[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Downloading Guix packages via Tor

From: panic
Subject: Downloading Guix packages via Tor
Date: Sun, 17 Jan 2016 23:56:02 +0000


I'm trying to get myself familiar with Guix and built guix-0.9.0 on a
Debian stable machine (only guile-json is fetched from testing).

I try to do all internet communication through Tor: DNS/port 53 outgoing
and network accesses of non-`debian-tor'-users are rejected on purpose
(like in Tails which is based on Debian).
This makes programs fail when they are not (yet) configured for Tor, so
is Guix:

During the `make' step, a bootstrap `guile-2.0.9' or `guile-2.0.11' is
downloaded for several architectures (i686, x86_64, armhf, mipsel).

o  What is this needed for? guile-2.0.11 is already installed from
   Debian stable?
o  IMHO a `make' should not download files.
o  I could only observe the xz-files to be downloaded but not the
   GPG signatures.  Is the file's integrity checked somehow?
o  If these files are crucial, I'd prefer the `make' to stop and tell
   me how to manually download & verify these files.

Is it possible to proxy downloads by Guix through Tor?
I saw reports that it is apparently possible to set the http_proxy
environment variable and then it is used by Guix.  Is it also possible
to define socks_proxy?

What is the current state of checking signatures of source tarballs or
git commits/tags?
(thread to the same topic:

-- panic

reply via email to

[Prev in Thread] Current Thread [Next in Thread]