Am Montag, dem 24.02.2025 um 19:10 +0000 schrieb Morgan Arnold: > This commit prevents Guix substitute servers from distributing > binaries which are marked non-substitutable. This prevents substitute > servers from accidentally committing copyright violations by > distributing binaries which are non-substitutable for copyright > reasons. > > Change-Id: Iaca81f5bdb430a12a3ad41e9b83e0bcc535af607 > --- > guix/scripts/publish.scm | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm > index a000c559a7..f736cf3068 100644 > --- a/guix/scripts/publish.scm > +++ b/guix/scripts/publish.scm > @@ -61,6 +61,7 @@ (define-module (guix scripts publish) > #:use-module (guix cache) > #:use-module (guix ui) > #:use-module (guix scripts) > + #:use-module (guix derivations) > #:use-module ((guix utils) > #:select (with-atomic-file-output compressed-file?)) > #:use-module ((guix build utils) > @@ -696,11 +697,15 @@ (define* (bake-narinfo+nar cache item > (define* (render-nar store request store-item > #:key (compression %no-compression)) > "Render archive of the store path corresponding to STORE-ITEM." > - (let ((store-path (string-append %store-directory "/" store- > item))) > + (let* ((store-path (string-append %store-directory "/" store- > item)) > + (substitutable-store-item? (every substitutable-derivation? > + (map read-derivation- > from-file > + (valid-derivers > store > + > store-path))))) > ;; The ISO-8859-1 charset *must* be used otherwise HTTP clients > will > ;; interpret the byte stream as UTF-8 and arbitrarily change > invalid byte > ;; sequences. > - (if (valid-path? store store-path) > + (if ((and substitutable-store-item? valid-path?) store store- > path) This should probably be (and substitutable-store-item? (valid-path? store store-path))
Cheers
