[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Downloading Guix packages via Tor
From: |
panic |
Subject: |
Downloading Guix packages via Tor |
Date: |
Sun, 17 Jan 2016 23:56:02 +0000 |
Hi,
I'm trying to get myself familiar with Guix and built guix-0.9.0 on a
Debian stable machine (only guile-json is fetched from testing).
I try to do all internet communication through Tor: DNS/port 53 outgoing
and network accesses of non-`debian-tor'-users are rejected on purpose
(like in Tails which is based on Debian).
This makes programs fail when they are not (yet) configured for Tor, so
is Guix:
(0)
During the `make' step, a bootstrap `guile-2.0.9' or `guile-2.0.11' is
downloaded for several architectures (i686, x86_64, armhf, mipsel).
o What is this needed for? guile-2.0.11 is already installed from
Debian stable?
o IMHO a `make' should not download files.
o I could only observe the xz-files to be downloaded but not the
GPG signatures. Is the file's integrity checked somehow?
o If these files are crucial, I'd prefer the `make' to stop and tell
me how to manually download & verify these files.
(1)
Is it possible to proxy downloads by Guix through Tor?
I saw reports that it is apparently possible to set the http_proxy
environment variable and then it is used by Guix. Is it also possible
to define socks_proxy?
(2)
What is the current state of checking signatures of source tarballs or
git commits/tags?
(thread to the same topic:
https://lists.gnu.org/archive/html/guix-devel/2015-10/msg00115.html)
-- panic
- Downloading Guix packages via Tor,
panic <=