GNU bug report logs -
#68733
[PATCH] machine: ssh: Add 'graft?' field.
Previous Next
Full log
Message #8 received at 68733 <at> debbugs.gnu.org (full text, mbox):
Hi,
Herman Rimm <herman <at> rimm.ee> skribis:
> * gnu/machine/ssh.scm (<machine-ssh-configuration>)[graft?]: New field.
> * gnu/scripts/deploy.scm (deploy-machine*): Reparameterize %graft?.
> * doc/guix.texi (Invoking guix deploy): Document it.
>
> Change-Id: Ide83bb465c9f30165f4ddc64e48c1b89484e3e69
> ---
> Hi,
>
> This patch allows disabling grafts per machine by way of a new graft?
> field for machine-ssh-configuration. I don't know what happens when a
> digital-ocean-configuration is used. But that won't matter if %graft?
> can be parameterized in (deploy-managed-host machine) in /gnu/machine/
> ssh.scm. However if %graft? is parameterized alongside %current-system,
> it does not affect grafting. Where should %graft? be parameterized?
[...]
> +@item @code{graft?} (default: @code{#t})
> +If false, system derivations will be built without applying any grafts onto
> +packages. Grafting should be disabled for deployment to machines with a
> +differing architecture.
When deploying to a different architecture, is it enough to set
(build-locally? #f) ?
Now, this field only exists for ‘machine-ssh-configuration’ and not for
Digital Ocean, but perhaps we could add it there?
Overall, I think we should cater to this use case (deploying to a
different architecture) without requiring users to disable grafts,
because that’d be exposing them to security vulnerabilities.
Thanks,
Ludo’.
This bug report was last modified 154 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.