On Fri, 25 Oct 2024 11:17:12 +0200 Andreas Enge <andr...@enge.fr> wrote:
> Hello Denis, Hi, > Am Thu, Oct 24, 2024 at 04:32:33PM +0200 schrieb Denis 'GNUtoo' > Carikli: > > And so I end up being able to download these: > > > $ guix build \ > > > --substitute-urls=https://bordeaux.guix.gnu.org \ > > > --system=i686-linux \ > > > pandoc > > > [...] > > > substituting > > this looks as if you are using too old a Guix daemon; more recent > versions enable the Bordeaux build farm by default. Before I did most of the tests on Guix system, and I only verified that my script that detects the use of Bordeaux worked on both Guix system and a fresh Trisquel 11 VM, with Guix installed through guix-install.sh, without substitutes enabled. But when doing more tests before finishing the patches for GNU Boot[1] I found more issues. Missing Bordeaux in older Debian packages: ------------------------------------------ In debian/rules of the Trisquel package, we have that (modified to fit the ~70 lines limits of mails): > override_dh_install: > dh_install > [...] > # Add /etc/default/acl with the default substitute server, > # with identical output as "guix archive --authorize" > mkdir -p debian/guix/etc/guix/ > printf '(acl\n (entry\n' > \ > debian/guix/etc/guix/acl > sed -e 's,^, ,g' -e 's, $$,,g' \ > etc/substitutes/ci.guix.gnu.org.pub >> \ > debian/guix/etc/guix/acl > printf ' (tag\n (guix import)\n )\n )\n )\n' >> \ > debian/guix/etc/guix/acl Bordeaux is added later on in the Debian package[2]. After testing on Trisquel 11 with the Guix package, as expected, 'guix build --substitute-urls=https://bordeaux.guix.gnu.org' results in ghc being built instead of downloaded. So I'm unsure what to do here. I could ask to add Bordeaux in the Trisquel package but that's probably not the best way to deal with that. Potential issue with /etc/guix/acl ---------------------------------- My previous attempt to workaround the lack of substitutes was to detect bordeaux and force its use if it's authorized. Here's my code (GPLv3+): > (define bordeaux.guix.gnu.org > "(public-key > (ecc > (curve Ed25519) > (q > #7D602902D3A2DBB83F8A0FB98602A754C5493B0B778C8D1DD4E0F41DE14DE34F#)))") > > (if (authorized-key? (string->canonical-sexp bordeaux.guix.gnu.org)) > (display "--substitute-urls=https://bordeaux.guix.gnu.org";)) But in some situations we have: > $ guix repl force-bordeaux-substitute.scm > guix repl: error: open-file: Permission denied: "/etc/guix/acl" So under Trisquel 11 with the guix package we have: > $ ls -la /etc/guix/acl > -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl With Guix system we have: > $ ls -la /etc/guix/acl > -r--r--r-- 1 root root 528 Oct 26 13:53 /etc/guix/acl With 'sudo ./guix-install.sh' with substitutes enabled we have: > $ ls -la /etc/guix/acl > -rw------- 1 root root 355 Oct 26 18:06 /etc/guix/acl And with 'sudo ./guix-install.sh' without substitutes enabled there is no issue since /etc/guix/acl doesn't exist so my detection of Bordeaux works fine. Is this a bug? Should the permissions be the same in all the situations? Beside bugreporting / fixing it in the Debian package and in guix-install.sh, it also brings the question of what to do for previous installations. References: ----------- [1]Since GNU Boot wants to make it as easy as possible to contribute I test builds and changes in various environments (Trisquel 11 + guix-install.sh, guix system, Trisquel 11 + guix package, etc). [2]It's added in the commit 2700105e8f ("debian/rules: Add "bordeaux" substitute server to /etc/guix/acl.") from the https://salsa.debian.org/debian/guix.git/ repository. Denis.
pgpWkl9upr8cn.pgp
Description: OpenPGP digital signature
