guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Questions about Cuirass

From: Maxime Devos
Subject: Re: Questions about Cuirass
Date: Fri, 21 Oct 2022 11:01:02 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.1 
On 20-10-2022 23:19, James Hobson wrote:

Hello!

Currently evaluating guix for embedded systems at work. But I have a few 
questions that I can’t quite work out from the docs. Please feel no obligation 
to answer!

Please note that my guix journey is at its very beginning. I’ve not even had a 
go at packaging!

Question 1
We would need to host the guix substitute server in an airgapped environment. 
The server would contain plain guix packages, our in house packages, and maybe 
patched guix packages. Would that be possible without having to rebuild the 
entire guix package set? We don’t have so many build machines, especially not 
for armv7.
You can tell Cuirass to only build a selection of packages (and their dependencies), by using a manifest, then not all of Guix is compiled but only what's necessary for your particular purpose.
Also, your Cuirass instance still needs access to the source code of the packages somehow, which will need to be somehow be squared with your 'airgapped environment', though maybe 'copy over the result of guix build --sources=transitive" would be acceptable (*).
(*) except that this is after application of snippet; some kind of "--sources=raw,transitive" may be needed. 


Question 2 [...]


I don't know the answer to this.


Question 3
Our software is sadly proprietary. Is there a way for guix build to selectively 
unpack and patch all non-proprietary sources so that we can provide it to 
anyone who asks? I feel like if this isn’t a thing already, I guess I can write 
it in scheme?
I assume you meant 'patch all non-proprietary' -> 'patch out all proprietary', such that at least the free parts can be used?
In that case, this is done already in some package definitions in Guix, by a 'snippet' removing parts that are non-free, such that they are not built and are not part of "guix build --source". (See: ‘Snippets versus Phases’ in the documentation, though it doesn't mention non-free things directly).
The Guix user can still access the unpatched source code though, by inspecting the package definition and removing the snippet, so it looks to me like that option is only good for 'you aren't allowed to modify this part of the source code + guix build --source must produce something free', not for 'you aren't allowed to see or distribute this' situations.
Alternatively, you could avoid all this complexity by making your software free. 

Greetings,
Maxime.

Attachment: OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]