bug#44612: Read standard input in `guix repl'

[Bengt Richter]

Hi Pierre,

On +2020-11-13 10:41:38 +0100, Pierre Neidhardt wrote:
> `guix repl` is a fantastic, hassle-free tool to bind Guix with
> third-party languages.  I've done it here:
> 
> https://github.com/atlas-engineer/nyxt/blob/2-pre-release-4/libraries/ospama/ospama-guix.lisp
> 
> It just works!
> 
> The only issue is that it needs to be passed a file, so I must create a
> temporary file so that I can call `guix repl` on it.
> 
> It'd be better if we could send Guile code to the standard input of the
> `guix repl -` process to bypass file generation.
> 
> Thoughts?
>

Would this enable people to type something like
    wget -O - http:try.this.for.example.com/fun.mischief|guix repl -
and if so, can you suggest some options for automatic hash or signature
checking so that a paranoid could feel safe using a file pointed to
by a friend? 

(I know one can already do silly stuff ... :)

I was hoping for a concise option that would enable a standard way of doing
integrity/trust checks by the stdin bufferful within guix. (Which I guess 
implies
designing fun.mischief file syntax as some kind of container packet stream, with
individually verifiable packets -- what would that mean for input to guix 
repl?). 

Maybe a --paranoid option at the level of --dry-run or -n ?
(maybe configurable as default --paranoid=on :)

As far as avoiding file generation, a pipeline that needs file-size chunks to do
validation checks would only avoid file inode supply limits, right?
I guess YMMV per platform? IPC also has supply limits, IIRC.

Hm, what about an option for guix like
   guix  
--trust-manifest="file-containing-sufficient-verification-info-for-what-happens-next"
 repl -
meaning e.g., sha256sum value for what would be passed via '-' and if that 
contains references
to other files etc., than hashes or signatures etc for everything entailed.

> -- 
> Pierre Neidhardt
> https://ambrevar.xyz/

-- 
Regards,
Bengt Richter