[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A registry for distributed sources and binaries

From: Ludovic Courtès
Subject: Re: A registry for distributed sources and binaries
Date: Mon, 25 Jul 2016 11:21:43 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)


Ricardo Wurmus <address@hidden> skribis:

> Currently, GUIX_PACKAGE_PATH depends on some manual work to be done
> first.  Finding a third-party repository, downloading it, updating it
> separately from Guix itself (it won’t get updated via “guix pull”),
> setting the variable.
> When binary substitutes are involved some more steps are required: find
> and download the public key of the distributor (who might be running
> hydra or something like “guix publish”) and authorise it.
> Taken together it may seem a little too cumbersome compared to what
> other package managers do.  To enable a third-party repository for
> Ubuntu, for example, I only need to run one command.  When downloading
> packages I may also need to verify and accept a GPG key.

That’s a two-step process (or one-step if there are no binaries).

Honestly, I don’t find it intimidating (definitely not a showstopper),
but I agree it’s even better if it can be simplified.

> Could it be enough if Guix offered a simpler way to fetch package
> definitions and (optionally) binary substitutes from a third party who
> maintains both the package definitions and (optionally) distributes
> pre-built binary substitutes?
> Here are some concrete proposals:
> * Add a “guix config” command, which allows users to modify the
>   behaviour of their instance of Guix.
> * Support adding repositories via “guix config”.  A “repository” is a
>   remote set of Guile modules and (optionally) an public endpoint of
>   “guix publish” through which substitutes of only those packages that
>   are defined in the repository’s modules can be downloaded.
> * The first time a repository is accessed, the specified modules are
>   cloned and stored in a per-user state directory
>   (“~/.cache/guix/<domain>” maybe?).  Guix is automatically configured
>   to use the modules from “~/.cache/guix/<domain>” in addition to what
>   is on GUIX_PACKAGE_PATH.  Additionally, the distribution public key
>   for binary substitutes is fetched from a well-known location (if
>   applicable) and users are asked to confirm.
> * When a user runs “guix pull” all enabled repositories are also
>   updated.  Otherwise the cached copy from last access is used.
> * Update “guix --version” to also return the version of each configured
>   repository.
> * Add a command line switch “--vanilla” (or similar) to disable any
>   custom configuration and any configured repositories.

I like the idea!  (With the caveat that, again, external repos can break

Partly related to that:


reply via email to

[Prev in Thread] Current Thread [Next in Thread]