Re: Public guix offload server

[Ludovic Courtès]

Hi,

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> Arun Isaac 写道：

[...]

>> Currently, guix offload requires mutual trust between the master
>> and the build machines. If we could make the trust only one-way,
>> security might be less of an issue.
>
> It might!  It's easy to imagine a second, less powerful offload
> protocol where clients can submit only derivations to be built by 
> the remote daemon, plus fixed-output derivations.

One thing that does not require mutual trust, roughly like you describe
is:

  GUIX_DAEMON_SOCKET=ssh://guix.example.org guix build …

We could have an HTTP bridge and that’d be workable.  It could be just
streaming the daemon RPCs as-is on websockets, or defining an HTTP API
for each useful RPC.

Perhaps some of this can be also addressed with the Guix Build
Coordinator, which already provides an HTTP API, although a higher-level
one.  Chris?

>> WDYT? How does everyone else handle big builds? Do you have access
>> to
>> powerful workstations?

I have a 4-core Intel i7 laptop, which is okay for many things, and I
also have access to a couple of 32-core machines when I need to test
bigger builds like GCC.  And then there’s waiting for ci.guix feedback.

Ludo’.