[PATCH] guix-install.sh: Authorize all project build farms at once.

OpenSubmitted by Tobias Geerinckx-Rice.
Details
2 participants
  • Maxim Cournoyer
  • Tobias Geerinckx-Rice
Owner
unassigned
Severity
normal
T
T
Tobias Geerinckx-Rice wrote on 29 Sep 2021 17:43
(address . guix-patches@gnu.org)
20210929154310.25788-1-me@tobias.gr
* etc/guix-install.sh (sys_authorize_build_farms):
Iterate over all hosts.
---
etc/guix-install.sh | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)

Toggle diff (82 lines)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index b0d4a8b95e..e3b8485a50 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -1,21 +1,21 @@
 #!/bin/sh
 # GNU Guix --- Functional package management for GNU
 # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
 # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
-# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
+# Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
 # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
 # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
 # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
 # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
 # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 #
 # This file is part of GNU Guix.
 #
 # GNU Guix is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 3 of the License, or (at
 # your option) any later version.
 #
 # GNU Guix is distributed in the hope that it will be useful, but
@@ -476,38 +476,45 @@ sys_enable_guix_daemon()
             ;;
     esac
 
     _msg "${INF}making the guix command available to other users"
 
     [ -e "$local_bin" ] || mkdir -p "$local_bin"
     ln -sf "${var_guix}/bin/guix"  "$local_bin"
 
     [ -e "$info_path" ] || mkdir -p "$info_path"
     for i in "${var_guix}"/share/info/*; do
         ln -sf "$i" "$info_path"
     done
 }
 
 sys_authorize_build_farms()
-{ # authorize the public key of the build farm
+{ # authorize the public key(s) of the build farm(s)
+    local hosts=(
+	ci.guix.gnu.org
+	bordeaux.guix.gnu.org
+    )
+
     if prompt_yes_no "Permit downloading pre-built package binaries from the \
-project's build farm? (yes/no)"; then
-        guix archive --authorize \
-             < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
-            && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
-        else
-            _msg "${INF}Skipped authorizing build farm public keys"
+project's build farms? (yes/no)"; then
+        for host in "${hosts[@]}"; do
+            guix archive --authorize \
+                 < "~root/.config/guix/current/share/guix/$host.pub" \
+                && _msg "${PAS}Authorized public key for $host"
+        done
+    else
+        _msg "${INF}Skipped authorizing build farm public keys"
     fi
 }
 
 sys_create_init_profile()
 { # Define for better desktop integration
   # This will not take effect until the next shell or desktop session!
     [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
     cat <<"EOF" > /etc/profile.d/guix.sh
 # _GUIX_PROFILE: `guix pull` profile
 _GUIX_PROFILE="$HOME/.config/guix/current"
 export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
 # Export INFOPATH so that the updated info pages can be found
 # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
 # When INFOPATH is unset, add a trailing colon so that Emacs
 # searches 'Info-default-directory-list'.
-- 
2.33.0
T
T
Tobias Geerinckx-Rice wrote on 29 Sep 2021 18:49
87tui31g2y.fsf@nckx
Tobias Geerinckx-Rice via Guix-patches via 写道:
Toggle quote (3 lines)
> + <
> "~root/.config/guix/current/share/guix/$host.pub" \

This file is missing for bordeaux in the 1.3.0 release, so this
would have to wait until the next one…

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYVSZVQ0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW157tIA/0NxtSi4/HOdtPht4P1YlTT4Op2MNXxktdEnqIh5
Px2tAP9VpcX2WZLsrqN6g7CdCL9beI10dRgzWW3FpDqkI/RaAQ==
=ppGb
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 29 Sep 2021 18:51
Re: bug#50892: [PATCH] guix-install.sh: Authorize all project build farms at once.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 50892@debbugs.gnu.org)
87r1d71g1w.fsf@gmail.com
Tobias Geerinckx-Rice <me@tobias.gr> writes:

Toggle quote (87 lines)
> * etc/guix-install.sh (sys_authorize_build_farms):
> Iterate over all hosts.
> ---
> etc/guix-install.sh | 23 +++++++++++++++--------
> 1 file changed, 15 insertions(+), 8 deletions(-)
>
> diff --git a/etc/guix-install.sh b/etc/guix-install.sh
> index b0d4a8b95e..e3b8485a50 100755
> --- a/etc/guix-install.sh
> +++ b/etc/guix-install.sh
> @@ -1,21 +1,21 @@
> #!/bin/sh
> # GNU Guix --- Functional package management for GNU
> # Copyright © 2017 sharlatan <sharlatanus@gmail.com>
> # Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
> # Copyright © 2018 Efraim Flashner <efraim@flashner.co.il>
> -# Copyright © 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
> +# Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
> # Copyright © 2020 Morgan Smith <Morgan.J.Smith@outlook.com>
> # Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
> # Copyright © 2020 Daniel Brooks <db48x@db48x.net>
> # Copyright © 2021 Jakub Kądziołka <kuba@kadziolka.net>
> # Copyright © 2021 Chris Marusich <cmmarusich@gmail.com>
> # Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
> #
> # This file is part of GNU Guix.
> #
> # GNU Guix is free software; you can redistribute it and/or modify it
> # under the terms of the GNU General Public License as published by
> # the Free Software Foundation; either version 3 of the License, or (at
> # your option) any later version.
> #
> # GNU Guix is distributed in the hope that it will be useful, but
> @@ -476,38 +476,45 @@ sys_enable_guix_daemon()
> ;;
> esac
>
> _msg "${INF}making the guix command available to other users"
>
> [ -e "$local_bin" ] || mkdir -p "$local_bin"
> ln -sf "${var_guix}/bin/guix" "$local_bin"
>
> [ -e "$info_path" ] || mkdir -p "$info_path"
> for i in "${var_guix}"/share/info/*; do
> ln -sf "$i" "$info_path"
> done
> }
>
> sys_authorize_build_farms()
> -{ # authorize the public key of the build farm
> +{ # authorize the public key(s) of the build farm(s)
> + local hosts=(
> + ci.guix.gnu.org
> + bordeaux.guix.gnu.org
> + )
> +
> if prompt_yes_no "Permit downloading pre-built package binaries from the \
> -project's build farm? (yes/no)"; then
> - guix archive --authorize \
> - < "~root/.config/guix/current/share/guix/ci.guix.gnu.org.pub" \
> - && _msg "${PAS}Authorized public key for ci.guix.gnu.org"
> - else
> - _msg "${INF}Skipped authorizing build farm public keys"
> +project's build farms? (yes/no)"; then
> + for host in "${hosts[@]}"; do
> + guix archive --authorize \
> + < "~root/.config/guix/current/share/guix/$host.pub" \
> + && _msg "${PAS}Authorized public key for $host"
> + done
> + else
> + _msg "${INF}Skipped authorizing build farm public keys"
> fi
> }
>
> sys_create_init_profile()
> { # Define for better desktop integration
> # This will not take effect until the next shell or desktop session!
> [ -d "/etc/profile.d" ] || mkdir /etc/profile.d # Just in case
> cat <<"EOF" > /etc/profile.d/guix.sh
> # _GUIX_PROFILE: `guix pull` profile
> _GUIX_PROFILE="$HOME/.config/guix/current"
> export PATH="$_GUIX_PROFILE/bin${PATH:+:}$PATH"
> # Export INFOPATH so that the updated info pages can be found
> # and read by both /usr/bin/info and/or $GUIX_PROFILE/bin/info
> # When INFOPATH is unset, add a trailing colon so that Emacs
> # searches 'Info-default-directory-list'.

Tested on a VM:

./guix-install.sh: line 500: ~root/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub: No such file or directory
root@ubuntu:~# echo $?
1

I think we should fetch the keys from our online repo, so we can ensure

1. they are available
2. they are up to date.

Thanks!

Maxim
?