bug#58036: kernel module not found "pata_acpi" in linux-libre-5.19.10

[Maxim Cournoyer]

Hello,

While attempting to reconfigure the overdrive1 aarch64 machine, I got:

--8<---cut here---start->8---
substitute: ^Msubstitute: ESC[Kupdating substitutes from 
'https://ci.guix.gnu.org'...   0.0%^Msubstitute: ESC[Kupdating substitutes from 
'https://ci.guix.gnu.org'... 100.0%
@ build-started /gnu/store/x9qdj37d6l2yacc73bx284ggj6vkhcdv-linux-modules.drv - 
aarch64-linux 
/var/log/guix/drvs/x9//qdj37d6l2yacc73bx284ggj6vkhcdv-linux-modules.drv.gz 31574
Backtrace:
In ice-9/eval.scm:
619:8 19 (_ #f)
   626:19 18 (_ #)
   293:34 17 (_ #(# #))
In srfi/srfi-1.scm:
   586:29 16 (map1 _)
   586:29 15 (map1 _)
   586:29 14 (map1 _)
   586:29 13 (map1 _)
   586:29 12 (map1 _)
   586:29 11 (map1 _)
   586:29 10 (map1 _)
   586:29  9 (map1 _)
   586:29  8 (map1 _)
   586:29  7 (map1 _)
   586:29  6 (map1 _)
   586:29  5 (map1 _)
   586:29  4 (map1 _)
   586:29  3 (map1 _)
   586:29  2 (map1 _)
   586:17  1 (map1 ("pata_acpi" "pata_atiixp" "isci" "virtio_pci" # ?))
In gnu/build/linux-modules.scm:
257:5  0 (_)

gnu/build/linux-modules.scm:257:5: kernel module not found "pata_acpi" 
"/gnu/store/nmdy7c4i34y12w8af7zl6sl9fmrp8wa0-linux-libre-5.19.10/lib/modules"
builder for `/gnu/store/x9qdj37d6l2yacc73bx284ggj6vkhcdv-linux-modules.drv' 
failed with exit code 1
@ build-failed /gnu/store/x9qdj37d6l2yacc73bx284ggj6vkhcdv-linux-modules.drv - 
1 builder for `/gnu/store/x9qdj37d6l2yacc73bx284ggj6vkhcdv-linux-modules.drv' 
failed with exit code 1
/var/log/guix/drvs/x9/qdj37d6l2yacc73bx284ggj6vkhcdv-linux-modules.drv (END
--8<---cut here---end--->8---

this is with commit 35e8615d387b6630006ccd8c3420154dab93b95a.

Thanks,

Maxim

bug#57922: Shepherd doesn't seem to correctly handle waitpid itself

[Maxim Cournoyer]

reopen 57922
tags 57922 -notabug
thanks

Hi again,

[...]

>>> Here's a small reproducer to apply on our code base:
>>>
>>> --8<---cut here---start->8---
>>> modified   gnu/services/telephony.scm
>>> @@ -685,13 +685,7 @@ (define (archive-name->username archive)
>>>
>>>  ;; Finally, return the PID of the daemon process.
>>>  daemon-pid))
>>> -   (stop
>>> -#~(lambda (pid . args)
>>> -(kill pid SIGKILL)
>>> -;; Wait for the process to exit; this prevents 
>>> overlapping
>>> -;; processes when issuing 'herd restart'.
>>> -(waitpid pid)
>>> -#f
>>> +   (stop #~(make-kill-destructor
>
> I think the main difference between these two is that the first one uses
> SIGKILL while the second one uses SIGTERM.
>
> You could try #~(make-kill-destructor SIGKILL) to get the same effect.

> You are right, the important difference was SIGTERM vs SIGKILL.  I
> thought I had tried that.  The problem only shows itself in the
> 'jami-provisioning' system test, not the 'jami' one.

> Marking this one as notabug and closing.

I think I spoke too soon.  SIGKILL does fix the problem when *not* using
waitpid explicitly, but when using waitpid explicitly, SIGTERM can be
used just fine.  In other words, this works:

--8<---cut here---start->8---
@@ -687,7 +687,7 @@ (define (archive-name->username archive)
 daemon-pid))
(stop
 #~(lambda (pid . args)
-(kill pid SIGKILL)
+(kill pid SIGTERM)
 ;; Wait for the process to exit; this prevents overlapping
 ;; processes when issuing 'herd restart'.
 (waitpid pid)
--8<---cut here---end--->8---

but this doesn't:

--8<---cut here---start->8---
@@ -685,13 +685,7 @@ (define (archive-name->username archive)
 
 ;; Finally, return the PID of the daemon process.
 daemon-pid))
-   (stop
-#~(lambda (pid . args)
-(kill pid SIGKILL)
-;; Wait for the process to exit; this prevents overlapping
-;; processes when issuing 'herd restart'.
-(waitpid pid)
-#f
+   (stop #~(make-kill-destructor
 
 (define jami-service-type
--8<---cut here---end--->8---

when exercised with 'make check-system TESTS=jami-provisioning':

--8<---cut here---start->8---
This is the GNU system.  Welcome.
jami login: Jami Daemon 13.4.0, by Savoir-faire Linux 2004-2019
https://jami.net/
[Video support enabled]
[Plugins support enabled]

23:29:05.375 os_core_unix.c !pjlib 2.12.1 for POSIX initialized
shepherd: Service jami has been stopped.
Caught signal Terminated, terminating...

Some deprecated features have been used.  Set the environment
variable GUILE_WARN_DEPRECATED to "detailed" and rerun the
program to get more information.  Set it to "no" to suppress
this message.
Jami Daemon 13.4.0, by Savoir-faire Linux 2004-2019
https://jami.net/
[Video support enabled]
[Plugins support enabled]

One does not simply initialize the client: Another daemon is detected
/gnu/store/2vcv1fyqfyym2zcyf5bvbj1pcgbcc515-shepherd-marionette.scm:1:1718: 
ERROR:
  1. :
  service: jami
  action: start
  key: misc-error
  args: (#f "~A ~S ~S ~S" (dbus "method failed with error" 
"org.freedesktop.DBus.Error.NoReply" ("Message recipient disconnected from 
message bus without replying")) #f)
--8<---cut here---end--->8---
  
or manually through the test VM:

--8<---cut here---start->8---
$(./pre-inst-env guix system vm --no-graphic --no-grafts --no-offload \
  -e '(@@ (gnu tests telephony) %jami-os-provisioning)')  \
  -m 1G -smp $(nproc) "-nic" user,model=virtio-net-pci,hostfwd=tcp::10022-:22
--8<---cut here---end--->8---

This leads me to believe that Shepherd does not block until the process
is actually dead to mark the process as stopped (it just waitpid on the
group pid with WNOHANG), which means it won't block if the child process
hasn't exited yet, if I'm correct.

When we are in the stop slot, we know for sure that the process should
terminate completely, hence it'd make sense to call 'waitpid' *without*
WNOHANG there, to avoid 'herd restart' from starting the service while
its stopped process is not done terminating.

jamid can take quite some time to terminate cleanly because of the
networking threads in the opendht library that needs to be finalized,
which is probably the 

bug#57990: Add package: python-mat2 (remove metadata from images to improve privacy)

[Chris Marusich]

Apologies for the top post.  I noticed this email and wanted to point you
to prior work, in case it proves useful:

https://issues.guix.gnu.org/31307#14

On Thu, Sep 22, 2022 at 12:24 PM Maxime Devos 
wrote:

>
>
> On 22-09-2022 13:38, Dr. Arne Babenhauserheide wrote:
> >
> > Tobias Geerinckx-Rice  writes:
> >
> >>> can I express "any version of ffmpeg"?
> >>
> >> No, this would go against the goals of Guix: packages can't depend on
> properties of the environment they'll end up in (if any).
> >
> > What’s the right way to deal with this, then? I need ffmpeg at as
> > propagated-input, but I do not want to create a conflict with a manifest
> > that just defines "ffmpeg".
>
> In one my replies, I have proposed a method that avoids propagating ffmpeg:
>
> > To avoid profile collisions when the user installed a different version
> of ffmpeg (e.g. ffmpeg@5) in their profile, could you modify the code to
> look at a /gnu/store/.../bin/ffmpeg instead?  Likewise for bubblewrap,
> gdk-pixbuf, poppler and librsvg, if feasible.
> >
> > For ffmpeg, the following function needs to be modified:
> >
> > https://0xacab.org/jvoisin/mat2/-/blob/master/libmat2/video.py#L139
> >
> > (substitute* + search-input-file can be useful).
>
> Greetings,
> Maxime.
>

bug#57978: [bug#58017] [PATCH 2/2] substitute: Retry downloading when a nar is unavailable.

[Maxime Devos]

+(test-equal "substitute, first URL has narinfo but nar is 404, both URLs 
authorized"
+  "Substitutable data."
+  (with-narinfo*
+  (string-append %narinfo "Signature: "
+ (signature-field %narinfo))
+  %main-substitute-directory
+
+(with-http-server `((200 ,(string-append %narinfo "Signature: "
+ (signature-field %narinfo)))
+(404 "Sorry, nar is missing!"))
+  (dynamic-wind
+(const #t)
+(lambda ()
+  (parameterize ((substitute-urls
+  (list (%local-url)
+(string-append "file://"
+   %main-substitute-directory
+(request-substitution (string-append (%store-prefix)
+ 
"/-foo")
+  "substitute-retrieved"))
+  (call-with-input-file "substitute-retrieved" get-string-all))
+(lambda ()
+  (false-if-exception (delete-file "substitute-retrieved")))


Shouldn't it only ignore 'file not found' (ENOENT?) exceptions?
If the exception handling is refined a bit, it becomes a bit more 
complicated, and could be simplified to (when [exists] [delete]), as 
there are no atomicity concerns.


This test, and some others, can be improved by also checking the URI. 
While currently 'with-http-server' does not support that, there are (5 
months, with the v1 having seen some reviewing and a v2 available) 
patches for that at .


That patch also _requires_ always mentioning the URI, if the cover 
letter is correct.  It also allows simplifying the use of '%local-url' a 
bit.


Greetings,
Maxime.


OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

bug#57838: failing to boot, probably due to guix gc

[Maxime Devos]

For these kind of errors, I think I've an idea what's the cause in 
.



On 15-09-2022 21:44, Attila Lendvai wrote:

dear Guixers,

on one of my installs i ran the following two commands as root:

guix gc --delete-generations=60d
guix system delete-generations 60d

i think i ran a reboot pretty soon after this, and the machine is failing to boot with 
the error "no code for module (ice-9 popen)".


How did you reboot?  Maybe whatever rebooting mechanism you use doesn't 
do 'sync' first or doesn't wait for 'sync' to complete.


To test the hypothesis that there is store corruption, could you do 
"guix gc --verify=contents" (assuming there are some old system 
generations you can boot from)?


Greetings,
Maxime.


OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

bug#58013: Can't use guix pull

[Maxime Devos]

I think I've an idea what the cause of these kind of errors are, see 
.


In the short term, the tools "guix gc --verify=contents", "guix gc 
--repair" and "guix build --repair" may be useful.


Greetings,
Maxime



OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

bug#58033: A bug in file-dynamic-info used by validate-runpath in gnu-build-system and others.

[Lukasz Olszewski]

It appears I found a bug in guix triggered by certain binary data
present in an ELF header.

While running a validate runpath phase of a build-system for a new
package that is not a part of guix I encountered unusual errors
reported for certain binary files. Those binary files RUNPATHs were
modified by patchelf by adding a colon character followed by a
/gnu/store directory folder to runpath. As far as readelf/patchelf and
ld are concerned the binary files appear to contain a valid elf header
with valid DT_DYNAMIC section.

However, something in the ELF header triggers a bug in Guix's
file-runpath / file-dynamic-info procedure that result in the
following output:
scheme@(guix-user)> (file-dynamic-info
"/gnu/store/20z595j5jas5ri3nrza5465gbxwf9kmf-python-redacted/lib/python3.9/site-packages/torch/bin/FileStoreTest")
$13 = #< soname: #f needed: ("" "" "" "" "" "" "" ""
"" "" "" "" "" "" "") rpath: () runpath: ()>
scheme@(guix-user)>

As can be seen above file-dynamic-info is unable to read the NEEDED
items, but correctly reports 8 of them. Additionally it is unable to
read the RUNPATH variable and returns an empty string. All those
values are populated in the header as shown below.

readelf -d reports the following correct DT_DYNAMIC:
[luk@archczop guix]$ readelf -d
/gnu/store/20z595j5jas5ri3nrza5465gbxwf9kmf-python-redacted/lib/python3.9/site-packages/torch/bin/FileStoreTest

Dynamic section at offset 0xfcf0 contains 40 entries:
  TagType Name/Value
 0x0001 (NEEDED) Shared library: [libtorch_cpu.so]
 0x0001 (NEEDED) Shared library:
[libgtest_main.so.1.11.0]
 0x0001 (NEEDED) Shared library: [libgtest.so.1.11.0]
 0x0001 (NEEDED) Shared library: [libpthread.so.0]
 0x0001 (NEEDED) Shared library: [libprotobuf.so.28]
 0x0001 (NEEDED) Shared library: [libc10.so]
 0x0001 (NEEDED) Shared library:
[libmkl_intel_lp64.so.2]
 0x0001 (NEEDED) Shared library:
[libmkl_gnu_thread.so.2]
 0x0001 (NEEDED) Shared library: [libmkl_core.so.2]
 0x0001 (NEEDED) Shared library: [libdl.so.2]
 0x0001 (NEEDED) Shared library: [libstdc++.so.6]
 0x0001 (NEEDED) Shared library: [libm.so.6]
 0x0001 (NEEDED) Shared library: [libgomp.so.1]
 0x0001 (NEEDED) Shared library: [libgcc_s.so.1]
 0x0001 (NEEDED) Shared library: [libc.so.6]
 0x001d (RUNPATH)Library runpath:
[$ORIGIN/../lib:/gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33/lib:/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib:/gnu/store/mbzav28sik3zr3kbw1jyh4qk3zmkh6xn-googletest-1.11.0/lib:/gnu/store/9pyydl5w9xnz1qm56sxn1zh4qny6fkxz-protobuf-3.17.3/lib:/gnu/store/fj5npv9kpsiihrzpzhdlcz5q6bax15s8-mkl-2022.1.0/lib:/gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib/lib/gcc/x86_64-unknown-linux-gnu/10.3.0/../../..:/gnu/store/janq8zcngwc7120gyj41cc2yysk7p9i5-nvidia-libs-515.65.01/lib]
 0x000c (INIT)   0x405000
 0x000d (FINI)   0x40bed4
 0x0019 (INIT_ARRAY) 0x40f6c8
 0x001b (INIT_ARRAYSZ)   16 (bytes)
 0x001a (FINI_ARRAY) 0x40f6d8
 0x001c (FINI_ARRAYSZ)   8 (bytes)
 0x0004 (HASH)   0x402210
 0x6ef5 (GNU_HASH)   0x401fa8
 0x0005 (STRTAB) 0x3ff350
 0x0006 (SYMTAB) 0x4011b0
 0x000a (STRSZ)  7769 (bytes)
 0x000b (SYMENT) 24 (bytes)
 0x0015 (DEBUG)  0x0
 0x0003 (PLTGOT) 0x41
 0x0002 (PLTRELSZ)   1680 (bytes)
 0x0014 (PLTREL) RELA
 0x0017 (JMPREL) 0x4039e0
 0x0007 (RELA)   0x403710
 0x0008 (RELASZ) 720 (bytes)
 0x0009 (RELAENT)24 (bytes)
 0x6ffe (VERNEED)0x403620
 0x6fff (VERNEEDNUM) 4
 0x6ff0 (VERSYM) 0x4034f0
 0x (NULL)   0x0

Therefore deeper analysis of what is in the binary header that
triggers the bug is required. I have a number of those binary files. I
attached the smallest one(74kB) base64 encoded to this email. It is
the binary named FileStoreTest used in the report above. If it gets
stripped from the message I'll reply by submitting it in the body of
the message.


FileStoreTest.b64
Description: Binary data

bug#58013: Can't use guix pull

[bossatossa via Bug reports for GNU Guix]

Here's the output:

Backtrace:
   3 (primitive-load "/root/.cache/guix/inferiors/tdopwqgzlr…")
In ice-9/eval.scm:
   293:34  2 (_ #)
   196:35  1 (_ #)
In ice-9/boot-9.scm:
   3330:6  0 (resolve-interface (guix ui) #:select _ #:hide _ # _ # _ …)

ice-9/boot-9.scm:3330:6: In procedure resolve-interface:
no code for module (guix ui)


zimoun  writes:

> On Fri, 23 Sept 2022 at 14:04, bossatossa  wrote:
>
>> I checked the file and it was completely empty, so i dont have anything to 
>> paste here.
>
> Maybe try:
>
>guix gc -D 
> /gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv
>
> then re-run
>
> guix time-machine --commit=aa5e0307137dd68279fc8b02ac623386208458cd \
> -- time-machine --commit=2e8b4f9bfa00489fd3acff305837a79af236e183 \
> -- help
>
>
> Cheers,
> simon

bug#57217: home-openssh-service-type creates .ssh/config with wrong permissions

[Ludovic Courtès]

Ludovic Courtès  skribis:

> To address the issue at hand, we would need to map UID 0 of the host as
> UID 0 of the guest, but I’m not sure this can be done.

I believe it cannot be done: we can only map a single UID (at least
unless/until we use subordinate UIDs.)

Back to the original problem: it only affects ‘guix home container’; so
while this is annoying, it’s not a showstopper.  WDYT?

Ludo’.

bug#58031: LibreOffice 7.3.5.2 is not reproducible

[Ludovic Courtès]

There’s a single file that differs:

--8<---cut here---start->8---
$ guix describe
Generation 228  Sep 12 2022 08:17:50(current)
  guix e3ed1d0
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: e3ed1d09f9d490eff6becd6e9cb85a4d36c48e85
$ guix challenge libreoffice
/gnu/store/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2 contents differ:
  no local build for 
'/gnu/store/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2'
  
https://ci.guix.gnu.org/nar/lzip/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2:
 1hp4dknx01s2lylf0bfagfvf04naaayrhyjbwa5l2iv0vqxdbcx8
  
https://bordeaux.guix.gnu.org/nar/lzip/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2:
 10vraihz73428z453wj7546ic98bkv3mkdr5222lg6grrfc49rp3
  differing file:
/lib/libreoffice/share/template/common/draw/bpmn.otg

1 store items were analyzed:
  - 0 (0.0%) were identical
  - 1 (100.0%) differed
  - 0 (0.0%) were inconclusive
--8<---cut here---end--->8---

It’s apparently a zip file and the difference lies in mtimes:

--8<---cut here---start->8---
$ guix challenge libreoffice --diff=diffoscope
/gnu/store/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2 contents differ:
  no local build for 
'/gnu/store/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2'
  
https://ci.guix.gnu.org/nar/lzip/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2:
 1hp4dknx01s2lylf0bfagfvf04naaayrhyjbwa5l2iv0vqxdbcx8
  
https://bordeaux.guix.gnu.org/nar/lzip/652zk4gzcnwpq90lbzvr1gk5q2p3flf7-libreoffice-7.3.5.2:
 10vraihz73428z453wj7546ic98bkv3mkdr5222lg6grrfc49rp3
 bordeaux.guix.gnu.org  125.3MiB   10.5MiB/s 00:12 
[##] 100.0%--- /tmp/guix-directory.7C81ON
+++ /tmp/guix-directory.n0WtkB
│   --- /tmp/guix-directory.7C81ON/lib
├── +++ /tmp/guix-directory.n0WtkB/lib
│ │   --- /tmp/guix-directory.7C81ON/lib/libreoffice
│ ├── +++ /tmp/guix-directory.n0WtkB/lib/libreoffice
│ │ │   --- /tmp/guix-directory.7C81ON/lib/libreoffice/share
│ │ ├── +++ /tmp/guix-directory.n0WtkB/lib/libreoffice/share
│ │ │ │   --- /tmp/guix-directory.7C81ON/lib/libreoffice/share/template
│ │ │ ├── +++ /tmp/guix-directory.n0WtkB/lib/libreoffice/share/template
│ │ │ │ │   --- /tmp/guix-directory.7C81ON/lib/libreoffice/share/template/common
│ │ │ │ ├── +++ /tmp/guix-directory.n0WtkB/lib/libreoffice/share/template/common
│ │ │ │ │ │   --- 
/tmp/guix-directory.7C81ON/lib/libreoffice/share/template/common/draw
│ │ │ │ │ ├── +++ 
/tmp/guix-directory.n0WtkB/lib/libreoffice/share/template/common/draw
│ │ │ │ │ │ │   --- 
/tmp/guix-directory.7C81ON/lib/libreoffice/share/template/common/draw/bpmn.otg
│ │ │ │ │ │ ├── +++ 
/tmp/guix-directory.n0WtkB/lib/libreoffice/share/template/common/draw/bpmn.otg
│ │ │ │ │ │ │ ├── zipinfo {}
│ │ │ │ │ │ │ │ @@ -1,8 +1,8 @@
│ │ │ │ │ │ │ │  Zip file size: 36563 bytes, number of entries: 6
│ │ │ │ │ │ │ │ --rw-r--r--  3.0 unx   52 b- stor 22-Aug-29 17:52 mimetype
│ │ │ │ │ │ │ │ --rw-r--r--  3.0 unx   281529 t- defN 22-Aug-29 17:52 
content.xml
│ │ │ │ │ │ │ │ --rw-r--r--  3.0 unx  711 t- defN 22-Aug-29 17:52 
META-INF/manifest.xml
│ │ │ │ │ │ │ │ --rw-r--r--  3.0 unx 1096 t- defN 22-Aug-29 17:52 meta.xml
│ │ │ │ │ │ │ │ --rw-r--r--  3.0 unx25395 t- defN 22-Aug-29 17:52 styles.xml
│ │ │ │ │ │ │ │ --rw-r--r--  3.0 unx 4680 b- defN 22-Aug-29 17:52 
Thumbnails/thumbnail.png
│ │ │ │ │ │ │ │ +-rw-r--r--  3.0 unx   52 b- stor 22-Aug-16 02:46 mimetype
│ │ │ │ │ │ │ │ +-rw-r--r--  3.0 unx   281529 t- defN 22-Aug-16 02:46 
content.xml
│ │ │ │ │ │ │ │ +-rw-r--r--  3.0 unx  711 t- defN 22-Aug-16 02:46 
META-INF/manifest.xml
│ │ │ │ │ │ │ │ +-rw-r--r--  3.0 unx 1096 t- defN 22-Aug-16 02:46 meta.xml
│ │ │ │ │ │ │ │ +-rw-r--r--  3.0 unx25395 t- defN 22-Aug-16 02:46 styles.xml
│ │ │ │ │ │ │ │ +-rw-r--r--  3.0 unx 4680 b- defN 22-Aug-16 02:46 
Thumbnails/thumbnail.png
│ │ │ │ │ │ │ │  6 files, 313463 bytes uncompressed, 35921 bytes compressed:  
88.5%

1 store items were analyzed:
  - 0 (0.0%) were identical
  - 1 (100.0%) differed
  - 0 (0.0%) were inconclusive
--8<---cut here---end--->8---

We could add a phase that resets timestamps in the zip file, or we could
tweak the build process that produces it.

Ludo’.

bug#57922: Shepherd doesn't seem to correctly handle waitpid itself

[Maxim Cournoyer]

tags 57922 +notabug
thanks

Hi Ludo!

Ludovic Courtès  writes:

[...]

>> What I don't understand that well is that this signal handler could be
>> installed only once when shepherd starts, right?  That way, it wouldn't
>> need to depend on specific start actions being chosen.
>
> The SIGCHLD handler is installed lazily since
> f776de04e6702e18d95152072e78c43441d3ccc3.  The rationale was discussed
> here:
>
>   https://issues.guix.gnu.org/27553
>
> That said, on GNU/Linux, SIGCHLD is actually blocked and instead we rely
> on signalfd(2).  It’s from the main even loop in shepherd.scm that the
> signal handler is called.

I had missed that, thanks for explaining.

>>> Here's a small reproducer to apply on our code base:
>>>
>>> --8<---cut here---start->8---
>>> modified   gnu/services/telephony.scm
>>> @@ -685,13 +685,7 @@ (define (archive-name->username archive)
>>>
>>>  ;; Finally, return the PID of the daemon process.
>>>  daemon-pid))
>>> -   (stop
>>> -#~(lambda (pid . args)
>>> -(kill pid SIGKILL)
>>> -;; Wait for the process to exit; this prevents 
>>> overlapping
>>> -;; processes when issuing 'herd restart'.
>>> -(waitpid pid)
>>> -#f
>>> +   (stop #~(make-kill-destructor
>
> I think the main difference between these two is that the first one uses
> SIGKILL while the second one uses SIGTERM.
>
> You could try #~(make-kill-destructor SIGKILL) to get the same effect.

You are right, the important difference was SIGTERM vs SIGKILL.  I
thought I had tried that.  The problem only shows itself in the
'jami-provisioning' system test, not the 'jami' one.

Marking this one as notabug and closing.

Thanks again!

Maxim

bug#58013: Can't use guix pull

[bossatossa via Bug reports for GNU Guix]

I checked the file and it was completely empty, so i dont have anything to 
paste here.

zimoun  writes:

> Hi,
>
> On jeu., 22 sept. 2022 at 20:06, bossatossa via Bug reports for GNU Guix 
>  wrote:
>
>> In ./guix/derivations.scm:
>>963:17  1 (derivation # 
>> "texlive-bin-20210325" "/gnu/store/1kws5vkl0glvpxg?" ?)
>> In ./guix/store.scm:
>>1033:9  0 (_ # 
>> "texlive-bin-20210325.drv" #vu8(68 101 114 105 118 101 40 ?) _)
>>
>> ./guix/store.scm:1033:9: ERROR:
>>   1. :
>>   message: "error parsing derivation 
>> `/gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv': 
>> expected string `Derive(['"
>
> Hum, weird.  The first time I see that.  Could you report the content,
> e.g., using
>
>  $ cat /gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv
>
> ?
>
>
> Cheers

bug#58013: Can't use guix pull

[zimoun]

On Fri, 23 Sept 2022 at 14:04, bossatossa  wrote:

> I checked the file and it was completely empty, so i dont have anything to 
> paste here.

Maybe try:

   guix gc -D 
/gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv

then re-run

guix time-machine --commit=aa5e0307137dd68279fc8b02ac623386208458cd \
-- time-machine --commit=2e8b4f9bfa00489fd3acff305837a79af236e183 \
-- help


Cheers,
simon

bug#57978: [PATCH 2/2] substitute: Retry downloading when a nar is unavailable.

[zimoun]

Hi,

On ven., 23 sept. 2022 at 08:19, Ludovic Courtès  wrote:

> Fixes 
> Reported by Attila Lendvai .
>
> Previously, if a narinfo was available but its corresponding nar was
> missing (for instance because the narinfo was cached and the server
> became unreachable in the meantime), 'guix substitute --substitute'
> would try to download the nar from its preferred location and abort when
> that fails.  This change forces one retry with each of the URLs.
>
> * guix/scripts/substitute.scm (download-nar): Do not catch
> 'http-get-error?' exceptions.
> (system-error?, network-error?, process-substitution/fallback): New
> procedures.
> (process-substitution): Call 'process-substitution/fallback' upon
> 'network-error?'.
> * tests/substitute.scm ("substitute, first URL has narinfo but lacks nar, 
> second URL unauthorized")
> ("substitute, first URL has narinfo but nar is 404, both URLs authorized")
> ("substitute, first URL has narinfo but nar is 404, one URL authorized")
> ("substitute, narinfo is available but nar is missing"): New tests.

LGTM.


> +(test-equal "substitute, first URL has narinfo but nar is 404, one URL 
> authorized"
> +  "Substitutable data."
> +  (with-narinfo*
> +  (string-append %narinfo "Signature: "
> + (signature-field
> +  %narinfo
> +  #:public-key %wrong-public-key))
> +  %main-substitute-directory
> +
> +(with-http-server `((200 ,(string-append %narinfo "Signature: "
> + (signature-field
> +  %narinfo
> +  #:public-key 
> %wrong-public-key)))
> +(404 "Sorry, nar is missing!"))
> +  (let ((url1 (%local-url)))
> +(parameterize ((%http-server-port 0))
> +  (with-http-server `((200 ,(string-append %narinfo "Signature: "
> +   (signature-field 
> %narinfo)))
> +  (404 "Sorry, nar is missing!"))
> +(let ((url2 (%local-url)))
> +  (dynamic-wind
> +(const #t)
> +(lambda ()
> +  (parameterize ((substitute-urls
> +  (list url1 url2
> +(string-append "file://"
> +   
> %main-substitute-directory
> +(request-substitution (string-append (%store-prefix)
> + 
> "/-foo")
> +  "substitute-retrieved"))
> +  (call-with-input-file "substitute-retrieved" 
> get-string-all))
> +(lambda ()
> +  (false-if-exception (delete-file 
> "substitute-retrieved")))

Although I do not understand this test.  Why is 404 appearing twice?


Cheers,
simon

bug#58013: Can't use guix pull

[zimoun]

Hi,

On jeu., 22 sept. 2022 at 20:06, bossatossa via Bug reports for GNU Guix 
 wrote:

> In ./guix/derivations.scm:
>963:17  1 (derivation # 
> "texlive-bin-20210325" "/gnu/store/1kws5vkl0glvpxg?" ?)
> In ./guix/store.scm:
>1033:9  0 (_ # 
> "texlive-bin-20210325.drv" #vu8(68 101 114 105 118 101 40 ?) _)
>
> ./guix/store.scm:1033:9: ERROR:
>   1. :
>   message: "error parsing derivation 
> `/gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv': 
> expected string `Derive(['"

Hum, weird.  The first time I see that.  Could you report the content,
e.g., using

 $ cat /gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv

?


Cheers

bug#57978: [PATCH 1/2] substitute: Split nar download.

[zimoun]

Hi,


On ven., 23 sept. 2022 at 08:19, Ludovic Courtès  wrote:
> * guix/scripts/substitute.scm (download-nar): New procedure, with most
> of the code moved from...
> (process-substitution): ... here.  Call it.

LTGM.

Just to be sure, the patch tweaks the logic checking about narinfo and
it is not mentioned in the commit message, IMHO.



Cheers,
simon

bug#58013: Can't use guix pull

[Maxime Devos]

On 22-09-2022 21:06, bossatossa via Bug reports for GNU Guix wrote:

   message: "error parsing derivation 
`/gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv': expected string 
`Derive(['"


Could you attach
/gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv ?

Greetings,
Maxime.


OpenPGP_0x49E3EE22191725EE.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

bug#57283: opensmtpd: permission issue while trying to deliver messages to mboxes in /var/mail

[Felix Lechner via Bug reports for GNU Guix]

Hi,

Based on friendly advice offered on IRC, I believe I more or
lessaddressed the setgid issue with the system declaration below.

The issue I still have is that the adjusted gids appear to be effective
only for users but not for the smtpd process itself. As a result, smtpd
could not deliver an offline message that was created by a setup
error. It resulted in this warning on startup:

# smtpd -d -f smtpd.conf
info: OpenSMTPD 6.8.0p2 starting
sendmail: this program must be setgid smtpq
warn: smtpd: couldn't enqueue offline message 
/var/spool/smtpd/offline/1663868496.t611BF; smtpctl exited abnormally

I tried that inside 'guix shell smtpd' and without. Then I deleted the
queued message and resent it.

Alas, the reporting party may find this solution insufficient, as
well. Perhaps the local mail delivery they hope to achieve is affected
like the local retrieval that remains broken for me. (I use a relay.)

Either way, I hope this message is somewhat helpful.

Kind regards
Felix Lechner

* * *

(use-modules
 (gnu packages mail)
 (gnu system setuid))

(operating-system

 ...

 (setuid-programs
  (append (list

   (setuid-program
(program (file-append opensmtpd "/sbin/smtpctl"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))

   (setuid-program
(program (file-append opensmtpd "/sbin/sendmail"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))

   (setuid-program
(program (file-append opensmtpd "/sbin/send-mail"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))

   (setuid-program
(program (file-append opensmtpd "/sbin/makemap"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))

   (setuid-program
(program (file-append opensmtpd "/sbin/mailq"))
(setuid? #false)
(setgid? #true)
(group "smtpq"))

   (setuid-program
(program (file-append opensmtpd "/sbin/newaliases"))
(setuid? #false)
(setgid? #true)
(group "smtpq")))

  %setuid-programs))

 (services
  (append (list

   ...

   (service opensmtpd-service-type
(opensmtpd-configuration
 (config-file
  (plain-file "opensmtpd-configuration"
"
[YOUR SMTPD CONFIG TEXT GOES HERE]
"

bug#58013: Can't use guix pull

[bossatossa via Bug reports for GNU Guix]

Hello.
I wanted to update but everytime i try to
use guix pull, it fails to compute the derivation.

Here's the complete output:

Updating channel 'guix' from Git repository at 
'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix  https://git.savannah.gnu.org/git/guix.git   2e8b4f9
Computing Guix derivation for 'x86_64-linux'... -Backtrace:
In ./guix/gexp.scm:
   898:13 19 (_ #)
In ./guix/store.scm:
   1993:8 18 (_ #)
In ./guix/gexp.scm:
   300:22 17 (_ #)
In ./guix/store.scm:
   1993:8 16 (_ #)
In ./guix/gexp.scm:
   300:22 15 (_ #)
In ./guix/store.scm:
   1993:8 14 (_ #)
In ./guix/packages.scm:
  1876:11 13 (_ #)
   1797:6 12 (_ #)
In ./guix/monads.scm:
487:9 11 (_ #)
In ./guix/packages.scm:
   1553:7 10 (_ #)
In ./guix/store.scm:
   1993:8  9 (_ #)
In ./guix/packages.scm:
  1876:11  8 (_ #)
   1797:6  7 (_ #)
In ./guix/monads.scm:
487:9  6 (_ #)
In ./guix/packages.scm:
   1553:7  5 (_ #)
In ./guix/store.scm:
   1993:8  4 (_ #)
In ./guix/packages.scm:
  1876:11  3 (_ #)
In ./guix/store.scm:
  2037:38  2 (_ #)
In ./guix/derivations.scm:
   963:17  1 (derivation # 
"texlive-bin-20210325" "/gnu/store/1kws5vkl0glvpxg?" ?)
In ./guix/store.scm:
   1033:9  0 (_ # 
"texlive-bin-20210325.drv" #vu8(68 101 114 105 118 101 40 ?) _)

./guix/store.scm:1033:9: ERROR:
  1. :
  message: "error parsing derivation 
`/gnu/store/a3ll4zf4fnv81fr307f5cips3dda6gb4-config-0.0.0-1.c8ddc84.drv': 
expected string `Derive(['"
  status: 1
guix pull: error: You found a bug: the program 
'/gnu/store/dlf8gki5xs957qmcxvd23872imiw85m8-compute-guix-derivation'
failed to compute the derivation for Guix (version: 
"2e8b4f9bfa00489fd3acff305837a79af236e183"; system: "x86_64-linux";
host version: "aa5e0307137dd68279fc8b02ac623386208458cd"; pull-version: 1).
Please report the COMPLETE output above by email to .

bug#57217: home-openssh-service-type creates .ssh/config with wrong permissions

[Ludovic Courtès]

Hi Elias,

Elias Kueny  skribis:

> The files are created with too open permissions, so ssh refuses to run:
>
>  $ ssh xxx
>  Bad owner or permissions on ~/.ssh/config
>
>  $ ls -l .ssh
>  lrwxrwxrwx 1 user users 59 Aug 14 18:17 authorized_keys -> 
> /gnu/store/y8g2d9kmlrhfna23r26cfgp5mr1sxl72-authorized_keys
>  lrwxrwxrwx 1 user users  52 Aug 14 18:17 config -> 
> /gnu/store/dnnzwrz4hp1z6wnr76a6j57v95vyrbf3-ssh.conf

Here’s what I see in a container:

--8<---cut here---start->8---
$ ls -ld .ssh
drwx-- 2 ludo users 80 Sep 23 06:39 .ssh/
$ ls -l .ssh/config
lrwxrwxrwx 1 ludo users 52 Sep 23 06:39 .ssh/config -> 
/gnu/store/5lksmnx3mlyinlja2lhd84p0jkp06bg5-ssh.conf
$ ls -l $(readlink .ssh/config)
-r--r--r-- 1 65534 overflow 6219 Jan  1  1970 
/gnu/store/5lksmnx3mlyinlja2lhd84p0jkp06bg5-ssh.conf
--8<---cut here---end--->8---

The relevant check in OpenSSH is this:

--8<---cut here---start->8---
  if (fstat(fileno(f), ) == -1)
  fatal("fstat %s: %s", filename, strerror(errno));
  if (((sb.st_uid != 0 && sb.st_uid != getuid()) ||
  (sb.st_mode & 022) != 0))
  fatal("Bad owner or permissions on %s", filename);
--8<---cut here---end--->8---

That is, if ~/.ssh/config is owned by root, it’s fine; and this is
exactly what happens outside the container:

--8<---cut here---start->8---
$ ls -l $(readlink ~/.ssh/config)
-r--r--r-- 1 root root 6219 Jan  1  1970 
/gnu/store/5lksmnx3mlyinlja2lhd84p0jkp06bg5-ssh.conf
--8<---cut here---end--->8---

So ‘ssh’ works fine outside the container, but not inside.

To address the issue at hand, we would need to map UID 0 of the host as
UID 0 of the guest, but I’m not sure this can be done.

To be continued…

Ludo’.

bug#57922: Shepherd doesn't seem to correctly handle waitpid itself

[Ludovic Courtès]

Hi,

Josselin Poiret  skribis:

> Maxim Cournoyer  writes:

[...]

>> 1. It requires to be installed in the signal handlers for each
>> processes, with something like:
>>
>> --8<---cut here---start->8---
>>   (unless %sigchld-handler-installed?
>> (sigaction SIGCHLD handle-SIGCHLD SA_NOCLDSTOP)
>> (set! %sigchld-handler-installed? #t))
>> --8<---cut here---end--->8---
>>
>> Done for fork+exec-command and make-inetd-forkexec-constructor, but not
>> for make-forkexec-constructor/container, AFAICT;
>
> The signal handler is only installed once in PID 1 (in fact, you haven't
> forked yet here), since it's the one that receives the SIGCHLD.

Right.

> What I don't understand that well is that this signal handler could be
> installed only once when shepherd starts, right?  That way, it wouldn't
> need to depend on specific start actions being chosen.

The SIGCHLD handler is installed lazily since
f776de04e6702e18d95152072e78c43441d3ccc3.  The rationale was discussed
here:

  https://issues.guix.gnu.org/27553

That said, on GNU/Linux, SIGCHLD is actually blocked and instead we rely
on signalfd(2).  It’s from the main even loop in shepherd.scm that the
signal handler is called.

>> Here's a small reproducer to apply on our code base:
>>
>> --8<---cut here---start->8---
>> modified   gnu/services/telephony.scm
>> @@ -685,13 +685,7 @@ (define (archive-name->username archive)
>>  
>>  ;; Finally, return the PID of the daemon process.
>>  daemon-pid))
>> -   (stop
>> -#~(lambda (pid . args)
>> -(kill pid SIGKILL)
>> -;; Wait for the process to exit; this prevents 
>> overlapping
>> -;; processes when issuing 'herd restart'.
>> -(waitpid pid)
>> -#f
>> +   (stop #~(make-kill-destructor

I think the main difference between these two is that the first one uses
SIGKILL while the second one uses SIGTERM.

You could try #~(make-kill-destructor SIGKILL) to get the same effect.

(Another difference is that ‘make-kill-destructor’ kills the process
group, not just the process itself.)

Anyway, the key point is that shepherd takes care of calling ‘waitpid’
for its child processes (services).  If you call it yourself as in the
snippet above, you’re racing with shepherd; in the case above it
probably doesn’t make any difference though because it will consider
that the service is stopped in any case.

HTH!

Ludo’.

bug#57978: [PATCH 2/2] substitute: Retry downloading when a nar is unavailable.

[Ludovic Courtès]

Fixes 
Reported by Attila Lendvai .

Previously, if a narinfo was available but its corresponding nar was
missing (for instance because the narinfo was cached and the server
became unreachable in the meantime), 'guix substitute --substitute'
would try to download the nar from its preferred location and abort when
that fails.  This change forces one retry with each of the URLs.

* guix/scripts/substitute.scm (download-nar): Do not catch
'http-get-error?' exceptions.
(system-error?, network-error?, process-substitution/fallback): New
procedures.
(process-substitution): Call 'process-substitution/fallback' upon
'network-error?'.
* tests/substitute.scm ("substitute, first URL has narinfo but lacks nar, 
second URL unauthorized")
("substitute, first URL has narinfo but nar is 404, both URLs authorized")
("substitute, first URL has narinfo but nar is 404, one URL authorized")
("substitute, narinfo is available but nar is missing"): New tests.
---
 guix/scripts/substitute.scm | 113 
 tests/substitute.scm| 113 
 2 files changed, 203 insertions(+), 23 deletions(-)

diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm
index e3b382d0d8..cf59db4315 100755
--- a/guix/scripts/substitute.scm
+++ b/guix/scripts/substitute.scm
@@ -460,25 +460,20 @@ (define (fetch uri)
(let ((port (open-file (uri-path uri) "r0b")))
  (values port (stat:size (stat port)
   ((http https)
-   (guard (c ((http-get-error? c)
-  (leave (G_ "download from '~a' failed: ~a, ~s~%")
- (uri->string (http-get-error-uri c))
- (http-get-error-code c)
- (http-get-error-reason c
- ;; Test this with:
- ;;   sudo tc qdisc add dev eth0 root netem delay 1500ms
- ;; and then cancel with:
- ;;   sudo tc qdisc del dev eth0 root
- (with-timeout %fetch-timeout
-   (begin
- (warning (G_ "while fetching ~a: server is somewhat slow~%")
-  (uri->string uri))
- (warning (G_ "try `--no-substitutes' if the problem persists~%")))
-   (with-cached-connection uri port
- (http-fetch uri #:text? #f
- #:port port
- #:keep-alive? #t
- #:buffered? #f)
+   ;; Test this with:
+   ;;   sudo tc qdisc add dev eth0 root netem delay 1500ms
+   ;; and then cancel with:
+   ;;   sudo tc qdisc del dev eth0 root
+   (with-timeout %fetch-timeout
+ (begin
+   (warning (G_ "while fetching ~a: server is somewhat slow~%")
+(uri->string uri))
+   (warning (G_ "try `--no-substitutes' if the problem persists~%")))
+ (with-cached-connection uri port
+   (http-fetch uri #:text? #f
+   #:port port
+   #:keep-alive? #t
+   #:buffered? #f
   (else
(leave (G_ "unsupported substitute URI scheme: ~a~%")
   (uri->string uri)
@@ -572,6 +567,68 @@ (define cpu-usage
 (bytevector->nix-base32-string expected)
 (bytevector->nix-base32-string actual)))
 
+(define system-error?
+  (let ((kind-and-args? (exception-predicate )))
+(lambda (exception)
+  "Return true if EXCEPTION is a Guile 'system-error exception."
+  (and (kind-and-args? exception)
+   (eq? 'system-error (exception-kind exception))
+
+(define network-error?
+  (let ((kind-and-args? (exception-predicate )))
+(lambda (exception)
+  "Return true if EXCEPTION denotes a networking error."
+  (or (and (system-error? exception)
+   (let ((errno (system-error-errno
+ (cons 'system-error (exception-args exception)
+ (memv errno (list ECONNRESET ECONNABORTED
+   ECONNREFUSED EHOSTUNREACH
+   ENOENT ;for "file://"
+  (and (kind-and-args? exception)
+   (memq (exception-kind exception)
+ '(gnutls-error getaddrinfo-error)))
+  (and (http-get-error? exception)
+   (begin
+ (warning (G_ "download from '~a' failed: ~a, ~s~%")
+  (uri->string (http-get-error-uri exception))
+  (http-get-error-code exception)
+  (http-get-error-reason exception))
+ #t))
+
+(define* (process-substitution/fallback port narinfo destination
+#:key cache-urls acl
+deduplicate? print-build-trace?)
+  "Attempt to substitute NARINFO, which is assumed to be authorized or
+equivalent, by trying to download its nar from each entry in 

bug#57978: [PATCH 1/2] substitute: Split nar download.

[Ludovic Courtès]

* guix/scripts/substitute.scm (download-nar): New procedure, with most
of the code moved from...
(process-substitution): ... here.  Call it.
---
 guix/scripts/substitute.scm | 52 +++--
 1 file changed, 32 insertions(+), 20 deletions(-)

diff --git a/guix/scripts/substitute.scm b/guix/scripts/substitute.scm
index cdf591ac4d..e3b382d0d8 100755
--- a/guix/scripts/substitute.scm
+++ b/guix/scripts/substitute.scm
@@ -437,20 +437,13 @@ (define-syntax-rule (with-cached-connection uri port exp 
...)
   "Bind PORT with EXP... to a socket connected to URI."
   (call-with-cached-connection uri (lambda (port) exp ...)))
 
-(define* (process-substitution port store-item destination
-   #:key cache-urls acl
-   deduplicate? print-build-trace?)
-  "Substitute STORE-ITEM (a store file name) from CACHE-URLS, and write it to
-DESTINATION as a nar file.  Verify the substitute against ACL, and verify its
-hash against what appears in the narinfo.  When DEDUPLICATE? is true, and if
-DESTINATION is in the store, deduplicate its files.  Print a status line to
-PORT."
-  (define narinfo
-(lookup-narinfo cache-urls store-item
-(if (%allow-unauthenticated-substitutes?)
-(const #t)
-(cut valid-narinfo? <> acl
-
+(define* (download-nar narinfo destination
+   #:key status-port
+   deduplicate? print-build-trace?)
+  "Download the nar prescribed in NARINFO, which is assumed to be authentic
+and authorized, and write it to DESTINATION.  When DEDUPLICATE? is true, and
+if DESTINATION is in the store, deduplicate its files.  Print a status line to
+STATUS-PORT."
   (define destination-in-store?
 (string-prefix? (string-append (%store-prefix) "/")
 destination))
@@ -490,10 +483,6 @@ (define (fetch uri)
(leave (G_ "unsupported substitute URI scheme: ~a~%")
   (uri->string uri)
 
-  (unless narinfo
-(leave (G_ "no valid substitute for '~a'~%")
-   store-item))
-
   (let ((uri compression file-size
  (narinfo-best-uri narinfo
#:fast-decompression?
@@ -575,14 +564,37 @@ (define cpu-usage
   (let ((actual (get-hash)))
 (if (bytevector=? actual expected)
 ;; Tell the daemon that we're done.
-(format port "success ~a ~a~%"
+(format status-port "success ~a ~a~%"
 (narinfo-hash narinfo) (narinfo-size narinfo))
 ;; The actual data has a different hash than that in NARINFO.
-(format port "hash-mismatch ~a ~a ~a~%"
+(format status-port "hash-mismatch ~a ~a ~a~%"
 (hash-algorithm-name algorithm)
 (bytevector->nix-base32-string expected)
 (bytevector->nix-base32-string actual)))
 
+(define* (process-substitution port store-item destination
+   #:key cache-urls acl
+   deduplicate? print-build-trace?)
+  "Substitute STORE-ITEM (a store file name) from CACHE-URLS, and write it to
+DESTINATION as a nar file.  Verify the substitute against ACL, and verify its
+hash against what appears in the narinfo.  When DEDUPLICATE? is true, and if
+DESTINATION is in the store, deduplicate its files.  Print a status line to
+PORT."
+  (define narinfo
+(lookup-narinfo cache-urls store-item
+(if (%allow-unauthenticated-substitutes?)
+(const #t)
+(cut valid-narinfo? <> acl
+
+  (unless narinfo
+(leave (G_ "no valid substitute for '~a'~%")
+   store-item))
+
+  (download-nar narinfo destination
+#:status-port port
+#:deduplicate? deduplicate?
+#:print-build-trace? print-build-trace?))
+
 
 ;;;
 ;;; Entry point.
-- 
2.37.3

bug#57978: [PATCH 0/2] Retry nar downloads upon failure

[Ludovic Courtès]

Hello!

This is a long overdue fix for :
when a nar cannot be downloaded from its “preferred” location,
‘guix substitute --substitute’ will now retry once for each substitute
URL instead of failing right away.

This should address the most common issues such as transient
networking failures.

Comments?

Thanks,
Ludo’.

Ludovic Courtès (2):
  substitute: Split nar download.
  substitute: Retry downloading when a nar is unavailable.

 guix/scripts/substitute.scm | 157 +++-
 tests/substitute.scm| 113 ++
 2 files changed, 231 insertions(+), 39 deletions(-)


base-commit: a09655b20850d065333ec333e6e184b604f606a8
-- 
2.37.3