Hello!

I have powerful machines at hand and I would like to share them through
the GNU Guix offloading facility so that they are easy to use.

The problem is that setting up offloading requires my machine to trust
each and every client's store public key which means they can spoof
results of derivations with malware.

I am not entirely sure of how it works internally but I was thinking
that instead of copying results of derivations over there could be a
"Secure offloading" mode where instead of copying store items it would
copy the derivation and ask to rebuild them on the offload machine
instead. It will be less efficient but at least it will be safe to
share a single powerful machine with multiple GNU Guix hackers.

I don't want to give more access than what SSH non-root access would
give, and I think it would be possible to do something helpful in GNU
Guix offloading so it can work even without the offload machine
trusting the client's store public signing key.

Another thing is that it would be nice to have greater granularity on
what you trust some store signing keys for, as in, you would want to
use the offload machine for some development work but you wouldnt want
to allow the offload machine to add malware to your own store. I am
thinking the GNU Guix VM machinery can be used to create a copy-on-
write store (through virtio-fs I think?) whose every modification gets
destroyed on VM shutdown or destroy (which looks great security-wise),
and this already works AFAICT, but it's not widely known how it can be
used and why.

What do you think?

Léo