[bug#70022,0/2] Binary Installation: Add more distros.

Message ID	cover.1711495227.git.GNUtoo@cyberdimension.org
Headers	show Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> Subject: [bug#70022] [PATCH 0/2] Binary Installation: Add more distros. Resent-From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Tue, 26 Mar 2024 23:47:02 +0000 Resent-Message-ID: <handler.70022.B.17114967721511@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org To: 70022@debbugs.gnu.org Cc: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> Date: Wed, 27 Mar 2024 00:45:39 +0100 Message-ID: <cover.1711495227.git.GNUtoo@cyberdimension.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=80.67.179.20; envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches
Series	Binary Installation: Add more distros. \| expand [bug#70022,0/2] Binary Installation: Add more distros. [bug#70022,1/2] doc: Binary Installation: mention Trisquel package. [bug#70022,2/2] doc: Binary Installation: add Parabola packages.

Message ID

cover.1711495227.git.GNUtoo@cyberdimension.org

Headers

Subject: [bug#70022] [PATCH 0/2] Binary Installation: Add more distros.
Resent-From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 26 Mar 2024 23:47:02 +0000
Resent-Message-ID: <handler.70022.B.17114967721511@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
To: 70022@debbugs.gnu.org
Cc: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Date: Wed, 27 Mar 2024 00:45:39 +0100
Message-ID: <cover.1711495227.git.GNUtoo@cyberdimension.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=80.67.179.20;
 envelope-from=GNUtoo@cyberdimension.org; helo=gnutoo.cyberdimension.org
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

Series

Binary Installation: Add more distros. | expand

Message

Denis 'GNUtoo' Carikli March 26, 2024, 11:45 p.m. UTC

Hi, this patchset documents the status of Guix packages in Trisquel and
Parabola that I also both use.

For Trisquel the guix package probably comes from some upstram
distribution.

For Parabola, the package comes from AUR, the Arch Linux User repository,
which is a community repository for Arch Linux where anyone can
contribute/maintain packages. I added that package in Parabola, and the
guix-installer packages was made from scratch by me.

As for the list of distributions that have Guix packages, we can find more at
https://repology.org/project/guix/versions but unfortunately I'm not familiar
enough with the other ones (like Nix/NixOS, Alpine, etc) yet to confidently
add instructions to install the guix package.

More distros having guix packages can be found at:

Denis 'GNUtoo' Carikli (2):
  doc: Binary Installation: mention Trisquel package.
  doc: Binary Installation: add Parabola packages.

 doc/guix.texi | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)


base-commit: c3f15443bc6d457758aad1326dcc6dcad9cf8d6e

Comments

pelzflorian (Florian Pelz) March 27, 2024, 4:09 p.m. UTC | #1

Hi Denis.  This is in principle a great improvement, however note that
recently (4th March or so) a local privilege escalation vulnerability in
guix-daemon was discovered
<https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/>
and many distros have not fixed it yet, such as AUR and therefore your
Parabola pcr package or Debian’s long-term releases, which Debian’s guix
packager complained about
<https://security-tracker.debian.org/tracker/CVE-2024-27297>.

Perhaps we should think about how and where we can also instruct users
to upgrade their daemon in a timely manner.  This will be different for
guix packages (that configure a vulnerable daemon systemd service) and
for guix-install (where it is enough to follow the guix pull news file,
if the admin actually uses guix pull themself and can see the news).

Otherwise LGTM.

Regards,
Florian