guix
/
guix-artwork
mirror of git://git.savannah.gnu.org/guix/guix-artwork.git
2
0
Fork 0
Code Issues Releases Wiki Activity
guix-artwork/website/posts/error-success.md

168 lines
7.9 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

title: Reinstating an iconic error message
author: Ludovic Courtès
tags: System services, Community
date: 2023-04-01 11:00:00
---
Software development is a social process. What might be a “bug” for
someone might well be a “feature” for someone else. The Guix project
rediscovered it the hard way when, after “fixing a bug” that had been
present in Guix System for years, it was confronted with an uproar in its
user base.
In this post we look at why developers considered the initial behavior a
“bug”, why users on the contrary had come to rely on it, and why
developers remained blind to it. A patch to reinstate the initial
behavior [is being reviewed](https://issues.guix.gnu.org/62584). This
post is also an opportunity for us Guix developers to extend our
apologies to our users whose workflow was disrupted.
# The crux of the matter
Anyone whos used Guix System in the past has seen this message on the
console during the boot process:
```
error in finalization thread: Success
```
The following picture shows a typical boot screen (with additional
messages in the same vein):
![Picture of a monitor showing the error/success boot message.](/static/blog/img/error-success.jpg)
If you have never seen it before, it may look surprising to you. Guix
System users lived with it literally for years; the message became a
hint that the boot process was, indeed, successful.
A few months ago, a contributor sought to satisfy their curiosity by
finding the origin of the message. It did look like a spurious error
message, after all, and perhaps the right course of action would be to
address the problem at its root—or so they thought.
As it turns out, the message [originated in
Guile](https://git.savannah.gnu.org/cgit/guile.git/tree/libguile/finalizers.c#n238?id=df86a2a8c8725ac6244a222d399a5b959101f621)—check
out the [Guile
manual](https://www.gnu.org/software/guile/manual/html_node/Foreign-Object-Memory-Management.html)
if youre curious about finalization. Investigation revealed two
things: first, that this `perror` call in Guile was presumably reporting
the wrong error code—this was
[fixed](https://git.savannah.gnu.org/cgit/guile.git/commit/?id=1fbe89f7bdbf35408ec2df8de755c2f1323016a6).
The second error—the core of the problem—lied in Guix System itself.
Remember that, in its quest of memory safety™, statelessness, and fun,
Guix System does it all in Guile Scheme—well, except for the kernel (for
now). As soon as Linux has booted, Guix System spawns Guile to run boot
code thats in its [*initial RAM
disk*](https://guix.gnu.org/manual/en/html_node/Initial-RAM-Disk.html)
(“initrd”). Right before executing
[`shepherd`](https://gnu.org/software/shepherd), its service manager, as
PID 1, the initrd code would carelessly close all the file descriptors
above 2 to make sure they do not leak into PID 1. The problem—you
guessed it—is that one of them was the now-famous file descriptor of the
finalization threads pipe; the finalization thread would quickly notice
and boom!
```
error in finalization thread: Success
```
Our intrepid developers thought: “hey, we found it! Lets fix it!”. And
so [they
did](https://git.savannah.gnu.org/cgit/guix.git/commit/?id=168a7933c0e138dc7061a3f0dc96871e16da5c5f).
# Breaking user workflows
This could have been the end of the story, but theres more to it than
software. As Xkcd [famously captured](https://xkcd.com/1172/), this was
bound to break someones workflow. Indeed, had developers paid more
attention to what users had to say, they would have *known* that the
status quo was preferable.
For some time now, users had shown that they held the error/success
message deep in their heart. The message was seen on the blackboard at
the [Ten Years of Guix](https://10years.guix.gnu.org) celebration, as a
motto, as a rallying cry, spontaneously put on display:
![Picture of a blackboard with the famous message (by Julien Lepiller, under CC0).](https://10years.guix.gnu.org/static/images/photos/roptat-finalization-thread.jpg)
Whats more, a fellow NixOS hacker and Guix enthusiast, beguiled by this
powerful message, [designed](/static/blog/img/error-success-sticker.svg)
stickers and brought them to FOSDEM in February 2023:
![Picture of error/success stickers (under CC0).](/static/blog/img/error-success-sticker-pile.jpg)
The sticker design builds upon the “test pilot” graphics made by Luis
Felipe for the [1.3.0
release](https://guix.gnu.org/en/blog/2021/gnu-guix-1.3.0-released/).
The test pilot has a bug on its helmet. In a way, the drawing and error
message both represent, metaphorically, a core tenet of Guix as a
project; just like Haskell is *avoiding success at all costs*, Guix
seems trapped in an *error/success* quantum state.
Had it gone too far? Was calling it a “bug” the demonstration of the
arrogance of developers detached from the reality of the community?
# Fixing our mistakes
Those who installed Guix System starting from [version
1.4.0](https://guix.gnu.org/en/blog/2022/gnu-guix-1.4.0-released/) have
been missing out on the error/success boot message. The patch
[submitted today](https://issues.guix.gnu.org/62584) finally reinstates
that message. The review process will determine whether consensus is to
enable it by default—as part of
[`%base-service`](https://guix.gnu.org/manual/en/html_node/Base-Services.html#index-_0025base_002dservices-1)—or
whether to make it optional—after all, we also need to accommodate the
needs of *new* users who never saw this message. This will allow users
to restore their workflow, while also ensuring that those freshly
printed stickers remain relevant.
This incident had broader consequences in the project. It led some to
suggest that we, finally, set up a *request-for-comment* (RFC) kind of
process that would give all the community a say on important topics—a
process most large free software projects have developed in one form or
another. Such a process could have prevented this incident: instead of
arrogantly labeling it as a “bug”, developers would have proposed an RFC
to remove the message; the discussion period, most likely, would have
made it clear that removal was not a desirable outcome and we would all
have moved on.
This incident made many users uncomfortable, but we are glad that it is
now being addressed. The lessons learned will be beneficial to the
project for the years to come.
![Picture of a metal bird holding an error/success sticker (under CC0).](/static/blog/img/error-success-sticker-bird.jpg)
# Credits
> [Test
> pilot](https://git.savannah.gnu.org/cgit/guix/guix-artwork.git/tree/promotional/)
> by Luis Felipe distributed under the terms of
> [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/);
> sticker design distributed under
> [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/) as
> well. Blackboard picture by Julien Lepiller under
> [CC0](https://creativecommons.org/publicdomain/zero/1.0/); sticker
> pictures under
> [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
>
> Many thanks to the anonymous sticker provider!
#### About GNU Guix
[GNU Guix](https://guix.gnu.org) is a transactional package manager and
an advanced distribution of the GNU system that [respects user
freedom](https://www.gnu.org/distros/free-system-distribution-guidelines.html).
Guix can be used on top of any system running the Hurd or the Linux
kernel, or it can be used as a standalone operating system distribution
for i686, x86_64, ARMv7, AArch64 and POWER9 machines.
In addition to standard package management features, Guix supports
transactional upgrades and roll-backs, unprivileged package management,
per-user profiles, and garbage collection. When used as a standalone
GNU/Linux distribution, Guix offers a declarative, stateless approach to
operating system configuration management. Guix is highly customizable
and hackable through [Guile](https://www.gnu.org/software/guile)
programming interfaces and extensions to the
[Scheme](http://schemers.org) language.
View Git Blame Copy Permalink