wip-signed-archives progress report

wip-signed-archives progress report

[Ludovic Courtès]

hydra.gnu.org now signs binaries.  More precisely, it signs the
meta-data of binaries, aka. “narinfos”:

--8<---------------cut here---------------start------------->8---
$ wget -q -O - http://hydra.gnu.org/1j3w0vvh1ya3l382ls5h1s75fvvdxbzk.narinfo
StorePath: /gnu/store/1j3w0vvh1ya3l382ls5h1s75fvvdxbzk-emacs-24.3
URL: nar/1j3w0vvh1ya3l382ls5h1s75fvvdxbzk-emacs-24.3
Compression: bzip2
NarHash: sha256:02xnn63ib2zs0k2dvkk9f6k7d4g1s6pm1ryjlzg3h98b88bch7n9
NarSize: 100956560
References: 1j3w0vvh1ya3l382ls5h1s75fvvdxbzk-emacs-24.3 250yb9lr5018sc1092xb0fikarqsh55r-findutils-4.4.2 2ygn4ncnhrpr61rssa6z0d9x22si0va3-libjpeg-8d 34lb360x0m8ilmqlzmvk1s2rgm416l5s-gdk-pixbuf-2.28.2 394ijzg3g53i77q9400j22w1wamcjkxs-xz-5.0.4 3b0179h37dd19xc1k73cy8s75ja4pmba-grep-2.18 3j9cmj0l4g37gi804y8yvnig0yqgm2xg-gzip-1.6 499l505sasqwxcimsvf7h6if2bnyq785-cairo-1.12.16 6ax9s08vya8dsfda8yr0swk5g3f0b189-atk-2.10.0 6z7k9ms4sf367c3phl7djhb740ly3dqi-gcc-4.8.2 7zdhgp0n1518lvfn8mb96sxqfmvqrl7v-libxrender-0.9.7 8f15savrvf13z1z9hi5cb5l6akdx4gzr-zlib-1.2.7 91l8glwrsv0cdc53viq4i0x0x7qjrbgj-make-4.0 a9pdkvz3xiyp01xl8gcl1y6mjij0h86k-pkg-config-0.27.1 cvc6x0brfnrxsrk2f48c6dhh4brf05d9-coreutils-8.22 d12n5r59rhvc2b86agsp2gzsad41gr3p-pango-1.34.1 fkmxw4d9xrabvpg3mv2l529cw7gw27n5-libtasn1-3.4 hf5kklv837xbfcv6gc7gpsj36l69j3sj-glibc-2.19 hg75n2sbpmwnxw4v4bvn1i304r5s3dfh-libtiff-4.0.3 imc4v341rb93k8rialj5baxzdh63w2xr-nettle-2.7.1 j96wdn8q41jd62n6p6viv2wl9l2100b3-gtk+-2.24.21 jm0qk1n234f7l8s8zp8fpa13m8w91ikv-diffutils-3.3 lxszay94rraffzfjmzlvpa5z02h9xlfz-gnutls-3.2.12 m56m1y8inkplafq2859vaflwrwa0c3jf-which-2.20 malv41q53gmwvrzm6mfpv7g4s95rzxik-libsm-1.2.1 n1chwrwzq94120d3zfcyd9yr11r0jbsb-sed-4.2.2 naxqxdf7f6lfpy4h481h8j8hs2r44v09-libpng-1.5.17 nsv3rg9i3rn29j1nk4lr26pxazpmd75g-tar-1.27.1 nw5y8klybqh3wn0xc66b1dfjafs5hybv-freetype-2.4.11 plw2fk911b33n75ylmrqkfwkhwg75ydv-binutils-2.24 pvvizw77i06pjq7kv1iz57kl68xd7bnr-libxpm-3.5.10 q6v9b91x3hcikmnf6s3vhjzpjdrkdp6y-texinfo-5.2 qca6ipcph0rx8fsmcbib1qphqgv2rhl0-libxft-2.3.1 qfvvhq9m6jfsn7k9a4rzik3p6hmdq397-libx11-1.5.0 r26x0ibxcg8h71j01dcyc27lpa7kc87f-patch-2.7.1 rrbw3d1dl4njp2nnb84x8mlnmhdcvfxp-libxml2-2.9.0 sw5gnvc1q14pyiw5d7xc47xcy942gsf5-gawk-4.1.0 v5wr09jhn17ami1k844r6y6n3sy6y0kr-fontconfig-2.10.93 vkgwsi1vi2k91y22clf42z2qxydyxfbb-bzip2-1.0.6 vw8ipma5jgy2a5nczwh9bxsc99w67yy5-glib-2.39.1 wfppwmx7lsqm0hpachkzs90m0c1zqxiv-ld-wrapper-0 wfrjbxjapgqb9pqnwck35r8kb9gj435i-harfbuzz-0.9.22 xa3hd1y4yx0z18ya3zk2p6zlc0f2hr3g-libice-1.0.8 xhd2xdv16b64ajkdd7pbkklrq5fmn28i-bash-4.3 yagg8zjdz367qiwspm8ssgny47inrn8f-alsa-lib-1.0.27.1 yxaqk5vj602m6waasvrg30hm09ln501w-giflib-4.2.3 zjwc4x53rpim4j3hmspzpv0k3n4kgv0n-dbus-1.6.4 zysrgzapv5vzjqrbcz2y3ksi9w651876-ncurses-5.9
Deriver: 2nbrvsf3g3xl3bwh3cfvb2rvwsc8n0kn-emacs-24.3.drv
System: x86_64-linux
Signature: 1;hydra.gnu.org;KHNpZ25hdHVyZSAKIChkYXRhIAogIChmbGFncyBwa2NzMSkKICAoaGFzaCBzaGEyNTYgI0EzM0UxOEI2QUU3QTZFNjEwN0I0MDQ2NjMxQkNGOTFBM0EwNTQwMTlEQTA1NkI0NjA5MDg0QThDNTlBRjA1RjMjKQogICkKIChzaWctdmFsIAogIChyc2EgCiAgIChzICM2NzgzMjA2MzBBRTA3QkM2M0ZBRTQ5MkY2QkI0OEJGMTBBMDAwNThGRTY1OTE2NDgzQjZFNERBRDk2NTlBQzY0OTRFMjVCQzlEMUIwMTMzN0QxMEFDRTRFNDYyODI3OEI0ODVFMDM2NkU4Mzc3MzE3QUM4M0ZGQkQ5NkU2MDJCRUZBOENBQTk4QzlBRDJCRTJDRjJCRjQ4QzYzQUVFNTFBNDNGMkJBM0ZGNjI0NTc0NTU0NjJGNjY1Mjg2OTBBRkU3ODJCMEJBNjdDMjgxMkU5MjZGNzNCOEZEMzQyQTZDMzgyNEZCNkFBQTBCQTk2RjhCM0FENjgzREQzOUU3ODNDQzI0MzQ2NjBGNjRFQTU5OUU4QkEwNkREMTczM0RFQjc0QjM2OEUzMTIwMkI0NjZBOUEzOTc1ODM4Q0MzNjFDODlBMkQ0MzEzMzlDMjkxRkM3Q0JBQzUzMDM4Qjg0MTE1MjZCMjU1NjE4MTBCQTEzRkJGMERERUFDM0E3MDJFOURCNTFENDQyNTQ1QjIzOTAxMzA4QjdBRjk2QUY3MTdBRTNGODBBNTk1MzNFMUJENUU2QTZBNzQ0NDJDRkIwNzFENTM2RDYyODhDMkRCRURBNTlCOTEwMjVFRTRFMENERDU1NTEwOUIxM0YwQzhBRUY4MkNCOTZBRDlEMkYzRjhFRjU4QzYxQUEwNzg0OUVEMkFEMDE2QkZCMjU0RDdDQTlEMTY2NkJFMDE3M0E0QzI4NkEyOTdEM0ZFQ0MyNjdGMTUxQTdFMEREN0FDRjc3MDg1MjRFODk3NzgxMjU5Qzc5MUYyQjExNURBNUNEMjU3RjE2QzJCREQwRDIyOUY2RDA4QkY0RjNCQjUzQjM2QjU5MjAzQzIxODkyQ0FCOUI2MUZGRkVEREE1QjY3MEI0MDY5OTYxNzQ5Rjg2QUVGQzMzMjQ5RUQzNDQ3MjVGRDkyRkI0NzI1MzgxQkRFM0VENjIwQ0IwNDRGQjMyMjVGMkU3Q0I4ODdGNjVFRTgyMkNGNTg4ODMwMkRCMUY2RkNERTVCQkYxMzAxNTczRTU0MTZCM0E3Q0FDODYyMkE2OUUwNTk5QjAyRDhBQUQwNDc1NENBMjcxOTdCMjkzNjIzMTVCNTQ2RTg4NzhFRDc2REZBOTAyN0RGQjc0MkEzMDVBRkUwQjNDRTBGRjNCNEE3MUI1NTU5ODIwMjM2OUFFMDY2MEZDNTU0QjYzQ0ZFQjRFRUU4MkU4RjZCMTFERDU5NUY3Rjg0NDI1RUExRkYyNjU5Q0EyMkE3QUMzNDBCQTZGNjNDNzU2QzdCRUU4NTlCQzlDQTQ0RDk3OTc1QzYwMkMwRjk4MTRDMUQ2QzczMDg3ODZEIykKICAgKQogICkKIChwdWJsaWMta2V5IAogIChyc2EgCiAgIChuICMwMERCMTYzNEUzRDlERkFDOTdBRTQ3MzREQUU5NjhDQ0IxNUVFNDgxNUM4MkJEQzI1NDg4M0RCQjQ5RkUxRUYzMjI2OEU4MkQ0QkJFMEUzNTI5OEM0ODFDOURBMTU1MTY0MkZBRkYwNUFFQzFBNjA3MTJGMUJCNEJFN0QyNUQ3RUZGN0E0Rjg5NzA0QTVBOUFDMjMyODcwQ0I5RjI0NzZDM0I1MzhBMEU5OTBBODgyNURFQjczMDgxRDMxNzAwMUZCOEExODg2MDBGMkZFRjVGNUY1NzBFODU3RjNFRTQzNTUwNzdBM0MzOTE4RUQ3MjcyM0E1NkJBNTVDNDY2RDQwMDY1ODk3NEQ3REFEMUY2QjdCNjNDMTkyQjlDMjcwNEQ5OEJCRkYxQzNCRDVCOEVGMTFBOEFEQzgzQUNCOEZEOEU5RjFFNzkyRkRBRDI2MjQxNUQxM0YyREVFNTVGMzMwOTA4Q0ZEQTlDM0M4QzMyQjY0RjdERDA4ODQ1N0QzNEY0NDVFMkUyQzgzQzZENjgwNTQ5REM5QjZFNjU3M0I4OTQ5NjU2NzIwNEVEMjg1RTY3QTI3OUYyRjY2NzA4MEJBOTQxRDgwRDAxNUNFODdCMEZCNkE5MUE5OUNFQ0M3RDkxRDJEMjEwQjAwRTRCNkU2MTFEQTUxREIwMDhGMURGRTNGQ0FDNkIyNzM5M0ZBNzgxRDQ1RjlBMTVGQzdCODc4NUEzRTg2QkE2NTkyQjI5MTZDQTIyQ0YxRTQwRkM4NUY4NUNBQ0E1OTA0NjExNTRGNThGMzU4MEIxNjM5ODkwOEVGMzIwNzZGNDExMjk5QzI4NzI3Qzk0RDg4QjZBNjE4Rjg0REQ3M0FFQkVEODI3MEJDQjY2OTA5MjhDQjFCRjI1MEMzNUUxRjZCRjNCMUIzMEQwNUJBMjQ2RUNFOEY2OUQ5MDY1REUyNkY0QjNFMEQ4MTRENzBBOUMyN0NCNUI3QjA1MEM5MDkwNTkwRDNBOUVGODMzNzRGMjY0M0U1NDQ2RkJEMzlEREIxMjREQkY2REZEQUE2RDE4RTI1NjBBRDBDQkZBMTFDOTU5QzlCNzMxNkJGMTk5NjNBMTkxOTY3MDU0RTlGRDk3REMxNEQ3MTA4MkIzMEIxQzkwQTQ2RTg5OTY2ODI0NzRDM0JDQjUxQkEwODgyOTU4ODk3QjZERDM1RTQxQjUxNzREMEE2QkNERTk3Qjg5MDQzRTk1QkQxQjcwREU2MURBNjY2ODkzQjQxNzE5NkExODAwMDU0NjZCQzNBNzQyRkRGMDRFODlCMDQ0NjBFM0U2QkM3MkU3RjFCNUZFQTVCMzA5MkZFRTU1MUEzQzQ0N0MxMkUxMDRFNjUjKQogICAoZSAjMDEwMDAxIykKICAgKQogICkKICkK
--8<---------------cut here---------------end--------------->8---

The Signature line above is a base64-encoded canonical sexp signature
(as for ‘guix archive’.)

With Hydra now ready, I’ve done some testing with Nikita’s cool work on
adding support for authentication/authorization of signed binaries.

Here’s a sample session, using the internal interface to ‘guix
substitute-binary’, with wip-signed-archives:

--8<---------------cut here---------------start------------->8---
$ echo "have /gnu/store/1j3w0vvh1ya3l382ls5h1s75fvvdxbzk-emacs-24.3" | sudo ./pre-inst-env guix substitute-binary --query


$ sudo ./pre-inst-env guix substitute-binary --substitute /gnu/store/1j3w0vvh1ya3l382ls5h1s75fvvdxbzk-emacs-24.3 foo

guix substitute-binary: error: unauthorized public key

$ cat hydra-key.pub | sudo guix archive --authorize

$ echo "have /gnu/store/1j3w0vvh1ya3l382ls5h1s75fvvdxbzk-emacs-24.3" | sudo ./pre-inst-env guix substitute-binary --query

/gnu/store/1j3w0vvh1ya3l382ls5h1s75fvvdxbzk-emacs-24.3
--8<---------------cut here---------------end--------------->8---

What we see here is that ‘has-substitutes?’ requests simply return #f if
a substitute is available but is invalid (lacks a signature, or has a
wrong signature, or is signed by an unauthorized key.)  ‘--substitute’
requests error out when that happens.

Nikita: comments welcome on the two commits I just pushed in
wip-signed-archives.

I’ll try to add tests for that, but overall, it seems to be getting into
shape!

Thanks,
Ludo’.

Re: wip-signed-archives progress report

[Nikita Karetnikov]

[-- Attachment #1: Type: text/plain, Size: 259 bytes --]

> Nikita: comments welcome on the two commits I just pushed in
> wip-signed-archives.

Thanks for working on it.  One question: in the past, you told me to
avoid ‘false-if-exception’.  If it’s an issue here, can we replace it
with something else?

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

Re: wip-signed-archives progress report

[Ludovic Courtès]

Nikita Karetnikov <nikita@karetnikov.org> skribis:

>> Nikita: comments welcome on the two commits I just pushed in
>> wip-signed-archives.
>
> Thanks for working on it.  One question: in the past, you told me to
> avoid ‘false-if-exception’.  If it’s an issue here, can we replace it
> with something else?

What did I say?  :-)  (We have a saying in French: “do what I say, not
what I do”.  ;-))

I used it in two places:

                   (false-if-exception
                    (and=> signature narinfo-signature->canonical-sexp))

and:

  (define (valid-narinfo? narinfo)
    "Return #t if NARINFO's signature is not valid."
    (false-if-exception (begin (assert-valid-narinfo narinfo) #t)))

‘false-if-exception’ should indeed be used with care, because it hides
every error (including unbound var errors and such!), so it could be
hiding errors that really ought to be reported.

In the above cases I considered it OK, because the set of exceptions
that can possibly be raised is limited, and because the outcome of
‘false-if-exception’ is conservative (that is, at worst all narinfos
will be treated as if they were unsigned or invalid.)

Does it makes sense?

Ludo’.

Support for signed substitutes pushed

[Ludovic Courtès]

[-- Attachment #1: Type: text/plain, Size: 6214 bytes --]

I just pushed support for signed substitutes (which is
wip-signed-archives plus many tests, documentation, and some
improvements) in ‘master’.

From now on, ‘guix substitute-binary’ automatically authenticates
substitutes, and ignores those not signed by an authorized public key.
By default, no key is authorized.

On my machine, ‘guix build emacs n’ with 40 substitutes needed takes
~4.8 seconds instead of ~3.5 seconds before (wall clock.)  There’s
probably room for improvement, but there’s also the fact that it has to
check all these signatures.

Please run ‘make check’, try it, and report any problems.  Note that
commit bf59c06 adds the public key used to sign substitutes from
hydra.gnu.org.  This commit is GPG-signed by me, like this message.
It’s a 4096-bit RSA key (RSA, not Curve25519, so that users of
libgcrypt < 1.6 can use it too):

 (public-key 
  (rsa 
   (n #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268E82D4BBE0E35298C481C9DA1551642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B538A0E990A8825DEB73081D317001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D400658974D7DAD1F6B7B63C192B9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F330908CFDA9C3C8C32B64F7DD088457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F667080BA941D80D015CE87B0FB6A91A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15FC7B8785A3E86BA6592B2916CA22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D88B6A618F84DD73AEBED8270BCB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70A9C27CB5B7B050C9090590D3A9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF19963A191967054E9FD97DC14D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE97B89043E95BD1B70DE61DA666893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE551A3C447C12E104E65#)
   (e #010001#)
   )
  )

I would very much welcome review and feedback.  The documentation
(appended below) and tests provide a good starting point.

Thanks again to Nikita for all the good work!

Ludo’.


3.3 Substitutes
===============

Guix supports transparent source/binary deployment, which means that it
can either build things locally, or download pre-built items from a
server.  We call these pre-built items "substitutes"—they are
substitutes for local build results.  In many cases, downloading a
substitute is much faster than building things locally.

   Substitutes can be anything resulting from a derivation build (*note
Derivations::).  Of course, in the common case, they are pre-built
package binaries, but source tarballs, for instance, which also result
From derivation builds, can be available as substitutes.

   The ‘hydra.gnu.org’ server is a front-end to a build farm that builds
packages from the GNU distribution continuously for some architectures,
and makes them available as substitutes.

   To allow Guix to download substitutes from ‘hydra.gnu.org’, you must
add its public key to the access control list (ACL) of archive imports,
using the ‘guix archive’ command (*note Invoking guix archive::).  Doing
so implies that you trust ‘hydra.gnu.org’ to not be compromised and to
serve genuine substitutes.

   This public key is installed along with Guix, in
‘PREFIX/share/guix/hydra.gnu.org.pub’, where PREFIX is the installation
prefix of Guix.  If you installed Guix from source, make sure you
checked the GPG signature of ‘guix-0.6.tar.gz’, which contains this
public key file.  Then, you can run something like this:

     # guix archive --authorize < hydra.gnu.org.pub

   Once this is in place, the output of a command like ‘guix build’
should change from something like:

     $ guix build emacs --dry-run
     The following derivations would be built:
        /gnu/store/yr7bnx8xwcayd6j95r2clmkdl1qh688w-emacs-24.3.drv
        /gnu/store/x8qsh1hlhgjx6cwsjyvybnfv2i37z23w-dbus-1.6.4.tar.gz.drv
        /gnu/store/1ixwp12fl950d15h2cj11c73733jay0z-alsa-lib-1.0.27.1.tar.bz2.drv
        /gnu/store/nlma1pw0p603fpfiqy7kn4zm105r5dmw-util-linux-2.21.drv
     …

to something like:

     $ guix build emacs --dry-run
     The following files would be downloaded:
        /gnu/store/pk3n22lbq6ydamyymqkkz7i69wiwjiwi-emacs-24.3
        /gnu/store/2ygn4ncnhrpr61rssa6z0d9x22si0va3-libjpeg-8d
        /gnu/store/71yz6lgx4dazma9dwn2mcjxaah9w77jq-cairo-1.12.16
        /gnu/store/7zdhgp0n1518lvfn8mb96sxqfmvqrl7v-libxrender-0.9.7
     …

This indicates that substitutes from ‘hydra.gnu.org’ are usable and will
be downloaded, when possible, for future builds.

   Guix ignores substitutes that are not signed, or that are not signed
by one of the keys listed in the ACL. It also detects and raise an error
when attempting to use a substitute that has been tampered with.

   The substitute mechanism can be disabled globally by running
‘guix-daemon’ with ‘--no-substitutes’ (*note Invoking guix-daemon::).
It can also be disabled temporarily by passing the ‘--no-substitutes’
option to ‘guix package’, ‘guix build’, and other command-line tools.

   Today, each individual’s control over their own computing is at the
mercy of institutions, corporations, and groups with enough power and
determination to subvert the computing infrastructure and exploit its
weaknesses.  While using ‘hydra.gnu.org’ substitutes can be convenient,
we encourage users to also build on their own, or even run their own
build farm, such that ‘hydra.gnu.org’ is less of an interesting target.

   Guix has the foundations to maximize build reproducibility (*note
Features::).  In most cases, independent builds of a given package or
derivation should yield bit-identical results.  Thus, through a diverse
set of independent package builds, we can strengthen the integrity of
our systems.

   In the future, we want Guix to have support to publish and retrieve
binaries to/from other users, in a peer-to-peer fashion.  If you would
like to discuss this project, join us on <guix-devel@gnu.org>.

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

Re: Support for signed substitutes pushed

[Alex Sassmannshausen]

[-- Attachment #1: Type: text/plain, Size: 732 bytes --]

Hello,

I ran into some problems setting up substitution: when running
# guix archive --authorize < hydra.gnu.org.pub
guix persistently returned 
guix archive: error: No such file or directory

I was finally able to resolve this problem by 
# mkdir /usr/local/etc/guix

In config.scm %config-directory is either $NIX_CONF_DIR or
/usr/local/etc/guix. This is used as the directory for the acl file.

I imagine that directory is set during ./configure. Maybe this directory
should be created if necessary?

Other than that, everything now seems to be working as suggested by the
instructions so congrats to you and Nikita for your hard work!

Please find a tiny patch attached fixing a typo in the documentation.

Best wishes,

Alex


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Typo fix --]
[-- Type: text/x-diff, Size: 954 bytes --]

From 99fb1eed13590ac070a86b22444d7b040c2e7276 Mon Sep 17 00:00:00 2001
From: Alex Sassmannshausen <alex.sassmannshausen@gmail.com>
Date: Mon, 31 Mar 2014 20:08:26 +0200
Subject: [PATCH] doc: fix typo.

* doc/guix.texi (Substitutes): add a missing 's'.
---
 doc/guix.texi |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 5bd7dbd..3d76f48 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -979,7 +979,7 @@ This indicates that substitutes from @code{hydra.gnu.org} are usable and
 will be downloaded, when possible, for future builds.
 
 Guix ignores substitutes that are not signed, or that are not signed by
-one of the keys listed in the ACL.  It also detects and raise an error
+one of the keys listed in the ACL.  It also detects and raises an error
 when attempting to use a substitute that has been tampered with.
 
 The substitute mechanism can be disabled globally by running
-- 
1.7.10.4

Re: Support for signed substitutes pushed

[Ludovic Courtès]

Alex Sassmannshausen <alex.sassmannshausen@gmail.com> skribis:

> I ran into some problems setting up substitution: when running
> # guix archive --authorize < hydra.gnu.org.pub
> guix persistently returned 
> guix archive: error: No such file or directory
>
> I was finally able to resolve this problem by 
> # mkdir /usr/local/etc/guix
>
> In config.scm %config-directory is either $NIX_CONF_DIR or
> /usr/local/etc/guix. This is used as the directory for the acl file.
>
> I imagine that directory is set during ./configure. Maybe this directory
> should be created if necessary?

Indeed.  Commit de28fef should fix this.

> Other than that, everything now seems to be working as suggested by the
> instructions so congrats to you and Nikita for your hard work!

Thanks for testing!  :-)

> Please find a tiny patch attached fixing a typo in the documentation.

Applied.

Ludo’.

Re: Support for signed substitutes pushed

[Ludovic Courtès]

ludo@gnu.org (Ludovic Courtès) skribis:

> On my machine, ‘guix build emacs n’ with 40 substitutes needed takes
> ~4.8 seconds instead of ~3.5 seconds before (wall clock.)

This is down to ~3.8 seconds with today’s commits.

Ludo’.

Re: Support for signed substitutes pushed

[Andreas Enge]

Excellent work, thank you!

On Sun, Mar 30, 2014 at 11:54:10PM +0200, Ludovic Courtès wrote:
> Please run ‘make check’, try it, and report any problems.  Note that
> commit bf59c06 adds the public key used to sign substitutes from
> hydra.gnu.org.  This commit is GPG-signed by me, like this message.
> It’s a 4096-bit RSA key (RSA, not Curve25519, so that users of
> libgcrypt < 1.6 can use it too):

Are we limited to exactly one signature, or could hydra.gnu.org sign with
two keys, a legacy and a modern one?

Andreas

Re: Support for signed substitutes pushed

[Ludovic Courtès]

Andreas Enge <andreas@enge.fr> skribis:

> Excellent work, thank you!

You’re welcome.  :-)  Does it work for you?

> On Sun, Mar 30, 2014 at 11:54:10PM +0200, Ludovic Courtès wrote:
>> Please run ‘make check’, try it, and report any problems.  Note that
>> commit bf59c06 adds the public key used to sign substitutes from
>> hydra.gnu.org.  This commit is GPG-signed by me, like this message.
>> It’s a 4096-bit RSA key (RSA, not Curve25519, so that users of
>> libgcrypt < 1.6 can use it too):
>
> Are we limited to exactly one signature, or could hydra.gnu.org sign with
> two keys, a legacy and a modern one?

It can only sign with one key.

Eventually we can start requiring libgcrypt 1.6, but I felt it’s too
early for that.

Ludo’.

Re: Support for signed substitutes pushed

[Andreas Enge]

On Thu, Apr 03, 2014 at 09:48:55PM +0200, Ludovic Courtès wrote:
> Andreas Enge <andreas@enge.fr> skribis:
> > Excellent work, thank you!
> You’re welcome.  :-)  Does it work for you?

Definitely, otherwise I would have complained ;-)

Andreas