~dhruvin/builds.sr.ht-guix

2a8dabf497a4f76b81e59c08c9302689b449f7aa — Dhruvin Gandhi 8 months ago 839f340
Finalize the substitute server section
1 files changed, 12 insertions(+), 12 deletions(-)

M index.md
M index.md => index.md +12 -12
@@ 120,15 120,18 @@ Environment](https://man.sr.ht/builds.sr.ht/#build-environment).

# Substitute Servers

Supporting substitute servers is currently being explored.

## Download packages from unauthorized substitute servers

Guix can download packages from unauthorized servers that are
bit-for-bit-identical to those provided from authorized servers.  URLs
to substitute servers can be given to `guix package` via
`--substitute-urls` to opt-in.  See [Substitute
Downloading from substitute servers other than the official guix
servers is done in two steps.  If the substitute servers are trusted,
they should be authorized first.  This is done by providing the public
keys of trusted servers to `guix archive --authorize`.  URLs to
substitute servers can then be given to various guix commands, like
`guix package`, via `--substitute-urls` flag to enable downloading
binaries directly instead.  See [Substitute
Authentication](https://guix.gnu.org/manual/en/html_node/Substitute-Authentication.html).
Projects should have public keys of substitute servers in the source.

Guix System will trust the keys only until the next boot. This is
important only if you are inspecting failed builds using shell access.

Example:



@@ 143,12 146,9 @@ Example:
image: guix
tasks:
  - guix: |
      guix archive --authorize < project/path/to/key.pub
      servers="https://example.com https://ci.guix.gnu.org https://bordeaux.guix.gnu.org"
      guix package -v0 --substitute-urls=$servers -m project/path/to/manifest.scm
  - greet: |
      hello
```

## Authorize substitute servers

TODO