[bug#45023] [PATCH] install: Discover local substitute servers.

[Ludovic Courtès]

Hi!

Mathieu Othacehe <othacehe@gnu.org> skribis:

>>From 3e29ee9755ef0bb9917fc482528fdbdc864ae72e Mon Sep 17 00:00:00 2001
> From: Mathieu Othacehe <othacehe@gnu.org>
> Date: Fri, 4 Dec 2020 11:33:16 +0100
> Subject: [PATCH v2] install: Discover local substitute servers.
>
> * gnu/installer/substitutes.scm: New file.
> * gnu/installer/newt/substitutes.scm: New file.
> * gnu/local.mk (INSTALLER_MODULES): Add them.
> * po/guix/POTFILES.in: Add gnu/installer/newt/substitutes.scm.
> * gnu/installer/proxy.scm (with-silent-shepherd): Move to ...
> * gnu/installer/utils.scm: ... here.
> * gnu/installer/record.scm (<installer>)[substitutes-page]: New field.
> * gnu/installer/newt.scm (substitutes-page): New procedure,
> (newt-installer): register it.
> * gnu/installer.scm (installer-steps): Add "substitutes-page" step.
> * gnu/system/install.scm (%installation-services): Add avahi-service-type and
> enable substitute server discover in guix-service-type.
> [<name-service-switch>]: Set it to %mdns-host-lookup-nss.

Neat!  Overall LGTM; some suggestions below.

> +         ;; Ask whether to enable substitute servers discovery.
> +         (installer-step
> +          (id 'substitutes)
> +          (description (G_ "Substitutes server discovery"))

Maybe “Substitute” (singular)

> +     (case (choice-window
> +            (G_ "Substitute servers discovery.")

“server” (singular)

> +            (G_ "If you have substitute servers on your local network, you 
> can \
> +enable the following option. It might be faster than fetching from remote \
> +servers. There are no security risks, only genuine substitutes will be used \
> +but as servers may serve substitute over HTTP, unencrypted, anyone on the 
> LAN \
> +can see what software you’re installing."))

Slightly reworked:

  By turning this option on, you allow Guix to fetch ``substitutes''
  (pre-built binaries) during installation from servers discovered on
  your local area network (LAN) in addition to the official server.
  This can increase download throughput.

  There are no security risks: only genuine substitutes may be retrieved
  from those servers.  However, eavesdroppers on your LAN may be able to
  see what software you are installing.

> +(define (enable-discover)
> +  (with-silent-shepherd
> +    (with-shepherd-action 'guix-daemon
> +        ('discover "on")
> +        result
> +      result)))
> +
> +(define (disable-discover)

‘{enable,disable}-discovery’ would seem more natural to me.

> +          ;; Use the Avahi daemon to discover substitute servers on the local
> +          ;; network.  It can be faster than fetching from remote servers.
> +          (service avahi-service-type
> +                   (avahi-configuration (debug? #t)))

Maybe we can remove the ‘debug?’ flag?

How bigger is the resulting ISO?

>            ;; The build daemon.  Register the default substitute server key(s)
> -          ;; as trusted to allow the installation process to use substitutes 
> by
> -          ;; default.
> +          ;; as trusted to allow the installation process to use substitutes
> +          ;; by default.
>            (service guix-service-type
> -                   (guix-configuration (authorize-key? #t)))
> +                   (guix-configuration
> +                    (authorize-key? #t)))

Unneeded.  :-)

Thanks!

Ludo’.