~ruther/guix-local

df061d079b50111280aa7209b3b3c4cf21fde218 — Ludovic Courtès 10 years ago 409e4ac 
build: Default to "https://mirror.hydra.gnu.org/" for substitutes.

* config-daemon.ac: Check for (gnutls) and define 'GUIX_SUBSTITUTE_URLS'.
* nix/nix-daemon/guix-daemon.cc (main): Use GUIX_SUBSTITUTE_URLS.
* guix/store.scm (%default-substitute-urls): Use 'https' when (gnutls)
is available.
* doc/guix.texi (Binary Installation): Mention mirrors
(Invoking guix-daemon): Mention mirror.hydra.gnu.org.
(Substitutes): Mention mirrors.
(Invoking guix archive): Show https URLs.
patch browse .tar.gz 
4 files changed, 31 insertions(+), 11 deletions(-)

M config-daemon.ac
M doc/guix.texi
M guix/store.scm
M nix/nix-daemon/guix-daemon.cc

M config-daemon.ac => config-daemon.ac +14 -0
@@ 110,6 110,20 @@ if test "x$guix_build_daemon" = "xyes"; then
  dnl Check for <linux/fs.h> (for immutable file support).
  AC_CHECK_HEADERS([linux/fs.h])

  dnl Determine the appropriate default list of substitute URLs.
  GUILE_MODULE_AVAILABLE([have_gnutls], [(gnutls)])
  if test "x$have_gnutls" = "xyes"; then
    guix_substitute_urls="https://mirror.hydra.gnu.org https://hydra.gnu.org"
  else
    AC_MSG_WARN([GnuTLS is missing, substitutes will be downloaded in the clear])
    guix_substitute_urls="http://mirror.hydra.gnu.org http://hydra.gnu.org"
  fi
  AC_MSG_CHECKING([for default substitute URLs])
  AC_MSG_RESULT([$guix_substitute_urls])

  AC_DEFINE_UNQUOTED([GUIX_SUBSTITUTE_URLS], ["$guix_substitute_urls"],
    [Default list of substitute URLs used by 'guix-daemon'.])

  dnl Check whether the 'offload' build hook can be built (uses
  dnl 'restore-file-set', which requires unbuffered custom binary input
  dnl ports from Guile >= 2.0.10.)


M doc/guix.texi => doc/guix.texi +9 -7
@@ 448,8 448,8 @@ Directories,,, texinfo, GNU Texinfo}, for more details on changing the
Info search path.)

@item
To use substitutes from @code{hydra.gnu.org} (@pxref{Substitutes}),
authorize them:
To use substitutes from @code{hydra.gnu.org} or one of its mirrors
(@pxref{Substitutes}), authorize them:

@example
# guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub


@@ 912,8 912,9 @@ remote procedure call (@pxref{The Store}).
@item --substitute-urls=@var{urls}
@anchor{daemon-substitute-urls}
Consider @var{urls} the default whitespace-separated list of substitute
source URLs.  When this option is omitted, @indicateurl{http://hydra.gnu.org}
is used.
source URLs.  When this option is omitted,
@indicateurl{https://mirror.hydra.gnu.org https://hydra.gnu.org} is used
(@code{mirror.hydra.gnu.org} is a mirror of @code{hydra.gnu.org}).

This means that substitutes may be downloaded from @var{urls}, as long
as they are signed by a trusted signature (@pxref{Substitutes}).


@@ 1730,7 1731,8 @@ your system has unpatched security vulnerabilities.

@cindex security
@cindex digital signatures
To allow Guix to download substitutes from @code{hydra.gnu.org}, you
To allow Guix to download substitutes from @code{hydra.gnu.org} or a
mirror thereof, you
must add its public key to the access control list (ACL) of archive
imports, using the @command{guix archive} command (@pxref{Invoking guix
archive}).  Doing so implies that you trust @code{hydra.gnu.org} to not


@@ 2199,7 2201,7 @@ served by @code{hydra.gnu.org} to @file{/tmp/emacs}:

@example
$ wget -O - \
  http://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
  https://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
  | bunzip2 | guix archive -x /tmp/emacs
@end example



@@ 4294,7 4296,7 @@ but you are actually on an @code{x86_64} machine:

@example
$ guix build --log-file gdb -s mips64el-linux 
http://hydra.gnu.org/log/@dots{}-gdb-7.10
https://hydra.gnu.org/log/@dots{}-gdb-7.10
@end example

You can freely access a huge library of build logs!


M guix/store.scm => guix/store.scm +6 -2
@@ 504,8 504,12 @@ encoding conversion errors."
                              (status   k))))))))

(define %default-substitute-urls
  ;; Default list of substituters.
  '("http://hydra.gnu.org"))
  ;; Default list of substituters.  This is *not* the list used by
  ;; 'guix-daemon', and few clients use it ('guix build --log-file' uses it.)
  (map (if (false-if-exception (resolve-interface '(gnutls)))
           (cut string-append "https://" <>)
           (cut string-append "http://" <>))
       '("hydra.gnu.org")))

(define* (set-build-options server
                            #:key keep-failed? keep-going? fallback?


M nix/nix-daemon/guix-daemon.cc => nix/nix-daemon/guix-daemon.cc +2 -2
@@ 1,5 1,5 @@
/* GNU Guix --- Functional package management for GNU
   Copyright (C) 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
   Copyright (C) 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>

   This file is part of GNU Guix.



@@ 327,7 327,7 @@ main (int argc, char *argv[])
      settings.set ("build-use-substitutes", "true");

      /* Use our substitute server by default.  */
      settings.set ("substitute-urls", "http://hydra.gnu.org");
      settings.set ("substitute-urls", GUIX_SUBSTITUTE_URLS);

#ifdef HAVE_DAEMON_OFFLOAD_HOOK
      /* Use our build hook for distributed builds by default.  */