From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id CMZ5NYXQZGWuWQAAauVa8A:P1 (envelope-from ) for ; Mon, 27 Nov 2023 18:23:18 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id CMZ5NYXQZGWuWQAAauVa8A (envelope-from ) for ; Mon, 27 Nov 2023 18:23:17 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8EA5956887 for ; Mon, 27 Nov 2023 18:23:17 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=inria.fr header.s=dc header.b=mEu6ZNtU; dmarc=fail reason="SPF not aligned (relaxed)" header.from=inria.fr (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1701105797; a=rsa-sha256; cv=none; b=M7jXj9ceDHKMd3Rh6/bQGt85DMNhksOf9d9DsizOfCOm9q6sNP0VgHon5Grc2uWhdq4zdh 5K9QTtb9eUNWeq3xD3I69kNgpJfPKGMLNqXsncKwk/5kvCANQuBRi3eFeAZrhXZTE7AOvi k0UqqJ4ZXB7HqLNjMctGaZR0YyRb6R6LS22TYOSy+qKDMCT5F80ZI+2iZ1PhfpacxyVRpc PMPBOHo7OzLIbwPRg7sm+gxz2IhoW9pQFvhDChpZXl0Rq8eb3vObBJW6JKNvX1jSfUy36d 1CKoDmMdjYdQ2JAe4YuXpeigTeiurHYWJxW4HLdWolmBR0mvtfQpt/ZOCoDJxQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=inria.fr header.s=dc header.b=mEu6ZNtU; dmarc=fail reason="SPF not aligned (relaxed)" header.from=inria.fr (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1701105797; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=rfb6cajX6drq6xsEU89pll5tmA6MRS8/l0mxSYYavUk=; b=GyBBRHrt7iBP+BNilCw8z6TGbmJszHVUCrI0Bt9D01Sld7XiSjTju2Rkwd1P+JO7YJH5m8 1XFEn8ZMTRtaZVQCmmud1i+hlAIhDF/jCX9KmewP2vR35QIG6VBMIGO6brFD5Yr8BjzxGx ATDdgVZgRTcPjAFLnB5CrnJtVlHWzlRZxGz2EpRv6gY79QTKJBZQJu8kB0g4pt9ShfRZH/ XCy+qq8KnRLwloNPpLU6fduBJN/fM2Uszus/VjpZW3dfFLCtNQCzaahUcBvuoJqtf1V3Jl z9IWbtQMskvspvpRKR7UkqGYMX6+pBPMvMsqkICduhV4pWJ8ej1OjZa4AZmgdA== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r7fJy-0008PG-H6; Mon, 27 Nov 2023 12:22:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r7fJx-0008P2-4v for guix-patches@gnu.org; Mon, 27 Nov 2023 12:22:57 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r7fJv-0007LM-Dm for guix-patches@gnu.org; Mon, 27 Nov 2023 12:22:56 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1r7fK1-00065P-P4 for guix-patches@gnu.org; Mon, 27 Nov 2023 12:23:01 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 27 Nov 2023 17:23:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67072 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 67072@debbugs.gnu.org Cc: Josselin Poiret , Simon Tournier , Mathieu Othacehe , Tobias Geerinckx-Rice , Ricardo Wurmus , Emmanuel Agullo , Christopher Baines Received: via spool by 67072-submit@debbugs.gnu.org id=B67072.170110572823329 (code B ref 67072); Mon, 27 Nov 2023 17:23:01 +0000 Received: (at 67072) by debbugs.gnu.org; 27 Nov 2023 17:22:08 +0000 Received: from localhost ([127.0.0.1]:44705 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7fJ9-00064C-H6 for submit@debbugs.gnu.org; Mon, 27 Nov 2023 12:22:07 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:18085) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r7fJ6-00063h-Vc for 67072@debbugs.gnu.org; Mon, 27 Nov 2023 12:22:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:cc:subject:in-reply-to:references:date: message-id:mime-version:content-transfer-encoding; bh=rfb6cajX6drq6xsEU89pll5tmA6MRS8/l0mxSYYavUk=; b=mEu6ZNtUlr7l9Wkiv9KOaL+lvolU8QoC0PTPBWodRBimJNAlFlxkVzIT 8LoiQLterEbeIYUI/GQDNQfqU8oBwGytT9XjYnkSQT6joLFQsot1cpF58 vXDgqbOU1CXN2yEeSo03oLxmZOa0R2g54F9MqDYp765SwbB337Z4FOCZV g=; X-IronPort-AV: E=Sophos;i="6.04,231,1695679200"; d="scan'208";a="138838655" Received: from unknown (HELO ribbon) ([193.50.110.222]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Nov 2023 18:21:52 +0100 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Sat, 11 Nov 2023 12:03:06 +0100") References: Date: Mon, 27 Nov 2023 18:21:52 +0100 Message-ID: <87fs0rw1qn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: 4.17 X-Spam-Score: 4.17 X-Migadu-Queue-Id: 8EA5956887 X-TUID: 3pK4NQ8U1G5j Hello! Comments or suggestions regarding this change? https://issues.guix.gnu.org/67072 If not I=E2=80=99d like to push it soon. TIA. :-) Ludo=E2=80=99. Ludovic Court=C3=A8s skribis: > Hello Guix! > > While discussing at the Reproducible Software Environments Workshop > yesterday, Emmanuel Agullo and Simon Tournier suggested adding > tools to help diagnose substitute setup issues: to see which > substitutes URLs are being used and whether one of them is unauthorized. > > This is a step in that direction. First =E2=80=98guix weather=E2=80=99 a= nd =E2=80=98guix > challenge=E2=80=99 now default to the same substitute URLs as guix-daemon > (this was not the case until now because there was no way to get > that information from the daemon). Second =E2=80=98guix weather=E2=80=99= reports > about unauthorized servers, like so: > > $ guix weather coreutils > computing 1 package derivations for x86_64-linux... > looking for 2 store items on https://ci.guix.gnu.org... > guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are una= uthorized > hint: To authorize substitute download from `https://ci.guix.gnu.org', th= e following command > needs to be run as root: > > guix archive --authorize < (public-key=20 > (ecc=20 > (curve Ed25519) > (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B3= 94#) > ) > ) >=20=20=20=20=20=20 > EOF > > Alternatively, on Guix System, you can add the signing key above to the > `authorized-keys' field of `guix-configuration'. > > See "Getting Substitutes from Other Servers" in the manual for more infor= mation. > > https://ci.guix.gnu.org =E2=98=80 > 100.0% substitutes available (2 out of 2) > at least 19.3 MiB of nars (compressed) > 25.3 MiB on disk (uncompressed) > [=E2=80=A6] > > It turned out to be a low-hanging fruit! > > Thoughts? > > Ludo=E2=80=99. > > Ludovic Court=C3=A8s (4): > daemon: Implement =E2=80=98substitute-urls=E2=80=99 RPC. > challenge: Use the same substitute URLs as guix-daemon. > weather: Use the same substitute URLs as guix-daemon. > weather: Report unauthorized substitute servers. > > doc/guix.texi | 26 ++++++++++++++++--- > guix/scripts/challenge.scm | 11 +++++--- > guix/scripts/weather.scm | 46 ++++++++++++++++++++++++++++++--- > guix/store.scm | 18 ++++++++++--- > nix/libstore/worker-protocol.hh | 5 ++-- > nix/nix-daemon/nix-daemon.cc | 17 ++++++++++++ > tests/store.scm | 25 ++++++++++++++++-- > 7 files changed, 132 insertions(+), 16 deletions(-) > > > base-commit: 08d94fe20eca47b69678b3eced8749dd02c700a4