[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: build: Default to "https://mirror.hydra.gnu.org/" for substitutes
|
From: |
Ludovic Courtès |
|
Subject: |
02/02: build: Default to "https://mirror.hydra.gnu.org/" for substitutes. |
|
Date: |
Wed, 16 Mar 2016 10:28:40 +0000 |
civodul pushed a commit to branch master
in repository guix.
commit df061d079b50111280aa7209b3b3c4cf21fde218
Author: Ludovic Courtès <address@hidden>
Date: Wed Mar 16 10:35:24 2016 +0100
build: Default to "https://mirror.hydra.gnu.org/"; for substitutes.
* config-daemon.ac: Check for (gnutls) and define 'GUIX_SUBSTITUTE_URLS'.
* nix/nix-daemon/guix-daemon.cc (main): Use GUIX_SUBSTITUTE_URLS.
* guix/store.scm (%default-substitute-urls): Use 'https' when (gnutls)
is available.
* doc/guix.texi (Binary Installation): Mention mirrors
(Invoking guix-daemon): Mention mirror.hydra.gnu.org.
(Substitutes): Mention mirrors.
(Invoking guix archive): Show https URLs.
---
config-daemon.ac | 14 ++++++++++++++
doc/guix.texi | 16 +++++++++-------
guix/store.scm | 8 ++++++--
nix/nix-daemon/guix-daemon.cc | 4 ++--
4 files changed, 31 insertions(+), 11 deletions(-)
diff --git a/config-daemon.ac b/config-daemon.ac
index c74ec94..63174d6 100644
--- a/config-daemon.ac
+++ b/config-daemon.ac
@@ -110,6 +110,20 @@ if test "x$guix_build_daemon" = "xyes"; then
dnl Check for <linux/fs.h> (for immutable file support).
AC_CHECK_HEADERS([linux/fs.h])
+ dnl Determine the appropriate default list of substitute URLs.
+ GUILE_MODULE_AVAILABLE([have_gnutls], [(gnutls)])
+ if test "x$have_gnutls" = "xyes"; then
+ guix_substitute_urls="https://mirror.hydra.gnu.org https://hydra.gnu.org";
+ else
+ AC_MSG_WARN([GnuTLS is missing, substitutes will be downloaded in the
clear])
+ guix_substitute_urls="http://mirror.hydra.gnu.org http://hydra.gnu.org";
+ fi
+ AC_MSG_CHECKING([for default substitute URLs])
+ AC_MSG_RESULT([$guix_substitute_urls])
+
+ AC_DEFINE_UNQUOTED([GUIX_SUBSTITUTE_URLS], ["$guix_substitute_urls"],
+ [Default list of substitute URLs used by 'guix-daemon'.])
+
dnl Check whether the 'offload' build hook can be built (uses
dnl 'restore-file-set', which requires unbuffered custom binary input
dnl ports from Guile >= 2.0.10.)
diff --git a/doc/guix.texi b/doc/guix.texi
index 438189f..05ce785 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -448,8 +448,8 @@ Directories,,, texinfo, GNU Texinfo}, for more details on
changing the
Info search path.)
@item
-To use substitutes from @code{hydra.gnu.org} (@pxref{Substitutes}),
-authorize them:
+To use substitutes from @code{hydra.gnu.org} or one of its mirrors
+(@pxref{Substitutes}), authorize them:
@example
# guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub
@@ -912,8 +912,9 @@ remote procedure call (@pxref{The Store}).
@item address@hidden
@anchor{daemon-substitute-urls}
Consider @var{urls} the default whitespace-separated list of substitute
-source URLs. When this option is omitted, @indicateurl{http://hydra.gnu.org}
-is used.
+source URLs. When this option is omitted,
address@hidden://mirror.hydra.gnu.org https://hydra.gnu.org} is used
+(@code{mirror.hydra.gnu.org} is a mirror of @code{hydra.gnu.org}).
This means that substitutes may be downloaded from @var{urls}, as long
as they are signed by a trusted signature (@pxref{Substitutes}).
@@ -1730,7 +1731,8 @@ your system has unpatched security vulnerabilities.
@cindex security
@cindex digital signatures
-To allow Guix to download substitutes from @code{hydra.gnu.org}, you
+To allow Guix to download substitutes from @code{hydra.gnu.org} or a
+mirror thereof, you
must add its public key to the access control list (ACL) of archive
imports, using the @command{guix archive} command (@pxref{Invoking guix
archive}). Doing so implies that you trust @code{hydra.gnu.org} to not
@@ -2199,7 +2201,7 @@ served by @code{hydra.gnu.org} to @file{/tmp/emacs}:
@example
$ wget -O - \
- http://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
+ https://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
| bunzip2 | guix archive -x /tmp/emacs
@end example
@@ -4294,7 +4296,7 @@ but you are actually on an @code{x86_64} machine:
@example
$ guix build --log-file gdb -s mips64el-linux
-http://hydra.gnu.org/log/@dots{}-gdb-7.10
+https://hydra.gnu.org/log/@dots{}-gdb-7.10
@end example
You can freely access a huge library of build logs!
diff --git a/guix/store.scm b/guix/store.scm
index 0124873..ae52628 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -504,8 +504,12 @@ encoding conversion errors."
(status k))))))))
(define %default-substitute-urls
- ;; Default list of substituters.
- '("http://hydra.gnu.org";))
+ ;; Default list of substituters. This is *not* the list used by
+ ;; 'guix-daemon', and few clients use it ('guix build --log-file' uses it.)
+ (map (if (false-if-exception (resolve-interface '(gnutls)))
+ (cut string-append "https://"; <>)
+ (cut string-append "http://"; <>))
+ '("hydra.gnu.org")))
(define* (set-build-options server
#:key keep-failed? keep-going? fallback?
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index 20a0732..d5d33a5 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -1,5 +1,5 @@
/* GNU Guix --- Functional package management for GNU
- Copyright (C) 2012, 2013, 2014, 2015 Ludovic Courtès <address@hidden>
+ Copyright (C) 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <address@hidden>
This file is part of GNU Guix.
@@ -327,7 +327,7 @@ main (int argc, char *argv[])
settings.set ("build-use-substitutes", "true");
/* Use our substitute server by default. */
- settings.set ("substitute-urls", "http://hydra.gnu.org";);
+ settings.set ("substitute-urls", GUIX_SUBSTITUTE_URLS);
#ifdef HAVE_DAEMON_OFFLOAD_HOOK
/* Use our build hook for distributed builds by default. */