futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

guix system: Use 'provenance-service-type', add "--save-provenance".

Browse Source 
* guix/scripts/system.scm (show-help, %options): Add "--save-provenance".
(process-action): Define 'save-provenance?' and 'transform'; call
'transform' on the OS.
* doc/guix.texi (Invoking guix system): Document it under 'reconfigure'.
(Service Reference): Mention that 'provenance-service-type' is
automatically added by 'reconfigure' & 'init'.
This commit is contained in:
Ludovic Courtès 2019-11-30 18:13:09 +01:00
parent 33b7cb7a59
commit b85836d306
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 84 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
doc/guix.texi
View File

@ -25900,6 +25900,15 @@ switch to it@footnote{This action (and the related actions
@code{switch-generation} and @code{roll-back}) are usable only on @code{switch-generation} and @code{roll-back}) are usable only on
systems already running Guix System.}. systems already running Guix System.}.
@quotation Note
@c The paragraph below refers to the problem discussed at
@c <https://lists.gnu.org/archive/html/guix-devel/2014-08/msg00057.html>.
It is highly recommended to run @command{guix pull} once before you run
@command{guix system reconfigure} for the first time (@pxref{Invoking
guix pull}). Failing to do that you would see an older version of Guix
once @command{reconfigure} has completed.
@end quotation
This effects all the configuration specified in @var{file}: user This effects all the configuration specified in @var{file}: user
accounts, system services, global package list, setuid programs, etc. accounts, system services, global package list, setuid programs, etc.
The command starts system services specified in @var{file} that are not The command starts system services specified in @var{file} that are not
@ -25918,14 +25927,27 @@ It also adds a bootloader menu entry for the new OS configuration,
entries for older configurations to a submenu, allowing you to choose entries for older configurations to a submenu, allowing you to choose
an older system generation at boot time should you need it. an older system generation at boot time should you need it.
@quotation Note @cindex provenance tracking, of the operating system
@c The paragraph below refers to the problem discussed at Upon completion, the new system is deployed under
@c <https://lists.gnu.org/archive/html/guix-devel/2014-08/msg00057.html>. @file{/run/current-system}. This directory contains @dfn{provenance
It is highly recommended to run @command{guix pull} once before you run meta-data}: the list of channels in use (@pxref{Channels}) and
@command{guix system reconfigure} for the first time (@pxref{Invoking @var{file} itself, when available. This information is useful should
guix pull}). Failing to do that you would see an older version of Guix you later want to inspect how this particular generation was built.
once @command{reconfigure} has completed.
@end quotation In fact, assuming @var{file} is self-contained, you can later rebuild
generation @var{n} of your operating system with:
@example
guix time-machine \
-C /var/guix/profiles/system-@var{n}-link/channels.scm -- \
system reconfigure \
/var/guix/profiles/system-@var{n}-link/configuration.scm
@end example
You can think of it as some sort of built-in version control! Your
system is not just a binary artifact: @emph{it carries its own source}.
@xref{Service Reference, @code{provenance-service-type}}, for more
information on provenance tracking.
@item switch-generation @item switch-generation
@cindex generations @cindex generations
@ -26187,6 +26209,25 @@ This works as per @command{guix build} (@pxref{Invoking guix build}).
Return the derivation file name of the given operating system without Return the derivation file name of the given operating system without
building anything. building anything.
@cindex provenance tracking, of the operating system
@item --save-provenance
As discussed above, @command{guix system init} and @command{guix system
reconfigure} always save provenance information @i{via} a dedicated
service (@pxref{Service Reference, @code{provenance-service-type}}).
However, other commands don't do that by default. If you wish to, say,
create a virtual machine image that contains provenance information, you
can run:
@example
guix system vm-image --save-provenance config.scm
@end example
That way, the resulting image will effectively ``embed its own source''
in the form of meta-data in @file{/run/current-system}. With that
information, one can rebuild the image to make sure it really contains
what it pretends to contain; or they could use that to derive a variant
of the image.
@item --file-system-type=@var{type} @item --file-system-type=@var{type}
@itemx -t @var{type} @itemx -t @var{type}
For the @code{disk-image} action, create a file system of the given For the @code{disk-image} action, create a file system of the given
@ -27086,6 +27127,10 @@ channels can lead to the same system, bit-for-bit; when
different meta-data and thus different store file names, which makes different meta-data and thus different store file names, which makes
comparison less trivial. comparison less trivial.
@end quotation @end quotation
This service is automatically added to your operating system
configuration when you use @command{guix system reconfigure} or
@command{guix system init}.
@end defvr @end defvr
@node Shepherd Services @node Shepherd Services

47
guix/scripts/system.scm
View File

@ -722,7 +722,9 @@ and TARGET arguments."
(return (primitive-eval (lowered-gexp-sexp lowered)))))) (return (primitive-eval (lowered-gexp-sexp lowered))))))
(define* (perform-action action os (define* (perform-action action os
#:key skip-safety-checks? #:key
save-provenance?
skip-safety-checks?
install-bootloader? install-bootloader?
dry-run? derivations-only? dry-run? derivations-only?
use-substitutes? bootloader-target target use-substitutes? bootloader-target target
@ -917,16 +919,18 @@ Some ACTIONS support additional ARGS.\n"))
--image-size=SIZE for 'vm-image', produce an image of SIZE")) --image-size=SIZE for 'vm-image', produce an image of SIZE"))
(display (G_ " (display (G_ "
--no-bootloader for 'init', do not install a bootloader")) --no-bootloader for 'init', do not install a bootloader"))
(display (G_ "
--save-provenance save provenance information"))
(display (G_ " (display (G_ "
--share=SPEC for 'vm', share host file system according to SPEC")) --share=SPEC for 'vm', share host file system according to SPEC"))
(display (G_ "
--expose=SPEC for 'vm', expose host file system according to SPEC"))
(display (G_ " (display (G_ "
-N, --network for 'container', allow containers to access the network")) -N, --network for 'container', allow containers to access the network"))
(display (G_ " (display (G_ "
-r, --root=FILE for 'vm', 'vm-image', 'disk-image', 'container', -r, --root=FILE for 'vm', 'vm-image', 'disk-image', 'container',
and 'build', make FILE a symlink to the result, and and 'build', make FILE a symlink to the result, and
register it as a garbage collector root")) register it as a garbage collector root"))
(display (G_ "
--expose=SPEC for 'vm', expose host file system according to SPEC"))
(display (G_ " (display (G_ "
--full-boot for 'vm', make a full boot sequence")) --full-boot for 'vm', make a full boot sequence"))
(display (G_ " (display (G_ "
@ -979,6 +983,9 @@ Some ACTIONS support additional ARGS.\n"))
(option '("full-boot") #f #f (option '("full-boot") #f #f
(lambda (opt name arg result) (lambda (opt name arg result)
(alist-cons 'full-boot? #t result))) (alist-cons 'full-boot? #t result)))
(option '("save-provenance") #f #f
(lambda (opt name arg result)
(alist-cons 'save-provenance? #t result)))
(option '("skip-checks") #f #f (option '("skip-checks") #f #f
(lambda (opt name arg result) (lambda (opt name arg result)
(alist-cons 'skip-safety-checks? #t result))) (alist-cons 'skip-safety-checks? #t result)))
@ -1047,25 +1054,33 @@ resulting from command-line parsing."
file-or-exp)) file-or-exp))
obj) obj)
(define save-provenance?
(or (assoc-ref opts 'save-provenance?)
(memq action '(init reconfigure))))
(let* ((file (match args (let* ((file (match args
(() #f) (() #f)
((x . _) x))) ((x . _) x)))
(expr (assoc-ref opts 'expression)) (expr (assoc-ref opts 'expression))
(system (assoc-ref opts 'system)) (system (assoc-ref opts 'system))
(target (assoc-ref opts 'target)) (target (assoc-ref opts 'target))
(os (ensure-operating-system (transform (if save-provenance?
(or file expr) (cut operating-system-with-provenance <> file)
(cond identity))
((and expr file) (os (transform
(leave (ensure-operating-system
(G_ "both file and expression cannot be specified~%"))) (or file expr)
(expr (cond
(read/eval expr)) ((and expr file)
(file (leave
(load* file %user-module (G_ "both file and expression cannot be specified~%")))
#:on-error (assoc-ref opts 'on-error))) (expr
(else (read/eval expr))
(leave (G_ "no configuration specified~%")))))) (file
(load* file %user-module
#:on-error (assoc-ref opts 'on-error)))
(else
(leave (G_ "no configuration specified~%")))))))
(dry? (assoc-ref opts 'dry-run?)) (dry? (assoc-ref opts 'dry-run?))
(bootloader? (assoc-ref opts 'install-bootloader?)) (bootloader? (assoc-ref opts 'install-bootloader?))