From c864fc16b0a8aa43752338fa8e76af25b8e64fcf Mon Sep 17 00:00:00 2001 From: David Thompson Date: Mon, 18 Jan 2016 19:53:51 -0500 Subject: Add more stuff to the Guix talk. --- awesome-rating.png | Bin 0 -> 6359 bytes cons-cats.jpg | Bin 0 -> 47743 bytes containers.jpg | Bin 0 -> 317763 bytes contributor-graph.png | Bin 0 -> 16887 bytes docker-insecure.png | Bin 0 -> 40444 bytes guile-logo.png | Bin 0 -> 11808 bytes guix-blu-2016-01-20.org | 275 +++++++++++++++++++++++++++++++++++++++++------- guix-logo.png | Bin 0 -> 12873 bytes guixsd-logo.png | Bin 0 -> 13869 bytes livestreamer-graph.png | Bin 0 -> 95079 bytes nsa-vw.png | Bin 0 -> 501503 bytes service-graph.png | Bin 0 -> 166069 bytes stats.png | Bin 0 -> 86885 bytes 13 files changed, 237 insertions(+), 38 deletions(-) create mode 100644 awesome-rating.png create mode 100644 cons-cats.jpg create mode 100644 containers.jpg create mode 100644 contributor-graph.png create mode 100644 docker-insecure.png create mode 100644 guile-logo.png create mode 100644 guix-logo.png create mode 100644 guixsd-logo.png create mode 100644 livestreamer-graph.png create mode 100644 nsa-vw.png create mode 100644 service-graph.png create mode 100644 stats.png diff --git a/awesome-rating.png b/awesome-rating.png new file mode 100644 index 0000000..f05b352 Binary files /dev/null and b/awesome-rating.png differ diff --git a/cons-cats.jpg b/cons-cats.jpg new file mode 100644 index 0000000..fd77ab8 Binary files /dev/null and b/cons-cats.jpg differ diff --git a/containers.jpg b/containers.jpg new file mode 100644 index 0000000..fcf359a Binary files /dev/null and b/containers.jpg differ diff --git a/contributor-graph.png b/contributor-graph.png new file mode 100644 index 0000000..e248159 Binary files /dev/null and b/contributor-graph.png differ diff --git a/docker-insecure.png b/docker-insecure.png new file mode 100644 index 0000000..068d296 Binary files /dev/null and b/docker-insecure.png differ diff --git a/guile-logo.png b/guile-logo.png new file mode 100644 index 0000000..4edcc16 Binary files /dev/null and b/guile-logo.png differ diff --git a/guix-blu-2016-01-20.org b/guix-blu-2016-01-20.org index 8d790f5..f5f4424 100644 --- a/guix-blu-2016-01-20.org +++ b/guix-blu-2016-01-20.org @@ -115,7 +115,11 @@ * Docker? - I’m afraid not. + \center{I’m afraid not.} + + \begin{center} + \includegraphics[height=7cm]{containers.jpg} + \end{center} * Problems with Docker @@ -134,18 +138,39 @@ * Problems with Docker - - Reliance on DockerHub binaries proves to be insecure [fn:5] + Reliance on DockerHub binaries proves to be insecure [fn:5] + + \begin{center} + \includegraphics[width=\textwidth]{docker-insecure.png} + \end{center} * Well that was pessimistic - Computers are hard. Maybe we should just farm potatoes instead. + Computers are hard. Let’s just look at cat pictures, instead. + + \begin{center} + \includegraphics[width=8cm]{cons-cats.jpg} + \end{center} * Meet GNU Guix + \begin{center} + \includegraphics[width=5cm]{guix-logo.png} + \end{center} + Guix is the functional package management tool for the GNU system. It is based on the pioneering work of the Nix project. [fn:8] +* Meet GuixSD + + \begin{center} + \includegraphics[width=4cm]{guixsd-logo.png} + \end{center} + + GuixSD is the GNU/Linux distribution that uses Guix as its package + manager. + * What does “functional” mean? “Functional” in this context means treating package builds as @@ -158,9 +183,13 @@ Benefits: - Build reproducibility - - Atomic upgrades and roll backs + - No single point of trust + - Unprivileged package management + + - Atomic upgrades and roll backs + - Multiple variants of the same software may coexist * Functional package management @@ -176,6 +205,8 @@ *isolated container* in which *only the specified dependencies* are accessible. + Build results are *immutable*. + This maximizes *build reproducibility*. * Reproducible builds @@ -183,20 +214,73 @@ Reproducible builds produce *bit-identical binaries* when performed multiple times under the same conditions. - Allows for *independent verification* that a given binary - corresponds to its alleged source code. + Requires fixing issues in upstream build systems that are + nondeterministic. * Why? - WRITEME + “With reproducible builds, multiple parties can *redo this process + independently* and ensure they *all get /exactly/ the same result*. + We can thus *gain confidence* that a distributed binary code is + indeed coming from a given source code.” [fn:9] + +* Use cases + + \begin{center} + \includegraphics[width=\textwidth]{nsa-vw.png} + \end{center} + +* Decentralized + + In Guix, there is *no central point of trust* for receiving + pre-built binaries (substitutes). + +* Decentralized + + Guix provides http://hydra.gnu.org, but it is optional. + + Users may authorize zero or more substitute servers, or even publish + their own substitutes for others to use via =guix publish=. + +* Challenge authority + + When builds are reproducible, users may *challenge* their substitute + providers by building locally and comparing the results. + +* Unprivileged + + Users can build and install software *without root privileges*. + +* Unprivileged + + Each user may have one or more “profiles”, a union of many packages. + + Use cases: + + - Eva and Ben use different versions of Emacs + - Eva hacks on 2 Ruby projects that require different versions - Mention reproducible-builds.org +* Atomic -* Demo - guix package - guix challenge +* Atomic + + /Any/ package transaction may be *rolled back* + +* Coexistence + + Each package has its own *unique* directory in the store in which to + write build artifacts. + + You can have every version of Ruby, Python, and Perl under the sun + and that’s OK! + +* Demo! + + =guix package= + + =guix challenge= * Hacking @@ -211,8 +295,9 @@ * Philosophy - It’s better to extend an existing language for package recipes and - configuration files rather than making a new, domain-specific one. + It’s better to *extend an existing programming language* for package + recipes and configuration files rather than making a new, + domain-specific one. * Embedded vs. External DSLs @@ -232,6 +317,10 @@ * Guile Scheme + \begin{center} + \includegraphics[width=4cm]{guile-logo.png} + \end{center} + - GNU Guile is a Scheme implementation and the official extension language of the GNU project @@ -267,11 +356,46 @@ * Example package recipe - WRITEME - -* Demo - - build package at the REPL in Emacs + #+latex: \tiny{ + + #+BEGIN_SRC scheme + (define-public livestreamer + (package + (name "livestreamer") + (version "1.12.2") + (source (origin + (method url-fetch) + (uri (string-append + "https://github.com/chrippa/livestreamer/archive/v" + version ".tar.gz")) + (file-name (string-append "livestreamer-" version ".tar.gz")) + (sha256 + (base32 + "1fp3d3z2grb1ls97smjkraazpxnvajda2d1g1378s6gzmda2jvjd")))) + (build-system python-build-system) + (arguments + '(#:tests? #f)) ; tests rely on external web servers + (native-inputs + `(("python-setuptools" ,python-setuptools))) + (propagated-inputs + `(("python-requests" ,python-requests) + ("python-singledispatch" ,python-singledispatch))) + (synopsis "Internet video stream viewer") + (description "Livestreamer is a command-line utility that extracts streams + from various services and pipes them into a video playing application.") + (home-page "http://livestreamer.io/") + (license license:bsd-2))) + #+END_SRC + + #+latex: } + +* Dependency graph + + \includegraphics[width=\textwidth]{livestreamer-graph.png} + +* Demo! + + Emacs + Geiser * Other user interfaces @@ -283,13 +407,17 @@ guix refresh -* Demo +* Demo! - Import a package from PyPI + =guix import= * Development environments - guix environment + WRITEME + +* Demo! + + =guix environment= * Full-system configuration @@ -297,32 +425,98 @@ * Example system configuration - WRITEME + #+latex: \tiny{ + #+BEGIN_SRC scheme + (operating-system + (host-name "izanagi") + (timezone "America/New_York") + (locale "en_US.UTF-8") + (bootloader (grub-configuration (device "/dev/sda"))) + (file-systems (cons (file-system + (device "root") + (title 'label) + (mount-point "/") + (type "ext4")) + %base-file-systems)) + (users (list (user-account + (name "dave") + (comment "David Thompson") + (group "users") + (supplementary-groups '("wheel" "netdev" "audio" + "video" "cdrom")) + (home-directory "/home/dave")))) + (packages (cons* adwaita-icon-theme avahi dbus gnome-terminal + htop less man-db nss-certs openssh pulseaudio + wicd unzip rsync xfce + %base-packages)) + (services %desktop-services) + (name-service-switch %mdns-host-lookup-nss)) + #+END_SRC + #+latex: } + +* Service graph + + \includegraphics[width=\textwidth]{service-graph.png} + +* Demo! + + =guix system vm= -* Demo +* Project status - guix system vm + - Full-featured package manager + - 3,000 packages, 4 platforms + - Guix System Distribution in beta + - Binaries at http://hydra.gnu.org + - tooling: auto-update, “linting”, etc. * Project status - WRITEME + \includegraphics[width=\textwidth]{stats.png} + + \center\url{https://www.openhub.net/p/gnuguix} + +* Project status + + \begin{center} + \includegraphics[width=\textwidth]{contributor-graph.png} + \end{center} + +* The people have spoken + + \begin{center} + \includegraphics[width=4cm]{awesome-rating.png} + \end{center} + +* Project status + + \approx200–500 new packages per release. *More needed!* * Future - WRITEME + I intend to focus on: -* Join us! + - A cluster deployment tool: =guix deploy= + - Improved support for GuixSD containers + +* Future + + More generally: - We need interested hackers to help us: + - Stronger build farm + - More packages that are reproducible + - GNOME + - LVM + - Encrypted root - - Add new packages - - Upgrade existing packages +* Join us! + + - Use Guix on top of your existing distro + - Use the distribution + - Add new packages or upgrade existing ones - Write system services - - Improve the UI - - Add new tools - - Translate to new languages - - Maintain the web site - - Other stuff! + - Add new translations + - Tell us your ideas! * Join us! @@ -352,6 +546,11 @@ This presentation is licensed under the Creative Common Attribute Share-Alike 4.0 International license. + GNU Guix and GuixSD logo, GFDL, http://gnu.org/s/guix/graphics + + Copyright of other images included in this document is held by their + respective owners. + * Footnotes [fn:1] “How to be a good host: miniKanren as a case study” @@ -365,12 +564,12 @@ http://www.vitavonni.de/blog/201504/2015042601-big-data-toolchains-are-a-securit [fn:4] “The sad state of sysadmin in the age of containers” http://www.vitavonni.de/blog/201503/2015031201-the-sad-state-of-sysadmin-in-the-age-of-containers.html -[fn:5] “Over 30% of Official Images in Docker Hub Contain High -Priority Security Vulnerabilities” -http://www.banyanops.com/blog/analyzing-docker-hub/ +[fn:5] http://www.banyanops.com/blog/analyzing-docker-hub/ [fn:6] “Let’s Package jQuery: A Javascript Packaging Dystopian Novella” http://dustycloud.org/blog/javascript-packaging-dystopia/ [fn:7] “ownCloud and distribution packaging” http://lwn.net/Articles/670566/ [fn:8] http://nixos.org/nix/ + +[fn:9] https://reproducible-builds.org/ diff --git a/guix-logo.png b/guix-logo.png new file mode 100644 index 0000000..0b93dd4 Binary files /dev/null and b/guix-logo.png differ diff --git a/guixsd-logo.png b/guixsd-logo.png new file mode 100644 index 0000000..a390759 Binary files /dev/null and b/guixsd-logo.png differ diff --git a/livestreamer-graph.png b/livestreamer-graph.png new file mode 100644 index 0000000..7942d85 Binary files /dev/null and b/livestreamer-graph.png differ diff --git a/nsa-vw.png b/nsa-vw.png new file mode 100644 index 0000000..3ce7cab Binary files /dev/null and b/nsa-vw.png differ diff --git a/service-graph.png b/service-graph.png new file mode 100644 index 0000000..d6fe654 Binary files /dev/null and b/service-graph.png differ diff --git a/stats.png b/stats.png new file mode 100644 index 0000000..f3ece4d Binary files /dev/null and b/stats.png differ -- cgit v1.2.3