Re: A package search engine for a curated list of channels

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A package search engine for a curated list of channels

From:	Ricardo Wurmus
Subject:	Re: A package search engine for a curated list of channels
Date:	Thu, 05 May 2022 11:01:37 +0200
User-agent:	mu4e 1.6.10; emacs 28.0.50

Mekeor Melire <mekeor@posteo.de> writes:

> An alternative would be to implement some kind of isolation. But
> channels and package declarations are just scheme/guile code, so they
> will probably always be able to run arbitrary commands on the server.

Guile has some sandboxing features.  It would be an option to evaluate
channel modules in a restricted environment with (ice-9 sandbox).  That
would benefit all of Guix.

> Another approach would be isolation. For each channel, we could run
> hpcguix-web inside a Docker-container so that there's some isolation.
> Then, we'd need to run another web-service which "bundles" the
> packages.json files of all single-channel, dockerized hpcguix-web
> instances. But:
>
>     (1.) Does Docker really offer sufficient isolation?

No more than “guix shell -C”.  There’s no good reason to use Docker when
you already have Guix.  The Docker service exists for when you have a
Docker container image that you must use, not because its
containerization is superior to “guix shell -C”.

-- 
Ricardo

[Prev in Thread]

Current Thread

[Next in Thread]

Re: A package search engine for a curated list of channels, Mekeor Melire, 2022/05/04
- Re: A package search engine for a curated list of channels, Ricardo Wurmus <=

Prev by Date: Re: set environment variables with guix shell [-m manifest.scm]
Next by Date: Seeking suggestions for fixing the R gpg package
Previous by thread: Re: A package search engine for a curated list of channels
Next by thread: set environment variables with guix shell [-m manifest.scm]
Index(es):
- Date
- Thread