GNU bug report logs -
#59781
[version 1.4.0rc1] install.sh script should authorize bordeaux
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59781 in the body.
You can then email your comments to 59781 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Fri, 02 Dec 2022 17:45:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Fri, 02 Dec 2022 17:45:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Could you make install.sh add bordeaux to /etc/guix/acl? It is
important especially on ARM.
Regards,
Florian
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Fri, 02 Dec 2022 18:09:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 59781 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
pelzflorian (Florian Pelz) 写道:
> Could you make install.sh add bordeaux to /etc/guix/acl? It is
> important especially on ARM.
If you mean guix-install.sh: I did so ages ago, but something
(valid) stopped me from pushing it.
Now I can't for the life of me remember what it was…
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Fri, 02 Dec 2022 18:10:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Fri, 02 Dec 2022 19:36:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 59781 <at> debbugs.gnu.org (full text, mbox):
Tobias Geerinckx-Rice <me <at> tobias.gr> writes:
> If you mean guix-install.sh:
Yes I mean guix-install.sh. :)
Regards,
Florian
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Mon, 05 Dec 2022 14:56:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 59781 <at> debbugs.gnu.org (full text, mbox):
Hi!
Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:
> pelzflorian (Florian Pelz) 写道:
>> Could you make install.sh add bordeaux to /etc/guix/acl? It is
>> important especially on ARM.
>
> If you mean guix-install.sh: I did so ages ago, but something (valid)
> stopped me from pushing it.
>
> Now I can't for the life of me remember what it was…
I think that’s because the key for bordeaux.guix is missing from 1.3.0,
isn’t it?
Can we arrange so that the script authorizes the key if it’s present and
keeps going if not?
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Tue, 06 Dec 2022 10:46:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 59781 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> skribis:
> Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:
>
>> pelzflorian (Florian Pelz) 写道:
>>> Could you make install.sh add bordeaux to /etc/guix/acl? It is
>>> important especially on ARM.
>>
>> If you mean guix-install.sh: I did so ages ago, but something (valid)
>> stopped me from pushing it.
>>
>> Now I can't for the life of me remember what it was…
>
> I think that’s because the key for bordeaux.guix is missing from 1.3.0,
> isn’t it?
Yes, found it:
https://issues.guix.gnu.org/50892
> Can we arrange so that the script authorizes the key if it’s present and
> keeps going if not?
Can you take a look Tobias? If not let me know and I’ll pick it up.
Thanks,
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Thu, 08 Dec 2022 11:35:02 GMT)
Full text and
rfc822 format available.
Message #23 received at 59781 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:
> Tobias Geerinckx-Rice via Guix-patches via 写道:
>> + <
>> "~root/.config/guix/current/share/guix/$host.pub" \
>
> This file is missing for bordeaux in the 1.3.0 release, so this would
> have to wait until the next one…
If there are no objections I’d like to push to ‘master’ and
‘version-1.4.0’ this modified version of your patch.
Thanks,
Ludo’.
[0001-guix-install.sh-Authorize-all-project-build-farms-at.patch (text/x-patch, inline)]
From f13e03d57ae9784a349bfa2eab0285e2c5b58eb7 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <me <at> tobias.gr>
Date: Wed, 29 Sep 2021 17:43:10 +0200
Subject: [PATCH] guix-install.sh: Authorize all project build farms at once.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* etc/guix-install.sh (sys_authorize_build_farms):
Iterate over all hosts.
Co-authored-by: Ludovic Courtès <ludo <at> gnu.org>
---
etc/guix-install.sh | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 6bef21bb7e..fb9006b3e2 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -492,14 +492,22 @@ sys_enable_guix_daemon()
}
sys_authorize_build_farms()
-{ # authorize the public key of the build farm
+{ # authorize the public key(s) of the build farm(s)
+ local hosts=(
+ ci.guix.gnu.org
+ bordeaux.guix.gnu.org
+ )
+
if prompt_yes_no "Permit downloading pre-built package binaries from the \
-project's build farm?"; then
- guix archive --authorize \
- < ~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub \
- && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
- else
- _msg "${INF}Skipped authorizing build farm public keys"
+project's build farms?"; then
+ for host in "${hosts[@]}"; do
+ local key=~root/.config/guix/current/share/guix/$host.pub
+ [ -f "$key" ] \
+ && guix archive --authorize < "$key" \
+ && _msg "${PAS}Authorized public key for $host"
+ done
+ else
+ _msg "${INF}Skipped authorizing build farm public keys"
fi
}
--
2.38.1
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Thu, 08 Dec 2022 21:28:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 59781 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> If there are no objections I’d like to push to ‘master’ and
> ‘version-1.4.0’ this modified version of your patch.
Thank you two, this patch works (on 1.3.0 only ci.guix.gnu.org, on
1.4.0rc1 also bordeaux, except when I decline authorization).
Regards,
Florian
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Thu, 08 Dec 2022 21:47:02 GMT)
Full text and
rfc822 format available.
Message #29 received at 59781 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ludovic Courtès 写道:
> If there are no objections I’d like to push to ‘master’ and
> ‘version-1.4.0’ this modified version of your patch.
No objections, thanks!
(Ugh, this patch is so ugly, all to work around that triplication
in ~/.config/guix/current/share/guix/*.pub… Would it be OK for
‘guix archive --authorize’ to silently ignore duplicate keys?)
Kind regards,
T G-R
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Fri, 09 Dec 2022 09:02:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>:
bug acknowledged by developer.
(Fri, 09 Dec 2022 09:02:02 GMT)
Full text and
rfc822 format available.
Message #34 received at 59781-done <at> debbugs.gnu.org (full text, mbox):
Hi,
"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:
> Ludovic Courtès <ludo <at> gnu.org> writes:
>> If there are no objections I’d like to push to ‘master’ and
>> ‘version-1.4.0’ this modified version of your patch.
>
> Thank you two, this patch works (on 1.3.0 only ci.guix.gnu.org, on
> 1.4.0rc1 also bordeaux, except when I decline authorization).
Pushed to both branches. Thanks to the two of you!
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#59781; Package
guix.
(Fri, 09 Dec 2022 09:11:02 GMT)
Full text and
rfc822 format available.
Message #37 received at 59781 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:
> (Ugh, this patch is so ugly, all to work around that triplication in
> ~/.config/guix/current/share/guix/*.pub… Would it be OK for ‘guix
> archive --authorize’ to silently ignore duplicate keys?)
Oh, good point. I guess we could change ‘public-keys->acl’ to
deduplicate entries. Maybe something along these lines:
[Message part 2 (text/x-patch, inline)]
diff --git a/guix/pki.scm b/guix/pki.scm
index 6326e065e9..c5b2fb9634 100644
--- a/guix/pki.scm
+++ b/guix/pki.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2016 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2013, 2014, 2016, 2022 Ludovic Courtès <ludo <at> gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -21,6 +21,7 @@ (define-module (guix pki)
#:use-module (gcrypt pk-crypto)
#:use-module ((guix utils) #:select (with-atomic-file-output))
#:use-module ((guix build utils) #:select (mkdir-p))
+ #:autoload (srfi srfi-1) (delete-duplicates)
#:use-module (ice-9 match)
#:use-module (ice-9 rdelim)
#:use-module (ice-9 binary-ports)
@@ -61,9 +62,10 @@ (define (public-keys->acl keys)
;; want to have name certificates and to use subject names instead of
;; complete keys.
`(acl ,@(map (lambda (key)
- `(entry ,(canonical-sexp->sexp key)
+ `(entry ,key
(tag (guix import))))
- keys)))
+ (delete-duplicates
+ (map canonical-sexp->sexp keys)))))
(define %acl-file
(string-append %config-directory "/acl"))
[Message part 3 (text/plain, inline)]
WDYT?
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 06 Jan 2023 12:24:09 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 223 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.