* bug#22774: Bootstrapping issue with HTTPS downloads
@ 2016-02-22 21:03 Ludovic Courtès
2016-07-31 16:28 ` Ludovic Courtès
0 siblings, 1 reply; 5+ messages in thread
From: Ludovic Courtès @ 2016-02-22 21:03 UTC (permalink / raw)
To: 22774
Fixed-output derivations for HTTPS downloads depend on GnuTLS. However,
pkg-config, one of GnuTLS’s dependencies, is now available exclusively
over HTTPS, which creates a bootstrapping issue, as reported by
Christopher W Carpenter and others:
https://lists.gnu.org/archive/html/guix-devel/2016-02/msg00354.html
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#22774: Bootstrapping issue with HTTPS downloads
2016-02-22 21:03 bug#22774: Bootstrapping issue with HTTPS downloads Ludovic Courtès
@ 2016-07-31 16:28 ` Ludovic Courtès
2016-10-28 23:43 ` Ludovic Courtès
0 siblings, 1 reply; 5+ messages in thread
From: Ludovic Courtès @ 2016-07-31 16:28 UTC (permalink / raw)
To: 22774
ludo@gnu.org (Ludovic Courtès) skribis:
> Fixed-output derivations for HTTPS downloads depend on GnuTLS. However,
> pkg-config, one of GnuTLS’s dependencies, is now available exclusively
> over HTTPS, which creates a bootstrapping issue, as reported by
> Christopher W Carpenter and others:
>
> https://lists.gnu.org/archive/html/guix-devel/2016-02/msg00354.html
This is mitigated by the use of content-addressed mirrors over HTTP, as
in commit 40f788b9f6184436d9cc36a4dd8e7d101cd2f0ba (obviously a stop-gap
measure more than a real fix.)
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#22774: Bootstrapping issue with HTTPS downloads
2016-07-31 16:28 ` Ludovic Courtès
@ 2016-10-28 23:43 ` Ludovic Courtès
2016-11-13 23:02 ` Ludovic Courtès
0 siblings, 1 reply; 5+ messages in thread
From: Ludovic Courtès @ 2016-10-28 23:43 UTC (permalink / raw)
To: 22774
ludo@gnu.org (Ludovic Courtès) skribis:
> Fixed-output derivations for HTTPS downloads depend on GnuTLS. However,
> pkg-config, one of GnuTLS’s dependencies, is now available exclusively
> over HTTPS, which creates a bootstrapping issue, as reported by
> Christopher W Carpenter and others:
>
> https://lists.gnu.org/archive/html/guix-devel/2016-02/msg00354.html
The ‘wip-oob-download’ implements “out-of-band downloads”, whereby
downloads are performed by the daemon on behalf of clients.
This works by adding a “built-in builder” in the daemon (idea stolen
from the Nix daemon): if you specify “builtin:download” as the builder
of your derivation, then guix-daemon invokes ‘guix download’ to download
the thing. The derivation has to be fixed-output, of course.
The branch is not ready yet, notably because we’d need a way to pass
mirror lists to ‘guix download’, as an attribute of the derivation.
Another question is compatibility: what if a recent client creates a
“builtin:download” derivation on an old daemon? The problem is that
currently old daemons do not check the builder of the .drv file until
you call ‘build-derivations’. So I think we’ll need to bump the
protocol version so client code can check whether the daemon is new
enough.
Thoughts?
The good thing is that this should allow us to get rid of the bootstrap
binaries that are currently distributed in the source tarball of Guix
and downloaded upon ‘make’:
https://www.gnu.org/software/guix/manual/html_node/Bootstrapping.html#Preparing-to-Use-the-Bootstrap-Binaries
This was motivated precisely by the need for an out-of-band download
mechanism for bootstrapping, which we’ll then have within guix-daemon.
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#22774: Bootstrapping issue with HTTPS downloads
2016-10-28 23:43 ` Ludovic Courtès
@ 2016-11-13 23:02 ` Ludovic Courtès
2016-11-16 17:23 ` Ludovic Courtès
0 siblings, 1 reply; 5+ messages in thread
From: Ludovic Courtès @ 2016-11-13 23:02 UTC (permalink / raw)
To: 22774
ludo@gnu.org (Ludovic Courtès) skribis:
> The ‘wip-oob-download’ implements “out-of-band downloads”, whereby
> downloads are performed by the daemon on behalf of clients.
>
> This works by adding a “built-in builder” in the daemon (idea stolen
> from the Nix daemon): if you specify “builtin:download” as the builder
> of your derivation, then guix-daemon invokes ‘guix download’ to download
> the thing. The derivation has to be fixed-output, of course.
>
> The branch is not ready yet, notably because we’d need a way to pass
> mirror lists to ‘guix download’, as an attribute of the derivation.
Fixed!
> Another question is compatibility: what if a recent client creates a
> “builtin:download” derivation on an old daemon? The problem is that
> currently old daemons do not check the builder of the .drv file until
> you call ‘build-derivations’. So I think we’ll need to bump the
> protocol version so client code can check whether the daemon is new
> enough.
To address that, I bumped the protocol number in worker-protocol.hh and
added a ‘built-in-builders’ RPC that returns the list of supported
built-in builders (a list of strings.)
That way, clients can check what the daemon supports. For instance,
‘url-fetch’ can return either a “normal” fixed-output derivation or one
that uses “builtin:download”, depending on what the daemon supports.
Feedback welcome.
Ludo’.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-11-16 17:25 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-02-22 21:03 bug#22774: Bootstrapping issue with HTTPS downloads Ludovic Courtès
2016-07-31 16:28 ` Ludovic Courtès
2016-10-28 23:43 ` Ludovic Courtès
2016-11-13 23:02 ` Ludovic Courtès
2016-11-16 17:23 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).