On February 3, 2018 8:10:36 AM EST, amirouche <amirou...@hypermove.net> wrote: >Hello all, > > >After discussing gnunet & guix at fosdem with gnunet >people I have better picture of where things can go. > >The short story is: > >1) There is no way to know the gnunet hash aka. gnunet uri > of a substitute before the build. > >2) There is no way to associate gnunet hash and guix hash > in a secure/trusted manner over gnunet. Except maybe > if we use GNS to publish guix hash as subdomains of > substitute-server.guix.gnu? > >Possible solutions: > >a) Add the gnunet-uri of the substitute in the package > definition. This can only work if the package is > reproducible aka. the build is always the same given > the same package definition. For reproducible builds, > it will be possible to offload the build and > the download over gnunet.
Since reproducible builds are a goal of Guix, as far as I know, maybe it would make sense to only do solution A, and only do it for packages which are reproducible. That would provide extra motivation for fixing non reproducible packages, and would also prevent having to do a bunch of work for use cases that are not the final goal.