GNU bug report logs - #45104
pull: Add a "with-substitutes" option.

Previous Next

Full log

Message #17 received at 45104 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Christopher Baines
 <mail <at> cbaines.net>
Cc: Mathieu Othacehe <othacehe <at> gnu.org>, 45104 <at> debbugs.gnu.org
Subject: Re: [bug#45104] pull: Add a "with-substitutes" option.
Date: Mon, 14 Dec 2020 12:39:21 +0100

Hi,

On Mon, 14 Dec 2020 at 12:05, Ludovic Courtès <ludo <at> gnu.org> wrote:

>   (channel-with-substitutes-available
>     (channel (name 'guix) …)
>     "https://ci.guix.gnu.org")
>
> and optionally with a manifest or a list of packages that should be
> available as substitutes:
>
>   (channel-with-substitutes-available
>     (channel (name 'guix) …)
>     "https://ci.guix.gnu.org"
>     (specifications->manifest '("emacs" "guile")))

Sounds good to me.


> BTW, doing all this is safer today because ‘guix pull’ will detect and
> prevent downgrades.  Though an attacker who manages to break into
> ci.guix.gnu.org could cause all the users of
> ‘channel-with-substitutes-available’ to no longer receive updates or to
> receive them more slowly than they appear in Git simply by making CI
> even slower than it currently is.

As mentioned earlier, if “guix pull” completes only when substitutes is
available, then depending on the CI, the user can never complete the
“pull” and so stay “blocked“.

For example, reusing your example, Emacs is not currently available and
it has been since say 1 month.  Therefore until Emacs becomes available
for the fast moving HEAD, the user would be “blocked”.  Or I miss
something.

<https://data.guix.gnu.org/repository/1/branch/master/package/emacs/output-history>

All the best,
simon

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.