GNU bug report logs -
#29814
impossible to pass spaces in GUIX_BUILD_OPTIONS
Previous Next
Full log
View this message in rfc822 format
Mark H Weaver <mhw <at> netris.org> skribis:
> ludo <at> gnu.org (Ludovic Courtès) writes:
[...]
>> Yes, this is annoying. I think --substitute-urls (plural) was
>> misguided. Instead we should instead have --substitute-url (singular),
>> which could be repeated several times. That would solve the troubles
>> with spaces.
>>
>> During a transition period we could keep accepting --substitute-urls.
>
> I require a way to clear the list of substitute urls, because last I
> checked --no-substitutes doesn't fully inhibit use of the substitute
> servers. For example, I found that when grafting, substitute servers
> were queried even when --no-substitutes is passed to the daemon. I
> guess that's to determine the set of references found in the build
> outputs, to optimize the grafting process. However, a compromised
> substitute server (or a man-in-the-middle in possession of our signing
> key) could send me the wrong set of references, and thus cause my system
> to perform incomplete grafts, with some dependencies omitted from the
> list of rewrites.
AFAIK when ‘guix-daemon --no-substitutes’ is running what you describe
is impossible. If the impossible happens, could you report a bug?
> My current method to avoid trusting the substitute servers is to pass
> both --no-substitutes and --substitute-urls "" to the daemon. If we
> deprecate the use of --substitute-urls, how will I clear the list?
Normally, both for the daemon and for clients, --no-substitutes should
achieve what you want. If not, we should really fix it.
Thanks,
Ludo’.
This bug report was last modified 7 years and 168 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.