Re: Rust <3 Guix
On Mon, Dec 25, 2023 at 07:25:26AM +, jgart wrote: > > Do you need both nss-certs and curl? > > Hi Efraim, yes, I need both, oddly enough. If I remove one of them the build > fails with the error message in the README that I provided. > > > I saw in a later commit you said it's working. > > I'm able to build main.rs with the guix installed tools but I'm not able to > use guix-installed crate dependencies. > > I ended up installing the crates with cargo by fetching them from crates.io > with the following invocations: > > cargo fetch > cargo update > cargo build > > Not sure at the moment how to get cargo to defer to guix for managing the > crates when doing development... WDYT It's not pretty currently using guix's crates. The first part, getting the necessary crates, involves manually adding them (with their dependencies!) to your environment. The second part involves adjusting your config.toml to include the following: [source.crates-io] local-registry = '/gnu/store/3nfgfhxlciblr360jyrgxl275sf78a6f-profile/share/cargo/registry' HOWEVER, instead of /gnu/store/...-profile you need to adjust the path to the value of your GUIX_ENVIRONMENT, and there's no way that I've figured out to use $GUIX_ENVIRONMENT in a toml file. Actually, it looks like I have the cargo registry patches sitting unapplied on my machine, so I'm not even sure if it'll work the way I wrote above. I'll see about getting them into a state I'm happy with for the rust-team branch. -- Efraim Flashner רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted From 84d2f06e9facec9a1646afd53adcbf2b95da4da0 Mon Sep 17 00:00:00 2001 Message-ID: <84d2f06e9facec9a1646afd53adcbf2b95da4da0.1702565894.git.efr...@flashner.co.il> In-Reply-To: References: From: Efraim Flashner Date: Thu, 14 Dec 2023 16:49:58 +0200 Subject: [PATCH 1/2] build: cargo-build-system: Produce registry index files. * guix/build/cargo-build-system.scm (rewrite-deps): New procedure. (package): Obtain output from 'cargo manifest' of the current package when the package will be installed. (install): Don't install cargo crates and source. (install-source): New phase. Install cargo crates. Generate cargo registry index files and install them in a known location. (%standard-phases): Add 'install-source phase after 'install. Change-Id: I6ce6c5b33fe3eb7667f86964daef798320724a25 --- guix/build/cargo-build-system.scm | 102 +- 1 file changed, 87 insertions(+), 15 deletions(-) diff --git a/guix/build/cargo-build-system.scm b/guix/build/cargo-build-system.scm index ffb2ec898e..f1e35a5c65 100644 --- a/guix/build/cargo-build-system.scm +++ b/guix/build/cargo-build-system.scm @@ -73,6 +73,21 @@ (define (crate-src? path) " | cut -d/ -f2" " | grep -q '^Cargo.toml$'") +(define (rewrite-deps cargo-deps) + (map (lambda (dependency) + `(@ ("name" . ,(assoc-ref dependency "name")) + ("req" . ,(assoc-ref dependency "req")) + ("features" . ,(assoc-ref dependency "features")) + ("optional" . ,(assoc-ref dependency "optional")) + ("default_features" . ,(assoc-ref dependency + "uses_default_features")) + ("target" . ,(assoc-ref dependency "target")) + ("kind" . ,(match (assoc-ref dependency "kind") + (null? "normal") + (kind kind))) + ("registry" . ,(assoc-ref dependency "registry" + cargo-deps)) + (define* (unpack-rust-crates #:key inputs vendor-dir #:allow-other-keys) (define (inputs->rust-inputs inputs) "Filter using the label part from INPUTS." @@ -271,7 +286,8 @@ (define* (package #:key install-source? (cargo-package-flags '("--no-metadata" "--no-verify")) #:allow-other-keys) - "Run 'cargo-package' for a given Cargo package." + "Run 'cargo-package' for a given Cargo package. Also generate metadata so we can +create a package index for the crates." (if install-source? (if skip-build? (begin @@ -322,19 +338,24 @@ (define* (package #:key (delete-file-recursively dir))) (find-files "." "\\.crate$") (format #t "Not installing cargo sources, skipping `cargo package`.~%")) - #t) + + (when install-source? +;; First generate the metadata so we can create the index file. +;; https://doc.rust-lang.org/cargo/commands/cargo-metadata.html#json-format +(with-output-to-file "cargo-metadata.json" + (lambda _ +(invoke "cargo" "metadata" +"--manifest-path" "Cargo.toml" +"--format-version" "1" +"--no-deps") (define* (install #:key - inputs
Re: Mixing GPL and non-copyleft code in source files
Hi, Am Mittwoch, dem 27.12.2023 um 10:22 +0100 schrieb Wojtek Kosior: > Hi > > > > Now, should such marginalization be repeated even within the > > > freesw circles? If it is harmful to block ppl from participating > > > in the society using libre software (as universities, tax > > > offices, etc. are doing) — and one disapproves it — then one will > > > make efforts to avoid similar harmful exclusions in one's own > > > micro-society, right? > > > > > > Sadly, in the end those more idealistic risk more marginalization > > > and therefore greater depression — all while probably caring the > > > most… > > Define harmful exclusion. Publishing some source code under the > > GPL v3 (or later) does not preclude you as the sole author from > > also publishing it under the CC-0. > > I'll try to explain the problem. Software licenses, if enforced, are > enforced through legal means. You sue the proprietors to have them > respect the GPL or (significantly more often) the mere possibility of > being easly defeated in court scares proprietors away from violating > the GPL. In the latter case it's not a lawsuit but a (more or less > explicit) threat of a lawsuit. > > These legal means can be considered brutal. Even if I did something > bad to someone (which I'm trying not to), I wouldn't like them to > make efforts to have me imprisoned or fined. Similarly, I wish not > to have others imprisoned/fined but rather pursue justice via as > peaceful means as possible. > > Now, one could argue that I could just use a copyleft license and > then not sue — that's what RMS said when we met in 2021. But that's > where the notion of threat comes to the foreground. Just as I > consider license lawsuits not to be in line with my conscience, I > consider lawsuit threats (even conceales ones) not to be in line > either. And non-public-domain licenses fall in this category, at > least as long as licensing is understood in terms of legal systems. I think you are (willingly or otherwise) drawing an incomplete picture here. When the FSF sues, rather than seek for damages, they seek publication of software, which is exactly what the GPL already tells you to do. > Whenever I publish some code under CC0, others could of course remove > the CC0 license notices, put different license in place and legally > redistribute that code — thus making it seem as if I were using a > non-public-domain license in the first place. I'm not doing anything > about it because there's little I could do. But if I were to somehow > authorize or aid in something like this, I object. Which is what > we're discussing in this thread. This appears to be a case of wanting your cake and eating it as well. By declaring some piece of software public domain you already aid in its proprietary redistribution. You simply retain a clear conscience through a lack of awareness. > RMS called my approach "pacifism" and he is probably right. Even > most Catholics like myself would disagree with me — many make use > copyright, after all. But my own conscience is telling me not to do > certain things that seem harmful and I'm trying to obey it. The nice thing about holy scripture is that you can justify just about anything with it, especially if you are liberal in your interpretation. It gets even easier with classical reasoning: Just pick two contradicting sentences (or even a self-contradicting one), and it logically entails every sentence, even those that large language models come up with. Now pardon my agnosticism, but even you yourself remark that people sharing your faith have different opinions on copyright. I thus highly doubt that it ought to have a big influence over yours :) > I hope my issue is clarified, I am sorry it hasn't been so from the > beginning. It felt that including an explanation like the above one > with the previous email would add up to an essay inappropriately long > for this mailing list, I hope you agree. I do agree on the inappropriate size, but at the same time I disagree on the clarification bit, in that your issue hasn't yet been distilled to its purest form. There instead appear to be some misconceptions clouding your mind making it so that we (and perhaps even you yourself) have to come up with a consistent belief about copyright in the first place. > I'll add that in the past I tried using the GPL while making it not > look like a threat by adding a "promise not to sue" below the > notice. I have since switched to CC0 because it's less ambigious > (promises could have legally unexpected/untested outcomes) and easier > to use. I could once again use such promise approach for some code > if it is more welcome — it'd still require a "statement" to be > accepted by the maintainers, tho. Do you think it is more "possible" > this way? I think the threat of legal dispute can much more easily be avoided by considering what users might reasonably be wanting to do with your software and aiding them in doing so.
Re: Mixing GPL and non-copyleft code in source files
Hi there > It's worth noting that CC0 is not a license but a public domain > dedication. One cannot dual-license it with GPL because copyright > no longer applies to the work: https://creativecommons.org/faq Actually, in some countries' laws there is no notion of public domain and it is not possible to waive one's copyright there. CC0 would fall back to being a license there. Also, due to this ambigious status of public domain, there were cases of business users asking authors of public domain software to also add a different license. But this is a rather rare, overcautious approach and definitely not needed with a carefully-designed waiver like the CC0. I think my response to Liliana 2 minutes ago is also a sufficiently good response to the remaining remarks I could otherwise address here. If not, please tell Best Wojtek -- (sig_start) website: https://koszko.org/koszko.html fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A follow me on Fediverse: https://friendica.me/profile/koszko/profile ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ== ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8= -- (sig_end) On Sun, 24 Dec 2023 13:15:05 +0900 Nguyễn Gia Phong wrote: > On 2023-12-24 at 03:41+01:00, Liliana Marie Prikler wrote: > > Publishing some source code under the GPL v3 (or later) > > does not preclude [someone] as the sole author > > from also publishing it under the CC-0. It does > > defeat the purpose of the GPL if you, however, > > because whoever wants to make a proprietary spin-off > > will simply take the CC-0, since whereas the GPL > > gives you access to all the changes when they redistribute it, > > the CC-0 gives you bupkis. > > It's worth noting that CC0 is not a license but a public domain > dedication. One cannot dual-license it with GPL because copyright > no longer applies to the work: https://creativecommons.org/faq > > A CC0 patch to a GPL software does not change the licensing status > of the software, and any modification on top of the public domain > works can continue to be under the GPL. This goes for other parts of > Guix that alone are not copyrightable like the list of facebook hosts. > > Furthermore, even if the author decides to dual license it, it makes > no difference to predatory corporations whether if the information > about the permissively licensed snippets are documented mainline: > that piece of code is still licensed that way. However, once again > note that the dual-licensed modules will become copyleft after > any modification under the GPL. > > The intention of the GPL and software freedom is to protect the freedom > of end-users: it concerns their rights over the overall program. > As long as the program is still copyleft, it would not be possible > to distribute any non-free derivative. > > Now you could argue that if a large part of the codebase > is permissively licensed, the rest could be easily rewrite to produce > a proprietary work. While that is true, the viral property > of copyleft would render this practically impossible, as the chance > of the same parts of guix is contributed solely by people preferring > permissive licenses is really low considering the total number > of contributors. > > I understand the fear of a copyleft work being tainted, > it is just irrational in this very case. On the other hand, > encouraging patches under any GPL-compatible license would put > unnecessary burdens on the maintainers to document which snippet > to be under what license. This is even beyond the scope of REUSE > which would optimistically already take days to implement for guix. > > For this reason, I think it is a reasonable ask for contributions > to be under the same license and authors can self-publish the patch > under a different license if they wish to. As mentioned, those hunks > will not stay permissive forever in guix anyway, nor that guix > owes contributors the favor to allocate resources on something > that does not dirrectly support its mission. pgp5lTHWbx9SY.pgp Description: OpenPGP digital signature
Re: Mixing GPL and non-copyleft code in source files
Hi > > Now, should such marginalization be repeated even within the freesw > > circles? If it is harmful to block ppl from participating in the > > society using libre software (as universities, tax offices, etc. are > > doing) — and one disapproves it — then one will make efforts to avoid > > similar harmful exclusions in one's own micro-society, right? > > > > Sadly, in the end those more idealistic risk more marginalization and > > therefore greater depression — all while probably caring the most… > Define harmful exclusion. Publishing some source code under the GPL v3 > (or later) does not preclude you as the sole author from also > publishing it under the CC-0. I'll try to explain the problem. Software licenses, if enforced, are enforced through legal means. You sue the proprietors to have them respect the GPL or (significantly more often) the mere possibility of being easly defeated in court scares proprietors away from violating the GPL. In the latter case it's not a lawsuit but a (more or less explicit) threat of a lawsuit. These legal means can be considered brutal. Even if I did something bad to someone (which I'm trying not to), I wouldn't like them to make efforts to have me imprisoned or fined. Similarly, I wish not to have others imprisoned/fined but rather pursue justice via as peaceful means as possible. Now, one could argue that I could just use a copyleft license and then not sue — that's what RMS said when we met in 2021. But that's where the notion of threat comes to the foreground. Just as I consider license lawsuits not to be in line with my conscience, I consider lawsuit threats (even conceales ones) not to be in line either. And non-public-domain licenses fall in this category, at least as long as licensing is understood in terms of legal systems. Whenever I publish some code under CC0, others could of course remove the CC0 license notices, put different license in place and legally redistribute that code — thus making it seem as if I were using a non-public-domain license in the first place. I'm not doing anything about it because there's little I could do. But if I were to somehow authorize or aid in something like this, I object. Which is what we're discussing in this thread. RMS called my approach "pacifism" and he is probably right. Even most Catholics like myself would disagree with me — many make use copyright, after all. But my own conscience is telling me not to do certain things that seem harmful and I'm trying to obey it. I hope my issue is clarified, I am sorry it hasn't been so from the beginning. It felt that including an explanation like the above one with the previous email would add up to an essay inappropriately long for this mailing list, I hope you agree. I'll add that in the past I tried using the GPL while making it not look like a threat by adding a "promise not to sue" below the notice. I have since switched to CC0 because it's less ambigious (promises could have legally unexpected/untested outcomes) and easier to use. I could once again use such promise approach for some code if it is more welcome — it'd still require a "statement" to be accepted by the maintainers, tho. Do you think it is more "possible" this way? > It does defeat the purpose of the GPL if you, however, because > whoever wants to make a proprietary spin-off will simply take the > CC-0, since whereas the GPL gives you access to all the changes when > they redistribute it, the CC-0 gives you bupkis. I agree that copyleft can be a powerful weapon against proprietors. My issue is definitely about something else than it being ineffective Best Wojtek -- (sig_start) website: https://koszko.org/koszko.html fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A follow me on Fediverse: https://friendica.me/profile/koszko/profile ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ== ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8= -- (sig_end) On Sun, 24 Dec 2023 03:41:32 +0100 Liliana Marie Prikler wrote: > Am Samstag, dem 23.12.2023 um 19:19 +0100 schrieb Wojtek Kosior via > Development of GNU Guix and the GNU System distribution.: > > > I would offer a chronological list of my downloadable contributions > > > to Guix and place the following wording on top of the page: > > > > > > "I disagree with the licensing model embraced by GNU Guix and > > > hereby release my contributions there under the CC-0 license. For > > > convenience, you can also use the patches below." > > > > Does this wording sound a bit too harsh on Guix or is it just my > > impression? Free software hackers do have my respect, even if their > > licensing ethics is slightly different than mine. > Well, it is necessarily harsh on any entity that might stand there in > lieu of GNU Guix, because, at the end of the day, the fact remains that > you want to contribute some work to a project under a different > license.