[bug#50892] [PATCH] guix-install.sh: Authorize all project build farms at once.

[Maxim Cournoyer <maxim.cournoyer@gmail.com>]

Tobias Geerinckx-Rice <me@tobias.gr> writes:

> * etc/guix-install.sh (sys_authorize_build_farms):
> Iterate over all hosts.
> ---
>  etc/guix-install.sh | 23 +++++++++++++++--------
>  1 file changed, 15 insertions(+), 8 deletions(-)
>
> diff --git a/etc/guix-install.sh b/etc/guix-install.sh
> index b0d4a8b95e..e3b8485a50 100755
> --- a/etc/guix-install.sh
> +++ b/etc/guix-install.sh
> @@ -1,21 +1,21 @@
>  #!/bin/sh
>  # GNU Guix --- Functional package management for GNU
>  # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
>  # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
>  # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
> -# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
> +# Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
>  # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
>  # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
>  # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
>  # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
>  # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
>  # Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
>  #
>  # This file is part of GNU Guix.
>  #
>  # GNU Guix is free software; you can redistribute it and/or modify it
>  # under the terms of the GNU General Public License as published by
>  # the Free Software Foundation; either version 3 of the License, or (at
>  # your option) any later version.
>  #
>  # GNU Guix is distributed in the hope that it will be useful, but
> @@ -476,38 +476,45 @@ sys_enable_guix_daemon()
>              ;;
>      esac
>  
>      _msg "${INF}making the guix command available to other users"
>  
>      [ -e "$local_bin" ] || mkdir -p "$local_bin"
>      ln -sf "${var_guix}/bin/guix"  "$local_bin"
>  
>      [ -e "$info_path" ] || mkdir -p "$info_path"
>      for i in "${var_guix}"/share/info/*; do
>          ln -sf "$i" "$info_path"
>      done
>  }
>  
>  sys_authorize_build_farms()
> -{ # authorize the public key of the build farm
> +{ # authorize the public key(s) of the build farm(s)
> +    local hosts=(
> +	ci.guix.gnu.org
> +	bordeaux.guix.gnu.org
> +    )
> +
>      if prompt_yes_no "Permit downloading pre-built package binaries from the \
> -project's build farm? (yes/no)"; then
> -        guix archive --authorize \
> -             < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
> -            && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
> -        else
> -            _msg "${INF}Skipped authorizing build farm public keys"
> +project's build farms? (yes/no)"; then
> +        for host in "${hosts[@]}"; do
> +            guix archive --authorize \
> +                 < "~root/.config/guix/current/share/guix/$host.pub" \
> +                && _msg "${PAS}Authorized public key for $host"
> +        done
> +    else
> +        _msg "${INF}Skipped authorizing build farm public keys"
>      fi
>  }
>  
>  sys_create_init_profile()
>  { # Define for better desktop integration
>    # This will not take effect until the next shell or desktop session!
>      [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
>      cat <<"EOF" > /etc/profile.d/guix.sh
>  # _GUIX_PROFILE: `guix pull` profile
>  _GUIX_PROFILE="$HOME/.config/guix/current"
>  export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
>  # Export INFOPATH so that the updated info pages can be found
>  # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
>  # When INFOPATH is unset, add a trailing colon so that Emacs
>  # searches 'Info-default-directory-list'.

Tested on a VM:

./guix-install.sh: line 500: ~root/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub: No such file or directory
root@ubuntu:~# echo $?
1

I think we should fetch the keys from our online repo, so we can ensure

1. they are available
2. they are up to date.

Thanks!

Maxim