From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id EOZHHJVCcmFm1QAAgWs5BA (envelope-from ) for ; Fri, 22 Oct 2021 06:48:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id IFvWF5VCcmGSWQAAbx9fmQ (envelope-from ) for ; Fri, 22 Oct 2021 04:48:21 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 29A3923892 for ; Fri, 22 Oct 2021 06:48:20 +0200 (CEST) Received: from localhost ([::1]:45668 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mdmTZ-0000rV-07 for larch@yhetil.org; Fri, 22 Oct 2021 00:48:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36510) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mdmTB-0000r9-VF for guix-devel@gnu.org; Fri, 22 Oct 2021 00:47:53 -0400 Received: from mail-wm1-x344.google.com ([2a00:1450:4864:20::344]:50890) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1mdmTA-0008DO-98; Fri, 22 Oct 2021 00:47:53 -0400 Received: by mail-wm1-x344.google.com with SMTP id o24so1697715wms.0; Thu, 21 Oct 2021 21:47:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:subject:from:to:cc:date:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=Tm16SsMS7t2YbKAS8//OTY3zyl/Dqk36YWceL7ui1TE=; b=hwV4zHoQLkZBmVrwVape4yFDioDYHc7gTDxys10lkCQNhS7jKJH6VRd7fJVHhjeHlX vAY4Vg4ATTBHGkxABhlMSqvnnohI7avRnKFL/IEjaRhw1MR4owJS+A6yOqeizVM8BrEp q/1QFY6/la34Y5NQBUOIXOlglm0WWa4gZ8/oRz0BjHPgo/5uJrbvEEAqQkJMu3e8xCep 6nVmYXa2KOvX5xn5INyZJXk/B4rGXN+uXGrCbhaskVHbmOdbbWiTSnYsqiKkY47dBau3 d+pgO3IWOvpAf+K5H3j3h5mLwu4lk0KoZkc0nBuszpLvylalGrWsBFIcrW9bDA6RmLKz 03Rg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=Tm16SsMS7t2YbKAS8//OTY3zyl/Dqk36YWceL7ui1TE=; b=rVIcP3/q87D//LT2tfMFI5FEfZKDCIryhNXj9z+yKMWvrdAfGgYFXeI1sTU9h2KPPT byUwl+aBTC9DS2lCNeeQguec/zWsAHMY42Tb9iXliSy3/ys49Il0w3t8bo6T56Vuyo1C YCzsz3+Tjhwu1cybi27sELamFcbBWxQyjcowUZAaJ3EIbkmKqd+HRvq2onjHRlSOn9ka go5ehrbP+xolTAdPdmLFzrz1FGGt9aJfO0lCyRGUZ6l7PStNqgw+AnbVDNAVDbEbgU95 izFnPRMHSp4zjJffdKJ+t1UBuhz9e8gH+9IDRaMDhzVB7yaAuGl15c6jujtkAyb0rP9p x9Kw== X-Gm-Message-State: AOAM530rAbJwdKOuZ/b05Xy82cYW7jKR5qtrc1dGR3QGkKgMZJnu5gWQ pSNAbe2XUZiU9aGd6UyZoRIAg+ry9NJXgw== X-Google-Smtp-Source: ABdhPJz8+cPSzvct+KcyQln+VWCQmJntDmv1Hul/tqDWM1rGEfOU9t/LRy+RPbJivmTaxZi8OeV4qg== X-Received: by 2002:a1c:750b:: with SMTP id o11mr11648762wmc.5.1634878069696; Thu, 21 Oct 2021 21:47:49 -0700 (PDT) Received: from nijino.fritz.box (85-127-52-93.dsl.dynamic.surfer.at. [85.127.52.93]) by smtp.gmail.com with ESMTPSA id r15sm972555wru.9.2021.10.21.21.47.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Oct 2021 21:47:49 -0700 (PDT) Message-ID: Subject: Re: Using G-Expressions for public keys (substitutes and possibly more) From: Liliana Marie Prikler To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Date: Fri, 22 Oct 2021 06:47:47 +0200 In-Reply-To: <87wnm6w2yz.fsf@gnu.org> References: <5f7e587c376ed0abffa321152e185cbf4014e05b.camel@gmail.com> <87wnm6w2yz.fsf@gnu.org> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::344; envelope-from=liliana.prikler@gmail.com; helo=mail-wm1-x344.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1634878100; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=Tm16SsMS7t2YbKAS8//OTY3zyl/Dqk36YWceL7ui1TE=; b=kY4nmU1vy5OETAandkD5AIG25xwoKyqIQlkkjPYHuJewyx/S1brDZiLrxzFpwn2qbhV9Oq nSbNiWcRRwSFwfWPQpKk+nGrdnlvBEcK4OZU6aCoBXjHEew217Pz01n4b5HvsvxgEA+OMk QMz5cRYqaL6O1B0KnKE3JHsfHMLuB2bbPA7nyaahETnTUE5nGrVFYlYXCvxzYQaJLuUO3M vlnYenQsWGNC0O9Pl5marLlBMCmbYU0LajDhr0yYOE8cFWc7DPDKgmZ3HTkUDvni+R9esg 7OrjRCJ1hcmL4ETJ5tuzvDEgFgW5C7ZLjra1XkGlk/udvedNyWE8ZmEKMgrcvw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1634878100; a=rsa-sha256; cv=none; b=tlk9fSAZJc6hpshZl+oxLE73oZQsB63dRnysGXsHrfuDdQucaitua6b7bChFCw5WR3IHBJ CvtW/jbmuqYLI+5nqFc4i1E2L+nKgQvscaomUQ39jOSGQfNYWac48QXasLhBmmQZBoyGrf yLIwlJAWT2EBQfk66/ujIi/tntCk2XL1YOgKf4QQdVtgoa/HS26k8U7CgCC95fOvPfM+N/ etTkVWV1FA/krgz3VyVwYh31xY1KjUnCcmEhr01H6IA9aoBL5dMPoKTyLHxwOB//9+Klpd bKaVwwkeVvNDksn5ZZjkB4nE/67kzRl2RurS7UM+YrPSXWaillnc84yaNU4zbQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=hwV4zHoQ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -3.13 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=hwV4zHoQ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 29A3923892 X-Spam-Score: -3.13 X-Migadu-Scanner: scn0.migadu.com X-TUID: Ht5VvS4rwCVE Hi Ludo, Am Donnerstag, den 21.10.2021, 22:13 +0200 schrieb Ludovic Courtès: > Hi! > > Liliana Marie Prikler skribis: > > > let's say I wanted to add my own substitute server to my > > config.scm. > > At the time of writing, I would have to add said server's public > > key to > > the authorized-keys of my guix-configuration like so: > > (cons* (local-file "my-key.pub") %default-authorized-guix-keys) > > or similarily with append. This local-file incantation is however > > pretty weak. It changes based on the current working directory and > > even if I were to use an absolute path, I'd have to copy both that > > file > > and the config.scm to a new machine were I to use the same > > configuration there as well. > > Note that you could use ‘plain-file’ instead of ‘local-file’ and > inline the key canonical sexp in there. Yes, but for that I'd have to either write a (multi-line) string directly, which visibly "breaks" indentation of the rest of the file, or somehow generate a string which adds at least one layer of indentation. The former is imo unacceptable, the latter merely inconvenient. > > However, it turns out that the format for said key files is some > > actually pretty readable Lisp-esque stuff. For instance, an ECC > > key reads like > > (public-key (ecc (curve CURVE) (q #Q#))) > > with spaces omitted for simplicity. > > Were it not for the (q #Q#) bit, we could construct it using > > scheme-file. In fact, it is so simple that in my local config I > > now do exactly that. > > Yeah it’s frustrating that canonical sexps are almost, but not quite, > Scheme sexps. :-) > > (gcrypt pk-crypto) has a ‘canonical-sexp->sexp’ procedure: > > --8<---------------cut here---------------start------------->8--- > scheme@(guile-user)> ,use(gcrypt pk-crypto) > scheme@(guile-user)> ,use(rnrs io ports) > scheme@(guile-user)> (string->canonical-sexp > (call-with-input-file > "etc/substitutes/ci.guix.info.pub" > get-string-all)) > $18 = # > scheme@(guile-user)> ,pp (canonical-sexp->sexp $18) > $19 = (public-key > (ecc (curve Ed25519) > (q #vu8(141 21 111 41 93 36 176 217 168 111 165 116 26 132 15 > 242 210 79 96 247 182 196 19 72 20 173 85 98 89 113 179 148)))) > --8<---------------cut here---------------end--------------->8--- > > > (define-record-type* ...) > > (define-gexp-compiler (ecc-key-compiler (ecc-key ) ...) > > ...) > > > > (ecc-key > > (name "my-key.pub") > > (curve 'Ed25519) > > (q "ABCDE...")) > > > > Could/should we support such formats out of the box? WDYT? > > With this approach, we’d end up mirroring all the canonical sexps > used by libgcrypt, which doesn’t sound great from a maintenance POV. Given that we can use canonical sexps, what about a single canonical- sexp compiler then? I'd have to think about this a bit more when I have the time to, but having a way of writing the canonical sexp "directly" would imo be advantageous. > Would providing an example in the doc that uses ‘canonical-sexp- > >sexp’ and its dual help? I'm not sure whether it'd be in the doc or as a cookbook entry, but providing an example would in my opinion definitely help. I'll take a closer look at guile-gcrypt later. Hopefully they have scheme-ified constructors for everything, which would make this quite simple. Thanks, Liliana