[Nix-dev] Google Summer of Code 2015

Thu Feb 5 07:18:13 CET 2015

>It seems like distributed binary trust would be greatly facilitated by
>an intensional store. Anyone interested in reviving that?

Isn't it extensional?

It is not even obvious whether this can be done without a lot of mounts.
I think we want to allow Nix usae without root (with /home/user/nix 
store path etc.). This use case means we don't want to rely on bind 
mounts without alternatives.

During the build time we need to refer to output path without knowing
its hash. Do we really want to rely on hash-rewriting 100% of the
packages?

I guess bit-perfect reproducible builds are already an interesting task,
if we include measuring the performance tradeoff and checking that 
security features relying on randomisation are not broken. I hope we
will be able to decide what optional flags to create to manage these 
tradeoffs…

A substituter for P2P downloads that relies on a separately managed
correspondence of build paths and content hashes is probably possible
without policy decisions. It will also be a useful thing.

As for web of trust and NDN, I am afraid that a consensus will be hard
to reach, and so I think these shouldn't be defined as parts of the GSoC
proposed task, just as a future plan to give the proposed GSoC tasks 
some context.

>On Wed, Feb 4, 2015 at 11:34 PM, stewart mackenzie <setori88 at gmail.com> wrote:
>> Distributed Hydra build support
>>
>> NixOS already has a very impressive track record in delivering quality
>> reproducible services via AWS and other cloud platforms. The secret
>> sauce is NixOps, Nix and most importantly Hydra. Hydra is the heart
>> and liver that keeps the packages cleanly building and circulating to
>> all our users. Due to the high demand, Hydra often becomes a
>> bottleneck. Our goal is to live off master branch, or at least live as
>> close to master branch as possible. By living on master our community
>> responds quickly to arising issues.
>>
>> We'll need a Hydra web-of-trust system, such that individuals whom
>> have demonstrated trust may participate in running a Hydra build farm.
>> Thus binaries from their Hydra node may be run on my system. Binaries
>> are disseminated via Named Data Networking (NDN) to other NixOS/Nix
>> users. This also allows us to implement a hierarchical Linux
>> lieutenant model such that certain lieutenants are responsible for
>> certain areas of code. Contributors then submit their patches to a
>> lieutenant whom vets the build and merges into master. As soon as the
>> merge happens those binaries are already available via NDN.
>>
>> Tasks
>> * Ensure builds are exactly reproducible
>> * Build NDN into Nix
>> * Build a web-of-trust (key dissemination will be achieved via the NDN)
>>
>> Skills
>> * Perl
>> * C/C++
>> * Familiarity with Named Data Networking
>>
>> Contacts
>> Stewart Mackenzie <setori88 at gmail.com>
>> <your name here> (eelco I think you're needed :-)