impossible to pass spaces in GUIX_BUILD_OPTIONS

  • Open
  • quality assurance status badge
Details
3 participants
  • Martin Castillo
  • Ludovic Courtès
  • Mark H Weaver
Owner
unassigned
Submitted by
Martin Castillo
Severity
normal
M
M
Martin Castillo wrote on 22 Dec 2017 18:58
(address . bug-guix@gnu.org)
cdb8d9eb-880a-ca9d-788e-b96ad9da42e7@uni-bremen.de
guix/util.scm:(arguments-from-envirenment-variable) uses
char-set:graphic to split the string. this makes it impossible to pass
spaces in the arguments.

This makes it impossible to pass more than one substitute-url via the
environment.
L
L
Ludovic Courtès wrote on 22 Dec 2017 22:06
(name . Martin Castillo)(address . castilma@uni-bremen.de)(address . 29814@debbugs.gnu.org)
87a7ya79s3.fsf@gnu.org
Martin Castillo <castilma@uni-bremen.de> skribis:

Toggle quote (7 lines)
> guix/util.scm:(arguments-from-envirenment-variable) uses
> char-set:graphic to split the string. this makes it impossible to pass
> spaces in the arguments.
>
> This makes it impossible to pass more than one substitute-url via the
> environment.

Yes, this is annoying. I think --substitute-urls (plural) was
misguided. Instead we should instead have --substitute-url (singular),
which could be repeated several times. That would solve the troubles
with spaces.

During a transition period we could keep accepting --substitute-urls.

WDYT?

Ludo’.
M
M
Mark H Weaver wrote on 23 Dec 2017 04:36
(name . Ludovic Courtès)(address . ludo@gnu.org)
87fu82m7xu.fsf@netris.org
ludo@gnu.org (Ludovic Courtès) writes:

Toggle quote (16 lines)
> Martin Castillo <castilma@uni-bremen.de> skribis:
>
>> guix/util.scm:(arguments-from-envirenment-variable) uses
>> char-set:graphic to split the string. this makes it impossible to pass
>> spaces in the arguments.
>>
>> This makes it impossible to pass more than one substitute-url via the
>> environment.
>
> Yes, this is annoying. I think --substitute-urls (plural) was
> misguided. Instead we should instead have --substitute-url (singular),
> which could be repeated several times. That would solve the troubles
> with spaces.
>
> During a transition period we could keep accepting --substitute-urls.

I require a way to clear the list of substitute urls, because last I
checked --no-substitutes doesn't fully inhibit use of the substitute
servers. For example, I found that when grafting, substitute servers
were queried even when --no-substitutes is passed to the daemon. I
guess that's to determine the set of references found in the build
outputs, to optimize the grafting process. However, a compromised
substitute server (or a man-in-the-middle in possession of our signing
key) could send me the wrong set of references, and thus cause my system
to perform incomplete grafts, with some dependencies omitted from the
list of rewrites.

My current method to avoid trusting the substitute servers is to pass
both --no-substitutes and --substitute-urls "" to the daemon. If we
deprecate the use of --substitute-urls, how will I clear the list?

Mark
L
L
Ludovic Courtès wrote on 23 Dec 2017 15:14
(name . Mark H Weaver)(address . mhw@netris.org)
877etd5y5r.fsf@gnu.org
Mark H Weaver <mhw@netris.org> skribis:

Toggle quote (2 lines)
> ludo@gnu.org (Ludovic Courtès) writes:

[...]

Toggle quote (18 lines)
>> Yes, this is annoying. I think --substitute-urls (plural) was
>> misguided. Instead we should instead have --substitute-url (singular),
>> which could be repeated several times. That would solve the troubles
>> with spaces.
>>
>> During a transition period we could keep accepting --substitute-urls.
>
> I require a way to clear the list of substitute urls, because last I
> checked --no-substitutes doesn't fully inhibit use of the substitute
> servers. For example, I found that when grafting, substitute servers
> were queried even when --no-substitutes is passed to the daemon. I
> guess that's to determine the set of references found in the build
> outputs, to optimize the grafting process. However, a compromised
> substitute server (or a man-in-the-middle in possession of our signing
> key) could send me the wrong set of references, and thus cause my system
> to perform incomplete grafts, with some dependencies omitted from the
> list of rewrites.

AFAIK when ‘guix-daemon --no-substitutes’ is running what you describe
is impossible. If the impossible happens, could you report a bug?

Toggle quote (4 lines)
> My current method to avoid trusting the substitute servers is to pass
> both --no-substitutes and --substitute-urls "" to the daemon. If we
> deprecate the use of --substitute-urls, how will I clear the list?

Normally, both for the daemon and for clients, --no-substitutes should
achieve what you want. If not, we should really fix it.

Thanks,
Ludo’.
M
M
Martin Castillo wrote on 27 Dec 2017 17:37
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 29814@debbugs.gnu.org)
6e9d5f42-b4a2-cf71-c0ab-d7c17de081de@uni-bremen.de
Toggle quote (9 lines)
> Yes, this is annoying. I think --substitute-urls (plural) was
> misguided. Instead we should instead have --substitute-url (singular),
> which could be repeated several times. That would solve the troubles
> with spaces.
>
> During a transition period we could keep accepting --substitute-urls.
>
> WDYT?

Sounds good.

--
GPG: 7FDE 7190 2F73 2C50 236E 403D CC13 48F1 E644 08EC
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 29814@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 29814
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch