From patchwork Mon Dec 3 15:53:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 382 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 5CEC5167E4; Mon, 3 Dec 2018 16:55:51 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) by mira.cbaines.net (Postfix) with ESMTPS id 0B924167E0 for ; Mon, 3 Dec 2018 16:55:51 +0000 (GMT) Received: from localhost ([::1]:50636 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTrVd-0005Dx-PH for patchwork@mira.cbaines.net; Mon, 03 Dec 2018 11:55:49 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59214) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTqYr-0006gJ-Uw for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gTqYp-0001HH-V0 for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:55087) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gTqYo-0001FE-Vm for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gTqYo-0006JX-Tb for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#33600] [PATCH 1/3] etc: Add "ci.guix.info.pub" public key file. References: <20181203154335.10366-1-ludo@gnu.org> In-Reply-To: <20181203154335.10366-1-ludo@gnu.org> Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 03 Dec 2018 15:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33600 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 33600@debbugs.gnu.org Received: via spool by 33600-submit@debbugs.gnu.org id=B33600.154385245024181 (code B ref 33600); Mon, 03 Dec 2018 15:55:02 +0000 Received: (at 33600) by debbugs.gnu.org; 3 Dec 2018 15:54:10 +0000 Received: from localhost ([127.0.0.1]:59342 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gTqXw-0006Hp-2K for submit@debbugs.gnu.org; Mon, 03 Dec 2018 10:54:10 -0500 Received: from eggs.gnu.org ([208.118.235.92]:49049) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gTqXn-0006Gv-8s for 33600@debbugs.gnu.org; Mon, 03 Dec 2018 10:54:03 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gTqXg-0008Rz-As for 33600@debbugs.gnu.org; Mon, 03 Dec 2018 10:53:54 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57146) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTqXY-0008Lw-WE; Mon, 03 Dec 2018 10:53:45 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=55142 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gTqXY-0007yI-K9; Mon, 03 Dec 2018 10:53:44 -0500 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 3 Dec 2018 16:53:33 +0100 Message-Id: <20181203155335.10629-1-ludo@gnu.org> X-Mailer: git-send-email 2.19.2 MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * etc/substitutes/ci.guix.info.pub: New file. * Makefile.am (dist_pkgdata_DATA): Add it. * guix/self.scm (miscellaneous-files): Add "share/guix/ci.guix.info.pub". --- Makefile.am | 3 ++- etc/substitutes/ci.guix.info.pub | 1 + guix/self.scm | 3 +++ 3 files changed, 6 insertions(+), 1 deletion(-) create mode 120000 etc/substitutes/ci.guix.info.pub diff --git a/Makefile.am b/Makefile.am index 32cebd5917..6803666a57 100644 --- a/Makefile.am +++ b/Makefile.am @@ -459,7 +459,8 @@ check-system: $(GOBJECTS) # Public key used to sign substitutes from hydra.gnu.org & co. dist_pkgdata_DATA = \ etc/substitutes/hydra.gnu.org.pub \ - etc/substitutes/berlin.guixsd.org.pub + etc/substitutes/berlin.guixsd.org.pub \ + etc/substitutes/ci.guix.info.pub # Bash completion file. dist_bashcompletion_DATA = etc/completion/bash/guix \ diff --git a/etc/substitutes/ci.guix.info.pub b/etc/substitutes/ci.guix.info.pub new file mode 120000 index 0000000000..b1d1e4d763 --- /dev/null +++ b/etc/substitutes/ci.guix.info.pub @@ -0,0 +1 @@ +berlin.guixsd.org.pub \ No newline at end of file diff --git a/guix/self.scm b/guix/self.scm index 8476c422ec..f2db3dbf52 100644 --- a/guix/self.scm +++ b/guix/self.scm @@ -428,6 +428,9 @@ load path." ,(file-append* source "/etc/substitutes/hydra.gnu.org.pub")) ("share/guix/berlin.guixsd.org.pub" + ,(file-append* source + "/etc/substitutes/berlin.guixsd.org.pub")) + ("share/guix/ci.guix.info.pub" ;alias ,(file-append* source "/etc/substitutes/berlin.guixsd.org.pub"))))) (define* (whole-package name modules dependencies From patchwork Mon Dec 3 15:53:34 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 380 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 1CF4E167E4; Mon, 3 Dec 2018 16:41:37 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) by mira.cbaines.net (Postfix) with ESMTPS id 15AE0167E0 for ; Mon, 3 Dec 2018 16:41:36 +0000 (GMT) Received: from localhost ([::1]:50531 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTrHq-0000qF-Vq for patchwork@mira.cbaines.net; Mon, 03 Dec 2018 11:41:35 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59227) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTqYs-0006gi-Co for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gTqYq-0001Hl-1j for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:55088) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gTqYp-0001Fp-Hm for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gTqYp-0006Je-Gk for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:03 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#33600] [PATCH 2/3] Remove most references to hydra.gnu.org. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 03 Dec 2018 15:55:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33600 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 33600@debbugs.gnu.org Received: via spool by 33600-submit@debbugs.gnu.org id=B33600.154385245524194 (code B ref 33600); Mon, 03 Dec 2018 15:55:03 +0000 Received: (at 33600) by debbugs.gnu.org; 3 Dec 2018 15:54:15 +0000 Received: from localhost ([127.0.0.1]:59344 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gTqXy-0006Hy-3s for submit@debbugs.gnu.org; Mon, 03 Dec 2018 10:54:14 -0500 Received: from eggs.gnu.org ([208.118.235.92]:49053) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gTqXn-0006Gx-V9 for 33600@debbugs.gnu.org; Mon, 03 Dec 2018 10:54:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gTqXe-0008Qp-GZ for 33600@debbugs.gnu.org; Mon, 03 Dec 2018 10:53:54 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57147) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTqXZ-0008Mh-Tn; Mon, 03 Dec 2018 10:53:45 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=55142 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gTqXZ-0007yI-E3; Mon, 03 Dec 2018 10:53:45 -0500 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 3 Dec 2018 16:53:34 +0100 Message-Id: <20181203155335.10629-2-ludo@gnu.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181203155335.10629-1-ludo@gnu.org> References: <20181203155335.10629-1-ludo@gnu.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * Makefile.am (assert-binaries-available): Don't mention hydra.gnu.org in comment. * build-aux/check-available-binaries.scm: Likewise. * build-aux/check-final-inputs-self-contained.scm: Likewise. * doc/guix.texi (SUBSTITUTE-SERVER): New variable. Use it throughout instead of "mirror.hydra.gnu.org". * doc/contributing.texi (Submitting Patches): Likewise. * gnu/services/base.scm (hydra-key-authorization) (guix-activation): Remove mentions of "hydra.gnu.org" in comments and messages. * gnu/system/install.scm (%installation-services): Likewise. * guix/scripts/size.scm (guix-size): Likewise. --- Makefile.am | 2 +- build-aux/check-available-binaries.scm | 4 +- .../check-final-inputs-self-contained.scm | 2 +- doc/contributing.texi | 2 +- doc/guix.texi | 56 ++++++++++--------- gnu/services/base.scm | 4 +- gnu/system/install.scm | 2 +- guix/scripts/size.scm | 2 +- 8 files changed, 38 insertions(+), 36 deletions(-) diff --git a/Makefile.am b/Makefile.am index 6803666a57..a7a67e81cf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -763,7 +763,7 @@ assert-no-store-file-names: $(distdir)/ChangeLog exit 1 ; \ fi -# Make sure hydra.gnu.org has the important binaries. +# Make sure important substitutes are available. assert-binaries-available: $(GOBJECTS) $(AM_V_at)$(top_builddir)/pre-inst-env "$(GUILE)" \ "$(top_srcdir)/build-aux/check-available-binaries.scm" diff --git a/build-aux/check-available-binaries.scm b/build-aux/check-available-binaries.scm index b832d99935..c80db1a37e 100644 --- a/build-aux/check-available-binaries.scm +++ b/build-aux/check-available-binaries.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -17,7 +17,7 @@ ;;; along with GNU Guix. If not, see . ;;; -;;; Check whether important binaries are available at hydra.gnu.org. +;;; Check whether important binaries are available. ;;; (use-modules (guix store) diff --git a/build-aux/check-final-inputs-self-contained.scm b/build-aux/check-final-inputs-self-contained.scm index 37dc883d3c..c819086508 100644 --- a/build-aux/check-final-inputs-self-contained.scm +++ b/build-aux/check-final-inputs-self-contained.scm @@ -17,7 +17,7 @@ ;;; along with GNU Guix. If not, see . ;;; -;;; Check whether important binaries are available at hydra.gnu.org. +;;; Check whether important binaries are available. ;;; (use-modules (guix store) diff --git a/doc/contributing.texi b/doc/contributing.texi index 7417f28d14..c55eb63382 100644 --- a/doc/contributing.texi +++ b/doc/contributing.texi @@ -443,7 +443,7 @@ as timestamps or randomly-generated output in the build result. Another option is to use @command{guix challenge} (@pxref{Invoking guix challenge}). You may run it once the package has been committed and -built by @code{hydra.gnu.org} to check whether it obtains the same +built by @code{@value{SUBSTITUTE-SERVER}} to check whether it obtains the same result as you did. Better yet: Find another machine that can build it and run @command{guix publish}. Since the remote build machine is likely different from yours, this can catch non-determinism issues diff --git a/doc/guix.texi b/doc/guix.texi index b0aa5aa872..d96c35eace 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13,6 +13,9 @@ @set OPENPGP-SIGNING-KEY-ID 3CE464558A84FDC69DB40CFB090B11993D9AEBB5 @set KEY-SERVER pool.sks-keyservers.net +@c The official substitute server used by default. +@set SUBSTITUTE-SERVER ci.guix.info + @copying Copyright @copyright{} 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès@* Copyright @copyright{} 2013, 2014, 2016 Andreas Enge@* @@ -1274,8 +1277,7 @@ remote procedure call (@pxref{The Store}). @anchor{daemon-substitute-urls} Consider @var{urls} the default whitespace-separated list of substitute source URLs. When this option is omitted, -@indicateurl{https://mirror.hydra.gnu.org https://hydra.gnu.org} is used -(@code{mirror.hydra.gnu.org} is a mirror of @code{hydra.gnu.org}). +@indicateurl{https://@value{SUBSTITUTE-SERVER}} is used. This means that substitutes may be downloaded from @var{urls}, as long as they are signed by a trusted signature (@pxref{Substitutes}). @@ -2321,7 +2323,7 @@ also result from derivation builds, can be available as substitutes. @cindex hydra @cindex build farm -The @code{mirror.hydra.gnu.org} server is a front-end to an official build farm +The @code{@value{SUBSTITUTE-SERVER}} server is a front-end to an official build farm that builds packages from Guix continuously for some architectures, and makes them available as substitutes. This is the default source of substitutes; it can be overridden by passing the @@ -2353,22 +2355,22 @@ other substitute server. @cindex substitutes, authorization thereof @cindex access control list (ACL), for substitutes @cindex ACL (access control list), for substitutes -To allow Guix to download substitutes from @code{hydra.gnu.org} or a +To allow Guix to download substitutes from @code{@value{SUBSTITUTE-SERVER}} or a mirror thereof, you must add its public key to the access control list (ACL) of archive imports, using the @command{guix archive} command (@pxref{Invoking guix -archive}). Doing so implies that you trust @code{hydra.gnu.org} to not +archive}). Doing so implies that you trust @code{@value{SUBSTITUTE-SERVER}} to not be compromised and to serve genuine substitutes. -The public key for @code{hydra.gnu.org} is installed along with Guix, in -@code{@var{prefix}/share/guix/hydra.gnu.org.pub}, where @var{prefix} is +The public key for @code{@value{SUBSTITUTE-SERVER}} is installed along with Guix, in +@code{@var{prefix}/share/guix/@value{SUBSTITUTE-SERVER}.pub}, where @var{prefix} is the installation prefix of Guix. If you installed Guix from source, make sure you checked the GPG signature of @file{guix-@value{VERSION}.tar.gz}, which contains this public key file. Then, you can run something like this: @example -# guix archive --authorize < @var{prefix}/share/guix/hydra.gnu.org.pub +# guix archive --authorize < @var{prefix}/share/guix/@value{SUBSTITUTE-SERVER}.pub @end example @quotation Note @@ -2409,7 +2411,7 @@ $ guix build emacs --dry-run @end example @noindent -This indicates that substitutes from @code{hydra.gnu.org} are usable and +This indicates that substitutes from @code{@value{SUBSTITUTE-SERVER}} are usable and will be downloaded, when possible, for future builds. @cindex substitutes, how to disable @@ -2501,9 +2503,9 @@ by a server. Today, each individual's control over their own computing is at the mercy of institutions, corporations, and groups with enough power and determination to subvert the computing infrastructure and exploit its -weaknesses. While using @code{hydra.gnu.org} substitutes can be +weaknesses. While using @code{@value{SUBSTITUTE-SERVER}} substitutes can be convenient, we encourage users to also build on their own, or even run -their own build farm, such that @code{hydra.gnu.org} is less of an +their own build farm, such that @code{@value{SUBSTITUTE-SERVER}} is less of an interesting target. One way to help is by publishing the software you build using @command{guix publish} so that others have one more choice of server to download substitutes from (@pxref{Invoking guix publish}). @@ -3658,11 +3660,11 @@ Read a single-item archive as served by substitute servers low-level operation needed in only very narrow use cases; see below. For example, the following command extracts the substitute for Emacs -served by @code{hydra.gnu.org} to @file{/tmp/emacs}: +served by @code{@value{SUBSTITUTE-SERVER}} to @file{/tmp/emacs}: @example $ wget -O - \ - https://hydra.gnu.org/nar/@dots{}-emacs-24.5 \ + https://@value{SUBSTITUTE-SERVER}/nar/@dots{}-emacs-24.5 \ | bunzip2 | guix archive -x /tmp/emacs @end example @@ -6683,7 +6685,7 @@ but you are actually on an @code{x86_64} machine: @example $ guix build --log-file gdb -s mips64el-linux -https://hydra.gnu.org/log/@dots{}-gdb-7.10 +https://@value{SUBSTITUTE-SERVER}/log/@dots{}-gdb-7.10 @end example You can freely access a huge library of build logs! @@ -8342,7 +8344,7 @@ When @command{guix publish} runs, it spawns an HTTP server which allows anyone with network access to obtain substitutes from it. This means that any machine running Guix can also act as if it were a build farm, since the HTTP interface is compatible with Hydra, the software behind -the @code{hydra.gnu.org} build farm. +the @code{@value{SUBSTITUTE-SERVER}} build farm. For security, each substitute is signed, allowing recipients to check their authenticity and integrity (@pxref{Substitutes}). Because @@ -8579,20 +8581,20 @@ any given store item. The command output looks like this: @smallexample -$ guix challenge --substitute-urls="https://hydra.gnu.org https://guix.example.org" -updating list of substitutes from 'https://hydra.gnu.org'... 100.0% +$ guix challenge --substitute-urls="https://@value{SUBSTITUTE-SERVER} https://guix.example.org" +updating list of substitutes from 'https://@value{SUBSTITUTE-SERVER}'... 100.0% updating list of substitutes from 'https://guix.example.org'... 100.0% /gnu/store/@dots{}-openssl-1.0.2d contents differ: local hash: 0725l22r5jnzazaacncwsvp9kgf42266ayyp814v7djxs7nk963q - https://hydra.gnu.org/nar/@dots{}-openssl-1.0.2d: 0725l22r5jnzazaacncwsvp9kgf42266ayyp814v7djxs7nk963q + https://@value{SUBSTITUTE-SERVER}/nar/@dots{}-openssl-1.0.2d: 0725l22r5jnzazaacncwsvp9kgf42266ayyp814v7djxs7nk963q https://guix.example.org/nar/@dots{}-openssl-1.0.2d: 1zy4fmaaqcnjrzzajkdn3f5gmjk754b43qkq47llbyak9z0qjyim /gnu/store/@dots{}-git-2.5.0 contents differ: local hash: 00p3bmryhjxrhpn2gxs2fy0a15lnip05l97205pgbk5ra395hyha - https://hydra.gnu.org/nar/@dots{}-git-2.5.0: 069nb85bv4d4a6slrwjdy8v1cn4cwspm3kdbmyb81d6zckj3nq9f + https://@value{SUBSTITUTE-SERVER}/nar/@dots{}-git-2.5.0: 069nb85bv4d4a6slrwjdy8v1cn4cwspm3kdbmyb81d6zckj3nq9f https://guix.example.org/nar/@dots{}-git-2.5.0: 0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73 /gnu/store/@dots{}-pius-2.1.1 contents differ: local hash: 0k4v3m9z1zp8xzzizb7d8kjj72f9172xv078sq4wl73vnq9ig3ax - https://hydra.gnu.org/nar/@dots{}-pius-2.1.1: 0k4v3m9z1zp8xzzizb7d8kjj72f9172xv078sq4wl73vnq9ig3ax + https://@value{SUBSTITUTE-SERVER}/nar/@dots{}-pius-2.1.1: 0k4v3m9z1zp8xzzizb7d8kjj72f9172xv078sq4wl73vnq9ig3ax https://guix.example.org/nar/@dots{}-pius-2.1.1: 1cy25x1a4fzq5rk0pmvc8xhwyffnqz95h2bpvqsz2mpvlbccy0gs @dots{} @@ -8612,7 +8614,7 @@ the servers obtained a result different from the local build. @cindex non-determinism, in package builds As an example, @code{guix.example.org} always gets a different answer. -Conversely, @code{hydra.gnu.org} agrees with local builds, except in the +Conversely, @code{@value{SUBSTITUTE-SERVER}} agrees with local builds, except in the case of Git. This might indicate that the build process of Git is non-deterministic, meaning that its output varies as a function of various things that Guix does not fully control, in spite of building @@ -8626,14 +8628,14 @@ To find out what is wrong with this Git binary, we can do something along these lines (@pxref{Invoking guix archive}): @example -$ wget -q -O - https://hydra.gnu.org/nar/@dots{}-git-2.5.0 \ +$ wget -q -O - https://@value{SUBSTITUTE-SERVER}/nar/@dots{}-git-2.5.0 \ | guix archive -x /tmp/git $ diff -ur --no-dereference /gnu/store/@dots{}-git.2.5.0 /tmp/git @end example This command shows the difference between the files resulting from the local build, and the files resulting from the build on -@code{hydra.gnu.org} (@pxref{Overview, Comparing and Merging Files,, +@code{@value{SUBSTITUTE-SERVER}} (@pxref{Overview, Comparing and Merging Files,, diffutils, Comparing and Merging Files}). The @command{diff} command works great for text files. When binary files differ, a better option is @uref{https://diffoscope.org/, Diffoscope}, a tool that helps @@ -8648,7 +8650,7 @@ In the meantime, @command{guix challenge} is one tool to help address the problem. If you are writing packages for Guix, you are encouraged to check -whether @code{hydra.gnu.org} and other substitute servers obtain the +whether @code{@value{SUBSTITUTE-SERVER}} and other substitute servers obtain the same build result as you did with: @example @@ -11238,14 +11240,14 @@ Number of build user accounts to create. @item @code{authorize-key?} (default: @code{#t}) @cindex substitutes, authorization thereof Whether to authorize the substitute keys listed in -@code{authorized-keys}---by default that of @code{hydra.gnu.org} +@code{authorized-keys}---by default that of @code{@value{SUBSTITUTE-SERVER}} (@pxref{Substitutes}). @vindex %default-authorized-guix-keys @item @code{authorized-keys} (default: @var{%default-authorized-guix-keys}) The list of authorized key files for archive imports, as a list of string-valued gexps (@pxref{Invoking guix archive}). By default, it -contains that of @code{hydra.gnu.org} (@pxref{Substitutes}). +contains that of @code{@value{SUBSTITUTE-SERVER}} (@pxref{Substitutes}). @item @code{use-substitutes?} (default: @code{#t}) Whether to use substitutes. @@ -23747,7 +23749,7 @@ system}. @cindex substituter Users can obtain the new package definition simply by running @command{guix pull} (@pxref{Invoking guix pull}). When -@code{hydra.gnu.org} is done building the package, installing the +@code{@value{SUBSTITUTE-SERVER}} is done building the package, installing the package automatically downloads binaries from there (@pxref{Substitutes}). The only place where human intervention is needed is to review and apply the patch. diff --git a/gnu/services/base.scm b/gnu/services/base.scm index 228d3c5926..cee9898d79 100644 --- a/gnu/services/base.scm +++ b/gnu/services/base.scm @@ -1518,7 +1518,7 @@ public key, with GUIX." (let ((status (cdr (waitpid pid)))) (unless (zero? status) (format (current-error-port) "warning: \ -failed to register hydra.gnu.org public key: ~a~%" status)))))))) +failed to register public key '~a': ~a~%" key status)))))))) (define %default-authorized-guix-keys ;; List of authorized substitute keys. @@ -1630,7 +1630,7 @@ failed to register hydra.gnu.org public key: ~a~%" status)))))))) ;; otherwise call 'chown' here, but the problem is that on a COW overlayfs, ;; chown leads to an entire copy of the tree, which is a bad idea. - ;; Optionally authorize hydra.gnu.org's key. + ;; Optionally authorize substitute server keys. (if authorize-key? #~(begin #$@(map (cut hydra-key-authorization <> guix) keys)) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 45b3a0c839..c345ba0626 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -250,7 +250,7 @@ You have been warned. Thanks for being so brave.\x1b[0m ;; The usual services. (syslog-service) - ;; The build daemon. Register the hydra.gnu.org key as trusted. + ;; The build daemon. Register the official server keys as trusted. ;; This allows the installation process to use substitutes by ;; default. (guix-service (guix-configuration (authorize-key? #t))) diff --git a/guix/scripts/size.scm b/guix/scripts/size.scm index 344be40883..25218a2945 100644 --- a/guix/scripts/size.scm +++ b/guix/scripts/size.scm @@ -297,7 +297,7 @@ Report the size of PACKAGE and its dependencies.\n")) (leave (G_ "missing store item argument\n"))) ((files ..1) (leave-on-EPIPE - ;; Turn off grafts because (1) hydra.gnu.org does not serve grafted + ;; Turn off grafts because (1) substitute servers do not serve grafted ;; packages, and (2) they do not make any difference on the ;; resulting size. (parameterize ((%graft? #f)) From patchwork Mon Dec 3 15:53:35 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 381 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 35761167E4; Mon, 3 Dec 2018 16:41:51 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) by mira.cbaines.net (Postfix) with ESMTPS id 933A4167E0 for ; Mon, 3 Dec 2018 16:41:50 +0000 (GMT) Received: from localhost ([::1]:50536 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTrI5-00011q-Ba for patchwork@mira.cbaines.net; Mon, 03 Dec 2018 11:41:49 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:59279) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTqYw-0006m3-67 for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gTqYp-0001HN-VO for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:10 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:55086) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gTqYo-0001CY-E9 for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gTqYo-0006JP-Dt for guix-patches@gnu.org; Mon, 03 Dec 2018 10:55:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#33600] [PATCH 3/3] build: Default to https://ci.guix.info for substitutes. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 03 Dec 2018 15:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 33600 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 33600@debbugs.gnu.org Received: via spool by 33600-submit@debbugs.gnu.org id=B33600.154385244824172 (code B ref 33600); Mon, 03 Dec 2018 15:55:02 +0000 Received: (at 33600) by debbugs.gnu.org; 3 Dec 2018 15:54:08 +0000 Received: from localhost ([127.0.0.1]:59340 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gTqXq-0006HK-Bp for submit@debbugs.gnu.org; Mon, 03 Dec 2018 10:54:07 -0500 Received: from eggs.gnu.org ([208.118.235.92]:49025) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gTqXl-0006Gt-R5 for 33600@debbugs.gnu.org; Mon, 03 Dec 2018 10:54:01 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gTqXe-0008Qc-BJ for 33600@debbugs.gnu.org; Mon, 03 Dec 2018 10:53:52 -0500 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57148) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gTqXa-0008NP-KB; Mon, 03 Dec 2018 10:53:46 -0500 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=55142 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gTqXa-0007yI-Be; Mon, 03 Dec 2018 10:53:46 -0500 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 3 Dec 2018 16:53:35 +0100 Message-Id: <20181203155335.10629-3-ludo@gnu.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181203155335.10629-1-ludo@gnu.org> References: <20181203155335.10629-1-ludo@gnu.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * config-daemon.ac (guix_substitute_urls): Always default to "https://ci.guix.info". * doc/guix.texi (SUBSTITUTE-SERVER): Switch to ci.guix.info. * guix/scripts/build.scm (%default-log-urls): Likewise. * guix/scripts/substitute.scm (%default-substitute-urls): Likewise. * guix/store.scm (%default-substitute-urls): Likewise. --- config-daemon.ac | 10 +--------- doc/guix.texi | 13 ++++--------- guix/scripts/build.scm | 2 +- guix/scripts/substitute.scm | 2 +- guix/store.scm | 2 +- 5 files changed, 8 insertions(+), 21 deletions(-) diff --git a/config-daemon.ac b/config-daemon.ac index aac46817f5..e5b0ee082c 100644 --- a/config-daemon.ac +++ b/config-daemon.ac @@ -120,15 +120,7 @@ if test "x$guix_build_daemon" = "xyes"; then dnl Determine the appropriate default list of substitute URLs (GnuTLS dnl is required so we can default to 'https'.) - case "x$host_cpu" in - xaarch64) - # Currently only berlin.guixsd.org provides aarch64 binaries. - guix_substitute_urls="https://berlin.guixsd.org" - ;; - *) - guix_substitute_urls="https://mirror.hydra.gnu.org" - ;; - esac + guix_substitute_urls="https://ci.guix.info" AC_MSG_CHECKING([for default substitute URLs]) AC_MSG_RESULT([$guix_substitute_urls]) diff --git a/doc/guix.texi b/doc/guix.texi index d96c35eace..a5ae1c65e6 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -14,7 +14,7 @@ @set KEY-SERVER pool.sks-keyservers.net @c The official substitute server used by default. -@set SUBSTITUTE-SERVER ci.guix.info +@set SUBSTITUTE-SERVER mirror.hydra.gnu.org @copying Copyright @copyright{} 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès@* @@ -2374,14 +2374,9 @@ Then, you can run something like this: @end example @quotation Note -Similarly, the @file{berlin.guixsd.org.pub} file contains the public key -for the project's new build farm, reachable at -@indicateurl{https://berlin.guixsd.org}. - -As of this writing @code{berlin.guixsd.org} is being upgraded so it can -better scale up, but you might want to give it a try. It is backed by -20 x86_64/i686 build nodes and may be able to provide substitutes more -quickly than @code{mirror.hydra.gnu.org}. +Similarly, the @file{hydra.gnu.org.pub} file contains the public key +of an independent build farm also run by the project, reachable at +@indicateurl{https://mirror.hydra.gnu.org}. @end quotation Once this is in place, the output of a command like @code{guix build} diff --git a/guix/scripts/build.scm b/guix/scripts/build.scm index 5532c65eb6..0b7da3189e 100644 --- a/guix/scripts/build.scm +++ b/guix/scripts/build.scm @@ -65,7 +65,7 @@ (define %default-log-urls ;; Default base URLs for build logs. - '("http://hydra.gnu.org/log")) + '("http://ci.guix.info/log")) ;; XXX: The following procedure cannot be in (guix store) because of the ;; dependency on (guix derivations). diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm index eb82224016..d6dc9b6448 100755 --- a/guix/scripts/substitute.scm +++ b/guix/scripts/substitute.scm @@ -1052,7 +1052,7 @@ found." (#f ;; This can only happen when this script is not invoked by the ;; daemon. - '("http://hydra.gnu.org")))) + '("http://ci.guix.info")))) (define substitute-urls ;; List of substitute URLs. diff --git a/guix/store.scm b/guix/store.scm index 9dc651b26c..509fd4def6 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -693,7 +693,7 @@ encoding conversion errors." (map (if (false-if-exception (resolve-interface '(gnutls))) (cut string-append "https://" <>) (cut string-append "http://" <>)) - '("mirror.hydra.gnu.org"))) + '("ci.guix.info"))) (define* (set-build-options server #:key keep-failed? keep-going? fallback?