From patchwork Tue Jan 23 16:46:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 1603 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 02F9C27BBEA; Tue, 23 Jan 2024 16:47:30 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 2F3B327BBE2 for ; Tue, 23 Jan 2024 16:47:27 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rSJvV-0003BT-43; Tue, 23 Jan 2024 11:47:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rSJvO-0003BC-I1 for guix-patches@gnu.org; Tue, 23 Jan 2024 11:46:59 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rSJvO-00043D-9v for guix-patches@gnu.org; Tue, 23 Jan 2024 11:46:58 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rSJvS-0003xV-MH for guix-patches@gnu.org; Tue, 23 Jan 2024 11:47:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68677] [PATCH 0/6] Service for "virtual build machines" Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 23 Jan 2024 16:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68677 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68677@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.170602840315179 (code B ref -1); Tue, 23 Jan 2024 16:47:02 +0000 Received: (at submit) by debbugs.gnu.org; 23 Jan 2024 16:46:43 +0000 Received: from localhost ([127.0.0.1]:43864 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rSJv8-0003wk-Go for submit@debbugs.gnu.org; Tue, 23 Jan 2024 11:46:42 -0500 Received: from lists.gnu.org ([2001:470:142::17]:47988) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rSJv6-0003wW-BU for submit@debbugs.gnu.org; Tue, 23 Jan 2024 11:46:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rSJuv-00039r-Cy for guix-patches@gnu.org; Tue, 23 Jan 2024 11:46:29 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rSJuu-00041Z-Vn; Tue, 23 Jan 2024 11:46:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=LjN5svSVGq7GP4pigZm6dQbVRk6NWFxl5bJRNLJQuZ4=; b=DQrEMzB3I0b910 gFw48G0L/G2EzxpjRFz+NQ3bPC8T7XTc0QPai1GYc+ABj4QeN+vBbn3fHXC5a9rp7fsAxTItQIGaK fgRYC83dN0iaC6XldPCLpqcTRqCgohm+KTe2KR2ZFQNkejGdCjlV98/zrCpiWKyHs0OcvRaaecfWE qSz9ZH+rqyYj8z07IfQ4rXvqTM/beh94LGIek0LidIA7tfUN7qA3RXir10DBVCW3OKPVIY5CD30Ch 1dl2y8fR49h+25qXd+SwDvD/r9AiPdt8DVofjzfrW21VHbDTVSt2auAUVkCtmxUdUrUdkIfSKGSbI dy9rndBRW8nVK7pmaaDw==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Tue, 23 Jan 2024 17:46:17 +0100 Message-ID: X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Hello Guix! Lots of talk about reproducibility and how wonderful Guix is, but as soon as you try to build packages from v1.0.0, released less than 5 years ago, you hit a “time trap” in Python, in OpenSSL, or some other ugly build failure—assuming you managed to fetch source code in the first place¹. This patch series defines a long-overdue ‘virtual-build-machine-service-type’: a service to run a virtual machine available for offloading. My main goal here is to allow users to build stuff at a past date without having to change their system clock. It can also be used to control other aspects usually not under control: the CPU model, the Linux kernel. The series includes changes to that are not actually used but can be useful; they come from a previous iteration that didn’t pan out. One limitation I’d like to address is the fact that the SSH and secrets ports are exposed locally, as is already the case with childhurds (any local user could inject secrets into the VM if they connect at the right moment when it boots). Future work includes switching to AF_VSOCK sockets—see vsock(7). Some of the code is shared with childhurds. I don’t know if we could factorize things further. Thoughts? Ludo’. ¹ This blog post by Simon explains the kind of problem one hits when traveling to the not-so-distant past: https://simon.tournier.info/posts/2023-12-21-repro-paper.html Ludovic Courtès (6): services: secret-service: Make the endpoint configurable. vm: Add ‘date’ field to . vm: Export accessors. vm: Add ‘cpu-count’ field to . marionette: Add #:peek? to ‘wait-for-tcp-port?’. services: Add ‘virtual-build-machine’ service. doc/guix.texi | 139 ++++++- gnu/build/marionette.scm | 32 +- gnu/build/secret-service.scm | 62 ++-- gnu/services/virtualization.scm | 640 ++++++++++++++++++++++++-------- gnu/system/image.scm | 1 + gnu/system/vm.scm | 115 +++++- gnu/tests/virtualization.scm | 176 +++++++-- 7 files changed, 933 insertions(+), 232 deletions(-) base-commit: 299ce524c9f725549ab5548197cc88b085bba2f4