mirror of
https://git.savannah.gnu.org/git/gnuboot.git
synced 2025-01-30 02:59:36 +01:00
Denis 'GNUtoo' Carikli
2e3818668d
While the website code is separate from the rest, the same rationale than in the commitada459875c("Use a released guix revision globally.") applies for using Guix 1.4.0 (having access to the Guix manual for the right Guix version, not needing to run guix pull in some cases). However if we do that we run into an issue where guix fails to find a substitute for pandoc for Guix 1.4.0 for i686-linux. This results in Guix bootstraping ghc and then building pandoc and its dependencies. The ghc bootstrap is extremely long (many hours / few days on a ThinkPad X200, and it takes more than one night inside a VM with 8 cores and 16 GiB of RAM that runs on a KGPE-D16). Not running the ghc tests also doesn't speed up the build enough to be practical. However while the pandoc substitutes are not available on ci.guix.gnu.org, they are available on bordeaux.guix.gnu.org which is also in the default substitute servers. So the workaround is to tell users to make sure to authorize bordeaux.guix.gnu.org and then to force its use if it is authorized. This still enable users to not use substitute (for security reasons) if they want to. To do the detection we use guix repl as the guix command is supposed to be available and it also has access to Guix's guile modules. In addition, running ./autogen.sh && ./configure && make check results in the following error without this commit: guix time-machine --commit= -- shell --system=i686-linux --container --network --emulate-fhs --share=`realpath ../` bash coreutils findutils git grep nss-certs pandoc sed -- ./build.sh guix time-machine: error: Git error: unable to parse OID - too short make: *** [Makefile:696: build] Error 1 This was broken by the commit 07e9cbd12c99e39d0bc0b8449423bd914bb92b10 ("website: properly handle the dot dependency."). However if we bisect it, we instead find that the commit f8874d77803426cc01305e7f895284dbe7caae00 ("website: remove history/git-history.jpg") broke 'make check'. This is because history/git-history.jpg is supposed to be generated but it was included in git in the commit388c0ef3d0("website: add history page of the GNU Boot git repositories.") and so once we starts generating the file again, 'make check' breaks. So we modified the commit388c0ef3d0("website: add history page of the GNU Boot git repositories.") to not add history/git-history.jpg to properly bisect it. Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> neox: fixed typos in message and diff Acked-by: Adrien Bourmault <neox@gnu.org>
174 lines
6 KiB
Text
174 lines
6 KiB
Text
== Introduction ==
|
|
This directory contains both the website in pages/ and build code to
|
|
easily build and deploy the GNU Boot website with very few commands.
|
|
|
|
== Dependencies ==
|
|
|
|
If you don't want to install Guix just to test the website, you will
|
|
need to install the following dependencies:
|
|
|
|
* autoconf
|
|
* automake
|
|
* coreutils
|
|
* gawk
|
|
* git
|
|
* graphviz
|
|
* grep
|
|
* gzip
|
|
* lighttpd
|
|
* make
|
|
* pandoc
|
|
* sed
|
|
* tar
|
|
|
|
$ ./autogen.sh
|
|
$ ./configure --disable-guix
|
|
$ make serve
|
|
|
|
And if you want to use Guix instead you only need the following
|
|
dependencies instead:
|
|
|
|
* autoconf
|
|
* automake
|
|
* coreutils
|
|
* guix
|
|
* make
|
|
* tar
|
|
|
|
For making sure that the build doesn't take days, you will also need
|
|
to make sure that bordeaux.guix.gnu.org is in the list of substitutes
|
|
(binary packages servers).
|
|
|
|
This is needed because some older Guix packages (like the ones on
|
|
Trisquel 11 or PureOS) don't have bordeaux enabled while installation
|
|
through the guix-install.sh instead have it enabled if you enable
|
|
substitutes (binary packages), and without it Guix will start to build
|
|
haskell (which is a dependency of pandoc) and this takes a few days to
|
|
complete on a ThinkPad X200.
|
|
|
|
If your Guix installation is recent enough it should already have it
|
|
and the following command should print 'bordeaux.guix.gnu.org is
|
|
enabled':
|
|
$ guix repl force-bordeaux-substitute.scm check
|
|
|
|
If instead you need to add it, it will print 'bordeaux.guix.gnu.org is
|
|
disabled'.
|
|
|
|
You can add bordeaux.guix.gnu.org with the following command:
|
|
$ guix pull
|
|
$ sudo guix archive --authorize < ~/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub
|
|
|
|
You will also need to make it possible for the build system to check
|
|
if it is enabled as some people might want to bulid everything
|
|
themselves for security reasons, so we don't use bordeaux if it is not
|
|
already authorized:
|
|
$ sudo chmod +r /etc/guix/acl
|
|
|
|
Once bordeaux is enabled you can use the following commands to build
|
|
the website:
|
|
$ ./autogen.sh
|
|
$ ./configure
|
|
$ make serve
|
|
|
|
== Testing the website ==
|
|
|
|
Here's how to deploy the website in a local webserver:
|
|
$ ./autogen.sh
|
|
$ ./configure
|
|
$ make serve
|
|
|
|
If you don't use Guix, remember to do ./configure --disable-guix instead.
|
|
|
|
Then you can point a browser to http://localhost:8086/software/gnuboot/web/ or
|
|
to http://localhost:PORT/software/gnuboot/web/ if you changed the port through
|
|
./configure options.
|
|
|
|
The GNU Boot website build system takes care of some of the
|
|
dependencies for you (for instance the static website generator that
|
|
is not packaged in any distributions) so you have less work to do to
|
|
install or use them on your side.
|
|
|
|
If you want to test your own modifications to the dependencies of this
|
|
build code, you either need to use the configure options to use
|
|
external repositories that have your modifications, or you could also
|
|
modify the build.sh script to use different git repositories and/or
|
|
revisions.
|
|
|
|
== Deployment on https://gnu.org/software/gnuboot/ ==
|
|
|
|
The deployment to https://gnu.org/software/gnuboot/ uses rsync. As
|
|
gnu.org machine is behind a firewall, so you need to workaround
|
|
that.
|
|
|
|
A way to do that is to get a shell account on fencepost.gnu.org, and
|
|
use SSH to forward the connection to gnu.org. This can be done with
|
|
something like that in your SSH configuration:
|
|
|
|
Host fencepost.gnu.org
|
|
User USERNAME
|
|
|
|
Host gnu.org
|
|
User wwwcvs
|
|
ProxyJump fencepost.gnu.org
|
|
|
|
In the example above you will need to adjust the fencepost USERNAME,
|
|
and modify it to suit your SSH setup if needed (for instance if you
|
|
use keys in different locations, etc). Of course, you'll have to get
|
|
access to gnu.org ssh server too.
|
|
|
|
See https://www.gnu.org/software/README.accounts.html for more details
|
|
about Fencepost accounts, the SSH fingerprints, etc.
|
|
|
|
For gnu.org, it's easier if you use an ED25519 key for gnu.org as I
|
|
have the fingerprints below. See [1] for other options.
|
|
|
|
To check that everything is setup you can then SSH into gnu.org:
|
|
$ ssh gnu.org
|
|
The authenticity of host '[127.0.0.1]:2224 ([127.0.0.1]:2224)' can't be established.
|
|
ED25519 key fingerprint is SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc.
|
|
This host key is known by the following other names/addresses:
|
|
~/.ssh/known_hosts:306: [127.0.0.1]:4444
|
|
Are you sure you want to continue connecting (yes/no/[fingerprint])?
|
|
|
|
You can then confirm by pasting the fingerprint like that[2]:
|
|
Are you sure you want to continue connecting (yes/no/[fingerprint])? SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc
|
|
Warning: Permanently added '[127.0.0.1]:2224' (ED25519) to the list of known hosts.
|
|
|
|
Note that it is normal for the connection to gnu.org to block at this
|
|
point. You can exit it with the Ctrl+D or Ctrl+C key combinations.
|
|
|
|
At this point everything is setup.
|
|
|
|
To deploy the website, use the following commands from the website
|
|
directory:
|
|
$ ./autogen.sh
|
|
$ ./configure
|
|
$ make publish
|
|
|
|
Then you can point a browser to https://gnu.org/software/gnuboot/web/
|
|
|
|
References:
|
|
-----------
|
|
[1]If you want to use RSA the easiest way is probably to contact the
|
|
FSF system administrator that will install your key on #fsfsys and
|
|
also ask that person for the server fingerprint. In that case it
|
|
would be a good idea to also contribute a patch to add the
|
|
fingerprint here.
|
|
[2]The 'SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc'
|
|
fingerprint was confirmed to me the 24 October 2023 on the #fsfsys
|
|
IRC channel on liberachat by Ian Kelling, a system administrator
|
|
that has access to the gnu.org machine: "18:07 < iank> i see that
|
|
SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc exists on the
|
|
server".
|
|
|
|
|
|
== License ==
|
|
This project is free software:
|
|
- For the files that are in website/pages and the the site.cfg file in
|
|
the same directory than this README see website/pages/license.md for
|
|
the license.
|
|
- For all the other files in the same directory than this README, you
|
|
can redistribute them and/or modify them under the terms of the GNU
|
|
General Public License as published by the Free Software Foundation,
|
|
either version 3 of the License, or (at your option) any later
|
|
version.
|