GNU bug report logs - #44612
Read standard input in `guix repl'

Previous Next

Package: guix;

Reported by: Pierre Neidhardt <mail <at> ambrevar.xyz>

Date: Fri, 13 Nov 2020 09:42:01 UTC

Severity: normal

Tags: notabug

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 44612 <at> debbugs.gnu.org (full text, mbox):

From: Bengt Richter <bokr <at> bokr.com>
To: Pierre Neidhardt <mail <at> ambrevar.xyz>
Cc: 44612 <at> debbugs.gnu.org
Subject: Re: bug#44612: Read standard input in `guix repl'
Date: Fri, 13 Nov 2020 20:08:30 +0100

Hi Pierre,

On +2020-11-13 10:41:38 +0100, Pierre Neidhardt wrote:
> `guix repl` is a fantastic, hassle-free tool to bind Guix with
> third-party languages.  I've done it here:
> 
> https://github.com/atlas-engineer/nyxt/blob/2-pre-release-4/libraries/ospama/ospama-guix.lisp
> 
> It just works!
> 
> The only issue is that it needs to be passed a file, so I must create a
> temporary file so that I can call `guix repl` on it.
> 
> It'd be better if we could send Guile code to the standard input of the
> `guix repl -` process to bypass file generation.
> 
> Thoughts?
>

Would this enable people to type something like
    wget -O - http:try.this.for.example.com/fun.mischief|guix repl -
and if so, can you suggest some options for automatic hash or signature
checking so that a paranoid could feel safe using a file pointed to
by a friend? 

(I know one can already do silly stuff ... :)

I was hoping for a concise option that would enable a standard way of doing
integrity/trust checks by the stdin bufferful within guix. (Which I guess implies
designing fun.mischief file syntax as some kind of container packet stream, with
individually verifiable packets -- what would that mean for input to guix repl?). 

Maybe a --paranoid option at the level of --dry-run or -n ?
(maybe configurable as default --paranoid=on :)

As far as avoiding file generation, a pipeline that needs file-size chunks to do
validation checks would only avoid file inode supply limits, right?
I guess YMMV per platform? IPC also has supply limits, IIRC.

Hm, what about an option for guix like
   guix  --trust-manifest="file-containing-sufficient-verification-info-for-what-happens-next" repl -
meaning e.g., sha256sum value for what would be passed via '-' and if that contains references
to other files etc., than hashes or signatures etc for everything entailed.

> -- 
> Pierre Neidhardt
> https://ambrevar.xyz/

-- 
Regards,
Bengt Richter
This bug report was last modified 4 years and 231 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.