[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Upgrading packages with substitutes only (bug #26608)
|
From: |
Leo Famulari |
|
Subject: |
Re: Upgrading packages with substitutes only (bug #26608) |
|
Date: |
Mon, 19 Jun 2017 13:33:11 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Sun, Jun 18, 2017 at 10:44:34AM -0700, Timothy Sample wrote:
> Leo Famulari <address@hidden> writes:
> > On Sun, Jun 18, 2017 at 11:38:45AM +0200, Ricardo Wurmus wrote:
> >> In my opinion “--only-substitutes” should stop and report a list.
> >> If it continued without complaining there could be problems:
> >>
> >> * partial upgrades could leave the profile in an unusable state
>
> Maybe I don’t understand Guix that well yet, but I don’t think this is
> possible. At least I don’t understand how it would happen. Under the
> hood, the “--only-substitutes” flag would basically just be an
> intelligent “--do-not-upgrade” flag. Can I ruin my profile by misusing
> “--do-not-upgrade”?
I'm not sure what you mean by "ruin your profile". It's unlikely you'd
break your Guix installation, if that's what you mean.
However, the Guix development model is that the master branch should
always be "deployable", and Guix developers expect the typical user to
base their installations on the master branch.
If there is some package that can't be fetched from Hydra for any reason
[0], users of `--only-substitutes` will simply never get that upgraded
package until it can be downloaded.
As time goes by, their installations will basically fork from GNU Guix,
and we won't be able to understand what Guix version they are using or
be able to support it. The non-substitutable package will drag an old
and vulnerable dependency tree (growing both up and down) along with it,
and the users will probably not notice.
By the way, the same warning applies if you are upgrading your profile
piecemeal instead of all at once with `guix package -u .`.
So, `--only-substitutes` is definitely something for people who know
what they are doing and understand the risks. For this reason, I think
that using it should require shell command composition, for example:
$ guix package -u . --do-not-upgrade $(guix package -u . --only-substitutes)
We should make it easy for users to do the safe thing (a full profile
upgrade), and not be too concerned if potentially dangerous actions like
a partial upgrade require a bit of extra typing.
If it seems confusing that `guix package -u . --only-substitutes`
doesn't actually upgrade anything, then it could be named differently,
or be part of another command such as `guix substitute`.
I still think the right way to handle this feature request is to improve
the build farm. I use NixOS sometimes and I almost *never* have to build
anything; it's possible to improve our infrastructure to the point where
nobody will think they need this feature.
signature.asc
Description: PGP signature