From mboxrd@z Thu Jan 1 00:00:00 1970 From: myglc2 Subject: Re: Archive authentication & =?utf-8?Q?=E2=80=98guix_challenge?= =?utf-8?Q?=E2=80=99?= Date: Fri, 10 Feb 2017 18:01:15 -0500 Message-ID: <86mvdtfy6c.fsf@gmail.com> References: <8737goz2ba.fsf@gnu.org> <8660kud3u4.fsf@gmail.com> <874m03z5h2.fsf_-_@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:60575) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccKBx-0002ep-9g for guix-devel@gnu.org; Fri, 10 Feb 2017 18:01:26 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccKBt-0006SX-17 for guix-devel@gnu.org; Fri, 10 Feb 2017 18:01:25 -0500 In-Reply-To: <874m03z5h2.fsf_-_@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\?\= \=\?utf-8\?Q\?\=22's\?\= message of "Thu, 09 Feb 2017 17:36:25 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org On 02/09/2017 at 17:36 Ludovic Court=C3=A8s writes: > Hi! > > myglc2 skribis: > >> Hi Ludo, I have a couple questions. I autorized bayfront like so ... >> >> g1@g1 ~/src$ cat bayfront.guixsd.org.pub >> (public-key=20 >> (ecc=20 >> (curve Ed25519) >> (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#= ))) >> >> g1@g1 ~/src$ sudo guix archive --authorize < bayfront.guixsd.org.pub >> >> ... and I read this ... >> >> 3.7 Invoking =E2=80=98guix archive=E2=80=99 >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >> [...] >> The list of authorized keys is kept in the human-editable file >> =E2=80=98/etc/guix/acl=E2=80=99. The file contains =E2=80=9Cadvanc= ed-format s-expressions=E2=80=9D >> (http://people.csail.mit.edu/rivest/Sexp.txt) and is structured as >> an access-control list in the Simple Public-Key Infrastructure >> (SPKI) (http://theworld.com/~cme/spki.txt). >> >> ... so I expected to find the bayfront key here ... > > [...] > >> ... but no. Where did it go? > > Could it be that the =E2=80=98guix archive=E2=80=99 you ran uses a config= uration > directory other than this one? What does: > > guile -c '(use-modules (guix config)) (pk %config-directory)' > > print? Thanks Ludo ... g1@g1 ~/src/guix [env]$ guile -c '(use-modules (guix config)) (pk %config-d= irectory)' ;;; ("/etc/guix") I'm Running git checkout ... g1@g1 ~/src/guix [env]$ git -C ~/.config/guix/latest log -n 1 --oneline e1a65ae57 doc: Fix typos. g1@g1 ~/src/guix [env]$ stat ~/.config/guix/latest | grep File File: '/home/g1/.config/guix/latest' -> '../../src/guix' >> Also you recommended ... >> >>> guix challenge gdk-pixbuf \ >>> --substitute-urls=3D"https://mirror.hydra.gnu.org https://bayfront.= guixsd.org" >> >> ... which I tried _before_ I had authorized bayfront. I was surprised th= at it >> worked before authorization. Should it? > > Yes. It is not actually importing the archives into your store, only > looking at the content hashes that the servers advertise, so there is no > risk here and no requirement to authenticate. Oh DUH! Of course. Thanks! - George