+==============+
| Introduction |
+==============+
This directory contains both the website in pages/ and build code to
easily build and deploy the GNU Boot website with very few commands.
+==============+
| Dependencies |
+==============+
Without Guix
-------------
If you don't want to install Guix just to test the website, you will
need to install the following dependencies (tested under Trisquel 11):
* autoconf
* automake
* coreutils
* gawk
* git
* graphicsmagick
* graphviz
* grep
* gzip
* lighttpd
* make
* pandoc
* sed
* tar
* texinfo
* texlive-binaries
* texlive-plain-generic
You can then use the following commands to build the website:
$ ./autogen.sh
$ ./configure --disable-guix
$ make serve
With Guix
---------
And if you want to use Guix instead you only need the following
dependencies instead:
* autoconf
* automake
* coreutils
* guix
* make
* tar
But for making sure that the build doesn't take days with Guix, you
will also need to make sure that bordeaux.guix.gnu.org is in the list
of substitutes (binary packages servers for Guix).
This is needed because some older Guix packages (like the ones on
Trisquel 11 or PureOS) don't have bordeaux enabled while installation
through the guix-install.sh instead have it enabled if you enable
substitutes (binary packages), and without it Guix will start to build
haskell (which is a dependency of pandoc) and this takes a few days to
complete on a ThinkPad X200.
If your Guix installation is recent enough it should already have it
and the following command should print 'bordeaux.guix.gnu.org is
enabled':
$ guix repl force-bordeaux-substitute.scm check
If instead you need to add it, it will print 'bordeaux.guix.gnu.org is
disabled'.
If you are in the same directory than this README, you can add
bordeaux.guix.gnu.org with the following command:
$ sudo guix archive --authorize < ../resources/distros/guix/bordeaux.guix.gnu.org.pub
Or if you do not want to blindly trust the file above, you could
simply update Guix and get the file from Guix instead, but updating
Guix the first time can be quite long to do:
$ guix pull
$ sudo guix archive --authorize < ~/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub
You will then need to make it possible for the build system to check
if bordeaux is enabled as some people might want to bulid everything
themselves for security reasons, so we don't (and can't) use bordeaux
if it is not already authorized:
$ sudo chmod +r /etc/guix/acl
Once bordeaux is enabled you can use the following commands to build
the website:
$ ./autogen.sh
$ ./configure
$ make serve
The first time it will be longer in the case you have a Guix older
than 1.4.0 (as it will also download Guix 1.4.0 in the process).
+=====================+
| Testing the website |
+=====================+
Here's how to deploy the website in a local webserver:
$ ./autogen.sh
$ ./configure
$ make serve
If you don't use Guix, remember to do ./configure --disable-guix instead.
Then you can point a browser to http://localhost:8086/software/gnuboot/web/ or
to http://localhost:PORT/software/gnuboot/web/ if you changed the port through
./configure options.
The GNU Boot website build system takes care of some of the
dependencies for you (for instance the static website generator that
is not packaged in any distributions) so you have less work to do to
install or use them on your side.
If you want to test your own modifications to the dependencies of this
build code, you either need to use the configure options to use
external repositories that have your modifications, or you could also
modify the build.sh script to use different git repositories and/or
revisions.
+=================================================+
| Deployment on https://gnu.org/software/gnuboot/ |
+=================================================+
The deployment to https://gnu.org/software/gnuboot/ uses rsync. As
gnu.org machine is behind a firewall, so you need to workaround
that.
A way to do that is to get a shell account on fencepost.gnu.org, and
use SSH to forward the connection to gnu.org. This can be done with
something like that in your SSH configuration:
Host fencepost.gnu.org
User USERNAME
Host gnu.org
User wwwcvs
ProxyJump fencepost.gnu.org
In the example above you will need to adjust the fencepost USERNAME,
and modify it to suit your SSH setup if needed (for instance if you
use keys in different locations, etc). Of course, you'll have to get
access to gnu.org ssh server too.
See https://www.gnu.org/software/README.accounts.html for more details
about Fencepost accounts, the SSH fingerprints, etc.
For gnu.org, it's easier if you use an ED25519 key for gnu.org as I
have the fingerprints below. See [1] for other options.
To check that everything is setup you can then SSH into gnu.org:
$ ssh gnu.org
The authenticity of host '[127.0.0.1]:2224 ([127.0.0.1]:2224)' can't be established.
ED25519 key fingerprint is SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc.
This host key is known by the following other names/addresses:
~/.ssh/known_hosts:306: [127.0.0.1]:4444
Are you sure you want to continue connecting (yes/no/[fingerprint])?
You can then confirm by pasting the fingerprint like that[2]:
Are you sure you want to continue connecting (yes/no/[fingerprint])? SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc
Warning: Permanently added '[127.0.0.1]:2224' (ED25519) to the list of known hosts.
Note that it is normal for the connection to gnu.org to block at this
point. You can exit it with the Ctrl+D or Ctrl+C key combinations.
At this point everything is setup.
To deploy the website, use the following commands from the website
directory:
$ ./autogen.sh
$ ./configure
$ make publish
Then you can point a browser to https://gnu.org/software/gnuboot/web/
References:
-----------
[1]If you want to use RSA the easiest way is probably to contact the
FSF system administrator that will install your key on #fsfsys and
also ask that person for the server fingerprint. In that case it
would be a good idea to also contribute a patch to add the
fingerprint here.
[2]The 'SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc'
fingerprint was confirmed to me the 24 October 2023 on the #fsfsys
IRC channel on liberachat by Ian Kelling, a system administrator
that has access to the gnu.org machine: "18:07 < iank> i see that
SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc exists on the
server".
+=========+
| License |
+=========+
This project is free software:
- For the files that are in website/pages and the the site.cfg file in
the same directory than this README see website/pages/license.md for
the license.
- For all the other files in the same directory than this README, you
can redistribute them and/or modify them under the terms of the GNU
General Public License as published by the Free Software Foundation,
either version 3 of the License, or (at your option) any later
version.
Denis 'GNUtoo' Carikli
c6d776f2dc
