summary refs log tree commit diff
path: root/doc/guix.texi
diff options
context:
space:
mode:
authorMathieu Othacehe <othacehe@gnu.org>2020-11-24 14:05:21 +0100
committerMathieu Othacehe <othacehe@gnu.org>2020-11-29 15:08:26 +0100
commit79f9dee3c4c0e6d21066f142116a537207ae7ba4 (patch)
tree9e7cf7e45d07a529576eb4addabe578dc35cf7d5 /doc/guix.texi
parent276e494b2a1fd87874d80e2bdc3aa1fb833b76f2 (diff)
downloadguix-79f9dee3c4c0e6d21066f142116a537207ae7ba4.tar.gz
Use substitute servers on the local network.
* guix/scripts/discover.scm: New file.
* Makefile.am (MODULES): Add it.
* nix/nix-daemon/guix-daemon.cc (options): Add "discover" option,
(parse-opt): parse it,
(main): start "guix discover" process when the option is set.
* guix/scripts/substitute.scm (%local-substitute-urls): New variable,
(substitute-urls): add it.
* gnu/services/base.scm (<guix-configuration>): Add "discover?"
field,
(guix-shepherd-service): honor it.
* doc/guix.texi (Invoking guix-daemon): Document "discover" option,
(Base Services): ditto.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi26
1 files changed, 26 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 8ca243004a..da6caaa4f1 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1579,6 +1579,28 @@ Unless @option{--lose-logs} is used, all the build logs are kept in the
 @var{localstatedir}.  To save space, the daemon automatically compresses
 them with Bzip2 by default.
 
+@item --discover[=yes|no]
+Whether to discover substitute servers on the local network using mDNS
+and DNS-SD.
+
+This feature is still experimental. However, here are a few
+considerations.
+
+@enumerate
+@item
+It might be faster/less expensive than fetching from remote servers;
+@item
+There are no security risks, only genuine substitutes will be used
+(@pxref{Substitute Authentication});
+@item
+An attacker advertising @command{guix publish} on your LAN cannot serve
+you malicious binaries, but they can learn what software you’re
+installing;
+@item
+Servers may serve substitute over HTTP, unencrypted, so anyone on the
+LAN can see what software you’re installing.
+@end enumerate
+
 @item --disable-deduplication
 @cindex deduplication
 Disable automatic file ``deduplication'' in the store.
@@ -15016,6 +15038,10 @@ disables the timeout.
 The type of compression used for build logs---one of @code{gzip},
 @code{bzip2}, or @code{none}.
 
+@item @code{discover} (default: @code{#f})
+Whether to discover substitute servers on the local network using mDNS
+and DNS-SD.
+
 @item @code{extra-options} (default: @code{'()})
 List of extra command-line options for @command{guix-daemon}.