Re: Rust <3 Guix

[Efraim Flashner]

On Mon, Dec 25, 2023 at 07:25:26AM +, jgart wrote:
> > Do you need both nss-certs and curl?
> 
> Hi Efraim, yes, I need both, oddly enough. If I remove one of them the build 
> fails with the error message in the README that I provided.
> 
> > I saw in a later commit you said it's working.
> 
> I'm able to build main.rs with the guix installed tools but I'm not able to 
> use guix-installed crate dependencies.
> 
> I ended up installing the crates with cargo by fetching them from crates.io 
> with the following invocations:
> 
> cargo fetch
> cargo update
> cargo build
> 
> Not sure at the moment how to get cargo to defer to guix for managing the 
> crates when doing development... WDYT

It's not pretty currently using guix's crates.  The first part, getting
the necessary crates, involves manually adding them (with their
dependencies!) to your environment. The second part involves adjusting
your config.toml to include the following:

[source.crates-io]
local-registry = 
'/gnu/store/3nfgfhxlciblr360jyrgxl275sf78a6f-profile/share/cargo/registry'

HOWEVER, instead of /gnu/store/...-profile you need to adjust the path
to the value of your GUIX_ENVIRONMENT, and there's no way that I've
figured out to use $GUIX_ENVIRONMENT in a toml file.

Actually, it looks like I have the cargo registry patches sitting
unapplied on my machine, so I'm not even sure if it'll work the way I
wrote above.  I'll see about getting them into a state I'm happy with
for the rust-team branch.

-- 
Efraim Flashner  רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
From 84d2f06e9facec9a1646afd53adcbf2b95da4da0 Mon Sep 17 00:00:00 2001
Message-ID: 
<84d2f06e9facec9a1646afd53adcbf2b95da4da0.1702565894.git.efr...@flashner.co.il>
In-Reply-To: 
References: 
From: Efraim Flashner 
Date: Thu, 14 Dec 2023 16:49:58 +0200
Subject: [PATCH 1/2] build: cargo-build-system: Produce registry index files.

* guix/build/cargo-build-system.scm (rewrite-deps): New procedure.
(package): Obtain output from 'cargo manifest' of the current package
when the package will be installed.
(install): Don't install cargo crates and source.
(install-source): New phase.  Install cargo crates.  Generate cargo
registry index files and install them in a known location.
(%standard-phases): Add 'install-source phase after 'install.

Change-Id: I6ce6c5b33fe3eb7667f86964daef798320724a25
---
 guix/build/cargo-build-system.scm | 102 +-
 1 file changed, 87 insertions(+), 15 deletions(-)

diff --git a/guix/build/cargo-build-system.scm 
b/guix/build/cargo-build-system.scm
index ffb2ec898e..f1e35a5c65 100644
--- a/guix/build/cargo-build-system.scm
+++ b/guix/build/cargo-build-system.scm
@@ -73,6 +73,21 @@ (define (crate-src? path)
 " | cut -d/ -f2"
 " | grep -q '^Cargo.toml$'")
 
+(define (rewrite-deps cargo-deps)
+  (map (lambda (dependency)
+ `(@ ("name" . ,(assoc-ref dependency "name"))
+ ("req" . ,(assoc-ref dependency "req"))
+ ("features" . ,(assoc-ref dependency "features"))
+ ("optional" . ,(assoc-ref dependency "optional"))
+ ("default_features" . ,(assoc-ref dependency
+   "uses_default_features"))
+ ("target" . ,(assoc-ref dependency "target"))
+ ("kind" . ,(match (assoc-ref dependency "kind")
+   (null? "normal")
+   (kind kind)))
+ ("registry" . ,(assoc-ref dependency "registry"
+   cargo-deps))
+
 (define* (unpack-rust-crates #:key inputs vendor-dir #:allow-other-keys)
   (define (inputs->rust-inputs inputs)
 "Filter using the label part from INPUTS."
@@ -271,7 +286,8 @@ (define* (package #:key
   install-source?
   (cargo-package-flags '("--no-metadata" "--no-verify"))
   #:allow-other-keys)
-  "Run 'cargo-package' for a given Cargo package."
+  "Run 'cargo-package' for a given Cargo package.  Also generate metadata so 
we can
+create a package index for the crates."
   (if install-source?
 (if skip-build?
   (begin
@@ -322,19 +338,24 @@ (define* (package #:key
 (delete-file-recursively dir)))
 (find-files "." "\\.crate$")
 (format #t "Not installing cargo sources, skipping `cargo package`.~%"))
-  #t)
+
+  (when install-source?
+;; First generate the metadata so we can create the index file.
+;; https://doc.rust-lang.org/cargo/commands/cargo-metadata.html#json-format
+(with-output-to-file "cargo-metadata.json"
+  (lambda _
+(invoke "cargo" "metadata"
+"--manifest-path" "Cargo.toml"
+"--format-version" "1"
+"--no-deps")
 
 (define* (install #:key
-  inputs
   

Re: Mixing GPL and non-copyleft code in source files

[Liliana Marie Prikler]

Hi,

Am Mittwoch, dem 27.12.2023 um 10:22 +0100 schrieb Wojtek Kosior:
> Hi
> 
> > > Now, should such marginalization be repeated even within the
> > > freesw circles?  If it is harmful to block ppl from participating
> > > in the society using libre software (as universities, tax
> > > offices, etc. are doing) — and one disapproves it — then one will
> > > make efforts to avoid similar harmful exclusions in one's own
> > > micro-society, right?
> > > 
> > > Sadly, in the end those more idealistic risk more marginalization
> > > and therefore greater depression — all while probably caring the
> > > most…  
> > Define harmful exclusion.  Publishing some source code under the
> > GPL v3 (or later) does not preclude you as the sole author from
> > also publishing it under the CC-0.
> 
> I'll try to explain the problem.  Software licenses, if enforced, are
> enforced through legal means.  You sue the proprietors to have them
> respect the GPL or (significantly more often) the mere possibility of
> being easly defeated in court scares proprietors away from violating
> the GPL.  In the latter case it's not a lawsuit but a (more or less
> explicit) threat of a lawsuit.
> 
> These legal means can be considered brutal.  Even if I did something
> bad to someone (which I'm trying not to), I wouldn't like them to
> make efforts to have me imprisoned or fined.  Similarly, I wish not
> to have others imprisoned/fined but rather pursue justice via as
> peaceful means as possible.
> 
> Now, one could argue that I could just use a copyleft license and
> then not sue — that's what RMS said when we met in 2021.  But that's
> where the notion of threat comes to the foreground.  Just as I
> consider license lawsuits not to be in line with my conscience, I
> consider lawsuit threats (even conceales ones) not to be in line
> either.  And non-public-domain licenses fall in this category, at
> least as long as licensing is understood in terms of legal systems.
I think you are (willingly or otherwise) drawing an incomplete picture
here.  When the FSF sues, rather than seek for damages, they seek
publication of software, which is exactly what the GPL already tells
you to do.

> Whenever I publish some code under CC0, others could of course remove
> the CC0 license notices, put different license in place and legally
> redistribute that code — thus making it seem as if I were using a
> non-public-domain license in the first place.  I'm not doing anything
> about it because there's little I could do.  But if I were to somehow
> authorize or aid in something like this, I object.  Which is what
> we're discussing in this thread.
This appears to be a case of wanting your cake and eating it as well. 
By declaring some piece of software public domain you already aid in
its proprietary redistribution.  You simply retain a clear conscience
through a lack of awareness. 

> RMS called my approach "pacifism" and he is probably right.  Even
> most Catholics like myself would disagree with me — many make use
> copyright, after all.  But my own conscience is telling me not to do
> certain things that seem harmful and I'm trying to obey it.
The nice thing about holy scripture is that you can justify just about
anything with it, especially if you are liberal in your interpretation.
It gets even easier with classical reasoning: Just pick two
contradicting sentences (or even a self-contradicting one), and it
logically entails every sentence, even those that large language models
come up with.

Now pardon my agnosticism, but even you yourself remark that people
sharing your faith have different opinions on copyright.  I thus highly
doubt that it ought to have a big influence over yours :)

> I hope my issue is clarified, I am sorry it hasn't been so from the
> beginning.  It felt that including an explanation like the above one
> with the previous email would add up to an essay inappropriately long
> for this mailing list, I hope you agree.
I do agree on the inappropriate size, but at the same time I disagree
on the clarification bit, in that your issue hasn't yet been distilled
to its purest form.  There instead appear to be some misconceptions
clouding your mind making it so that we (and perhaps even you yourself)
have to come up with a consistent belief about copyright in the first
place.

> I'll add that in the past I tried using the GPL while making it not
> look like a threat by adding a "promise not to sue" below the
> notice.  I have since switched to CC0 because it's less ambigious
> (promises could have legally unexpected/untested outcomes) and easier
> to use.  I could once again use such promise approach for some code
> if it is more welcome — it'd still require a "statement" to be
> accepted by the maintainers, tho.  Do you think it is more "possible"
> this way?
I think the threat of legal dispute can much more easily be avoided by
considering what users might reasonably be wanting to do with your
software and aiding them in doing so.  

Re: Mixing GPL and non-copyleft code in source files

[Development of GNU Guix and the GNU System distribution.]

Hi there

> It's worth noting that CC0 is not a license but a public domain
> dedication.  One cannot dual-license it with GPL because copyright
> no longer applies to the work: https://creativecommons.org/faq

Actually, in some countries' laws there is no notion of public domain
and it is not possible to waive one's copyright there.  CC0 would fall
back to being a license there.

Also, due to this ambigious status of public domain, there were cases
of business users asking authors of public domain software to also add
a different license.  But this is a rather rare, overcautious approach
and definitely not needed with a carefully-designed waiver like the CC0.

I think my response to Liliana 2 minutes ago is also a sufficiently good
response to the remaining remarks I could otherwise address here.  If
not, please tell

Best
Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)


On Sun, 24 Dec 2023 13:15:05 +0900 Nguyễn Gia Phong  wrote:

> On 2023-12-24 at 03:41+01:00, Liliana Marie Prikler wrote:
> > Publishing some source code under the GPL v3 (or later)
> > does not preclude [someone] as the sole author
> > from also publishing it under the CC-0.  It does
> > defeat the purpose of the GPL if you, however,
> > because whoever wants to make a proprietary spin-off
> > will simply take the CC-0, since whereas the GPL
> > gives you access to all the changes when they redistribute it,
> > the CC-0 gives you bupkis.  
> 
> It's worth noting that CC0 is not a license but a public domain
> dedication.  One cannot dual-license it with GPL because copyright
> no longer applies to the work: https://creativecommons.org/faq
> 
> A CC0 patch to a GPL software does not change the licensing status
> of the software, and any modification on top of the public domain
> works can continue to be under the GPL.  This goes for other parts of
> Guix that alone are not copyrightable like the list of facebook hosts.
> 
> Furthermore, even if the author decides to dual license it, it makes
> no difference to predatory corporations whether if the information
> about the permissively licensed snippets are documented mainline:
> that piece of code is still licensed that way.  However, once again
> note that the dual-licensed modules will become copyleft after
> any modification under the GPL.
> 
> The intention of the GPL and software freedom is to protect the freedom
> of end-users: it concerns their rights over the overall program.
> As long as the program is still copyleft, it would not be possible
> to distribute any non-free derivative.
> 
> Now you could argue that if a large part of the codebase
> is permissively licensed, the rest could be easily rewrite to produce
> a proprietary work.  While that is true, the viral property
> of copyleft would render this practically impossible, as the chance
> of the same parts of guix is contributed solely by people preferring
> permissive licenses is really low considering the total number
> of contributors.
> 
> I understand the fear of a copyleft work being tainted,
> it is just irrational in this very case.  On the other hand,
> encouraging patches under any GPL-compatible license would put
> unnecessary burdens on the maintainers to document which snippet
> to be under what license.  This is even beyond the scope of REUSE
> which would optimistically already take days to implement for guix.
> 
> For this reason, I think it is a reasonable ask for contributions
> to be under the same license and authors can self-publish the patch
> under a different license if they wish to.  As mentioned, those hunks
> will not stay permissive forever in guix anyway, nor that guix
> owes contributors the favor to allocate resources on something
> that does not dirrectly support its mission.


pgp5lTHWbx9SY.pgp
Description: OpenPGP digital signature

Re: Mixing GPL and non-copyleft code in source files

[Development of GNU Guix and the GNU System distribution.]

Hi

> > Now, should such marginalization be repeated even within the freesw
> > circles?  If it is harmful to block ppl from participating in the
> > society using libre software (as universities, tax offices, etc. are
> > doing) — and one disapproves it — then one will make efforts to avoid
> > similar harmful exclusions in one's own micro-society, right?
> > 
> > Sadly, in the end those more idealistic risk more marginalization and
> > therefore greater depression — all while probably caring the most…  
> Define harmful exclusion.  Publishing some source code under the GPL v3
> (or later) does not preclude you as the sole author from also
> publishing it under the CC-0.

I'll try to explain the problem.  Software licenses, if enforced, are
enforced through legal means.  You sue the proprietors to have them
respect the GPL or (significantly more often) the mere possibility of
being easly defeated in court scares proprietors away from violating
the GPL.  In the latter case it's not a lawsuit but a (more or less
explicit) threat of a lawsuit.

These legal means can be considered brutal.  Even if I did something
bad to someone (which I'm trying not to), I wouldn't like them to make
efforts to have me imprisoned or fined.  Similarly, I wish not to have
others imprisoned/fined but rather pursue justice via as peaceful means
as possible.

Now, one could argue that I could just use a copyleft license and then
not sue — that's what RMS said when we met in 2021.  But that's where
the notion of threat comes to the foreground.  Just as I consider
license lawsuits not to be in line with my conscience, I consider
lawsuit threats (even conceales ones) not to be in line either.  And
non-public-domain licenses fall in this category, at least as long as
licensing is understood in terms of legal systems.

Whenever I publish some code under CC0, others could of course remove
the CC0 license notices, put different license in place and legally
redistribute that code — thus making it seem as if I were using a
non-public-domain license in the first place.  I'm not doing anything
about it because there's little I could do.  But if I were to somehow
authorize or aid in something like this, I object.  Which is what we're
discussing in this thread.

RMS called my approach "pacifism" and he is probably right.  Even most
Catholics like myself would disagree with me — many make use copyright,
after all.  But my own conscience is telling me not to do certain
things that seem harmful and I'm trying to obey it.

I hope my issue is clarified, I am sorry it hasn't been so from the
beginning.  It felt that including an explanation like the above one
with the previous email would add up to an essay inappropriately long
for this mailing list, I hope you agree.

I'll add that in the past I tried using the GPL while making it not look
like a threat by adding a "promise not to sue" below the notice.  I
have since switched to CC0 because it's less ambigious (promises could
have legally unexpected/untested outcomes) and easier to use.  I could
once again use such promise approach for some code if it is more
welcome — it'd still require a "statement" to be accepted by the
maintainers, tho.  Do you think it is more "possible" this way?

> It does defeat the purpose of the GPL if you, however, because
> whoever wants to make a proprietary spin-off will simply take the
> CC-0, since whereas the GPL gives you access to all the changes when
> they redistribute it, the CC-0 gives you bupkis.

I agree that copyleft can be a powerful weapon against proprietors.  My
issue is definitely about something else than it being ineffective

Best
Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)


On Sun, 24 Dec 2023 03:41:32 +0100 Liliana Marie Prikler 
 wrote:

> Am Samstag, dem 23.12.2023 um 19:19 +0100 schrieb Wojtek Kosior via
> Development of GNU Guix and the GNU System distribution.:
> > > I would offer a chronological list of my downloadable contributions
> > > to Guix and place the following wording on top of the page:
> > > 
> > > "I disagree with the licensing model embraced by GNU Guix and
> > > hereby release my contributions there under the CC-0 license. For
> > > convenience, you can also use the patches below."  
> > 
> > Does this wording sound a bit too harsh on Guix or is it just my
> > impression?  Free software hackers do have my respect, even if their
> > licensing ethics is slightly different than mine.  
> Well, it is necessarily harsh on any entity that might stand there in
> lieu of GNU Guix, because, at the end of the day, the fact remains that
> you want to contribute some work to a project under a different
> license.