From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hartmut Goebel Subject: bug#25094: Add comments to archive keys and acls Date: Fri, 2 Dec 2016 18:38:12 +0100 Message-ID: <5841B184.4050802@crazy-compilers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:33473) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cCrnc-0001V7-Qp for bug-guix@gnu.org; Fri, 02 Dec 2016 12:39:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cCrna-0002jU-80 for bug-guix@gnu.org; Fri, 02 Dec 2016 12:39:04 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:35183) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1cCrna-0002jN-4W for bug-guix@gnu.org; Fri, 02 Dec 2016 12:39:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1cCrnZ-0002v1-Si for bug-guix@gnu.org; Fri, 02 Dec 2016 12:39:01 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:32892) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cCrmt-0001Hv-5z for bug-guix@gnu.org; Fri, 02 Dec 2016 12:38:20 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cCrmq-0002On-Ji for bug-guix@gnu.org; Fri, 02 Dec 2016 12:38:19 -0500 Received: from mail-out.m-online.net ([212.18.0.9]:38660) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cCrmq-0002N7-DW for bug-guix@gnu.org; Fri, 02 Dec 2016 12:38:16 -0500 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 3tVhFf3jNbz3hjll for ; Fri, 2 Dec 2016 18:38:14 +0100 (CET) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 3tVhFf2vx4zvmGM for ; Fri, 2 Dec 2016 18:38:14 +0100 (CET) Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new, port 10024) with ESMTP id BH5uXZfW1GCy for ; Fri, 2 Dec 2016 18:38:13 +0100 (CET) Received: from hermia.goebel-consult.de (ppp-188-174-150-110.dynamic.mnet-online.de [188.174.150.110]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS for ; Fri, 2 Dec 2016 18:38:13 +0100 (CET) Received: from [192.168.110.2] (lenashee.goebel-consult.de [192.168.110.2]) by hermia.goebel-consult.de (Postfix) with ESMTP id 1751D603DA for ; Fri, 2 Dec 2016 18:38:13 +0100 (CET) List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 25094@debbugs.gnu.org Hi, the keys for authenticating an archive currently do not hold any comment. This makes it hard to track acls and remove certain keys if required. Please implement some way to add and change the comment on keys in /etc/guix/ and in /etc/guix/acl. Proposed usage when generating the key: guix archive --generate-key=… --comment "store.example.com" Proposed usage when importing the key and overwriting any existing comment guix archive --authorize --comment "store.example.com" For now, since we have no commands for key management, these would be enough IMO. Existing commenty an easily be changed in the file, so for now we do not need a tool for this. -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible |