GNU bug report logs - #50977
digital-ocean-environment-type fails

Previous Next

Package: guix;

Reported by: Florian Hoertlehner <hoertlehner <at> gmail.com>

Date: Sat, 2 Oct 2021 19:51:02 UTC

Severity: normal

Full log

Message #11 received at 50977 <at> debbugs.gnu.org (full text, mbox):

From: Franz Geffke <franz <at> pantherx.org>
To: 50977 <at> debbugs.gnu.org
Subject: digital-ocean-environment-type fails
Date: Mon, 18 Oct 2021 20:40:47 +0100

I've done some more digging. There are various issues with the script
that actually converts the Debian 9 Droplet to Guix.

1. The SSL certificates of gnu.org fail on Debian 9 (since end of Sep).
This appears to be related to a change in LetsEncrypt root certificates
2. The guix binary used is rather old

I don't have time to submit a merge request now. I have adapted the
included script to work on Debian 9 (uncomment 1x line), 11 and Ubuntu
21.04. This should be good until the bug has been resolved.

```
#!/bin/bash

# Guix 1.3.0 on DigitalOcean
# Convert Debian 11 or Ubuntu 21.04

###### MODIFY

TIMEZONE="Europe/Berlin"
LOCALE="en_US.utf8"
USERNAME="guix"
USER_COMMENT="guix's account"
USER_PASSWORD="Gq2M6JqNS2W6mgkY"

###### MODIFY END

CONFIG=/etc/bootstrap-config.scm
CRYPT='$6$abc'

apt-get update -y
apt-get install curl xz-utils -y
# Uncomment this for Debian 9
# sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf
&& update-ca-certificates -f wget
https://ftp.gnu.org/gnu/guix/guix-binary-1.3.0.x86_64-linux.tar.xz cd
/tmp tar --warning=no-timestamp -xf
~/guix-binary-1.3.0.x86_64-linux.tar.xz mv var/guix /var/ && mv gnu /
mkdir -p ~root/.config/guix
ln -sf /var/guix/profiles/per-user/root/current-guix
~root/.config/guix/current export GUIX_PROFILE="`echo
~root`/.config/guix/current" ; source $GUIX_PROFILE/etc/profile
groupadd --system guixbuild
for i in `seq -w 1 10`;
do
   useradd -g guixbuild -G guixbuild         \
           -d /var/empty -s `which nologin`  \
           -c "Guix build user $i" --system  \
           guixbuilder$i;
done;

cp ~root/.config/guix/current/lib/systemd/system/guix-daemon.service
/etc/systemd/system/ systemctl start guix-daemon && systemctl enable
guix-daemon mkdir -p /usr/local/bin
cd /usr/local/bin
ln -s /var/guix/profiles/per-user/root/current-guix/bin/guix
mkdir -p /usr/local/share/info
cd /usr/local/share/info
for i in /var/guix/profiles/per-user/root/current-guix/share/info/*; do
    ln -s $i; done
guix archive --authorize <
~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub # guix pull
guix package -i glibc-utf8-locales
export GUIX_LOCPATH="$HOME/.guix-profile/lib/locale"
guix package -i openssl

HOSTNAME=$(curl -s http://169.254.169.254/metadata/v1/hostname)
PUBLIC_IPV4=$(curl -s
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/address)
NETMASK=$(curl -s
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/netmask)
GATEWAY=$(curl -s
http://169.254.169.254/metadata/v1/interfaces/public/0/ipv4/gateway)

function write_server_config() {
cat >> $CONFIG <<EOL
(use-modules (gnu))
(use-service-modules networking ssh)
(use-package-modules screen ssh certs tls)

(operating-system
  (host-name "${HOSTNAME}")
  (timezone "${TIMEZONE}")
  (locale "${LOCALE}")

  (initrd-modules (append (list "virtio_scsi")
                                %base-initrd-modules))

  (bootloader (bootloader-configuration
               (bootloader grub-bootloader)
               (target "/dev/vda")))
       
  (file-systems (append
        (list (file-system
                (device "/dev/vda1")
                (mount-point "/")
                (type "ext4")))
              %base-file-systems))

  (users (cons (user-account
                (name "${USERNAME}")
                (comment "${USER_COMMENT}")
                (group "users")
		        (password (crypt "${USER_PASSWORD}" "${CRYPT}"))

                (supplementary-groups '("wheel"))
                (home-directory "/home/${USERNAME}"))
               %base-user-accounts))

  ;; Globally-installed packages.
  (packages (cons* screen openssh nss-certs gnutls %base-packages))

  (services (cons* (static-networking-service "eth0" "${PUBLIC_IPV4}"
  #:netmask "${NETMASK}"
  #:gateway "${GATEWAY}"
  #:name-servers '("84.200.69.80" "84.200.70.40"))
  (service openssh-service-type
  		  (openssh-configuration
		  (permit-root-login 'without-password)))
  %base-services)))
EOL
}

write_server_config

# guix pull
guix system build /etc/bootstrap-config.scm
# these appear to be the necessary on Ubuntu 21.04
mv /etc/ssl /etc/bk_ssl
mv /etc/pam.d /etc/bk_pam.d
mv /etc/skel /etc/bk_skel

guix system reconfigure /etc/bootstrap-config.scm
mv /etc /old-etc
mkdir /etc
cp -r
/old-etc/{passwd,group,shadow,gshadow,mtab,guix,bootstrap-config.scm}
/etc/ guix system reconfigure /etc/bootstrap-config.scm

reboot
```
This bug report was last modified 3 years and 243 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.