build: Default to "https://mirror.hydra.gnu.org/" for substitutes.

* config-daemon.ac: Check for (gnutls) and define 'GUIX_SUBSTITUTE_URLS'. * nix/nix-daemon/guix-daemon.cc (main): Use GUIX_SUBSTITUTE_URLS. * guix/store.scm (%default-substitute-urls): Use 'https' when (gnutls) is available. * doc/guix.texi (Binary Installation): Mention mirrors (Invoking guix-daemon): Mention mirror.hydra.gnu.org. (Substitutes): Mention mirrors. (Invoking guix archive): Show https URLs.
2016-03-16 10:35:24 +01:00 · 2016-03-16 10:35:24 +01:00 · df061d079b
parent 409e4ac6e3
commit df061d079b
4 changed files with 31 additions and 11 deletions
--- a/config-daemon.ac
+++ b/config-daemon.ac
@ -110,6 +110,20 @@ if test "x$guix_build_daemon" = "xyes"; then
  dnl Check for <linux/fs.h> (for immutable file support).
  AC_CHECK_HEADERS([linux/fs.h])
  dnl Determine the appropriate default list of substitute URLs.
  GUILE_MODULE_AVAILABLE([have_gnutls], [(gnutls)])
  if test "x$have_gnutls" = "xyes"; then
    guix_substitute_urls="https://mirror.hydra.gnu.org https://hydra.gnu.org"
  else
    AC_MSG_WARN([GnuTLS is missing, substitutes will be downloaded in the clear])
    guix_substitute_urls="http://mirror.hydra.gnu.org http://hydra.gnu.org"
  fi
  AC_MSG_CHECKING([for default substitute URLs])
  AC_MSG_RESULT([$guix_substitute_urls])
  AC_DEFINE_UNQUOTED([GUIX_SUBSTITUTE_URLS], ["$guix_substitute_urls"],
    [Default list of substitute URLs used by 'guix-daemon'.])
  dnl Check whether the 'offload' build hook can be built (uses
  dnl 'restore-file-set', which requires unbuffered custom binary input
  dnl ports from Guile >= 2.0.10.)
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -448,8 +448,8 @@ Directories,,, texinfo, GNU Texinfo}, for more details on changing the
 Info search path.)
@item
-To use substitutes from @code{hydra.gnu.org} (@pxref{Substitutes}),
+To use substitutes from @code{hydra.gnu.org} or one of its mirrors
-authorize them:
+(@pxref{Substitutes}), authorize them:
@example
 # guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub
@ -912,8 +912,9 @@ remote procedure call (@pxref{The Store}).
@item --substitute-urls=@var{urls}
@anchor{daemon-substitute-urls}
 Consider @var{urls} the default whitespace-separated list of substitute
-source URLs.  When this option is omitted, @indicateurl{http://hydra.gnu.org}
+source URLs.  When this option is omitted,
-is used.
+@indicateurl{https://mirror.hydra.gnu.org https://hydra.gnu.org} is used
 (@code{mirror.hydra.gnu.org} is a mirror of @code{hydra.gnu.org}).
 This means that substitutes may be downloaded from @var{urls}, as long
 as they are signed by a trusted signature (@pxref{Substitutes}).
@ -1730,7 +1731,8 @@ your system has unpatched security vulnerabilities.
@cindex security
@cindex digital signatures
-To allow Guix to download substitutes from @code{hydra.gnu.org}, you
+To allow Guix to download substitutes from @code{hydra.gnu.org} or a
 mirror thereof, you
 must add its public key to the access control list (ACL) of archive
 imports, using the @command{guix archive} command (@pxref{Invoking guix
 archive}).  Doing so implies that you trust @code{hydra.gnu.org} to not
@ -2199,7 +2201,7 @@ served by @code{hydra.gnu.org} to @file{/tmp/emacs}:
@example
 $ wget -O - \
-  http://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
+  https://hydra.gnu.org/nar/@dots{}-emacs-24.5 \
  | bunzip2 | guix archive -x /tmp/emacs
@end example
@ -4294,7 +4296,7 @@ but you are actually on an @code{x86_64} machine:
@example
 $ guix build --log-file gdb -s mips64el-linux 
-http://hydra.gnu.org/log/@dots{}-gdb-7.10
+https://hydra.gnu.org/log/@dots{}-gdb-7.10
@end example
 You can freely access a huge library of build logs!
--- a/guix/store.scm
+++ b/guix/store.scm
@ -504,8 +504,12 @@ encoding conversion errors."
                              (status   k))))))))
 (define %default-substitute-urls
-  ;; Default list of substituters.
+  ;; Default list of substituters.  This is *not* the list used by
-  '("http://hydra.gnu.org"))
+  ;; 'guix-daemon', and few clients use it ('guix build --log-file' uses it.)
  (map (if (false-if-exception (resolve-interface '(gnutls)))
           (cut string-append "https://" <>)
           (cut string-append "http://" <>))
       '("hydra.gnu.org")))
 (define* (set-build-options server
                            #:key keep-failed? keep-going? fallback?
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@ -1,5 +1,5 @@
 /* GNU Guix --- Functional package management for GNU
-   Copyright (C) 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+   Copyright (C) 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
   This file is part of GNU Guix.
@ -327,7 +327,7 @@ main (int argc, char *argv[])
      settings.set ("build-use-substitutes", "true");
      /* Use our substitute server by default.  */
-      settings.set ("substitute-urls", "http://hydra.gnu.org");
+      settings.set ("substitute-urls", GUIX_SUBSTITUTE_URLS);
 #ifdef HAVE_DAEMON_OFFLOAD_HOOK
      /* Use our build hook for distributed builds by default.  */