unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
To: Andreas Enge <andreas@enge.fr>
Cc: help-guix@gnu.org, Adrien 'neox' Bourmault <neox@a-lec.org>,
	Jason Self <j@jxself.org>
Subject: Re: Guix 1.4.0+i686: getting ghc substitutes?
Date: Sat, 26 Oct 2024 18:33:24 +0200	[thread overview]
Message-ID: <20241026183254.64544589@primarylaptop.localdomain> (raw)
In-Reply-To: <ZxtiGAutkchMFfey@jurong>

[-- Attachment #1: Type: text/plain, Size: 3909 bytes --]

On Fri, 25 Oct 2024 11:17:12 +0200
Andreas Enge <andreas@enge.fr> wrote:

> Hello Denis,
Hi,

> Am Thu, Oct 24, 2024 at 04:32:33PM +0200 schrieb Denis 'GNUtoo'
> Carikli:
> > And so I end up being able to download these:
> > > $ guix build \
> > >   --substitute-urls=https://bordeaux.guix.gnu.org \
> > >   --system=i686-linux \
> > >   pandoc
> > > [...]
> > > substituting
> 
> this looks as if you are using too old a Guix daemon; more recent
> versions enable the Bordeaux build farm by default.
Before I did most of the tests on Guix system, and I only verified that
my script that detects the use of Bordeaux worked on both Guix system
and a fresh Trisquel 11 VM, with Guix installed through
guix-install.sh, without substitutes enabled.

But when doing more tests before finishing the patches for GNU Boot[1] I
found more issues.

Missing Bordeaux in older Debian packages:
------------------------------------------
In debian/rules of the Trisquel package, we have that (modified to fit
the ~70 lines limits of mails):
> override_dh_install:
>         dh_install
>         [...]
>         # Add /etc/default/acl with the default substitute server,
>         # with identical output as "guix archive --authorize"
>         mkdir -p debian/guix/etc/guix/
>         printf '(acl\n (entry\n' > \
>             debian/guix/etc/guix/acl
>         sed -e 's,^, ,g' -e 's, $$,,g' \ 
>             etc/substitutes/ci.guix.gnu.org.pub >> \
>             debian/guix/etc/guix/acl 
>         printf '  (tag\n   (guix import)\n )\n )\n )\n' >> \
>             debian/guix/etc/guix/acl

Bordeaux is added later on in the Debian package[2].

After testing on Trisquel 11 with the Guix package, as expected, 
'guix build --substitute-urls=https://bordeaux.guix.gnu.org' results in
ghc being built instead of downloaded.

So I'm unsure what to do here. I could ask to add Bordeaux in the
Trisquel package but that's probably not the best way to deal with that.

Potential issue with /etc/guix/acl
----------------------------------
My previous attempt to workaround the lack of substitutes was to detect
bordeaux and force its use if it's authorized. Here's my code (GPLv3+):
> (define bordeaux.guix.gnu.org
>   "(public-key
>      (ecc
>        (curve Ed25519)
>        (q
> #7D602902D3A2DBB83F8A0FB98602A754C5493B0B778C8D1DD4E0F41DE14DE34F#)))")
> 
> (if (authorized-key? (string->canonical-sexp bordeaux.guix.gnu.org))
>     (display "--substitute-urls=https://bordeaux.guix.gnu.org"))

But in some situations we have:
> $ guix repl force-bordeaux-substitute.scm
> guix repl: error: open-file: Permission denied: "/etc/guix/acl"

So under Trisquel 11 with the guix package we have:
> $ ls -la /etc/guix/acl 
> -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl

With Guix system we have:
> $ ls -la /etc/guix/acl
> -r--r--r-- 1 root root 528 Oct 26 13:53 /etc/guix/acl

With 'sudo ./guix-install.sh' with substitutes enabled we have:
> $ ls -la /etc/guix/acl 
> -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl

And with 'sudo ./guix-install.sh' without substitutes enabled there is
no issue since /etc/guix/acl doesn't exist so my detection of Bordeaux
works fine.

Is this a bug? Should the permissions be the same in all the
situations? Beside bugreporting / fixing it in the Debian package and
in guix-install.sh, it also brings the question of what to do for
previous installations.

References:
-----------
[1]Since GNU Boot wants to make it as easy as possible to contribute I
   test builds and changes in various environments (Trisquel 11 +
   guix-install.sh, guix system, Trisquel 11 + guix package, etc).

[2]It's added in the commit 2700105e8f ("debian/rules: Add "bordeaux"
   substitute server to /etc/guix/acl.") from the
   https://salsa.debian.org/debian/guix.git/ repository.

Denis.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

      reply	other threads:[~2024-10-26 16:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-18 20:26 Guix 1.4.0+i686: getting ghc substitutes? Denis 'GNUtoo' Carikli
2024-10-24 14:32 ` Denis 'GNUtoo' Carikli
2024-10-25  9:17   ` Andreas Enge
2024-10-26 16:33     ` Denis 'GNUtoo' Carikli [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20241026183254.64544589@primarylaptop.localdomain \
    --to=gnutoo@cyberdimension.org \
    --cc=andreas@enge.fr \
    --cc=help-guix@gnu.org \
    --cc=j@jxself.org \
    --cc=neox@a-lec.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).