From: zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze)
To: Christopher Lemmer Webber <cwebber@dustycloud.org>
Cc: 36956@debbugs.gnu.org
Subject: [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key.
Date: Fri, 09 Aug 2019 11:52:26 -0400 [thread overview]
Message-ID: <87ftmanxol.fsf@sdf.lonestar.org> (raw)
In-Reply-To: <87zhkkk8a6.fsf@sdf.lonestar.org> (Jakob L. Kreuze's message of "Wed, 07 Aug 2019 16:52:33 -0400")
[-- Attachment #1: Type: text/plain, Size: 1347 bytes --]
zerodaysfordays@sdf.lonestar.org (Jakob L. Kreuze) writes:
> Hi Chris and Ricardo,
>
> Christopher Lemmer Webber <cwebber@dustycloud.org> writes:
>
>> This seems like a good usability improvement. For clarity, I assume
>> that it's still configurable, however? Would be important if pushing
>> builds to a different machine.
>
> No, but you raise a good point :) I'll update this patch to make it
> configurable.
>
> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> This will overwrite an existing acl file on the remote with a copy
>> that differs only in the newly added key.
>>
>> Is there a chance for corruption, e.g. if acl->public-keys returns
>> something unexpected?
>
> I suppose it's possible. 'guix archive --authorize' doesn't seem to do
> any specific handling for it, but it doesn't hurt to be paranoid -- we
> "atomically" overwrite the GC root for the bootloader configuration, for
> example, and we could do something similar here. I'll include it in the
> updated patch.
>
> Regards,
> Jakob
>
I didn't think this all the way through when I wrote this response.
We're already using 'with-atomic-file-output', so we're already
"atomically" overwriting the ACL. Also, it wouldn't solve the issue of
'acl->public-keys' returning something unexpected.
I'm not sure I have a good solution for this at the moment.
Regards,
Jakob
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]
next prev parent reply other threads:[~2019-08-09 15:53 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-07 12:45 [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key Jakob L. Kreuze
2019-08-07 19:18 ` Christopher Lemmer Webber
2019-08-07 19:39 ` Ricardo Wurmus
2019-08-07 20:52 ` Jakob L. Kreuze
2019-08-09 15:48 ` [bug#36956] [PATCH v2] machine: Automatically authorize the coordinator's signing Jakob L. Kreuze
2019-08-09 15:52 ` Jakob L. Kreuze [this message]
2019-08-14 20:51 ` [bug#36956] [PATCH] machine: Automatically authorize the coordinator's signing key Christopher Lemmer Webber
2019-08-15 5:52 ` Ricardo Wurmus
2019-08-15 11:45 ` bug#36956: " Christopher Lemmer Webber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ftmanxol.fsf@sdf.lonestar.org \
--to=zerodaysfordays@sdf.lonestar.org \
--cc=36956@debbugs.gnu.org \
--cc=cwebber@dustycloud.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).