emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#17122: closed (More problems with --no-substitutes


From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#17122: closed (More problems with --no-substitutes)
Date: Mon, 31 Mar 2014 23:01:01 +0000

Your message dated Mon, 31 Mar 2014 18:59:22 -0400
with message-id <address@hidden>
and subject line Re: bug#17122: More problems with --no-substitutes
has caused the debbugs.gnu.org bug report #17122,
regarding More problems with --no-substitutes
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
17122: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17122
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: More problems with --no-substitutes Date: Thu, 27 Mar 2014 12:12:30 -0400
This just happened to me on core-updates, on my YeeLoong:

--8<---------------cut here---------------start------------->8---
mhw:~/guix-core-updates$ ./pre-inst-env guix build -S expect lua zip pth bazaar 
ocaml
substitute-binary: Backtrace:
substitute-binary: In ice-9/boot-9.scm:
substitute-binary:  157: 0 [catch #t #<catch-closure 107fb4f0> ...]
substitute-binary: 
substitute-binary: ice-9/boot-9.scm:157:17: In procedure catch:
substitute-binary: ice-9/boot-9.scm:157:17: In procedure system-async-mark: 
thread has already exited
  C-c C-c
--8<---------------cut here---------------end--------------->8---

No doubt, the "system-async-mark: thread has already exited" is a
problem, but that's not what bothers me.

What disturbs me the most is that 'substitute-binary' is being called at
all.  I'm 100% certain that I passed '--no-substitutes' to guix-daemon.
I use a script to start guix-daemon with the options I prefer, to avoid
mistakes.  I also just checked with 'ps', and indeed '--no-substitutes'
is there on the command line.

It's very important to me to trust that guix-daemon will not accept
binaries from the internet, even if there's a man-in-the-middle that
pretends to be hydra.gnu.org with mips64el binaries for me.

I'm surprised and concerned that we seem to be having so much trouble
making '--no-substitutes' work reliably.  How hard can it be?

Until we get this straightened out, what's the most reliable way for me
to hack the code to ensure that substitutes cannot work, ever?

     Mark



--- End Message ---
--- Begin Message --- Subject: Re: bug#17122: More problems with --no-substitutes Date: Mon, 31 Mar 2014 18:59:22 -0400 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
address@hidden (Ludovic Courtès) writes:

> Mark H Weaver <address@hidden> skribis:
>
>> What disturbs me the most is that 'substitute-binary' is being called at
>> all.  I'm 100% certain that I passed '--no-substitutes' to guix-daemon.
>> I use a script to start guix-daemon with the options I prefer, to avoid
>> mistakes.  I also just checked with 'ps', and indeed '--no-substitutes'
>> is there on the command line.
>
> Can you check with current master?  (See in particular commits 968e84a
> and c9e2b0b.)  Does tests/guix-daemon.sh pass?

Yes, it does.

I also hacked 'guix-substitute-binary' to unconditionally raise an error
as soon as it is called (a local patch I intend to keep indefinitely).

Before your recent commits, 'guix-substitute-binary' was always being
called by 'guix build' (unless --no-substitutes was passed to it), but
that seems to be fixed now.  Thanks.

>> I'm surprised and concerned that we seem to be having so much trouble
>> making '--no-substitutes' work reliably.  How hard can it be?
>
> The issue is that guix-daemon.cc glues into Nix’s code, and Nix changed
> the way it handles substituter settings in the last update.

Ah, okay.  I wish this wasn't so fragile, but the new test case you
added helps, as does my hack to raise an error if the substituter is
called, which will immediately alert me to any similar problems in the
future.

> Specifically, in Nix commit dcaea042, the Settings::update method is
> made to re-read $NIX_SUBSTITUTERS:
> <https://github.com/NixOS/nix/commit/dcaea042fc895667bf6f529471ff9f449629774c>;
> then in Guix commit 89faa5c I adjusted guix-daemon.cc accordingly, but
> inadvertently removed the ‘if’ branch that clears the substituter list.
>
> Commit c9e2b0b augments tests/guix-daemon.sh to test guix-daemon
> --no-substitutes.

Thanks very much!  I'm closing this bug now.

     Mark


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]