Sorry for not getting back to you. Looks promising!
I wish I could release everything under a free license. Baby steps though! I’ve managed to release a few things under LGPL since I started! That’s 100% more than before! But anyway. The biggest hurdle I see is that updating in an air gapped environment doesn’t seem supported because guix’s git url is hard coded. Does this need to be the case? If not, I might see if I can find an nice way of making this more configurable James > On 21 Oct 2022, at 11:01, Maxime Devos <maximede...@telenet.be> wrote: > > On 20-10-2022 23:19, James Hobson wrote: >> Hello! >> Currently evaluating guix for embedded systems at work. But I have a few >> questions that I can’t quite work out from the docs. Please feel no >> obligation to answer! >> Please note that my guix journey is at its very beginning. I’ve not even had >> a go at packaging! >> Question 1 >> We would need to host the guix substitute server in an airgapped >> environment. The server would contain plain guix packages, our in house >> packages, and maybe patched guix packages. Would that be possible without >> having to rebuild the entire guix package set? We don’t have so many build >> machines, especially not for armv7. > > You can tell Cuirass to only build a selection of packages (and their > dependencies), by using a manifest, then not all of Guix is compiled but only > what's necessary for your particular purpose. > > Also, your Cuirass instance still needs access to the source code of the > packages somehow, which will need to be somehow be squared with your > 'airgapped environment', though maybe 'copy over the result of guix build > --sources=transitive" would be acceptable (*). > > (*) except that this is after application of snippet; some kind of > "--sources=raw,transitive" may be needed. > >> Question 2 [...] > > I don't know the answer to this. > >> Question 3 >> Our software is sadly proprietary. Is there a way for guix build to >> selectively unpack and patch all non-proprietary sources so that we can >> provide it to anyone who asks? I feel like if this isn’t a thing already, I >> guess I can write it in scheme? > > I assume you meant 'patch all non-proprietary' -> 'patch out all > proprietary', such that at least the free parts can be used? > > In that case, this is done already in some package definitions in Guix, by a > 'snippet' removing parts that are non-free, such that they are not built and > are not part of "guix build --source". (See: ‘Snippets versus Phases’ in the > documentation, though it doesn't mention non-free things directly). > > The Guix user can still access the unpatched source code though, by > inspecting the package definition and removing the snippet, so it looks to me > like that option is only good for 'you aren't allowed to modify this part of > the source code + guix build --source must produce something free', not for > 'you aren't allowed to see or distribute this' situations. > > Alternatively, you could avoid all this complexity by making your software > free. > > Greetings, > Maxime. > <OpenPGP_0x49E3EE22191725EE.asc>