bug#44104: guix publish should publish public key

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

* bug#44104: guix publish should publish public key
@ 2020-10-20 20:04 Amar M. Singh
  2020-10-20 21:31 ` bug#44104: [patch] guix/scripts/publish: share signing key Amar M. Singh
  2020-10-22  7:48 ` bug#44104: [patch] guix publish: provide server's " Amar M. Singh
  0 siblings, 2 replies; 5+ messages in thread
From: Amar M. Singh @ 2020-10-20 20:04 UTC (permalink / raw)
  To: 44104

Guix Publish should also give you the key for the server.

 "Hi, Guix Publish speaking. Here is the authorization key"

Thanks,

Right now this is what i'm trying to work around.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#44104: [patch] guix/scripts/publish: share signing key
  2020-10-20 20:04 bug#44104: guix publish should publish public key Amar M. Singh
@ 2020-10-20 21:31 ` Amar M. Singh
  2020-10-21 13:11   ` Ludovic Courtès
  2020-10-22  7:48 ` bug#44104: [patch] guix publish: provide server's " Amar M. Singh
  1 sibling, 1 reply; 5+ messages in thread
From: Amar M. Singh @ 2020-10-20 21:31 UTC (permalink / raw)
  To: 44104

[-- Attachment #1: Type: text/plain, Size: 82 bytes --]


Add procedure (render-signing-key) and use it to serve the signing key.

Cheers


[-- Attachment #2: A cure for the virus --]
[-- Type: text/x-patch, Size: 2579 bytes --]

From 554416649b7400d0bbe440016c6a6a7fed0d870a Mon Sep 17 00:00:00 2001
From: Amar Singh <nly@disroot.org>
Date: Wed, 21 Oct 2020 02:02:02 +0530
Subject: [PATCH] guix publish: We provide signing key. Knock yourselves out!

Best in industry.

Signed-off-by: Amar Singh <nly@disroot.org>
---
 guix/scripts/publish.scm | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index 4eaf961ab2..19df6d50ff 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
+;;; Copyright (C) 2020 by Amar M. Singh <nly@disroot.org>
 ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -686,6 +687,13 @@ to compress or decompress the log file; just return it as-is."
         (values (response-headers log) log)
         (not-found request))))
 
+(define (render-signing-key)
+  "Render signing key."
+  (let ((file "/etc/guix/signing-key.pub"))
+    (values `((content-type . (text/plain (charset . "UTF-8")))
+              (x-raw-file . ,file))
+            file)))
+
 (define (render-home-page request)
   "Render the home page."
   (values `((content-type . (text/html (charset . "UTF-8"))))
@@ -699,7 +707,12 @@ to compress or decompress the log file; just return it as-is."
                                (a (@ (href
                                       "https://guix.gnu.org/manual/en/html_node/Invoking-guix-publish.html"))
                                   (tt "guix publish"))
-                               " speaking.  Welcome!")))
+                               " speaking.  Welcome!")
+                            (p "Here is the "
+                               (a (@ (href
+                                      "signing-key.pub"))
+                                  (tt "signing key"))
+                               " for this server. Knock yourselves out!")))
                          port)))))
 
 (define (extract-narinfo-hash str)
@@ -918,6 +931,9 @@ methods, return the applicable compression."
           ;; /
           ((or () ("index.html"))
            (render-home-page request))
+          ;; guix signing-key
+          (("signing-key.pub")
+           (render-signing-key))
           ;; /<hash>.narinfo
           (((= extract-narinfo-hash (? string? hash)))
            (if cache
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* bug#44104: [patch] guix/scripts/publish: share signing key
  2020-10-20 21:31 ` bug#44104: [patch] guix/scripts/publish: share signing key Amar M. Singh
@ 2020-10-21 13:11   ` Ludovic Courtès
  0 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2020-10-21 13:11 UTC (permalink / raw)
  To: Amar M. Singh; +Cc: 44104

Hi,

"Amar M. Singh" <nly@disroot.org> skribis:

>>From 554416649b7400d0bbe440016c6a6a7fed0d870a Mon Sep 17 00:00:00 2001
> From: Amar Singh <nly@disroot.org>
> Date: Wed, 21 Oct 2020 02:02:02 +0530
> Subject: [PATCH] guix publish: We provide signing key. Knock yourselves out!
>
> Best in industry.
>
> Signed-off-by: Amar Singh <nly@disroot.org>
> ---
>  guix/scripts/publish.scm | 18 +++++++++++++++++-
>  1 file changed, 17 insertions(+), 1 deletion(-)

Great idea!  Some comments:

> +++ b/guix/scripts/publish.scm
> @@ -1,5 +1,6 @@
>  ;;; GNU Guix --- Functional package management for GNU
>  ;;; Copyright © 2015 David Thompson <davet@gnu.org>
> +;;; Copyright (C) 2020 by Amar M. Singh <nly@disroot.org>
>  ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>

Please use the same format as the other lines.

> +(define (render-signing-key)
> +  "Render signing key."
> +  (let ((file "/etc/guix/signing-key.pub"))
> +    (values `((content-type . (text/plain (charset . "UTF-8")))
> +              (x-raw-file . ,file))
> +            file)))

Use ‘%public-key-file’ (from (guix pki)) instead of ‘file’ here.

It would be great if you could add a test in ‘tests/publish.scm’ that
ensures GET /singing-key.pub returns 200 (you can use the
“/nix-cache-info” as a starting point and we can chat on IRC if you need
guidance.)

Bonus points if you can provide a commit log that follows our
conventions:

  https://guix.gnu.org/manual/devel/en/html_node/Submitting-Patches.html

:-)

Could you send an updated patch?

Thanks,
Ludo’.




^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#44104: [patch] guix publish: provide server's signing key.
  2020-10-20 20:04 bug#44104: guix publish should publish public key Amar M. Singh
  2020-10-20 21:31 ` bug#44104: [patch] guix/scripts/publish: share signing key Amar M. Singh
@ 2020-10-22  7:48 ` Amar M. Singh
  2020-10-26 22:57   ` Ludovic Courtès
  1 sibling, 1 reply; 5+ messages in thread
From: Amar M. Singh @ 2020-10-22  7:48 UTC (permalink / raw)
  To: 44104

[-- Attachment #1: Type: text/plain, Size: 19 bytes --]


Thanks, Updated.


[-- Attachment #2: чего --]
[-- Type: text/x-patch, Size: 3465 bytes --]

From fe0098082289a2350002da4e2438c41f6385b3e2 Mon Sep 17 00:00:00 2001
From: Amar Singh <nly@disroot.org>
Date: Wed, 21 Oct 2020 02:02:02 +0530
Subject: [PATCH] guix publish: Provide server's signing key.

Published at $(guix-publish-uri)/signing-key.pub

Knock yourselves out! Best in industry.

Signed-off-by: Amar Singh <nly@disroot.org>
---
 guix/scripts/publish.scm | 18 +++++++++++++++++-
 tests/publish.scm        |  5 +++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm
index 4eaf961ab2..1741b93309 100644
--- a/guix/scripts/publish.scm
+++ b/guix/scripts/publish.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
+;;; Copyright © 2020 by Amar M. Singh <nly@disroot.org>
 ;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -686,6 +687,13 @@ to compress or decompress the log file; just return it as-is."
         (values (response-headers log) log)
         (not-found request))))
 
+(define (render-signing-key)
+  "Render signing key."
+  (let ((file %public-key-file))
+    (values `((content-type . (text/plain (charset . "UTF-8")))
+              (x-raw-file . ,file))
+            file)))
+
 (define (render-home-page request)
   "Render the home page."
   (values `((content-type . (text/html (charset . "UTF-8"))))
@@ -699,7 +707,12 @@ to compress or decompress the log file; just return it as-is."
                                (a (@ (href
                                       "https://guix.gnu.org/manual/en/html_node/Invoking-guix-publish.html"))
                                   (tt "guix publish"))
-                               " speaking.  Welcome!")))
+                               " speaking.  Welcome!")
+                            (p "Here is the "
+                               (a (@ (href
+                                      "signing-key.pub"))
+                                  (tt "signing key"))
+                               " for this server. Knock yourselves out!")))
                          port)))))
 
 (define (extract-narinfo-hash str)
@@ -918,6 +931,9 @@ methods, return the applicable compression."
           ;; /
           ((or () ("index.html"))
            (render-home-page request))
+          ;; guix signing-key
+          (("signing-key.pub")
+           (render-signing-key))
           ;; /<hash>.narinfo
           (((= extract-narinfo-hash (? string? hash)))
            (if cache
diff --git a/tests/publish.scm b/tests/publish.scm
index 1c3b2785fb..13f667aa7e 100644
--- a/tests/publish.scm
+++ b/tests/publish.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
+;;; Copyright © 2020 by Amar M. Singh <nly@disroot.org>
 ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -613,6 +614,10 @@ References: ~%"
   (let ((uri (publish-uri "/log/does-not-exist")))
     (response-code (http-get uri))))
 
+(test-equal "/signing-key.pub"
+  200
+  (response-code (http-get (publish-uri "/signing-key.pub"))))
+
 (test-equal "non-GET query"
   '(200 404)
   (let ((path (string-append "/" (store-path-hash-part %item)
-- 
2.28.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* bug#44104: [patch] guix publish: provide server's signing key.
  2020-10-22  7:48 ` bug#44104: [patch] guix publish: provide server's " Amar M. Singh
@ 2020-10-26 22:57   ` Ludovic Courtès
  0 siblings, 0 replies; 5+ messages in thread
From: Ludovic Courtès @ 2020-10-26 22:57 UTC (permalink / raw)
  To: Amar M. Singh; +Cc: 44104-done

Hi,

"Amar M. Singh" <nly@disroot.org> skribis:

> From fe0098082289a2350002da4e2438c41f6385b3e2 Mon Sep 17 00:00:00 2001
> From: Amar Singh <nly@disroot.org>
> Date: Wed, 21 Oct 2020 02:02:02 +0530
> Subject: [PATCH] guix publish: Provide server's signing key.
>
> Published at $(guix-publish-uri)/signing-key.pub
>
> Knock yourselves out! Best in industry.
>
> Signed-off-by: Amar Singh <nly@disroot.org>

I tweaked the commit log and committed it.

Thanks!

Ludo’.




^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-10-26 22:58 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-20 20:04 bug#44104: guix publish should publish public key Amar M. Singh
2020-10-20 21:31 ` bug#44104: [patch] guix/scripts/publish: share signing key Amar M. Singh
2020-10-21 13:11   ` Ludovic Courtès
2020-10-22  7:48 ` bug#44104: [patch] guix publish: provide server's " Amar M. Singh
2020-10-26 22:57   ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).