[BUG] Cuirass seems stuck in a loop.

[Pierre-Henry Fröhring]

Hello Guix!

I've a strange behaviour using Cuirass.

* Symptoms

#+begin_example

$ cat /var/log/cuirass.log 

…

2022-02-22T16:18:17 Fetching channels for spec 'flat'.                                                                                                                                        

2022-02-22T16:18:18 next evaluation in 60 seconds                                                                                                                                             

2022-02-22T16:18:26 error: build succeeded: '/gnu/store/rrp2yqlff0b6mz7frwdghclxb7qhqr2n-texlive-psnfss-59745-checkout.drv'                                                                   

2022-02-22T16:18:26 error: build started: '/gnu/store/gqc8jcd6vwh6gd64xfjiisjn5jzynvvv-texlive-ruhyphen-59745-checkout.drv'                                                                   

2022-02-22T16:18:26 error: build succeeded: '/gnu/store/gqc8jcd6vwh6gd64xfjiisjn5jzynvvv-texlive-ruhyphen-59745-checkout.drv'                                                                 

2022-02-22T16:18:27 error: build started: '/gnu/store/v8596k4spyd6j71zb1vsw3bbvpn232r4-texlive-scripts-59745-checkout.drv'                                                                    

2022-02-22T16:18:27 error: build succeeded: '/gnu/store/v8596k4spyd6j71zb1vsw3bbvpn232r4-texlive-scripts-59745-checkout.drv'                 

…

#+end_example

* Guix describe

#+begin_example

# guix describe

Generation 2  Feb 22 2022 14:58:35  (current)

  guix 218400c

    repository URL: https://git.savannah.gnu.org/git/guix.git

    branch: master

    commit: 218400c0f7d754467eac20bbdea3c5282efe7b2e

#+end_example

* Operating system

#+begin_example

(use-modules (gnu)

             (gnu services web)

             (gnu services rsync)

             (gnu services avahi)

       (gnu services cuirass)

       (gnu packages certs)

             (gnu packages rsync))

(use-service-modules networking ssh)

(use-package-modules screen ssh)

(define %nftables-ruleset

  (plain-file "nftables.conf"

              "# A simple and safe firewall

table inet filter {

  chain input {

    type filter hook input priority 0; policy drop;

    # early drop of invalid connections

    ct state invalid drop

    # allow established/related connections

    ct state { established, related } accept

    # allow from loopback

    iifname lo accept

    # allow icmp

    ip protocol icmp accept

    ip6 nexthdr icmpv6 accept

    # allow ssh and http

    tcp dport {ssh, https, http, rsync} accept

    # reject everything else

    reject with icmpx type port-unreachable

  }

  chain forward {

    type filter hook forward priority 0; policy drop;

  }

  chain output {

    type filter hook output priority 0; policy accept;

  }

}

"))

(operating-system

 (host-name "guixsd-1")

 (timezone "Europe/Paris")

 (locale "en_US.UTF-8")

 (bootloader (bootloader-configuration

              (bootloader grub-bootloader)

              (target "/dev/vda")))

 (file-systems (cons (file-system

                      (device "/dev/vda1")

                      (mount-point "/")

                      (type "ext4"))

                     %base-file-systems))

 (users (cons (user-account

               (name "phf")

               (group "users")

               (supplementary-groups '("wheel"))

               (home-directory "/home/phf"))

              %base-user-accounts))

 (packages (cons*

            ;; rsync is installed system wide.

            ;;

            ;;;; When connecting non-interactively over SSH, Guix will

            ;;;; source /etc/profile. It will not source your users's

            ;;;; own profile, but only the system profile.

            ;;;; see: https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/system/shadow.scm?id=1684ed6537fbd91ae5c14fb0314564e71799d390#n136

            rsync

            nss-certs

            screen

            openssh

            %base-packages))

 ;; Set your Droplet, static network configuration

 (services

  (append

   (list ;; Static address

    (service static-networking-service-type

             (list (static-networking

                    (addresses

                     (list (network-address

                            (device "eth0")

                            ;; ip a

                            (value "134.209.246.249/20"))))

                    (routes

                     (list (network-route

                            (destination "default")

                            ;; ip r

                            (gateway "134.209.240.1"))))

                    (name-servers '("8.8.8.8" "8.8.4.4")))))

    ;; SSH

    ;; ( … )

    ;; Cuirass

    (service cuirass-service-type

         (cuirass-configuration

          (specifications #~'())

          (host "0.0.0.0")))

    ;; Avahi

    (service avahi-service-type

         (avahi-configuration))

    ;; Cuirass publish

    (service guix-publish-service-type

         (guix-publish-configuration

          (host "0.0.0.0")

          (advertise? #t)))

    ;; Firewall

    (service nftables-service-type

             (nftables-configuration

              (ruleset %nftables-ruleset)))

    ;; Rsync

    (service rsync-service-type))

   %base-services)))

#+end_example

* Cuirass

Cuirass has been configured through the web interface but the

configuration should be equivalent to:

#+begin_example

(service cuirass-service-type

         (cuirass-configuration

          (specifications

           #~(list

              (specification

               (name "flat")

               (build '(channels flat))

               (channels

                (cons (channel

                       (name 'flat)

                       (url "https://github.com/flatwhatson/guix-channel"))

                      %default-channels)))))

          (host "0.0.0.0")))

#+end_example