(address . bug-guix@gnu.org)
20200821064527.5cf8d23b@primarylaptop.localdomain
Hi,
I found a potential issue with the debootstrap package and the Guix
blog.
The Free System Distribution Guidelines states that:
Toggle quote (10 lines)
> A free system distribution must not steer users towards obtaining any
> nonfree information for practical use, or encourage them to do so.
> The system should have no repositories for nonfree software and no
> specific recipes for installation of particular nonfree programs. Nor
> should the distribution refer to third-party repositories that are
> not committed to only including free software; even if they only have
> free software today, that may not be true tomorrow. Programs in the
> system should not suggest installing nonfree plugins, documentation,
> and so on.
However after instalation, the debootstrap package contains scripts for
installing many distributions, and most of them are either not FSDG
compliant or have nonfree software in them.
I assume that the Ubuntu repositories are "third-party repositories that
are not committed to only including free software", and they are used
in the debootstrap scripts to install Ubuntu.
After installation I got the following scripts in
~/.guix_profile/share/debootstrap/scripts/:
- aequorea
- amber
- artful
- ascii
- bartholomea
- beowulf
- bionic
- bookworm
- breezy
- bullseye
- buster
- ceres
- chromodoris
- cosmic
- dapper
- dasyatis
- debian-common
- disco
- edgy
- eoan
- etch
- etch-m68k
- feisty
- focal
- gutsy
- hardy
- hoary
- hoary.buildd
- intrepid
- jaunty
- jessie
- jessie-kfreebsd
- kali
- kali-dev
- kali-last-snapshot
- kali-rolling
- karmic
- lenny
- lucid
- maverick
- natty
- oldoldstable
- oldstable
- oneiric
- potato
- precise
- quantal
- raring
- sarge
- sarge.buildd
- sarge.fakechroot
- saucy
- sid
- squeeze
- stable
- stretch
- testing
- trusty
- unstable
- utopic
- vivid
- warty
- warty.buildd
- wheezy
- wily
- woody
- woody.buildd
- xenial
- yakkety
- zesty
The scripts are named after distribution codenames. So here you can see
some ubuntu code names like trusty, xenial, etc (ubuntu contains nonfree
software), or some debian code names like stretch.
Not all scripts are problematic, as amber is the codename of the
main PureOS repository[2].
To fix that, Parabola patches debootstrap to remove the problematic
scripts[3] and also adds support for many FSDG distributions along the
way. It also has a modified manual[4] with examples for Trisquel
instead of Debian.
Something similar could probably be done in debian.scm[5].
In addition the Guix blog post about "Running a Ganeti cluster on
Guix"[6] should probably be reviewed as it contains code to install
Debian buster.
As I understand, Debian may not contain nonfree software but it is not
FSDG compliant, so it could be a good idea to use an FSDG compliant
distributions instead to avoid any issues. In addition if the buster
script is removed, then the code on the blog post won't work anymore.
References:
-----------
Denis.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAl8/UWcACgkQX138wUF3
4mMY5Q//bPHoIi+0BWTG+d0HK2R5mH+uL3OEJyCQBqt/e3jhVd8FypKBNGNENe5F
zQsUbbWlVxj3vDFB7ndtwtgUd2IwSSihAhg9okD+Gm80wA9vWQt8dLFqPuVjroWG
+JZOmp4PM2b59+A2qMHsdQM4vxqgu+qdvhT0kQ7SlFr7RXsBL0R3zJ9Mhw67dGlN
mhX89LYBvpJcnD6KHlH0BQJpK6hwUa7USSh3NMvTsu9BP07aeSkYG16/719PtPEg
95iewUBAgYXYITLmadVsxYdmOOBCmK/ROGthMd1kwOIRiZFXwHnN7dg8hHEjozXp
+WHaylKOKuuuixsfQtMvitX+emdIth7RHIhOv5s7Ntz22dAszKQJwxuy9sgLDkpg
A5JB9Iq4fc7aKg82QAAOzPHixcbjp21ifRSgU8j+XiKmf4Q7OZgic/TvKMFZ/uGa
m+oWPE6VKeh7AJrerQCwXcN7JnL6v7wqTqmMHKYrsBNMdnQi3qZ+lzqfL5TcVH/e
E20khAz10qXD27Csn6CJDl9x/FmlcxOu481FKDyj1n/2C9ebowhUY3qeRr2qZRuM
t68oYboiWKBd9sQ0OGaW8PGY2VhymnWShfAmHLiVFHC/rOvUGYyd4pGXGpCPrbEb
iiwGNSKwm38gcp38iV/xVfRu+7fXSEBmUqWF8MY911gojLp3DHQ=
=lazX
-----END PGP SIGNATURE-----