website: use Guix v1.4.0.

While the website code is separate from the rest, the same rationale than in the commit ada459875c ("Use a released guix revision globally.") applies for using Guix 1.4.0 (having access to the Guix manual for the right Guix version, not needing to run guix pull in some cases). However if we do that we run into an issue where guix fails to find a substitute for pandoc for Guix 1.4.0 for i686-linux. This results in Guix bootstraping ghc and then building pandoc and its dependencies. The ghc bootstrap is extremely long (many hours / few days on a ThinkPad X200, and it takes more than one night inside a VM with 8 cores and 16 GiB of RAM that runs on a KGPE-D16). Not running the ghc tests also doesn't speed up the build enough to be practical. However while the pandoc substitutes are not available on ci.guix.gnu.org, they are available on bordeaux.guix.gnu.org which is also in the default substitute servers. So the workaround is to tell users to make sure to authorize bordeaux.guix.gnu.org and then to force its use if it is authorized. This still enable users to not use substitute (for security reasons) if they want to. To do the detection we use guix repl as the guix command is supposed to be available and it also has access to Guix's guile modules. In addition, running ./autogen.sh && ./configure && make check results in the following error without this commit: guix time-machine --commit= -- shell --system=i686-linux --container --network --emulate-fhs --share=`realpath ../` bash coreutils findutils git grep nss-certs pandoc sed -- ./build.sh guix time-machine: error: Git error: unable to parse OID - too short make: *** [Makefile:696: build] Error 1 This was broken by the commit 07e9cbd12c99e39d0bc0b8449423bd914bb92b10 ("website: properly handle the dot dependency."). However if we bisect it, we instead find that the commit f8874d77803426cc01305e7f895284dbe7caae00 ("website: remove history/git-history.jpg") broke 'make check'. This is because history/git-history.jpg is supposed to be generated but it was included in git in the commit 388c0ef3d0 ("website: add history page of the GNU Boot git repositories.") and so once we starts generating the file again, 'make check' breaks. So we modified the commit 388c0ef3d0 ("website: add history page of the GNU Boot git repositories.") to not add history/git-history.jpg to properly bisect it. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> neox: fixed typos in message and diff Acked-by: Adrien Bourmault <neox@gnu.org>
2024-11-23 17:04:07 +01:00 · 2024-11-23 17:04:07 +01:00 · 2e3818668d
parent 8a7eeddb04
commit 2e3818668d
4 changed files with 89 additions and 3 deletions
--- a/website/Makefile.am
+++ b/website/Makefile.am
@ -33,6 +33,7 @@ GUIX_SHELL_CONTAINER = guix time-machine \
 	shell \
 	--system=i686-linux \
 	--container \
+	`guix repl force-bordeaux-substitute.scm force` \
 	$(SENTINEL)

 if WANT_GUIX
--- a/website/README
+++ b/website/README
@ -35,12 +35,42 @@ dependencies instead:
 * make
 * tar

-And you can use the following commands instead:
+For making sure that the build doesn't take days, you will also need
+to make sure that bordeaux.guix.gnu.org is in the list of substitutes
+(binary packages servers).
+
+This is needed because some older Guix packages (like the ones on
+Trisquel 11 or PureOS) don't have bordeaux enabled while installation
+through the guix-install.sh instead have it enabled if you enable
+substitutes (binary packages), and without it Guix will start to build
+haskell (which is a dependency of pandoc) and this takes a few days to
+complete on a ThinkPad X200.
+
+If your Guix installation is recent enough it should already have it
+and the following command should print 'bordeaux.guix.gnu.org is
+enabled':
+$ guix repl force-bordeaux-substitute.scm check
+
+If instead you need to add it, it will print 'bordeaux.guix.gnu.org is
+disabled'.
+
+You can add bordeaux.guix.gnu.org with the following command:
+$ guix pull
+$ sudo guix archive --authorize < ~/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub
+
+You will also need to make it possible for the build system to check
+if it is enabled as some people might want to bulid everything
+themselves for security reasons, so we don't use bordeaux if it is not
+already authorized:
+$ sudo chmod +r /etc/guix/acl
+
+Once bordeaux is enabled you can use the following commands to build
+the website:
 $ ./autogen.sh
 $ ./configure
 $ make serve

-== Local deployments ==
+== Testing the website ==

 Here's how to deploy the website in a local webserver:
 $ ./autogen.sh
@ -53,7 +83,6 @@ Then you can point a browser to http://localhost:8086/software/gnuboot/web/ or
 to http://localhost:PORT/software/gnuboot/web/ if you changed the port through
 ./configure options.

-
 The GNU Boot website build system takes care of some of the
 dependencies for you (for instance the static website generator that
 is not packaged in any distributions) so you have less work to do to
--- a/website/configure.ac
+++ b/website/configure.ac
@ -17,6 +17,9 @@ AC_INIT([gnuboot],[0.1],[gnuboot@gnu.org])
 AM_INIT_AUTOMAKE([foreign])
 AC_CONFIG_FILES([Makefile])

+# Use the same revision than ../configure.ac
+AC_SUBST([GUIX_REVISION], [8e2f32cee982d42a79e53fc1e9aa7b8ff0514714])
+
 AC_SUBST([LIGHTTPD_PORT], [])
 AC_SUBST([RSYNC_DESTINATION], [])
 AC_SUBST([UNTITLED_PATH], [])
--- a/website/force-bordeaux-substitute.scm
+++ b/website/force-bordeaux-substitute.scm
@ -0,0 +1,53 @@
+;;; Copyright © 2024 Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
+;;; Copyright © 2024 Adrien 'neox' Bourmault <neox@a-lec.org>
+;;;
+;;; This file is part of GNU Boot.
+;;;
+;;; This file is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; This file is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(use-modules (gcrypt pk-crypto))
+(use-modules (guix pki))
+
+(define bordeaux.guix.gnu.org
+  "(public-key
+     (ecc
+       (curve Ed25519)
+       (q #7D602902D3A2DBB83F8A0FB98602A754C5493B0B778C8D1DD4E0F41DE14DE34F#)))")
+
+
+(cond ((and
+	(eq? (length (program-arguments)) 2)
+	(string=? (list-ref (program-arguments) 1) "force"))
+       (if (authorized-key? (string->canonical-sexp bordeaux.guix.gnu.org))
+	   (display "--substitute-urls=https://bordeaux.guix.gnu.org")))
+
+      ((and
+	(eq? (length (program-arguments)) 2)
+	(string=? (list-ref (program-arguments) 1) "check"))
+       (if (authorized-key? (string->canonical-sexp bordeaux.guix.gnu.org))
+	   (display "bordeaux.guix.gnu.org is enabled\n")
+	   (display "bordeaux.guix.gnu.org is disabled\n")))
+
+      (#t ((lambda _
+	     (display
+	      (string-append
+	       "Usage: "
+	       "guix repl force-bordeaux-substitute.scm check # "
+	       "check if bordeaux.guix.gnu.org is enabled or not.\n"))
+	     (display
+	      (string-append
+	       "Usage: "
+	       "guix repl force-bordeaux-substitute.scm force # "
+	       "print '--substitute-urls=https://bordeaux.guix.gnu.org' "
+	       "if bordeaux.guix.gnu.org is enabled.\n"))))))