From: Franz Geffke <franz@pantherx.org>
To: 50977@debbugs.gnu.org
Subject: bug#50977: digital-ocean-environment-type fails
Date: Mon, 18 Oct 2021 20:40:47 +0100 [thread overview]
Message-ID: <20211018204047.0473e078@pantherx.org> (raw)
In-Reply-To: <CADXXfWk7DFjDNcxZ6f4Qsk3HiFpNz6m-0fm4pwYsjo58Kn6z1A@mail.gmail.com>
I've done some more digging. There are various issues with the script
that actually converts the Debian 9 Droplet to Guix.
1. The SSL certificates of gnu.org fail on Debian 9 (since end of Sep).
This appears to be related to a change in LetsEncrypt root certificates
2. The guix binary used is rather old
I don't have time to submit a merge request now. I have adapted the
included script to work on Debian 9 (uncomment 1x line), 11 and Ubuntu
21.04. This should be good until the bug has been resolved.
```
#!/bin/bash
# Guix 1.3.0 on DigitalOcean
# Convert Debian 11 or Ubuntu 21.04
###### MODIFY
TIMEZONE="Europe/Berlin"
LOCALE="en_US.utf8"
USERNAME="guix"
USER_COMMENT="guix's account"
USER_PASSWORD="Gq2M6JqNS2W6mgkY"
###### MODIFY END
CONFIG=/etc/bootstrap-config.scm
CRYPT='$6$abc'
apt-get update -y
apt-get install curl xz-utils -y
# Uncomment this for Debian 9
# sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
&& update-ca-certificates -f wget
https://ftp.gnu.org/gnu/guix/guix-binary-1.3.0.x86_64-linux.tar.xz cd
/tmp tar --warning=no-timestamp -xf
~/guix-binary-1.3.0.x86_64-linux.tar.xz mv var/guix /var/ && mv gnu /
mkdir -p ~root/.config/guix
ln -sf /var/guix/profiles/per-user/root/current-guix
~root/.config/guix/current export GUIX_PROFILE="`echo
~root`/.config/guix/current" ; source $GUIX_PROFILE/etc/profile
groupadd --system guixbuild
for i in `seq -w 1 10`;
do
useradd -g guixbuild -G guixbuild \
-d /var/empty -s `which nologin` \
-c "Guix build user $i" --system \
guixbuilder$i;
done;
cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
/etc/systemd/system/ systemctl start guix-daemon && systemctl enable
guix-daemon mkdir -p /usr/local/bin
cd /usr/local/bin
ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix
mkdir -p /usr/local/share/info
cd /usr/local/share/info
for i in /var/guix/profiles/per-user/root/current-guix/share/info/*; do
ln -s $i; done
guix archive --authorize <
~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub # guix pull
guix package -i glibc-utf8-locales
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
guix package -i openssl
HOSTNAME=$(curl -s http://169.254.169.254/metadata/v1/hostname)
PUBLIC_IPV4=$(curl -s
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)
NETMASK=$(curl -s
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/netmask)
GATEWAY=$(curl -s
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/gateway)
function write_server_config() {
cat >> $CONFIG <<EOL
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh certs tls)
(operating-system
(host-name "${HOSTNAME}")
(timezone "${TIMEZONE}")
(locale "${LOCALE}")
(initrd-modules (append (list "virtio_scsi")
%base-initrd-modules))
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/vda")))
(file-systems (append
(list (file-system
(device "/dev/vda1")
(mount-point "/")
(type "ext4")))
%base-file-systems))
(users (cons (user-account
(name "${USERNAME}")
(comment "${USER_COMMENT}")
(group "users")
(password (crypt "${USER_PASSWORD}" "${CRYPT}"))
(supplementary-groups '("wheel"))
(home-directory "/home/${USERNAME}"))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons* screen openssh nss-certs gnutls %base-packages))
(services (cons* (static-networking-service "eth0" "${PUBLIC_IPV4}"
#:netmask "${NETMASK}"
#:gateway "${GATEWAY}"
#:name-servers '("84.200.69.80" "84.200.70.40"))
(service openssh-service-type
(openssh-configuration
(permit-root-login 'without-password)))
%base-services)))
EOL
}
write_server_config
# guix pull
guix system build /etc/bootstrap-config.scm
# these appear to be the necessary on Ubuntu 21.04
mv /etc/ssl /etc/bk_ssl
mv /etc/pam.d /etc/bk_pam.d
mv /etc/skel /etc/bk_skel
guix system reconfigure /etc/bootstrap-config.scm
mv /etc /old-etc
mkdir /etc
cp -r
/old-etc/{passwd,group,shadow,gshadow,mtab,guix,bootstrap-config.scm}
/etc/ guix system reconfigure /etc/bootstrap-config.scm
reboot
```
prev parent reply other threads:[~2021-10-18 19:42 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-02 19:49 bug#50977: digital-ocean-environment-type fails Florian Hoertlehner
2021-10-18 11:08 ` Franz Geffke
2021-10-18 19:40 ` Franz Geffke [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211018204047.0473e078@pantherx.org \
--to=franz@pantherx.org \
--cc=50977@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).