On Sun, Oct 08, 2017 at 01:13:16PM -0400, Drashne wrote:
> From the kind people on #guix, I've heard that "guix build
> --subsitute-urls" should override "guix-daemon --no-subsitutes", but
> it seems it's not doing so for me.

The documentation of guix-daemon [0] says this on the subject:

"When the daemon runs with --no-substitutes, clients can still
explicitly enable substitution via the set-build-options remote
procedure call (see The Store)."

So, there is a way for unprivileged users to enable substitution for
themselves even when the local administrator has disabled substitution,
but it's not via the --substitute-urls mechanism.

I'm closing this bug because I think it's mostly a case of having
received mistaken advice on #guix.

[0]
https://www.gnu.org/software/guix/manual/html_node/Invoking-guix_002ddaemon.html#Invoking-guix_002ddaemon

> Here's the situation I ran in to:
> 
> While doing a "./pre-inst-env guix pull" I got an error about:
> 
>   output path `/gnu/store/53lj4z9cavl7n27r89zjnvyd8fk854kj-libgit2-0.26.0.tar.gz' should have sha256 hash `1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa', instead has `
> 1b3figbhp5l83vd37vq6j2narrq4yl9pfw6mw0px0dzb1hz3jqka'
> 
> So I tried "./pre-inst-env guix build --source libgit2 --substitute-urls=[https://mirror.hydra.gnu.org"](https://mirror.hydra.gnu.org)
> but it redirected me to https://codeload.github.com/libgit2/libgit2/tar.gz/v0.26.0
> which had the wrong hash.

We are discussing how to handle unstable upstream sources more
gracefully here:

https://bugs.gnu.org/28659