--- Log opened Tue Mar 02 00:00:45 2021
01:00 < wumpus> hebasto: ubuntu comes with more stuff inthe default repositories like cross-build toolchains
01:00 < wumpus> debian didn't at least at the time
01:02 < hebasto> wumpus: I see. My point is that debian is more trustable/community reviewed than ubuntu, no?
01:02 < wumpus> not if you have to add third-party repositories for it to work
01:02 < hebasto> right
01:02 < wumpus> but sure, debian would have had a somewhat smaller trusted base, people did consider it once in a while but ubuntu 'just worked' which won
01:03 < wumpus> in any case we're leaving that behind finally now
01:05 < hebasto> without guix wrapped in gitian-descriptors as luke-jr suggested?
01:05 < wumpus> well you're free to wrap guix in anything but im not going to do it
01:06 < hebasto> i'm just trying to grok pros and cons of such an approach
01:08 < wumpus> if someone makes that, it would be just another way that you can do the guix build, the strength though is that people can use it in different environments, if it still ends up with the same hashes that increases trust that there has been no supply chain compromise
01:09 < wumpus> if everyone would use guix-on-ubuntu then it's fairly pointless
01:09 < hebasto> wumpus: thanks for sharing your point
01:12 < hebasto> so while signing guix builds it would useful to commit a build platform in some way, no?
01:13 < wumpus> why not integrate that into guix-build.sh
01:14 < wumpus> basically we have to add a 'hash relevant' step to create an assert file then allow it to be signed
01:14 < hebasto> an assert file seems a good place to describe the build platform
01:15 < wumpus> maybe... i think it makes sense for everyone to sign the same output to signatures can be combined
01:16 < hebasto> yes, we have a plan to combine signatures
01:16 < wumpus> but there could be more output from the build process of course, maybe a small file that just acts as 'this are the hashes of distributed files' and a more extensive one for troubleshooting
01:18 < wumpus> (e.g. if there are differences it might be useful to see the difference, though i can also understand if builders don't necessarily want to commit to specific details of their build platform for e.g. privacy reasons)
01:22 < wumpus> if you run guix in a VM you'd not care, but if you graft GUIX into a linux distro running on bare metal that also runs other things, you do maybe, i don't know
01:24 < hebasto> re "if you graft GUIX into a linux distro running on bare metal that also runs other things" -- not looks like a good practice
01:24 < fanquake> I've put together a second Dockerfile for Guix building. This time using the Guix package in Debian
01:24 < fanquake> https://github.com/fanquake/core-review/pull/19
01:27 < wumpus> hebasto: good practice is up to builders to decide, really, having a small as possible stack makes sense for lower-end hardware, e.g. when i get my SiFive Unmatched-based RISC-V PC i want to do builds on it
01:28 < hebasto> I see
01:28 < wumpus> sometimes your really don't want to do the VM in VM in container in etc thing
01:29 < wumpus> (besides *increasing the trusted base* at least from a theoretical point of view)
01:30 < wumpus> but sure you can just run it in docker etc if you want to conveniently generate binaries it doesn't matter as long as some people do different things
01:31 < wumpus> fanquake: neat!
01:31 < hebasto> lately, I use LXC-based gitian building without an outer VM, but guix is way more invasive to host os, therefore, VM is a good choice for me
01:33 < wumpus> it's not much more invastive than LXC, it's fairly similar
01:34 < wumpus> GUIX uses the same linux namespacing features as LXC, and installs only into a /gnu/store and some well-defined directories
01:35 < hebasto> maybe until you want to remove guix from host os; it was some painful
01:35 < wumpus> it definitely doesn't clutter the entire file system, like say, people using pip3 as root to install dependencies outside the distribution or things like that
01:35 < hebasto> right
01:36 < wumpus> and that will go away entirely once GUIX is a distro package like LXC (as it is already for debian now)
01:37 < hebasto> i did not try to remove guix as a distro package from ubuntu hirsute for now
01:38 < wumpus> it would be strange if it coulodn't be removed like other packages
01:38 < hebasto> ofc
03:18 -!- Donato46Weber [~Donato46W@static.57.1.216.95.clients.your-server.de] has joined #bitcoin-builds
04:58 -!- mol_ [~mol@unaffiliated/molly] has quit [Ping timeout: 245 seconds]
05:02 -!- mol [~mol@unaffiliated/molly] has joined #bitcoin-builds
06:37 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Remote host closed the connection]
06:37 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has joined #bitcoin-builds
06:41 -!- jonatack [~jon@37.164.30.247] has joined #bitcoin-builds
06:48 -!- Donato46Weber [~Donato46W@static.57.1.216.95.clients.your-server.de] has quit [Ping timeout: 240 seconds]
07:02 -!- mol [~mol@unaffiliated/molly] has quit [Ping timeout: 240 seconds]
07:04 -!- jonatack [~jon@37.164.30.247] has quit [Read error: Connection reset by peer]
07:15 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has quit [Remote host closed the connection]
07:20 -!- gribble [~gribble@unaffiliated/nanotube/bot/gribble] has joined #bitcoin-builds
--- Log closed Tue Mar 02 07:44:27 2021
--- Log opened Tue Mar 02 07:44:27 2021
08:10 -!- jonatack [~jon@37.164.30.247] has joined #bitcoin-builds
08:10 < luke-jr> LXC's invasiveness is why I used KVM for gitian ;)
08:10 < luke-jr> well, part of why
08:39 -!- mol [~mol@unaffiliated/molly] has joined #bitcoin-builds
09:08 -!- jonatack [~jon@37.164.30.247] has quit [Ping timeout: 260 seconds]
09:10 -!- jonatack [~jon@37.164.30.247] has joined #bitcoin-builds
12:02 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Read error: Connection reset by peer]
12:04 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-builds
13:14 -!- charlie [ad441c94@pool-173-68-28-148.nycmny.fios.verizon.net] has joined #bitcoin-builds
13:14 -!- charlie is now known as Guest7577
13:14 < midnight> LXC is indeed very invasive. :-/
13:15 -!- Guest7577 [ad441c94@pool-173-68-28-148.nycmny.fios.verizon.net] has quit [Client Quit]
15:13 -!- jonatack [~jon@37.164.30.247] has quit [Ping timeout: 276 seconds]
17:10 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 245 seconds]
17:10 -!- belcher [~belcher@unaffiliated/belcher] has joined #bitcoin-builds
18:30 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #bitcoin-builds
18:32 -!- belcher [~belcher@unaffiliated/belcher] has quit [Ping timeout: 265 seconds]
19:32 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Remote host closed the connection]
19:32 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has joined #bitcoin-builds
20:00 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 240 seconds]
20:01 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #bitcoin-builds
23:24 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has quit [Ping timeout: 256 seconds]
--- Log closed Wed Mar 03 00:00:45 2021