From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pierre Neidhardt <mail@ambrevar.xyz>
Subject: Re: Guix and remote trust
Date: Fri, 13 Dec 2019 13:24:08 +0100
Message-ID: <8736doct1z.fsf@ambrevar.xyz>
References: <87eex9r5ay.fsf@ambrevar.xyz> <87h825wkj6.fsf@cbaines.net>
 <87h824d319.fsf@ambrevar.xyz>
 <CAJ3okZ0bfTPi60rjKL8mSNjr_Gp-FNd=1XJx22-FfwYe_R32mQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:58193)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <mail@ambrevar.xyz>) id 1ifjzR-0006jI-HY
 for help-guix@gnu.org; Fri, 13 Dec 2019 07:24:14 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mail@ambrevar.xyz>) id 1ifjzQ-00089o-07
 for help-guix@gnu.org; Fri, 13 Dec 2019 07:24:13 -0500
Received: from relay3-d.mail.gandi.net ([217.70.183.195]:50685)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mail@ambrevar.xyz>) id 1ifjzP-00085r-PN
 for help-guix@gnu.org; Fri, 13 Dec 2019 07:24:11 -0500
In-Reply-To: <CAJ3okZ0bfTPi60rjKL8mSNjr_Gp-FNd=1XJx22-FfwYe_R32mQ@mail.gmail.com>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: zimoun <zimon.toutoune@gmail.com>
Cc: help-guix <help-guix@gnu.org>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

zimoun <zimon.toutoune@gmail.com> writes:

> Your question is: how can Alice be sure that she runs the same
> binaries on aneto and balaitou? other said how can she detect baloitou
> has been compromised?
> Is it your use-case?

Yes, you got it right! :)

> If yes, Alice can :
>
>  1. check the integrity on the balaitou machine by running "guix gc --ver=
ify"

I'm not sure this works because if `guix' itself is compromised,=20
`guix gc --verify' becomes irrelevant.  Or is there another way?

>  2. publish the store of aneto with "guix publish"

And then install packages from balaitou?  But if Balaitou's "guix" is
compromised, it does not matter that the substitute server is trusted.

Or did you mean something else?

>  3. challenge the store of balaitou against the store of aneto with
> "guix challenge"

This seems like a good option.  In particular, this should verify "guix"
itself, and thus everything else.


So I'd reverse your point.  By first challenging Balaitou, we can trust
the guix executable and from there we can run 1. and 2.

Thoughts?

=2D-=20
Pierre Neidhardt
https://ambrevar.xyz/

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl3zgugACgkQm9z0l6S7
zH+gXgf/XS6Agre1zrI0lsQXHhDor75irhnpbh8lcHfBSavVu7ng2xzosIUna4SK
Ug9W0xAcG1EapJBw9epOefuYTgoi/TAKqwS9JsYnCfqZj1hK5DUZ0uNtBXjn/dFZ
tM4w/fKtpk8Ud4aAqahpDpWoaSWGzhDvS+pIONf0HG8mXn+OGAjtxJgz7NcHKO7X
TAanf8kayK0pRZDePx/aQD4n5zfnAuL1OunWoAeal1316OhMyBozHytag0j8LXXu
Z667YrVVE1ywe5rcOEOw5fa6xNV1L89tyBJ66WF3IKynEGnu2ye+k2xTEeTxBEU6
pvo3FVRxwiVNCDpT3z6VE/JhYfsSaQ==
=Osd9
-----END PGP SIGNATURE-----
--=-=-=--