From mboxrd@z Thu Jan  1 00:00:00 1970
From: Efraim Flashner <efraim@flashner.co.il>
Subject: bug#37865: guix pull: error: You found a bug:
Date: Wed, 23 Oct 2019 19:55:04 +0300
Message-ID: <20191023165504.GB15460@E5400>
References: <20191022083418.0c821e9d.kmx@posteo.net> <87sgnkwk5l.fsf@gnu.org>
 <20191023085503.7af886c5.kmx@posteo.net> <874kzzx023.fsf@gnu.org>
 <20191023162411.3d520e24.kmx@posteo.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="aM3YZ0Iwxop3KEKx"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:53572)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iNJvX-0003W0-Nn
 for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iNJvW-0004qZ-A6
 for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:54336)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iNJvV-0004qA-VC
 for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iNJvV-0004qI-Qk
 for bug-guix@gnu.org; Wed, 23 Oct 2019 12:56:01 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.37865.B37865.157184972018553@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <20191023162411.3d520e24.kmx@posteo.net>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Kai Mertens <kmx@posteo.net>
Cc: 37865@debbugs.gnu.org


--aM3YZ0Iwxop3KEKx
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 23, 2019 at 04:26:35PM +0200, Kai Mertens wrote:
> On Wed, 23 Oct 2019 11:50:44 +0200
> Ludovic Court=C3=A8s <ludo@gnu.org> wrote:
>=20
> > >> Did you enable substitutes from <https://ci.guix.gnu.org>?
> > >> See <https://guix.gnu.org/manual/en/html_node/Substitutes.html>.
> > >>  =20
> > >
> > > hmm, I did not enable substitutes explicitly in the command line, but
> > > as far as I remember, I allowed guix to use substitutes when I set it
> > > up some time ago. Is there a handy command that helps me to check the
> > > current configuration? Anyway, I was not using option --no-substitute=
s. =20
> >=20
> > If you installed it long ago, it could be that you authorized
> > substitutes from hydra.gnu.org (the former CI server, discontinued in
> > June=C2=B9) but not from ci.guix.gnu.org.
> >=20
>=20
> Yes indeed!
>=20
> > So you would need to check:
> >=20
> >   1. which substitute URL guix-daemon is using;
>=20
> I tried the example as seen in =E2=80=9C4.3.2 Substitute Server Authoriza=
tion=E2=80=9D:
>=20
> $ guix build emacs --dry-run
> substitute: updating list of substitutes from 'https://mirror.hydra.gnu.o=
rg'...  18.6%guix substitute: error: TLS error in procedure 'read_from_sess=
ion_record_port': The TLS connection was non-properly terminated.
> guix build: error: substituter `substitute' died unexpectedly
>=20
> So apparently, guix is using the obsolete hydra server.
>=20
> >=20
> >   2. which keys are authorized in /etc/guix/acl.
> >=20
>=20
> This file shows only one key, but that one is listed four times as like:
>  (entry=20
>   (public-key=20
>    (rsa=20
>     (n=20
>     #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268=
E82D4BBE0E35298C481C9DA15
>     51642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B=
538A0E990A8825DEB73081D31
>     7001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D40=
0658974D7DAD1F6B7B63C192B
>     9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F3=
30908CFDA9C3C8C32B64F7DD0
>     88457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F6670=
80BA941D80D015CE87B0FB6A9
>     1A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15F=
C7B8785A3E86BA6592B2916CA
>     22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D=
88B6A618F84DD73AEBED8270B
>     CB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70=
A9C27CB5B7B050C9090590D3A
>     9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF=
19963A191967054E9FD97DC14
>     D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE=
97B89043E95BD1B70DE61DA66
>     6893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE5=
51A3C447C12E104E65#) (e=20
>     #010001#) )
>    )
>   (tag=20
>    (guix import)
>    )
>   )
>=20
> > The above chapter of the manual has more info on this.
> >=20
> > LMK how it goes!
>=20
> Well, I am not sure how to proceed with my old version of guix.
>=20
> I wonder if the listed key is as well valid for https://ci.guix.gnu.org
> just the same as it used to be valid for https://mirror.hydra.gnu.org.
>=20

It's not. The long RSA key was only for hydra.

> If not, where can I get the new, correct one?

One option is from the git repo.
I don't see the key hosted online, but you likely already have it in
your store. It should be in
/gnu/store/...-guix-../share/guix/ci.guix.gnu.org.pub
Also if you've run 'guix pull' it should be in ~/.cache/guix/pull/pjmkglp4t=
7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq/etc/substitutes/ci.guix.gnu.org=
=2Epub

>=20
> Once I have the keyfile, I am supposed to continue with section
>  =E2=80=9C4.3.2 Substitute Server Authorization=E2=80=9D,
> right?
>=20
> Then I would try:
>  # guix-daemon --substitute-urls=3Dhttps://ci.guix.gnu.org
>  # guix archive --authorize < my/path/to/ci.guix.gnu.org.pub
>=20
> Is that correct?

If you're on Guix System then you'd want to do 'sudo herd restart
guix-daemon' after authorizing the key. If you're on a foreign system
then as long as you don't have '--substitute-urls' already in the
guix-daemon command then it'll default to ci.guix.gnu.org

>=20
> Would that remove the obsolete substitute server information in the
> same go?

There's no need to remove it, but you could remove it by hand if you
want.

>=20
> best regards
> Kai
>=20

Hope that helps


--=20
Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=9D =
=D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

--aM3YZ0Iwxop3KEKx
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl2whegACgkQQarn3Mo9
g1FlAw//WMdG0+087NiD6ydR04NCDGk6WaCv91RPFqGp3tZWU8sGNQOX8X1vOS5k
AMQR+1gyvQPFC0cVb9iSzFcRyyzCya9HKhTBY/wTiFHKHRSt/TUrGKiVi6DCuFG8
AJmGmTH9855rGKk9US99khK/UbWeFeiDyWW81o+mUcX+2gxCgob6X/4Z9Wjt0C2a
pzMTMabvaAkR5i4l1AtiiHk9aAYag5VIPmQ8pVlAFpmgx5fUVOtahATpBVf3h+EC
cegM/1FtnqKmSvDaydIHouWd83cTW3HC9pD4QbYiDCtK3N95AkmUuD5eo/UnZoca
ZVoDLYCHNr7aUmQfhYXmrZy+h8X4+q8ET3B/8LvPpQLag6SWhVLod3y0rgvtSLEv
jD0m1WLECcc/k1oli3H0Op6g6Batj/LBwJbRBMcz/vK+fPTF2/datS0PAx0JToph
B3AVr1HAIN+MXuIwCo7w2q5hfs8zUrCLTtbmbulAsi27dTymsQzQOCEwpFsAKYVU
g9dcHK5DqObsNrwWeB+t/lFUWKE90Ae9UOzbphzc5urRC5nOH2iJiy/IEEZzykB6
xKCYSoNhKPJfs+uUfxoagif+W8xNOjzggXx2gCR3iOppmgFShVOy/M+OnTq4XCqE
k2OviHiQjt9TkoQEChgz1JRo19/NADeMPP4F/+frZbnQgZljFps=
=GVyC
-----END PGP SIGNATURE-----

--aM3YZ0Iwxop3KEKx--