From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#28749: guix build --subsitute-urls does not override guix-daemon run with --no-subsitutes Date: Sat, 14 Oct 2017 12:41:56 -0400 Message-ID: <20171014164156.GA2074@jasmine.lan> References: <20171009192034.GB16949@jasmine.lan> <87tvz3f8sp.fsf@gmail.com> <20171013215430.GA1951@jasmine.lan> <871sm5uala.fsf@elephly.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33928) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1e3PWj-0005F8-Ey for bug-guix@gnu.org; Sat, 14 Oct 2017 12:43:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1e3PWg-00060c-9R for bug-guix@gnu.org; Sat, 14 Oct 2017 12:43:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60010) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1e3PWg-00060V-1D for bug-guix@gnu.org; Sat, 14 Oct 2017 12:43:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1e3PWf-00040x-MJ for bug-guix@gnu.org; Sat, 14 Oct 2017 12:43:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <871sm5uala.fsf@elephly.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: drashne@protonmail.com, Maxim Cournoyer , 28749@debbugs.gnu.org --d6Gm4EdcadzBjdND Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Oct 14, 2017 at 03:23:45PM +0200, Ricardo Wurmus wrote: > I don=E2=80=99t know. Substitute sources have to authorized before downl= oaded > substitutes are accepted by the daemon. This authorization happens as > the root user, as it constitutes a system-wide change. I was thinking of situations where the subsitute signing key is authorized, but substitutes are disabled system-wide. I don't have a use case for this configuration but, to me, it doesn't seem far-fetched for multi-user systems. Maybe the administrator is willing to let users trust substitutes, but doesn't want to do it for the privileged Guix installation. --d6Gm4EdcadzBjdND Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlniPlEACgkQJkb6MLrK fwj1nRAAqheeh8ofKsPo4T7ekPnyvFBA8ao/B3RI66ffHvzn/b2NtyaCMwus+MOX Y/n0bwo/Xtls6jCWErQxwIDgaHzzVWKeOA+GkzKNqH01dX9UI74gVrO0mUeJqQgy 75EU2awFg5/qGgo1sMhegZOFfHAgRcyK2rbmvkCiXWIeZ9rRqgMGYI3gQ+b1ct0a YxhWkuYgQGU6xSoieJ/GEqlgdtpbfnOpITETGM20EcxP2B2Vetg0F+DGOr3vl98x gmT7roOkVJHaK2/bvzTPZ9D57qR8IESNyIyJrHX4o9AAar2iDHTJjlJkmQ323reZ JFPJFwj9P3mJZNp1PrW4tLlxHyjl6++P+HTFQd5c5A3e1gn6AGQX97XN6hdTqDA2 6fzR8mh5q6eJkPp743cxvb2q6JrafzhCRhLHWI5u7aBnd13U9wFIGnlQ2gm30lo/ O5OnyVtvnoNktgtMvuXembt3K8eYH0qRrk3K5i8gjgy2K7kqmtkbTdGIm+ND277C toiD1lS4phx4dyxfdBSkc7fiuyK3Iv4LRwiwnGZOeezXIUo/jc8WrxViDYd7OdPC yq9/r6GKv55iKrucnBReg8SO7nBQHkB1qOnne0TguRz9IF3OIPaF7THsCPq15yav xxwLy36d+sC19w1bl2mVPVvE/K+2gv5Omk4E63CVx4jjIfEaziY= =B9in -----END PGP SIGNATURE----- --d6Gm4EdcadzBjdND--