[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Thoughts on making Guix even better
From: |
Raghav Gururajan |
Subject: |
Thoughts on making Guix even better |
Date: |
Sun, 23 Feb 2020 02:49:12 +0000 |
Hello Guix!
I have been thinking about this for a long time and would like to share it now.
The transactional upgrades and roll-backs are available to both Guix Package
and Guix System. But I see a important difference which might be crucial to
guix's development and use.
GUIX PACKAGE:
The guix package transactions are MODULAR. That is, you can upgrade packages
selectively. For example, you can upgrade all packages except one/few (or) only
upgrade one/few.
GUIX SYSTEM:
The guix system transactions are NON-MODULAR. That is, you cannot selectively
reconfigure certain parts of the system. For example, you either reconfigure
the system as a whole (or) you do not reconfigure the system at all.
IMPLICATIONS:
Lets assume we have 5 packages in profile. Package 1, 3 and 5 has non-critical
updates. Package 4 has non-critical update but it breaks. Package 2 has
critical update (CVE). We can either upgrade all packages except package 4 (or)
we can upgrade only package 2.
Lets assume we have 5 services/packages in system. Package/Service 1, 3 and 5
has non-critical updates. Package/Service 4 has non-critical update but it
breaks. Package/Service 2 has critical update (CVE). Now, when we reconfigure
the system, all packages/services will upgrade, package/service 4 will break
the system. We can of course do '--roll-back' and take the system to previous
working state. But that will leave the system with critical vulnerability.
Therefore, we cannot reconfigure package/service 2 or any other parts of the
system, until the package/service 4 is fixed. This window/gap puts guix system
at great risk and instability.
SUGGESTION:
We can brain-storm and implement a way to make guix system transactions
modular. Any ideas?
Thank you!
Regards,
Raghav "RG" Gururajan.
- Thoughts on making Guix even better,
Raghav Gururajan <=