From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Signed archive export/import Date: Fri, 20 Dec 2013 17:33:19 +0100 Message-ID: <87bo0bqy7k.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36504) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vu313-0006e6-0e for guix-devel@gnu.org; Fri, 20 Dec 2013 11:33:39 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vu30v-0007VI-6S for guix-devel@gnu.org; Fri, 20 Dec 2013 11:33:32 -0500 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:62358) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vu30u-0007V3-VY for guix-devel@gnu.org; Fri, 20 Dec 2013 11:33:25 -0500 List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi! With commit 526382f, the daemon supports exporting signed =E2=80=9CNix arch= ives=E2=80=9D of a set of store files, and importing signed archives (using public key crypto.) This is useful, for instance, to transfer files from one machine to another, as is the case in a typical Hydra build farm. The daemon is equipped to call out to the =E2=80=98openssl=E2=80=99 program= for signing and signature verification, but the goal here was to do away with OpenSSL, since we have a couple of great alternatives in GNU. ;-) (In practice this means that our crypto material uses a different format that the one used in Nix.) So the (guix pk-crypto) module provides bindings to the public key API of GNU Libgcrypt, and the =E2=80=98guix authenticate=E2=80=99 command is a = drop-in replacement for the =E2=80=98openssl=E2=80=99 program that the daemon invok= es (see =E2=80=98local-store.cc=E2=80=99.) The modus operandi is that administrators add a libgcrypt-generated key pair to /etc/guix/signing-key.{pub,sec} (typically an RSA key pair). Exported archives are automatically signed with the secret key, and imported archives must carry a valid signature verified with signing-key.pub. I find the latter a bit limiting, as it means that all the machines in the build farm must have the same key pair installed. So instead, I=E2=80= =99m inclined to add an =E2=80=98authorized key=E2=80=99 list, as with SSH. From=20there, we need a few more things: - a =E2=80=98guix archive=E2=80=99 command to easily import/export archiv= es, and to generate a key pair; - a =E2=80=98guix copy=E2=80=99 command to copy a set of store files (and= their dependencies) between two machines (similar to =E2=80=98nix-copy-closur= e=E2=80=99); - a daemon =E2=80=9Cbuild hook=E2=80=9D to automatically off-load builds = to remote machines (see for an overview.) The practical goal is to have an additional Intel build machine, and ideally a mips64 build machine hooked up into Hydra by the end of January. As usual, feedback welcome! Ludo=E2=80=99. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlK0cVIACgkQd92V4upS7PQ2pwCeNLLPGAL9HNtVhw44Or3rDChQ t94An3pwOe7mDQ6NEnuzYs4v5gUNb1Qn =ocpX -----END PGP SIGNATURE----- --=-=-=--