02/03: hydra: Neaten up handling of the bordeaux related machines keys.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/03: hydra: Neaten up handling of the bordeaux related machines keys.

From:	Christopher Baines
Subject:	02/03: hydra: Neaten up handling of the bordeaux related machines keys.
Date:	Wed, 2 Mar 2022 14:13:57 -0500 (EST)

cbaines pushed a commit to branch master
in repository maintenance.

commit b1eb3620af29efbf028ebd5c4af40db784f8e327
Author: Christopher Baines <mail@cbaines.net>
AuthorDate: Wed Mar 2 18:58:02 2022 +0000

    hydra: Neaten up handling of the bordeaux related machines keys.
    
    It's better if the machines building things for bordeaux.guix.gnu.org
    just use substitutes from bordeaux.guix.gnu.org, since then build
    results from elsewhere won't leak in. I think this is already pretty
    much the case, but to make the configuration more explicit, set the
    authorized-keys to what the minimal set, just bordeaux.guix.gnu.org
    for fetching built things, and data.guix.gnu.org for fetching
    derivations.
    
    As part of this, I've renamed bayfront.guix.info-export.pub to the up
    to date name.
    
    * hydra/keys/guix/bayfront.guix.info-export.pub: Rename to
    hydra/keys/guix/bordeaux.guix.gnu.org-export.pub.
    * hydra/harbourfront.scm <authorized-keys>: Set explicitly.
    * hydra/hatysa.scm <authorized-keys>: Set explicitly.
    * hydra/milano-guix-1.scm (%authorized-guix-keys): Remove.
    <authorized-keys>: Set explicitly.
    * hydra/monokuma.scm <authorized-keys>: Use local-file for the
    bordeaux key.
---
 hydra/bayfront.scm                                          |  3 +--
 hydra/harbourfront.scm                                      |  7 +++----
 hydra/hatysa.scm                                            |  7 +++----
 ...uix.info-export.pub => bordeaux.guix.gnu.org-export.pub} |  4 ++--
 hydra/milano-guix-1.scm                                     | 13 +++----------
 hydra/monokuma.scm                                          |  5 ++---
 6 files changed, 14 insertions(+), 25 deletions(-)

diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index 16a1241..d96d8fd 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -1080,8 +1080,7 @@ access_log  /var/log/nginx/bordeaux.access.log;"))
                     '("https://bordeaux.guix.gnu.org";))
                    (authorized-keys
                     (cons*
-                     (local-file "keys/guix/bayfront.guix.info-export.pub")
-                     ;; for substituting derivations
+                     (local-file "keys/guix/bordeaux.guix.gnu.org-export.pub")
                      (local-file "keys/guix/data.guix.gnu.org.pub")
                      %build-node-keys))
 
diff --git a/hydra/harbourfront.scm b/hydra/harbourfront.scm
index 9029cb0..6a2e2cc 100644
--- a/hydra/harbourfront.scm
+++ b/hydra/harbourfront.scm
@@ -103,7 +103,6 @@
                                          (timeout (* 48 3600))
 
                                          (authorized-keys
-                                          (cons*
-                                           ;; for substituting derivations
-                                           (local-file 
"keys/guix/data.guix.gnu.org.pub")
-                                           
%default-authorized-guix-keys))))))))
+                                          (list
+                                           (local-file 
"keys/guix/bordeaux.guix.gnu.org-export.pub")
+                                           (local-file 
"keys/guix/data.guix.gnu.org.pub")))))))))
diff --git a/hydra/hatysa.scm b/hydra/hatysa.scm
index 8021c83..8346546 100644
--- a/hydra/hatysa.scm
+++ b/hydra/hatysa.scm
@@ -183,7 +183,6 @@
                         (build-accounts 32)
 
                         (authorized-keys
-                         (cons*
-                          ;; for substituting derivations
-                          (local-file "keys/guix/data.guix.gnu.org.pub")
-                          %default-authorized-guix-keys))))))))
+                         (list
+                          (local-file 
"keys/guix/bordeaux.guix.gnu.org-export.pub")
+                          (local-file 
"keys/guix/data.guix.gnu.org.pub")))))))))
diff --git a/hydra/keys/guix/bayfront.guix.info-export.pub 
b/hydra/keys/guix/bordeaux.guix.gnu.org-export.pub
similarity index 83%
rename from hydra/keys/guix/bayfront.guix.info-export.pub
rename to hydra/keys/guix/bordeaux.guix.gnu.org-export.pub
index 0092301..67085c4 100644
--- a/hydra/keys/guix/bayfront.guix.info-export.pub
+++ b/hydra/keys/guix/bordeaux.guix.gnu.org-export.pub
@@ -1,5 +1,5 @@
-(public-key 
- (ecc 
+(public-key
+ (ecc
   (curve Ed25519)
   (q #7D602902D3A2DBB83F8A0FB98602A754C5493B0B778C8D1DD4E0F41DE14DE34F#)
   )
diff --git a/hydra/milano-guix-1.scm b/hydra/milano-guix-1.scm
index 616aefe..2b9898a 100644
--- a/hydra/milano-guix-1.scm
+++ b/hydra/milano-guix-1.scm
@@ -34,11 +34,6 @@
         (sysadmin "degrees380" "Giovanni Biscuolo")
         (sysadmin "atrent" "Andrea Trentini")))
 
-(define %authorized-guix-keys
-  ;; List of authorized 'guix archive' keys.
-  (list (local-file "keys/guix/berlin.guixsd.org-export.pub")
-        (local-file "keys/guix/bayfront.guix.info-export.pub")))
-
 (define gc-job
   ;; Run 'guix gc' at 3AM every day.
   #~(job '(next-hour '(3)) "guix gc -F 350G"))
@@ -164,8 +159,6 @@
                          (extra-options '("--cores=16"))
 
                          (authorized-keys
-                          (cons*
-                           (local-file 
"keys/guix/bayfront.guix.info-export.pub")
-                           ;; for substituting derivations
-                           (local-file "keys/guix/data.guix.gnu.org.pub")
-                           %authorized-guix-keys))))))))
+                          (list
+                           (local-file 
"keys/guix/bordeaux.guix.gnu.org-export.pub")
+                           (local-file 
"keys/guix/data.guix.gnu.org.pub")))))))))
diff --git a/hydra/monokuma.scm b/hydra/monokuma.scm
index a56043f..0fc2ebc 100644
--- a/hydra/monokuma.scm
+++ b/hydra/monokuma.scm
@@ -116,9 +116,8 @@
 
                                  (authorized-keys
                                   (list
-                                   (file-append
-                                    guix 
"/share/guix/bordeaux.guix.gnu.org.pub")
-                                   ;; for substituting derivations
+                                   (local-file
+                                    
"keys/guix/bordeaux.guix.gnu.org-export.pub")
                                    (local-file 
"keys/guix/data.guix.gnu.org.pub")))
                                  (extra-options
                                   '("--max-jobs=4")))))))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (dfff660 -> 48c3c01), Christopher Baines, 2022/03/02
- 02/03: hydra: Neaten up handling of the bordeaux related machines keys., Christopher Baines <=
- 03/03: hydra: Enable data.qa.guix. substitutes for bordeaux build machines., Christopher Baines, 2022/03/02
- 01/03: hydra: dns: Fix entry for data.qa., Christopher Baines, 2022/03/02

Prev by Date: branch master updated (dfff660 -> 48c3c01)
Next by Date: 03/03: hydra: Enable data.qa.guix. substitutes for bordeaux build machines.
Previous by thread: branch master updated (dfff660 -> 48c3c01)
Next by thread: 03/03: hydra: Enable data.qa.guix. substitutes for bordeaux build machines.
Index(es):
- Date
- Thread