Hi, I'm trying to get myself familiar with Guix and built guix-0.9.0 on a Debian stable machine (only guile-json is fetched from testing).
I try to do all internet communication through Tor: DNS/port 53 outgoing and network accesses of non-`debian-tor'-users are rejected on purpose (like in Tails which is based on Debian). This makes programs fail when they are not (yet) configured for Tor, so is Guix: (0) During the `make' step, a bootstrap `guile-2.0.9' or `guile-2.0.11' is downloaded for several architectures (i686, x86_64, armhf, mipsel). o What is this needed for? guile-2.0.11 is already installed from Debian stable? o IMHO a `make' should not download files. o I could only observe the xz-files to be downloaded but not the GPG signatures. Is the file's integrity checked somehow? o If these files are crucial, I'd prefer the `make' to stop and tell me how to manually download & verify these files. (1) Is it possible to proxy downloads by Guix through Tor? I saw reports that it is apparently possible to set the http_proxy environment variable and then it is used by Guix. Is it also possible to define socks_proxy? (2) What is the current state of checking signatures of source tarballs or git commits/tags? (thread to the same topic: https://lists.gnu.org/archive/html/guix-devel/2015-10/msg00115.html) -- panic
