From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id cPSDJs6ZVGHE+QAAgWs5BA (envelope-from ) for ; Wed, 29 Sep 2021 18:52:30 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id iA4aIs6ZVGGAVAAAB5/wlQ (envelope-from ) for ; Wed, 29 Sep 2021 16:52:30 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 10E2B2F644 for ; Wed, 29 Sep 2021 18:52:30 +0200 (CEST) Received: from localhost ([::1]:47856 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mVcon-0004TI-6W for larch@yhetil.org; Wed, 29 Sep 2021 12:52:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39242) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mVcoM-0004Ru-RP for guix-patches@gnu.org; Wed, 29 Sep 2021 12:52:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:38469) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mVcoM-00053w-BL for guix-patches@gnu.org; Wed, 29 Sep 2021 12:52:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1mVcoM-0008T5-6d for guix-patches@gnu.org; Wed, 29 Sep 2021 12:52:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once. Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 29 Sep 2021 16:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 50892 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Tobias Geerinckx-Rice Cc: 50892@debbugs.gnu.org Received: via spool by 50892-submit@debbugs.gnu.org id=B50892.163293428732498 (code B ref 50892); Wed, 29 Sep 2021 16:52:02 +0000 Received: (at 50892) by debbugs.gnu.org; 29 Sep 2021 16:51:27 +0000 Received: from localhost ([127.0.0.1]:50015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mVcnf-0008Rf-6i for submit@debbugs.gnu.org; Wed, 29 Sep 2021 12:51:27 -0400 Received: from mail-qt1-f176.google.com ([209.85.160.176]:40887) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mVcna-0008RJ-5c for 50892@debbugs.gnu.org; Wed, 29 Sep 2021 12:51:17 -0400 Received: by mail-qt1-f176.google.com with SMTP id b16so2920720qtt.7 for <50892@debbugs.gnu.org>; Wed, 29 Sep 2021 09:51:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=kqgz05eoW2Y8MfUiN9hHLGwvNvXAfWQSyqqycdx7jOI=; b=RtVNjOa0FSG2HmOD+mB4JgmOHQo4R8fEprdJ0MO5VJlHnJDdp9728b5XQhLnJkuMO5 m2LOMji6A4rI6899SE5vYPg8K5coNOhaNIrItbaqCPRG8sZME64CfGAXPXb74cwdaqlS 3ydju1tzdWNK0Bvmn6ydlowwkXgAxop0AJZnXnQugZWR++N0VTKpBotJOYeDy//6j3nc U8p5fO6cwnD3LJWH1Y36M7D4GNTHIu/9/2/vNhpvm2MCLvmHaoBQQ2FQuaGAhkgW3uLU ev5tIQ/ENT+ZJB1MAbbYPQn/jxnfDVpR6eux+NtFz/nVDAgr3TAEdrsnUyGVD60U/TbK b0tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=kqgz05eoW2Y8MfUiN9hHLGwvNvXAfWQSyqqycdx7jOI=; b=eiH0iLhZ2keHQ7TAfYA/V2OJAPdICMoaXKAFDPFNtASs+Ck9SSxgozwh7WXuoOHSRQ aamwkQKsDItIwmBnECBOmNMoLipNSbiy1Oljp7z3um1FtEvJFYtROhZLyH0OXtNswMOE ArjF0e23SiCndSh9gbCAFPjbtPaOv9bTSsFGEG1/mYDCj1Z0dphI4EDNWxxncJpMSBG9 VhOCF9eNpnWzvW+484d1qHQAq7QmnjuWMkhFpfarAWUM9jKa24EjZ+iBDxh1Ok1zQx4J 8fv/DD1WH+JifZ9DMM8I9jTmiU/xZTEVdCcuQi5GC7tCk+V+O7HNNQ8BwbnVvhQNl6lh /q7A== X-Gm-Message-State: AOAM532pZ4ZVVn4ZWI4fZ4hHSUPeBwJJM58obbCxs35M7c/7EE+8t3hD dxNp+fJc43IjsLjpwfGgJ9GUlUDRK8w= X-Google-Smtp-Source: ABdhPJxu+SWluloaItmv7ZmVB4fIIvyxngIFENMsEJTGXywgMnOiW1tjw5Ml6gnnPSbjFmRDthhX7Q== X-Received: by 2002:ac8:56f9:: with SMTP id 25mr1072727qtu.374.1632934268434; Wed, 29 Sep 2021 09:51:08 -0700 (PDT) Received: from hurd ([207.35.95.110]) by smtp.gmail.com with ESMTPSA id a3sm239851qta.48.2021.09.29.09.51.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Sep 2021 09:51:08 -0700 (PDT) From: Maxim Cournoyer References: <20210929154310.25788-1-me@tobias.gr> Date: Wed, 29 Sep 2021 12:51:07 -0400 In-Reply-To: <20210929154310.25788-1-me@tobias.gr> (Tobias Geerinckx-Rice's message of "Wed, 29 Sep 2021 17:43:10 +0200") Message-ID: <87r1d71g1w.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1632934350; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=kqgz05eoW2Y8MfUiN9hHLGwvNvXAfWQSyqqycdx7jOI=; b=CZ4dppfUsawPVThlGPN6ArueYp/lKrzp5eSVtTiLuJ0yCnVN0lPFZAUedp4FGJrYFqz2QS O50rXmSFH2kKN799LqlAWGvNlr/Y895M75eaV2rj+KbVMeHEq2GaLEW02cNqddp1vb8YNj hREqUeUDsZ57n50eRUqxdhr92+KCRHfTZCcMJy2wjWHd2U7wr9sGkDOuJo6ZaTgtVxOCvm x0sYZQJvOGTG4y/iVuWxPmZF1RnofuMhNG3FdlM2TR6Ow3qzf3IYpDm3bgTh+TdRHpFoAY 9u3hQ2zFZxc3pc82JYBFSVP7e5K4AwUoDQlNSj5sI2TX0yba8Rf9kE0VUb3DYw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1632934350; a=rsa-sha256; cv=none; b=SLj1kxlmaj4dHLpEJKN2drU8eZq00ZJ9YsJ//t54uXGw2ahWUGDhoL5KTFOq35X5yb+Dth qKRzNljD5j7mKwhHj/erIuSK5zwa+Tgggfik8cUaGDBKeTQeRWdCF+PtWKRxC1IwN73ySi cfbD0b8aox9rpJ+CD4XjTa/SeIZQpNExyFuNrx7fvbHooHYlYc2nG/4SzZbhAtOgnVjzZS FIuz94UaFbNdlakZvxkmyp2xy75YlIf2JeJnqdKjdp/eFBip3nsEx6oaripitIDFC/V5g2 9MG3H6s3aqUi7VpP9aWTXxqNQQczWt8dkncmo/6S8o2lnTbJH9WL0mWJqOl1qQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=RtVNjOa0; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -1.70 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=RtVNjOa0; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 10E2B2F644 X-Spam-Score: -1.70 X-Migadu-Scanner: scn1.migadu.com X-TUID: Xq427aWRYkc5 Tobias Geerinckx-Rice writes: > * etc/guix-install.sh (sys_authorize_build_farms): > Iterate over all hosts. > --- > etc/guix-install.sh | 23 +++++++++++++++-------- > 1 file changed, 15 insertions(+), 8 deletions(-) > > diff --git a/etc/guix-install.sh b/etc/guix-install.sh > index b0d4a8b95e..e3b8485a50 100755 > --- a/etc/guix-install.sh > +++ b/etc/guix-install.sh > @@ -1,21 +1,21 @@ > #!/bin/sh > # GNU Guix --- Functional package management for GNU > # Copyright =C2=A9 2017 sharlatan > # Copyright =C2=A9 2018 Ricardo Wurmus > # Copyright =C2=A9 2018 Efraim Flashner > -# Copyright =C2=A9 2019, 2020 Tobias Geerinckx-Rice > +# Copyright =C2=A9 2019=E2=80=932021 Tobias Geerinckx-Rice > # Copyright =C2=A9 2020 Morgan Smith > # Copyright =C2=A9 2020 Simon Tournier > # Copyright =C2=A9 2020 Daniel Brooks > # Copyright =C2=A9 2021 Jakub K=C4=85dzio=C5=82ka > # Copyright =C2=A9 2021 Chris Marusich > # Copyright =C2=A9 2021 Maxim Cournoyer > # > # This file is part of GNU Guix. > # > # GNU Guix is free software; you can redistribute it and/or modify it > # under the terms of the GNU General Public License as published by > # the Free Software Foundation; either version 3 of the License, or (at > # your option) any later version. > # > # GNU Guix is distributed in the hope that it will be useful, but > @@ -476,38 +476,45 @@ sys_enable_guix_daemon() > ;; > esac >=20=20 > _msg "${INF}making the guix command available to other users" >=20=20 > [ -e "$local_bin" ] || mkdir -p "$local_bin" > ln -sf "${var_guix}/bin/guix" "$local_bin" >=20=20 > [ -e "$info_path" ] || mkdir -p "$info_path" > for i in "${var_guix}"/share/info/*; do > ln -sf "$i" "$info_path" > done > } >=20=20 > sys_authorize_build_farms() > -{ # authorize the public key of the build farm > +{ # authorize the public key(s) of the build farm(s) > + local hosts=3D( > + ci.guix.gnu.org > + bordeaux.guix.gnu.org > + ) > + > if prompt_yes_no "Permit downloading pre-built package binaries from= the \ > -project's build farm? (yes/no)"; then > - guix archive --authorize \ > - < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pu= b" \ > - && _msg "${PAS}Authorized public key for ci.guix.gnu.org" > - else > - _msg "${INF}Skipped authorizing build farm public keys" > +project's build farms? (yes/no)"; then > + for host in "${hosts[@]}"; do > + guix archive --authorize \ > + < "~root/.config/guix/current/share/guix/$host.pub" \ > + && _msg "${PAS}Authorized public key for $host" > + done > + else > + _msg "${INF}Skipped authorizing build farm public keys" > fi > } >=20=20 > sys_create_init_profile() > { # Define for better desktop integration > # This will not take effect until the next shell or desktop session! > [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case > cat <<"EOF" > /etc/profile.d/guix.sh > # _GUIX_PROFILE: `guix pull` profile > _GUIX_PROFILE=3D"$HOME/.config/guix/current" > export PATH=3D"$_GUIX_PROFILE/bin${PATH:+:}$PATH" > # Export INFOPATH so that the updated info pages can be found > # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info > # When INFOPATH is unset, add a trailing colon so that Emacs > # searches 'Info-default-directory-list'. Tested on a VM: ./guix-install.sh: line 500: ~root/.config/guix/current/share/guix/bordeaux= .guix.gnu.org.pub: No such file or directory root@ubuntu:~# echo $? 1 I think we should fetch the keys from our online repo, so we can ensure 1. they are available 2. they are up to date. Thanks! Maxim