GNU bug report logs -
#17122
More problems with --no-substitutes
Previous Next
Reported by: Mark H Weaver <mhw <at> netris.org>
Date: Thu, 27 Mar 2014 16:14:02 UTC
Severity: normal
Done: Mark H Weaver <mhw <at> netris.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
This just happened to me on core-updates, on my YeeLoong:
--8<---------------cut here---------------start------------->8---
mhw:~/guix-core-updates$ ./pre-inst-env guix build -S expect lua zip pth bazaar ocaml
substitute-binary: Backtrace:
substitute-binary: In ice-9/boot-9.scm:
substitute-binary: 157: 0 [catch #t #<catch-closure 107fb4f0> ...]
substitute-binary:
substitute-binary: ice-9/boot-9.scm:157:17: In procedure catch:
substitute-binary: ice-9/boot-9.scm:157:17: In procedure system-async-mark: thread has already exited
C-c C-c
--8<---------------cut here---------------end--------------->8---
No doubt, the "system-async-mark: thread has already exited" is a
problem, but that's not what bothers me.
What disturbs me the most is that 'substitute-binary' is being called at
all. I'm 100% certain that I passed '--no-substitutes' to guix-daemon.
I use a script to start guix-daemon with the options I prefer, to avoid
mistakes. I also just checked with 'ps', and indeed '--no-substitutes'
is there on the command line.
It's very important to me to trust that guix-daemon will not accept
binaries from the internet, even if there's a man-in-the-middle that
pretends to be hydra.gnu.org with mips64el binaries for me.
I'm surprised and concerned that we seem to be having so much trouble
making '--no-substitutes' work reliably. How hard can it be?
Until we get this straightened out, what's the most reliable way for me
to hack the code to ensure that substitutes cannot work, ever?
Mark
This bug report was last modified 11 years and 57 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.