From b85836d3067a0faccc945d584dfb88cf557eee97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Sat, 30 Nov 2019 18:13:09 +0100 Subject: guix system: Use 'provenance-service-type', add "--save-provenance". * guix/scripts/system.scm (show-help, %options): Add "--save-provenance". (process-action): Define 'save-provenance?' and 'transform'; call 'transform' on the OS. * doc/guix.texi (Invoking guix system): Document it under 'reconfigure'. (Service Reference): Mention that 'provenance-service-type' is automatically added by 'reconfigure' & 'init'. --- doc/guix.texi | 61 ++++++++++++++++++++++++++++++++++++++++++------- guix/scripts/system.scm | 47 ++++++++++++++++++++++++------------- 2 files changed, 84 insertions(+), 24 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 33ee81b150..bd7cb7a3da 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -25900,6 +25900,15 @@ switch to it@footnote{This action (and the related actions @code{switch-generation} and @code{roll-back}) are usable only on systems already running Guix System.}. +@quotation Note +@c The paragraph below refers to the problem discussed at +@c . +It is highly recommended to run @command{guix pull} once before you run +@command{guix system reconfigure} for the first time (@pxref{Invoking +guix pull}). Failing to do that you would see an older version of Guix +once @command{reconfigure} has completed. +@end quotation + This effects all the configuration specified in @var{file}: user accounts, system services, global package list, setuid programs, etc. The command starts system services specified in @var{file} that are not @@ -25918,14 +25927,27 @@ It also adds a bootloader menu entry for the new OS configuration, entries for older configurations to a submenu, allowing you to choose an older system generation at boot time should you need it. -@quotation Note -@c The paragraph below refers to the problem discussed at -@c . -It is highly recommended to run @command{guix pull} once before you run -@command{guix system reconfigure} for the first time (@pxref{Invoking -guix pull}). Failing to do that you would see an older version of Guix -once @command{reconfigure} has completed. -@end quotation +@cindex provenance tracking, of the operating system +Upon completion, the new system is deployed under +@file{/run/current-system}. This directory contains @dfn{provenance +meta-data}: the list of channels in use (@pxref{Channels}) and +@var{file} itself, when available. This information is useful should +you later want to inspect how this particular generation was built. + +In fact, assuming @var{file} is self-contained, you can later rebuild +generation @var{n} of your operating system with: + +@example +guix time-machine \ + -C /var/guix/profiles/system-@var{n}-link/channels.scm -- \ + system reconfigure \ + /var/guix/profiles/system-@var{n}-link/configuration.scm +@end example + +You can think of it as some sort of built-in version control! Your +system is not just a binary artifact: @emph{it carries its own source}. +@xref{Service Reference, @code{provenance-service-type}}, for more +information on provenance tracking. @item switch-generation @cindex generations @@ -26187,6 +26209,25 @@ This works as per @command{guix build} (@pxref{Invoking guix build}). Return the derivation file name of the given operating system without building anything. +@cindex provenance tracking, of the operating system +@item --save-provenance +As discussed above, @command{guix system init} and @command{guix system +reconfigure} always save provenance information @i{via} a dedicated +service (@pxref{Service Reference, @code{provenance-service-type}}). +However, other commands don't do that by default. If you wish to, say, +create a virtual machine image that contains provenance information, you +can run: + +@example +guix system vm-image --save-provenance config.scm +@end example + +That way, the resulting image will effectively ``embed its own source'' +in the form of meta-data in @file{/run/current-system}. With that +information, one can rebuild the image to make sure it really contains +what it pretends to contain; or they could use that to derive a variant +of the image. + @item --file-system-type=@var{type} @itemx -t @var{type} For the @code{disk-image} action, create a file system of the given @@ -27086,6 +27127,10 @@ channels can lead to the same system, bit-for-bit; when different meta-data and thus different store file names, which makes comparison less trivial. @end quotation + +This service is automatically added to your operating system +configuration when you use @command{guix system reconfigure} or +@command{guix system init}. @end defvr @node Shepherd Services diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 5f0dce2093..c9d790a731 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -722,7 +722,9 @@ and TARGET arguments." (return (primitive-eval (lowered-gexp-sexp lowered)))))) (define* (perform-action action os - #:key skip-safety-checks? + #:key + save-provenance? + skip-safety-checks? install-bootloader? dry-run? derivations-only? use-substitutes? bootloader-target target @@ -917,16 +919,18 @@ Some ACTIONS support additional ARGS.\n")) --image-size=SIZE for 'vm-image', produce an image of SIZE")) (display (G_ " --no-bootloader for 'init', do not install a bootloader")) + (display (G_ " + --save-provenance save provenance information")) (display (G_ " --share=SPEC for 'vm', share host file system according to SPEC")) + (display (G_ " + --expose=SPEC for 'vm', expose host file system according to SPEC")) (display (G_ " -N, --network for 'container', allow containers to access the network")) (display (G_ " -r, --root=FILE for 'vm', 'vm-image', 'disk-image', 'container', and 'build', make FILE a symlink to the result, and register it as a garbage collector root")) - (display (G_ " - --expose=SPEC for 'vm', expose host file system according to SPEC")) (display (G_ " --full-boot for 'vm', make a full boot sequence")) (display (G_ " @@ -979,6 +983,9 @@ Some ACTIONS support additional ARGS.\n")) (option '("full-boot") #f #f (lambda (opt name arg result) (alist-cons 'full-boot? #t result))) + (option '("save-provenance") #f #f + (lambda (opt name arg result) + (alist-cons 'save-provenance? #t result))) (option '("skip-checks") #f #f (lambda (opt name arg result) (alist-cons 'skip-safety-checks? #t result))) @@ -1047,25 +1054,33 @@ resulting from command-line parsing." file-or-exp)) obj) + (define save-provenance? + (or (assoc-ref opts 'save-provenance?) + (memq action '(init reconfigure)))) + (let* ((file (match args (() #f) ((x . _) x))) (expr (assoc-ref opts 'expression)) (system (assoc-ref opts 'system)) (target (assoc-ref opts 'target)) - (os (ensure-operating-system - (or file expr) - (cond - ((and expr file) - (leave - (G_ "both file and expression cannot be specified~%"))) - (expr - (read/eval expr)) - (file - (load* file %user-module - #:on-error (assoc-ref opts 'on-error))) - (else - (leave (G_ "no configuration specified~%")))))) + (transform (if save-provenance? + (cut operating-system-with-provenance <> file) + identity)) + (os (transform + (ensure-operating-system + (or file expr) + (cond + ((and expr file) + (leave + (G_ "both file and expression cannot be specified~%"))) + (expr + (read/eval expr)) + (file + (load* file %user-module + #:on-error (assoc-ref opts 'on-error))) + (else + (leave (G_ "no configuration specified~%"))))))) (dry? (assoc-ref opts 'dry-run?)) (bootloader? (assoc-ref opts 'install-bootloader?)) -- cgit v1.2.3