build: Default to "https://mirror.hydra.gnu.org/" for substitutes.

* config-daemon.ac: Check for (gnutls) and define 'GUIX_SUBSTITUTE_URLS'.
* nix/nix-daemon/guix-daemon.cc (main): Use GUIX_SUBSTITUTE_URLS.
* guix/store.scm (%default-substitute-urls): Use 'https' when (gnutls)
is available.
* doc/guix.texi (Binary Installation): Mention mirrors
(Invoking guix-daemon): Mention mirror.hydra.gnu.org.
(Substitutes): Mention mirrors.
(Invoking guix archive): Show https URLs.
This commit is contained in:
Ludovic Courtès 2016-03-16 10:35:24 +01:00
parent 409e4ac6e3
commit df061d079b
4 changed files with 31 additions and 11 deletions

View file

@ -110,6 +110,20 @@ if test "x$guix_build_daemon" = "xyes"; then
dnl Check for <linux/fs.h> (for immutable file support). dnl Check for <linux/fs.h> (for immutable file support).
AC_CHECK_HEADERS([linux/fs.h]) AC_CHECK_HEADERS([linux/fs.h])
dnl Determine the appropriate default list of substitute URLs.
GUILE_MODULE_AVAILABLE([have_gnutls], [(gnutls)])
if test "x$have_gnutls" = "xyes"; then
guix_substitute_urls="https://mirror.hydra.gnu.org https://hydra.gnu.org"
else
AC_MSG_WARN([GnuTLS is missing, substitutes will be downloaded in the clear])
guix_substitute_urls="http://mirror.hydra.gnu.org http://hydra.gnu.org"
fi
AC_MSG_CHECKING([for default substitute URLs])
AC_MSG_RESULT([$guix_substitute_urls])
AC_DEFINE_UNQUOTED([GUIX_SUBSTITUTE_URLS], ["$guix_substitute_urls"],
[Default list of substitute URLs used by 'guix-daemon'.])
dnl Check whether the 'offload' build hook can be built (uses dnl Check whether the 'offload' build hook can be built (uses
dnl 'restore-file-set', which requires unbuffered custom binary input dnl 'restore-file-set', which requires unbuffered custom binary input
dnl ports from Guile >= 2.0.10.) dnl ports from Guile >= 2.0.10.)

View file

@ -448,8 +448,8 @@ Directories,,, texinfo, GNU Texinfo}, for more details on changing the
Info search path.) Info search path.)
@item @item
To use substitutes from @code{hydra.gnu.org} (@pxref{Substitutes}), To use substitutes from @code{hydra.gnu.org} or one of its mirrors
authorize them: (@pxref{Substitutes}), authorize them:
@example @example
# guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub # guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub
@ -912,8 +912,9 @@ remote procedure call (@pxref{The Store}).
@item --substitute-urls=@var{urls} @item --substitute-urls=@var{urls}
@anchor{daemon-substitute-urls} @anchor{daemon-substitute-urls}
Consider @var{urls} the default whitespace-separated list of substitute Consider @var{urls} the default whitespace-separated list of substitute
source URLs. When this option is omitted, @indicateurl{http://hydra.gnu.org} source URLs. When this option is omitted,
is used. @indicateurl{https://mirror.hydra.gnu.org https://hydra.gnu.org} is used
(@code{mirror.hydra.gnu.org} is a mirror of @code{hydra.gnu.org}).
This means that substitutes may be downloaded from @var{urls}, as long This means that substitutes may be downloaded from @var{urls}, as long
as they are signed by a trusted signature (@pxref{Substitutes}). as they are signed by a trusted signature (@pxref{Substitutes}).
@ -1730,7 +1731,8 @@ your system has unpatched security vulnerabilities.
@cindex security @cindex security
@cindex digital signatures @cindex digital signatures
To allow Guix to download substitutes from @code{hydra.gnu.org}, you To allow Guix to download substitutes from @code{hydra.gnu.org} or a
mirror thereof, you
must add its public key to the access control list (ACL) of archive must add its public key to the access control list (ACL) of archive
imports, using the @command{guix archive} command (@pxref{Invoking guix imports, using the @command{guix archive} command (@pxref{Invoking guix
archive}). Doing so implies that you trust @code{hydra.gnu.org} to not archive}). Doing so implies that you trust @code{hydra.gnu.org} to not
@ -2199,7 +2201,7 @@ served by @code{hydra.gnu.org} to @file{/tmp/emacs}:
@example @example
$ wget -O - \ $ wget -O - \
http://hydra.gnu.org/nar/@dots{}-emacs-24.5 \ https://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
| bunzip2 | guix archive -x /tmp/emacs | bunzip2 | guix archive -x /tmp/emacs
@end example @end example
@ -4294,7 +4296,7 @@ but you are actually on an @code{x86_64} machine:
@example @example
$ guix build --log-file gdb -s mips64el-linux $ guix build --log-file gdb -s mips64el-linux
http://hydra.gnu.org/log/@dots{}-gdb-7.10 https://hydra.gnu.org/log/@dots{}-gdb-7.10
@end example @end example
You can freely access a huge library of build logs! You can freely access a huge library of build logs!

View file

@ -504,8 +504,12 @@ (define %stderr-error #x63787470) ; "cxtp", error reporting
(status k)))))))) (status k))))))))
(define %default-substitute-urls (define %default-substitute-urls
;; Default list of substituters. ;; Default list of substituters. This is *not* the list used by
'("http://hydra.gnu.org")) ;; 'guix-daemon', and few clients use it ('guix build --log-file' uses it.)
(map (if (false-if-exception (resolve-interface '(gnutls)))
(cut string-append "https://" <>)
(cut string-append "http://" <>))
'("hydra.gnu.org")))
(define* (set-build-options server (define* (set-build-options server
#:key keep-failed? keep-going? fallback? #:key keep-failed? keep-going? fallback?

View file

@ -1,5 +1,5 @@
/* GNU Guix --- Functional package management for GNU /* GNU Guix --- Functional package management for GNU
Copyright (C) 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> Copyright (C) 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
This file is part of GNU Guix. This file is part of GNU Guix.
@ -327,7 +327,7 @@ main (int argc, char *argv[])
settings.set ("build-use-substitutes", "true"); settings.set ("build-use-substitutes", "true");
/* Use our substitute server by default. */ /* Use our substitute server by default. */
settings.set ("substitute-urls", "http://hydra.gnu.org"); settings.set ("substitute-urls", GUIX_SUBSTITUTE_URLS);
#ifdef HAVE_DAEMON_OFFLOAD_HOOK #ifdef HAVE_DAEMON_OFFLOAD_HOOK
/* Use our build hook for distributed builds by default. */ /* Use our build hook for distributed builds by default. */