From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#22774: Bootstrapping issue with HTTPS downloads Date: Sat, 29 Oct 2016 01:43:13 +0200 Message-ID: <878tt8vy3y.fsf@gnu.org> References: <87bn1d6abo.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:43378) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1c0Gof-0001Fb-78 for bug-guix@gnu.org; Fri, 28 Oct 2016 19:44:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1c0Goc-0006SB-3k for bug-guix@gnu.org; Fri, 28 Oct 2016 19:44:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:46927) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1c0Gob-0006S4-W2 for bug-guix@gnu.org; Fri, 28 Oct 2016 19:44:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1c0Gob-0001sB-NM for bug-guix@gnu.org; Fri, 28 Oct 2016 19:44:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87bn1d6abo.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 22774@debbugs.gnu.org ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > Fixed-output derivations for HTTPS downloads depend on GnuTLS. However, > pkg-config, one of GnuTLS=E2=80=99s dependencies, is now available exclus= ively > over HTTPS, which creates a bootstrapping issue, as reported by > Christopher W Carpenter and others: > > https://lists.gnu.org/archive/html/guix-devel/2016-02/msg00354.html The =E2=80=98wip-oob-download=E2=80=99 implements =E2=80=9Cout-of-band down= loads=E2=80=9D, whereby downloads are performed by the daemon on behalf of clients. This works by adding a =E2=80=9Cbuilt-in builder=E2=80=9D in the daemon (id= ea stolen from the Nix daemon): if you specify =E2=80=9Cbuiltin:download=E2=80=9D as = the builder of your derivation, then guix-daemon invokes =E2=80=98guix download=E2=80= =99 to download the thing. The derivation has to be fixed-output, of course. The branch is not ready yet, notably because we=E2=80=99d need a way to pass mirror lists to =E2=80=98guix download=E2=80=99, as an attribute of the der= ivation. Another question is compatibility: what if a recent client creates a =E2=80=9Cbuiltin:download=E2=80=9D derivation on an old daemon? The proble= m is that currently old daemons do not check the builder of the .drv file until you call =E2=80=98build-derivations=E2=80=99. So I think we=E2=80=99ll nee= d to bump the protocol version so client code can check whether the daemon is new enough. Thoughts? The good thing is that this should allow us to get rid of the bootstrap binaries that are currently distributed in the source tarball of Guix and downloaded upon =E2=80=98make=E2=80=99: https://www.gnu.org/software/guix/manual/html_node/Bootstrapping.html#Pre= paring-to-Use-the-Bootstrap-Binaries This was motivated precisely by the need for an out-of-band download mechanism for bootstrapping, which we=E2=80=99ll then have within guix-daem= on. Ludo=E2=80=99.