[bug#32632] [PATCH 0/3] 'guix describe' and improved provenance tracking

From: Ludovic Courtès
Subject: [bug#32632] [PATCH 0/3] 'guix describe' and improved provenance tracking
Date: Tue, 4 Sep 2018 14:09:25 +0200

Hello Guix!

This patch series aims to unleash the power of the (guix describe) and (guix
channels) modules and related things.  Highlights:

  1. Add -p to ‘guix pull’ so you can do things like:

       guix pull --branch=core-updates -p craziness
       ./craziness/bin/guix package -u

  2. Add ‘guix describe’, which produces something like this:

       Generation 7     Sep 04 2018 12:27:18    (current)
         guix c0cfc62
           repository URL: /home/ludo/src/guix
           branch: origin/wip-describe
           commit: c0cfc62f6e0a1c77e28dd7099f512ea2c6c01566
         guix-hpc 779f4df
           repository URL:
           branch: origin/master
           commit: 779f4df63892a95de6efba259abf82e64951d4be

     or like that:

       (list (channel
               (name 'guix)
               (url "/home/ludo/src/guix")
               (name 'guix-hpc)
               (url "";)

  3. Record “provenance meta-data” in manifest entries produced by ‘guix
     package’.  With this change, the ‘manifest’ file of new profiles
     contains extra properties like this:

         (version 3)
             (propagated-inputs …)
             (search-paths …)
                   (version 0)
                   (url "/home/ludo/src/guix")
                   (branch "origin/wip-describe")
             (propagated-inputs ())
             (search-paths ())
                   (version 0)
                   (url "/home/ludo/src/guix")
                   (branch "origin/wip-describe")
                   (version 0)
                   (url "";)
                   (branch "origin/master")

     Currently the UI doesn’t use it at all but it could in the future.

Future work: optionally record ‘provenance’ properties for whole systems.

Caveat: this information should be added only by end-user tools, and it
should be possible to disable it because it introduces silent differences
in build results that break bit-reproducibility, pretty much like timestamps.
For example, I wouldn’t ‘guix pack’ or ‘guix system vm{,-image}’ to record
it by default.  Conceptually, this meta-data is also a “back edge” in that
it goes from build results to source whereas the whole functional mechanism
creates edges from source to build results.

Feedback welcome!


Ludovic Courtès (3):
  pull: Add '--profile'.
  Add 'guix describe'.
  guix package: Record package provenance in manifest entries.               |   2 +
 doc/guix.texi             |  98 ++++++++++++++++++++++-
 guix/describe.scm         |   4 +-
 guix/profiles.scm         |   6 +-
 guix/scripts/describe.scm | 160 ++++++++++++++++++++++++++++++++++++++
 guix/scripts/package.scm  |  57 ++++++++++++--
 guix/scripts/pull.scm     |  22 ++++--
 po/guix/       |   1 +
 tests/    |  47 +++++++++++
 9 files changed, 380 insertions(+), 17 deletions(-)
 create mode 100644 guix/scripts/describe.scm
 create mode 100644 tests/


