GNU bug report logs - #67072
[PATCH 0/4] Helping diagnose substitute setup issues

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 11 Nov 2023 11:05:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: 67072 <at> debbugs.gnu.org
Cc: Emmanuel Agullo <emmanuel.agullo <at> inria.fr>, Ludovic Courtès <ludo <at> gnu.org>, Simon Tournier <zimon.toutoune <at> gmail.com>, Christopher Baines <guix <at> cbaines.net>, Josselin Poiret <dev <at> jpoiret.xyz>, Ludovic Courtès <ludo <at> gnu.org>, Mathieu Othacehe <othacehe <at> gnu.org>, Ricardo Wurmus <rekado <at> elephly.net>, Simon Tournier <zimon.toutoune <at> gmail.com>, Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: [bug#67072] [PATCH 0/4] Helping diagnose substitute setup issues
Date: Sat, 11 Nov 2023 12:03:06 +0100

Hello Guix!

While discussing at the Reproducible Software Environments Workshop
yesterday, Emmanuel Agullo and Simon Tournier suggested adding
tools to help diagnose substitute setup issues: to see which
substitutes URLs are being used and whether one of them is unauthorized.

This is a step in that direction.  First ‘guix weather’ and ‘guix
challenge’ now default to the same substitute URLs as guix-daemon
(this was not the case until now because there was no way to get
that information from the daemon).  Second ‘guix weather’ reports
about unauthorized servers, like so:

--8<---------------cut here---------------start------------->8---
$ guix weather coreutils
computing 1 package derivations for x86_64-linux...
looking for 2 store items on https://ci.guix.gnu.org...
guix weather: warning: substitutes from 'https://ci.guix.gnu.org' are unauthorized
hint: To authorize substitute download from `https://ci.guix.gnu.org', the following command
needs to be run as root:

     guix archive --authorize <<EOF
     (public-key 
      (ecc 
       (curve Ed25519)
       (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)
       )
      )
     
     EOF

Alternatively, on Guix System, you can add the signing key above to the
`authorized-keys' field of `guix-configuration'.

See "Getting Substitutes from Other Servers" in the manual for more information.

https://ci.guix.gnu.org ☀
  100.0% substitutes available (2 out of 2)
  at least 19.3 MiB of nars (compressed)
  25.3 MiB on disk (uncompressed)
[…]
--8<---------------cut here---------------end--------------->8---

It turned out to be a low-hanging fruit!

Thoughts?

Ludo’.

Ludovic Courtès (4):
  daemon: Implement ‘substitute-urls’ RPC.
  challenge: Use the same substitute URLs as guix-daemon.
  weather: Use the same substitute URLs as guix-daemon.
  weather: Report unauthorized substitute servers.

 doc/guix.texi                   | 26 ++++++++++++++++---
 guix/scripts/challenge.scm      | 11 +++++---
 guix/scripts/weather.scm        | 46 ++++++++++++++++++++++++++++++---
 guix/store.scm                  | 18 ++++++++++---
 nix/libstore/worker-protocol.hh |  5 ++--
 nix/nix-daemon/nix-daemon.cc    | 17 ++++++++++++
 tests/store.scm                 | 25 ++++++++++++++++--
 7 files changed, 132 insertions(+), 16 deletions(-)


base-commit: 08d94fe20eca47b69678b3eced8749dd02c700a4
-- 
2.41.0
This bug report was last modified 1 year and 166 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.