From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
To: Andreas Enge <andreas@enge.fr>
Cc: help-guix@gnu.org, Adrien 'neox' Bourmault <neox@a-lec.org>,
Jason Self <j@jxself.org>
Subject: Re: Guix 1.4.0+i686: getting ghc substitutes?
Date: Sat, 26 Oct 2024 18:33:24 +0200 [thread overview]
Message-ID: <20241026183254.64544589@primarylaptop.localdomain> (raw)
In-Reply-To: <ZxtiGAutkchMFfey@jurong>
[-- Attachment #1: Type: text/plain, Size: 3909 bytes --]
On Fri, 25 Oct 2024 11:17:12 +0200
Andreas Enge <andreas@enge.fr> wrote:
> Hello Denis,
Hi,
> Am Thu, Oct 24, 2024 at 04:32:33PM +0200 schrieb Denis 'GNUtoo'
> Carikli:
> > And so I end up being able to download these:
> > > $ guix build \
> > > --substitute-urls=https://bordeaux.guix.gnu.org \
> > > --system=i686-linux \
> > > pandoc
> > > [...]
> > > substituting
>
> this looks as if you are using too old a Guix daemon; more recent
> versions enable the Bordeaux build farm by default.
Before I did most of the tests on Guix system, and I only verified that
my script that detects the use of Bordeaux worked on both Guix system
and a fresh Trisquel 11 VM, with Guix installed through
guix-install.sh, without substitutes enabled.
But when doing more tests before finishing the patches for GNU Boot[1] I
found more issues.
Missing Bordeaux in older Debian packages:
------------------------------------------
In debian/rules of the Trisquel package, we have that (modified to fit
the ~70 lines limits of mails):
> override_dh_install:
> dh_install
> [...]
> # Add /etc/default/acl with the default substitute server,
> # with identical output as "guix archive --authorize"
> mkdir -p debian/guix/etc/guix/
> printf '(acl\n (entry\n' > \
> debian/guix/etc/guix/acl
> sed -e 's,^, ,g' -e 's, $$,,g' \
> etc/substitutes/ci.guix.gnu.org.pub >> \
> debian/guix/etc/guix/acl
> printf ' (tag\n (guix import)\n )\n )\n )\n' >> \
> debian/guix/etc/guix/acl
Bordeaux is added later on in the Debian package[2].
After testing on Trisquel 11 with the Guix package, as expected,
'guix build --substitute-urls=https://bordeaux.guix.gnu.org' results in
ghc being built instead of downloaded.
So I'm unsure what to do here. I could ask to add Bordeaux in the
Trisquel package but that's probably not the best way to deal with that.
Potential issue with /etc/guix/acl
----------------------------------
My previous attempt to workaround the lack of substitutes was to detect
bordeaux and force its use if it's authorized. Here's my code (GPLv3+):
> (define bordeaux.guix.gnu.org
> "(public-key
> (ecc
> (curve Ed25519)
> (q
> #7D602902D3A2DBB83F8A0FB98602A754C5493B0B778C8D1DD4E0F41DE14DE34F#)))")
>
> (if (authorized-key? (string->canonical-sexp bordeaux.guix.gnu.org))
> (display "--substitute-urls=https://bordeaux.guix.gnu.org"))
But in some situations we have:
> $ guix repl force-bordeaux-substitute.scm
> guix repl: error: open-file: Permission denied: "/etc/guix/acl"
So under Trisquel 11 with the guix package we have:
> $ ls -la /etc/guix/acl
> -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl
With Guix system we have:
> $ ls -la /etc/guix/acl
> -r--r--r-- 1 root root 528 Oct 26 13:53 /etc/guix/acl
With 'sudo ./guix-install.sh' with substitutes enabled we have:
> $ ls -la /etc/guix/acl
> -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl
And with 'sudo ./guix-install.sh' without substitutes enabled there is
no issue since /etc/guix/acl doesn't exist so my detection of Bordeaux
works fine.
Is this a bug? Should the permissions be the same in all the
situations? Beside bugreporting / fixing it in the Debian package and
in guix-install.sh, it also brings the question of what to do for
previous installations.
References:
-----------
[1]Since GNU Boot wants to make it as easy as possible to contribute I
test builds and changes in various environments (Trisquel 11 +
guix-install.sh, guix system, Trisquel 11 + guix package, etc).
[2]It's added in the commit 2700105e8f ("debian/rules: Add "bordeaux"
substitute server to /etc/guix/acl.") from the
https://salsa.debian.org/debian/guix.git/ repository.
Denis.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
prev parent reply other threads:[~2024-10-26 16:43 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-18 20:26 Guix 1.4.0+i686: getting ghc substitutes? Denis 'GNUtoo' Carikli
2024-10-24 14:32 ` Denis 'GNUtoo' Carikli
2024-10-25 9:17 ` Andreas Enge
2024-10-26 16:33 ` Denis 'GNUtoo' Carikli [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241026183254.64544589@primarylaptop.localdomain \
--to=gnutoo@cyberdimension.org \
--cc=andreas@enge.fr \
--cc=help-guix@gnu.org \
--cc=j@jxself.org \
--cc=neox@a-lec.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).