Re: Questions about Cuirass

2022-10-31 Thread Maxime Devos



On 30-10-2022 13:50, James Hobson wrote:

Sorry for not getting back to you.

Looks promising!

I wish I could release everything under a free license. Baby steps though! I’ve 
managed to release a few things under LGPL since I started! That’s 100% more 
than before!


Sounds good.


But anyway. The biggest hurdle I see is that updating in an air gapped 
environment doesn’t seem supported because guix’s git url is hard coded. Does 
this need to be the case? If not, I might see if I can find an nice way of 
making this more configurable


There is a default, yes, but it's not hardcoded, you can override it. 
Have a look at "Invoking 'guix pull'" in the manual, in particular its 
'--url=URL' argument.



James


> [...]

I prefer no top-posting; my e-mail client, and more generally almost all 
e-mail clients I think, keep a thread of previous messages.  I would 
prefer to not to have to scroll down to read the rest of the message 
only to discover there is none.


Greetings,
Maxime


OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature


Re: Questions about Cuirass

2022-10-30 Thread James Hobson
Sorry for not getting back to you.

Looks promising!

I wish I could release everything under a free license. Baby steps though! I’ve 
managed to release a few things under LGPL since I started! That’s 100% more 
than before!

But anyway. The biggest hurdle I see is that updating in an air gapped 
environment doesn’t seem supported because guix’s git url is hard coded. Does 
this need to be the case? If not, I might see if I can find an nice way of 
making this more configurable

James

> On 21 Oct 2022, at 11:01, Maxime Devos  wrote:
> 
> On 20-10-2022 23:19, James Hobson wrote:
>> Hello!
>> Currently evaluating guix for embedded systems at work. But I have a few 
>> questions that I can’t quite work out from the docs. Please feel no 
>> obligation to answer!
>> Please note that my guix journey is at its very beginning. I’ve not even had 
>> a go at packaging!
>> Question 1
>> We would need to host the guix substitute server in an airgapped 
>> environment. The server would contain plain guix packages, our in house 
>> packages, and maybe patched guix packages. Would that be possible without 
>> having to rebuild the entire guix package set? We don’t have so many build 
>> machines, especially not for armv7.
> 
> You can tell Cuirass to only build a selection of packages (and their 
> dependencies), by using a manifest, then not all of Guix is compiled but only 
> what's necessary for your particular purpose.
> 
> Also, your Cuirass instance still needs access to the source code of the 
> packages somehow, which will need to be somehow be squared with your 
> 'airgapped environment', though maybe 'copy over the result of guix build 
> --sources=transitive" would be acceptable (*).
> 
> (*) except that this is after application of snippet; some kind of 
> "--sources=raw,transitive" may be needed.
> 
>> Question 2 [...]
> 
> I don't know the answer to this.
> 
>> Question 3
>> Our software is sadly proprietary. Is there a way for guix build to 
>> selectively unpack and patch all non-proprietary sources so that we can 
>> provide it to anyone who asks? I feel like if this isn’t a thing already, I 
>> guess I can write it in scheme?
> 
> I assume you meant 'patch all non-proprietary' -> 'patch out all 
> proprietary', such that at least the free parts can be used?
> 
> In that case, this is done already in some package definitions in Guix, by a 
> 'snippet' removing parts that are non-free, such that they are not built and 
> are not part of "guix build --source". (See: ‘Snippets versus Phases’ in the 
> documentation, though it doesn't mention non-free things directly).
> 
> The Guix user can still access the unpatched source code though, by 
> inspecting the package definition and removing the snippet, so it looks to me 
> like that option is only good for 'you aren't allowed to modify this part of 
> the source code + guix build --source must produce something free', not for 
> 'you aren't allowed to see or distribute this' situations.
> 
> Alternatively, you could avoid all this complexity by making your software 
> free.
> 
> Greetings,
> Maxime.
> 


Re: Questions about Cuirass

2022-10-21 Thread Maxime Devos

On 20-10-2022 23:19, James Hobson wrote:

Hello!

Currently evaluating guix for embedded systems at work. But I have a few 
questions that I can’t quite work out from the docs. Please feel no obligation 
to answer!

Please note that my guix journey is at its very beginning. I’ve not even had a 
go at packaging!

Question 1
We would need to host the guix substitute server in an airgapped environment. 
The server would contain plain guix packages, our in house packages, and maybe 
patched guix packages. Would that be possible without having to rebuild the 
entire guix package set? We don’t have so many build machines, especially not 
for armv7.


You can tell Cuirass to only build a selection of packages (and their 
dependencies), by using a manifest, then not all of Guix is compiled but 
only what's necessary for your particular purpose.


Also, your Cuirass instance still needs access to the source code of the 
packages somehow, which will need to be somehow be squared with your 
'airgapped environment', though maybe 'copy over the result of guix 
build --sources=transitive" would be acceptable (*).


(*) except that this is after application of snippet; some kind of 
"--sources=raw,transitive" may be needed.



Question 2 [...]


I don't know the answer to this.


Question 3
Our software is sadly proprietary. Is there a way for guix build to selectively 
unpack and patch all non-proprietary sources so that we can provide it to 
anyone who asks? I feel like if this isn’t a thing already, I guess I can write 
it in scheme?


I assume you meant 'patch all non-proprietary' -> 'patch out all 
proprietary', such that at least the free parts can be used?


In that case, this is done already in some package definitions in Guix, 
by a 'snippet' removing parts that are non-free, such that they are not 
built and are not part of "guix build --source". (See: ‘Snippets versus 
Phases’ in the documentation, though it doesn't mention non-free things 
directly).


The Guix user can still access the unpatched source code though, by 
inspecting the package definition and removing the snippet, so it looks 
to me like that option is only good for 'you aren't allowed to modify 
this part of the source code + guix build --source must produce 
something free', not for 'you aren't allowed to see or distribute this' 
situations.


Alternatively, you could avoid all this complexity by making your 
software free.


Greetings,
Maxime.


OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature