GNU bug report logs - #63972
specifying a substitute server without adding its PGP key silently ignores it

Previous Next

To reply to this bug, email your comments to 63972 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Attila Lendvai <attila <at> lendvai.name>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: specifying a substitute server without adding its PGP key silently
 ignores it
Date: Fri, 09 Jun 2023 13:55:59 +0000

i've installed a new guix, and at the first `guix system reconfigure` i specified a substitute server using --substitute-urls for That Other Channel. i had to do this, because the config.scm that contains the substitute specification is yet to be applied.

it didn't work. it prints everything as usual, including the 100% message for that substitute server, but it starts to build packages locally for which substitutes are available. i haven't noticed any indication that there's a problem with any of the substitute servers.

once i've downloaded the .pub and i finally did the right incantation (sudo guix archive --authorize < signing-key.pub), then it started to download the substitutes as i expected.

i would much prefer a behavior where a "cryptyc" exception and backtrace is printed by a toplevel error handler. it has cost me about an hour of my life.

i'd suggest the following general strategy for the entire codebase in general:

throw exceptions, and let them fly all the way up to the toplevel error handler that should print it with a backtrace. this should be the baseline, and only then start adding very specific exception handlers to print friendly and localizable error messages for various situations, and only ever swallow exceptions when it's really justified. e.g. a file-not-found error in an ensure-file-deleted function.

-- 
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“Civilization is in a race between education and catastrophe. Let us learn the truth and spread it as far and wide as our circumstances allow. For the truth is the greatest weapon we have.”
	— H.G. Wells (1866–1946)

Message #8 received at 63972 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Attila Lendvai <attila <at> lendvai.name>
Cc: 63972 <at> debbugs.gnu.org
Subject: Re: bug#63972: specifying a substitute server without adding its
 PGP key silently ignores it
Date: Fri, 09 Jun 2023 16:20:00 +0200

Hi,

Attila Lendvai <attila <at> lendvai.name> skribis:

> i've installed a new guix, and at the first `guix system reconfigure` i specified a substitute server using --substitute-urls for That Other Channel. i had to do this, because the config.scm that contains the substitute specification is yet to be applied.
>
> it didn't work. it prints everything as usual, including the 100% message for that substitute server, but it starts to build packages locally for which substitutes are available. i haven't noticed any indication that there's a problem with any of the substitute servers.
>
> once i've downloaded the .pub and i finally did the right incantation (sudo guix archive --authorize < signing-key.pub), then it started to download the substitutes as i expected.
>
> i would much prefer a behavior where a "cryptyc" exception and backtrace is printed by a toplevel error handler. it has cost me about an hour of my life.

I agree we should print a message when stumbling upon unauthorized
substitutes (it’s not OpenPGP, BTW).

Note that it’s not completely trivial: you might download substitutes
not signed by one of the keys in the ACL if they happen to match
substitutes that *are* signed by one of the authorized keys.

Also, when discovery is enabled, it’s preferable to silently ignore
neighboring servers that the user did not explicitly specify via
‘--substitute-urls’.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.