* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
@ 2021-09-29 15:43 Tobias Geerinckx-Rice via Guix-patches via
2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
2021-09-29 16:51 ` [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Maxim Cournoyer
0 siblings, 2 replies; 6+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-09-29 15:43 UTC (permalink / raw)
To: 50892
* etc/guix-install.sh (sys_authorize_build_farms):
Iterate over all hosts.
---
etc/guix-install.sh | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index b0d4a8b95e..e3b8485a50 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -1,21 +1,21 @@
#!/bin/sh
# GNU Guix --- Functional package management for GNU
# Copyright © 2017 sharlatan <sharlatanus@gmail.com>
# Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
# Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
-# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+# Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
# Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
# Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
# Copyright © 2020 Daniel Brooks <db48x@db48x.net>
# Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
# Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
@@ -476,38 +476,45 @@ sys_enable_guix_daemon()
;;
esac
_msg "${INF}making the guix command available to other users"
[ -e "$local_bin" ] || mkdir -p "$local_bin"
ln -sf "${var_guix}/bin/guix" "$local_bin"
[ -e "$info_path" ] || mkdir -p "$info_path"
for i in "${var_guix}"/share/info/*; do
ln -sf "$i" "$info_path"
done
}
sys_authorize_build_farms()
-{ # authorize the public key of the build farm
+{ # authorize the public key(s) of the build farm(s)
+ local hosts=(
+ ci.guix.gnu.org
+ bordeaux.guix.gnu.org
+ )
+
if prompt_yes_no "Permit downloading pre-built package binaries from the \
-project's build farm? (yes/no)"; then
- guix archive --authorize \
- < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
- && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
- else
- _msg "${INF}Skipped authorizing build farm public keys"
+project's build farms? (yes/no)"; then
+ for host in "${hosts[@]}"; do
+ guix archive --authorize \
+ < "~root/.config/guix/current/share/guix/$host.pub" \
+ && _msg "${PAS}Authorized public key for $host"
+ done
+ else
+ _msg "${INF}Skipped authorizing build farm public keys"
fi
}
sys_create_init_profile()
{ # Define for better desktop integration
# This will not take effect until the next shell or desktop session!
[ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
cat <<"EOF" > /etc/profile.d/guix.sh
# _GUIX_PROFILE: `guix pull` profile
_GUIX_PROFILE="$HOME/.config/guix/current"
export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
# Export INFOPATH so that the updated info pages can be found
# and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
# When INFOPATH is unset, add a trailing colon so that Emacs
# searches 'Info-default-directory-list'.
--
2.33.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
2021-09-29 15:43 [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Guix-patches via
@ 2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
[not found] ` <87edtaf7sz.fsf_-_@gnu.org>
2021-09-29 16:51 ` [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Maxim Cournoyer
1 sibling, 1 reply; 6+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-09-29 16:49 UTC (permalink / raw)
Cc: 50892
[-- Attachment #1: Type: text/plain, Size: 269 bytes --]
Tobias Geerinckx-Rice via Guix-patches via 写道:
> + <
> "~root/.config/guix/current/share/guix/$host.pub" \
This file is missing for bordeaux in the 1.3.0 release, so this
would have to wait until the next one…
Kind regards,
T G-R
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
2021-09-29 15:43 [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Guix-patches via
2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2021-09-29 16:51 ` Maxim Cournoyer
1 sibling, 0 replies; 6+ messages in thread
From: Maxim Cournoyer @ 2021-09-29 16:51 UTC (permalink / raw)
To: Tobias Geerinckx-Rice; +Cc: 50892
Tobias Geerinckx-Rice <me@tobias.gr> writes:
> * etc/guix-install.sh (sys_authorize_build_farms):
> Iterate over all hosts.
> ---
> etc/guix-install.sh | 23 +++++++++++++++--------
> 1 file changed, 15 insertions(+), 8 deletions(-)
>
> diff --git a/etc/guix-install.sh b/etc/guix-install.sh
> index b0d4a8b95e..e3b8485a50 100755
> --- a/etc/guix-install.sh
> +++ b/etc/guix-install.sh
> @@ -1,21 +1,21 @@
> #!/bin/sh
> # GNU Guix --- Functional package management for GNU
> # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
> # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
> # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
> -# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
> +# Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
> # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
> # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
> # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
> # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
> # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
> # Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
> #
> # This file is part of GNU Guix.
> #
> # GNU Guix is free software; you can redistribute it and/or modify it
> # under the terms of the GNU General Public License as published by
> # the Free Software Foundation; either version 3 of the License, or (at
> # your option) any later version.
> #
> # GNU Guix is distributed in the hope that it will be useful, but
> @@ -476,38 +476,45 @@ sys_enable_guix_daemon()
> ;;
> esac
>
> _msg "${INF}making the guix command available to other users"
>
> [ -e "$local_bin" ] || mkdir -p "$local_bin"
> ln -sf "${var_guix}/bin/guix" "$local_bin"
>
> [ -e "$info_path" ] || mkdir -p "$info_path"
> for i in "${var_guix}"/share/info/*; do
> ln -sf "$i" "$info_path"
> done
> }
>
> sys_authorize_build_farms()
> -{ # authorize the public key of the build farm
> +{ # authorize the public key(s) of the build farm(s)
> + local hosts=(
> + ci.guix.gnu.org
> + bordeaux.guix.gnu.org
> + )
> +
> if prompt_yes_no "Permit downloading pre-built package binaries from the \
> -project's build farm? (yes/no)"; then
> - guix archive --authorize \
> - < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
> - && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
> - else
> - _msg "${INF}Skipped authorizing build farm public keys"
> +project's build farms? (yes/no)"; then
> + for host in "${hosts[@]}"; do
> + guix archive --authorize \
> + < "~root/.config/guix/current/share/guix/$host.pub" \
> + && _msg "${PAS}Authorized public key for $host"
> + done
> + else
> + _msg "${INF}Skipped authorizing build farm public keys"
> fi
> }
>
> sys_create_init_profile()
> { # Define for better desktop integration
> # This will not take effect until the next shell or desktop session!
> [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
> cat <<"EOF" > /etc/profile.d/guix.sh
> # _GUIX_PROFILE: `guix pull` profile
> _GUIX_PROFILE="$HOME/.config/guix/current"
> export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
> # Export INFOPATH so that the updated info pages can be found
> # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
> # When INFOPATH is unset, add a trailing colon so that Emacs
> # searches 'Info-default-directory-list'.
Tested on a VM:
./guix-install.sh: line 500: ~root/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub: No such file or directory
root@ubuntu:~# echo $?
1
I think we should fetch the keys from our online repo, so we can ensure
1. they are available
2. they are up to date.
Thanks!
Maxim
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
[not found] ` <87edtaf7sz.fsf_-_@gnu.org>
@ 2022-12-08 21:27 ` pelzflorian (Florian Pelz)
2022-12-09 9:01 ` bug#50892: bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux Ludovic Courtès
[not found] ` <87ililzhx8.fsf@nckx>
1 sibling, 1 reply; 6+ messages in thread
From: pelzflorian (Florian Pelz) @ 2022-12-08 21:27 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 59781, Tobias Geerinckx-Rice, 50892
Ludovic Courtès <ludo@gnu.org> writes:
> If there are no objections I’d like to push to ‘master’ and
> ‘version-1.4.0’ this modified version of your patch.
Thank you two, this patch works (on 1.3.0 only ci.guix.gnu.org, on
1.4.0rc1 also bordeaux, except when I decline authorization).
Regards,
Florian
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#50892: bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux
2022-12-08 21:27 ` pelzflorian (Florian Pelz)
@ 2022-12-09 9:01 ` Ludovic Courtès
0 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2022-12-09 9:01 UTC (permalink / raw)
To: pelzflorian (Florian Pelz); +Cc: 50892-done, Tobias Geerinckx-Rice, 59781-done
Hi,
"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>> If there are no objections I’d like to push to ‘master’ and
>> ‘version-1.4.0’ this modified version of your patch.
>
> Thank you two, this patch works (on 1.3.0 only ci.guix.gnu.org, on
> 1.4.0rc1 also bordeaux, except when I decline authorization).
Pushed to both branches. Thanks to the two of you!
Ludo’.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [bug#50892] bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux
[not found] ` <87ililzhx8.fsf@nckx>
@ 2022-12-09 9:09 ` Ludovic Courtès
0 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2022-12-09 9:09 UTC (permalink / raw)
To: Tobias Geerinckx-Rice; +Cc: 59781, 50892
[-- Attachment #1: Type: text/plain, Size: 394 bytes --]
Hi,
Tobias Geerinckx-Rice <me@tobias.gr> skribis:
> (Ugh, this patch is so ugly, all to work around that triplication in
> ~/.config/guix/current/share/guix/*.pub… Would it be OK for ‘guix
> archive --authorize’ to silently ignore duplicate keys?)
Oh, good point. I guess we could change ‘public-keys->acl’ to
deduplicate entries. Maybe something along these lines:
[-- Attachment #2: Type: text/x-patch, Size: 1240 bytes --]
diff --git a/guix/pki.scm b/guix/pki.scm
index 6326e065e9..c5b2fb9634 100644
--- a/guix/pki.scm
+++ b/guix/pki.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -21,6 +21,7 @@ (define-module (guix pki)
#:use-module (gcrypt pk-crypto)
#:use-module ((guix utils) #:select (with-atomic-file-output))
#:use-module ((guix build utils) #:select (mkdir-p))
+ #:autoload (srfi srfi-1) (delete-duplicates)
#:use-module (ice-9 match)
#:use-module (ice-9 rdelim)
#:use-module (ice-9 binary-ports)
@@ -61,9 +62,10 @@ (define (public-keys->acl keys)
;; want to have name certificates and to use subject names instead of
;; complete keys.
`(acl ,@(map (lambda (key)
- `(entry ,(canonical-sexp->sexp key)
+ `(entry ,key
(tag (guix import))))
- keys)))
+ (delete-duplicates
+ (map canonical-sexp->sexp keys)))))
(define %acl-file
(string-append %config-directory "/acl"))
[-- Attachment #3: Type: text/plain, Size: 21 bytes --]
WDYT?
Ludo’.
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-12-09 9:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-29 15:43 [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Guix-patches via
2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
[not found] ` <87edtaf7sz.fsf_-_@gnu.org>
2022-12-08 21:27 ` pelzflorian (Florian Pelz)
2022-12-09 9:01 ` bug#50892: bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux Ludovic Courtès
[not found] ` <87ililzhx8.fsf@nckx>
2022-12-09 9:09 ` [bug#50892] " Ludovic Courtès
2021-09-29 16:51 ` [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Maxim Cournoyer
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).