202 lines
6.9 KiB
Plaintext
202 lines
6.9 KiB
Plaintext
+==============+
|
|
| Introduction |
|
|
+==============+
|
|
This directory contains both the website in pages/ and build code to
|
|
easily build and deploy the GNU Boot website with very few commands.
|
|
|
|
+==============+
|
|
| Dependencies |
|
|
+==============+
|
|
|
|
Without Guix
|
|
-------------
|
|
If you don't want to install Guix just to test the website, you will
|
|
need to install the following dependencies (tested under Trisquel 11):
|
|
|
|
* autoconf
|
|
* automake
|
|
* coreutils
|
|
* gawk
|
|
* git
|
|
* graphicsmagick
|
|
* graphviz
|
|
* grep
|
|
* gzip
|
|
* lighttpd
|
|
* make
|
|
* pandoc
|
|
* sed
|
|
* tar
|
|
* texinfo
|
|
* texlive-binaries
|
|
* texlive-plain-generic
|
|
|
|
You can then use the following commands to build the website:
|
|
$ ./autogen.sh
|
|
$ ./configure --disable-guix
|
|
$ make serve
|
|
|
|
With Guix
|
|
---------
|
|
And if you want to use Guix instead you only need the following
|
|
dependencies instead:
|
|
|
|
* autoconf
|
|
* automake
|
|
* coreutils
|
|
* guix
|
|
* make
|
|
* tar
|
|
|
|
But for making sure that the build doesn't take days with Guix, you
|
|
will also need to make sure that bordeaux.guix.gnu.org is in the list
|
|
of substitutes (binary packages servers for Guix).
|
|
|
|
This is needed because some older Guix packages (like the ones on
|
|
Trisquel 11 or PureOS) don't have bordeaux enabled while installation
|
|
through the guix-install.sh instead have it enabled if you enable
|
|
substitutes (binary packages), and without it Guix will start to build
|
|
haskell (which is a dependency of pandoc) and this takes a few days to
|
|
complete on a ThinkPad X200.
|
|
|
|
If your Guix installation is recent enough it should already have it
|
|
and the following command should print 'bordeaux.guix.gnu.org is
|
|
enabled':
|
|
$ guix repl force-bordeaux-substitute.scm check
|
|
|
|
If instead you need to add it, it will print 'bordeaux.guix.gnu.org is
|
|
disabled'.
|
|
|
|
If you are in the same directory than this README, you can add
|
|
bordeaux.guix.gnu.org with the following command:
|
|
$ sudo guix archive --authorize < ../resources/distros/guix/bordeaux.guix.gnu.org.pub
|
|
|
|
Or if you do not want to blindly trust the file above, you could
|
|
simply update Guix and get the file from Guix instead, but updating
|
|
Guix the first time can be quite long to do:
|
|
$ guix pull
|
|
$ sudo guix archive --authorize < ~/.config/guix/current/share/guix/bordeaux.guix.gnu.org.pub
|
|
|
|
You will then need to make it possible for the build system to check
|
|
if bordeaux is enabled as some people might want to bulid everything
|
|
themselves for security reasons, so we don't (and can't) use bordeaux
|
|
if it is not already authorized:
|
|
$ sudo chmod +r /etc/guix/acl
|
|
|
|
Once bordeaux is enabled you can use the following commands to build
|
|
the website:
|
|
$ ./autogen.sh
|
|
$ ./configure
|
|
$ make serve
|
|
|
|
The first time it will be longer in the case you have a Guix older
|
|
than 1.4.0 (as it will also download Guix 1.4.0 in the process).
|
|
|
|
+=====================+
|
|
| Testing the website |
|
|
+=====================+
|
|
|
|
Here's how to deploy the website in a local webserver:
|
|
$ ./autogen.sh
|
|
$ ./configure
|
|
$ make serve
|
|
|
|
If you don't use Guix, remember to do ./configure --disable-guix instead.
|
|
|
|
Then you can point a browser to http://localhost:8086/software/gnuboot/web/ or
|
|
to http://localhost:PORT/software/gnuboot/web/ if you changed the port through
|
|
./configure options.
|
|
|
|
The GNU Boot website build system takes care of some of the
|
|
dependencies for you (for instance the static website generator that
|
|
is not packaged in any distributions) so you have less work to do to
|
|
install or use them on your side.
|
|
|
|
If you want to test your own modifications to the dependencies of this
|
|
build code, you either need to use the configure options to use
|
|
external repositories that have your modifications, or you could also
|
|
modify the build.sh script to use different git repositories and/or
|
|
revisions.
|
|
|
|
+=================================================+
|
|
| Deployment on https://gnu.org/software/gnuboot/ |
|
|
+=================================================+
|
|
|
|
The deployment to https://gnu.org/software/gnuboot/ uses rsync. As
|
|
gnu.org machine is behind a firewall, so you need to workaround
|
|
that.
|
|
|
|
A way to do that is to get a shell account on fencepost.gnu.org, and
|
|
use SSH to forward the connection to gnu.org. This can be done with
|
|
something like that in your SSH configuration:
|
|
|
|
Host fencepost.gnu.org
|
|
User USERNAME
|
|
|
|
Host gnu.org
|
|
User wwwcvs
|
|
ProxyJump fencepost.gnu.org
|
|
|
|
In the example above you will need to adjust the fencepost USERNAME,
|
|
and modify it to suit your SSH setup if needed (for instance if you
|
|
use keys in different locations, etc). Of course, you'll have to get
|
|
access to gnu.org ssh server too.
|
|
|
|
See https://www.gnu.org/software/README.accounts.html for more details
|
|
about Fencepost accounts, the SSH fingerprints, etc.
|
|
|
|
For gnu.org, it's easier if you use an ED25519 key for gnu.org as I
|
|
have the fingerprints below. See [1] for other options.
|
|
|
|
To check that everything is setup you can then SSH into gnu.org:
|
|
$ ssh gnu.org
|
|
The authenticity of host '[127.0.0.1]:2224 ([127.0.0.1]:2224)' can't be established.
|
|
ED25519 key fingerprint is SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc.
|
|
This host key is known by the following other names/addresses:
|
|
~/.ssh/known_hosts:306: [127.0.0.1]:4444
|
|
Are you sure you want to continue connecting (yes/no/[fingerprint])?
|
|
|
|
You can then confirm by pasting the fingerprint like that[2]:
|
|
Are you sure you want to continue connecting (yes/no/[fingerprint])? SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc
|
|
Warning: Permanently added '[127.0.0.1]:2224' (ED25519) to the list of known hosts.
|
|
|
|
Note that it is normal for the connection to gnu.org to block at this
|
|
point. You can exit it with the Ctrl+D or Ctrl+C key combinations.
|
|
|
|
At this point everything is setup.
|
|
|
|
To deploy the website, use the following commands from the website
|
|
directory:
|
|
$ ./autogen.sh
|
|
$ ./configure
|
|
$ make publish
|
|
|
|
Then you can point a browser to https://gnu.org/software/gnuboot/web/
|
|
|
|
References:
|
|
-----------
|
|
[1]If you want to use RSA the easiest way is probably to contact the
|
|
FSF system administrator that will install your key on #fsfsys and
|
|
also ask that person for the server fingerprint. In that case it
|
|
would be a good idea to also contribute a patch to add the
|
|
fingerprint here.
|
|
[2]The 'SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc'
|
|
fingerprint was confirmed to me the 24 October 2023 on the #fsfsys
|
|
IRC channel on liberachat by Ian Kelling, a system administrator
|
|
that has access to the gnu.org machine: "18:07 < iank> i see that
|
|
SHA256:pmCf0NrBzSSYfg6DdgmlMzPWZzGpXXcPEz6LP1+o5Jc exists on the
|
|
server".
|
|
|
|
+=========+
|
|
| License |
|
|
+=========+
|
|
This project is free software:
|
|
- For the files that are in website/pages and the the site.cfg file in
|
|
the same directory than this README see website/pages/license.md for
|
|
the license.
|
|
- For all the other files in the same directory than this README, you
|
|
can redistribute them and/or modify them under the terms of the GNU
|
|
General Public License as published by the Free Software Foundation,
|
|
either version 3 of the License, or (at your option) any later
|
|
version.
|