* Re: It’s building!
@ 2017-01-20 6:28 Maxim Cournoyer
2017-01-22 13:10 ` ng0
0 siblings, 1 reply; 9+ messages in thread
From: Maxim Cournoyer @ 2017-01-20 6:28 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1.1: Type: text/plain, Size: 971 bytes --]
Hello Guix!
ludo@gnu.org (Ludovic Courtès) writes:
> Hello Guix!
>
> Good news: the new machine, bayfront.guixsd.org, is building Guix master
> for x86_64/i686 with Cuirass⁰!
Nice! Thanks to everyone implicated!
>
> You can get substitutes from https://bayfront.guixsd.org; just authorize
> its key (with ‘guix archive --authorize’), which is:
>
> (public-key
> (ecc
> (curve Ed25519)
> (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
>
[...]
If anyone else would like to use the new bayfront substitute server by
declaring it in their config.scm you can consult the config I'm using
below, which is based on the lightweight desktop config base.
The important bits added are (guix-store) and (gnu services base) in the
topmost (use-modules ...) sexp, as well as in the modified (services ...) one.
Thanks for those who offered guidance on how to do this in the #guix irc
channel!
[-- Attachment #1.2: Type: text/plain, Size: 2216 bytes --]
(use-modules (gnu)
(gnu system nss)
(gnu services)
(guix store) ;for %default-substitute-urls
(gnu services base)) ;for %default-authorized-guix-keys
(use-service-modules desktop)
(use-package-modules wm ratpoison certs)
(operating-system
(host-name "apteryx")
(timezone "America/Los_Angeles")
(locale "en_US.UTF-8")
;; Assuming /dev/sdX is the target hard disk, and "my-root"
;; is the label of the target root file system.
(bootloader (grub-configuration (device "/dev/sda")))
(file-systems (cons (file-system
(device "my-root")
(title 'label)
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "maxim")
(comment "Maxim Cournoyer")
(group "users")
(supplementary-groups '("wheel" "netdev"
"audio" "video"))
(home-directory "/home/maxim"))
%base-user-accounts))
;; Add a bunch of window managers; we can choose one at
;; the log-in screen with F1.
(packages (cons* ratpoison ; i3-wm xmonad ;window managers
nss-certs ;for HTTPS access
%base-packages))
;; Use the "desktop" services, which include the X11
;; log-in service, networking with Wicd, and more.
(services
(cons*
;; Add the new bayfront server to the list of substitute-urls.
(modify-services %desktop-services
(guix-service-type config =>
(guix-configuration
(inherit config)
(substitute-urls
(cons* "https://bayfront.guixsd.org"
%default-substitute-urls))
(authorized-keys
(cons* (plain-file "bayfront.guixsd.org.pub"
(string-append "(public-key (ecc (curve Ed25519) "
"(q #8D156F295D24B0D9A86FA5741A840FF2"
"D24F60F7B6C4134814AD55625971B394#)))"))
%default-authorized-guix-keys)))))))
;; Allow resolution of '.local' host names with mDNS.
(name-service-switch %mdns-host-lookup-nss))
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: It’s building!
2017-01-20 6:28 It’s building! Maxim Cournoyer
@ 2017-01-22 13:10 ` ng0
2017-01-22 16:02 ` Ricardo Wurmus
0 siblings, 1 reply; 9+ messages in thread
From: ng0 @ 2017-01-22 13:10 UTC (permalink / raw)
To: Maxim Cournoyer; +Cc: guix-devel
Maxim Cournoyer <maxim.cournoyer@gmail.com> writes:
> Hello Guix!
>
> ludo@gnu.org (Ludovic Courtès) writes:
>
>> Hello Guix!
>>
>> Good news: the new machine, bayfront.guixsd.org, is building Guix master
>> for x86_64/i686 with Cuirass⁰!
>
> Nice! Thanks to everyone implicated!
>
>>
>> You can get substitutes from https://bayfront.guixsd.org; just authorize
>> its key (with ‘guix archive --authorize’), which is:
>>
>> (public-key
>> (ecc
>> (curve Ed25519)
>> (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
>>
>
> [...]
>
> If anyone else would like to use the new bayfront substitute server by
> declaring it in their config.scm you can consult the config I'm using
> below, which is based on the lightweight desktop config base.
>
> The important bits added are (guix-store) and (gnu services base) in the
> topmost (use-modules ...) sexp, as well as in the modified (services ...) one.
>
> Thanks for those who offered guidance on how to do this in the #guix irc
> channel!
>
> (use-modules (gnu)
> (gnu system nss)
> (gnu services)
> (guix store) ;for %default-substitute-urls
> (gnu services base)) ;for %default-authorized-guix-keys
> (use-service-modules desktop)
> (use-package-modules wm ratpoison certs)
>
> (operating-system
> (host-name "apteryx")
> (timezone "America/Los_Angeles")
> (locale "en_US.UTF-8")
>
> ;; Assuming /dev/sdX is the target hard disk, and "my-root"
> ;; is the label of the target root file system.
> (bootloader (grub-configuration (device "/dev/sda")))
>
> (file-systems (cons (file-system
> (device "my-root")
> (title 'label)
> (mount-point "/")
> (type "ext4"))
> %base-file-systems))
>
> (users (cons (user-account
> (name "maxim")
> (comment "Maxim Cournoyer")
> (group "users")
> (supplementary-groups '("wheel" "netdev"
> "audio" "video"))
> (home-directory "/home/maxim"))
> %base-user-accounts))
>
> ;; Add a bunch of window managers; we can choose one at
> ;; the log-in screen with F1.
> (packages (cons* ratpoison ; i3-wm xmonad ;window managers
> nss-certs ;for HTTPS access
> %base-packages))
>
> ;; Use the "desktop" services, which include the X11
> ;; log-in service, networking with Wicd, and more.
> (services
> (cons*
> ;; Add the new bayfront server to the list of substitute-urls.
> (modify-services %desktop-services
> (guix-service-type config =>
> (guix-configuration
> (inherit config)
> (substitute-urls
> (cons* "https://bayfront.guixsd.org"
> %default-substitute-urls))
> (authorized-keys
> (cons* (plain-file "bayfront.guixsd.org.pub"
> (string-append "(public-key (ecc (curve Ed25519) "
> "(q #8D156F295D24B0D9A86FA5741A840FF2"
> "D24F60F7B6C4134814AD55625971B394#)))"))
> %default-authorized-guix-keys)))))))
>
> ;; Allow resolution of '.local' host names with mDNS.
> (name-service-switch %mdns-host-lookup-nss))
I think when you only use desktop-services, it works.
For me it fails, I tried to adopt this to my
%desktop-services-sans-ntpd but I haven't found the right way to
make use of it:
(define %desktop-services-sans-ntpd
;; List of services typically useful for a "desktop" use case.
(cons* (slim-service)
(screen-locker-service slock)
(screen-locker-service xlockmore "xlock")
(avahi-service)
(wicd-service)
(udisks-service)
(upower-service)
(colord-service)
(geoclue-service)
(polkit-service)
(elogind-service)
(dbus-service)
(guix-service-type config =>
(guix-configuration)
(inherit config)
(substitute-urls
(cons* "https://bayfront.guixsd.org"
%default-substitute-urls))
(authorized-keys
(cons*
(plain-file
"bayfront.guixsd.org.pub"
(string-append
"(public-key
(ecc
(curve Ed25519)
"
"(q
#8D156F295D24B0D9A86FA5741A840FF2"
"D24F60F7B6C4134814AD55625971B394#)))"))
%default-authorized-guix-keys)))
%base-services))
Identation broken because this happens when you copy from emacs
with X into terminal emacs.
Obviously this fails because "config" is not known.
Just modifying the service the way you did it doesn't work for
me.
I'm open for ideas on how to erase ntp from the services in a
better way, I'm running a replacement for ntpd.
Later this %desktop-services-sans-ntpd gets used in (services).
--
♥Ⓐ ng0 -- https://www.inventati.org/patternsinthechaos/
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: It’s building!
2017-01-22 13:10 ` ng0
@ 2017-01-22 16:02 ` Ricardo Wurmus
0 siblings, 0 replies; 9+ messages in thread
From: Ricardo Wurmus @ 2017-01-22 16:02 UTC (permalink / raw)
To: ng0; +Cc: guix-devel, Maxim Cournoyer
ng0 <contact.ng0@cryptolab.net> writes:
> For me it fails, I tried to adopt this to my
> %desktop-services-sans-ntpd but I haven't found the right way to
> make use of it:
>
> (define %desktop-services-sans-ntpd
> ;; List of services typically useful for a "desktop" use case.
> (cons* (slim-service)
> (screen-locker-service slock)
> (screen-locker-service xlockmore "xlock")
> (avahi-service)
> (wicd-service)
> (udisks-service)
> (upower-service)
> (colord-service)
> (geoclue-service)
> (polkit-service)
> (elogind-service)
> (dbus-service)
> (guix-service-type config =>
This isn’t going to work because you ripped this chunk from a
“modify-services” expression.
> Identation broken because this happens when you copy from emacs
> with X into terminal emacs.
You can use C-M-q to reindent an expression.
> Obviously this fails because "config" is not known.
That’s because you’re not doing this within “modify-services”.
> I'm open for ideas on how to erase ntp from the services in a
> better way, I'm running a replacement for ntpd.
You can use regular Scheme to filter lists, for example:
(filter (compose not (cut eq? 'ntp <>) service-type-name service-kind) %desktop-services)
This means: run through all elements of “%desktop-services”, extract the
service type (“service-kind”), extract the type name from the kind (“service-type-name”), check if it’s equal
to 'ntp (“(cut eq? 'ntp <>)”), then throw it out (“not”). The first
argument to “filter” is just a big function.
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net
^ permalink raw reply [flat|nested] 9+ messages in thread
* It’s building!
@ 2017-01-12 16:10 Ludovic Courtès
2017-01-12 16:23 ` Kei Kebreau
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Ludovic Courtès @ 2017-01-12 16:10 UTC (permalink / raw)
To: Guix-devel; +Cc: guix-sysadmin
[-- Attachment #1: Type: text/plain, Size: 1479 bytes --]
Hello Guix!
Good news: the new machine, bayfront.guixsd.org, is building Guix master
for x86_64/i686 with Cuirass⁰!
You can get substitutes from https://bayfront.guixsd.org; just authorize
its key (with ‘guix archive --authorize’), which is:
(public-key
(ecc
(curve Ed25519)
(q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
The machine was initially installed using substitutes from
hydra.gnu.org, but ever since it has been building stuff on its own (it
does not offload to any other machine at this point). Thus it can be
used to check for reproducibility issues:
guix challenge gdk-pixbuf \
--substitute-urls="https://mirror.hydra.gnu.org https://bayfront.guixsd.org"
The machine runs GuixSD and its config is under version control:
http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/bayfront.scm
Currently Cuirass doesn’t expose much over HTTP¹ but hopefully we can
incrementally add the URLs that guix-hydra.el expects.
There are a few glitches to address, such as the fact that it builds
with max-jobs = 1 due to <https://bugs.gnu.org/20217>, but we’ll get
there.
Woohoo! :-)
Ludo’.
⁰ See <https://www.gnu.org/software/guix/news/growing-our-build-farm.html> and
<https://lists.gnu.org/archive/html/guix-devel/2017-01/msg00109.html> if
you missed the previous episodes.
¹ https://notabug.org/mthl/cuirass/src/master/src/cuirass/http.scm
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: It’s building!
2017-01-12 16:10 Ludovic Courtès
@ 2017-01-12 16:23 ` Kei Kebreau
2017-01-12 17:18 ` David Craven
2017-01-12 17:31 ` Alex Sassmannshausen
2017-01-15 22:32 ` Ludovic Courtès
2017-02-01 2:47 ` myglc2
2 siblings, 2 replies; 9+ messages in thread
From: Kei Kebreau @ 2017-01-12 16:23 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 1668 bytes --]
ludo@gnu.org (Ludovic Courtès) writes:
> Hello Guix!
>
> Good news: the new machine, bayfront.guixsd.org, is building Guix master
> for x86_64/i686 with Cuirass⁰!
>
> You can get substitutes from https://bayfront.guixsd.org; just authorize
> its key (with ‘guix archive --authorize’), which is:
>
> (public-key
> (ecc
> (curve Ed25519)
> (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
>
> The machine was initially installed using substitutes from
> hydra.gnu.org, but ever since it has been building stuff on its own (it
> does not offload to any other machine at this point). Thus it can be
> used to check for reproducibility issues:
>
> guix challenge gdk-pixbuf \
> --substitute-urls="https://mirror.hydra.gnu.org https://bayfront.guixsd.org"
>
> The machine runs GuixSD and its config is under version control:
>
> http://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/hydra/bayfront.scm
>
> Currently Cuirass doesn’t expose much over HTTP¹ but hopefully we can
> incrementally add the URLs that guix-hydra.el expects.
>
> There are a few glitches to address, such as the fact that it builds
> with max-jobs = 1 due to <https://bugs.gnu.org/20217>, but we’ll get
> there.
>
> Woohoo! :-)
>
> Ludo’.
>
> ⁰ See <https://www.gnu.org/software/guix/news/growing-our-build-farm.html> and
> <https://lists.gnu.org/archive/html/guix-devel/2017-01/msg00109.html> if
> you missed the previous episodes.
>
> ¹ https://notabug.org/mthl/cuirass/src/master/src/cuirass/http.scm
Wow, this is cool! Thanks to everyone who was/is/will be working on this!
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: It’s building!
2017-01-12 16:10 Ludovic Courtès
2017-01-12 16:23 ` Kei Kebreau
@ 2017-01-15 22:32 ` Ludovic Courtès
2017-02-01 2:47 ` myglc2
2 siblings, 0 replies; 9+ messages in thread
From: Ludovic Courtès @ 2017-01-15 22:32 UTC (permalink / raw)
To: guix-devel
Hello Guix!
ludo@gnu.org (Ludovic Courtès) skribis:
> The machine was initially installed using substitutes from
> hydra.gnu.org, but ever since it has been building stuff on its own (it
> does not offload to any other machine at this point). Thus it can be
> used to check for reproducibility issues:
>
> guix challenge gdk-pixbuf \
> --substitute-urls="https://mirror.hydra.gnu.org https://bayfront.guixsd.org"
As mentioned in another thread, this is now summarized here:
https://www.gnu.org/software/guix/packages/reproducibility.html
The code for this page uses the API of ‘guix challenge’:
http://git.savannah.gnu.org/cgit/guix/guix-artwork.git/tree/website/www/packages.scm#n467
Although for many packages we can’t tell anything because bayfront
hasn’t built them yet, we can already see that a number of packages have
reproducibility issues, some of which were already filed at
<https://bugs.gnu.org/>.
Let’s address these!
To investigate reproducibility issues, you need to extract the nars
linked from the page above with ‘guix archive -x’, as shown at:
https://www.gnu.org/software/guix/manual/html_node/Invoking-guix-challenge.html
(Remember that those from hydra.gnu.org are bzip2-compressed, while
those from bayfront are gzipped.)
Ludo’.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: It’s building!
2017-01-12 16:10 Ludovic Courtès
2017-01-12 16:23 ` Kei Kebreau
2017-01-15 22:32 ` Ludovic Courtès
@ 2017-02-01 2:47 ` myglc2
2 siblings, 0 replies; 9+ messages in thread
From: myglc2 @ 2017-02-01 2:47 UTC (permalink / raw)
To: guix-devel
On 01/12/2017 at 17:10 Ludovic Courtès writes:
> Hello Guix!
>
> Good news: the new machine, bayfront.guixsd.org, is building Guix master
> for x86_64/i686 with Cuirass⁰!
>
> You can get substitutes from https://bayfront.guixsd.org; just authorize
> its key (with ‘guix archive --authorize’), which is:
>
> (public-key
> (ecc
> (curve Ed25519)
> (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
Hi Ludo, I have a couple questions. I autorized bayfront like so ...
g1@g1 ~/src$ cat bayfront.guixsd.org.pub
(public-key
(ecc
(curve Ed25519)
(q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
g1@g1 ~/src$ sudo guix archive --authorize < bayfront.guixsd.org.pub
... and I read this ...
3.7 Invoking ‘guix archive’
===========================
[...]
The list of authorized keys is kept in the human-editable file
‘/etc/guix/acl’. The file contains “advanced-format s-expressions”
(http://people.csail.mit.edu/rivest/Sexp.txt) and is structured as
an access-control list in the Simple Public-Key Infrastructure
(SPKI) (http://theworld.com/~cme/spki.txt).
... so I expected to find the bayfront key here ...
g1@g1 ~/src$ sudo cat /etc/guix/acl
(acl
(entry
(public-key
(rsa
(n #00DB1634E3D9DFAC97AE4734DAE968CCB15EE4815C82BDC254883DBB49FE1EF32268E82D4BBE0E35298C481C9DA1551642FAFF05AEC1A60712F1BB4BE7D25D7EFF7A4F89704A5A9AC232870CB9F2476C3B538A0E990A8825DEB73081D317001FB8A188600F2FEF5F5F570E857F3EE4355077A3C3918ED72723A56BA55C466D400658974D7DAD1F6B7B63C192B9C2704D98BBFF1C3BD5B8EF11A8ADC83ACB8FD8E9F1E792FDAD262415D13F2DEE55F330908CFDA9C3C8C32B64F7DD088457D34F445E2E2C83C6D680549DC9B6E6573B89496567204ED285E67A279F2F667080BA941D80D015CE87B0FB6A91A99CECC7D91D2D210B00E4B6E611DA51DB008F1DFE3FCAC6B27393FA781D45F9A15FC7B8785A3E86BA6592B2916CA22CF1E40FC85F85CACA590461154F58F3580B16398908EF32076F411299C28727C94D88B6A618F84DD73AEBED8270BCB6690928CB1BF250C35E1F6BF3B1B30D05BA246ECE8F69D9065DE26F4B3E0D814D70A9C27CB5B7B050C9090590D3A9EF83374F2643E5446FBD39DDB124DBF6DFDAA6D18E2560AD0CBFA11C959C9B7316BF19963A191967054E9FD97DC14D71082B30B1C90A46E8996682474C3BCB51BA0882958897B6DD35E41B5174D0A6BCDE97B89043E95BD1B70DE61DA666893B417196A180005466BC3A742FDF04E89B04460E3E6BC72E7F1B5FEA5B3092FEE551A3C447C12E104E65#)
(e #010001#)
)
)
(tag
(guix import)
)
)
)
... but no. Where did it go?
Also you recommended ...
> guix challenge gdk-pixbuf \
> --substitute-urls="https://mirror.hydra.gnu.org https://bayfront.guixsd.org"
... which I tried _before_ I had authorized bayfront. I was surprised that it
worked before authorization. Should it?
TIA - George
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2017-02-01 2:47 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-01-20 6:28 It’s building! Maxim Cournoyer
2017-01-22 13:10 ` ng0
2017-01-22 16:02 ` Ricardo Wurmus
-- strict thread matches above, loose matches on Subject: below --
2017-01-12 16:10 Ludovic Courtès
2017-01-12 16:23 ` Kei Kebreau
2017-01-12 17:18 ` David Craven
2017-01-12 17:31 ` Alex Sassmannshausen
2017-01-15 22:32 ` Ludovic Courtès
2017-02-01 2:47 ` myglc2
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.