Send in your ideas. Deadline June 1, 2024
More info available :
Theme fund: NGI0 PET
Start: 2020-12
End: 2020-12

GNU Guix - Cuirass

Continuous integration system for GNU Guix/Linux + Hurd

GNU Guix is a universal functional package manager and operating system which respects the freedom of computer users. The number of supported packages, almost 15.000 on 5 different architectures, is constantly increasing. With the recent efforts adding support for the GNU Hurd operating system, and the ongoing work to easily provide Guix System images for various boards, the need for a strong continuous integration system is critical.

This project aims to improve Cuirass, the GNU Guix continuous integration software to provide binary substitutes for every package or system image within the shortest time. This way, the user won't have to allocate important time and computation power resources into package building. The plan is to add to Cuirass an efficient offloading and work-balancing mechanism between build machines, an improved web interface allowing to monitor machine loads and other build related metrics. A user account section to setup customized monitoring dashboards and subscribe to build failures notifications will also be developed.

Why does this actually matter to end users?

When you start up your computer, you will probably think twice before you download some random piece of software from the internet and run it. You know that doing so could allow unwelcome guests to your computer and your data. Your computer might even end up in a bot net. So when you see some nice piece of software, you will ask yourself the question: can I really trust the software? Perhaps you will check the origin it comes from. Better safe than sorry.

Did you miss checking something, though? What about the software that is already on your computer before you started? A computer is not much use without an operating system. While most computers are sold with an operating system, actually you have the choice to remove that and install something different. Have you thought about the trustworthiness of that fundamental piece of software - your most fundamental travel companion on the wild west of the internet? Trustworthiness is essential. When an operating system has a so called 'back door' (either intentionally or not), someone could extract whatever user data - like personal pictures or home movies - from your computer. And the worse thing: without you ever finding out. The operating system guards all the other software, and warns you when you install software from the internet. But itself, it doesn't have to ask for permission. Ever. It doesn't just have "access all areas": in fact, it runs the whole show.

With commercial software like Microsoft Windows or Mac OS X that you get delivered when you buy a computer, trust in what their closed operating system does will of course always be a leap of faith: as a user you essentially are given no choice. In proprietary systems you do not have the freedom to study the source code, or to control what really happens. So you either trust the vendor, or you'd better not use it. For an increasing amount of people, after the revelations from whistleblowers like Edward Snowden, that "leap of faith" is not so obvious anymore. They prefer to use free and open source operating systems like GNU Linux, FreeBSD and OpenBSD. These are technology commons: the people that wrote the software allow you to inspect the source code. Even more so, they give you the source code to do anything with it that you like. So you don't just blindly have to take their word for it and trust them, you can take matters into your own hands.

GNU Guix is a free and open source operating system (as well as a software package manager) that takes the idea of ownership and transparency one step further. Just like the Nix package manager and NixOS-operating system, GNU Guix lets you state exactly what software you would want to use, including its version, other software it may depend on to run, etcetera. This so-called declarative way of managing everything that runs on your computer offers unique properties: you can run two versions of software at the same time, software is portable and reproducible and perhaps what is most important, your system is completely transparent. Think of a server handling sensitive data or providing vital services and you start to realize how important transparency really can be.

NGI Zero is proud to support various contributions to GNU Guix, one of which is this effort to improve Cuirass: the continuous integration software that continuously builds the source code of software packaged for Guix into binary code for computers to ingest. Cuirass will be improved to share the load between its machines and more closely monitor its performance. Ultimately this can help make GNU Guix easier and more reliable to use, allowing you to focus on building more transparent systems instead of maintenance.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.