GNU bug report logs - #67072
[PATCH 0/4] Helping diagnose substitute setup issues

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix-patches; Reported by: Ludovic Courtès <ludo@HIDDEN>; Keywords: patch; dated Sat, 11 Nov 2023 11:05:01 UTC; Maintainer for guix-patches is guix-patches@HIDDEN.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 2 Dec 2023 10:20:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 02 05:20:41 2023
Received: from localhost ([127.0.0.1]:56675 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r9N72-0008OY-PY
	for submit <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:20:41 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44188)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1r9N71-0008OL-5Q
 for 67072 <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:20:40 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1r9N6m-0000VV-6Y; Sat, 02 Dec 2023 05:20:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=xFV4M9ozn7C4FQBVtXCuOj+dgx/9RsktD4629JAJHNw=; b=SYtfC3vpRZ082vJtON1+
 xYO5yHzsRP5KqTcNcQkfq+1XXxoH+U3f3WipP73e0Y4vvSvtWPUbVgTG7Mp7JNnlR+KgqCVHi+rpM
 kaUYHpdK1bmva+h/B/+ulN2ZRxUmdNpbCHH5Jz/J63z2I7qdiegroTq5GEbGVs6ex36ldrrAY3L7d
 wiZPouo0+xXrXmPGxtwer516yvgSHFVjHpuQmUWNNl8EU7vxkzTVfWC/0DvQXnFupMHT9u10mLJu/
 29+7/qQtf4fVNKExd4+FwLZMski/jDy70o0cp0mXFwcL+79D1XoVAcYTPBezbt8L68L/i81j9c1tu
 K0TZZggyB4f5gw==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Simon Tournier <zimon.toutoune@HIDDEN>
Subject: Re: [bug#67072] [PATCH 4/4] weather: Report unauthorized substitute
 servers.
In-Reply-To: <87jzq2aukw.fsf@HIDDEN> (Simon Tournier's message of "Tue, 28
 Nov 2023 14:14:23 +0100")
References: <cover.1699700049.git.ludo@HIDDEN>
 <dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN>
 <87jzq2aukw.fsf@HIDDEN>
Date: Sat, 02 Dec 2023 11:20:21 +0100
Message-ID: <875y1gj47u.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org,
 Mathieu Othacehe <othacehe@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Simon,

Simon Tournier <zimon.toutoune@HIDDEN> skribis:

> I know it is irrelevant with the patch at hand.  Maybe not. :-)
>
>    1. Why this =E2=80=99(not (not=E2=80=99 ?

This ensures the result is a Boolean.

[...]

>> +(define (check-narinfo-authorization narinfo)
>> +  "Print a warning when NARINFO is not signed by an authorized key."
>> +  (unless (valid-narinfo? narinfo)
>
> =E2=80=A6I entered in this part =E2=80=93 hence the look up (guix pki) ;-=
).  Well, my
> mistake is hard to reproduce outside of Guix development tree but
> =E2=80=99valid-narinfo?=E2=80=99 returns false for more cases than just
> unauthorized-key.  Therefore, the hint could be misleading.

It=E2=80=99s true that =E2=80=98valid-narinfo?=E2=80=99 catches more cases,=
 but the other cases
where it returns #f are situations where the substitute server is bogus.
So I chose to favor conciseness here.

> Since we are discussing about an helper, I would run =E2=80=99signature-c=
ase=E2=80=99
> here in check-narinfo.  For example, if the case is 'unauthorized-key,
> then I would check is %acl-file exists.  Maybe display the full
> %acl-file explaining that the key is not in, etc.

Right, checking for =E2=80=98%acl-file=E2=80=99 is a good idea; I wouldn=E2=
=80=99t display its
contents though because that=E2=80=99d be intimidating and unhelpful IMO.

> Moreover, running =E2=80=9Cguix challenge coreutils=E2=80=9D does not war=
n about
> anything [=E2=80=A6]

That=E2=80=99s on purpose:

--8<---------------cut here---------------start------------->8---
(define (compare-contents items servers)
  "Challenge the substitute servers whose URLs are listed in SERVERS by
comparing the hash of the substitutes of ITEMS that they serve.  Return the
list of <comparison-report> objects.

This procedure does not authenticate narinfos from SERVERS, nor does it ver=
ify
that they are signed by an authorized public keys.  The reason is that, by
definition, we may want to target unknown servers.  Furthermore, no risk is
taken since we do not import the archives."
--8<---------------cut here---------------end--------------->8---

> guix weather: warning: could not determine current substitute URLs; using=
 defaults
> computing 1 package derivations for x86_64-linux...
> looking for 2 store items on https://ci.guix.gnu.org...
> guix weather: error: open-file: Permission denied: "/etc/guix/acl"

Uh, it should be able to deal with it gracefully.

> Hum? Maybe I am doing something wrong=E2=80=A6  The file /etc/guix/acl ha=
s the
> permission:
>
>     -rw-------   1 root root   528  acl

It=E2=80=99s normally world-readable.

> Is it incorrect?  Well, if all are allowed to read (chmod a+r) then
> there is not error.  And it displays the warning:
>
> guix weather: warning: could not determine current substitute URLs; using=
 defaults
>
> And that=E2=80=99s because the daemon is not supporting the operation.  T=
his
> warning appears to me misleading: personally I think that I am
> misconfigured something when that=E2=80=99s not the case.  Instead, I wou=
ld
> display:
>
>     warning: using defaults substitute URLs

Yes, good idea.

I=E2=80=99ll send v2 soonish.

Thanks for your feedback!

Ludo=E2=80=99.




Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 2 Dec 2023 10:13:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 02 05:13:38 2023
Received: from localhost ([127.0.0.1]:56670 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r9N0D-0005bf-Rj
	for submit <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:13:38 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44734)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1r9N0C-0005bT-Vc
 for 67072 <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:13:37 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1r9Mzx-0005C0-Px; Sat, 02 Dec 2023 05:13:21 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=XGgebZfztG8smuDQDZoYA9xRXVVsGv/OdXpC7rsaZeE=; b=fL8c/1UsYopz5V1TTIKE
 K4P2IWzpTTQY/Lqe7cSvJBeyKhXjU1cGSi/SKETsdc77v9ciC82/jzKz1HZPIt3+E/KLUi4wIQK+V
 /B5EdoKJvDKd7PQh9DP/jVApUTyanbp3TdbGsWrGHQSN41JVjH8T7gHTyENOIwTRIUq5oihbSuFgp
 qvsfoudG1uysEEJdxQ/AOoiOI9dPQ3KxwhhF5DfAcVFod4tsBRL+wepgNGJCtYaHC8Gy4+AVO93+f
 w7DEftkJFWeVNVeTn5z1gBIlstb4+figoNp3F1hhOXUhg6OjbJ0JcfHsTPG9QVsLjqrvNuZcIGrKf
 8ohQD7V3BRnS+Q==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Simon Tournier <zimon.toutoune@HIDDEN>
Subject: Re: [bug#67072] [PATCH 1/4] daemon: Implement =?utf-8?Q?=E2=80=98?=
 =?utf-8?Q?substitute-urls=E2=80=99?= RPC.
In-Reply-To: <87wmu2axl0.fsf@HIDDEN> (Simon Tournier's message of "Tue, 28
 Nov 2023 13:09:31 +0100")
References: <cover.1699700049.git.ludo@HIDDEN>
 <6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN>
 <87wmu2axl0.fsf@HIDDEN>
Date: Sat, 02 Dec 2023 11:13:18 +0100
Message-ID: <87cyvoj4jl.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org,
 Mathieu Othacehe <othacehe@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>,
 Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Simon Tournier <zimon.toutoune@HIDDEN> skribis:

> On Sat, 11 Nov 2023 at 12:06, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote:
>
>> -(test-skip (if %store 0 15))
>> +(test-skip (if %store 0 18))
>
> Out of curiosity, why 18?

Because we=E2=80=99re adding 3 tests.

(Now, the count might be off, and we=E2=80=99re never running those tests
without a running daemon anyway=E2=80=A6)

Ludo=E2=80=99.




Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 30 Nov 2023 10:29:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 30 05:29:09 2023
Received: from localhost ([127.0.0.1]:52353 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r8eI8-0003cs-OL
	for submit <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:29:08 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:21158)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@HIDDEN>) id 1r8eI6-0003cG-Ta
 for 67072 <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:29:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
 h=from:to:cc:subject:in-reply-to:references:date:
 message-id:mime-version:content-transfer-encoding;
 bh=5zEzoUHqqA7GvxXKuQWLiSZElMvhrS+vMtHQDcigMHk=;
 b=iF0fYoK7mgwoMjM1P/B45L41NkXu2YqbRiT0LjwRCjwsEzlbEuz/mFLa
 X6MysJ5WGnMvXbsN7U0+HU2ggXEZzEnEIquxbEy/8T/u9bxoIw+cfiZuK
 yYawgRwIz0Sx0VVaSzEnPunp4oTC8/bM9dDqBB1ubrwy823jOXeoVczqa Q=;
Authentication-Results: mail3-relais-sop.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
 dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.04,237,1695679200"; d="scan'208";a="73025669"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
 by mail3-relais-sop.national.inria.fr with
 ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Nov 2023 11:28:52 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: Emmanuel Agullo <emmanuel.agullo@HIDDEN>
Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues
In-Reply-To: <1046719309.20527433.1701339117643.JavaMail.zimbra@HIDDEN>
 (Emmanuel Agullo's message of "Thu, 30 Nov 2023 11:11:57 +0100 (CET)")
References: <cover.1699700049.git.ludo@HIDDEN> <87fs0rw1qn.fsf@HIDDEN>
 <1046719309.20527433.1701339117643.JavaMail.zimbra@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: =?utf-8?Q?D=C3=A9cadi?= 10 Frimaire an 232 de la
 =?utf-8?Q?R=C3=A9volution=2C?= jour de la Pioche
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 30 Nov 2023 11:28:51 +0100
Message-ID: <87plzro7q4.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org,
 zimoun <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
 Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Emmanuel,

Emmanuel Agullo <emmanuel.agullo@HIDDEN> skribis:

>>> First =E2=80=98guix weather=E2=80=99 and =E2=80=98guix
>>> challenge=E2=80=99 now default to the same substitute URLs as guix-daem=
on
>>> (this was not the case until now because there was no way to get
>>> that information from the daemon).
>
> This is excellent. I was not aware of the difference.
>
>>>  Second =E2=80=98guix weather=E2=80=99 reports about unauthorized serve=
rs
>
> I guess it should help a lot!
>
>>> If not I=E2=80=99d like to push it soon.
>
> As best as I can read, green light for me. I'll be pleased to test
> it once pushed.

Awesome, thanks for your feedback!

Ludo=E2=80=99.




Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 30 Nov 2023 10:12:14 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 30 05:12:14 2023
Received: from localhost ([127.0.0.1]:52336 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r8e1m-000383-Cj
	for submit <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:12:14 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:45471)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <emmanuel.agullo@HIDDEN>) id 1r8e1k-00037j-8R
 for 67072 <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:12:13 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
 h=date:from:to:cc:message-id:in-reply-to:references:
 subject:mime-version:content-transfer-encoding;
 bh=7+xoG+7h6y2hRGXv3Lben4ncvDY5BV3ylfN4F5+SYGk=;
 b=HMac0j3VO1ssd41WgnOoxyT8k4xElsttShuOyGFkRW+CuoGnn4WMkQBQ
 YGRJcKls8EyOq169rK+sHZV3w/Q3+1VvHr+NhT9vQcArE4aVATu2f04jF
 s47yWIq/p3TKZaR+xf//o/Y0fwYnHabKtUJoYIsZwlFLeIKjmEZmyqKCG c=;
Authentication-Results: mail2-relais-roc.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=Pass smtp.mailfrom=emmanuel.agullo@HIDDEN;
 spf=None smtp.helo=postmaster@HIDDEN
Received-SPF: Pass (mail2-relais-roc.national.inria.fr: domain of
 emmanuel.agullo@HIDDEN designates 128.93.142.31 as
 permitted sender) identity=mailfrom; client-ip=128.93.142.31;
 receiver=mail2-relais-roc.national.inria.fr;
 envelope-from="emmanuel.agullo@HIDDEN";
 x-sender="emmanuel.agullo@HIDDEN"; x-conformance=spf_only;
 x-record-type="v=spf1"; x-record-text="v=spf1
 ip4:128.93.142.0/24 ip4:192.134.164.0/24 ip4:128.93.162.160
 ip4:89.107.174.7 mx ~all"
Received-SPF: None (mail2-relais-roc.national.inria.fr: no sender
 authenticity information available from domain of
 postmaster@HIDDEN) identity=helo;
 client-ip=128.93.142.31;
 receiver=mail2-relais-roc.national.inria.fr;
 envelope-from="emmanuel.agullo@HIDDEN";
 x-sender="postmaster@HIDDEN"; x-conformance=spf_only
X-IronPort-AV: E=Sophos;i="6.04,237,1695679200"; d="scan'208";a="139393847"
X-MGA-submission: =?us-ascii?q?MDHk6x2saLvcK0dkCIPh2UFc5iM1Z6VyRzCssI?=
 =?us-ascii?q?b6klhd6rfyON9bmRfjG3pzdxH74xhsPymNEJx54UJ431zer+oHdYdjza?=
 =?us-ascii?q?KBzEKt+YrecHSbAtNpcH6aw2fnzHp0CcWxPoAT548jpH/yBwyf6BN5hU?=
 =?us-ascii?q?Zj/Nzo9lY/KprQ0po5ObWfSg=3D=3D?=
Received: from zcs-store4.inria.fr ([128.93.142.31])
 by mail2-relais-roc.national.inria.fr with ESMTP; 30 Nov 2023 11:11:59 +0100
Date: Thu, 30 Nov 2023 11:11:57 +0100 (CET)
From: Emmanuel Agullo <emmanuel.agullo@HIDDEN>
To: Ludovic Courtes <ludovic.courtes@HIDDEN>
Message-ID: <1046719309.20527433.1701339117643.JavaMail.zimbra@HIDDEN>
In-Reply-To: <87fs0rw1qn.fsf@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN> <87fs0rw1qn.fsf@HIDDEN>
Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Originating-IP: [193.50.110.54]
X-Mailer: Zimbra 8.8.15_GA_4562 (ZimbraWebClient - FF118
 (Linux)/8.8.15_GA_4570)
Thread-Topic: Helping diagnose substitute setup issues
Thread-Index: hJ/dSgtQUKESC+05sB5OqpA3O7NCZA==
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org,
 zimoun <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
 Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello Ludo, hello Simon, hello Guix,

First of all thank you Ludo for the patch.

Indeed, it would be great one can check the substitutes are set up
as expected.

>> First =E2=80=98guix weather=E2=80=99 and =E2=80=98guix
>> challenge=E2=80=99 now default to the same substitute URLs as guix-daemo=
n
>> (this was not the case until now because there was no way to get
>> that information from the daemon).

This is excellent. I was not aware of the difference.

>>  Second =E2=80=98guix weather=E2=80=99 reports about unauthorized server=
s

I guess it should help a lot!

>> If not I=E2=80=99d like to push it soon.

As best as I can read, green light for me. I'll be pleased to test
it once pushed.

Thanks again!

Best,

Manu




Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 28 Nov 2023 15:43:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Nov 28 10:43:11 2023
Received: from localhost ([127.0.0.1]:47458 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r80Ex-0001aM-0g
	for submit <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:11 -0500
Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]:38941)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1r80Er-0001Z1-LN
 for 67072 <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:08 -0500
Received: by mail-wr1-x429.google.com with SMTP id
 ffacd0b85a97d-32f831087c6so1493318f8f.0
 for <67072 <at> debbugs.gnu.org>; Tue, 28 Nov 2023 07:42:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1701186173; x=1701790973; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=8q6uBYMRq27GVhyjl/MVqpvKcBgKFyJC7ETz2syWFD4=;
 b=bUBCwwVf9gpnMkTrYfPyObsMfQj2W85+vUdOeL/GgJNdtyj3Vuru3vRjT3ZiQKUauR
 GZ3YFCq2ERN5IKMBHKRv14OfDrzP19VFfG7e3VnrhoI2JFLo4eGaWUtdzLrKe1c3ByqF
 jOhEPdkc0N0f+Eg+TO9ed1PjvrR5p/XgA9MPWbI4tACDIz0zIN32/bFb58fHSG0kYTUa
 zAOKPr0HQuZr+znzAwl1Rm84KSiIptIgFIb0QvG4DzlKthiusFB+aq4H5hYkeqPh5i7k
 YADuY0knVX2CZKvsNsW2gtJ7A3BKINAClkJLKDVkIVT7konTT9ZzpNnjB1Pw2n6VNQzm
 FRhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1701186173; x=1701790973;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=8q6uBYMRq27GVhyjl/MVqpvKcBgKFyJC7ETz2syWFD4=;
 b=Re+Skk9/R3fGRq9Q7xHuBV7MK1MMFinhbe0zdBY9+ApPyA1y+vjzsLEVejORbW6zQ5
 2sM6ErbpMZwSsVARywv6ieyP6zmAxCk/rv5pBsyVkV3GRPs5w2a7fZVohwpV2TnnIaig
 b+pptU+/Ky40MwQuLlzaIoV6z1DNPmXDvkYtHoN3bzgpRKwS5uIDs+DMp5ZFKIqfmhhW
 jnQ8eQkBX2Kwu7bV/OUtxeB9TZPs/llWGsAWvHA7l0mqz1QTMqDm1dTMdWxeLCb+kfh9
 Mk3bXZosYpQozbG6sk05yPhLLaTu2hOtWxad7KL0xdGxCIjK5V2SOieks3R9HiHWRbEz
 nPAg==
X-Gm-Message-State: AOJu0YyGqcS2XUSJxmSinGWQSEq7wFcMBujLcQ0i789uLojjWPcvvPnf
 KGSuRbUgxeW3pxxKK5N2hdw=
X-Google-Smtp-Source: AGHT+IG9Kn3Z+pIJt6iRkDvOCRnjqwmmArn28iEytgfGa+IOwSukIRMZEl8NssR3ORBVryF4przWHQ==
X-Received: by 2002:a5d:4612:0:b0:332:fbce:89ec with SMTP id
 t18-20020a5d4612000000b00332fbce89ecmr5471707wrq.7.1701186173011; 
 Tue, 28 Nov 2023 07:42:53 -0800 (PST)
Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id
 e25-20020a5d5959000000b00332eb96cb73sm11907593wri.73.2023.11.28.07.42.52
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Nov 2023 07:42:52 -0800 (PST)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>,
 67072 <at> debbugs.gnu.org
Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues
In-Reply-To: <87fs0rw1qn.fsf@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN> <87fs0rw1qn.fsf@HIDDEN>
Date: Tue, 28 Nov 2023 14:17:22 +0100
Message-ID: <87edgaaufx.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
 Emmanuel Agullo <emmanuel.agullo@HIDDEN>,
 Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Ludo,

Sorry for the delay.

On Mon, 27 Nov 2023 at 18:21, Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN=
r> wrote:

> Comments or suggestions regarding this change?
>
>   https://issues.guix.gnu.org/67072

Cool!

Well, I did some minor comments about =E2=80=9Cguix weather=E2=80=9D.  I ha=
ve not
checked the =E2=80=9Cguix challenge=E2=80=9D counter-part.  Maybe later thi=
s week. :-)

Cheers,
simon




Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 28 Nov 2023 15:43:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Nov 28 10:43:11 2023
Received: from localhost ([127.0.0.1]:47456 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r80Ew-0001aE-Hx
	for submit <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:10 -0500
Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]:38935)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1r80Er-0001Z0-71
 for 67072 <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:08 -0500
Received: by mail-wm1-x336.google.com with SMTP id
 5b1f17b1804b1-40b36e721fcso2171815e9.0
 for <67072 <at> debbugs.gnu.org>; Tue, 28 Nov 2023 07:42:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1701186172; x=1701790972; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=ITBcPpgkD+5KoF6/FY+d1dIVj5AtvbX9sVCIHLhlbIM=;
 b=Du+Shy8+FU9wsaDjx9fnkseMNDtbVW0Hnii/wquYD4pZI5q+D2bQzeFnvBDR6Rzs7y
 28QUKek+tsALLTp227qf0Mt0qnIhY2AKGuc86Vlm5TXMl2zOJEm/pl8NGNW9vDR6p21F
 lylBYLuoVTIsw0nLl/Ctl+M1JHDWfnANiUkIASO8tY/E3jIhG68TTQaPuOvpKiXN2399
 yNweSWGNfvXxT87pCSXw/Mp9HmURtEl7hc2og6EbeZQMxMUaI79Jx4029lj9UFV1SU6O
 N0NQXW2L/CIXGdZ2q7nP7h9v4FKmz73IOPn5uaWyvDXkgwEf1TcyKgQ14LXKdvHxLs9A
 eDbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1701186172; x=1701790972;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=ITBcPpgkD+5KoF6/FY+d1dIVj5AtvbX9sVCIHLhlbIM=;
 b=aaFMm2GlINk8n1Fq0W/bg7L0KQ3lBWctsumUImHU4Jirwglo8KAqPNHD6JVOSU8ove
 85vtck7hagrvDcAtUY3AkUhFwa1hK0w458MKTFRhk8QrFJro0EvZWUuFrLWGTwEBl9Uc
 j6VYtvDgHqBlwiZNQ/vrXVbPwR6/hF9fHCFpzTIhzP+4CtgD4e9C6Ayye5xiEOGjvL8m
 brkX8D178gXVFsLfDvUml84GPzNHUEMkwfKwf7fLpl3M2h2qpS0FQ7xJswvMhYjWa03Y
 XtGp0zstSaugariTpzt35F6a3IBitCkwevlI/QU9o9HhpmZAjQrfgarWl13auEozeBFZ
 pppg==
X-Gm-Message-State: AOJu0YwfAFKrvQSCt1/nTOLvVDcA5AVAvq5ZiytPmUfQMg6uffg7s4Dq
 vjmeSAkbqwylYaeuGpGdMAQ=
X-Google-Smtp-Source: AGHT+IEgXbjg1hEcS443pIUVn1Gz3clGHglbm+yLAdtBKJN0AGQLzqUcD0h3pLmn91E+ZDZr6OVvpg==
X-Received: by 2002:a05:600c:5118:b0:40b:2971:4b73 with SMTP id
 o24-20020a05600c511800b0040b29714b73mr10688901wms.2.1701186172234; 
 Tue, 28 Nov 2023 07:42:52 -0800 (PST)
Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id
 iv10-20020a05600c548a00b0040b4c7e1a65sm2630556wmb.13.2023.11.28.07.42.51
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Nov 2023 07:42:51 -0800 (PST)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 67072 <at> debbugs.gnu.org
Subject: Re: [bug#67072] [PATCH 4/4] weather: Report unauthorized substitute
 servers.
In-Reply-To: <dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
 <dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN>
Date: Tue, 28 Nov 2023 14:14:23 +0100
Message-ID: <87jzq2aukw.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>,
 Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
 Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

On Sat, 11 Nov 2023 at 12:06, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote:

> +  #:use-module (guix pki)

Looking at what it drags, I notice:

--8<---------------cut here---------------start------------->8---
(define* (authorized-key? key #:optional (acl (current-acl)))
  "Return #t if KEY (a canonical sexp) is an authorized public key for arch=
ive
imports according to ACL."
  ;; Note: ACL is kept in native sexp form to make 'authorized-key?' faster,
  ;; by not having to convert it with 'canonical-sexp->sexp' on each call.
  ;; TODO: We could use a better data type for ACLs.
  (let ((key (canonical-sexp->sexp key)))
    (match acl
      (('acl
        ('entry subject-keys
                ('tag ('guix 'import)))
        ...)
       (not (not (member key subject-keys))))
      (_
       (error "invalid access-control list" acl)))))
--8<---------------cut here---------------end--------------->8---

I know it is irrelevant with the patch at hand.  Maybe not. :-)

   1. Why this =E2=80=99(not (not=E2=80=99 ?

   2. When testing the patch, I have not done --sysconfdir=3D/etc and it
      was not able to find the correct ACL.  Somehow=E2=80=A6

> +(define (check-narinfo-authorization narinfo)
> +  "Print a warning when NARINFO is not signed by an authorized key."
> +  (unless (valid-narinfo? narinfo)

=E2=80=A6I entered in this part =E2=80=93 hence the look up (guix pki) ;-).=
  Well, my
mistake is hard to reproduce outside of Guix development tree but
=E2=80=99valid-narinfo?=E2=80=99 returns false for more cases than just
unauthorized-key.  Therefore, the hint could be misleading.

Since we are discussing about an helper, I would run =E2=80=99signature-cas=
e=E2=80=99
here in check-narinfo.  For example, if the case is 'unauthorized-key,
then I would check is %acl-file exists.  Maybe display the full
%acl-file explaining that the key is not in, etc.

Moreover, running =E2=80=9Cguix challenge coreutils=E2=80=9D does not warn =
about
anything; when I was expected the same warning as =E2=80=9Cguix weather=E2=
=80=9D.


Last, once sysconfig fixed, I get:

--8<---------------cut here---------------start------------->8---
guix weather: warning: could not determine current substitute URLs; using d=
efaults
computing 1 package derivations for x86_64-linux...
looking for 2 store items on https://ci.guix.gnu.org...
guix weather: error: open-file: Permission denied: "/etc/guix/acl"
--8<---------------cut here---------------end--------------->8---

Hum? Maybe I am doing something wrong=E2=80=A6  The file /etc/guix/acl has =
the
permission:

    -rw-------   1 root root   528  acl

Is it incorrect?  Well, if all are allowed to read (chmod a+r) then
there is not error.  And it displays the warning:

--8<---------------cut here---------------start------------->8---
guix weather: warning: could not determine current substitute URLs; using d=
efaults
--8<---------------cut here---------------end--------------->8---

And that=E2=80=99s because the daemon is not supporting the operation.  This
warning appears to me misleading: personally I think that I am
misconfigured something when that=E2=80=99s not the case.  Instead, I would
display:

    warning: using defaults substitute URLs


Cheers,
simon






Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 28 Nov 2023 15:43:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Nov 28 10:43:10 2023
Received: from localhost ([127.0.0.1]:47454 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r80Ew-0001a7-7O
	for submit <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:10 -0500
Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]:38165)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1r80Eq-0001Yy-95
 for 67072 <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:08 -0500
Received: by mail-wr1-x42d.google.com with SMTP id
 ffacd0b85a97d-332eac4dec4so845395f8f.1
 for <67072 <at> debbugs.gnu.org>; Tue, 28 Nov 2023 07:42:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1701186171; x=1701790971; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=nqqINKQ5Hotg4k0iiJeGhu8ydFKFwXi823J/9oE8fXw=;
 b=RVEJIqvHXZo0nY89d2bRDLouq9eZO4/QubJd5FbUIkFSLtAlbWuU8fOwpQubgxJRNk
 7GCTux64YslC1jvm70QPM3LHZoPlvfXBP5kFFFedCOxSOmUNoK4j74fPeb1+2Qqj9zhK
 DWm3dSksToo87XPpjMHrMWJ0kqmZ15IIQqho5bL8yhrKgNCrOIsqmaDvm1+2109W4WKv
 XpHxlzVU1fgtyQXDZF9lFMqvOUIVZhMBP0p54ydKVl77PJ+jd4jr2UIb24JkWGU+NLzn
 Bmt9OQM+LSGau6SjbQyXbEOG1l80W4usMaBcfzBc342Rt8zCjX+eahIXMzZSsdLQoMur
 yEMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1701186171; x=1701790971;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=nqqINKQ5Hotg4k0iiJeGhu8ydFKFwXi823J/9oE8fXw=;
 b=rviggfGXbGK8HvrsHEMdbwYfTdozK9wqFHGu3GID3tIoqNLKMks91SDx8S9HyhfP3h
 JhrzSdWXOlvQrw106PKvVN3Zy3GNNOTV/oTX/V0EBwi0E0eRbxnx9M3rZZ/BPeo20EcP
 XNl7TLdmnTpxn+6VwRMFOdEvtoQkObMyCH9926QN2dMB/CmR7WhKqgK87WpaqRCCBYpL
 ohfR0BQMTN4Ln5x9o9dYBpf29UAKu5O3JB+1v1acAcsg8qKsLYfx6YrzSmP8mNHnxbkm
 SASflluW2sYZED3enD+LBHRNJWUlNxhn3zv7WLTWTHA0m2XsF9hl0YmBR6NbhQmG3sae
 VpVw==
X-Gm-Message-State: AOJu0Yxziq7n8vUl4h8CbtVMmS441ZCkutqnSqSeVO/yCU+DI8McijvH
 RIROWmPXoKYQOV6vHrt9m5o=
X-Google-Smtp-Source: AGHT+IFKLuo8ewMIGkx2/91jGe3t2PUrrn3mA3lmKKskuv6CKmcWxoocbjTPEJSf/1z/MkVt9a/+Vg==
X-Received: by 2002:adf:b60d:0:b0:333:646:8d45 with SMTP id
 f13-20020adfb60d000000b0033306468d45mr3334935wre.0.1701186171429; 
 Tue, 28 Nov 2023 07:42:51 -0800 (PST)
Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id
 h4-20020adfa4c4000000b0032d8eecf901sm15431235wrb.3.2023.11.28.07.42.51
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 28 Nov 2023 07:42:51 -0800 (PST)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 67072 <at> debbugs.gnu.org
Subject: Re: [bug#67072] [PATCH 1/4] daemon: Implement =?utf-8?Q?=E2=80=98?=
 =?utf-8?Q?substitute-urls=E2=80=99?= RPC.
In-Reply-To: <6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
 <6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN>
Date: Tue, 28 Nov 2023 13:09:31 +0100
Message-ID: <87wmu2axl0.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hi, On Sat, 11 Nov 2023 at 12:06, Ludovic Courtès wrote:
   > -(test-skip (if %store 0 15)) > +(test-skip (if %store 0 18)) 
 
 Content analysis details:   (1.1 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider (zimon.toutoune[at]gmail.com)
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  1.1 DATE_IN_PAST_03_06     Date: is 3 to 6 hours before Received: date
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2a00:1450:4864:20:0:0:0:42d listed in]
                             [list.dnswl.org]
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>,
 Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
 Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.1 (/)

Hi,

On Sat, 11 Nov 2023 at 12:06, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote:

> -(test-skip (if %store 0 15))
> +(test-skip (if %store 0 18))

Out of curiosity, why 18?

Cheers,
simon




Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 27 Nov 2023 17:22:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 12:22:08 2023
Received: from localhost ([127.0.0.1]:44705 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r7fJ9-00064C-H6
	for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 12:22:07 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:18085)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@HIDDEN>) id 1r7fJ6-00063h-Vc
 for 67072 <at> debbugs.gnu.org; Mon, 27 Nov 2023 12:22:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
 h=from:to:cc:subject:in-reply-to:references:date:
 message-id:mime-version:content-transfer-encoding;
 bh=rfb6cajX6drq6xsEU89pll5tmA6MRS8/l0mxSYYavUk=;
 b=mEu6ZNtUlr7l9Wkiv9KOaL+lvolU8QoC0PTPBWodRBimJNAlFlxkVzIT
 8LoiQLterEbeIYUI/GQDNQfqU8oBwGytT9XjYnkSQT6joLFQsot1cpF58
 vXDgqbOU1CXN2yEeSo03oLxmZOa0R2g54F9MqDYp765SwbB337Z4FOCZV g=;
Authentication-Results: mail2-relais-roc.national.inria.fr;
 dkim=none (message not signed) header.i=none;
 spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
 dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.04,231,1695679200"; d="scan'208";a="138838655"
Received: from unknown (HELO ribbon) ([193.50.110.222])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Nov 2023 18:21:52 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN> ("Ludovic =?utf-8?Q?Court?=
 =?utf-8?Q?=C3=A8s=22's?= message
 of "Sat, 11 Nov 2023 12:03:06 +0100")
References: <cover.1699700049.git.ludo@HIDDEN>
Date: Mon, 27 Nov 2023 18:21:52 +0100
Message-ID: <87fs0rw1qn.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
 Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
 Emmanuel Agullo <emmanuel.agullo@HIDDEN>,
 Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello!

Comments or suggestions regarding this change?

  https://issues.guix.gnu.org/67072

If not I=E2=80=99d like to push it soon.

TIA.  :-)

Ludo=E2=80=99.

Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:

> Hello Guix!
>
> While discussing at the Reproducible Software Environments Workshop
> yesterday, Emmanuel Agullo and Simon Tournier suggested adding
> tools to help diagnose substitute setup issues: to see which
> substitutes URLs are being used and whether one of them is unauthorized.
>
> This is a step in that direction.  First =E2=80=98guix weather=E2=80=99 a=
nd =E2=80=98guix
> challenge=E2=80=99 now default to the same substitute URLs as guix-daemon
> (this was not the case until now because there was no way to get
> that information from the daemon).  Second =E2=80=98guix weather=E2=80=99=
 reports
> about unauthorized servers, like so:
>
> $ guix weather coreutils
> computing 1 package derivations for x86_64-linux...
> looking for 2 store items on https://ci.guix.gnu.org...
> guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are una=
uthorized
> hint: To authorize substitute download from `https://ci.guix.gnu.org', th=
e following command
> needs to be run as root:
>
>      guix archive --authorize <<EOF
>      (public-key=20
>       (ecc=20
>        (curve Ed25519)
>        (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B3=
94#)
>        )
>       )
>=20=20=20=20=20=20
>      EOF
>
> Alternatively, on Guix System, you can add the signing key above to the
> `authorized-keys' field of `guix-configuration'.
>
> See "Getting Substitutes from Other Servers" in the manual for more infor=
mation.
>
> https://ci.guix.gnu.org =E2=98=80
>   100.0% substitutes available (2 out of 2)
>   at least 19.3 MiB of nars (compressed)
>   25.3 MiB on disk (uncompressed)
> [=E2=80=A6]
>
> It turned out to be a low-hanging fruit!
>
> Thoughts?
>
> Ludo=E2=80=99.
>
> Ludovic Court=C3=A8s (4):
>   daemon: Implement =E2=80=98substitute-urls=E2=80=99 RPC.
>   challenge: Use the same substitute URLs as guix-daemon.
>   weather: Use the same substitute URLs as guix-daemon.
>   weather: Report unauthorized substitute servers.
>
>  doc/guix.texi                   | 26 ++++++++++++++++---
>  guix/scripts/challenge.scm      | 11 +++++---
>  guix/scripts/weather.scm        | 46 ++++++++++++++++++++++++++++++---
>  guix/store.scm                  | 18 ++++++++++---
>  nix/libstore/worker-protocol.hh |  5 ++--
>  nix/nix-daemon/nix-daemon.cc    | 17 ++++++++++++
>  tests/store.scm                 | 25 ++++++++++++++++--
>  7 files changed, 132 insertions(+), 16 deletions(-)
>
>
> base-commit: 08d94fe20eca47b69678b3eced8749dd02c700a4




Information forwarded to guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:32 2023
Received: from localhost ([127.0.0.1]:52181 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r1lwe-0005nJ-6Q
	for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44218)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1r1lwW-0005mS-Fv
 for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:27 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1r1lvm-00026F-Tx; Sat, 11 Nov 2023 06:13:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=JYxmPq7qUnbhn9Yked+Ngy4QvrZBH5qNKIkDrdZ2UcA=; b=UowlLCUAvCq1yZnNmgDq
 CtFBfRem5FFIiyyR6ER8AUpr4pt2cTNw9oojeO1tMSCMgCFvLHnO91opfyo4qf2MlLx5uygtbBxX5
 1LivVrXeMj8yV66cffbe+zZ8DUKmBQFa9t842TZZzwAazPwEi8Khi9ZROZDcIyL6rRqTfjdrMThFx
 uuAa+KB5XMQ81SW/vgWRCDRfPUl86Isz/KLZ47nhi2eOS3aL1yxL9QdE2qKkfCgDRKEDaN/CFno4y
 XQss1ENcmR5D1njGMh+nVSPyXuWj5XZrpCl2KV2pktxHUAYep3qgm/syWJZUPRtxgwk8Qk5pa7vs1
 oqMuS7MdmzRKMg==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 3/4] weather: Use the same substitute URLs as guix-daemon.
Date: Sat, 11 Nov 2023 12:06:25 +0100
Message-ID: <83a9b5b296b321d2be9fcd44391252c4efed7cff.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/scripts/weather.scm (%default-options): Remove ‘substitute-urls’.
(guix-weather): Call ‘substitute-urls’ when OPTS doesn’t have it.  Warn
when ‘substitute-urls’ returns #f.
* doc/guix.texi (Invoking guix weather): Adjust accordingly.

Change-Id: I3e9100074f2ad559e5c408660db70430d64f2bef
---
 doc/guix.texi            |  5 +++--
 guix/scripts/weather.scm | 12 +++++++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 9f06f1c325..028c4f3357 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16462,8 +16462,9 @@ Invoking guix weather
 @table @code
 @item --substitute-urls=@var{urls}
 @var{urls} is the space-separated list of substitute server URLs to
-query.  When this option is omitted, the default set of substitute
-servers is queried.
+query.  When this option is omitted, the URLs specified with the
+@option{--substitute-urls} option of @command{guix-daemon} are used or,
+as a last resort, the default set of substitute URLs.
 
 @item --system=@var{system}
 @itemx -s @var{system}
diff --git a/guix/scripts/weather.scm b/guix/scripts/weather.scm
index 140df3435f..7e302fcea7 100644
--- a/guix/scripts/weather.scm
+++ b/guix/scripts/weather.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017-2022 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2017-2023 Ludovic Courtès <ludo@HIDDEN>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@HIDDEN>
 ;;; Copyright © 2018 Kyle Meyer <kyle@HIDDEN>
 ;;; Copyright © 2020 Simon Tournier <zimon.toutoune@HIDDEN>
@@ -391,7 +391,7 @@ (define %options
          %standard-native-build-options))
 
 (define %default-options
-  `((substitute-urls . ,%default-substitute-urls)))
+  '())
 
 (define (load-manifest file)
   "Load the manifest from FILE and return the list of packages it refers to."
@@ -582,7 +582,13 @@ (define-command (guix-weather . args)
       (let* ((opts     (parse-command-line args %options
                                            (list %default-options)
                                            #:build-options? #f))
-             (urls     (assoc-ref opts 'substitute-urls))
+             (urls     (or (assoc-ref opts 'substitute-urls)
+                           (with-store store
+                             (substitute-urls store))
+                           (begin
+                             (warning (G_ "could not determine current \
+substitute URLs; using defaults~%"))
+                             %default-substitute-urls)))
              (systems  (match (filter-map (match-lambda
                                             (('system . system) system)
                                             (_ #f))
-- 
2.41.0





Information forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:32 2023
Received: from localhost ([127.0.0.1]:52179 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r1lwd-0005nD-ND
	for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44198)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1r1lwX-0005mV-Vl
 for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:27 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1r1lvo-00026c-Cp; Sat, 11 Nov 2023 06:13:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=zbPOgn0Gn1dj2q9Pg1kzalpGBjU4WdtZtoE0cpxLhMM=; b=CNTa7odlLznICJCLsvrE
 evMY4ShDWYsRBPHb0SSkLEaIRJfyYHotSLLVeIHjhsvyWs0crVhu6enwCTaMNgEdOkPp0ElTmXMVe
 9Yap4x52EtAxVh38HiSWYl9PAkRe4ZqjWRRcWQKt7LTYt8H3rY7tXRFBwOW5NDiJfxI4aLR8K3ATn
 CO5WMD9Hdz7PhZzEmYTtHA8R2IcDGee8415gaeUOj0ndSvYv9cihHwI7XqPuZDBKTqrFsRj1bMwFx
 fj2H80oQpKCRyRedECchjVrazzKgheZUyvriK/cSsLbgr6o2ZFeoSgpXMhMk07sx0urMMwBJK3c/k
 y1WYO6BtqKg0tA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 4/4] weather: Report unauthorized substitute servers.
Date: Sat, 11 Nov 2023 12:06:26 +0100
Message-ID: <dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

The goal is to make it easier to diagnose substitute
misconfiguration (where we’re passing a substitute URL whose
corresponding key is not authorized).

Suggested by Emmanuel Agullo.

* guix/scripts/weather.scm (check-narinfo-authorization): New procedure.
(report-server-coverage): Use it.
* doc/guix.texi (Invoking guix weather): Document it.
(Getting Substitutes from Other Servers): Add “Troubleshooting” frame.

Change-Id: I0a049c39eefb10d6a06634c8b16aa86902769791
---
 doc/guix.texi            | 21 ++++++++++++++++++++-
 guix/scripts/weather.scm | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 028c4f3357..45c3b7344f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4058,6 +4058,7 @@ Substitute Server Authorization
 
 @node Getting Substitutes from Other Servers
 @subsection Getting Substitutes from Other Servers
+@c Note: This section name appears in a hint printed by 'guix weather'.
 
 @cindex substitute servers, adding more
 Guix can look up and fetch substitutes from several servers.  This is
@@ -4157,6 +4158,21 @@ Getting Substitutes from Other Servers
 substitute lookup can be slowed down if too many servers need to be
 contacted.
 
+@quotation Troubleshooting
+To diagnose problems, you can run @command{guix weather}.  For example,
+running:
+
+@example
+guix weather coreutils
+@end example
+
+@noindent
+not only tells you which of the currently-configured servers has
+substitutes for the @code{coreutils} package, it also reports whether
+one of these servers is unauthorized.  @xref{Invoking guix weather}, for
+more information.
+@end quotation
+
 Note that there are also situations where one may want to add the URL of
 a substitute server @emph{without} authorizing its key.
 @xref{Substitute Authentication}, to understand this fine point.
@@ -16395,7 +16411,10 @@ Invoking guix weather
 specified servers so you can have an idea of whether you'll be grumpy
 today.  It can sometimes be useful info as a user, but it is primarily
 useful to people running @command{guix publish} (@pxref{Invoking guix
-publish}).
+publish}).  Sometimes substitutes @emph{are} available but they are not
+authorized on your system; @command{guix weather} reports it so you can
+authorize them if you want (@pxref{Getting Substitutes from Other
+Servers}).
 
 @cindex statistics, for substitutes
 @cindex availability of substitutes
diff --git a/guix/scripts/weather.scm b/guix/scripts/weather.scm
index 7e302fcea7..e7e5a75811 100644
--- a/guix/scripts/weather.scm
+++ b/guix/scripts/weather.scm
@@ -35,6 +35,8 @@ (define-module (guix scripts weather)
   #:use-module ((guix build utils) #:select (every*))
   #:use-module (guix substitutes)
   #:use-module (guix narinfo)
+  #:use-module (guix pki)
+  #:autoload   (gcrypt pk-crypto) (canonical-sexp->string)
   #:use-module (guix http-client)
   #:use-module (guix ci)
   #:use-module (guix sets)
@@ -185,6 +187,32 @@ (define (store-item-system store item)
     (()
      #f)))
 
+(define (check-narinfo-authorization narinfo)
+  "Print a warning when NARINFO is not signed by an authorized key."
+  (unless (valid-narinfo? narinfo)
+    (warning (G_ "substitutes from '~a' are unauthorized~%")
+             (narinfo-uri-base narinfo))
+    ;; The "all substitutes" below reflects the fact that, in reality, it *is*
+    ;; possible to download "unauthorized" substitutes, as long as they match
+    ;; authorized substitutes.
+    (display-hint (G_ "To authorize all substitutes from @uref{~a} to be
+downloaded, the following command needs to be run as root:
+
+@example
+guix archive --authorize <<EOF
+~a
+EOF
+@end example
+
+Alternatively, on Guix System, you can add the signing key above to the
+@code{authorized-keys} field of @code{guix-configuration}.
+
+See \"Getting Substitutes from Other Servers\" in the manual for more
+information.")
+                  (narinfo-uri-base narinfo)
+                  (canonical-sexp->string
+                   (signature-subject (narinfo-signature narinfo))))))
+
 (define* (report-server-coverage server items
                                  #:key display-missing?)
   "Report the subset of ITEMS available as substitutes on SERVER.
@@ -204,6 +232,12 @@ (define* (report-server-coverage server items
                     #:make-progress-reporter
                     (lambda* (total #:key url #:allow-other-keys)
                       (progress-reporter/bar total)))))
+    (match narinfos
+      (() #f)
+      ((narinfo . _)
+       ;; Help diagnose missing substitute authorizations.
+       (check-narinfo-authorization narinfo)))
+
     (let ((obtained  (length narinfos))
           (requested (length items))
           (missing   (lset-difference string=?
-- 
2.41.0





Information forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:31 2023
Received: from localhost ([127.0.0.1]:52177 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r1lwd-0005n9-BF
	for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:31 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44210)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1r1lwV-0005mQ-Jx
 for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:27 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1r1lvl-000266-M2; Sat, 11 Nov 2023 06:13:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=tr4GCLXY9vCKCXMkzWp2PiyLagQtaTOJotynNo9MsX0=; b=G45BJ+aNXEPFe0NTmCzN
 9lh2jvfg5Hofb90BrxHihju7vW2819mGhzXvaHgJUV82mPbV6XBO9KiEyjq4b8NV+tLbmJ8iaRhci
 W0FTMgZHoL05ijAFGdBGVYcf/YhzDeAKzXt2bxlrNYsA31m7G7H+atUFc7+c10OY2d2hQt/A2esvG
 4FVIMMVYwMVMIS5G6NTyyhGEqEZ/B7QpAlswboBv97Ob9dz68aq0Qxpete4HOMYpUdrceAXBXlhQf
 IkxkGDiBcK/tAcCH3Rnw4ZrC2WUrDz1tWWz8o5b90ffSCIDb5wejIcqfFgpnjEsD6pfvAaP98V5Cb
 eXX+iir77/uTEw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 2/4] challenge: Use the same substitute URLs as guix-daemon.
Date: Sat, 11 Nov 2023 12:06:24 +0100
Message-ID: <9ff92e8db2d452552712ec53b095ac74a070bc23.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* guix/scripts/challenge.scm (%default-options): Remove ‘substitute-urls’.
(guix-challenge): Call ‘substitute-urls’ when OPTS doesn’t have it.  Warn
when ‘substitute-urls’ returns #f.

Change-Id: I49be0e89404c1889970a3430967fbb3498d35d99
---
 guix/scripts/challenge.scm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/guix/scripts/challenge.scm b/guix/scripts/challenge.scm
index 01e2f9a2b2..d38171b868 100644
--- a/guix/scripts/challenge.scm
+++ b/guix/scripts/challenge.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015-2017, 2019-2022 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2015-2017, 2019-2023 Ludovic Courtès <ludo@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -504,7 +504,6 @@ (define %options
 
 (define %default-options
   `((system . ,(%current-system))
-    (substitute-urls . ,%default-substitute-urls)
     (difference-report . ,report-differing-files)))
 
 
@@ -539,7 +538,13 @@ (define-command (guix-challenge . args)
                             (G_ "no arguments specified, nothing to do~%"))
                            (exit 0))
                           (x
-                           files))))
+                           files)))
+                 (urls (or urls
+                           (substitute-urls store)
+                           (begin
+                             (warning (G_ "could not determine current \
+substitute URLs; using defaults~%"))
+                             %default-substitute-urls))))
              (set-build-options store
                                 #:use-substitutes? #f)
 
-- 
2.41.0





Information forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at 67072 <at> debbugs.gnu.org:


Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:28 2023
Received: from localhost ([127.0.0.1]:52175 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r1lwZ-0005mz-Qh
	for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:28 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44194)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1r1lwU-0005mP-R7
 for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:26 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1r1lvk-00025r-DX; Sat, 11 Nov 2023 06:13:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
 From; bh=vMkh5C3ITAbYbJg+zrJaPIcm3yJ3i9tj9YvrYjFzorY=; b=lUU4wu7A3ioF1HFXX3NU
 xvE7Mz6Mt4kmvGRYn/w4noLK0S77y7lXlfVP+XQ6PkHozh2IJzeCD5pwOlhgNWSW8QKnGNFSL1GNR
 3dvJVCNLjvZ5nVpT87V0EjmNDPu0o5V8aR2N6CItOzP9xlNCMTVIONSv8stz9gHK6D0bDoV/ikXaM
 ZCzFa6gyGk8Q9niI/mLN9r60mlTv4ovho9FIUg/m0aKgAAXIcz8ztJH4jc2mAv9PiDjQ9oLhIQ+tT
 dMPgK9a789Uhrmn+W/3eqY6IeF6B4yq0P/E4cDUx+ohn3Fu4eyVi64nPI8PtBb7yRhRe3eVHfShJG
 BLNq/XNGvisXww==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 1/4] =?UTF-8?q?daemon:=20Implement=20=E2=80=98substitute-u?=
 =?UTF-8?q?rls=E2=80=99=20RPC.?=
Date: Sat, 11 Nov 2023 12:06:23 +0100
Message-ID: <6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump.
(WorkerOp): Add ‘wopSubstituteURLs’.
* nix/nix-daemon/nix-daemon.cc (performOp): Implement it.
* guix/store.scm (%protocol-version): Bump.
(operation-id): Add ‘substitute-urls’.
(substitute-urls): New procedure.
* tests/store.scm ("substitute-urls, default")
("substitute-urls, client-specified URLs")
("substitute-urls, disabled"): New tests.

Change-Id: I2c0119500c3a1eecfa5ebf32463ffb0f173161de
---
 guix/store.scm                  | 18 +++++++++++++++---
 nix/libstore/worker-protocol.hh |  5 +++--
 nix/nix-daemon/nix-daemon.cc    | 17 +++++++++++++++++
 tests/store.scm                 | 25 +++++++++++++++++++++++--
 4 files changed, 58 insertions(+), 7 deletions(-)

diff --git a/guix/store.scm b/guix/store.scm
index f8e77b2cd9..97c4f32a5b 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012-2022 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2012-2023 Ludovic Courtès <ludo@HIDDEN>
 ;;; Copyright © 2018 Jan Nieuwenhuizen <janneke@HIDDEN>
 ;;; Copyright © 2019, 2020 Mathieu Othacehe <m.othacehe@HIDDEN>
 ;;; Copyright © 2020 Florian Pelz <pelzflorian@HIDDEN>
@@ -145,6 +145,7 @@ (define-module (guix store)
             path-info-nar-size
 
             built-in-builders
+            substitute-urls
             references
             references/cached
             references*
@@ -199,7 +200,7 @@ (define-module (guix store)
             derivation-log-file
             log-file))
 
-(define %protocol-version #x163)
+(define %protocol-version #x164)
 
 (define %worker-magic-1 #x6e697863)               ; "nixc"
 (define %worker-magic-2 #x6478696f)               ; "dxio"
@@ -253,7 +254,8 @@ (define-enumerate-type operation-id
   (query-valid-derivers 33)
   (optimize-store 34)
   (verify-store 35)
-  (built-in-builders 80))
+  (built-in-builders 80)
+  (substitute-urls 81))
 
 (define-enumerate-type hash-algo
   ;; hash.hh
@@ -1780,6 +1782,16 @@ (define-operation (clear-failed-paths (store-path-list items))
 This makes sense only when the daemon was started with '--cache-failures'."
   boolean)
 
+(define substitute-urls
+  (let ((urls (operation (substitute-urls)
+                         #f
+                         string-list)))
+    (lambda (store)
+      "Return the list of currently configured substitutes URLs for STORE, or
+#f if the daemon is too old and does not implement this RPC."
+      (and (>= (store-connection-version store) #x164)
+           (urls store)))))
+
 
 ;;;
 ;;; Per-connection caches.
diff --git a/nix/libstore/worker-protocol.hh b/nix/libstore/worker-protocol.hh
index ea67b10a5b..ef259db2a0 100644
--- a/nix/libstore/worker-protocol.hh
+++ b/nix/libstore/worker-protocol.hh
@@ -6,7 +6,7 @@ namespace nix {
 #define WORKER_MAGIC_1 0x6e697863
 #define WORKER_MAGIC_2 0x6478696f
 
-#define PROTOCOL_VERSION 0x163
+#define PROTOCOL_VERSION 0x164
 #define GET_PROTOCOL_MAJOR(x) ((x) & 0xff00)
 #define GET_PROTOCOL_MINOR(x) ((x) & 0x00ff)
 
@@ -44,7 +44,8 @@ typedef enum {
     wopQueryValidDerivers = 33,
     wopOptimiseStore = 34,
     wopVerifyStore = 35,
-    wopBuiltinBuilders = 80
+    wopBuiltinBuilders = 80,
+    wopSubstituteURLs = 81
 } WorkerOp;
 
 
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 497de11a04..4cb05c802e 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -736,6 +736,23 @@ static void performOp(bool trusted, unsigned int clientVersion,
 	break;
     }
 
+    case wopSubstituteURLs: {
+	startWork();
+	Strings urls;
+	if (settings.get("build-use-substitutes", std::string("false")) == "true") {
+	    /* First check the client-provided substitute URLs, then those
+	       passed to the daemon.  */
+	    auto str = settings.get("untrusted-substitute-urls",  std::string(""));
+	    if (str.empty()) {
+		str = settings.get("substitute-urls",  std::string(""));
+	    }
+	    urls = tokenizeString<Strings>(str);
+	}
+	stopWork();
+	writeStrings(urls, to);
+	break;
+    }
+
     default:
         throw Error(format("invalid operation %1%") % op);
     }
diff --git a/tests/store.scm b/tests/store.scm
index 5df28adf0d..45948f4f43 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2012-2021, 2023 Ludovic Courtès <ludo@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -105,7 +105,28 @@ (define %shell
               "/283gqy39v3g9dxjy26rynl0zls82fmcg-guile-2.0.7/bin/guile")))
        (not (direct-store-path? (%store-prefix)))))
 
-(test-skip (if %store 0 15))
+(test-skip (if %store 0 18))
+
+(test-equal "substitute-urls, default"
+  (list (getenv "GUIX_BINARY_SUBSTITUTE_URL"))
+  (with-store store
+    (set-build-options store #:use-substitutes? #t)
+    (substitute-urls store)))
+
+(test-equal "substitute-urls, client-specified URLs"
+  '("http://substitutes.example.org"
+    "http://other.example.org")
+  (with-store store
+    (set-build-options store #:use-substitutes? #t
+                       #:substitute-urls '("http://substitutes.example.org"
+                                           "http://other.example.org"))
+    (substitute-urls store)))
+
+(test-equal "substitute-urls, disabled"
+  '()
+  (with-store store
+    (set-build-options store #:use-substitutes? #f)
+    (substitute-urls store)))
 
 (test-equal "profiles/per-user exists and is not writable"
   #o755
-- 
2.41.0





Information forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 11 Nov 2023 11:04:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:04:13 2023
Received: from localhost ([127.0.0.1]:52157 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1r1lme-0005W0-Id
	for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:04:12 -0500
Received: from lists.gnu.org ([2001:470:142::17]:60092)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1r1lmc-0005Vk-93
 for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:04:10 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1r1lls-0008EH-F7
 for guix-patches@HIDDEN; Sat, 11 Nov 2023 06:03:24 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1r1llq-00038h-If; Sat, 11 Nov 2023 06:03:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=p6oIne+FWo7I8Huwd0+cmYTIlGJwC0Ju9pg2YgnBIqc=; b=r3P9iBCbKRNaK3
 cNaFP2nlnAiQomDeHAp3Xq3tRuGJuc49xDLNQsw0oQ4UJyVMimQseQWw9rECWtbv6oinLpYUHbjhw
 Id6IxRRhxQDpsIeiWD5s/N8etJMCCgmrHPT+EeqTuyicKjvZAEV50I/err84UlUaZyMpq2BfVzuD1
 cHUEkThrxJzYIhhxVvSFdaxMltuzkTMNfhbpF/kNrxD5+F/TmvDCzsEGSgjtTh9y8AsaLL/N+iShj
 WEVf8Rxe9j9FY3JHJyRKuGIuswlsvf/jfgQqxu8Ss07CfSycV/CDVi9txDCCoyJSjmz0kaGxj1EBe
 FfK/guoTnlaf1y+jwLcw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/4] Helping diagnose substitute setup issues
Date: Sat, 11 Nov 2023 12:03:06 +0100
Message-ID: <cover.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: submit
Cc: Emmanuel Agullo <emmanuel.agullo@HIDDEN>,
 =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>,
 Simon Tournier <zimon.toutoune@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hello Guix!

While discussing at the Reproducible Software Environments Workshop
yesterday, Emmanuel Agullo and Simon Tournier suggested adding
tools to help diagnose substitute setup issues: to see which
substitutes URLs are being used and whether one of them is unauthorized.

This is a step in that direction.  First ‘guix weather’ and ‘guix
challenge’ now default to the same substitute URLs as guix-daemon
(this was not the case until now because there was no way to get
that information from the daemon).  Second ‘guix weather’ reports
about unauthorized servers, like so:

--8<---------------cut here---------------start------------->8---
$ guix weather coreutils
computing 1 package derivations for x86_64-linux...
looking for 2 store items on https://ci.guix.gnu.org...
guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are unauthorized
hint: To authorize substitute download from `https://ci.guix.gnu.org', the following command
needs to be run as root:

     guix archive --authorize <<EOF
     (public-key 
      (ecc 
       (curve Ed25519)
       (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)
       )
      )
     
     EOF

Alternatively, on Guix System, you can add the signing key above to the
`authorized-keys' field of `guix-configuration'.

See "Getting Substitutes from Other Servers" in the manual for more information.

https://ci.guix.gnu.org ☀
  100.0% substitutes available (2 out of 2)
  at least 19.3 MiB of nars (compressed)
  25.3 MiB on disk (uncompressed)
[…]
--8<---------------cut here---------------end--------------->8---

It turned out to be a low-hanging fruit!

Thoughts?

Ludo’.

Ludovic Courtès (4):
  daemon: Implement ‘substitute-urls’ RPC.
  challenge: Use the same substitute URLs as guix-daemon.
  weather: Use the same substitute URLs as guix-daemon.
  weather: Report unauthorized substitute servers.

 doc/guix.texi                   | 26 ++++++++++++++++---
 guix/scripts/challenge.scm      | 11 +++++---
 guix/scripts/weather.scm        | 46 ++++++++++++++++++++++++++++++---
 guix/store.scm                  | 18 ++++++++++---
 nix/libstore/worker-protocol.hh |  5 ++--
 nix/nix-daemon/nix-daemon.cc    | 17 ++++++++++++
 tests/store.scm                 | 25 ++++++++++++++++--
 7 files changed, 132 insertions(+), 16 deletions(-)


base-commit: 08d94fe20eca47b69678b3eced8749dd02c700a4
-- 
2.41.0





Acknowledgement sent to Ludovic Courtès <ludo@HIDDEN>:
New bug report received and forwarded. Copy sent to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN. Full text available.
Report forwarded to guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:
bug#67072; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Sat, 2 Dec 2023 10:30:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.