From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Signed archive export/import Date: Fri, 10 Jan 2014 14:21:46 +0100 Message-ID: <8761psnf9x.fsf@gnu.org> References: <87bo0bqy7k.fsf@gnu.org> <8738lbpu9e.fsf@gnu.org> <87zjnciuer.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:60211) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W1c6v-0008Jn-8t for guix-devel@gnu.org; Fri, 10 Jan 2014 08:26:58 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W1c6q-0004p0-Gw for guix-devel@gnu.org; Fri, 10 Jan 2014 08:26:53 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:44721) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W1c6q-0004ok-9U for guix-devel@gnu.org; Fri, 10 Jan 2014 08:26:48 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id BEF271AEE for ; Fri, 10 Jan 2014 14:21:46 +0100 (CET) Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hdOnCFEwh+kO for ; Fri, 10 Jan 2014 14:21:46 +0100 (CET) Received: from pluto (unknown [193.50.110.94]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 8AEE98D6 for ; Fri, 10 Jan 2014 14:21:46 +0100 (CET) In-Reply-To: <87zjnciuer.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Fri, 03 Jan 2014 23:15:40 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > ludo@gnu.org (Ludovic Court=C3=A8s) skribis: > >> The good news is that, with a bit of work in (guix nar), >> =E2=80=98substitute-binary=E2=80=99 will be able to use that mechanism t= oo. So we can >> change Hydra to always sign its archives (simple), and >> =E2=80=98substitute-binary=E2=80=99 to always check signatures and check= the signer >> against the ACL. The users can choose whether or not to add >> hydra.gnu.org=E2=80=99s public key to their ACL. > > It turns out that changing Hydra to always sign is not as simple as I > initially thought, because it doesn=E2=80=99t export archives via the > =E2=80=98export-paths=E2=80=99 RPC (the one that knows how to sign them.) > > So we=E2=80=99re back to discussing another approach with the (apparently > unmotivated) Hydra folks, probably adding a =E2=80=98Signature=E2=80=99 f= ield to the > .narinfo files (see > and > .) Good news: Eelco Dolstra (of Nix) implemented what he had in mind in Hydra and Nix=E2=80=99s substituter (thanks!): https://github.com/NixOS/nix/commit/0fdf4da0e979f992db75cc17376e455ddc5a9= 6d8 https://github.com/NixOS/hydra/commit/a598fe7e817e116cdf4d3202458d138202e= 869f1 So what we need to do now is to adjust substitute-binary.scm to handle these signatures, and to make sure Hydra can use =E2=80=98guix authenticate= =E2=80=99 instead of =E2=80=98openssl=E2=80=99. I=E2=80=99ll look into it when I=E2=80=99m done with offload support, but I= =E2=80=99m happy to discuss it further if someone else wants to give it a go! Ludo=E2=80=99.