Le mardi 09 mai 2023 à 14:23 +0200, Simon Josefsson a écrit : > A GitLab CI/CD build check on Guix would be nice, does anyone publish > docker images for a Guix system?
The guix builder uses linux tools to provide an isolated build environment. It is possible to run the guix build daemon without this protection, so as to run it within a docker container, but build scripts may behave incorrectly if they run outside of the sandbox. They could see libraries that they should not be able to see and by that configure incorrectly, or install things where they should not. Guix packagers do not usually care if a build script writes files outside of its correct store directory, because of the isolation provided by the daemon. Such problems are thus hard to detect, and broken packages could be anywhere. This is mostly a hypothetical issue, but opam (for ocaml) warns about build scripts doing unpredictable things: https://opam.ocaml.org/doc/FAQ.html#Why-does-opam-require-bwrap Aside from that, guix is painfully slow in a container, and uses a lot of disk space. Vivien
