[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signed archives

From: Ludovic Courtès
Subject: Re: Signed archives
Date: Mon, 27 Jan 2014 16:56:59 +0100
User-agent: Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux)

Nikita Karetnikov <address@hidden> skribis:

> Sorry, I’m failing to understand how the protocol works.  Is the spec
> available somewhere?


> Could you describe the entire process in a step-by-step way?  What does
> happen when the client requests a substitute?  You mentioned that the
> client attempts to fetch the corresponding .narinfo file.  What does
> happen after that?

The substituter can be invoked either in query mode, or in substitution

In query mode, it is passed a list of store file names, and it must tell
whether substitutes exist for them.  This is what happens, for instance,
when running ‘guix build foo --dry-run’: it allows ‘guix build’ to know
what would be downloaded from, and what would be built.

In substitute mode, it is passed a list of store file names to actually

‘guix substitute-binary’ implements that protocol, with the aim of
reflecting binaries served by Hydra.  Thus, its query mode consists in
verifying whether the .narinfo for a given item exists at  Its substitute mode consists in downloading the
archive specified in the corresponding .narinfo.

See the thread at

> Why does the client need to cache the answer?  Does it check the cache
> first?

If it didn’t cache the answer, then it would have to do one HTTP GET for
each item you want to build.  For instance:

  guix build coreutils -n

would lead something like 20 HTTP requests to, which could
take a lot of time.

So, instead, it does two things:

  • it caches Hydra’s .narinfo or lack thereof, for a limited time (see

  • when there’s no info in cache, a HTTP requests are made in parallel
    (see <>.)

> ‘guix authenticate’ accepts a ‘hash-file’ argument.  Does it come from
> the .narinfo file?

No, it comes from LocalStore::importPath, in

> If so, should ‘substitute-binary.scm’ check the signature against the
> NarHash field?

Hmm I think so, but we’d have to double-check whether that’s what Nix
actually does.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]