[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#29814: impossible to pass spaces in GUIX_BUILD_OPTIONS
|
From: |
Ludovic Courtès |
|
Subject: |
bug#29814: impossible to pass spaces in GUIX_BUILD_OPTIONS |
|
Date: |
Sat, 23 Dec 2017 15:14:40 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
Mark H Weaver <address@hidden> skribis:
> address@hidden (Ludovic Courtès) writes:
[...]
>> Yes, this is annoying. I think --substitute-urls (plural) was
>> misguided. Instead we should instead have --substitute-url (singular),
>> which could be repeated several times. That would solve the troubles
>> with spaces.
>>
>> During a transition period we could keep accepting --substitute-urls.
>
> I require a way to clear the list of substitute urls, because last I
> checked --no-substitutes doesn't fully inhibit use of the substitute
> servers. For example, I found that when grafting, substitute servers
> were queried even when --no-substitutes is passed to the daemon. I
> guess that's to determine the set of references found in the build
> outputs, to optimize the grafting process. However, a compromised
> substitute server (or a man-in-the-middle in possession of our signing
> key) could send me the wrong set of references, and thus cause my system
> to perform incomplete grafts, with some dependencies omitted from the
> list of rewrites.
AFAIK when ‘guix-daemon --no-substitutes’ is running what you describe
is impossible. If the impossible happens, could you report a bug?
> My current method to avoid trusting the substitute servers is to pass
> both --no-substitutes and --substitute-urls "" to the daemon. If we
> deprecate the use of --substitute-urls, how will I clear the list?
Normally, both for the daemon and for clients, --no-substitutes should
achieve what you want. If not, we should really fix it.
Thanks,
Ludo’.