From: ludo@gnu.org (Ludovic Courtès)
To: David Thompson <dthompson2@worcester.edu>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH 2/2] scripts: Add 'publish' command.
Date: Fri, 27 Mar 2015 23:41:06 +0100 [thread overview]
Message-ID: <87pp7u6p31.fsf@gnu.org> (raw)
In-Reply-To: <87wq22gyxb.fsf@fsf.org> (David Thompson's message of "Fri, 27 Mar 2015 12:58:24 -0400")
David Thompson <dthompson2@worcester.edu> skribis:
> From a40d47dc64571aade0c92b4bdf3c56f6870842cc Mon Sep 17 00:00:00 2001
> From: David Thompson <dthompson2@worcester.edu>
> Date: Tue, 17 Mar 2015 10:21:31 -0400
> Subject: [PATCH 2/2] scripts: Add 'publish' command.
>
> * guix/scripts/publish.scm: New file.
> * po/guix/POTFILES.in: Add it.
> * tests/publish.scm: New file.
> * Makefile.am (MODULES): Add script module.
> (SCM_TESTS): Add test module.
> * doc/guix.texi ("Invoking guix publish"): New node.
[...]
> +@node Invoking guix publish
> +@section Invoking @command{guix publish}
> +
> +The purpose of @command{guix publish} is to enable users to easily share
> +their store with others. When @command{guix publish} runs, it spawns an
> +HTTP server which allows anyone with network access to obtain
> +substitutes from it. This means that any machine running Guix can also
> +act as if it were a build farm, since the HTTP interface is
> +Hydra-compatible. For security, each substitute is signed with the
> +system's signing key (@pxref{Invoking guix archive}).
I would skip a line after “Hydra-compatible,” and make it like:
For security, each substitute is signed, allowing recipients to check
their authenticity and integrity (@pxref{Substitutes}). Because
@command{guix publish} uses the system's signing key, which is only
readable by the system administrator, it must run as root.
> +@command{guix publish} is a tool for system administrators, so only the
> +root user may invoke it.
... so this sentence can be removed.
Note for later: it should drop privileges once the key has been read and
the port open.
> +Once a publishing server has been authorized (@pxref{Invoking guix archive}),
> +the Guix daemon may use it to download substitutes:
“the daemon may download substitutes from it:”
> +(define (read-file-sexp file)
> + (call-with-input-file file
> + (compose string->canonical-sexp
> + get-string-all)))
> +
> +(define %private-key
> + (read-file-sexp %private-key-file))
> +
> +(define %public-key
> + (read-file-sexp %public-key-file))
Since this can throw, it should not be done at the top-level. So it
should be wrapped it in ‘delay’ or in a thunk.
> +(define (narinfo-string store-path path-info key)
Docstring please. :-)
> +(define (render-nar request store-item)
> + "Render archive of the store path corresponding to STORE-ITEM."
> + (let ((store-path (string-append %store-directory "/" store-item)))
> + ;; The ISO-8859-1 charset *must* be used otherwise HTTP clients will
> + ;; interpret the byte stream as UTF-8 and arbitrarily change invalid byte
> + ;; sequences.
> + (if (file-exists? store-path)
> + (values '((content-type . (application/x-nix-archive
> + (charset . "ISO-8859-1"))))
> + (lambda (port)
> + (write-file store-path port)))
> + (not-found request))))
This is OK for now, but I just realized that this will be blocking the
server for the duration of the whole transfer. Someone could DoS you by
substituting TeX Live. ;-)
We’ll need a solution but it seems that it’ll be hard to avoid threads.
Thoughts?
> +(define (guix-publish . args)
> + (with-error-handling
> + (let* ((opts (parse-command-line args %options (list %default-options)))
I had overlooked it but it should use plain ‘args-fold*’ instead of
‘parse-command-line’ (the latter handles $GUIX_BUILD_OPTIONS and ‘guix
publish’ doesn’t build anything.)
> + (store (open-connection)))
Use (with-store store body ...) instead.
OK to push with these changes.
Thanks!
Ludo’.
next prev parent reply other threads:[~2015-03-27 22:41 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-17 14:57 [PATCH 0/2] Add 'guix publish' command David Thompson
2015-03-17 15:00 ` [PATCH 1/2] store: Add query-path-info operation David Thompson
2015-03-18 8:55 ` Ludovic Courtès
2015-03-27 16:56 ` David Thompson
2015-03-27 21:30 ` Ludovic Courtès
2015-03-17 15:01 ` [PATCH 2/2] scripts: Add 'publish' command David Thompson
2015-03-18 10:27 ` Ludovic Courtès
2015-03-27 16:58 ` David Thompson
2015-03-27 22:41 ` Ludovic Courtès [this message]
2015-03-29 17:02 ` Mark H Weaver
2015-03-29 17:29 ` David Thompson
2015-03-30 19:32 ` Ludovic Courtès
2015-04-04 18:30 ` David Thompson
2015-03-17 15:20 ` [PATCH 0/2] Add 'guix publish' command David Thompson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pp7u6p31.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=dthompson2@worcester.edu \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).