From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Signed archives Date: Mon, 27 Jan 2014 16:56:59 +0100 Message-ID: <87r47tfmes.fsf@gnu.org> References: <87txcqesqv.fsf@karetnikov.org> <87eh3ure1r.fsf@gnu.org> <87bnyyiv2u.fsf_-_@karetnikov.org> <87ha8qo7rl.fsf@gnu.org> <8761p5jv1g.fsf@karetnikov.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40686) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W7odU-0006R7-VQ for guix-devel@gnu.org; Mon, 27 Jan 2014 11:02:13 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W7odP-0000Cr-Io for guix-devel@gnu.org; Mon, 27 Jan 2014 11:02:08 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:47341) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W7odP-0000C5-CF for guix-devel@gnu.org; Mon, 27 Jan 2014 11:02:03 -0500 In-Reply-To: <8761p5jv1g.fsf@karetnikov.org> (Nikita Karetnikov's message of "Mon, 27 Jan 2014 19:36:59 +0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Nikita Karetnikov Cc: guix-devel@gnu.org Nikita Karetnikov skribis: > Sorry, I=E2=80=99m failing to understand how the protocol works. Is the = spec > available somewhere? No. > Could you describe the entire process in a step-by-step way? What does > happen when the client requests a substitute? You mentioned that the > client attempts to fetch the corresponding .narinfo file. What does > happen after that? The substituter can be invoked either in query mode, or in substitution mode. In query mode, it is passed a list of store file names, and it must tell whether substitutes exist for them. This is what happens, for instance, when running =E2=80=98guix build foo --dry-run=E2=80=99: it allows =E2=80= =98guix build=E2=80=99 to know what would be downloaded from hydra.gnu.org, and what would be built. In substitute mode, it is passed a list of store file names to actually substitute. =E2=80=98guix substitute-binary=E2=80=99 implements that protocol, with the= aim of reflecting binaries served by Hydra. Thus, its query mode consists in verifying whether the .narinfo for a given item exists at http://hydra.gnu.org. Its substitute mode consists in downloading the archive specified in the corresponding .narinfo. See the thread at . > Why does the client need to cache the answer? Does it check the cache > first? If it didn=E2=80=99t cache the answer, then it would have to do one HTTP GE= T for each item you want to build. For instance: guix build coreutils -n would lead something like 20 HTTP requests to hydra.gnu.org, which could take a lot of time. So, instead, it does two things: =E2=80=A2 it caches Hydra=E2=80=99s .narinfo or lack thereof, for a limit= ed time (see ); =E2=80=A2 when there=E2=80=99s no info in cache, a HTTP requests are made= in parallel (see .) > =E2=80=98guix authenticate=E2=80=99 accepts a =E2=80=98hash-file=E2=80=99= argument. Does it come from > the .narinfo file? No, it comes from LocalStore::importPath, in local-store.cc. > If so, should =E2=80=98substitute-binary.scm=E2=80=99 check the signature= against the > NarHash field? Hmm I think so, but we=E2=80=99d have to double-check whether that=E2=80=99= s what Nix actually does. HTH! Ludo=E2=80=99.