Re: Questions about serving substitutes in the local network

Wed, 26 Feb 2025 10:34:25 -0800 

On 26/02/25 18:06, Luis Felipe wrote:

Hi Luis,

On 25/02/25 16:16, Luis Felipe wrote:
I'm exploring how to serve/consume substitutes in the local network using two machines with Guix System installed on them. So far I see two ways of serving substitutes:
1. Running the publish command from a terminal in the server machine. For example: 

   sudo guix publish --user=$USER
2. Reconfiguring the server machine to provide the «guix-publish-service-type». For example: 

   (service guix-publish-service-type
            (guix-publish-configuration
             (advertise? #true)
             (host "0.0.0.0")
             (port 8001)
             (cache "/var/cache/guix/publish")
             (ttl (* 90 24 3600))))
I like the first option for serving substitutes temporarily and the second one for serving substitutes permanently. Right now I'm more interested in the first option though, but I have a question:
Q1. While serving temporarily seems straightforward, would clients have to reconfigure their systems to add the server IP address and authorizing its signing key? Or can this be done in a faster way (I see a --subsitute-urls in guix commands...)?
According to section 5.3.2 Substitute Server Authorization in Guix manual, clients can also authorize signing keys using the low level command «guix archive». Like this:
  # guix archive --authorize < PREFIX/share/guix/some-substitute-server-signing-key.pub
Actually, never mind that. That information is not for Guix System(s), and apparently only intended for authorizing «bordeaux.guix.gnu.org» and «ci.guix.gnu.org» which are already authorized:
«Note: If you are using Guix System, you can skip this section: Guix System authorizes substitutes from ‘bordeaux.guix.gnu.org’ and ‘ci.guix.gnu.org’ by default.»
Also running «guix archive --authorize < some-substitute-server-signing-key.pub» results in a warning message and a suggestion to authorize keys in the OS declaration instead:
«guix archive: aviso: reemplazando el enlace simbólico /etc/guix/acl con un archivo regular consejo: En el Sistema Guix, añadir todas las `authorized-keys' al servicio `guix-service-type' de su `operating-system' 
en su lugar.»

Sorry for misinforming,

Attachment: OpenPGP_0x0AB0D067012F08C3.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to