all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
@ 2021-09-29 15:43 Tobias Geerinckx-Rice via Guix-patches via
  2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
  2021-09-29 16:51 ` [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Maxim Cournoyer
  0 siblings, 2 replies; 8+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-09-29 15:43 UTC (permalink / raw)
  To: 50892

* etc/guix-install.sh (sys_authorize_build_farms):
Iterate over all hosts.
---
 etc/guix-install.sh | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index b0d4a8b95e..e3b8485a50 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -1,21 +1,21 @@
 #!/bin/sh
 # GNU Guix --- Functional package management for GNU
 # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
 # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
-# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+# Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
 # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
 # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
 # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
 # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 #
 # This file is part of GNU Guix.
 #
 # GNU Guix is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or (at
 # your option) any later version.
 #
 # GNU Guix is distributed in the hope that it will be useful, but
@@ -476,38 +476,45 @@ sys_enable_guix_daemon()
             ;;
     esac
 
     _msg "${INF}making the guix command available to other users"
 
     [ -e "$local_bin" ] || mkdir -p "$local_bin"
     ln -sf "${var_guix}/bin/guix"  "$local_bin"
 
     [ -e "$info_path" ] || mkdir -p "$info_path"
     for i in "${var_guix}"/share/info/*; do
         ln -sf "$i" "$info_path"
     done
 }
 
 sys_authorize_build_farms()
-{ # authorize the public key of the build farm
+{ # authorize the public key(s) of the build farm(s)
+    local hosts=(
+	ci.guix.gnu.org
+	bordeaux.guix.gnu.org
+    )
+
     if prompt_yes_no "Permit downloading pre-built package binaries from the \
-project's build farm? (yes/no)"; then
-        guix archive --authorize \
-             < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
-            && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
-        else
-            _msg "${INF}Skipped authorizing build farm public keys"
+project's build farms? (yes/no)"; then
+        for host in "${hosts[@]}"; do
+            guix archive --authorize \
+                 < "~root/.config/guix/current/share/guix/$host.pub" \
+                && _msg "${PAS}Authorized public key for $host"
+        done
+    else
+        _msg "${INF}Skipped authorizing build farm public keys"
     fi
 }
 
 sys_create_init_profile()
 { # Define for better desktop integration
   # This will not take effect until the next shell or desktop session!
     [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
     cat <<"EOF" > /etc/profile.d/guix.sh
 # _GUIX_PROFILE: `guix pull` profile
 _GUIX_PROFILE="$HOME/.config/guix/current"
 export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
 # Export INFOPATH so that the updated info pages can be found
 # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
 # When INFOPATH is unset, add a trailing colon so that Emacs
 # searches 'Info-default-directory-list'.
-- 
2.33.0





^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
  2021-09-29 15:43 [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Guix-patches via
@ 2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
  2022-12-08 11:34   ` bug#59781: bug#50892: " Ludovic Courtès
  2021-09-29 16:51 ` [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Maxim Cournoyer
  1 sibling, 1 reply; 8+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches via @ 2021-09-29 16:49 UTC (permalink / raw)
  Cc: 50892

[-- Attachment #1: Type: text/plain, Size: 269 bytes --]

Tobias Geerinckx-Rice via Guix-patches via 写道:
> +                 < 
> "~root/.config/guix/current/share/guix/$host.pub" \

This file is missing for bordeaux in the 1.3.0 release, so this 
would have to wait until the next one…

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
  2021-09-29 15:43 [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Guix-patches via
  2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2021-09-29 16:51 ` Maxim Cournoyer
  1 sibling, 0 replies; 8+ messages in thread
From: Maxim Cournoyer @ 2021-09-29 16:51 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 50892

Tobias Geerinckx-Rice <me@tobias.gr> writes:

> * etc/guix-install.sh (sys_authorize_build_farms):
> Iterate over all hosts.
> ---
>  etc/guix-install.sh | 23 +++++++++++++++--------
>  1 file changed, 15 insertions(+), 8 deletions(-)
>
> diff --git a/etc/guix-install.sh b/etc/guix-install.sh
> index b0d4a8b95e..e3b8485a50 100755
> --- a/etc/guix-install.sh
> +++ b/etc/guix-install.sh
> @@ -1,21 +1,21 @@
>  #!/bin/sh
>  # GNU Guix --- Functional package management for GNU
>  # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
>  # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
>  # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
> -# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
> +# Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
>  # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
>  # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
>  # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
>  # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
>  # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
>  # Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
>  #
>  # This file is part of GNU Guix.
>  #
>  # GNU Guix is free software; you can redistribute it and/or modify it
>  # under the terms of the GNU General Public License as published by
>  # the Free Software Foundation; either version 3 of the License, or (at
>  # your option) any later version.
>  #
>  # GNU Guix is distributed in the hope that it will be useful, but
> @@ -476,38 +476,45 @@ sys_enable_guix_daemon()
>              ;;
>      esac
>  
>      _msg "${INF}making the guix command available to other users"
>  
>      [ -e "$local_bin" ] || mkdir -p "$local_bin"
>      ln -sf "${var_guix}/bin/guix"  "$local_bin"
>  
>      [ -e "$info_path" ] || mkdir -p "$info_path"
>      for i in "${var_guix}"/share/info/*; do
>          ln -sf "$i" "$info_path"
>      done
>  }
>  
>  sys_authorize_build_farms()
> -{ # authorize the public key of the build farm
> +{ # authorize the public key(s) of the build farm(s)
> +    local hosts=(
> +	ci.guix.gnu.org
> +	bordeaux.guix.gnu.org
> +    )
> +
>      if prompt_yes_no "Permit downloading pre-built package binaries from the \
> -project's build farm? (yes/no)"; then
> -        guix archive --authorize \
> -             < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
> -            && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
> -        else
> -            _msg "${INF}Skipped authorizing build farm public keys"
> +project's build farms? (yes/no)"; then
> +        for host in "${hosts[@]}"; do
> +            guix archive --authorize \
> +                 < "~root/.config/guix/current/share/guix/$host.pub" \
> +                && _msg "${PAS}Authorized public key for $host"
> +        done
> +    else
> +        _msg "${INF}Skipped authorizing build farm public keys"
>      fi
>  }
>  
>  sys_create_init_profile()
>  { # Define for better desktop integration
>    # This will not take effect until the next shell or desktop session!
>      [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
>      cat <<"EOF" > /etc/profile.d/guix.sh
>  # _GUIX_PROFILE: `guix pull` profile
>  _GUIX_PROFILE="$HOME/.config/guix/current"
>  export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
>  # Export INFOPATH so that the updated info pages can be found
>  # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
>  # When INFOPATH is unset, add a trailing colon so that Emacs
>  # searches 'Info-default-directory-list'.

Tested on a VM:

./guix-install.sh: line 500: ~root/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub: No such file or directory
root@ubuntu:~# echo $?
1

I think we should fetch the keys from our online repo, so we can ensure

1. they are available
2. they are up to date.

Thanks!

Maxim




^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#59781: bug#50892: [PATCH] guix-install.sh: Authorize all project build farms at once.
  2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
@ 2022-12-08 11:34   ` Ludovic Courtès
  2022-12-08 21:27     ` [bug#50892] " pelzflorian (Florian Pelz)
  2022-12-08 21:42     ` bug#59781: bug#50892: [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Bug reports for GNU Guix
  0 siblings, 2 replies; 8+ messages in thread
From: Ludovic Courtès @ 2022-12-08 11:34 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 59781, pelzflorian (Florian Pelz), 50892

[-- Attachment #1: Type: text/plain, Size: 456 bytes --]

Hi,

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> Tobias Geerinckx-Rice via Guix-patches via 写道:
>> +                 <
>> "~root/.config/guix/current/share/guix/$host.pub" \
>
> This file is missing for bordeaux in the 1.3.0 release, so this would
> have to wait until the next one…

If there are no objections I’d like to push to ‘master’ and
‘version-1.4.0’ this modified version of your patch.

Thanks,
Ludo’.


[-- Attachment #2: the patch --]
[-- Type: text/x-patch, Size: 1722 bytes --]

From f13e03d57ae9784a349bfa2eab0285e2c5b58eb7 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Wed, 29 Sep 2021 17:43:10 +0200
Subject: [PATCH] guix-install.sh: Authorize all project build farms at once.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* etc/guix-install.sh (sys_authorize_build_farms):
Iterate over all hosts.

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
---
 etc/guix-install.sh | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 6bef21bb7e..fb9006b3e2 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -492,14 +492,22 @@ sys_enable_guix_daemon()
 }
 
 sys_authorize_build_farms()
-{ # authorize the public key of the build farm
+{ # authorize the public key(s) of the build farm(s)
+    local hosts=(
+	ci.guix.gnu.org
+	bordeaux.guix.gnu.org
+    )
+
     if prompt_yes_no "Permit downloading pre-built package binaries from the \
-project's build farm?"; then
-        guix archive --authorize \
-             < ~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub \
-            && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
-        else
-            _msg "${INF}Skipped authorizing build farm public keys"
+project's build farms?"; then
+	for host in "${hosts[@]}"; do
+	    local key=~root/.config/guix/current/share/guix/$host.pub
+	    [ -f "$key" ] \
+		&& guix archive --authorize < "$key" \
+		&& _msg "${PAS}Authorized public key for $host"
+	done
+    else
+        _msg "${INF}Skipped authorizing build farm public keys"
     fi
 }
 
-- 
2.38.1


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.
  2022-12-08 11:34   ` bug#59781: bug#50892: " Ludovic Courtès
@ 2022-12-08 21:27     ` pelzflorian (Florian Pelz)
  2022-12-09  9:01       ` bug#50892: bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux Ludovic Courtès
  2022-12-08 21:42     ` bug#59781: bug#50892: [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Bug reports for GNU Guix
  1 sibling, 1 reply; 8+ messages in thread
From: pelzflorian (Florian Pelz) @ 2022-12-08 21:27 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 59781, Tobias Geerinckx-Rice, 50892

Ludovic Courtès <ludo@gnu.org> writes:
> If there are no objections I’d like to push to ‘master’ and
> ‘version-1.4.0’ this modified version of your patch.

Thank you two, this patch works (on 1.3.0 only ci.guix.gnu.org, on
1.4.0rc1 also bordeaux, except when I decline authorization).

Regards,
Florian




^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#59781: bug#50892: [PATCH] guix-install.sh: Authorize all project build farms at once.
  2022-12-08 11:34   ` bug#59781: bug#50892: " Ludovic Courtès
  2022-12-08 21:27     ` [bug#50892] " pelzflorian (Florian Pelz)
@ 2022-12-08 21:42     ` Tobias Geerinckx-Rice via Bug reports for GNU Guix
  2022-12-09  9:09       ` [bug#50892] bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux Ludovic Courtès
  1 sibling, 1 reply; 8+ messages in thread
From: Tobias Geerinckx-Rice via Bug reports for GNU Guix @ 2022-12-08 21:42 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 59781, 50892

[-- Attachment #1: Type: text/plain, Size: 415 bytes --]

Ludovic Courtès 写道:
> If there are no objections I’d like to push to ‘master’ and
> ‘version-1.4.0’ this modified version of your patch.

No objections, thanks!

(Ugh, this patch is so ugly, all to work around that triplication 
in ~/.config/guix/current/share/guix/*.pub…  Would it be OK for 
‘guix archive --authorize’ to silently ignore duplicate keys?)

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* bug#50892: bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux
  2022-12-08 21:27     ` [bug#50892] " pelzflorian (Florian Pelz)
@ 2022-12-09  9:01       ` Ludovic Courtès
  0 siblings, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2022-12-09  9:01 UTC (permalink / raw)
  To: pelzflorian (Florian Pelz); +Cc: 50892-done, Tobias Geerinckx-Rice, 59781-done

Hi,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>> If there are no objections I’d like to push to ‘master’ and
>> ‘version-1.4.0’ this modified version of your patch.
>
> Thank you two, this patch works (on 1.3.0 only ci.guix.gnu.org, on
> 1.4.0rc1 also bordeaux, except when I decline authorization).

Pushed to both branches.  Thanks to the two of you!

Ludo’.




^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#50892] bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux
  2022-12-08 21:42     ` bug#59781: bug#50892: [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Bug reports for GNU Guix
@ 2022-12-09  9:09       ` Ludovic Courtès
  0 siblings, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2022-12-09  9:09 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: 59781, 50892

[-- Attachment #1: Type: text/plain, Size: 394 bytes --]

Hi,

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> (Ugh, this patch is so ugly, all to work around that triplication in
> ~/.config/guix/current/share/guix/*.pub…  Would it be OK for ‘guix
> archive --authorize’ to silently ignore duplicate keys?)

Oh, good point.  I guess we could change ‘public-keys->acl’ to
deduplicate entries.  Maybe something along these lines:


[-- Attachment #2: Type: text/x-patch, Size: 1240 bytes --]

diff --git a/guix/pki.scm b/guix/pki.scm
index 6326e065e9..c5b2fb9634 100644
--- a/guix/pki.scm
+++ b/guix/pki.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,6 +21,7 @@ (define-module (guix pki)
   #:use-module (gcrypt pk-crypto)
   #:use-module ((guix utils) #:select (with-atomic-file-output))
   #:use-module ((guix build utils) #:select (mkdir-p))
+  #:autoload   (srfi srfi-1) (delete-duplicates)
   #:use-module (ice-9 match)
   #:use-module (ice-9 rdelim)
   #:use-module (ice-9 binary-ports)
@@ -61,9 +62,10 @@ (define (public-keys->acl keys)
   ;; want to have name certificates and to use subject names instead of
   ;; complete keys.
   `(acl ,@(map (lambda (key)
-                 `(entry ,(canonical-sexp->sexp key)
+                 `(entry ,key
                          (tag (guix import))))
-               keys)))
+               (delete-duplicates
+                (map canonical-sexp->sexp keys)))))
 
 (define %acl-file
   (string-append %config-directory "/acl"))

[-- Attachment #3: Type: text/plain, Size: 21 bytes --]


WDYT?

Ludo’.

^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2022-12-09  9:11 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-09-29 15:43 [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Guix-patches via
2021-09-29 16:49 ` Tobias Geerinckx-Rice via Guix-patches via
2022-12-08 11:34   ` bug#59781: bug#50892: " Ludovic Courtès
2022-12-08 21:27     ` [bug#50892] " pelzflorian (Florian Pelz)
2022-12-09  9:01       ` bug#50892: bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux Ludovic Courtès
2022-12-08 21:42     ` bug#59781: bug#50892: [PATCH] guix-install.sh: Authorize all project build farms at once Tobias Geerinckx-Rice via Bug reports for GNU Guix
2022-12-09  9:09       ` [bug#50892] bug#59781: [version 1.4.0rc1] install.sh script should authorize bordeaux Ludovic Courtès
2021-09-29 16:51 ` [bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once Maxim Cournoyer

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.