[PATCH 0/5] Record operating system provenance info

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • zimoun
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal
L
L
Ludovic Courtès wrote on 30 Nov 2019 23:30
(address . guix-patches@gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20191130223013.14257-1-ludo@gnu.org
Hello Guix!

This patch series allows ‘guix system’ to record provenance info
about a system in its output: the system itself (e.g.,
/run/current-system) now contains three more files: “channels.scm”,
“configuration.scm”, and “provenance” (a summary of the first two
files.)

That means you can always inspect a deployed system to find its own
“source”. In some cases, you can even run something like:

guix time-machine \
-C /var/guix/profiles/system-N-link/channels.scm -- \
system reconfigure \
/var/guix/profiles/system-N-link/configuration.scm

to rebuild generation N of your system. Pretty cool, no? :-)

Otherwise you can simply run:

guix system describe

to see where your OS comes from.

Provenance tracking is implemented as a service. The service is
automatically added by ‘guix system init’, ‘reconfigure’, and by
‘guix deploy’. For other commands, one can pass ‘--save-provenance’
to turn it on.

This was long overdue!

This has interesting implications on trustworthiness: you can
distribute a VM/Docker image with provenance info, and anyone
can reproduce it and ensure they obtain the same bits (well, ideally,
because I guess a few steps may still not be bit-reproducible).

Thoughts?

Thanks,
Ludo’.

Ludovic Courtès (5):
services: Add 'provenance-service-type'.
guix system: Use 'provenance-service-type', add "--save-provenance".
machine: Add provenance tracking to each machine operating system.
guix system: "list-generations" displays provenance info.
guix system: Add "describe" action.

doc/guix.texi | 109 +++++++++++++++++++++++++++++++++++++---
gnu/machine.scm | 7 ++-
gnu/services.scm | 87 ++++++++++++++++++++++++++++++++
gnu/system.scm | 10 ++++
guix/scripts/pull.scm | 1 +
guix/scripts/system.scm | 107 ++++++++++++++++++++++++++++++++-------
6 files changed, 293 insertions(+), 28 deletions(-)

--
2.24.0
L
L
Ludovic Courtès wrote on 30 Nov 2019 23:31
[PATCH 1/5] services: Add 'provenance-service-type'.
(address . 38441@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20191130223148.14336-1-ludo@gnu.org
* gnu/services.scm (object->pretty-string)
(channel->code, channel->sexp, provenance-file)
(provenance-entry): New procedures.
(provenance-service-type): New variable.
* gnu/system.scm (operating-system-with-provenance): New procedure.
* doc/guix.texi (Service Reference): Document 'provenance-service-type'.
---
doc/guix.texi | 44 ++++++++++++++++++++++++
gnu/services.scm | 87 ++++++++++++++++++++++++++++++++++++++++++++++++
gnu/system.scm | 10 ++++++
3 files changed, 141 insertions(+)

Toggle diff (204 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 661aa41785..fd40b6535f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -26970,6 +26970,50 @@ programs under @file{/run/current-system/profile}. Other services can
extend it by passing it lists of packages to add to the system profile.
@end defvr
+@cindex provenance tracking, of the operating system
+@defvr {Scheme Variable} provenance-service-type
+This is the type of the service that records @dfn{provenance meta-data}
+in the system itself. It creates several files under
+@file{/run/current-system}:
+
+@table @file
+@item channels.scm
+This is a ``channel file'' that can be passed to @command{guix pull -C}
+or @command{guix time-machine -C}, and which describes the channels used
+to build the system, if that information was available
+(@pxref{Channels}).
+
+@item configuration.scm
+This is the file that was passed as the value for this
+@code{provenance-service-type} service. By default, @command{guix
+system reconfigure} automatically passes the OS configuration file it
+received on the command line.
+
+@item provenance
+This contains the same information as the two other files but in a
+format that is more readily processable.
+@end table
+
+In general, these two pieces of information (channels and configuration
+file) are enough to reproduce the operating system ``from source''.
+
+@quotation Caveats
+This information is necessary to rebuild your operating system, but it
+is not always sufficient. In particular, @file{configuration.scm}
+itself is insufficient if it is not self-contained---if it refers to
+external Guile modules or to extra files. If you want
+@file{configuration.scm} to be self-contained, we recommend that modules
+or files it refers to be part of a channel.
+
+Besides, provenance meta-data is ``silent'' in the sense that it does
+not change the bits contained in your system, @emph{except for the
+meta-data bits themselves}. Two different OS configurations or sets of
+channels can lead to the same system, bit-for-bit; when
+@code{provenance-service-type} is used, these two systems will have
+different meta-data and thus different store file names, which makes
+comparison less trivial.
+@end quotation
+@end defvr
@node Shepherd Services
@subsection Shepherd Services
diff --git a/gnu/services.scm b/gnu/services.scm
index 394470ba7d..e7a3a95e43 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -25,6 +25,8 @@
#:use-module (guix profiles)
#:use-module (guix discovery)
#:use-module (guix combinators)
+ #:use-module (guix channels)
+ #:use-module (guix describe)
#:use-module (guix sets)
#:use-module (guix ui)
#:use-module ((guix utils) #:select (source-properties->location))
@@ -39,6 +41,7 @@
#:use-module (srfi srfi-35)
#:use-module (ice-9 vlist)
#:use-module (ice-9 match)
+ #:autoload (ice-9 pretty-print) (pretty-print)
#:export (service-extension
service-extension?
service-extension-target
@@ -82,6 +85,7 @@
ambiguous-target-service-error-target-type
system-service-type
+ provenance-service-type
boot-service-type
cleanup-service-type
activation-service-type
@@ -370,6 +374,89 @@ by the initrd once the root file system is mounted.")))
;; The service that produces the boot script.
(service boot-service-type #t))
+
+;;;
+;;; Provenance tracking.
+;;;
+
+(define (object->pretty-string obj)
+ "Like 'object->string', but using 'pretty-print'."
+ (call-with-output-string
+ (lambda (port)
+ (pretty-print obj port))))
+
+(define (channel->code channel)
+ "Return code to build CHANNEL, ready to be dropped in a 'channels.scm'
+file."
+ `(channel (name ',(channel-name channel))
+ (url ,(channel-url channel))
+ (branch ,(channel-branch channel))
+ (commit ,(channel-commit channel))))
+
+(define (channel->sexp channel)
+ "Return an sexp describing CHANNEL. The sexp is _not_ code and is meant to
+be parsed by tools; it's potentially more future-proof than code."
+ `(channel (name ,(channel-name channel))
+ (url ,(channel-url channel))
+ (branch ,(channel-branch channel))
+ (commit ,(channel-commit channel))))
+
+(define (provenance-file channels config-file)
+ "Return a 'provenance' file describing CHANNELS, a list of channels, and
+CONFIG-FILE, which can be either #f or a <local-file> containing the OS
+configuration being used."
+ (scheme-file "provenance"
+ #~(provenance
+ (version 0)
+ (channels #+@(if channels
+ (map channel->sexp channels)
+ '()))
+ (configuration-file #+config-file))))
+
+(define (provenance-entry config-file)
+ "Return system entries describing the operating system provenance: the
+channels in use and CONFIG-FILE, if it is true."
+ (define profile
+ (current-profile))
+
+ (define channels
+ (and=> profile profile-channels))
+
+ (mbegin %store-monad
+ (let ((config-file (cond ((string? config-file)
+ (local-file config-file "configuration.scm"))
+ ((not config-file)
+ #f)
+ (else
+ config-file))))
+ (return `(("provenance" ,(provenance-file channels config-file))
+ ,@(if channels
+ `(("channels.scm"
+ ,(plain-file "channels.scm"
+ (object->pretty-string
+ `(list
+ ,@(map channel->code channels))))))
+ '())
+ ,@(if config-file
+ `(("configuration.scm" ,config-file))
+ '()))))))
+
+(define provenance-service-type
+ (service-type (name 'provenance)
+ (extensions
+ (list (service-extension system-service-type
+ provenance-entry)))
+ (default-value #f) ;the OS config file
+ (description
+ "Store provenance information about the system in the system
+itself: the channels used when building the system, and its configuration
+file, when available.")))
+
+
+;;;
+;;; Cleanup.
+;;;
+
(define (cleanup-gexp _)
"Return a gexp to clean up /tmp and similar places upon boot."
(with-imported-modules '((guix build utils))
diff --git a/gnu/system.scm b/gnu/system.scm
index a353b1a5c8..525b1a171d 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -110,6 +110,7 @@
system-linux-image-file-name
operating-system-with-gc-roots
+ operating-system-with-provenance
boot-parameters
boot-parameters?
@@ -539,6 +540,15 @@ bookkeeping."
gc-root-service-type roots)
(operating-system-user-services os)))))
+(define* (operating-system-with-provenance os #:optional config-file)
+ "Return a variant of OS that stores its own provenance information,
+including CONFIG-FILE, if available. This is achieved by adding an instance
+of PROVENANCE-SERVICE-TYPE to its services."
+ (operating-system
+ (inherit os)
+ (services (cons (service provenance-service-type config-file)
+ (operating-system-user-services os)))))
+
;;;
;;; /etc.
--
2.24.0
L
L
Ludovic Courtès wrote on 30 Nov 2019 23:31
[PATCH 2/5] guix system: Use 'provenance-service-type', add "--save-provenance".
(address . 38441@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20191130223148.14336-2-ludo@gnu.org
* guix/scripts/system.scm (show-help, %options): Add "--save-provenance".
(process-action): Define 'save-provenance?' and 'transform'; call
'transform' on the OS.
* doc/guix.texi (Invoking guix system): Document it under 'reconfigure'.
(Service Reference): Mention that 'provenance-service-type' is
automatically added by 'reconfigure' & 'init'.
---
doc/guix.texi | 61 +++++++++++++++++++++++++++++++++++------
guix/scripts/system.scm | 47 ++++++++++++++++++++-----------
2 files changed, 84 insertions(+), 24 deletions(-)

Toggle diff (187 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index fd40b6535f..3dc2fd1318 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -25839,6 +25839,15 @@ switch to it@footnote{This action (and the related actions
@code{switch-generation} and @code{roll-back}) are usable only on
systems already running Guix System.}.
+@quotation Note
+@c The paragraph below refers to the problem discussed at
+@c <https://lists.gnu.org/archive/html/guix-devel/2014-08/msg00057.html>.
+It is highly recommended to run @command{guix pull} once before you run
+@command{guix system reconfigure} for the first time (@pxref{Invoking
+guix pull}). Failing to do that you would see an older version of Guix
+once @command{reconfigure} has completed.
+@end quotation
+
This effects all the configuration specified in @var{file}: user
accounts, system services, global package list, setuid programs, etc.
The command starts system services specified in @var{file} that are not
@@ -25857,14 +25866,27 @@ It also adds a bootloader menu entry for the new OS configuration,
entries for older configurations to a submenu, allowing you to choose
an older system generation at boot time should you need it.
-@quotation Note
-@c The paragraph below refers to the problem discussed at
-@c <https://lists.gnu.org/archive/html/guix-devel/2014-08/msg00057.html>.
-It is highly recommended to run @command{guix pull} once before you run
-@command{guix system reconfigure} for the first time (@pxref{Invoking
-guix pull}). Failing to do that you would see an older version of Guix
-once @command{reconfigure} has completed.
-@end quotation
+@cindex provenance tracking, of the operating system
+Upon completion, the new system is deployed under
+@file{/run/current-system}. This directory contains @dfn{provenance
+meta-data}: the list of channels in use (@pxref{Channels}) and
+@var{file} itself, when available. This information is useful should
+you later want to inspect how this particular generation was built.
+
+In fact, assuming @var{file} is self-contained, you can later rebuild
+generation @var{n} of your operating system with:
+
+@example
+guix time-machine \
+ -C /var/guix/profiles/system-@var{n}-link/channels.scm -- \
+ system reconfigure \
+ /var/guix/profiles/system-@var{n}-link/configuration.scm
+@end example
+
+You can think of it as some sort of built-in version control! Your
+system is not just a binary artifact: @emph{it carries its own source}.
+@xref{Service Reference, @code{provenance-service-type}}, for more
+information on provenance tracking.
@item switch-generation
@cindex generations
@@ -26126,6 +26148,25 @@ This works as per @command{guix build} (@pxref{Invoking guix build}).
Return the derivation file name of the given operating system without
building anything.
+@cindex provenance tracking, of the operating system
+@item --save-provenance
+As discussed above, @command{guix system init} and @command{guix system
+reconfigure} always save provenance information @i{via} a dedicated
+service (@pxref{Service Reference, @code{provenance-service-type}}).
+However, other commands don't do that by default. If you wish to, say,
+create a virtual machine image that contains provenance information, you
+can run:
+
+@example
+guix system vm-image --save-provenance config.scm
+@end example
+
+That way, the resulting image will effectively ``embed its own source''
+in the form of meta-data in @file{/run/current-system}. With that
+information, one can rebuild the image to make sure it really contains
+what it pretends to contain; or they could use that to derive a variant
+of the image.
+
@item --file-system-type=@var{type}
@itemx -t @var{type}
For the @code{disk-image} action, create a file system of the given
@@ -27013,6 +27054,10 @@ channels can lead to the same system, bit-for-bit; when
different meta-data and thus different store file names, which makes
comparison less trivial.
@end quotation
+
+This service is automatically added to your operating system
+configuration when you use @command{guix system reconfigure} or
+@command{guix system init}.
@end defvr
@node Shepherd Services
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index e49c9d36b9..b22945658e 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -722,7 +722,9 @@ and TARGET arguments."
(return (primitive-eval (lowered-gexp-sexp lowered))))))
(define* (perform-action action os
- #:key skip-safety-checks?
+ #:key
+ save-provenance?
+ skip-safety-checks?
install-bootloader?
dry-run? derivations-only?
use-substitutes? bootloader-target target
@@ -917,16 +919,18 @@ Some ACTIONS support additional ARGS.\n"))
--image-size=SIZE for 'vm-image', produce an image of SIZE"))
(display (G_ "
--no-bootloader for 'init', do not install a bootloader"))
+ (display (G_ "
+ --save-provenance save provenance information"))
(display (G_ "
--share=SPEC for 'vm', share host file system according to SPEC"))
+ (display (G_ "
+ --expose=SPEC for 'vm', expose host file system according to SPEC"))
(display (G_ "
-N, --network for 'container', allow containers to access the network"))
(display (G_ "
-r, --root=FILE for 'vm', 'vm-image', 'disk-image', 'container',
and 'build', make FILE a symlink to the result, and
register it as a garbage collector root"))
- (display (G_ "
- --expose=SPEC for 'vm', expose host file system according to SPEC"))
(display (G_ "
--full-boot for 'vm', make a full boot sequence"))
(display (G_ "
@@ -977,6 +981,9 @@ Some ACTIONS support additional ARGS.\n"))
(option '("full-boot") #f #f
(lambda (opt name arg result)
(alist-cons 'full-boot? #t result)))
+ (option '("save-provenance") #f #f
+ (lambda (opt name arg result)
+ (alist-cons 'save-provenance? #t result)))
(option '("skip-checks") #f #f
(lambda (opt name arg result)
(alist-cons 'skip-safety-checks? #t result)))
@@ -1040,24 +1047,32 @@ resulting from command-line parsing."
file-or-exp))
obj)
+ (define save-provenance?
+ (or (assoc-ref opts 'save-provenance?)
+ (memq action '(init reconfigure))))
+
(let* ((file (match args
(() #f)
((x . _) x)))
(expr (assoc-ref opts 'expression))
(system (assoc-ref opts 'system))
- (os (ensure-operating-system
- (or file expr)
- (cond
- ((and expr file)
- (leave
- (G_ "both file and expression cannot be specified~%")))
- (expr
- (read/eval expr))
- (file
- (load* file %user-module
- #:on-error (assoc-ref opts 'on-error)))
- (else
- (leave (G_ "no configuration specified~%"))))))
+ (transform (if save-provenance?
+ (cut operating-system-with-provenance <> file)
+ identity))
+ (os (transform
+ (ensure-operating-system
+ (or file expr)
+ (cond
+ ((and expr file)
+ (leave
+ (G_ "both file and expression cannot be specified~%")))
+ (expr
+ (read/eval expr))
+ (file
+ (load* file %user-module
+ #:on-error (assoc-ref opts 'on-error)))
+ (else
+ (leave (G_ "no configuration specified~%")))))))
(dry? (assoc-ref opts 'dry-run?))
(bootloader? (assoc-ref opts 'install-bootloader?))
--
2.24.0
L
L
Ludovic Courtès wrote on 30 Nov 2019 23:31
[PATCH 3/5] machine: Add provenance tracking to each machine operating system.
(address . 38441@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20191130223148.14336-3-ludo@gnu.org
* gnu/machine.scm (<machine>): Rename accessor to
'%machine-operating-system'.
(machine-operating-system): New procedure.
* doc/guix.texi (Service Reference): Mention it.
---
doc/guix.texi | 4 ++--
gnu/machine.scm | 7 ++++++-
2 files changed, 8 insertions(+), 3 deletions(-)

Toggle diff (39 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 3dc2fd1318..198792c54a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -27056,8 +27056,8 @@ comparison less trivial.
@end quotation
This service is automatically added to your operating system
-configuration when you use @command{guix system reconfigure} or
-@command{guix system init}.
+configuration when you use @command{guix system reconfigure},
+@command{guix system init}, or @command{guix deploy}.
@end defvr
@node Shepherd Services
diff --git a/gnu/machine.scm b/gnu/machine.scm
index 05b03b21d4..b342fe2144 100644
--- a/gnu/machine.scm
+++ b/gnu/machine.scm
@@ -93,11 +93,16 @@
make-machine
machine?
this-machine
- (operating-system machine-operating-system) ; <operating-system>
+ (operating-system %machine-operating-system); <operating-system>
(environment machine-environment) ; symbol
(configuration machine-configuration ; configuration object
(default #f))) ; specific to environment
+(define (machine-operating-system machine)
+ "Return the operating system of MACHINE."
+ (operating-system-with-provenance
+ (%machine-operating-system machine)))
+
(define (machine-display-name machine)
"Return the host-name identifying MACHINE."
(operating-system-host-name (machine-operating-system machine)))
--
2.24.0
L
L
Ludovic Courtès wrote on 30 Nov 2019 23:31
[PATCH 4/5] guix system: "list-generations" displays provenance info.
(address . 38441@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20191130223148.14336-4-ludo@gnu.org
* guix/scripts/pull.scm (channel-commit-hyperlink): Export.
* guix/scripts/system.scm (display-system-generation)
[display-channel]: New procedure.
Read the "provenance" file of GENERATION and display channel info and
the configuration file name when available.
---
guix/scripts/pull.scm | 1 +
guix/scripts/system.scm | 49 +++++++++++++++++++++++++++++++++++++++--
2 files changed, 48 insertions(+), 2 deletions(-)

Toggle diff (101 lines)
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index 19410ad141..04cc51829d 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -60,6 +60,7 @@
#:use-module (ice-9 format)
#:export (display-profile-content
channel-list
+ channel-commit-hyperlink
with-git-error-handling
guix-pull))
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index b22945658e..0ddb40a03c 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -36,9 +36,11 @@
#:use-module (guix records)
#:use-module (guix profiles)
#:use-module (guix scripts)
+ #:use-module (guix channels)
#:use-module (guix scripts build)
#:autoload (guix scripts package) (delete-generations
delete-matching-generations)
+ #:autoload (guix scripts pull) (channel-commit-hyperlink)
#:use-module (guix graph)
#:use-module (guix scripts graph)
#:use-module (guix scripts system reconfigure)
@@ -456,9 +458,30 @@ list of services."
;;; Generations.
;;;
+(define (sexp->channel sexp)
+ "Return the channel corresponding to SEXP, an sexp as found in the
+\"provenance\" file produced by 'provenance-service-type'."
+ (match sexp
+ (('channel ('name name)
+ ('url url)
+ ('branch branch)
+ ('commit commit))
+ (channel (name name) (url url)
+ (branch branch) (commit commit)))))
+
(define* (display-system-generation number
#:optional (profile %system-profile))
"Display a summary of system generation NUMBER in a human-readable format."
+ (define (display-channel channel)
+ (format #t " ~a:~%" (channel-name channel))
+ (format #t (G_ " repository URL: ~a~%") (channel-url channel))
+ (when (channel-branch channel)
+ (format #t (G_ " branch: ~a~%") (channel-branch channel)))
+ (format #t (G_ " commit: ~a~%")
+ (if (supports-hyperlinks?)
+ (channel-commit-hyperlink channel)
+ (channel-commit channel))))
+
(unless (zero? number)
(let* ((generation (generation-file-name profile number))
(params (read-boot-parameters-file generation))
@@ -468,7 +491,13 @@ list of services."
(root-device (if (bytevector? root)
(uuid->string root)
root))
- (kernel (boot-parameters-kernel params)))
+ (kernel (boot-parameters-kernel params))
+ (provenance (catch 'system-error
+ (lambda ()
+ (call-with-input-file
+ (string-append generation "/provenance")
+ read))
+ (const #f))))
(display-generation profile number)
(format #t (G_ " file name: ~a~%") generation)
(format #t (G_ " canonical file name: ~a~%") (readlink* generation))
@@ -495,7 +524,23 @@ list of services."
(else
root-device)))
- (format #t (G_ " kernel: ~a~%") kernel))))
+ (format #t (G_ " kernel: ~a~%") kernel)
+
+ (match provenance
+ (#f #t)
+ (('provenance ('version 0)
+ ('channels channels ...)
+ ('configuration-file config-file))
+ (unless (null? channels)
+ ;; TRANSLATORS: Here "channel" is the same terminology as used in
+ ;; "guix describe" and "guix pull --channels".
+ (format #t (G_ " channels:~%"))
+ (for-each display-channel (map sexp->channel channels)))
+ (when config-file
+ (format #t (G_ " configuration file: ~a~%")
+ (if (supports-hyperlinks?)
+ (file-hyperlink config-file)
+ config-file))))))))
(define* (list-generations pattern #:optional (profile %system-profile))
"Display in a human-readable format all the system generations matching
--
2.24.0
L
L
Ludovic Courtès wrote on 30 Nov 2019 23:31
[PATCH 5/5] guix system: Add "describe" action.
(address . 38441@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
20191130223148.14336-5-ludo@gnu.org
* guix/scripts/system.scm (show-help): Add "describe".
(process-command): Handle it.
(guix-system): Likewise.
* doc/guix.texi (Invoking guix system): Document it.
---
doc/guix.texi | 4 ++++
guix/scripts/system.scm | 11 ++++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)

Toggle diff (53 lines)
diff --git a/doc/guix.texi b/doc/guix.texi
index 198792c54a..cb4b0b45e7 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -26240,6 +26240,10 @@ bootloader boot menu:
@table @code
+@item describe
+Describe the current system generation: its file name, the kernel and
+bootloader used, etc., as well as provenance information when available.
+
@item list-generations
List a summary of each generation of the operating system available on
disk, in a human-readable way. This is similar to the
diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm
index 0ddb40a03c..ccff68f1ab 100644
--- a/guix/scripts/system.scm
+++ b/guix/scripts/system.scm
@@ -921,6 +921,8 @@ Some ACTIONS support additional ARGS.\n"))
reconfigure switch to a new operating system configuration\n"))
(display (G_ "\
roll-back switch to the previous operating system configuration\n"))
+ (display (G_ "\
+ describe describe the current system\n"))
(display (G_ "\
list-generations list the system generations\n"))
(display (G_ "\
@@ -1187,6 +1189,12 @@ argument list and OPTS is the option alist."
((pattern) pattern)
(x (leave (G_ "wrong number of arguments~%"))))))
(list-generations pattern)))
+ ((describe)
+ (match (generation-number %system-profile)
+ (0
+ (error (G_ "no system generation, nothing to describe~%")))
+ (generation
+ (display-system-generation generation))))
((search)
(apply (resolve-subcommand "search") args))
;; The following commands need to use the store, but they do not need an
@@ -1226,7 +1234,8 @@ argument list and OPTS is the option alist."
(case action
((build container vm vm-image disk-image reconfigure init
extension-graph shepherd-graph
- list-generations delete-generations roll-back
+ list-generations describe
+ delete-generations roll-back
switch-generation search docker-image)
(alist-cons 'action action result))
(else (leave (G_ "~a: unknown action~%") action))))))
--
2.24.0
Z
Z
zimoun wrote on 2 Dec 2019 13:12
Re: [bug#38441] [PATCH 0/5] Record operating system provenance info
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 38441@debbugs.gnu.org)
CAJ3okZ10-BS3HJ+2_C2T+fN8ybCNuaKNgvfzROi0Sdpm7=_w-Q@mail.gmail.com
Hi Ludo,

On Sat, 30 Nov 2019 at 23:31, Ludovic Courtès <ludo@gnu.org> wrote:

[...]

Toggle quote (2 lines)
> Thoughts?

Really cool!

This is a killer feature IMHO compared to the Dockerfile approach. Let
spread the world. ;-)


Cheers,
simon
L
L
Ludovic Courtès wrote on 7 Dec 2019 01:03
(address . 38441-done@debbugs.gnu.org)
877e3980il.fsf@gnu.org
Hello!

Ludovic Courtès <ludo@gnu.org> skribis:

Toggle quote (6 lines)
> services: Add 'provenance-service-type'.
> guix system: Use 'provenance-service-type', add "--save-provenance".
> machine: Add provenance tracking to each machine operating system.
> guix system: "list-generations" displays provenance info.
> guix system: Add "describe" action.

Pushed!

zimoun <zimon.toutoune@gmail.com> skribis:

Toggle quote (5 lines)
> Really cool!
>
> This is a killer feature IMHO compared to the Dockerfile approach. Let
> spread the world. ;-)

Glad you like it, thanks for your feedback! :-)

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 38441@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 38441
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch