| | 1 | == Transfer the sources you need by USB-drive |
| | 2 | |
| | 3 | If you want to build everything from source on the CI/CD server, you must transfer: |
| | 4 | |
| | 5 | * Updated package definitions (e.g., new Guix commit / channel state) |
| | 6 | |
| | 7 | * All required source code (not binaries) |
| | 8 | |
| | 9 | === Step 1: On a networked (twin) machine |
| | 10 | |
| | 11 | * Check for new versions |
| | 12 | |
| | 13 | {{{#!sh |
| | 14 | guix refresh PACKAGE-NAME |
| | 15 | }}} |
| | 16 | |
| | 17 | This will update the local package definition in your channel checkout (if you're maintaining your own channels or overlay packages). |
| | 18 | |
| | 19 | * Build the package to pull source code into the store |
| | 20 | |
| | 21 | {{{#!sh |
| | 22 | guix build --source PACKAGE-NAME |
| | 23 | }}} |
| | 24 | |
| | 25 | This ensures that all source tarballs and patches are downloaded and cached. |
| | 26 | |
| | 27 | * Export source code and channel state |
| | 28 | |
| | 29 | Export the source derivation (not the binaries!): |
| | 30 | |
| | 31 | {{{#!sh |
| | 32 | guix archive --export -r $(guix build --source PACKAGE-NAME) > sources.nar |
| | 33 | }}} |
| | 34 | |
| | 35 | Also export the updated Guix channels or commit used: |
| | 36 | |
| | 37 | {{{#!sh |
| | 38 | guix describe --format=channels > channels.scm |
| | 39 | }}} |
| | 40 | |
| | 41 | === Step 2: Transfer to the air-gapped CI/CD server |
| | 42 | |
| | 43 | Copy the following files via USB or other air-gap-compliant method: |
| | 44 | |
| | 45 | * sources.nar (the archive of source derivations) |
| | 46 | |
| | 47 | * channels.scm (to sync channel state) |
| | 48 | |
| | 49 | * Optionally: your custom channel checkout (if using overlays) |
| | 50 | |
| | 51 | === Step 3: On the CI/CD server |
| | 52 | |
| | 53 | * Sync channel state |
| | 54 | |
| | 55 | {{{#!sh |
| | 56 | guix time-machine -C channels.scm -- build PACKAGE-NAME |
| | 57 | }}} |
| | 58 | |
| | 59 | Or, if you want to pull into your main Guix: |
| | 60 | |
| | 61 | {{{#!sh |
| | 62 | guix pull --channels=channels.scm |
| | 63 | }}} |
| | 64 | |
| | 65 | * Import the sources |
| | 66 | |
| | 67 | {{{#!sh |
| | 68 | guix archive --import < sources.nar |
| | 69 | }}} |
| | 70 | |
| | 71 | Now the CI/CD server has all it needs to build the package from source without network access. |
| | 72 | |
| | 73 | === Optional: Preload additional sources or dependencies |
| | 74 | |
| | 75 | To avoid surprises, you may want to pre-fetch all sources recursively: |
| | 76 | |
| | 77 | {{{#!sh |
| | 78 | guix build --sources=transitive PACKAGE-NAME |
| | 79 | guix archive --export -r $(guix build --sources=transitive PACKAGE-NAME) > all-sources.nar |
| | 80 | }}} |
| | 81 | |
| | 82 | This ensures no source fetch attempts will occur during CI builds. |
