* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail @ 2017-10-01 10:16 Jan Nieuwenhuizen 2017-10-01 19:20 ` Jan Nieuwenhuizen 2017-10-02 15:09 ` Ludovic Courtès 0 siblings, 2 replies; 26+ messages in thread From: Jan Nieuwenhuizen @ 2017-10-01 10:16 UTC (permalink / raw) To: 28659 Hi! As reported by laertus on irc[0]: guix pull on 0.13 without substitutes fails guix pull Starting download of /tmp/guix-file.3r6cH0 From https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz... ….tar.gz 5.7MiB/s 00:02 | 13.6MiB transferred unpacking '/gnu/store/sginfwnrcfqn1far31gmzlaffd8xlxyy-guix-latest.tar.gz'... Starting download of /gnu/store/c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar.gz From https://github.com/libgit2/libgit2/archive/v0.25.1.tar.gz... following redirection to `https://codeload.github.com/libgit2/libgit2/tar.gz/v0.25.1'... v0.25.1 6.1MiB/s 00:01 | 4.1MiB transferred output path `/gnu/store/c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar.gz' should have sha256 hash `1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s', instead has `0ywcxw1mwd56c8qc14hbx31bf198gxck3nja3laxyglv7l57qp26' cannot build derivation `/gnu/store/z1ky970mnamnbairnpyxxb72qnc485zq-libgit2-0.25.1.drv': 1 dependencies couldn't be built cannot build derivation `/gnu/store/rl7ms8rmbywvydy4qf656g1sdfxafb7r-guile-git-0.0-2.06f9fc3.drv': 1 dependencies couldn't be built guix pull: error: build failed: build of `/gnu/store/rl7ms8rmbywvydy4qf656g1sdfxafb7r-guile-git-0.0-2.06f9fc3.drv' failed because the libgit2-0.25.1 content hash does not check out. I verified this on version-0.13. The same goes for 0.26.0 on master $ guix build -S libgit2 --no-substitutes The following derivations will be built: /gnu/store/5szrmzmfgxk6pylk5fh9bk8apj4x8axf-libgit2-0.26.0.tar.xz.drv /gnu/store/mgh4yjxkxfyqmc7c61vwq4vs8v837602-libgit2-0.26.0.tar.gz.drv @ build-started /gnu/store/mgh4yjxkxfyqmc7c61vwq4vs8v837602-libgit2-0.26.0.tar.gz.drv - x86_64-linux /var/log/guix/drvs/mg//h4yjxkxfyqmc7c61vwq4vs8v837602-libgit2-0.26.0.tar.gz.drv.bz2 Starting download of /gnu/store/53lj4z9cavl7n27r89zjnvyd8fk854kj-libgit2-0.26.0.tar.gz From https://github.com/libgit2/libgit2/archive/v0.26.0.tar.gz... following redirection to `https://codeload.github.com/libgit2/libgit2/tar.gz/v0.26.0'... v0.26.0 4.5MiB 3.1MiB/s 00:01 [####################] 100.0% sha256 hash mismatch for output path `/gnu/store/53lj4z9cavl7n27r89zjnvyd8fk854kj-libgit2-0.26.0.tar.gz' expected: 1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa actual: 1b3figbhp5l83vd37vq6j2narrq4yl9pfw6mw0px0dzb1hz3jqka @ build-failed /gnu/store/mgh4yjxkxfyqmc7c61vwq4vs8v837602-libgit2-0.26.0.tar.gz.drv - 1 sha256 hash mismatch for output path `/gnu/store/53lj4z9cavl7n27r89zjnvyd8fk854kj-libgit2-0.26.0.tar.gz' expected: 1fdk9yhwvl1w1z71ykzcvgh4nsf8scxcbclz5anh98zpplmhmisa actual: 1b3figbhp5l83vd37vq6j2narrq4yl9pfw6mw0px0dzb1hz3jqka cannot build derivation `/gnu/store/5szrmzmfgxk6pylk5fh9bk8apj4x8axf-libgit2-0.26.0.tar.xz.drv': 1 dependencies couldn't be built guix build: error: build failed: build of `/gnu/store/5szrmzmfgxk6pylk5fh9bk8apj4x8axf-libgit2-0.26.0.tar.xz.drv' failed I found no apparent difference in the content -r--r--r-- 1 janneke janneke 4252130 Oct 1 09:08 c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar.gz -rw-r--r-- 1 janneke janneke 4252139 Oct 1 09:09 NEW-c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar.gz -rw-r--r-- 1 janneke janneke 16363520 Oct 1 09:14 c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar -rw-r--r-- 1 janneke janneke 16363520 Oct 1 09:14 NEW-c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar but there's this difference between the tar balls... 12:13:57 janneke@dundal:~/src/guix-0.13 $ cmp -l c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar NEW-c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar 13122049 0 157 13122050 0 162 13122051 0 151 13122052 0 147 13122053 0 151 13122054 0 156 13122055 0 57 13122490 57 0 13122491 157 0 13122492 162 0 13122493 151 0 13122494 147 0 13122495 151 0 13122496 156 0 13270529 0 157 13270530 0 162 13270531 0 151 13270532 0 147 13270533 0 151 13270534 0 156 13270535 0 57 13270972 57 0 13270973 157 0 13270974 162 0 13270975 151 0 13270976 147 0 13270977 151 0 13270978 156 0 13294081 0 157 13294082 0 162 13294083 0 151 13294084 0 147 13294085 0 151 13294086 0 156 13294087 0 57 13294519 57 0 13294520 157 0 13294521 162 0 13294522 151 0 13294523 147 0 13294524 151 0 13294525 156 0 janneke [0] https://gnunet.org/bot/log/guix/2017-10-01#T1517584 -- Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-01 10:16 bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail Jan Nieuwenhuizen @ 2017-10-01 19:20 ` Jan Nieuwenhuizen 2017-10-01 20:42 ` Leo Famulari 2017-10-02 15:09 ` Ludovic Courtès 1 sibling, 1 reply; 26+ messages in thread From: Jan Nieuwenhuizen @ 2017-10-01 19:20 UTC (permalink / raw) To: 28659 Jan Nieuwenhuizen writes: The changing of the libgit-0.26.0 checksum was already reported about 3 weeks ago (github seems to only show relative dates) https://github.com/libgit2/libgit2/issues/4343 and the bug is still open. It seems to be a github thing. As I understand it, currently our options are to update the hash and pray it won't happen again or host libgit2 tarballs ourselves. -- Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-01 19:20 ` Jan Nieuwenhuizen @ 2017-10-01 20:42 ` Leo Famulari 2017-10-01 21:05 ` ng0 2017-10-02 14:57 ` Ludovic Courtès 0 siblings, 2 replies; 26+ messages in thread From: Leo Famulari @ 2017-10-01 20:42 UTC (permalink / raw) To: Jan Nieuwenhuizen; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 1294 bytes --] On Sun, Oct 01, 2017 at 09:20:42PM +0200, Jan Nieuwenhuizen wrote: > Jan Nieuwenhuizen writes: > > The changing of the libgit-0.26.0 checksum was already reported about 3 > weeks ago (github seems to only show relative dates) > > https://github.com/libgit2/libgit2/issues/4343 > > and the bug is still open. It seems to be a github thing. As I > understand it, currently our options are to update the hash and pray it > won't happen again or host libgit2 tarballs ourselves. I contacted GitHub about this issue a few weeks ago and they said that: 1) They do not guarantee bit-reproducibility of the snapshots they generate automatically for each release tag, and they wish that people would not rely on them as we do. However, since people *are* relying on them, they are discussing this issue internally. 2) This is the relevant code change: https://git.kernel.org/pub/scm/git/git.git/commit/?id=22f0dcd9634a818a0c83f23ea1a48f2d620c0546 In the meantime, we can add this to the list of reasons that reproducibility is difficult in the long term. I don't have any solutions in mind besides keeping substitutes available for as long as possible and, for users, using substitutes. We might also petition upstream projects to offer a "real" release tarball. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-01 20:42 ` Leo Famulari @ 2017-10-01 21:05 ` ng0 2017-10-02 14:57 ` Ludovic Courtès 1 sibling, 0 replies; 26+ messages in thread From: ng0 @ 2017-10-01 21:05 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 1685 bytes --] Leo Famulari transcribed 2.3K bytes: > On Sun, Oct 01, 2017 at 09:20:42PM +0200, Jan Nieuwenhuizen wrote: > > Jan Nieuwenhuizen writes: > > > > The changing of the libgit-0.26.0 checksum was already reported about 3 > > weeks ago (github seems to only show relative dates) > > > > https://github.com/libgit2/libgit2/issues/4343 > > > > and the bug is still open. It seems to be a github thing. As I > > understand it, currently our options are to update the hash and pray it > > won't happen again or host libgit2 tarballs ourselves. > > I contacted GitHub about this issue a few weeks ago and they said that: > > 1) They do not guarantee bit-reproducibility of the snapshots they > generate automatically for each release tag, and they wish that people > would not rely on them as we do. However, since people *are* relying on > them, they are discussing this issue internally. > 2) This is the relevant code change: > https://git.kernel.org/pub/scm/git/git.git/commit/?id=22f0dcd9634a818a0c83f23ea1a48f2d620c0546 > > In the meantime, we can add this to the list of reasons that > reproducibility is difficult in the long term. > > I don't have any solutions in mind besides keeping substitutes available > for as long as possible and, for users, using substitutes. We might also > petition upstream projects to offer a "real" release tarball. Given that we depend on this for our core functionality, can't we just keep this on our ftp directory at gnu.org as a fall-back source in a list? -- ng0 GnuPG: A88C8ADD129828D7EAC02E52E22F9BBFEE348588 GnuPG: https://krosos.org/dist/keys/ https://www.infotropique.org https://krosos.org [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-01 20:42 ` Leo Famulari 2017-10-01 21:05 ` ng0 @ 2017-10-02 14:57 ` Ludovic Courtès 2017-10-02 18:19 ` Leo Famulari 1 sibling, 1 reply; 26+ messages in thread From: Ludovic Courtès @ 2017-10-02 14:57 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 Hi! Leo Famulari <leo@famulari.name> skribis: > I contacted GitHub about this issue a few weeks ago and they said that: > > 1) They do not guarantee bit-reproducibility of the snapshots they > generate automatically for each release tag, and they wish that people > would not rely on them as we do. However, since people *are* relying on > them, they are discussing this issue internally. Oh?! Then we’re in trouble. Perhaps we should start using ‘git-fetch’ more, with Software Heritage as a fallback content-addressed mirror? Though again the difficulty is that SWH uses Git’s method to hash directory contents, so we’d end up having to provide both a Nix hash and a Git hash in ‘origin’. :-/ > In the meantime, we can add this to the list of reasons that > reproducibility is difficult in the long term. Heh. Ludo’. ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 14:57 ` Ludovic Courtès @ 2017-10-02 18:19 ` Leo Famulari 2017-10-02 22:47 ` Maxim Cournoyer 0 siblings, 1 reply; 26+ messages in thread From: Leo Famulari @ 2017-10-02 18:19 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 1516 bytes --] On Mon, Oct 02, 2017 at 04:57:38PM +0200, Ludovic Courtès wrote: > Hi! > > Leo Famulari <leo@famulari.name> skribis: > > > I contacted GitHub about this issue a few weeks ago and they said that: > > > > 1) They do not guarantee bit-reproducibility of the snapshots they > > generate automatically for each release tag, and they wish that people > > would not rely on them as we do. However, since people *are* relying on > > them, they are discussing this issue internally. > > Oh?! Then we’re in trouble. I wonder, are there really that many affected packages? My sense is that most GitHub-hosted projects offer their own release tarballs in addition to the problematic auto-generated snapshots, and we tend to prefer the upstream-provided tarballs in this case. We'd need to survey our package sources to know what sort of reaction is most appropriate. In general, we should try to make Guix as resilient as possible to unstable upstream sources, since the problem is not limited to GitHub. > Perhaps we should start using ‘git-fetch’ more, with Software Heritage > as a fallback content-addressed mirror? Though again the difficulty is > that SWH uses Git’s method to hash directory contents, so we’d end up > having to provide both a Nix hash and a Git hash in ‘origin’. :-/ And the Git hashes will change from SHA1 to SHA256 sooner or later, and SHA1 hashes will become less reliable as CPUs get faster (collision attacks), compounding the problem... [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 18:19 ` Leo Famulari @ 2017-10-02 22:47 ` Maxim Cournoyer 2017-10-03 12:31 ` Ludovic Courtès 2017-10-03 14:24 ` Leo Famulari 0 siblings, 2 replies; 26+ messages in thread From: Maxim Cournoyer @ 2017-10-02 22:47 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 Leo Famulari <leo@famulari.name> writes: > On Mon, Oct 02, 2017 at 04:57:38PM +0200, Ludovic Courtès wrote: >> Hi! >> >> Leo Famulari <leo@famulari.name> skribis: >> >> > I contacted GitHub about this issue a few weeks ago and they said that: >> > >> > 1) They do not guarantee bit-reproducibility of the snapshots they >> > generate automatically for each release tag, and they wish that people >> > would not rely on them as we do. However, since people *are* relying on >> > them, they are discussing this issue internally. >> >> Oh?! Then we’re in trouble. > > I wonder, are there really that many affected packages? There's a list here: https://github.com/Homebrew/homebrew-core/issues/18044, compiled by one of the homebrew project's maintainers. Maxim ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 22:47 ` Maxim Cournoyer @ 2017-10-03 12:31 ` Ludovic Courtès 2017-10-03 14:24 ` Leo Famulari 1 sibling, 0 replies; 26+ messages in thread From: Ludovic Courtès @ 2017-10-03 12:31 UTC (permalink / raw) To: Maxim Cournoyer; +Cc: 28659 Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis: > Leo Famulari <leo@famulari.name> writes: > >> On Mon, Oct 02, 2017 at 04:57:38PM +0200, Ludovic Courtès wrote: >>> Hi! >>> >>> Leo Famulari <leo@famulari.name> skribis: >>> >>> > I contacted GitHub about this issue a few weeks ago and they said that: >>> > >>> > 1) They do not guarantee bit-reproducibility of the snapshots they >>> > generate automatically for each release tag, and they wish that people >>> > would not rely on them as we do. However, since people *are* relying on >>> > them, they are discussing this issue internally. >>> >>> Oh?! Then we’re in trouble. >> >> I wonder, are there really that many affected packages? > > There's a list here: > https://github.com/Homebrew/homebrew-core/issues/18044, compiled by one > of the homebrew project's maintainers. Interesting. Thanks for the link! Ludo’. ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 22:47 ` Maxim Cournoyer 2017-10-03 12:31 ` Ludovic Courtès @ 2017-10-03 14:24 ` Leo Famulari 2017-10-04 4:22 ` Maxim Cournoyer 1 sibling, 1 reply; 26+ messages in thread From: Leo Famulari @ 2017-10-03 14:24 UTC (permalink / raw) To: Maxim Cournoyer; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 570 bytes --] On Mon, Oct 02, 2017 at 06:47:06PM -0400, Maxim Cournoyer wrote: > Leo Famulari <leo@famulari.name> writes: > > I wonder, are there really that many affected packages? > > There's a list here: > https://github.com/Homebrew/homebrew-core/issues/18044, compiled by one > of the homebrew project's maintainers. I meant, how many Guix packages use the auto-generated GitHub snapshots? I believe the tell-tale sign is that the download link will have the link text 'Source code', as for this release: https://github.com/libgit2/libgit2/releases/tag/v0.26.0 [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-03 14:24 ` Leo Famulari @ 2017-10-04 4:22 ` Maxim Cournoyer 2017-10-04 16:54 ` Leo Famulari 0 siblings, 1 reply; 26+ messages in thread From: Maxim Cournoyer @ 2017-10-04 4:22 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 640 bytes --] Leo Famulari <leo@famulari.name> writes: > On Mon, Oct 02, 2017 at 06:47:06PM -0400, Maxim Cournoyer wrote: >> Leo Famulari <leo@famulari.name> writes: >> > I wonder, are there really that many affected packages? >> >> There's a list here: >> https://github.com/Homebrew/homebrew-core/issues/18044, compiled by one >> of the homebrew project's maintainers. > > I meant, how many Guix packages use the auto-generated GitHub snapshots? > > I believe the tell-tale sign is that the download link will have the > link text 'Source code', as for this release: > > https://github.com/libgit2/libgit2/releases/tag/v0.26.0 The following script: [-- Attachment #2: find-affected-github-packages.scm --] [-- Type: text/plain, Size: 1355 bytes --] ;;; A script to find packages possibly affected by GitHub ;;; infrastructure update that caused minor changes in the ;;; automatically generated tarballs. (use-modules (ice-9 match) (gnu packages) (guix download) (guix packages)) (define (problematic-uri? uri) (define (contains-github-archive? uri) (string-match "github.com/.*/archive/" uri)) ;; URI can be a string or a list of string. (match uri ((uri1 uri2 ...) ;match list of strings (filter contains-github-archive? uri)) (uri1 ;match string (contains-github-archive? uri1)))) (define (problematic-github-package? package) (let ((source (package-source package))) (and (origin? source) (eq? (origin-method source) url-fetch) (problematic-uri? (origin-uri source))))) (define (problematic-github-packages) "List of all the potentially problematic GitHub packages." (fold-packages (lambda (p r) (if (problematic-github-package? p) (cons p r) r)) '())) (define (main) "Find and print the names of the potentially problematic GitHub packages." (let ((packages (problematic-github-packages))) (format #t "Number of potentially problematic GitHub packages:~a~%" (length packages)) (for-each (lambda (p) (format #t "~a~%" (package-name p))) packages))) ;;; Run the program. (main) [-- Attachment #3: Type: text/plain, Size: 771 bytes --] outputs that there could be up to 1011 affected packages. The scripts checks for a url-fetch uri of the form "github.com/.*/archive/", which seems to be the one used for the dynamically generated archives. Here are the first 10 lines of the output: --8<---------------cut here---------------start------------->8--- Number of potentially problematic GitHub packages:1011 fdupes cbatticon sedsed cpulimit autojump sudo thermald progress dstat [...] --8<---------------cut here---------------end--------------->8--- I've checked the first few with for example: --8<---------------cut here---------------start------------->8--- guix build --source --no-substitutes sedsed --8<---------------cut here---------------end--------------->8--- and they were OK though. Maxim ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-04 4:22 ` Maxim Cournoyer @ 2017-10-04 16:54 ` Leo Famulari 2017-10-04 23:53 ` Maxim Cournoyer 0 siblings, 1 reply; 26+ messages in thread From: Leo Famulari @ 2017-10-04 16:54 UTC (permalink / raw) To: Maxim Cournoyer; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 390 bytes --] On Wed, Oct 04, 2017 at 12:22:34AM -0400, Maxim Cournoyer wrote: > Here are the first 10 lines of the output: > --8<---------------cut here---------------start------------->8--- > Number of potentially problematic GitHub packages:1011 > fdupes > cbatticon > sedsed > cpulimit > autojump > sudo I think the script is buggy; sudo's source is not downloaded from GitHub as far as I can tell. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-04 16:54 ` Leo Famulari @ 2017-10-04 23:53 ` Maxim Cournoyer 2017-10-05 4:52 ` Maxim Cournoyer 0 siblings, 1 reply; 26+ messages in thread From: Maxim Cournoyer @ 2017-10-04 23:53 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 632 bytes --] Leo Famulari <leo@famulari.name> writes: > On Wed, Oct 04, 2017 at 12:22:34AM -0400, Maxim Cournoyer wrote: >> Here are the first 10 lines of the output: >> --8<---------------cut here---------------start------------->8--- >> Number of potentially problematic GitHub packages:1011 >> fdupes >> cbatticon >> sedsed >> cpulimit >> autojump >> sudo > > I think the script is buggy; sudo's source is not downloaded from GitHub > as far as I can tell. Good catch! I was assuming empty lists were falsy, but that's not the case! I've ensured purely boolean predicates now and it gets the list down to 650. Here's the corrected script: [-- Attachment #2: find-problematic-github-packages.scm --] [-- Type: text/plain, Size: 1386 bytes --] ;;; A script to find packages possibly affected by GitHub ;;; infrastructure update that caused minor changes in the ;;; automatically generated tarballs. (use-modules (ice-9 match) (gnu packages) (guix download) (guix packages)) (define (problematic-uri? uri) (define (contains-github-archive? uri) (regexp-match? (string-match "github.com/.*/archive/" uri))) ;; URI can be a string or a list of string. (match uri ((uri1 uri2 ...) ;match list of strings (not (null? (filter contains-github-archive? uri)))) (uri1 ;match string (contains-github-archive? uri1)))) (define (problematic-github-package? package) (let ((source (package-source package))) (and (origin? source) (eq? (origin-method source) url-fetch) (problematic-uri? (origin-uri source))))) (define (problematic-github-packages) "List of all the potentially problematic GitHub packages." (fold-packages (lambda (p r) (if (problematic-github-package? p) (cons p r) r)) '())) (define (main) "Find and print the names of the potentially problematic GitHub packages." (let ((packages (problematic-github-packages))) (format #t "Number of potentially problematic GitHub packages: ~a~%" (length packages)) (for-each (lambda (p) (format #t "~a~%" (package-name p))) packages))) ;;; Run the program. (main) [-- Attachment #3: Type: text/plain, Size: 350 bytes --] And sample output: --8<---------------cut here---------------start------------->8--- Number of potentially problematic GitHub packages: 650 fdupes cbatticon cpulimit thefuck thermald neofetch autojump progress nnn [...] wxwidgets xclip xcape sxhkd maim slop tinyxml2 xlsx2csv --8<---------------cut here---------------end--------------->8--- Maxim ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-04 23:53 ` Maxim Cournoyer @ 2017-10-05 4:52 ` Maxim Cournoyer 2017-10-05 6:08 ` Jan Nieuwenhuizen 0 siblings, 1 reply; 26+ messages in thread From: Maxim Cournoyer @ 2017-10-05 4:52 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 I've modified the script to sort the packages it prints: --8<---------------cut here---------------start------------->8--- - (for-each (lambda (p) - (format #t "~a~%" (package-name p))) - packages))) + (for-each (lambda (name) + (format #t "~a~%" name)) + (sort (map package-name packages) string<?)))) --8<---------------cut here---------------end--------------->8--- and compared it to the list here: https://github.com/Homebrew/homebrew-core/issues/18044 If we can trust the Homebrew list to be extensive, it seems we got lucky; there's only one affected package that we share which is yaml-cpp. Here's how it fails on our side: --8<---------------cut here---------------start------------->8--- guix build -S --no-substitutes yaml-cpp The following derivation will be built: /gnu/store/mlap8jmadirnbii6sppb6vj9x56s8azw-yaml-cpp-0.5.3.tar.gz.drv @ build-started /gnu/store/mlap8jmadirnbii6sppb6vj9x56s8azw-yaml-cpp-0.5.3.tar.gz.drv - x86_64-linux /var/log/guix/drvs/ml//ap8jmadirnbii6sppb6vj9x56s8azw-yaml-cpp-0.5.3.tar.gz.drv.bz2 Starting download of /gnu/store/qwflwafrzjbr2b7dy4nv18nxykghhmnk-yaml-cpp-0.5.3.tar.gz From https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.5.3.tar.gz... following redirection to `https://codeload.github.com/jbeder/yaml-cpp/tar.gz/yaml-cpp-0.5.3'... ...p-0.5.3 1.7MiB/s 00:01 | 1.9MiB transferred sha256 hash mismatch for output path `/gnu/store/qwflwafrzjbr2b7dy4nv18nxykghhmnk-yaml-cpp-0.5.3.tar.gz' expected: 1vk6pjh0f5k6jwk2sszb9z5169whmiha9ainbdpa1arxlkq7v3b6 actual: 1ck7jk0wjfigrf4cgcjqsir4yp1s6vamhhxhpsgfvs46pgm5pk6y @ build-failed /gnu/store/mlap8jmadirnbii6sppb6vj9x56s8azw-yaml-cpp-0.5.3.tar.gz.drv - 1 sha256 hash mismatch for output path `/gnu/store/qwflwafrzjbr2b7dy4nv18nxykghhmnk-yaml-cpp-0.5.3.tar.gz' expected: 1vk6pjh0f5k6jwk2sszb9z5169whmiha9ainbdpa1arxlkq7v3b6 actual: 1ck7jk0wjfigrf4cgcjqsir4yp1s6vamhhxhpsgfvs46pgm5pk6y guix build: error: build failed: build of `/gnu/store/mlap8jmadirnbii6sppb6vj9x56s8azw-yaml-cpp-0.5.3.tar.gz.drv' failed --8<---------------cut here---------------end--------------->8--- Maxim ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-05 4:52 ` Maxim Cournoyer @ 2017-10-05 6:08 ` Jan Nieuwenhuizen 0 siblings, 0 replies; 26+ messages in thread From: Jan Nieuwenhuizen @ 2017-10-05 6:08 UTC (permalink / raw) To: Maxim Cournoyer; +Cc: 28659 Maxim Cournoyer writes: > If we can trust the Homebrew list to be extensive, it seems we got > lucky; there's only one affected package that we share which is > yaml-cpp. Here's how it fails on our side: I needed to also use (ice-9 regex) and then I found these to fail antlr3 csound erlang font-google-material-design-icons fritzing libgit2 lxqt-common ogre plexus-interpolation red-eclipse yaml-cpp out of 646 packages it's not many but it includes our core dependency libgit2 which breaks guix pull --no-substitutes; that's hardly being lucky? janneke -- Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-01 10:16 bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail Jan Nieuwenhuizen 2017-10-01 19:20 ` Jan Nieuwenhuizen @ 2017-10-02 15:09 ` Ludovic Courtès 2017-10-02 17:05 ` Jan Nieuwenhuizen 2017-10-02 18:22 ` Leo Famulari 1 sibling, 2 replies; 26+ messages in thread From: Ludovic Courtès @ 2017-10-02 15:09 UTC (permalink / raw) To: Jan Nieuwenhuizen; +Cc: 28659 Hello, Jan Nieuwenhuizen <janneke@gnu.org> skribis: > As reported by laertus on irc[0]: guix pull on 0.13 without substitutes fails I just checked and we do have substitutes, but I understand it doesn’t help here. > guix pull > > Starting download of /tmp/guix-file.3r6cH0 > From https://git.savannah.gnu.org/cgit/guix.git/snapshot/master.tar.gz... > ….tar.gz 5.7MiB/s 00:02 | 13.6MiB transferred > unpacking '/gnu/store/sginfwnrcfqn1far31gmzlaffd8xlxyy-guix-latest.tar.gz'... > > Starting download of /gnu/store/c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar.gz > From https://github.com/libgit2/libgit2/archive/v0.25.1.tar.gz... > following redirection to `https://codeload.github.com/libgit2/libgit2/tar.gz/v0.25.1'... > v0.25.1 6.1MiB/s 00:01 | 4.1MiB transferred > output path `/gnu/store/c3npgqn9ag2ypi9bda1g779wwwlcqqrf-libgit2-0.25.1.tar.gz' should have sha256 hash `1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s', instead has `0ywcxw1mwd56c8qc14hbx31bf198gxck3nja3laxyglv7l57qp26' What’s sad here is that we do have the right tarball at: https://mirror.hydra.gnu.org/file/libgit2-0.25.1.tar.gz/sha256/1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s The problem is that the hash check is performed by guix-daemon itself, not by “guix perform-download”. So when guix-daemon diagnoses a hash mismatch, it’s too late and we cannot try again and use the content-addressed mirror. A crude but helpful fix would be to have perform-download compute the hash by itself and act accordingly. It’s crude because that means that we’d be computing the hash twice: once in ‘guix perform-download’ and a second time in guix-daemon. For archives below ~20 MiB it’s probably OK though. Thoughts? In the future, with the daemon written in Guile, it’s one area where we could achieve better integration and coordination among the various pieces. Ludo’. ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 15:09 ` Ludovic Courtès @ 2017-10-02 17:05 ` Jan Nieuwenhuizen 2017-10-02 18:22 ` Leo Famulari 1 sibling, 0 replies; 26+ messages in thread From: Jan Nieuwenhuizen @ 2017-10-02 17:05 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 28659 Ludovic Courtès writes: > What’s sad here is that we do have the right tarball at: > > https://mirror.hydra.gnu.org/file/libgit2-0.25.1.tar.gz/sha256/1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s Sad indeed! > The problem is that the hash check is performed by guix-daemon itself, > not by “guix perform-download”. So when guix-daemon diagnoses a hash > mismatch, it’s too late and we cannot try again and use the > content-addressed mirror. Why don't we try our content-addressed mirror first? > A crude but helpful fix would be to have perform-download compute the > hash by itself and act accordingly. It’s crude because that means that > we’d be computing the hash twice: once in ‘guix perform-download’ and a > second time in guix-daemon. For archives below ~20 MiB it’s probably OK > though. > > Thoughts? We may want more guix hackers' viewpoints here, I don't feel very qualified...As this would be a temporary workaround only until we have > In the future, with the daemon written in Guile, it’s one area where we > could achieve better integration and coordination among the various > pieces. ...it might be fine? Do we want/need to bring out a new release for this, e.g. 0.13.1, or even 0.14? I'm not sure how bad it is that --no-substitutes does not work. I think working on guix pull to not compile everything locally may have priority? janneke -- Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 15:09 ` Ludovic Courtès 2017-10-02 17:05 ` Jan Nieuwenhuizen @ 2017-10-02 18:22 ` Leo Famulari 2017-10-02 20:00 ` Ludovic Courtès 1 sibling, 1 reply; 26+ messages in thread From: Leo Famulari @ 2017-10-02 18:22 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 644 bytes --] On Mon, Oct 02, 2017 at 05:09:39PM +0200, Ludovic Courtès wrote: > What’s sad here is that we do have the right tarball at: > > https://mirror.hydra.gnu.org/file/libgit2-0.25.1.tar.gz/sha256/1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s It seems to me that there are several reasons someone may choose not to use substitutes. Some of those reasons (reproducibility and security concerns) are obviated for fixed-output derivations like upstream sources, and I think it would be fine to still use substitutes for these derivations. But the motivations of privacy, self-sufficiency, etc are not addressed by that idea. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 18:22 ` Leo Famulari @ 2017-10-02 20:00 ` Ludovic Courtès 2017-10-02 20:22 ` Jan Nieuwenhuizen 2017-10-20 21:17 ` Leo Famulari 0 siblings, 2 replies; 26+ messages in thread From: Ludovic Courtès @ 2017-10-02 20:00 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 Leo Famulari <leo@famulari.name> skribis: > On Mon, Oct 02, 2017 at 05:09:39PM +0200, Ludovic Courtès wrote: >> What’s sad here is that we do have the right tarball at: >> >> https://mirror.hydra.gnu.org/file/libgit2-0.25.1.tar.gz/sha256/1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s Just to be clear: this URL is not that of a substitute, but that of a content-addressed file (corresponding to the output of a fixed-output derivation.) > It seems to me that there are several reasons someone may choose not to > use substitutes. Some of those reasons (reproducibility and security > concerns) are obviated for fixed-output derivations like upstream > sources, and I think it would be fine to still use substitutes for these > derivations. > > But the motivations of privacy, self-sufficiency, etc are not addressed > by that idea. Right. Jan suggested checking the content-addressed mirrors *before* the real upstream address. That would address the problem of upstream sources modified in-place, but at the cost of privacy/self-sufficiency as you note. (Though it’s not really making “privacy” any worse in this case: it’s gnu.org vs. github.com.) Perhaps we should make content-addressed mirrors configurable in a way that’s orthogonal to derivations, something similar in spirit to --substitute-urls? The difficulty is that content-addressed mirrors are not just URLs; see (guix download). Thoughts? Ludo’. ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 20:00 ` Ludovic Courtès @ 2017-10-02 20:22 ` Jan Nieuwenhuizen 2017-10-02 20:29 ` Leo Famulari 2017-10-03 12:30 ` Ludovic Courtès 2017-10-20 21:17 ` Leo Famulari 1 sibling, 2 replies; 26+ messages in thread From: Jan Nieuwenhuizen @ 2017-10-02 20:22 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 28659 Ludovic Courtès writes: > Right. Jan suggested checking the content-addressed mirrors *before* > the real upstream address. That would address the problem of upstream > sources modified in-place, but at the cost of privacy/self-sufficiency > as you note. (Though it’s not really making “privacy” any worse in this > case: it’s gnu.org vs. github.com.) Yes, that may not preferrable in general without override. > Perhaps we should make content-addressed mirrors configurable in a way > that’s orthogonal to derivations, something similar in spirit to > --substitute-urls? The difficulty is that content-addressed mirrors are > not just URLs; see (guix download). Hmm. I'm not sure what problem we are solving. Should we only do this for github(-like) tarballs? Do we see this problem with other sources, should we prevent it? Possibly github will never do something like this again. Or we could banish github/gitlab(?) auto-generated tarballs and go for git checkouts+commits? janneke -- Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 20:22 ` Jan Nieuwenhuizen @ 2017-10-02 20:29 ` Leo Famulari 2017-10-03 12:30 ` Ludovic Courtès 1 sibling, 0 replies; 26+ messages in thread From: Leo Famulari @ 2017-10-02 20:29 UTC (permalink / raw) To: Jan Nieuwenhuizen; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 654 bytes --] On Mon, Oct 02, 2017 at 10:22:33PM +0200, Jan Nieuwenhuizen wrote: > Hmm. I'm not sure what problem we are solving. Should we only do this > for github(-like) tarballs? Do we see this problem with other sources, > should we prevent it? Possibly github will never do something like this > again. Or we could banish github/gitlab(?) auto-generated tarballs and > go for git checkouts+commits? Files referenced by URL (location-addressing vs content-addressing) have been changed in place by a variety of hosters and upstream projects since I've started paying attention to these issues. I don't think we need to do anything special regarding GitHub. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 20:22 ` Jan Nieuwenhuizen 2017-10-02 20:29 ` Leo Famulari @ 2017-10-03 12:30 ` Ludovic Courtès 1 sibling, 0 replies; 26+ messages in thread From: Ludovic Courtès @ 2017-10-03 12:30 UTC (permalink / raw) To: Jan Nieuwenhuizen; +Cc: 28659 Jan Nieuwenhuizen <janneke@gnu.org> skribis: > Ludovic Courtès writes: [...] >> Perhaps we should make content-addressed mirrors configurable in a way >> that’s orthogonal to derivations, something similar in spirit to >> --substitute-urls? The difficulty is that content-addressed mirrors are >> not just URLs; see (guix download). > > Hmm. I'm not sure what problem we are solving. Should we only do this > for github(-like) tarballs? Do we see this problem with other sources, > should we prevent it? Possibly github will never do something like this > again. Or we could banish github/gitlab(?) auto-generated tarballs and > go for git checkouts+commits? Content-addressed mirrors help with disappearing and modified tarballs in general; it’s not just GitHub. Occasionally we see that problem with tarballs coming from elsewhere: 404 is quite frequent, and in-place modification happens from time to time (even on ftp.gnu.org…). Ludo’. ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-02 20:00 ` Ludovic Courtès 2017-10-02 20:22 ` Jan Nieuwenhuizen @ 2017-10-20 21:17 ` Leo Famulari 2017-11-28 13:30 ` Ludovic Courtès 1 sibling, 1 reply; 26+ messages in thread From: Leo Famulari @ 2017-10-20 21:17 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 1025 bytes --] On Mon, Oct 02, 2017 at 10:00:33PM +0200, Ludovic Courtès wrote: > Right. Jan suggested checking the content-addressed mirrors *before* > the real upstream address. That would address the problem of upstream > sources modified in-place, but at the cost of privacy/self-sufficiency > as you note. (Though it’s not really making “privacy” any worse in this > case: it’s gnu.org vs. github.com.) Yeah, I don't personally think there is a privacy issue with fetching sources from our mirrors at gnu.org, or other domains we control. > Perhaps we should make content-addressed mirrors configurable in a way > that’s orthogonal to derivations, something similar in spirit to > --substitute-urls? The difficulty is that content-addressed mirrors are > not just URLs; see (guix download). > > Thoughts? I do think we should make it so that users don't suffer from unreliable upstream sources when we know the sources are available on our servers (or the Nix mirror), even with --no-substitutes. [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 833 bytes --] ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-10-20 21:17 ` Leo Famulari @ 2017-11-28 13:30 ` Ludovic Courtès 2017-12-14 16:53 ` Ludovic Courtès 0 siblings, 1 reply; 26+ messages in thread From: Ludovic Courtès @ 2017-11-28 13:30 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 3524 bytes --] Leo Famulari <leo@famulari.name> skribis: > On Mon, Oct 02, 2017 at 10:00:33PM +0200, Ludovic Courtès wrote: >> Right. Jan suggested checking the content-addressed mirrors *before* >> the real upstream address. That would address the problem of upstream >> sources modified in-place, but at the cost of privacy/self-sufficiency >> as you note. (Though it’s not really making “privacy” any worse in this >> case: it’s gnu.org vs. github.com.) > > Yeah, I don't personally think there is a privacy issue with fetching > sources from our mirrors at gnu.org, or other domains we control. > >> Perhaps we should make content-addressed mirrors configurable in a way >> that’s orthogonal to derivations, something similar in spirit to >> --substitute-urls? The difficulty is that content-addressed mirrors are >> not just URLs; see (guix download). >> >> Thoughts? > > I do think we should make it so that users don't suffer from unreliable > upstream sources when we know the sources are available on our servers > (or the Nix mirror), even with --no-substitutes. The more I think about it, the more I’m inclined to simply move content-addressed mirrors to the front of the list. This means that users, in practice, would be fetching all the source from mirror.hydra.gnu.org. The main issue is making it configurable. Currently the content-addressed mirror configuration for regular files in (guix download) looks like this: --8<---------------cut here---------------start------------->8--- (define %content-addressed-mirrors ;; List of content-addressed mirrors. Each mirror is represented as a ;; procedure that takes a file name, an algorithm (symbol) and a hash ;; (bytevector), and returns a URL or #f. ;; Note: Avoid 'https' to mitigate <http://bugs.gnu.org/22774>. ;; TODO: Add more. '(list (lambda (file algo hash) ;; Files served by 'guix publish' are accessible under a single ;; hash algorithm. (string-append "http://mirror.hydra.gnu.org/file/" file "/" (symbol->string algo) "/" (bytevector->nix-base32-string hash))) (lambda (file algo hash) ;; 'tarballs.nixos.org' supports several algorithms. (string-append "http://tarballs.nixos.org/" (symbol->string algo) "/" (bytevector->nix-base32-string hash))))) --8<---------------cut here---------------end--------------->8--- That for VCS checkouts in (guix build download-nar) looks like this: --8<---------------cut here---------------start------------->8--- (define (urls-for-item item) "Return the fallback nar URL for ITEM--e.g., \"/gnu/store/cabbag3…-foo-1.2-checkout\"." ;; Here we hard-code nar URLs without checking narinfos. That's probably OK ;; though. ;; TODO: Use HTTPS? The downside is the extra dependency. (let ((bases '("http://mirror.hydra.gnu.org/guix" "http://berlin.guixsd.org")) (item (basename item))) (append (map (cut string-append <> "/nar/gzip/" item) bases) (map (cut string-append <> "/nar/" item) bases)))) --8<---------------cut here---------------end--------------->8--- The latter could be expressed by a command-line flag. In fact it’s the same as --substitute-urls. (Time passes…) Thinking more about it, why not simply always enable substitutes for fixed-output derivations, like this: [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: Type: text/x-patch, Size: 813 bytes --] diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index d68e8b2bc..03a8f5080 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -1034,8 +1034,10 @@ void DerivationGoal::haveDerivation() /* We are first going to try to create the invalid output paths through substitutes. If that doesn't work, we'll build - them. */ - if (settings.useSubstitutes && substitutesAllowed(drv)) + them. Always enable substitutes for fixed-output derivations to + protect against disappearing files and in-place modifications on + upstream sites. */ + if ((fixedOutput || settings.useSubstitutes) && substitutesAllowed(drv)) foreach (PathSet::iterator, i, invalidOutputs) addWaitee(worker.makeSubstitutionGoal(*i, buildMode == bmRepair)); [-- Attachment #3: Type: text/plain, Size: 1081 bytes --] This solves all our problems and makes download-nar.scm useless. As an added bonus, it provides a improves the UI since we now always see: --8<---------------cut here---------------start------------->8--- 0.1 MB will be downloaded: /gnu/store/plx9848n6waj6zghn3d54ybx8ihcn23k-guile-git-0.0-4.951a32c-checkout --8<---------------cut here---------------end--------------->8--- … instead of: --8<---------------cut here---------------start------------->8--- The following derivation will be built: /gnu/store/y86rlb6pdm35im7q02y6479ca84zwylz-guile-git-000.0-4.951a32c-checkout.drv --8<---------------cut here---------------end--------------->8--- The downside is that it still requires one to authorize the server’s key, although it’s in theory unnecessary since it’s content addressed. I’m not sure how to solve that because ‘guix substitute’ doesn’t know that it’s substituting a fixed-output derivation. I suppose we’d need to modify the “protocol” between guix-daemon and ‘guix substitute’. Thoughts? Ludo’. ^ permalink raw reply related [flat|nested] 26+ messages in thread
* bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail 2017-11-28 13:30 ` Ludovic Courtès @ 2017-12-14 16:53 ` Ludovic Courtès 2017-12-15 9:30 ` bug#28659: Always enable substitutes for fixed-output derivations Ludovic Courtès 0 siblings, 1 reply; 26+ messages in thread From: Ludovic Courtès @ 2017-12-14 16:53 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 ludo@gnu.org (Ludovic Courtès) skribis: > Thinking more about it, why not simply always enable substitutes for > fixed-output derivations, like this: > > diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc > index d68e8b2bc..03a8f5080 100644 > --- a/nix/libstore/build.cc > +++ b/nix/libstore/build.cc > @@ -1034,8 +1034,10 @@ void DerivationGoal::haveDerivation() > > /* We are first going to try to create the invalid output paths > through substitutes. If that doesn't work, we'll build > - them. */ > - if (settings.useSubstitutes && substitutesAllowed(drv)) > + them. Always enable substitutes for fixed-output derivations to > + protect against disappearing files and in-place modifications on > + upstream sites. */ > + if ((fixedOutput || settings.useSubstitutes) && substitutesAllowed(drv)) > foreach (PathSet::iterator, i, invalidOutputs) > addWaitee(worker.makeSubstitutionGoal(*i, buildMode == bmRepair)); [...] > The downside is that it still requires one to authorize the server’s > key, although it’s in theory unnecessary since it’s content addressed. > I’m not sure how to solve that because ‘guix substitute’ doesn’t know > that it’s substituting a fixed-output derivation. I suppose we’d need > to modify the “protocol” between guix-daemon and ‘guix substitute’. I looked at how to address this by having ‘guix substitute’ automatically determine whether it’s being asked for a content-addressed item or not. The guts of it is this procedure: (define* (content-addressed-item? item hash #:key (hash-algo 'sha256)) "Return true if ITEM, a store file name, is definitely a content-addressed item (result of a fixed-output derivation) with the given HASH of type HASH-ALGO, false otherwise. Note: This procedure is useful when the deriver of ITEM is unknown. In other cases, the recommended approach is to check 'fixed-output-derivation?' on the deriver." ;; XXX: This returns #f for "text" items produced by 'add-text-to-store'. ;; There's not much we can do because the file name for these is a function ;; of their content. (let ((name (store-path-package-name item))) (or (string=? item (fixed-output-path name hash #:recursive? #f #:hash-algo hash-algo)) (string=? item (fixed-output-path name hash #:recursive? #t #:hash-algo hash-algo))))) It works as expected for the result of “recursive fixed-output derivations”—i.e., fixed-output derivations that produce a directory, such as VCS checkouts. However it doesn’t work for fixed-output derivations that produce a flat file, such as origins with the ‘url-fetch’ method. The reason is because in the case of non-recursive derivations, the store file name is computed as a function of the file hash, not as a function of the nar hash, whereas narinfos only contains the nar hash (the thing that ‘guix hash -r’ computes.) So I think we have to communicate more info from the daemon to ‘guix substitute’. Ludo’. ^ permalink raw reply [flat|nested] 26+ messages in thread
* bug#28659: Always enable substitutes for fixed-output derivations 2017-12-14 16:53 ` Ludovic Courtès @ 2017-12-15 9:30 ` Ludovic Courtès 2022-02-03 2:58 ` bug#28659: Content-addressed mirror is not used upon invalid hash zimoun 0 siblings, 1 reply; 26+ messages in thread From: Ludovic Courtès @ 2017-12-15 9:30 UTC (permalink / raw) To: Leo Famulari; +Cc: 28659 [-- Attachment #1: Type: text/plain, Size: 876 bytes --] ludo@gnu.org (Ludovic Courtès) skribis: > So I think we have to communicate more info from the daemon to ‘guix > substitute’. The attached patch addresses that by simply calling out to the daemon to determine whether we’re dealing with a content-addressed item. To summarize, the new behavior is that substitutes are always enabled for fixed-output derivations. That way, people willing to build everything from source can still use ‘--no-substitutes’ and yet be able to retrieve source code without being penalized compared to someone enabling substitutes wholesale. Of course, when substitutes are missing, we fall back to regular downloads or VCS checkouts. It is also still possible to choose where substitutes are downloaded from, using ‘--substitute-urls’, or even to pass an empty list of URLs. Feedback welcome! Ludo’. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: 0001-substitute-Always-allow-substitutes-for-fixed-output.patch --] [-- Type: text/x-patch, Size: 5940 bytes --] From aab42bcb212698bc1f61beb9f321ffbd751f36f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> Date: Fri, 15 Dec 2017 09:57:04 +0100 Subject: [PATCH 1/2] substitute: Always allow substitutes for fixed-output derivation results. Fixes <https://bugs.gnu.org/28659>. * guix/scripts/substitute.scm (content-addressed-item?): New procedure. (valid-narinfo?): Use it. * nix/libstore/build.cc (DerivationGoal::haveDerivation): Always make a substitution goal when 'fixedOutput' is true. * tests/substitute.scm ("query unsigned narinfo for content-addressed item"): New test. --- guix/scripts/substitute.scm | 31 ++++++++++++++++++++++++++++++- nix/libstore/build.cc | 6 ++++-- tests/substitute.scm | 24 +++++++++++++++++++++++- 3 files changed, 57 insertions(+), 4 deletions(-) diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm index 2fd2bf810..670a9b4dd 100755 --- a/guix/scripts/substitute.scm +++ b/guix/scripts/substitute.scm @@ -25,6 +25,9 @@ #:use-module (guix config) #:use-module (guix records) #:use-module ((guix serialization) #:select (restore-file)) + #:use-module ((guix derivations) + #:select (read-derivation-from-file + fixed-output-derivation?)) #:use-module (guix hash) #:use-module (guix base32) #:use-module (guix base64) @@ -406,10 +409,36 @@ No authentication and authorization checks are performed here!" (let ((above-signature (string-take contents index))) (sha256 (string->utf8 above-signature))))))) +(define* (content-addressed-item? item) + "Return true if ITEM is content-addressed---i.e., if ITEM is the result of a +fixed-output derivation." + (guard (c ((nix-connection-error? c) + ;; We failed to connect, maybe because we have the wrong + ;; GUIX_DAEMON_SOCKET? Let's conservatively assume that + ;; nothing's content-addressed. + #f)) + (with-store store + (match (valid-derivers store item) + (() + ;; If there are no valid derivers it's most likely because ITEM is a + ;; source (added with 'add-to-store' or similar). Nevertheless, + ;; since we can't be certain, return #f. + #f) + ((drv . _) + (fixed-output-derivation? + (read-derivation-from-file drv))))))) + (define* (valid-narinfo? narinfo #:optional (acl (current-acl)) #:key verbose?) - "Return #t if NARINFO's signature is not valid." + "Return #t if NARINFO is \"valid\"---signed by an authorized key, or +designating a content-addressed item." (or %allow-unauthenticated-substitutes? + + ;; If NARINFO designates a content-addressed item, there's no point + ;; authenticating it. Don't explicitly check 'narinfo-hash' for + ;; integrity: this will be done by the daemon once we've downloaded it. + (content-addressed-item? (narinfo-path narinfo)) + (let ((hash (narinfo-sha256 narinfo)) (signature (narinfo-signature narinfo)) (uri (uri->string (narinfo-uri narinfo)))) diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index d68e8b2bc..03a8f5080 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -1034,8 +1034,10 @@ void DerivationGoal::haveDerivation() /* We are first going to try to create the invalid output paths through substitutes. If that doesn't work, we'll build - them. */ - if (settings.useSubstitutes && substitutesAllowed(drv)) + them. Always enable substitutes for fixed-output derivations to + protect against disappearing files and in-place modifications on + upstream sites. */ + if ((fixedOutput || settings.useSubstitutes) && substitutesAllowed(drv)) foreach (PathSet::iterator, i, invalidOutputs) addWaitee(worker.makeSubstitutionGoal(*i, buildMode == bmRepair)); diff --git a/tests/substitute.scm b/tests/substitute.scm index 0ad624795..03579b9f1 100644 --- a/tests/substitute.scm +++ b/tests/substitute.scm @@ -21,15 +21,17 @@ #:use-module (guix scripts substitute) #:use-module (guix base64) #:use-module (guix hash) + #:use-module (guix derivations) #:use-module (guix serialization) #:use-module (guix pk-crypto) #:use-module (guix pki) #:use-module (guix config) #:use-module (guix base32) - #:use-module ((guix store) #:select (%store-prefix)) + #:use-module ((guix store) #:select (%store-prefix with-store)) #:use-module ((guix ui) #:select (guix-warning-port)) #:use-module ((guix build utils) #:select (mkdir-p delete-file-recursively)) + #:use-module (guix tests) #:use-module (guix tests http) #:use-module (rnrs bytevectors) #:use-module (rnrs io ports) @@ -241,6 +243,26 @@ a file for NARINFO." (lambda () (guix-substitute "--query")))))))) +(test-assert "query unsigned narinfo for content-addressed item" + (with-store store + (let* ((hash (sha256 (random-bytevector 128))) + (drv (derivation store "content-addressed" + "builtin:download" '() + #:hash-algo 'sha256 #:hash hash))) + (define output + (with-output-to-string + (lambda () + (with-derivation-narinfo drv (sha256 => hash) + (with-input-from-string (string-append "have " + (derivation->output-path drv)) + (lambda () + (set! (@@ (guix scripts substitute) + %allow-unauthenticated-substitutes?) + #f) + (guix-substitute "--query"))))))) + + (string=? (string-trim-both output) (derivation->output-path drv))))) + (test-quit "substitute, no signature" "no valid substitute" (with-narinfo %narinfo -- 2.15.1 [-- Attachment #3: 0002-Revert-download-Download-a-nar-when-a-VCS-checkout-f.patch --] [-- Type: text/x-patch, Size: 14302 bytes --] From 9bcf90b99a79f9f3e126cde5fe1cf51b0dfa58aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> Date: Fri, 15 Dec 2017 10:03:39 +0100 Subject: [PATCH 2/2] Revert "download: Download a nar when a VCS checkout fails." This reverts commit 37ce440dcffa9ff4f5401bacbc9619bd8ea561c1, which is useless now that substitutes are always enabled for content-addressed items. --- Makefile.am | 1 - guix/build/download-nar.scm | 125 -------------------------------------------- guix/cvs-download.scm | 38 ++++---------- guix/git-download.scm | 37 +++---------- guix/hg-download.scm | 36 ++++--------- 5 files changed, 26 insertions(+), 211 deletions(-) delete mode 100644 guix/build/download-nar.scm diff --git a/Makefile.am b/Makefile.am index 85b9ab36d..d2660b0a7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -110,7 +110,6 @@ MODULES = \ guix/ui.scm \ guix/build/ant-build-system.scm \ guix/build/download.scm \ - guix/build/download-nar.scm \ guix/build/cargo-build-system.scm \ guix/build/cmake-build-system.scm \ guix/build/dub-build-system.scm \ diff --git a/guix/build/download-nar.scm b/guix/build/download-nar.scm deleted file mode 100644 index 13f01fb1e..000000000 --- a/guix/build/download-nar.scm +++ /dev/null @@ -1,125 +0,0 @@ -;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org> -;;; -;;; This file is part of GNU Guix. -;;; -;;; GNU Guix is free software; you can redistribute it and/or modify it -;;; under the terms of the GNU General Public License as published by -;;; the Free Software Foundation; either version 3 of the License, or (at -;;; your option) any later version. -;;; -;;; GNU Guix is distributed in the hope that it will be useful, but -;;; WITHOUT ANY WARRANTY; without even the implied warranty of -;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -;;; GNU General Public License for more details. -;;; -;;; You should have received a copy of the GNU General Public License -;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. - -(define-module (guix build download-nar) - #:use-module (guix build download) - #:use-module (guix build utils) - #:use-module (guix serialization) - #:use-module (guix zlib) - #:use-module (guix progress) - #:use-module (web uri) - #:use-module (srfi srfi-11) - #:use-module (srfi srfi-26) - #:use-module (ice-9 format) - #:use-module (ice-9 match) - #:export (download-nar)) - -;;; Commentary: -;;; -;;; Download a normalized archive or "nar", similar to what 'guix substitute' -;;; does. The intent here is to use substitute servers as content-addressed -;;; mirrors of VCS checkouts. This is mostly useful for users who have -;;; disabled substitutes. -;;; -;;; Code: - -(define (urls-for-item item) - "Return the fallback nar URL for ITEM--e.g., -\"/gnu/store/cabbag3…-foo-1.2-checkout\"." - ;; Here we hard-code nar URLs without checking narinfos. That's probably OK - ;; though. - ;; TODO: Use HTTPS? The downside is the extra dependency. - (let ((bases '("http://mirror.hydra.gnu.org/guix" - "http://berlin.guixsd.org")) - (item (basename item))) - (append (map (cut string-append <> "/nar/gzip/" item) bases) - (map (cut string-append <> "/nar/" item) bases)))) - -(define (restore-gzipped-nar port item size) - "Restore the gzipped nar read from PORT, of SIZE bytes (compressed), to -ITEM." - ;; Since PORT is typically a non-file port (for instance because 'http-get' - ;; returns a delimited port), create a child process so we're back to a file - ;; port that can be passed to 'call-with-gzip-input-port'. - (match (pipe) - ((input . output) - (match (primitive-fork) - (0 - (dynamic-wind - (const #t) - (lambda () - (close-port output) - (close-port port) - (catch #t - (lambda () - (call-with-gzip-input-port input - (cut restore-file <> item))) - (lambda (key . args) - (print-exception (current-error-port) - (stack-ref (make-stack #t) 1) - key args) - (primitive-exit 1)))) - (lambda () - (primitive-exit 0)))) - (child - (close-port input) - (dump-port* port output - #:reporter (progress-reporter/file item size - #:abbreviation - store-path-abbreviation)) - (close-port output) - (newline) - (match (waitpid child) - ((_ . status) - (unless (zero? status) - (error "nar decompression failed" status))))))))) - -(define (download-nar item) - "Download and extract the normalized archive for ITEM. Return #t on -success, #f otherwise." - ;; Let progress reports go through. - (setvbuf (current-error-port) _IONBF) - (setvbuf (current-output-port) _IONBF) - - (let loop ((urls (urls-for-item item))) - (match urls - ((url rest ...) - (format #t "Trying content-addressed mirror at ~a...~%" - (uri-host (string->uri url))) - (let-values (((port size) - (catch #t - (lambda () - (http-fetch (string->uri url))) - (lambda args - (values #f #f))))) - (if (not port) - (loop rest) - (begin - (if size - (format #t "Downloading from ~a (~,2h MiB)...~%" url - (/ size (expt 2 20.))) - (format #t "Downloading from ~a...~%" url)) - (if (string-contains url "/gzip") - (restore-gzipped-nar port item size) - (begin - ;; FIXME: Add progress report. - (restore-file port item) - (close-port port))) - #t)))) - (() - #f)))) diff --git a/guix/cvs-download.scm b/guix/cvs-download.scm index 8b46f8ef8..85744c5b5 100644 --- a/guix/cvs-download.scm +++ b/guix/cvs-download.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014 Sree Harsha Totakura <sreeharsha@totakura.in> ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org> ;;; @@ -23,7 +23,6 @@ #:use-module (guix gexp) #:use-module (guix store) #:use-module (guix monads) - #:use-module (guix modules) #:use-module (guix packages) #:use-module (ice-9 match) #:export (cvs-reference @@ -60,35 +59,16 @@ "Return a fixed-output derivation that fetches REF, a <cvs-reference> object. The output is expected to have recursive hash HASH of type HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f." - (define zlib - (module-ref (resolve-interface '(gnu packages compression)) 'zlib)) - - (define config.scm - (scheme-file "config.scm" - #~(begin - (define-module (guix config) - #:export (%libz)) - - (define %libz - #+(file-append zlib "/lib/libz"))))) - - (define modules - (cons `((guix config) => ,config.scm) - (delete '(guix config) - (source-module-closure '((guix build cvs) - (guix build download-nar)))))) (define build - (with-imported-modules modules + (with-imported-modules '((guix build cvs) + (guix build utils)) #~(begin - (use-modules (guix build cvs) - (guix build download-nar)) - - (or (cvs-fetch '#$(cvs-reference-root-directory ref) - '#$(cvs-reference-module ref) - '#$(cvs-reference-revision ref) - #$output - #:cvs-command (string-append #+cvs "/bin/cvs")) - (download-nar #$output))))) + (use-modules (guix build cvs)) + (cvs-fetch '#$(cvs-reference-root-directory ref) + '#$(cvs-reference-module ref) + '#$(cvs-reference-revision ref) + #$output + #:cvs-command (string-append #+cvs "/bin/cvs"))))) (mlet %store-monad ((guile (package->derivation guile system))) (gexp->derivation (or name "cvs-checkout") build diff --git a/guix/git-download.scm b/guix/git-download.scm index 731e549b3..7397cbe7f 100644 --- a/guix/git-download.scm +++ b/guix/git-download.scm @@ -25,7 +25,6 @@ #:use-module (guix monads) #:use-module (guix records) #:use-module (guix packages) - #:use-module (guix modules) #:autoload (guix build-system gnu) (standard-packages) #:use-module (ice-9 match) #:use-module (ice-9 popen) @@ -78,31 +77,12 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f." (standard-packages) '())) - (define zlib - (module-ref (resolve-interface '(gnu packages compression)) 'zlib)) - - (define config.scm - (scheme-file "config.scm" - #~(begin - (define-module (guix config) - #:export (%libz)) - - (define %libz - #+(file-append zlib "/lib/libz"))))) - - (define modules - (cons `((guix config) => ,config.scm) - (delete '(guix config) - (source-module-closure '((guix build git) - (guix build utils) - (guix build download-nar)))))) - (define build - (with-imported-modules modules + (with-imported-modules '((guix build git) + (guix build utils)) #~(begin (use-modules (guix build git) (guix build utils) - (guix build download-nar) (ice-9 match)) ;; The 'git submodule' commands expects Coreutils, sed, @@ -112,13 +92,12 @@ HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f." (((names dirs) ...) dirs))) - (or (git-fetch (getenv "git url") (getenv "git commit") - #$output - #:recursive? (call-with-input-string - (getenv "git recursive?") - read) - #:git-command (string-append #+git "/bin/git")) - (download-nar #$output))))) + (git-fetch (getenv "git url") (getenv "git commit") + #$output + #:recursive? (call-with-input-string + (getenv "git recursive?") + read) + #:git-command (string-append #+git "/bin/git"))))) (mlet %store-monad ((guile (package->derivation guile system))) (gexp->derivation (or name "git-checkout") build diff --git a/guix/hg-download.scm b/guix/hg-download.scm index 6b25b87b6..842098090 100644 --- a/guix/hg-download.scm +++ b/guix/hg-download.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net> ;;; ;;; This file is part of GNU Guix. @@ -22,7 +22,6 @@ #:use-module (guix store) #:use-module (guix monads) #:use-module (guix records) - #:use-module (guix modules) #:use-module (guix packages) #:autoload (guix build-system gnu) (standard-packages) #:use-module (ice-9 match) @@ -60,35 +59,18 @@ "Return a fixed-output derivation that fetches REF, a <hg-reference> object. The output is expected to have recursive hash HASH of type HASH-ALGO (a symbol). Use NAME as the file name, or a generic name if #f." - (define zlib - (module-ref (resolve-interface '(gnu packages compression)) 'zlib)) - - (define config.scm - (scheme-file "config.scm" - #~(begin - (define-module (guix config) - #:export (%libz)) - - (define %libz - #+(file-append zlib "/lib/libz"))))) - - (define modules - (cons `((guix config) => ,config.scm) - (delete '(guix config) - (source-module-closure '((guix build hg) - (guix build download-nar)))))) - (define build - (with-imported-modules modules + (with-imported-modules '((guix build hg) + (guix build utils)) #~(begin (use-modules (guix build hg) - (guix build download-nar)) + (guix build utils) + (ice-9 match)) - (or (hg-fetch '#$(hg-reference-url ref) - '#$(hg-reference-changeset ref) - #$output - #:hg-command (string-append #+hg "/bin/hg")) - (download-nar #$output))))) + (hg-fetch '#$(hg-reference-url ref) + '#$(hg-reference-changeset ref) + #$output + #:hg-command (string-append #+hg "/bin/hg"))))) (mlet %store-monad ((guile (package->derivation guile system))) (gexp->derivation (or name "hg-checkout") build -- 2.15.1 ^ permalink raw reply related [flat|nested] 26+ messages in thread
* bug#28659: Content-addressed mirror is not used upon invalid hash 2017-12-15 9:30 ` bug#28659: Always enable substitutes for fixed-output derivations Ludovic Courtès @ 2022-02-03 2:58 ` zimoun 0 siblings, 0 replies; 26+ messages in thread From: zimoun @ 2022-02-03 2:58 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 28659 Hi Ludo, On Fri, 15 Dec 2017 at 10:30, ludo@gnu.org (Ludovic Courtès) wrote: >> So I think we have to communicate more info from the daemon to ‘guix >> substitute’. > > The attached patch addresses that by simply calling out to the daemon to > determine whether we’re dealing with a content-addressed item. WDYT to rebase this patch [1] and resubmit to guix-patches in order to get more attention and so potential feedback and/or review? 1: <https://issues.guix.gnu.org/issue/28659#26> Cheers, simon ^ permalink raw reply [flat|nested] 26+ messages in thread
end of thread, other threads:[~2022-02-03 3:02 UTC | newest] Thread overview: 26+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-10-01 10:16 bug#28659: v0.13: guix pull fails; libgit2-0.26.0 and 0.25.1 content hashes fail Jan Nieuwenhuizen 2017-10-01 19:20 ` Jan Nieuwenhuizen 2017-10-01 20:42 ` Leo Famulari 2017-10-01 21:05 ` ng0 2017-10-02 14:57 ` Ludovic Courtès 2017-10-02 18:19 ` Leo Famulari 2017-10-02 22:47 ` Maxim Cournoyer 2017-10-03 12:31 ` Ludovic Courtès 2017-10-03 14:24 ` Leo Famulari 2017-10-04 4:22 ` Maxim Cournoyer 2017-10-04 16:54 ` Leo Famulari 2017-10-04 23:53 ` Maxim Cournoyer 2017-10-05 4:52 ` Maxim Cournoyer 2017-10-05 6:08 ` Jan Nieuwenhuizen 2017-10-02 15:09 ` Ludovic Courtès 2017-10-02 17:05 ` Jan Nieuwenhuizen 2017-10-02 18:22 ` Leo Famulari 2017-10-02 20:00 ` Ludovic Courtès 2017-10-02 20:22 ` Jan Nieuwenhuizen 2017-10-02 20:29 ` Leo Famulari 2017-10-03 12:30 ` Ludovic Courtès 2017-10-20 21:17 ` Leo Famulari 2017-11-28 13:30 ` Ludovic Courtès 2017-12-14 16:53 ` Ludovic Courtès 2017-12-15 9:30 ` bug#28659: Always enable substitutes for fixed-output derivations Ludovic Courtès 2022-02-03 2:58 ` bug#28659: Content-addressed mirror is not used upon invalid hash zimoun
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.