On Wed, 23 Oct 2019 11:50:44 +0200 Ludovic Courtès wrote: > >> Did you enable substitutes from ? > >> See . > >> > > > > hmm, I did not enable substitutes explicitly in the command line, but > > as far as I remember, I allowed guix to use substitutes when I set it > > up some time ago. Is there a handy command that helps me to check the > > current configuration? Anyway, I was not using option --no-substitutes. > > If you installed it long ago, it could be that you authorized > substitutes from hydra.gnu.org (the former CI server, discontinued in > June¹) but not from ci.guix.gnu.org. > Yes indeed! > So you would need to check: > > 1. which substitute URL guix-daemon is using; I tried the example as seen in “4.3.2 Substitute Server Authorization”: $ guix build emacs --dry-run substitute: updating list of substitutes from 'https://mirror.hydra.gnu.org'... 18.6%guix substitute: error: TLS error in procedure 'read_from_session_record_port': The TLS connection was non-properly terminated. guix build: error: substituter `substitute' died unexpectedly So apparently, guix is using the obsolete hydra server. > > 2. which keys are authorized in /etc/guix/acl. > This file shows only one key, but that one is listed four times as like: (entry (public-key (rsa (n #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268E82D4BBE0E35298C481C9DA15 51642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B538A0E990A8825DEB73081D31 7001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D400658974D7DAD1F6B7B63C192B 9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F330908CFDA9C3C8C32B64F7DD0 88457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F667080BA941D80D015CE87B0FB6A9 1A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15FC7B8785A3E86BA6592B2916CA 22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D88B6A618F84DD73AEBED8270B CB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70A9C27CB5B7B050C9090590D3A 9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF19963A191967054E9FD97DC14 D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE97B89043E95BD1B70DE61DA66 6893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE551A3C447C12E104E65#) (e #010001#) ) ) (tag (guix import) ) ) > The above chapter of the manual has more info on this. > > LMK how it goes! Well, I am not sure how to proceed with my old version of guix. I wonder if the listed key is as well valid for https://ci.guix.gnu.org just the same as it used to be valid for https://mirror.hydra.gnu.org. If not, where can I get the new, correct one? Once I have the keyfile, I am supposed to continue with section “4.3.2 Substitute Server Authorization”, right? Then I would try: # guix-daemon --substitute-urls=https://ci.guix.gnu.org # guix archive --authorize < my/path/to/ci.guix.gnu.org.pub Is that correct? Would that remove the obsolete substitute server information in the same go? best regards Kai > > ¹ https://lists.gnu.org/archive/html/info-guix/2019-06/msg00001.html -- Kai Mertens OpenPGP Key-ID: 0x40B15AB4B05B5BF1 on keys.gnupg.net Key fingerprint = 7C83 0A80 01FF 679C 6E8E AFD3 40B1 5AB4 B05B 5BF1 What is that? Please check: https://emailselfdefense.fsf.org/en/