[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Struggling with a caching substitute server
From: |
Ludovic Courtès |
Subject: |
Re: Struggling with a caching substitute server |
Date: |
Tue, 05 Apr 2016 11:29:05 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Pjotr Prins <address@hidden> skribis:
> On Mon, Apr 04, 2016 at 11:04:12PM +0200, Ludovic Courtès wrote:
>> Did you authorize the singing key of that server?
>
> That fixed it. I had switched clients forgetting about this one. Would
> it be possible to generate a warning for using a (1) URL where guix
> publish server is not reached and (2) where the client is not
> authorized? Silent failure just has the user guessing.
My initial thoughts was that this is not a failure, so not something to
warn about. Indeed, at any time the admin can change the ACL, which in
turn makes substitutes available or not.
Besides, signatures are per substitute, so a warning would have to be
generated for each substitute that is signed by an unauthorized
signature, I think. Like this:
diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm
index 82ce069..fdd72b2 100755
--- a/guix/scripts/substitute.scm
+++ b/guix/scripts/substitute.scm
@@ -412,7 +412,9 @@ or is signed by an unauthorized key."
(and hash signature
(signature-case (signature hash acl)
(valid-signature #t)
- (else #f))))))
+ (else
+ (warning (_ "bad sig!~%"))
+ #f))))))
(define (write-narinfo narinfo port)
"Write NARINFO to PORT."
This would obviously be suboptimal.
Any suggestions?
Ludo’.