On Wed, Oct 23, 2019 at 04:26:35PM +0200, Kai Mertens wrote: > On Wed, 23 Oct 2019 11:50:44 +0200 > Ludovic Courtès wrote: > > > >> Did you enable substitutes from ? > > >> See . > > >> > > > > > > hmm, I did not enable substitutes explicitly in the command line, but > > > as far as I remember, I allowed guix to use substitutes when I set it > > > up some time ago. Is there a handy command that helps me to check the > > > current configuration? Anyway, I was not using option --no-substitutes. > > > > If you installed it long ago, it could be that you authorized > > substitutes from hydra.gnu.org (the former CI server, discontinued in > > June¹) but not from ci.guix.gnu.org. > > > > Yes indeed! > > > So you would need to check: > > > > 1. which substitute URL guix-daemon is using; > > I tried the example as seen in “4.3.2 Substitute Server Authorization”: > > $ guix build emacs --dry-run > substitute: updating list of substitutes from 'https://mirror.hydra.gnu.org'... 18.6%guix substitute: error: TLS error in procedure 'read_from_session_record_port': The TLS connection was non-properly terminated. > guix build: error: substituter `substitute' died unexpectedly > > So apparently, guix is using the obsolete hydra server. > > > > > 2. which keys are authorized in /etc/guix/acl. > > > > This file shows only one key, but that one is listed four times as like: > (entry > (public-key > (rsa > (n > #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268E82D4BBE0E35298C481C9DA15 > 51642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B538A0E990A8825DEB73081D31 > 7001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D400658974D7DAD1F6B7B63C192B > 9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F330908CFDA9C3C8C32B64F7DD0 > 88457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F667080BA941D80D015CE87B0FB6A9 > 1A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15FC7B8785A3E86BA6592B2916CA > 22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D88B6A618F84DD73AEBED8270B > CB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70A9C27CB5B7B050C9090590D3A > 9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF19963A191967054E9FD97DC14 > D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE97B89043E95BD1B70DE61DA66 > 6893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE551A3C447C12E104E65#) (e > #010001#) ) > ) > (tag > (guix import) > ) > ) > > > The above chapter of the manual has more info on this. > > > > LMK how it goes! > > Well, I am not sure how to proceed with my old version of guix. > > I wonder if the listed key is as well valid for https://ci.guix.gnu.org > just the same as it used to be valid for https://mirror.hydra.gnu.org. > It's not. The long RSA key was only for hydra. > If not, where can I get the new, correct one? One option is from the git repo. I don't see the key hosted online, but you likely already have it in your store. It should be in /gnu/store/...-guix-../share/guix/ci.guix.gnu.org.pub Also if you've run 'guix pull' it should be in ~/.cache/guix/pull/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq/etc/substitutes/ci.guix.gnu.org.pub > > Once I have the keyfile, I am supposed to continue with section > “4.3.2 Substitute Server Authorization”, > right? > > Then I would try: > # guix-daemon --substitute-urls=https://ci.guix.gnu.org > # guix archive --authorize < my/path/to/ci.guix.gnu.org.pub > > Is that correct? If you're on Guix System then you'd want to do 'sudo herd restart guix-daemon' after authorizing the key. If you're on a foreign system then as long as you don't have '--substitute-urls' already in the guix-daemon command then it'll default to ci.guix.gnu.org > > Would that remove the obsolete substitute server information in the > same go? There's no need to remove it, but you could remove it by hand if you want. > > best regards > Kai > Hope that helps -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted