From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 0NCIA86RP2PB2AAAbAwnHQ (envelope-from ) for ; Fri, 07 Oct 2022 04:41:18 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 8HyjA86RP2NlcQEA9RJhRA (envelope-from ) for ; Fri, 07 Oct 2022 04:41:18 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 69FAC5F04 for ; Fri, 7 Oct 2022 04:41:17 +0200 (CEST) Received: from localhost ([::1]:35360 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ogdIY-0001M1-Lh for larch@yhetil.org; Thu, 06 Oct 2022 22:41:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41780) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ogdIN-0001I4-U1 for bug-guix@gnu.org; Thu, 06 Oct 2022 22:41:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:34863) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ogdIM-0005Qt-F8 for bug-guix@gnu.org; Thu, 06 Oct 2022 22:41:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ogdIM-0005n7-9g for bug-guix@gnu.org; Thu, 06 Oct 2022 22:41:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#58149: guix pull error Resent-From: bokr@bokr.com Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 07 Oct 2022 02:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 58149 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: zimoun , 58149@debbugs.gnu.org, Matthieu Haefele Received: via spool by 58149-submit@debbugs.gnu.org id=B58149.166511043322193 (code B ref 58149); Fri, 07 Oct 2022 02:41:02 +0000 Received: (at 58149) by debbugs.gnu.org; 7 Oct 2022 02:40:33 +0000 Received: from localhost ([127.0.0.1]:33939 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ogdHs-0005ls-BV for submit@debbugs.gnu.org; Thu, 06 Oct 2022 22:40:32 -0400 Received: from mailout.easymail.ca ([64.68.200.34]:34566) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ogdHp-0005lJ-Lr for 58149@debbugs.gnu.org; Thu, 06 Oct 2022 22:40:31 -0400 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id EAAE264F52; Fri, 7 Oct 2022 02:40:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bokr.com; s=easymail; t=1665110423; bh=1fqX7kk480pFC/lVD/8avz+pCLrW6+S/JmZ6CpCg2KU=; h=From:Date:To:Cc:Subject:Reply-To:References:In-Reply-To:From; b=mMvTHg37JRHQ88mkGnzVFcvsNLSxtd4YoqmmYHJ86V63lxgJzQpnw1/BVxQrHtrCy mrksphfTzw6FuQJ8zbYw1DCkHC5xPUo5D69QYQ9Nuq72qGATxfSOpUVFpYnD2UrGtm mBKEm3qTMvvcsTZg8JHkA2QBYGEr+YcTgfdQ5WrrZ8Cbg9e7aeVmXrDKeO0h4t/82w ipwXYXTp3ug4KZJ1Mdu9T8umR7YN5giqLFgGQNY8Y+oNtj801I7n8Mh+eWg0kuseFV bJ6E4Isi0aqv6xs9jszEA6m3/sJhBkS5+EkP1BjyaVK6DPOq4i4xLstA1fWruKOCiF af4LbTfgfm/fQ== X-Virus-Scanned: Debian amavisd-new at emo09-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo09-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7q8freeNRms; Fri, 7 Oct 2022 02:40:21 +0000 (UTC) Received: from localhost (m83-185-39-212.cust.tele2.se [83.185.39.212]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 4B3EA64EE6; Fri, 7 Oct 2022 02:40:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=bokr.com; s=easymail; t=1665110421; bh=1fqX7kk480pFC/lVD/8avz+pCLrW6+S/JmZ6CpCg2KU=; h=From:Date:To:Cc:Subject:Reply-To:References:In-Reply-To:From; b=l456LlIv21Z5+4DRhST0OJMmasv6J/HLJCmXmLLNdekD0rLIrcLXRzNxhIS5IcD6Q 5ThaGZWUuMbnBpIYB6J9+iCLMwAJ4yc5gaFC8hUXaGMgmFGkwz+37j8B1xmeD6jziG xfQ0VYgVhi9hjXFuy/FOr3MZgUorBKOLMqsNK9fzXnLL6j8aUXkvnltjvX2EV1BThF eUT7JHTu4l4MMgtkIzz+40bL5Px/IG08auWsYctUv215YmWm8YCTjVgVZGDVPlj/X3 iydnbxLSTCyXb/Bi2mOC6F43wzYqMpgF/zwsHSrP+CMBCUBCR7XVBXRYqqHVuHUfdG Gd604OmNrMbhg== From: bokr@bokr.com Date: Fri, 7 Oct 2022 04:40:03 +0200 Message-ID: <20221007024003.GA6638@LionPure> References: <87h70q9pqh.fsf@inria.fr> <5e2f17b1-c763-c6ce-1223-0a8f6cd3c734@cnrs.fr> <878rm18f7r.fsf@inria.fr> <6765fefb-b632-ac3e-8a82-53904468b471@cnrs.fr> <87mtad1d2c.fsf@inria.fr> <984e742d-ab96-2509-74a3-1d9891339e91@cnrs.fr> <8735c5ypg8.fsf@inria.fr> <87o7urvqxj.fsf@inria.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87o7urvqxj.fsf@inria.fr> User-Agent: Mutt/1.10.1 (2018-07-13) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: bokr@bokr.com Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1665110477; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=hehOlo+prtq330l0tgU5bEZbXOY/Il4XfnCrtXGtjNY=; b=Dz6mPsT8gXvKtnbAbqLG7GqeGtOawpfigSjH5yD795St7lUpKNcIjvkYvaKmHYoKb9diT6 ATd/ZCEpOCTgdcOa0INMuRYf5Pbbl6Bda5agEt42jsKdQPizAwFZxB75VTUNtwKigmL/XN 7qkUQ7UQS+qEB/1pLk8hypk1GzUeAc7pl6a6u+zbohaoeJdZYI4GEc3SgeM41Vna1oSztk YxnoZmepdVWdt9Sv0qZi6s9a82cHH7c6qqfIUeVV51h7c6VqmnRU9S15kChin8IMTnj6j5 zj69TpmcWUlepc2UVqkOy47jAyM1gB5OEyCKKshEI5C72DgRaOpwueKNwpvbzA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1665110477; a=rsa-sha256; cv=none; b=FKbiDV4ASO6Ba7x51SxQmDQz99H7E5d4dWvh7r6bKXcEmFt5A5dlxxJteLnk9i5MYlpeqX Nwv0Z/eR2rk0Tsol710/QiZjIBftEo/KQtDqnWabb8ZfCIautxLvzGwEA8EWn8za0eo9jD iuFUq7rBT71xno5EWzPqOfVpwpX0uVWU1aIaTpF9wrEL4/oCAwzVqPf8RAd7NdNmBWNEZA AGjIwEYljhjzSR69myPvxDfDpkeGC2y1WybY+gmFAmLn2qazIAfvHrUDZUoC7cd2iM1AUg n+8PP02S/uH/LF+mJWnaYeJ8j1Ytez8vJE+oT85hPLMShjUoFqoZTrtygrUlsA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=mMvTHg37; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=l456LlIv; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 4.43 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=mMvTHg37; dkim=fail ("headers rsa verify failed") header.d=bokr.com header.s=easymail header.b=l456LlIv; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 69FAC5F04 X-Spam-Score: 4.43 X-Migadu-Scanner: scn1.migadu.com X-TUID: uxOP9Tao71g1 Hi Ludo, Simon, et interested .. On +2022-10-04 12:11:52 +0200, Ludovic Courtès wrote: > Hi, > > Matthieu Haefele skribis: > > > Le 03/10/2022 à 16:03, Ludovic Courtès a écrit : > > [...] > > >> You should be able to get around it by first building things locally: > >> > >> guix build --no-substitutes \ > >> $(guix gc --derivers /gnu/store/r658y3cgpnf99nxjxqgjiaizx20ac4k0-guile-2.2.4) > >> > >> This is going to take a while though… > >> > >> I’m sorry this upgrade turns out to be so painful. We know what to work > >> on next. > >> > > Problems at fetching the kernel sources apparently... > > > > (base) mhaefele@mdlspc113:m2-mms-hpc (master)*$ guix build --no-substitutes \ > >>     $(guix gc --derivers /gnu/store/r658y3cgpnf99nxjxqgjiaizx20ac4k0-guile-2.2.4) > > The following derivations will be built: > >   /gnu/store/16c8c8hm1qdn6xz8014939mirc7c4d4j-guile-2.2.4.drv > >   /gnu/store/06pscnfdljxnyb673pqyhnvz1x5rjl1l-libgc-7.6.6.drv > > /gnu/store/4k028mc8dnnx478dirgx90rpby465jqr-ld-wrapper-boot3-0.drv > >   /gnu/store/agrwc0hhkxjb96z66nb6hakimb4a2vg3-module-import.drv > > [...] > > > Starting download of /gnu/store/f2j6pi0d18pbz35ypflp61wzhbfcr8dp-linux-libre-4.14.67-gnu.tar.xz > > From https://linux-libre.fsfla.org/pub/linux-libre/releases/4.14.67-gnu/linux-libre-4.14.67-gnu.tar.xz... > > download failed "https://linux-libre.fsfla.org/pub/linux-libre/releases/4.14.67-gnu/linux-libre-4.14.67-gnu.tar.xz" 404 "Not Found" > > [...] > > > Starting download of /gnu/store/f2j6pi0d18pbz35ypflp61wzhbfcr8dp-linux-libre-4.14.67-gnu.tar.xz > > From https://mirror.hydra.gnu.org/file/linux-libre-4.14.67-gnu.tar.xz/sha256/050zvdxjy6sc64q75pr1gxsmh49chwav2pwxz8xlif39bvahnrpg... > > In procedure connect: Network is unreachable > > You can fetch it with: > > wget -O linux-libre-4.14.67-gnu.tar.xz \ > https://ci.guix.gnu.org/file/linux-libre-4.14.67-gnu.tar.xz/sha256/050zvdxjy6sc64q75pr1gxsmh49chwav2pwxz8xlif39bvahnrpg > guix download file://$PWD/linux-libre-4.14.67-gnu.tar.xz > > Let’s see if you can proceed from there. > > At any rate, it’s a good lesson for us developers, so thanks for > persevering. > > Ludo’. > As you know, particular upstream kernels can be found like --8<---------------cut here---------------start------------->8--- $ lynx -dump -listonly https://kernel.org/pub/linux/kernel/v4.x/ | egrep 4.14.67\|sha256 558. https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.67 3155. https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.14.67.tar.gz 3156. https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.14.67.tar.sign 3157. https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.14.67.tar.xz 7177. https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/patch-4.14.67.xz 9018. https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc --8<---------------cut here---------------end--------------->8--- Well, you noticed the extra pattern in the search, I'm sure. :) What's interesting about sha256sums.asc is that you can do this: --8<---------------cut here---------------start------------->8--- $ wget -q -O- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc|egrep 4\\.14\\.67 93b4ea4816a8a73e4ba2d9c26dc622035b1b504010f1048c0455a190a653166e ChangeLog-4.14.67 a53d3a3b5877e1847fb34ecb75aabce2a1bf3cc0ee7236cf2aef02f0ecf83433 linux-4.14.67.tar.gz 3f4b056dc27233a78f7a4a35ed6fdcfd0a9680ec40b611a898bb6c8b905070ba linux-4.14.67.tar.xz 42c7ff27d7cefbf0b4e313c757db1f2cfa2d65fa22cbe908c24aafafc995bd5f patch-4.14.67.xz --8<---------------cut here---------------end--------------->8--- Which provides a little menu of relevant things. E.g, we can choose to download the .xz tarball and verify it like --8<---------------cut here---------------start------------->8--- $ time wget -q https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/linux-4.14.67.tar.xz real 0m47.015s user 0m2.381s sys 0m3.720s $ sha256sum linux-4.14.67.tar.xz 3f4b056dc27233a78f7a4a35ed6fdcfd0a9680ec40b611a898bb6c8b905070ba linux-4.14.67.tar.xz --8<---------------cut here---------------end--------------->8--- IMO it would significantly enhance the security and trust assurances provided by guile and guix repos to adopt this practice from kernel.org. It is cheap and easy to implement, and provides an integrity check which can coexist with others provided in various distro VCSs and package management systems. UIAM it would also provide another option in writing a package definition in the part that defines how to get the source and check hashes. (who wants to show how it would look for the hello pachage? :) WDYT? For me, a really trusted well known figure like GkH or Linus as signer is reassuring, but I think whoever the person is is less important than providing a verifiable public coherent snapshot (if race-careful) listing of hash names for the set of files. People can then discuss the file contents and make references unambigously by hash (and discuss duplicate hashes with different file names associated :) A file identified by hash and creating trouble will soon have discussion on the net, but unless its content is unambiguously specified by its name people can't be certain they're talking about the exact same thing. That obviously the role of the hash as verifiable name here. Any decent search engine should then be able to list discussions citing the hash for you. Then we can have lists of discussions, signed by a curator ... :-p -- Regards, Bengt Richter PS. A cloned guile or guix repo is of course a directory, and selected files could be given a sha256sums.asc index and be tracked by git, updated at at specially significant commit times. Or is that crazy? WDYT?? Also, would there be places in the https://ci.guix.gnu.org/ tree that it would make sense to put sha256sums.asc instances in? E.g., What directory does https://ci.guix.gnu.org/file/linux-libre-4.14.67-gnu.tar.xz/sha256/050zvdxjy6sc64q75pr1gxsmh49chwav2pwxz8xlif39bvahnrpg appear in by ordinary file name?