Re: U.S. Midwest based build farm
On 2022-06-11, Maxime Devos wrote: > jbra...@dismail.de schreef op za 11-06-2022 om 16:06 [+]: >> What's good and/or bad about this idea? > > A positive point: extra resources, could be useful for reproducibility > testing, ...? > > A negative point: extra points through with malware can be introduced > (->compromises). Can be solved by reproducible builds and variation of > "guix challenge". Unfortunately, "guix challenge" is inherently racy. > "guix substitute" currently only checks that the narinfo has a _single_ > authorised signature, maybe it can be adjusted to allow the user to > ask: ‘only consider a substitute to be authorised if the same hash is > signed by N different authorised keys’? Even without "signed by N" reproducible builds and guix substitute servers have some very interesting qualities! It's been a while since I've tested, but I seem to recall setting up a situation where I had a untrusted substitute server locally (e.g. I didn't add that server's keys to guix's trusted keys), and also configured my guix machine to use the default guix substitute servers (which were in the guix acl for authorized keys). Roughly approximated as: guix COMMAND --substitute-urls='https://untrusted.example.com https://ci.guix.gnu.org https://bordeaux.guix.gnu.org' For packages that build reproducibly, you could actually download the signatures (which are fairly small) from the "trusted" substitute servers, but download the actual packages (which can be quite large) from the "untrusted" substitute server... I've actually been wondering if one couldn't make this behavior more explicit, e.g. have substitute servers that *only* served signatures, and substitute servers that *only* served (unsigned?) builds. I guess you can more-or-less create this effect by never publishing the key that packages are signed with for the untrusted/untrustable substitute server? Anything that you can download from the "unstrusted" server is demonstratably reproducible, because a "trusted" server also built it. presuming, of course, both servers are actually performing the builds, but worst case you still get the bit-for-bit identical packages as the "trusted" substitutes. It's an awesome way to be able to distribute the downloads for that 80% and growing number of packages that are reproducible away from the default substitute servers, without actually having to even place much trust an arbitrary third party, other than metadata about what you've downloaded... I remember this being one of my favorite features of guix that I learned about early on, but haven't really done much with it! live well, vagrant signature.asc Description: PGP signature
Re: U.S. Midwest based build farm
June 11, 2022 4:00 PM, "Maxime Devos" wrote: > jbra...@dismail.de schreef op za 11-06-2022 om 16:06 [+]: > >> What's good and/or bad about this idea? > > A positive point: extra resources, could be useful for reproducibility > testing, ...? That's actually a good idea. I could give limited ssh access to a few guix developers. Those guix developers could use my old and hopefully more powerful machines to quickly compile software. Rust takes ages to compile... > > A negative point: extra points through with malware can be introduced > (->compromises). Can be solved by reproducible builds and variation of > "guix challenge". Unfortunately, "guix challenge" is inherently racy. > "guix substitute" currently only checks that the narinfo has a _single_ > authorised signature, maybe it can be adjusted to allow the user to > ask: ‘only consider a substitute to be authorised if the same hash is > signed by N different authorised keys’? > Thanks for the feedback. We could also use the machines as a mirror or an additional substitute server. > Other points: ...? > > Greetings, > Maxime.
Re: U.S. Midwest based build farm
jbra...@dismail.de schreef op za 11-06-2022 om 16:06 [+]: > What's good and/or bad about this idea? A positive point: extra resources, could be useful for reproducibility testing, ...? A negative point: extra points through with malware can be introduced (->compromises). Can be solved by reproducible builds and variation of "guix challenge". Unfortunately, "guix challenge" is inherently racy. "guix substitute" currently only checks that the narinfo has a _single_ authorised signature, maybe it can be adjusted to allow the user to ask: ‘only consider a substitute to be authorised if the same hash is signed by N different authorised keys’? Other points: ...? Greetings, Maxime. signature.asc Description: This is a digitally signed message part
U.S. Midwest based build farm
Hey guix, I live near a big university that sells old Dell 7020 optiplex machines. So each desktop machine costs about $200 - $250, depending on how the current market rate is for hard drive and RAM. My current landlord has an unused basement. It should be somewhat easy to get an ethernet cord to the basement, plugged up to 2+ desktop machines. My ISP is metronet, which is usually pretty friendly to self-hosting things. If guix is interested in paying for some of the ISP bills, electric bills, and/or renting my landlord's basement, I think it would be pretty cool to try to set up another build farm. Why I am the best candidate for this role: I'm not. I have a pretty bad track record for being lazy. I have still not finished my opensmtpd configuration for the opensmtpd service. What do you all think? What's good and/or bad about this idea? Thanks, Joshua