Received: (at 67072) by debbugs.gnu.org; 2 Dec 2023 10:20:41 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 02 05:20:41 2023 Received: from localhost ([127.0.0.1]:56675 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r9N72-0008OY-PY for submit <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:20:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:44188) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1r9N71-0008OL-5Q for 67072 <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:20:40 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1r9N6m-0000VV-6Y; Sat, 02 Dec 2023 05:20:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=xFV4M9ozn7C4FQBVtXCuOj+dgx/9RsktD4629JAJHNw=; b=SYtfC3vpRZ082vJtON1+ xYO5yHzsRP5KqTcNcQkfq+1XXxoH+U3f3WipP73e0Y4vvSvtWPUbVgTG7Mp7JNnlR+KgqCVHi+rpM kaUYHpdK1bmva+h/B/+ulN2ZRxUmdNpbCHH5Jz/J63z2I7qdiegroTq5GEbGVs6ex36ldrrAY3L7d wiZPouo0+xXrXmPGxtwer516yvgSHFVjHpuQmUWNNl8EU7vxkzTVfWC/0DvQXnFupMHT9u10mLJu/ 29+7/qQtf4fVNKExd4+FwLZMski/jDy70o0cp0mXFwcL+79D1XoVAcYTPBezbt8L68L/i81j9c1tu K0TZZggyB4f5gw==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Simon Tournier <zimon.toutoune@HIDDEN> Subject: Re: [bug#67072] [PATCH 4/4] weather: Report unauthorized substitute servers. In-Reply-To: <87jzq2aukw.fsf@HIDDEN> (Simon Tournier's message of "Tue, 28 Nov 2023 14:14:23 +0100") References: <cover.1699700049.git.ludo@HIDDEN> <dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN> <87jzq2aukw.fsf@HIDDEN> Date: Sat, 02 Dec 2023 11:20:21 +0100 Message-ID: <875y1gj47u.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 67072 Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org, Mathieu Othacehe <othacehe@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Simon, Simon Tournier <zimon.toutoune@HIDDEN> skribis: > I know it is irrelevant with the patch at hand. Maybe not. :-) > > 1. Why this =E2=80=99(not (not=E2=80=99 ? This ensures the result is a Boolean. [...] >> +(define (check-narinfo-authorization narinfo) >> + "Print a warning when NARINFO is not signed by an authorized key." >> + (unless (valid-narinfo? narinfo) > > =E2=80=A6I entered in this part =E2=80=93 hence the look up (guix pki) ;-= ). Well, my > mistake is hard to reproduce outside of Guix development tree but > =E2=80=99valid-narinfo?=E2=80=99 returns false for more cases than just > unauthorized-key. Therefore, the hint could be misleading. It=E2=80=99s true that =E2=80=98valid-narinfo?=E2=80=99 catches more cases,= but the other cases where it returns #f are situations where the substitute server is bogus. So I chose to favor conciseness here. > Since we are discussing about an helper, I would run =E2=80=99signature-c= ase=E2=80=99 > here in check-narinfo. For example, if the case is 'unauthorized-key, > then I would check is %acl-file exists. Maybe display the full > %acl-file explaining that the key is not in, etc. Right, checking for =E2=80=98%acl-file=E2=80=99 is a good idea; I wouldn=E2= =80=99t display its contents though because that=E2=80=99d be intimidating and unhelpful IMO. > Moreover, running =E2=80=9Cguix challenge coreutils=E2=80=9D does not war= n about > anything [=E2=80=A6] That=E2=80=99s on purpose: --8<---------------cut here---------------start------------->8--- (define (compare-contents items servers) "Challenge the substitute servers whose URLs are listed in SERVERS by comparing the hash of the substitutes of ITEMS that they serve. Return the list of <comparison-report> objects. This procedure does not authenticate narinfos from SERVERS, nor does it ver= ify that they are signed by an authorized public keys. The reason is that, by definition, we may want to target unknown servers. Furthermore, no risk is taken since we do not import the archives." --8<---------------cut here---------------end--------------->8--- > guix weather: warning: could not determine current substitute URLs; using= defaults > computing 1 package derivations for x86_64-linux... > looking for 2 store items on https://ci.guix.gnu.org... > guix weather: error: open-file: Permission denied: "/etc/guix/acl" Uh, it should be able to deal with it gracefully. > Hum? Maybe I am doing something wrong=E2=80=A6 The file /etc/guix/acl ha= s the > permission: > > -rw------- 1 root root 528 acl It=E2=80=99s normally world-readable. > Is it incorrect? Well, if all are allowed to read (chmod a+r) then > there is not error. And it displays the warning: > > guix weather: warning: could not determine current substitute URLs; using= defaults > > And that=E2=80=99s because the daemon is not supporting the operation. T= his > warning appears to me misleading: personally I think that I am > misconfigured something when that=E2=80=99s not the case. Instead, I wou= ld > display: > > warning: using defaults substitute URLs Yes, good idea. I=E2=80=99ll send v2 soonish. Thanks for your feedback! Ludo=E2=80=99.
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.Received: (at 67072) by debbugs.gnu.org; 2 Dec 2023 10:13:38 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 02 05:13:38 2023 Received: from localhost ([127.0.0.1]:56670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r9N0D-0005bf-Rj for submit <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:13:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:44734) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1r9N0C-0005bT-Vc for 67072 <at> debbugs.gnu.org; Sat, 02 Dec 2023 05:13:37 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1r9Mzx-0005C0-Px; Sat, 02 Dec 2023 05:13:21 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=XGgebZfztG8smuDQDZoYA9xRXVVsGv/OdXpC7rsaZeE=; b=fL8c/1UsYopz5V1TTIKE K4P2IWzpTTQY/Lqe7cSvJBeyKhXjU1cGSi/SKETsdc77v9ciC82/jzKz1HZPIt3+E/KLUi4wIQK+V /B5EdoKJvDKd7PQh9DP/jVApUTyanbp3TdbGsWrGHQSN41JVjH8T7gHTyENOIwTRIUq5oihbSuFgp qvsfoudG1uysEEJdxQ/AOoiOI9dPQ3KxwhhF5DfAcVFod4tsBRL+wepgNGJCtYaHC8Gy4+AVO93+f w7DEftkJFWeVNVeTn5z1gBIlstb4+figoNp3F1hhOXUhg6OjbJ0JcfHsTPG9QVsLjqrvNuZcIGrKf 8ohQD7V3BRnS+Q==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: Simon Tournier <zimon.toutoune@HIDDEN> Subject: Re: [bug#67072] [PATCH 1/4] daemon: Implement =?utf-8?Q?=E2=80=98?= =?utf-8?Q?substitute-urls=E2=80=99?= RPC. In-Reply-To: <87wmu2axl0.fsf@HIDDEN> (Simon Tournier's message of "Tue, 28 Nov 2023 13:09:31 +0100") References: <cover.1699700049.git.ludo@HIDDEN> <6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN> <87wmu2axl0.fsf@HIDDEN> Date: Sat, 02 Dec 2023 11:13:18 +0100 Message-ID: <87cyvoj4jl.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 67072 Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org, Mathieu Othacehe <othacehe@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Simon Tournier <zimon.toutoune@HIDDEN> skribis: > On Sat, 11 Nov 2023 at 12:06, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote: > >> -(test-skip (if %store 0 15)) >> +(test-skip (if %store 0 18)) > > Out of curiosity, why 18? Because we=E2=80=99re adding 3 tests. (Now, the count might be off, and we=E2=80=99re never running those tests without a running daemon anyway=E2=80=A6) Ludo=E2=80=99.
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.Received: (at 67072) by debbugs.gnu.org; 30 Nov 2023 10:29:09 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 30 05:29:09 2023 Received: from localhost ([127.0.0.1]:52353 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r8eI8-0003cs-OL for submit <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:29:08 -0500 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:21158) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludovic.courtes@HIDDEN>) id 1r8eI6-0003cG-Ta for 67072 <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:29:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:cc:subject:in-reply-to:references:date: message-id:mime-version:content-transfer-encoding; bh=5zEzoUHqqA7GvxXKuQWLiSZElMvhrS+vMtHQDcigMHk=; b=iF0fYoK7mgwoMjM1P/B45L41NkXu2YqbRiT0LjwRCjwsEzlbEuz/mFLa X6MysJ5WGnMvXbsN7U0+HU2ggXEZzEnEIquxbEy/8T/u9bxoIw+cfiZuK yYawgRwIz0Sx0VVaSzEnPunp4oTC8/bM9dDqBB1ubrwy823jOXeoVczqa Q=; Authentication-Results: mail3-relais-sop.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="6.04,237,1695679200"; d="scan'208";a="73025669" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Nov 2023 11:28:52 +0100 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN> To: Emmanuel Agullo <emmanuel.agullo@HIDDEN> Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues In-Reply-To: <1046719309.20527433.1701339117643.JavaMail.zimbra@HIDDEN> (Emmanuel Agullo's message of "Thu, 30 Nov 2023 11:11:57 +0100 (CET)") References: <cover.1699700049.git.ludo@HIDDEN> <87fs0rw1qn.fsf@HIDDEN> <1046719309.20527433.1701339117643.JavaMail.zimbra@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: =?utf-8?Q?D=C3=A9cadi?= 10 Frimaire an 232 de la =?utf-8?Q?R=C3=A9volution=2C?= jour de la Pioche X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 30 Nov 2023 11:28:51 +0100 Message-ID: <87plzro7q4.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 67072 Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org, zimoun <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi Emmanuel, Emmanuel Agullo <emmanuel.agullo@HIDDEN> skribis: >>> First =E2=80=98guix weather=E2=80=99 and =E2=80=98guix >>> challenge=E2=80=99 now default to the same substitute URLs as guix-daem= on >>> (this was not the case until now because there was no way to get >>> that information from the daemon). > > This is excellent. I was not aware of the difference. > >>> Second =E2=80=98guix weather=E2=80=99 reports about unauthorized serve= rs > > I guess it should help a lot! > >>> If not I=E2=80=99d like to push it soon. > > As best as I can read, green light for me. I'll be pleased to test > it once pushed. Awesome, thanks for your feedback! Ludo=E2=80=99.
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.Received: (at 67072) by debbugs.gnu.org; 30 Nov 2023 10:12:14 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Nov 30 05:12:14 2023 Received: from localhost ([127.0.0.1]:52336 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r8e1m-000383-Cj for submit <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:12:14 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:45471) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <emmanuel.agullo@HIDDEN>) id 1r8e1k-00037j-8R for 67072 <at> debbugs.gnu.org; Thu, 30 Nov 2023 05:12:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=date:from:to:cc:message-id:in-reply-to:references: subject:mime-version:content-transfer-encoding; bh=7+xoG+7h6y2hRGXv3Lben4ncvDY5BV3ylfN4F5+SYGk=; b=HMac0j3VO1ssd41WgnOoxyT8k4xElsttShuOyGFkRW+CuoGnn4WMkQBQ YGRJcKls8EyOq169rK+sHZV3w/Q3+1VvHr+NhT9vQcArE4aVATu2f04jF s47yWIq/p3TKZaR+xf//o/Y0fwYnHabKtUJoYIsZwlFLeIKjmEZmyqKCG c=; Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=Pass smtp.mailfrom=emmanuel.agullo@HIDDEN; spf=None smtp.helo=postmaster@HIDDEN Received-SPF: Pass (mail2-relais-roc.national.inria.fr: domain of emmanuel.agullo@HIDDEN designates 128.93.142.31 as permitted sender) identity=mailfrom; client-ip=128.93.142.31; receiver=mail2-relais-roc.national.inria.fr; envelope-from="emmanuel.agullo@HIDDEN"; x-sender="emmanuel.agullo@HIDDEN"; x-conformance=spf_only; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:128.93.142.0/24 ip4:192.134.164.0/24 ip4:128.93.162.160 ip4:89.107.174.7 mx ~all" Received-SPF: None (mail2-relais-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@HIDDEN) identity=helo; client-ip=128.93.142.31; receiver=mail2-relais-roc.national.inria.fr; envelope-from="emmanuel.agullo@HIDDEN"; x-sender="postmaster@HIDDEN"; x-conformance=spf_only X-IronPort-AV: E=Sophos;i="6.04,237,1695679200"; d="scan'208";a="139393847" X-MGA-submission: =?us-ascii?q?MDHk6x2saLvcK0dkCIPh2UFc5iM1Z6VyRzCssI?= =?us-ascii?q?b6klhd6rfyON9bmRfjG3pzdxH74xhsPymNEJx54UJ431zer+oHdYdjza?= =?us-ascii?q?KBzEKt+YrecHSbAtNpcH6aw2fnzHp0CcWxPoAT548jpH/yBwyf6BN5hU?= =?us-ascii?q?Zj/Nzo9lY/KprQ0po5ObWfSg=3D=3D?= Received: from zcs-store4.inria.fr ([128.93.142.31]) by mail2-relais-roc.national.inria.fr with ESMTP; 30 Nov 2023 11:11:59 +0100 Date: Thu, 30 Nov 2023 11:11:57 +0100 (CET) From: Emmanuel Agullo <emmanuel.agullo@HIDDEN> To: Ludovic Courtes <ludovic.courtes@HIDDEN> Message-ID: <1046719309.20527433.1701339117643.JavaMail.zimbra@HIDDEN> In-Reply-To: <87fs0rw1qn.fsf@HIDDEN> References: <cover.1699700049.git.ludo@HIDDEN> <87fs0rw1qn.fsf@HIDDEN> Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Originating-IP: [193.50.110.54] X-Mailer: Zimbra 8.8.15_GA_4562 (ZimbraWebClient - FF118 (Linux)/8.8.15_GA_4570) Thread-Topic: Helping diagnose substitute setup issues Thread-Index: hJ/dSgtQUKESC+05sB5OqpA3O7NCZA== X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 67072 Cc: Josselin Poiret <dev@HIDDEN>, 67072 <at> debbugs.gnu.org, zimoun <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Christopher Baines <guix@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hello Ludo, hello Simon, hello Guix, First of all thank you Ludo for the patch. Indeed, it would be great one can check the substitutes are set up as expected. >> First =E2=80=98guix weather=E2=80=99 and =E2=80=98guix >> challenge=E2=80=99 now default to the same substitute URLs as guix-daemo= n >> (this was not the case until now because there was no way to get >> that information from the daemon). This is excellent. I was not aware of the difference. >> Second =E2=80=98guix weather=E2=80=99 reports about unauthorized server= s I guess it should help a lot! >> If not I=E2=80=99d like to push it soon. As best as I can read, green light for me. I'll be pleased to test it once pushed. Thanks again! Best, Manu
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.Received: (at 67072) by debbugs.gnu.org; 28 Nov 2023 15:43:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Nov 28 10:43:11 2023 Received: from localhost ([127.0.0.1]:47458 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r80Ex-0001aM-0g for submit <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:11 -0500 Received: from mail-wr1-x429.google.com ([2a00:1450:4864:20::429]:38941) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <zimon.toutoune@HIDDEN>) id 1r80Er-0001Z1-LN for 67072 <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:08 -0500 Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-32f831087c6so1493318f8f.0 for <67072 <at> debbugs.gnu.org>; Tue, 28 Nov 2023 07:42:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701186173; x=1701790973; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8q6uBYMRq27GVhyjl/MVqpvKcBgKFyJC7ETz2syWFD4=; b=bUBCwwVf9gpnMkTrYfPyObsMfQj2W85+vUdOeL/GgJNdtyj3Vuru3vRjT3ZiQKUauR GZ3YFCq2ERN5IKMBHKRv14OfDrzP19VFfG7e3VnrhoI2JFLo4eGaWUtdzLrKe1c3ByqF jOhEPdkc0N0f+Eg+TO9ed1PjvrR5p/XgA9MPWbI4tACDIz0zIN32/bFb58fHSG0kYTUa zAOKPr0HQuZr+znzAwl1Rm84KSiIptIgFIb0QvG4DzlKthiusFB+aq4H5hYkeqPh5i7k YADuY0knVX2CZKvsNsW2gtJ7A3BKINAClkJLKDVkIVT7konTT9ZzpNnjB1Pw2n6VNQzm FRhg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701186173; x=1701790973; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8q6uBYMRq27GVhyjl/MVqpvKcBgKFyJC7ETz2syWFD4=; b=Re+Skk9/R3fGRq9Q7xHuBV7MK1MMFinhbe0zdBY9+ApPyA1y+vjzsLEVejORbW6zQ5 2sM6ErbpMZwSsVARywv6ieyP6zmAxCk/rv5pBsyVkV3GRPs5w2a7fZVohwpV2TnnIaig b+pptU+/Ky40MwQuLlzaIoV6z1DNPmXDvkYtHoN3bzgpRKwS5uIDs+DMp5ZFKIqfmhhW jnQ8eQkBX2Kwu7bV/OUtxeB9TZPs/llWGsAWvHA7l0mqz1QTMqDm1dTMdWxeLCb+kfh9 Mk3bXZosYpQozbG6sk05yPhLLaTu2hOtWxad7KL0xdGxCIjK5V2SOieks3R9HiHWRbEz nPAg== X-Gm-Message-State: AOJu0YyGqcS2XUSJxmSinGWQSEq7wFcMBujLcQ0i789uLojjWPcvvPnf KGSuRbUgxeW3pxxKK5N2hdw= X-Google-Smtp-Source: AGHT+IG9Kn3Z+pIJt6iRkDvOCRnjqwmmArn28iEytgfGa+IOwSukIRMZEl8NssR3ORBVryF4przWHQ== X-Received: by 2002:a5d:4612:0:b0:332:fbce:89ec with SMTP id t18-20020a5d4612000000b00332fbce89ecmr5471707wrq.7.1701186173011; Tue, 28 Nov 2023 07:42:53 -0800 (PST) Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id e25-20020a5d5959000000b00332eb96cb73sm11907593wri.73.2023.11.28.07.42.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 07:42:52 -0800 (PST) From: Simon Tournier <zimon.toutoune@HIDDEN> To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>, 67072 <at> debbugs.gnu.org Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues In-Reply-To: <87fs0rw1qn.fsf@HIDDEN> References: <cover.1699700049.git.ludo@HIDDEN> <87fs0rw1qn.fsf@HIDDEN> Date: Tue, 28 Nov 2023 14:17:22 +0100 Message-ID: <87edgaaufx.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 67072 Cc: Josselin Poiret <dev@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Emmanuel Agullo <emmanuel.agullo@HIDDEN>, Christopher Baines <guix@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi Ludo, Sorry for the delay. On Mon, 27 Nov 2023 at 18:21, Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN= r> wrote: > Comments or suggestions regarding this change? > > https://issues.guix.gnu.org/67072 Cool! Well, I did some minor comments about =E2=80=9Cguix weather=E2=80=9D. I ha= ve not checked the =E2=80=9Cguix challenge=E2=80=9D counter-part. Maybe later thi= s week. :-) Cheers, simon
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at 67072) by debbugs.gnu.org; 28 Nov 2023 15:43:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Nov 28 10:43:11 2023
Received: from localhost ([127.0.0.1]:47456 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r80Ew-0001aE-Hx
for submit <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:10 -0500
Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]:38935)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <zimon.toutoune@HIDDEN>) id 1r80Er-0001Z0-71
for 67072 <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:08 -0500
Received: by mail-wm1-x336.google.com with SMTP id
5b1f17b1804b1-40b36e721fcso2171815e9.0
for <67072 <at> debbugs.gnu.org>; Tue, 28 Nov 2023 07:42:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1701186172; x=1701790972; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:message-id:date:references
:in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
:reply-to; bh=ITBcPpgkD+5KoF6/FY+d1dIVj5AtvbX9sVCIHLhlbIM=;
b=Du+Shy8+FU9wsaDjx9fnkseMNDtbVW0Hnii/wquYD4pZI5q+D2bQzeFnvBDR6Rzs7y
28QUKek+tsALLTp227qf0Mt0qnIhY2AKGuc86Vlm5TXMl2zOJEm/pl8NGNW9vDR6p21F
lylBYLuoVTIsw0nLl/Ctl+M1JHDWfnANiUkIASO8tY/E3jIhG68TTQaPuOvpKiXN2399
yNweSWGNfvXxT87pCSXw/Mp9HmURtEl7hc2og6EbeZQMxMUaI79Jx4029lj9UFV1SU6O
N0NQXW2L/CIXGdZ2q7nP7h9v4FKmz73IOPn5uaWyvDXkgwEf1TcyKgQ14LXKdvHxLs9A
eDbw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1701186172; x=1701790972;
h=content-transfer-encoding:mime-version:message-id:date:references
:in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=ITBcPpgkD+5KoF6/FY+d1dIVj5AtvbX9sVCIHLhlbIM=;
b=aaFMm2GlINk8n1Fq0W/bg7L0KQ3lBWctsumUImHU4Jirwglo8KAqPNHD6JVOSU8ove
85vtck7hagrvDcAtUY3AkUhFwa1hK0w458MKTFRhk8QrFJro0EvZWUuFrLWGTwEBl9Uc
j6VYtvDgHqBlwiZNQ/vrXVbPwR6/hF9fHCFpzTIhzP+4CtgD4e9C6Ayye5xiEOGjvL8m
brkX8D178gXVFsLfDvUml84GPzNHUEMkwfKwf7fLpl3M2h2qpS0FQ7xJswvMhYjWa03Y
XtGp0zstSaugariTpzt35F6a3IBitCkwevlI/QU9o9HhpmZAjQrfgarWl13auEozeBFZ
pppg==
X-Gm-Message-State: AOJu0YwfAFKrvQSCt1/nTOLvVDcA5AVAvq5ZiytPmUfQMg6uffg7s4Dq
vjmeSAkbqwylYaeuGpGdMAQ=
X-Google-Smtp-Source: AGHT+IEgXbjg1hEcS443pIUVn1Gz3clGHglbm+yLAdtBKJN0AGQLzqUcD0h3pLmn91E+ZDZr6OVvpg==
X-Received: by 2002:a05:600c:5118:b0:40b:2971:4b73 with SMTP id
o24-20020a05600c511800b0040b29714b73mr10688901wms.2.1701186172234;
Tue, 28 Nov 2023 07:42:52 -0800 (PST)
Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id
iv10-20020a05600c548a00b0040b4c7e1a65sm2630556wmb.13.2023.11.28.07.42.51
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 28 Nov 2023 07:42:51 -0800 (PST)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 67072 <at> debbugs.gnu.org
Subject: Re: [bug#67072] [PATCH 4/4] weather: Report unauthorized substitute
servers.
In-Reply-To: <dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
<dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN>
Date: Tue, 28 Nov 2023 14:14:23 +0100
Message-ID: <87jzq2aukw.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>,
Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi,
On Sat, 11 Nov 2023 at 12:06, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote:
> + #:use-module (guix pki)
Looking at what it drags, I notice:
--8<---------------cut here---------------start------------->8---
(define* (authorized-key? key #:optional (acl (current-acl)))
"Return #t if KEY (a canonical sexp) is an authorized public key for arch=
ive
imports according to ACL."
;; Note: ACL is kept in native sexp form to make 'authorized-key?' faster,
;; by not having to convert it with 'canonical-sexp->sexp' on each call.
;; TODO: We could use a better data type for ACLs.
(let ((key (canonical-sexp->sexp key)))
(match acl
(('acl
('entry subject-keys
('tag ('guix 'import)))
...)
(not (not (member key subject-keys))))
(_
(error "invalid access-control list" acl)))))
--8<---------------cut here---------------end--------------->8---
I know it is irrelevant with the patch at hand. Maybe not. :-)
1. Why this =E2=80=99(not (not=E2=80=99 ?
2. When testing the patch, I have not done --sysconfdir=3D/etc and it
was not able to find the correct ACL. Somehow=E2=80=A6
> +(define (check-narinfo-authorization narinfo)
> + "Print a warning when NARINFO is not signed by an authorized key."
> + (unless (valid-narinfo? narinfo)
=E2=80=A6I entered in this part =E2=80=93 hence the look up (guix pki) ;-).=
Well, my
mistake is hard to reproduce outside of Guix development tree but
=E2=80=99valid-narinfo?=E2=80=99 returns false for more cases than just
unauthorized-key. Therefore, the hint could be misleading.
Since we are discussing about an helper, I would run =E2=80=99signature-cas=
e=E2=80=99
here in check-narinfo. For example, if the case is 'unauthorized-key,
then I would check is %acl-file exists. Maybe display the full
%acl-file explaining that the key is not in, etc.
Moreover, running =E2=80=9Cguix challenge coreutils=E2=80=9D does not warn =
about
anything; when I was expected the same warning as =E2=80=9Cguix weather=E2=
=80=9D.
Last, once sysconfig fixed, I get:
--8<---------------cut here---------------start------------->8---
guix weather: warning: could not determine current substitute URLs; using d=
efaults
computing 1 package derivations for x86_64-linux...
looking for 2 store items on https://ci.guix.gnu.org...
guix weather: error: open-file: Permission denied: "/etc/guix/acl"
--8<---------------cut here---------------end--------------->8---
Hum? Maybe I am doing something wrong=E2=80=A6 The file /etc/guix/acl has =
the
permission:
-rw------- 1 root root 528 acl
Is it incorrect? Well, if all are allowed to read (chmod a+r) then
there is not error. And it displays the warning:
--8<---------------cut here---------------start------------->8---
guix weather: warning: could not determine current substitute URLs; using d=
efaults
--8<---------------cut here---------------end--------------->8---
And that=E2=80=99s because the daemon is not supporting the operation. This
warning appears to me misleading: personally I think that I am
misconfigured something when that=E2=80=99s not the case. Instead, I would
display:
warning: using defaults substitute URLs
Cheers,
simon
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at 67072) by debbugs.gnu.org; 28 Nov 2023 15:43:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Nov 28 10:43:10 2023
Received: from localhost ([127.0.0.1]:47454 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r80Ew-0001a7-7O
for submit <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:10 -0500
Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]:38165)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <zimon.toutoune@HIDDEN>) id 1r80Eq-0001Yy-95
for 67072 <at> debbugs.gnu.org; Tue, 28 Nov 2023 10:43:08 -0500
Received: by mail-wr1-x42d.google.com with SMTP id
ffacd0b85a97d-332eac4dec4so845395f8f.1
for <67072 <at> debbugs.gnu.org>; Tue, 28 Nov 2023 07:42:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1701186171; x=1701790971; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:message-id:date:references
:in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
:reply-to; bh=nqqINKQ5Hotg4k0iiJeGhu8ydFKFwXi823J/9oE8fXw=;
b=RVEJIqvHXZo0nY89d2bRDLouq9eZO4/QubJd5FbUIkFSLtAlbWuU8fOwpQubgxJRNk
7GCTux64YslC1jvm70QPM3LHZoPlvfXBP5kFFFedCOxSOmUNoK4j74fPeb1+2Qqj9zhK
DWm3dSksToo87XPpjMHrMWJ0kqmZ15IIQqho5bL8yhrKgNCrOIsqmaDvm1+2109W4WKv
XpHxlzVU1fgtyQXDZF9lFMqvOUIVZhMBP0p54ydKVl77PJ+jd4jr2UIb24JkWGU+NLzn
Bmt9OQM+LSGau6SjbQyXbEOG1l80W4usMaBcfzBc342Rt8zCjX+eahIXMzZSsdLQoMur
yEMg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1701186171; x=1701790971;
h=content-transfer-encoding:mime-version:message-id:date:references
:in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=nqqINKQ5Hotg4k0iiJeGhu8ydFKFwXi823J/9oE8fXw=;
b=rviggfGXbGK8HvrsHEMdbwYfTdozK9wqFHGu3GID3tIoqNLKMks91SDx8S9HyhfP3h
JhrzSdWXOlvQrw106PKvVN3Zy3GNNOTV/oTX/V0EBwi0E0eRbxnx9M3rZZ/BPeo20EcP
XNl7TLdmnTpxn+6VwRMFOdEvtoQkObMyCH9926QN2dMB/CmR7WhKqgK87WpaqRCCBYpL
ohfR0BQMTN4Ln5x9o9dYBpf29UAKu5O3JB+1v1acAcsg8qKsLYfx6YrzSmP8mNHnxbkm
SASflluW2sYZED3enD+LBHRNJWUlNxhn3zv7WLTWTHA0m2XsF9hl0YmBR6NbhQmG3sae
VpVw==
X-Gm-Message-State: AOJu0Yxziq7n8vUl4h8CbtVMmS441ZCkutqnSqSeVO/yCU+DI8McijvH
RIROWmPXoKYQOV6vHrt9m5o=
X-Google-Smtp-Source: AGHT+IFKLuo8ewMIGkx2/91jGe3t2PUrrn3mA3lmKKskuv6CKmcWxoocbjTPEJSf/1z/MkVt9a/+Vg==
X-Received: by 2002:adf:b60d:0:b0:333:646:8d45 with SMTP id
f13-20020adfb60d000000b0033306468d45mr3334935wre.0.1701186171429;
Tue, 28 Nov 2023 07:42:51 -0800 (PST)
Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id
h4-20020adfa4c4000000b0032d8eecf901sm15431235wrb.3.2023.11.28.07.42.51
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 28 Nov 2023 07:42:51 -0800 (PST)
From: Simon Tournier <zimon.toutoune@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 67072 <at> debbugs.gnu.org
Subject: Re: [bug#67072] [PATCH 1/4] daemon: Implement =?utf-8?Q?=E2=80=98?=
=?utf-8?Q?substitute-urls=E2=80=99?= RPC.
In-Reply-To: <6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
<6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN>
Date: Tue, 28 Nov 2023 13:09:31 +0100
Message-ID: <87wmu2axl0.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi, On Sat, 11 Nov 2023 at 12:06, Ludovic Courtès wrote:
> -(test-skip (if %store 0 15)) > +(test-skip (if %store 0 18))
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider (zimon.toutoune[at]gmail.com)
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2a00:1450:4864:20:0:0:0:42d listed in]
[list.dnswl.org]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>,
Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.1 (/)
Hi,
On Sat, 11 Nov 2023 at 12:06, Ludovic Court=C3=A8s <ludo@HIDDEN> wrote:
> -(test-skip (if %store 0 15))
> +(test-skip (if %store 0 18))
Out of curiosity, why 18?
Cheers,
simon
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at 67072) by debbugs.gnu.org; 27 Nov 2023 17:22:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Nov 27 12:22:08 2023
Received: from localhost ([127.0.0.1]:44705 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r7fJ9-00064C-H6
for submit <at> debbugs.gnu.org; Mon, 27 Nov 2023 12:22:07 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:18085)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1r7fJ6-00063h-Vc
for 67072 <at> debbugs.gnu.org; Mon, 27 Nov 2023 12:22:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
h=from:to:cc:subject:in-reply-to:references:date:
message-id:mime-version:content-transfer-encoding;
bh=rfb6cajX6drq6xsEU89pll5tmA6MRS8/l0mxSYYavUk=;
b=mEu6ZNtUlr7l9Wkiv9KOaL+lvolU8QoC0PTPBWodRBimJNAlFlxkVzIT
8LoiQLterEbeIYUI/GQDNQfqU8oBwGytT9XjYnkSQT6joLFQsot1cpF58
vXDgqbOU1CXN2yEeSo03oLxmZOa0R2g54F9MqDYp765SwbB337Z4FOCZV g=;
Authentication-Results: mail2-relais-roc.national.inria.fr;
dkim=none (message not signed) header.i=none;
spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.04,231,1695679200"; d="scan'208";a="138838655"
Received: from unknown (HELO ribbon) ([193.50.110.222])
by mail2-relais-roc.national.inria.fr with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Nov 2023 18:21:52 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: Re: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN> ("Ludovic =?utf-8?Q?Court?=
=?utf-8?Q?=C3=A8s=22's?= message
of "Sat, 11 Nov 2023 12:03:06 +0100")
References: <cover.1699700049.git.ludo@HIDDEN>
Date: Mon, 27 Nov 2023 18:21:52 +0100
Message-ID: <87fs0rw1qn.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: Josselin Poiret <dev@HIDDEN>,
Simon Tournier <zimon.toutoune@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>,
Tobias Geerinckx-Rice <me@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>,
Emmanuel Agullo <emmanuel.agullo@HIDDEN>,
Christopher Baines <guix@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hello!
Comments or suggestions regarding this change?
https://issues.guix.gnu.org/67072
If not I=E2=80=99d like to push it soon.
TIA. :-)
Ludo=E2=80=99.
Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:
> Hello Guix!
>
> While discussing at the Reproducible Software Environments Workshop
> yesterday, Emmanuel Agullo and Simon Tournier suggested adding
> tools to help diagnose substitute setup issues: to see which
> substitutes URLs are being used and whether one of them is unauthorized.
>
> This is a step in that direction. First =E2=80=98guix weather=E2=80=99 a=
nd =E2=80=98guix
> challenge=E2=80=99 now default to the same substitute URLs as guix-daemon
> (this was not the case until now because there was no way to get
> that information from the daemon). Second =E2=80=98guix weather=E2=80=99=
reports
> about unauthorized servers, like so:
>
> $ guix weather coreutils
> computing 1 package derivations for x86_64-linux...
> looking for 2 store items on https://ci.guix.gnu.org...
> guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are una=
uthorized
> hint: To authorize substitute download from `https://ci.guix.gnu.org', th=
e following command
> needs to be run as root:
>
> guix archive --authorize <<EOF
> (public-key=20
> (ecc=20
> (curve Ed25519)
> (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B3=
94#)
> )
> )
>=20=20=20=20=20=20
> EOF
>
> Alternatively, on Guix System, you can add the signing key above to the
> `authorized-keys' field of `guix-configuration'.
>
> See "Getting Substitutes from Other Servers" in the manual for more infor=
mation.
>
> https://ci.guix.gnu.org =E2=98=80
> 100.0% substitutes available (2 out of 2)
> at least 19.3 MiB of nars (compressed)
> 25.3 MiB on disk (uncompressed)
> [=E2=80=A6]
>
> It turned out to be a low-hanging fruit!
>
> Thoughts?
>
> Ludo=E2=80=99.
>
> Ludovic Court=C3=A8s (4):
> daemon: Implement =E2=80=98substitute-urls=E2=80=99 RPC.
> challenge: Use the same substitute URLs as guix-daemon.
> weather: Use the same substitute URLs as guix-daemon.
> weather: Report unauthorized substitute servers.
>
> doc/guix.texi | 26 ++++++++++++++++---
> guix/scripts/challenge.scm | 11 +++++---
> guix/scripts/weather.scm | 46 ++++++++++++++++++++++++++++++---
> guix/store.scm | 18 ++++++++++---
> nix/libstore/worker-protocol.hh | 5 ++--
> nix/nix-daemon/nix-daemon.cc | 17 ++++++++++++
> tests/store.scm | 25 ++++++++++++++++--
> 7 files changed, 132 insertions(+), 16 deletions(-)
>
>
> base-commit: 08d94fe20eca47b69678b3eced8749dd02c700a4
guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:32 2023
Received: from localhost ([127.0.0.1]:52181 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r1lwe-0005nJ-6Q
for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44218)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1r1lwW-0005mS-Fv
for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:27 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1r1lvm-00026F-Tx; Sat, 11 Nov 2023 06:13:38 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=JYxmPq7qUnbhn9Yked+Ngy4QvrZBH5qNKIkDrdZ2UcA=; b=UowlLCUAvCq1yZnNmgDq
CtFBfRem5FFIiyyR6ER8AUpr4pt2cTNw9oojeO1tMSCMgCFvLHnO91opfyo4qf2MlLx5uygtbBxX5
1LivVrXeMj8yV66cffbe+zZ8DUKmBQFa9t842TZZzwAazPwEi8Khi9ZROZDcIyL6rRqTfjdrMThFx
uuAa+KB5XMQ81SW/vgWRCDRfPUl86Isz/KLZ47nhi2eOS3aL1yxL9QdE2qKkfCgDRKEDaN/CFno4y
XQss1ENcmR5D1njGMh+nVSPyXuWj5XZrpCl2KV2pktxHUAYep3qgm/syWJZUPRtxgwk8Qk5pa7vs1
oqMuS7MdmzRKMg==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 3/4] weather: Use the same substitute URLs as guix-daemon.
Date: Sat, 11 Nov 2023 12:06:25 +0100
Message-ID: <83a9b5b296b321d2be9fcd44391252c4efed7cff.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* guix/scripts/weather.scm (%default-options): Remove ‘substitute-urls’.
(guix-weather): Call ‘substitute-urls’ when OPTS doesn’t have it. Warn
when ‘substitute-urls’ returns #f.
* doc/guix.texi (Invoking guix weather): Adjust accordingly.
Change-Id: I3e9100074f2ad559e5c408660db70430d64f2bef
---
doc/guix.texi | 5 +++--
guix/scripts/weather.scm | 12 +++++++++---
2 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 9f06f1c325..028c4f3357 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -16462,8 +16462,9 @@ Invoking guix weather
@table @code
@item --substitute-urls=@var{urls}
@var{urls} is the space-separated list of substitute server URLs to
-query. When this option is omitted, the default set of substitute
-servers is queried.
+query. When this option is omitted, the URLs specified with the
+@option{--substitute-urls} option of @command{guix-daemon} are used or,
+as a last resort, the default set of substitute URLs.
@item --system=@var{system}
@itemx -s @var{system}
diff --git a/guix/scripts/weather.scm b/guix/scripts/weather.scm
index 140df3435f..7e302fcea7 100644
--- a/guix/scripts/weather.scm
+++ b/guix/scripts/weather.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017-2022 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2017-2023 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2017 Ricardo Wurmus <rekado@HIDDEN>
;;; Copyright © 2018 Kyle Meyer <kyle@HIDDEN>
;;; Copyright © 2020 Simon Tournier <zimon.toutoune@HIDDEN>
@@ -391,7 +391,7 @@ (define %options
%standard-native-build-options))
(define %default-options
- `((substitute-urls . ,%default-substitute-urls)))
+ '())
(define (load-manifest file)
"Load the manifest from FILE and return the list of packages it refers to."
@@ -582,7 +582,13 @@ (define-command (guix-weather . args)
(let* ((opts (parse-command-line args %options
(list %default-options)
#:build-options? #f))
- (urls (assoc-ref opts 'substitute-urls))
+ (urls (or (assoc-ref opts 'substitute-urls)
+ (with-store store
+ (substitute-urls store))
+ (begin
+ (warning (G_ "could not determine current \
+substitute URLs; using defaults~%"))
+ %default-substitute-urls)))
(systems (match (filter-map (match-lambda
(('system . system) system)
(_ #f))
--
2.41.0
guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:32 2023
Received: from localhost ([127.0.0.1]:52179 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r1lwd-0005nD-ND
for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:32 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44198)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1r1lwX-0005mV-Vl
for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:27 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1r1lvo-00026c-Cp; Sat, 11 Nov 2023 06:13:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=zbPOgn0Gn1dj2q9Pg1kzalpGBjU4WdtZtoE0cpxLhMM=; b=CNTa7odlLznICJCLsvrE
evMY4ShDWYsRBPHb0SSkLEaIRJfyYHotSLLVeIHjhsvyWs0crVhu6enwCTaMNgEdOkPp0ElTmXMVe
9Yap4x52EtAxVh38HiSWYl9PAkRe4ZqjWRRcWQKt7LTYt8H3rY7tXRFBwOW5NDiJfxI4aLR8K3ATn
CO5WMD9Hdz7PhZzEmYTtHA8R2IcDGee8415gaeUOj0ndSvYv9cihHwI7XqPuZDBKTqrFsRj1bMwFx
fj2H80oQpKCRyRedECchjVrazzKgheZUyvriK/cSsLbgr6o2ZFeoSgpXMhMk07sx0urMMwBJK3c/k
y1WYO6BtqKg0tA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 4/4] weather: Report unauthorized substitute servers.
Date: Sat, 11 Nov 2023 12:06:26 +0100
Message-ID: <dc56e185b21eb0b3f4711e100d5e64c0aa2adc55.1699700050.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
The goal is to make it easier to diagnose substitute
misconfiguration (where we’re passing a substitute URL whose
corresponding key is not authorized).
Suggested by Emmanuel Agullo.
* guix/scripts/weather.scm (check-narinfo-authorization): New procedure.
(report-server-coverage): Use it.
* doc/guix.texi (Invoking guix weather): Document it.
(Getting Substitutes from Other Servers): Add “Troubleshooting” frame.
Change-Id: I0a049c39eefb10d6a06634c8b16aa86902769791
---
doc/guix.texi | 21 ++++++++++++++++++++-
guix/scripts/weather.scm | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 028c4f3357..45c3b7344f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4058,6 +4058,7 @@ Substitute Server Authorization
@node Getting Substitutes from Other Servers
@subsection Getting Substitutes from Other Servers
+@c Note: This section name appears in a hint printed by 'guix weather'.
@cindex substitute servers, adding more
Guix can look up and fetch substitutes from several servers. This is
@@ -4157,6 +4158,21 @@ Getting Substitutes from Other Servers
substitute lookup can be slowed down if too many servers need to be
contacted.
+@quotation Troubleshooting
+To diagnose problems, you can run @command{guix weather}. For example,
+running:
+
+@example
+guix weather coreutils
+@end example
+
+@noindent
+not only tells you which of the currently-configured servers has
+substitutes for the @code{coreutils} package, it also reports whether
+one of these servers is unauthorized. @xref{Invoking guix weather}, for
+more information.
+@end quotation
+
Note that there are also situations where one may want to add the URL of
a substitute server @emph{without} authorizing its key.
@xref{Substitute Authentication}, to understand this fine point.
@@ -16395,7 +16411,10 @@ Invoking guix weather
specified servers so you can have an idea of whether you'll be grumpy
today. It can sometimes be useful info as a user, but it is primarily
useful to people running @command{guix publish} (@pxref{Invoking guix
-publish}).
+publish}). Sometimes substitutes @emph{are} available but they are not
+authorized on your system; @command{guix weather} reports it so you can
+authorize them if you want (@pxref{Getting Substitutes from Other
+Servers}).
@cindex statistics, for substitutes
@cindex availability of substitutes
diff --git a/guix/scripts/weather.scm b/guix/scripts/weather.scm
index 7e302fcea7..e7e5a75811 100644
--- a/guix/scripts/weather.scm
+++ b/guix/scripts/weather.scm
@@ -35,6 +35,8 @@ (define-module (guix scripts weather)
#:use-module ((guix build utils) #:select (every*))
#:use-module (guix substitutes)
#:use-module (guix narinfo)
+ #:use-module (guix pki)
+ #:autoload (gcrypt pk-crypto) (canonical-sexp->string)
#:use-module (guix http-client)
#:use-module (guix ci)
#:use-module (guix sets)
@@ -185,6 +187,32 @@ (define (store-item-system store item)
(()
#f)))
+(define (check-narinfo-authorization narinfo)
+ "Print a warning when NARINFO is not signed by an authorized key."
+ (unless (valid-narinfo? narinfo)
+ (warning (G_ "substitutes from '~a' are unauthorized~%")
+ (narinfo-uri-base narinfo))
+ ;; The "all substitutes" below reflects the fact that, in reality, it *is*
+ ;; possible to download "unauthorized" substitutes, as long as they match
+ ;; authorized substitutes.
+ (display-hint (G_ "To authorize all substitutes from @uref{~a} to be
+downloaded, the following command needs to be run as root:
+
+@example
+guix archive --authorize <<EOF
+~a
+EOF
+@end example
+
+Alternatively, on Guix System, you can add the signing key above to the
+@code{authorized-keys} field of @code{guix-configuration}.
+
+See \"Getting Substitutes from Other Servers\" in the manual for more
+information.")
+ (narinfo-uri-base narinfo)
+ (canonical-sexp->string
+ (signature-subject (narinfo-signature narinfo))))))
+
(define* (report-server-coverage server items
#:key display-missing?)
"Report the subset of ITEMS available as substitutes on SERVER.
@@ -204,6 +232,12 @@ (define* (report-server-coverage server items
#:make-progress-reporter
(lambda* (total #:key url #:allow-other-keys)
(progress-reporter/bar total)))))
+ (match narinfos
+ (() #f)
+ ((narinfo . _)
+ ;; Help diagnose missing substitute authorizations.
+ (check-narinfo-authorization narinfo)))
+
(let ((obtained (length narinfos))
(requested (length items))
(missing (lset-difference string=?
--
2.41.0
guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:31 2023
Received: from localhost ([127.0.0.1]:52177 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r1lwd-0005n9-BF
for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:31 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44210)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1r1lwV-0005mQ-Jx
for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:27 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1r1lvl-000266-M2; Sat, 11 Nov 2023 06:13:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=tr4GCLXY9vCKCXMkzWp2PiyLagQtaTOJotynNo9MsX0=; b=G45BJ+aNXEPFe0NTmCzN
9lh2jvfg5Hofb90BrxHihju7vW2819mGhzXvaHgJUV82mPbV6XBO9KiEyjq4b8NV+tLbmJ8iaRhci
W0FTMgZHoL05ijAFGdBGVYcf/YhzDeAKzXt2bxlrNYsA31m7G7H+atUFc7+c10OY2d2hQt/A2esvG
4FVIMMVYwMVMIS5G6NTyyhGEqEZ/B7QpAlswboBv97Ob9dz68aq0Qxpete4HOMYpUdrceAXBXlhQf
IkxkGDiBcK/tAcCH3Rnw4ZrC2WUrDz1tWWz8o5b90ffSCIDb5wejIcqfFgpnjEsD6pfvAaP98V5Cb
eXX+iir77/uTEw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 2/4] challenge: Use the same substitute URLs as guix-daemon.
Date: Sat, 11 Nov 2023 12:06:24 +0100
Message-ID: <9ff92e8db2d452552712ec53b095ac74a070bc23.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* guix/scripts/challenge.scm (%default-options): Remove ‘substitute-urls’.
(guix-challenge): Call ‘substitute-urls’ when OPTS doesn’t have it. Warn
when ‘substitute-urls’ returns #f.
Change-Id: I49be0e89404c1889970a3430967fbb3498d35d99
---
guix/scripts/challenge.scm | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/guix/scripts/challenge.scm b/guix/scripts/challenge.scm
index 01e2f9a2b2..d38171b868 100644
--- a/guix/scripts/challenge.scm
+++ b/guix/scripts/challenge.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015-2017, 2019-2022 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2015-2017, 2019-2023 Ludovic Courtès <ludo@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -504,7 +504,6 @@ (define %options
(define %default-options
`((system . ,(%current-system))
- (substitute-urls . ,%default-substitute-urls)
(difference-report . ,report-differing-files)))
@@ -539,7 +538,13 @@ (define-command (guix-challenge . args)
(G_ "no arguments specified, nothing to do~%"))
(exit 0))
(x
- files))))
+ files)))
+ (urls (or urls
+ (substitute-urls store)
+ (begin
+ (warning (G_ "could not determine current \
+substitute URLs; using defaults~%"))
+ %default-substitute-urls))))
(set-build-options store
#:use-substitutes? #f)
--
2.41.0
guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at 67072) by debbugs.gnu.org; 11 Nov 2023 11:14:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:14:28 2023
Received: from localhost ([127.0.0.1]:52175 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r1lwZ-0005mz-Qh
for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:28 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:44194)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1r1lwU-0005mP-R7
for 67072 <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:14:26 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1r1lvk-00025r-DX; Sat, 11 Nov 2023 06:13:36 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=vMkh5C3ITAbYbJg+zrJaPIcm3yJ3i9tj9YvrYjFzorY=; b=lUU4wu7A3ioF1HFXX3NU
xvE7Mz6Mt4kmvGRYn/w4noLK0S77y7lXlfVP+XQ6PkHozh2IJzeCD5pwOlhgNWSW8QKnGNFSL1GNR
3dvJVCNLjvZ5nVpT87V0EjmNDPu0o5V8aR2N6CItOzP9xlNCMTVIONSv8stz9gHK6D0bDoV/ikXaM
ZCzFa6gyGk8Q9niI/mLN9r60mlTv4ovho9FIUg/m0aKgAAXIcz8ztJH4jc2mAv9PiDjQ9oLhIQ+tT
dMPgK9a789Uhrmn+W/3eqY6IeF6B4yq0P/E4cDUx+ohn3Fu4eyVi64nPI8PtBb7yRhRe3eVHfShJG
BLNq/XNGvisXww==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 67072 <at> debbugs.gnu.org
Subject: [PATCH 1/4] =?UTF-8?q?daemon:=20Implement=20=E2=80=98substitute-u?=
=?UTF-8?q?rls=E2=80=99=20RPC.?=
Date: Sat, 11 Nov 2023 12:06:23 +0100
Message-ID: <6ea1497c61199f29f816640c3f6923f3b57d0bbf.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <cover.1699700049.git.ludo@HIDDEN>
References: <cover.1699700049.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 67072
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump.
(WorkerOp): Add ‘wopSubstituteURLs’.
* nix/nix-daemon/nix-daemon.cc (performOp): Implement it.
* guix/store.scm (%protocol-version): Bump.
(operation-id): Add ‘substitute-urls’.
(substitute-urls): New procedure.
* tests/store.scm ("substitute-urls, default")
("substitute-urls, client-specified URLs")
("substitute-urls, disabled"): New tests.
Change-Id: I2c0119500c3a1eecfa5ebf32463ffb0f173161de
---
guix/store.scm | 18 +++++++++++++++---
nix/libstore/worker-protocol.hh | 5 +++--
nix/nix-daemon/nix-daemon.cc | 17 +++++++++++++++++
tests/store.scm | 25 +++++++++++++++++++++++--
4 files changed, 58 insertions(+), 7 deletions(-)
diff --git a/guix/store.scm b/guix/store.scm
index f8e77b2cd9..97c4f32a5b 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012-2022 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2012-2023 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2018 Jan Nieuwenhuizen <janneke@HIDDEN>
;;; Copyright © 2019, 2020 Mathieu Othacehe <m.othacehe@HIDDEN>
;;; Copyright © 2020 Florian Pelz <pelzflorian@HIDDEN>
@@ -145,6 +145,7 @@ (define-module (guix store)
path-info-nar-size
built-in-builders
+ substitute-urls
references
references/cached
references*
@@ -199,7 +200,7 @@ (define-module (guix store)
derivation-log-file
log-file))
-(define %protocol-version #x163)
+(define %protocol-version #x164)
(define %worker-magic-1 #x6e697863) ; "nixc"
(define %worker-magic-2 #x6478696f) ; "dxio"
@@ -253,7 +254,8 @@ (define-enumerate-type operation-id
(query-valid-derivers 33)
(optimize-store 34)
(verify-store 35)
- (built-in-builders 80))
+ (built-in-builders 80)
+ (substitute-urls 81))
(define-enumerate-type hash-algo
;; hash.hh
@@ -1780,6 +1782,16 @@ (define-operation (clear-failed-paths (store-path-list items))
This makes sense only when the daemon was started with '--cache-failures'."
boolean)
+(define substitute-urls
+ (let ((urls (operation (substitute-urls)
+ #f
+ string-list)))
+ (lambda (store)
+ "Return the list of currently configured substitutes URLs for STORE, or
+#f if the daemon is too old and does not implement this RPC."
+ (and (>= (store-connection-version store) #x164)
+ (urls store)))))
+
;;;
;;; Per-connection caches.
diff --git a/nix/libstore/worker-protocol.hh b/nix/libstore/worker-protocol.hh
index ea67b10a5b..ef259db2a0 100644
--- a/nix/libstore/worker-protocol.hh
+++ b/nix/libstore/worker-protocol.hh
@@ -6,7 +6,7 @@ namespace nix {
#define WORKER_MAGIC_1 0x6e697863
#define WORKER_MAGIC_2 0x6478696f
-#define PROTOCOL_VERSION 0x163
+#define PROTOCOL_VERSION 0x164
#define GET_PROTOCOL_MAJOR(x) ((x) & 0xff00)
#define GET_PROTOCOL_MINOR(x) ((x) & 0x00ff)
@@ -44,7 +44,8 @@ typedef enum {
wopQueryValidDerivers = 33,
wopOptimiseStore = 34,
wopVerifyStore = 35,
- wopBuiltinBuilders = 80
+ wopBuiltinBuilders = 80,
+ wopSubstituteURLs = 81
} WorkerOp;
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 497de11a04..4cb05c802e 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -736,6 +736,23 @@ static void performOp(bool trusted, unsigned int clientVersion,
break;
}
+ case wopSubstituteURLs: {
+ startWork();
+ Strings urls;
+ if (settings.get("build-use-substitutes", std::string("false")) == "true") {
+ /* First check the client-provided substitute URLs, then those
+ passed to the daemon. */
+ auto str = settings.get("untrusted-substitute-urls", std::string(""));
+ if (str.empty()) {
+ str = settings.get("substitute-urls", std::string(""));
+ }
+ urls = tokenizeString<Strings>(str);
+ }
+ stopWork();
+ writeStrings(urls, to);
+ break;
+ }
+
default:
throw Error(format("invalid operation %1%") % op);
}
diff --git a/tests/store.scm b/tests/store.scm
index 5df28adf0d..45948f4f43 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2012-2021, 2023 Ludovic Courtès <ludo@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -105,7 +105,28 @@ (define %shell
"/283gqy39v3g9dxjy26rynl0zls82fmcg-guile-2.0.7/bin/guile")))
(not (direct-store-path? (%store-prefix)))))
-(test-skip (if %store 0 15))
+(test-skip (if %store 0 18))
+
+(test-equal "substitute-urls, default"
+ (list (getenv "GUIX_BINARY_SUBSTITUTE_URL"))
+ (with-store store
+ (set-build-options store #:use-substitutes? #t)
+ (substitute-urls store)))
+
+(test-equal "substitute-urls, client-specified URLs"
+ '("http://substitutes.example.org"
+ "http://other.example.org")
+ (with-store store
+ (set-build-options store #:use-substitutes? #t
+ #:substitute-urls '("http://substitutes.example.org"
+ "http://other.example.org"))
+ (substitute-urls store)))
+
+(test-equal "substitute-urls, disabled"
+ '()
+ (with-store store
+ (set-build-options store #:use-substitutes? #f)
+ (substitute-urls store)))
(test-equal "profiles/per-user exists and is not writable"
#o755
--
2.41.0
guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 11 Nov 2023 11:04:13 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Nov 11 06:04:13 2023
Received: from localhost ([127.0.0.1]:52157 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r1lme-0005W0-Id
for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:04:12 -0500
Received: from lists.gnu.org ([2001:470:142::17]:60092)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1r1lmc-0005Vk-93
for submit <at> debbugs.gnu.org; Sat, 11 Nov 2023 06:04:10 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1r1lls-0008EH-F7
for guix-patches@HIDDEN; Sat, 11 Nov 2023 06:03:24 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1r1llq-00038h-If; Sat, 11 Nov 2023 06:03:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
references; bh=p6oIne+FWo7I8Huwd0+cmYTIlGJwC0Ju9pg2YgnBIqc=; b=r3P9iBCbKRNaK3
cNaFP2nlnAiQomDeHAp3Xq3tRuGJuc49xDLNQsw0oQ4UJyVMimQseQWw9rECWtbv6oinLpYUHbjhw
Id6IxRRhxQDpsIeiWD5s/N8etJMCCgmrHPT+EeqTuyicKjvZAEV50I/err84UlUaZyMpq2BfVzuD1
cHUEkThrxJzYIhhxVvSFdaxMltuzkTMNfhbpF/kNrxD5+F/TmvDCzsEGSgjtTh9y8AsaLL/N+iShj
WEVf8Rxe9j9FY3JHJyRKuGIuswlsvf/jfgQqxu8Ss07CfSycV/CDVi9txDCCoyJSjmz0kaGxj1EBe
FfK/guoTnlaf1y+jwLcw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 0/4] Helping diagnose substitute setup issues
Date: Sat, 11 Nov 2023 12:03:06 +0100
Message-ID: <cover.1699700049.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Ricardo Wurmus <rekado@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: submit
Cc: Emmanuel Agullo <emmanuel.agullo@HIDDEN>,
=?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>,
Simon Tournier <zimon.toutoune@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hello Guix!
While discussing at the Reproducible Software Environments Workshop
yesterday, Emmanuel Agullo and Simon Tournier suggested adding
tools to help diagnose substitute setup issues: to see which
substitutes URLs are being used and whether one of them is unauthorized.
This is a step in that direction. First ‘guix weather’ and ‘guix
challenge’ now default to the same substitute URLs as guix-daemon
(this was not the case until now because there was no way to get
that information from the daemon). Second ‘guix weather’ reports
about unauthorized servers, like so:
--8<---------------cut here---------------start------------->8---
$ guix weather coreutils
computing 1 package derivations for x86_64-linux...
looking for 2 store items on https://ci.guix.gnu.org...
guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are unauthorized
hint: To authorize substitute download from `https://ci.guix.gnu.org', the following command
needs to be run as root:
guix archive --authorize <<EOF
(public-key
(ecc
(curve Ed25519)
(q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)
)
)
EOF
Alternatively, on Guix System, you can add the signing key above to the
`authorized-keys' field of `guix-configuration'.
See "Getting Substitutes from Other Servers" in the manual for more information.
https://ci.guix.gnu.org ☀
100.0% substitutes available (2 out of 2)
at least 19.3 MiB of nars (compressed)
25.3 MiB on disk (uncompressed)
[…]
--8<---------------cut here---------------end--------------->8---
It turned out to be a low-hanging fruit!
Thoughts?
Ludo’.
Ludovic Courtès (4):
daemon: Implement ‘substitute-urls’ RPC.
challenge: Use the same substitute URLs as guix-daemon.
weather: Use the same substitute URLs as guix-daemon.
weather: Report unauthorized substitute servers.
doc/guix.texi | 26 ++++++++++++++++---
guix/scripts/challenge.scm | 11 +++++---
guix/scripts/weather.scm | 46 ++++++++++++++++++++++++++++++---
guix/store.scm | 18 ++++++++++---
nix/libstore/worker-protocol.hh | 5 ++--
nix/nix-daemon/nix-daemon.cc | 17 ++++++++++++
tests/store.scm | 25 ++++++++++++++++--
7 files changed, 132 insertions(+), 16 deletions(-)
base-commit: 08d94fe20eca47b69678b3eced8749dd02c700a4
--
2.41.0
Ludovic Courtès <ludo@HIDDEN>:guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN.
Full text available.guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, rekado@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:bug#67072; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.