From mboxrd@z Thu Jan 1 00:00:00 1970 From: Efraim Flashner Subject: bug#37865: guix pull: error: You found a bug: Date: Wed, 23 Oct 2019 19:55:04 +0300 Message-ID: <20191023165504.GB15460@E5400> References: <20191022083418.0c821e9d.kmx@posteo.net> <87sgnkwk5l.fsf@gnu.org> <20191023085503.7af886c5.kmx@posteo.net> <874kzzx023.fsf@gnu.org> <20191023162411.3d520e24.kmx@posteo.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:53572) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iNJvX-0003W0-Nn for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iNJvW-0004qZ-A6 for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:54336) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iNJvV-0004qA-VC for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iNJvV-0004qI-Qk for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Content-Disposition: inline In-Reply-To: <20191023162411.3d520e24.kmx@posteo.net> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Kai Mertens Cc: 37865@debbugs.gnu.org --aM3YZ0Iwxop3KEKx Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Oct 23, 2019 at 04:26:35PM +0200, Kai Mertens wrote: > On Wed, 23 Oct 2019 11:50:44 +0200 > Ludovic Court=C3=A8s wrote: >=20 > > >> Did you enable substitutes from ? > > >> See . > > >> =20 > > > > > > hmm, I did not enable substitutes explicitly in the command line, but > > > as far as I remember, I allowed guix to use substitutes when I set it > > > up some time ago. Is there a handy command that helps me to check the > > > current configuration? Anyway, I was not using option --no-substitute= s. =20 > >=20 > > If you installed it long ago, it could be that you authorized > > substitutes from hydra.gnu.org (the former CI server, discontinued in > > June=C2=B9) but not from ci.guix.gnu.org. > >=20 >=20 > Yes indeed! >=20 > > So you would need to check: > >=20 > > 1. which substitute URL guix-daemon is using; >=20 > I tried the example as seen in =E2=80=9C4.3.2 Substitute Server Authoriza= tion=E2=80=9D: >=20 > $ guix build emacs --dry-run > substitute: updating list of substitutes from 'https://mirror.hydra.gnu.o= rg'... 18.6%guix substitute: error: TLS error in procedure 'read_from_sess= ion_record_port': The TLS connection was non-properly terminated. > guix build: error: substituter `substitute' died unexpectedly >=20 > So apparently, guix is using the obsolete hydra server. >=20 > >=20 > > 2. which keys are authorized in /etc/guix/acl. > >=20 >=20 > This file shows only one key, but that one is listed four times as like: > (entry=20 > (public-key=20 > (rsa=20 > (n=20 > #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268= E82D4BBE0E35298C481C9DA15 > 51642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B= 538A0E990A8825DEB73081D31 > 7001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D40= 0658974D7DAD1F6B7B63C192B > 9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F3= 30908CFDA9C3C8C32B64F7DD0 > 88457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F6670= 80BA941D80D015CE87B0FB6A9 > 1A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15F= C7B8785A3E86BA6592B2916CA > 22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D= 88B6A618F84DD73AEBED8270B > CB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70= A9C27CB5B7B050C9090590D3A > 9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF= 19963A191967054E9FD97DC14 > D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE= 97B89043E95BD1B70DE61DA66 > 6893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE5= 51A3C447C12E104E65#) (e=20 > #010001#) ) > ) > (tag=20 > (guix import) > ) > ) >=20 > > The above chapter of the manual has more info on this. > >=20 > > LMK how it goes! >=20 > Well, I am not sure how to proceed with my old version of guix. >=20 > I wonder if the listed key is as well valid for https://ci.guix.gnu.org > just the same as it used to be valid for https://mirror.hydra.gnu.org. >=20 It's not. The long RSA key was only for hydra. > If not, where can I get the new, correct one? One option is from the git repo. I don't see the key hosted online, but you likely already have it in your store. It should be in /gnu/store/...-guix-../share/guix/ci.guix.gnu.org.pub Also if you've run 'guix pull' it should be in ~/.cache/guix/pull/pjmkglp4t= 7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq/etc/substitutes/ci.guix.gnu.org= =2Epub >=20 > Once I have the keyfile, I am supposed to continue with section > =E2=80=9C4.3.2 Substitute Server Authorization=E2=80=9D, > right? >=20 > Then I would try: > # guix-daemon --substitute-urls=3Dhttps://ci.guix.gnu.org > # guix archive --authorize < my/path/to/ci.guix.gnu.org.pub >=20 > Is that correct? If you're on Guix System then you'd want to do 'sudo herd restart guix-daemon' after authorizing the key. If you're on a foreign system then as long as you don't have '--substitute-urls' already in the guix-daemon command then it'll default to ci.guix.gnu.org >=20 > Would that remove the obsolete substitute server information in the > same go? There's no need to remove it, but you could remove it by hand if you want. >=20 > best regards > Kai >=20 Hope that helps --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --aM3YZ0Iwxop3KEKx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl2whegACgkQQarn3Mo9 g1FlAw//WMdG0+087NiD6ydR04NCDGk6WaCv91RPFqGp3tZWU8sGNQOX8X1vOS5k AMQR+1gyvQPFC0cVb9iSzFcRyyzCya9HKhTBY/wTiFHKHRSt/TUrGKiVi6DCuFG8 AJmGmTH9855rGKk9US99khK/UbWeFeiDyWW81o+mUcX+2gxCgob6X/4Z9Wjt0C2a pzMTMabvaAkR5i4l1AtiiHk9aAYag5VIPmQ8pVlAFpmgx5fUVOtahATpBVf3h+EC cegM/1FtnqKmSvDaydIHouWd83cTW3HC9pD4QbYiDCtK3N95AkmUuD5eo/UnZoca ZVoDLYCHNr7aUmQfhYXmrZy+h8X4+q8ET3B/8LvPpQLag6SWhVLod3y0rgvtSLEv jD0m1WLECcc/k1oli3H0Op6g6Batj/LBwJbRBMcz/vK+fPTF2/datS0PAx0JToph B3AVr1HAIN+MXuIwCo7w2q5hfs8zUrCLTtbmbulAsi27dTymsQzQOCEwpFsAKYVU g9dcHK5DqObsNrwWeB+t/lFUWKE90Ae9UOzbphzc5urRC5nOH2iJiy/IEEZzykB6 xKCYSoNhKPJfs+uUfxoagif+W8xNOjzggXx2gCR3iOppmgFShVOy/M+OnTq4XCqE k2OviHiQjt9TkoQEChgz1JRo19/NADeMPP4F/+frZbnQgZljFps= =GVyC -----END PGP SIGNATURE----- --aM3YZ0Iwxop3KEKx--