From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id QBAuGCwcHWdEAQEA62LTzQ:P1 (envelope-from ) for ; Sat, 26 Oct 2024 16:43:24 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id QBAuGCwcHWdEAQEA62LTzQ (envelope-from ) for ; Sat, 26 Oct 2024 18:43:24 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=cyberdimension.org header.s=dkim header.b=dHE4YcFo; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1729961004; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=qMZg1cyAktRHNU+/ClWQcS9t6GhAXVKQUi+ZvRyyYOs=; b=nYoTLVYvDvVtENt01T9bYMqrNB+MWDTqowDf6esxCibvgHH/aGJPqpy//2jW7OUqYmHage Jdxa8taa4DG6Cb43AiCRRy39sxmVEjgZQvWnU9BTEZlg/8pO4AEIv0panjbS/UuoVnKaEz SGskkRjQA/3+Zn3ZsPX2O0J5VTy1YWpDyN3w6/9b67MG3/wxI7XbltijSpvsPjkFJdmfdB O4EiL34NS2jxi3SHHa6uhHOylNwvwCJw7YGWguFl9wg4JteTMOgf2LlN/HUMhRc/I/FEJD B3Ok2fB6Cg+e8e2UntmbJa+sKKO8/RME0mC8gmGx/QsRfghwQyTbhnIv1XKPQA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1729961004; a=rsa-sha256; cv=none; b=rW75lKp8u76Jf+Vnb4koIy7QzFV8rqZ17JL1zxbtBj94av57IndjDyPX+F9UlCTSqs1jWM PPwpCQQQzIU9UPV2y7oG+kgCtng6KD6T5/p/Hnwr/0PCQWht4cZaTDd1U1cD0N+lSrkuzf mAciIHbaF+MF9B25j/XjUnyAq3RltUtpKtsFXqJkeEqEW/NLAgEfsFbUZR7nJPtx8b/wk1 xd4o6p4SB41Kf2NZ1+9PLJs1VcZTQqy0ybEBjiU8jCvqVeeZ3gThQ/QThpZVIB88QdxsDJ XGBuiy8uOuVWlFMNUYRxD5qA3fsx+yOx7YiGH9g/XbrhCQ8BLYG5QpRkZvmp2w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=cyberdimension.org header.s=dkim header.b=dHE4YcFo; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CFBEE5CE02 for ; Sat, 26 Oct 2024 18:43:23 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1t4jsW-0004Ag-Qq; Sat, 26 Oct 2024 12:43:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1t4jsU-0004AS-W6 for help-guix@gnu.org; Sat, 26 Oct 2024 12:43:03 -0400 Received: from cyberdimension.org ([2001:678:938:3ff::36] helo=rockpro64.cyberdimension.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1t4jsS-00071h-MR for help-guix@gnu.org; Sat, 26 Oct 2024 12:43:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=dkim; bh=bqRKEjQKdmCzkYv wp0cL/+NRB0Yr+70t8wnTHSLKMNo=; h=references:in-reply-to:subject:cc:to: from:date; d=cyberdimension.org; b=dHE4YcFou/Yv5vrxhUw4bS6TBLNplVBr7lQ 6mUtIq2mKHTQyqCvk6kV8k+Z3tmG6XVFYP6vDauBQWno5Jj5EMBYW9LUKPBFEX5lHGnowT HM25Tlj71Z5muK5EPzh0xkFNuTZ9vjBmmjZ2JW3Z3ePOFHAPxc2abZ9GEe4p/QXQTm7maB nmeYr8JYnVH7ypDzEit0e7IrZKr9SOSxfYsPp0VfEMXLMeJBJwxKRqUm/SPinCWV2yoQt4 YvjhQZ996PlpBtSod8lK+Cy1eeshcBcp4X8DQOCtymr8+RLQxHYTL6ND4LUPh/E5VsZ72Y 64fe/XPq1nG05HAITI8/trjaDeA== Received: from primarylaptop.localdomain (localhost [127.0.0.1]) by rockpro64.cyberdimension.org (OpenSMTPD) with ESMTP id 00fb3326; Sat, 26 Oct 2024 16:42:56 +0000 (UTC) Date: Sat, 26 Oct 2024 18:33:24 +0200 From: Denis 'GNUtoo' Carikli To: Andreas Enge Cc: help-guix@gnu.org, Adrien 'neox' Bourmault , Jason Self Subject: Re: Guix 1.4.0+i686: getting ghc substitutes? Message-ID: <20241026183254.64544589@primarylaptop.localdomain> In-Reply-To: References: <20241018222605.4a9270e5@primary_laptop> <20241024163233.586b31ec@primary_laptop> X-Mailer: Claws Mail 4.0.0 (GTK+ 3.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/VQN/A.9RqoGQ8comhzCEqRn"; protocol="application/pgp-signature"; micalg=pgp-sha512 Received-SPF: pass client-ip=2001:678:938:3ff::36; envelope-from=GNUtoo@cyberdimension.org; helo=rockpro64.cyberdimension.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: 0.17 X-Spam-Score: 0.17 X-Migadu-Queue-Id: CFBEE5CE02 X-Migadu-Scanner: mx13.migadu.com X-TUID: j0HtwhA6OfDf --Sig_/VQN/A.9RqoGQ8comhzCEqRn Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 25 Oct 2024 11:17:12 +0200 Andreas Enge wrote: > Hello Denis, Hi, > Am Thu, Oct 24, 2024 at 04:32:33PM +0200 schrieb Denis 'GNUtoo' > Carikli: > > And so I end up being able to download these: > > > $ guix build \ > > > --substitute-urls=3Dhttps://bordeaux.guix.gnu.org \ > > > --system=3Di686-linux \ > > > pandoc > > > [...] > > > substituting >=20 > this looks as if you are using too old a Guix daemon; more recent > versions enable the Bordeaux build farm by default. Before I did most of the tests on Guix system, and I only verified that my script that detects the use of Bordeaux worked on both Guix system and a fresh Trisquel 11 VM, with Guix installed through guix-install.sh, without substitutes enabled. But when doing more tests before finishing the patches for GNU Boot[1] I found more issues. Missing Bordeaux in older Debian packages: ------------------------------------------ In debian/rules of the Trisquel package, we have that (modified to fit the ~70 lines limits of mails): > override_dh_install: > dh_install > [...] > # Add /etc/default/acl with the default substitute server, > # with identical output as "guix archive --authorize" > mkdir -p debian/guix/etc/guix/ > printf '(acl\n (entry\n' > \ > debian/guix/etc/guix/acl > sed -e 's,^, ,g' -e 's, $$,,g' \=20 > etc/substitutes/ci.guix.gnu.org.pub >> \ > debian/guix/etc/guix/acl=20 > printf ' (tag\n (guix import)\n )\n )\n )\n' >> \ > debian/guix/etc/guix/acl Bordeaux is added later on in the Debian package[2]. After testing on Trisquel 11 with the Guix package, as expected,=20 'guix build --substitute-urls=3Dhttps://bordeaux.guix.gnu.org' results in ghc being built instead of downloaded. So I'm unsure what to do here. I could ask to add Bordeaux in the Trisquel package but that's probably not the best way to deal with that. Potential issue with /etc/guix/acl ---------------------------------- My previous attempt to workaround the lack of substitutes was to detect bordeaux and force its use if it's authorized. Here's my code (GPLv3+): > (define bordeaux.guix.gnu.org > "(public-key > (ecc > (curve Ed25519) > (q > #7D602902D3A2DBB83F8A0FB98602A754C5493B0B778C8D1DD4E0F41DE14DE34F#)))") >=20 > (if (authorized-key? (string->canonical-sexp bordeaux.guix.gnu.org)) > (display "--substitute-urls=3Dhttps://bordeaux.guix.gnu.org")) But in some situations we have: > $ guix repl force-bordeaux-substitute.scm > guix repl: error: open-file: Permission denied: "/etc/guix/acl" So under Trisquel 11 with the guix package we have: > $ ls -la /etc/guix/acl=20 > -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl With Guix system we have: > $ ls -la /etc/guix/acl > -r--r--r-- 1 root root 528 Oct 26 13:53 /etc/guix/acl With 'sudo ./guix-install.sh' with substitutes enabled we have: > $ ls -la /etc/guix/acl=20 > -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl And with 'sudo ./guix-install.sh' without substitutes enabled there is no issue since /etc/guix/acl doesn't exist so my detection of Bordeaux works fine. Is this a bug? Should the permissions be the same in all the situations? Beside bugreporting / fixing it in the Debian package and in guix-install.sh, it also brings the question of what to do for previous installations. References: ----------- [1]Since GNU Boot wants to make it as easy as possible to contribute I test builds and changes in various environments (Trisquel 11 + guix-install.sh, guix system, Trisquel 11 + guix package, etc). [2]It's added in the commit 2700105e8f ("debian/rules: Add "bordeaux" substitute server to /etc/guix/acl.") from the https://salsa.debian.org/debian/guix.git/ repository. Denis. --Sig_/VQN/A.9RqoGQ8comhzCEqRn Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEeC+d2+Nrp/PU3kkGX138wUF34mMFAmcdGdQACgkQX138wUF3 4mOchA//cw1ZdKbRJEuxRldxmNpGh6T76l6gZi1eAjjAE76v2W6VEOg0+GpBZXjD zjS28150cPVFUXiq/Ej60Zko+1HEL61m/GABtMdhWoLLAOhglAU8yLvFI8+doqxm UvlqxXIzgUeYK4EsP3e3CfAT7OwfAbKtUCyYuS6qqGfBV0mn8Fe8Z5ltGxuFNWVA GhRxCFSBkk1+hyH2hLcjHiOqOOjhmbcXYMNYHZ9EY01YmxMzL1E2VwvDy0IirPhS GhIagaJzJKKfA/kK86tvbIZ+1NPdsqp4ok0qUS37cfNL+GT8LOojmZZitjtoPywH mVFV7w5VEd4ICSTYH8DrYmv059U2ZMT7YbqnSxbcaO8WqG0plt3nRO/0haeLWVMm Xb/XsdWj3PMKJxnilr4cv4m+QJd4nWjFWIpx9UoHn9gzSd5bDXd/udXRpHvKM9Wl uL//GwiUkV7T1yuzG67gSzVfWLCzslHm4aZHZdh5bfng/+6fYS1M3DX4muQoYPOU 7VU+H2m/2vZuY7meM1fguBOXr8gffMJkON35rJiiCqnJtIs1uaiMwVuuFw5YwQeG GFdE+5P1LrkCf1s/BYEHOpbJRKRubmZdyQz0LdHZRlE1frau1+HmUHyBFpFooqpa 8kjX5uNC0jXKmdVyHk6LFBvBmNswBAzZq8+IVKDwJ0gbnzmmOk4= =59tC -----END PGP SIGNATURE----- --Sig_/VQN/A.9RqoGQ8comhzCEqRn--