* bug#70243: The substitute authorization warning is displayed when it shouldn't be
@ 2024-04-06 16:49 Leo Famulari
2024-05-25 9:31 ` Ludovic Courtès
0 siblings, 1 reply; 3+ messages in thread
From: Leo Famulari @ 2024-04-06 16:49 UTC (permalink / raw)
To: 70243
I just saw this on Debian:
------
$ guix shell -D guix -- ./pre-inst-env guix weather linux-libre
computing 1 package derivations for x86_64-linux...
looking for 1 store items on https://ci.guix.gnu.org...
guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are unauthorized
hint: To authorize all substitutes from `https://ci.guix.gnu.org' to be downloaded, the following command needs to be run as root:
[...]
------
But, I do have the given key in my '/etc/guix/acl', and this works:
------
guix shell -D guix -- ./pre-inst-env guix build linux-libre
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
substitute: updating substitutes from 'https://bordeaux.guix.gnu.org'... 100.0%
114.0 MB will be downloaded:
/gnu/store/547y21y3w9nj29w9n73gp2arjxgmvvl6-linux-libre-6.8.2
substituting /gnu/store/547y21y3w9nj29w9n73gp2arjxgmvvl6-linux-libre-6.8.2...
[...]
------
So, the warning is mistaken.
For your reference:
------
guix shell -D guix -- ./pre-inst-env guix describe
Git checkout:
repository: /home/leo/work/guix/
branch: master
commit: 50a72a08af37557575199b56bbee9f334d58575a
------
Let me know if there is any other information I can provide.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#70243: The substitute authorization warning is displayed when it shouldn't be
2024-04-06 16:49 bug#70243: The substitute authorization warning is displayed when it shouldn't be Leo Famulari
@ 2024-05-25 9:31 ` Ludovic Courtès
2024-06-05 17:06 ` Simon Tournier
0 siblings, 1 reply; 3+ messages in thread
From: Ludovic Courtès @ 2024-05-25 9:31 UTC (permalink / raw)
To: Leo Famulari; +Cc: 70243
Hi Leo,
Leo Famulari <leo@famulari.name> skribis:
> I just saw this on Debian:
>
> ------
> $ guix shell -D guix -- ./pre-inst-env guix weather linux-libre
> computing 1 package derivations for x86_64-linux...
> looking for 1 store items on https://ci.guix.gnu.org...
> guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are unauthorized
> hint: To authorize all substitutes from `https://ci.guix.gnu.org' to be downloaded, the following command needs to be run as root:
> [...]
> ------
>
> But, I do have the given key in my '/etc/guix/acl', and this works:
Are /etc/guix/acl and /etc/guix world-readable?
‘check-narinfo-authorization’ in (guix scripts weather) is supposed to
properly handle this case, but I think that fails if /etc/guix is not
accessible.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#70243: The substitute authorization warning is displayed when it shouldn't be
2024-05-25 9:31 ` Ludovic Courtès
@ 2024-06-05 17:06 ` Simon Tournier
0 siblings, 0 replies; 3+ messages in thread
From: Simon Tournier @ 2024-06-05 17:06 UTC (permalink / raw)
To: Ludovic Courtès, Leo Famulari; +Cc: 70243
[-- Attachment #1: Type: text/plain, Size: 339 bytes --]
Hi,
On Sat, 25 May 2024 at 11:31, Ludovic Courtès <ludo@gnu.org> wrote:
>> But, I do have the given key in my '/etc/guix/acl', and this works:
>
> Are /etc/guix/acl and /etc/guix world-readable?
I had been bitten by this recently. And I have not found any mention
about that in the manual. Maybe it could helpful to add:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: p.patch --]
[-- Type: text/x-diff, Size: 496 bytes --]
diff --git a/doc/guix.texi b/doc/guix.texi
index 5e1173b8c6..3b97674733 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -3792,7 +3792,8 @@ Getting Substitutes from Other Servers
@end example
Again this assumes @file{key.pub} contains the public key that
-@code{guix.example.org} uses to sign substitutes.
+@code{guix.example.org} uses to sign substitutes. Make sure
+@file{/etc/guix/acl} is world-readable.
@end enumerate
Now you're all set! Substitutes will be preferably taken from
[-- Attachment #3: Type: text/plain, Size: 144 bytes --]
In addition, I had to be read a comment in source code to know what
another issue was: the daemon’s too old. Hence, I would suggest:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #4: pp.patch --]
[-- Type: text/x-diff, Size: 657 bytes --]
diff --git a/guix/scripts/weather.scm b/guix/scripts/weather.scm
index 08a1b22a74..98a09f9e9a 100644
--- a/guix/scripts/weather.scm
+++ b/guix/scripts/weather.scm
@@ -643,7 +643,7 @@ (define-command (guix-weather . args)
;; substitute URLs, presumably because it's too
;; old.
(warning (G_ "using default \
-substitute URLs~%"))
+substitute URLs; maybe the daemon's too old~%"))
%default-substitute-urls)))
(systems (match (filter-map (match-lambda
(('system . system) system)
[-- Attachment #5: Type: text/plain, Size: 93 bytes --]
Both would ease the debugging session of substitute authorization, IMHO.
Cheers,
simon
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-06-05 17:11 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-06 16:49 bug#70243: The substitute authorization warning is displayed when it shouldn't be Leo Famulari
2024-05-25 9:31 ` Ludovic Courtès
2024-06-05 17:06 ` Simon Tournier
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).