.gnu.org ([209.51.188.17]:45762) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1k8z36-0005FQ-2f for submit@debbugs.gnu.org; Fri, 21 Aug 2020 00:53:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52468) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1k8z35-0006Av-QI for bug-guix@gnu.org; Fri, 21 Aug 2020 00:53:07 -0400 Received: from cyberdimension.org ([80.67.179.20]:47584 helo=gnutoo.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1k8z33-00065t-HV for bug-guix@gnu.org; Fri, 21 Aug 2020 00:53:07 -0400 Received: from gnutoo.cyberdimension.org (localhost [127.0.0.1]) by cyberdimension.org (OpenSMTPD) with ESMTP id 6f34cd28 for ; Fri, 21 Aug 2020 04:51:22 +0000 (UTC) Received: from primarylaptop.localdomain (localhost.localdomain [::1]) by gnutoo.cyberdimension.org (OpenSMTPD) with ESMTP id 57b690a2 for ; Fri, 21 Aug 2020 04:51:22 +0000 (UTC) Date: Fri, 21 Aug 2020 06:45:27 +0200 From: Denis 'GNUtoo' Carikli Message-ID: <20200821064527.5cf8d23b@primarylaptop.localdomain> X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; i686-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/8Sw+v4abKZPeDjh+JYJQhy_"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=80.67.179.20; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-detected-operating-system: by eggs.gnu.org: First seen = 2020/08/21 00:53:01 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --Sig_/8Sw+v4abKZPeDjh+JYJQhy_ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, I found a potential issue with the debootstrap package and the Guix blog. The Free System Distribution Guidelines states that: > A free system distribution must not steer users towards obtaining any > nonfree information for practical use, or encourage them to do so. > The system should have no repositories for nonfree software and no > specific recipes for installation of particular nonfree programs. Nor > should the distribution refer to third-party repositories that are > not committed to only including free software; even if they only have > free software today, that may not be true tomorrow. Programs in the > system should not suggest installing nonfree plugins, documentation, > and so on. However after instalation, the debootstrap package contains scripts for installing many distributions, and most of them are either not FSDG compliant or have nonfree software in them. I assume that the Ubuntu repositories are "third-party repositories that are not committed to only including free software", and they are used in the debootstrap scripts to install Ubuntu. After installation I got the following scripts in ~/.guix_profile/share/debootstrap/scripts/: - aequorea - amber - artful - ascii - bartholomea - beowulf - bionic - bookworm - breezy - bullseye - buster - ceres - chromodoris - cosmic - dapper - dasyatis - debian-common - disco - edgy - eoan - etch - etch-m68k - feisty - focal - gutsy - hardy - hoary - hoary.buildd - intrepid - jaunty - jessie - jessie-kfreebsd - kali - kali-dev - kali-last-snapshot - kali-rolling - karmic - lenny - lucid - maverick - natty - oldoldstable - oldstable - oneiric - potato - precise - quantal - raring - sarge - sarge.buildd - sarge.fakechroot - saucy - sid - squeeze - stable - stretch - testing - trusty - unstable - utopic - vivid - warty - warty.buildd - wheezy - wily - woody - woody.buildd - xenial - yakkety - zesty The scripts are named after distribution codenames. So here you can see some ubuntu code names like trusty, xenial, etc (ubuntu contains nonfree software), or some debian code names like stretch. Not all scripts are problematic, as amber is the codename of the main PureOS repository[2]. To fix that, Parabola patches debootstrap to remove the problematic scripts[3] and also adds support for many FSDG distributions along the way. It also has a modified manual[4] with examples for Trisquel instead of Debian. Something similar could probably be done in debian.scm[5]. In addition the Guix blog post about "Running a Ganeti cluster on Guix"[6] should probably be reviewed as it contains code to install Debian buster. As I understand, Debian may not contain nonfree software but it is not FSDG compliant, so it could be a good idea to use an FSDG compliant distributions instead to avoid any issues. In addition if the buster script is removed, then the code on the blog post won't work anymore. References: ----------- [1]https://www.gnu.org/distros/free-system-distribution-guidelines.html [2]https://libreplanet.org/wiki/Group:Hardware/FSDG_distributions/PureOS [3]https://git.parabola.nu/abslibre.git/tree/libre/debootstrap/PKGBUILD#n50 [4]https://git.parabola.nu/abslibre.git/tree/libre/debootstrap/debootstrap.8 [5]https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/debian.scm#= n121 [6]https://guix.gnu.org/en/blog/2020/running-a-ganeti-cluster-on-guix/ Denis. --Sig_/8Sw+v4abKZPeDjh+JYJQhy_ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAl8/UWcACgkQX138wUF3 4mMY5Q//bPHoIi+0BWTG+d0HK2R5mH+uL3OEJyCQBqt/e3jhVd8FypKBNGNENe5F zQsUbbWlVxj3vDFB7ndtwtgUd2IwSSihAhg9okD+Gm80wA9vWQt8dLFqPuVjroWG +JZOmp4PM2b59+A2qMHsdQM4vxqgu+qdvhT0kQ7SlFr7RXsBL0R3zJ9Mhw67dGlN mhX89LYBvpJcnD6KHlH0BQJpK6hwUa7USSh3NMvTsu9BP07aeSkYG16/719PtPEg 95iewUBAgYXYITLmadVsxYdmOOBCmK/ROGthMd1kwOIRiZFXwHnN7dg8hHEjozXp +WHaylKOKuuuixsfQtMvitX+emdIth7RHIhOv5s7Ntz22dAszKQJwxuy9sgLDkpg A5JB9Iq4fc7aKg82QAAOzPHixcbjp21ifRSgU8j+XiKmf4Q7OZgic/TvKMFZ/uGa m+oWPE6VKeh7AJrerQCwXcN7JnL6v7wqTqmMHKYrsBNMdnQi3qZ+lzqfL5TcVH/e E20khAz10qXD27Csn6CJDl9x/FmlcxOu481FKDyj1n/2C9ebowhUY3qeRr2qZRuM t68oYboiWKBd9sQ0OGaW8PGY2VhymnWShfAmHLiVFHC/rOvUGYyd4pGXGpCPrbEb iiwGNSKwm38gcp38iV/xVfRu+7fXSEBmUqWF8MY911gojLp3DHQ= =lazX -----END PGP SIGNATURE----- --Sig_/8Sw+v4abKZPeDjh+JYJQhy_-- From unknown Sat Jun 14 19:38:12 2025 X-Loop: help-debbugs@gnu.org Subject: bug#42964: Potential FSDG issue with debootstrap scripts Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 26 Aug 2020 20:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42964 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Denis 'GNUtoo' Carikli , 42964@debbugs.gnu.org Received: via spool by 42964-submit@debbugs.gnu.org id=B42964.15984754856057 (code B ref 42964); Wed, 26 Aug 2020 20:59:02 +0000 Received: (at 42964) by debbugs.gnu.org; 26 Aug 2020 20:58:05 +0000 Received: from localhost ([127.0.0.1]:40961 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kB2Ue-0001Zd-Re for submit@debbugs.gnu.org; Wed, 26 Aug 2020 16:58:05 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50492) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kB2Ub-0001Z7-Fb for 42964@debbugs.gnu.org; Wed, 26 Aug 2020 16:58:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:40911) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kB2UV-0000oq-Nu; Wed, 26 Aug 2020 16:57:55 -0400 Received: from ti0006q161-3115.bb.online.no ([88.95.106.80]:48136 helo=localhost) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kB2UU-0005qU-RP; Wed, 26 Aug 2020 16:57:55 -0400 From: Marius Bakke In-Reply-To: <20200821064527.5cf8d23b@primarylaptop.localdomain> References: <20200821064527.5cf8d23b@primarylaptop.localdomain> Date: Wed, 26 Aug 2020 22:56:15 +0200 Message-ID: <87o8mx6s9c.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Denis 'GNUtoo' Carikli writes: > Hi, > > I found a potential issue with the debootstrap package and the Guix > blog. Thanks for bringing this to our attention! > The Free System Distribution Guidelines states that: >> A free system distribution must not steer users towards obtaining any >> nonfree information for practical use, or encourage them to do so. >> The system should have no repositories for nonfree software and no >> specific recipes for installation of particular nonfree programs. Nor >> should the distribution refer to third-party repositories that are >> not committed to only including free software; even if they only have >> free software today, that may not be true tomorrow. Programs in the >> system should not suggest installing nonfree plugins, documentation, >> and so on. > > However after instalation, the debootstrap package contains scripts for > installing many distributions, and most of them are either not FSDG > compliant or have nonfree software in them. > > I assume that the Ubuntu repositories are "third-party repositories that > are not committed to only including free software", and they are used > in the debootstrap scripts to install Ubuntu. Does Ubuntu carry non-free software in the default repos? If so I agree that is a problem. > After installation I got the following scripts in > ~/.guix_profile/share/debootstrap/scripts/: [...] > The scripts are named after distribution codenames. So here you can see > some ubuntu code names like trusty, xenial, etc (ubuntu contains nonfree > software), or some debian code names like stretch. Here you assert that Ubuntu contains non-free software, but previously you only assumed so. Did you figure it out along the way? :-) > Not all scripts are problematic, as amber is the codename of the > main PureOS repository[2]. Why is PureOS not problematic? They have a "non-free" repository component too: https://deb.puri.sm/pureos/pool/non-free/ > To fix that, Parabola patches debootstrap to remove the problematic > scripts[3] and also adds support for many FSDG distributions along the > way. It also has a modified manual[4] with examples for Trisquel > instead of Debian. > > Something similar could probably be done in debian.scm[5]. Thanks for the information. I actually wanted to use Trisquel for the Ganeti documentation, and was surprised that it was not supported by debootstrap. Do you know where to find the Parabola patches? Any chance they will upstream the work? > In addition the Guix blog post about "Running a Ganeti cluster on > Guix"[6] should probably be reviewed as it contains code to install > Debian buster. > > As I understand, Debian may not contain nonfree software but it is not > FSDG compliant, so it could be a good idea to use an FSDG compliant > distributions instead to avoid any issues. In addition if the buster > script is removed, then the code on the blog post won't work anymore. AIUI the FSDG does not require that linked package repositories are committed to the FSDG, only that they are committed to providing only free software, which Debian is. What issues do you have in mind? Note that the Guix manual section on Ganeti also contains references to Debian and Ubuntu; I agree it would be nice to refer to FSDG-friendly distributions there instead (but first we need support in debootstrap). I have slight reservations against changing the blog post without a good reason: it is fairly disconnected from the Guix software distribution and has already "made the rounds". Someone bookmarking it for later reference might get annoyed that the code is no longer there. But if there is consensus among Guix users or a breach of the FSDG I am of course happy to update it. Thanks! --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl9GzG8ACgkQoqBt8qM6 VPrWsQgAwmGSlt/xlOFS+MWpsrGRL1Wf/ulYw8iQEFMhwNLe1rO0+khrmu2ohGyX j9CGD3rD7An1K08fl1mhR+KauNbeyUnsLMthaKblIrVj/J8rm/3FqqRXHjKkJnOH NcQy0RjUOP4MLWPG/VsM1A+IJsxUqvNYj7crImwis3g07LAEaH3l0V58fOu+jMbu S2vInhkwOTXfph+Bt7Y5XEgi9jqcEqCQg9H1RB4Q9WnExSpcEktvy6ykM4j4dq2B kK7oFewi20MbgSqGTf/QD5axny5ILmMHOmzvZtWWxypt0KG2pMaEyijZOFBzuXPp +RBQH0G69HjiijquLbl1u9A76J12qg== =jmBl -----END PGP SIGNATURE----- --=-=-=--