From mboxrd@z Thu Jan  1 00:00:00 1970
From: Pierre Neidhardt <mail@ambrevar.xyz>
Subject: Re: Guix and remote trust
Date: Fri, 13 Dec 2019 09:48:34 +0100
Message-ID: <87h824d319.fsf@ambrevar.xyz>
References: <87eex9r5ay.fsf@ambrevar.xyz> <87h825wkj6.fsf@cbaines.net>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:57253)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <mail@ambrevar.xyz>) id 1ifgcs-00087L-8Y
 for help-guix@gnu.org; Fri, 13 Dec 2019 03:48:43 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mail@ambrevar.xyz>) id 1ifgco-000745-Rf
 for help-guix@gnu.org; Fri, 13 Dec 2019 03:48:40 -0500
Received: from relay8-d.mail.gandi.net ([217.70.183.201]:39799)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <mail@ambrevar.xyz>) id 1ifgco-000701-KK
 for help-guix@gnu.org; Fri, 13 Dec 2019 03:48:38 -0500
In-Reply-To: <87h825wkj6.fsf@cbaines.net>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Christopher Baines <mail@cbaines.net>, help-guix@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Christopher Baines <mail@cbaines.net> writes:

> This sounds like guix gc --verify=3Dcontents. Debian has a similar feature
> I think, with dpkg --verify.

From=20the manual:

=2D-8<---------------cut here---------------start------------->8---
     When passing =E2=80=98--verify=3Dcontents=E2=80=99, the daemon compute=
s the content
     hash of each store item and compares it against its hash in the
     database.  Hash mismatches are reported as data corruptions.
     Because it traverses _all the files in the store_, this command can
     take a long time, especially on systems with a slow disk drive.
=2D-8<---------------cut here---------------end--------------->8---

Is this still relevant remotely?  If an untrusted third-party has root
access to the system, they can probably tamper with both the database
and the store, right?

=2D-=20
Pierre Neidhardt
https://ambrevar.xyz/

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl3zUGIACgkQm9z0l6S7
zH+OZgf+K+OvbLOYOviAHTrv7Pj+wA2vGfcTbenu0egqhFYm894mSyae7qEp+G23
KNa6qZl7uJ9ofspHjwqWFJGH2l1rJo0XiSQTwZyensY6ecf/+nYTg2+d0uEEvtog
ocFq4aGZqqVGoQmIEe7ouLbRJUQKYDq2I0i25ABKXVD/mQi7fbWODv+lgcqiPfh8
3Q9voOXnYx/ur5X9Ba9fYOC5Od5izNtc21HmUA4CbfdHxLdT0Ko7BtsF9TUgnxdH
Nq2q93DF89WMwTO6FxfaKzPR23sIF96ZXwN34DbZV4a/IDr7xzZRZIvz1BTqEkAs
8FJRVgqRnCxrQeOwQ17zwoCnH2WF2Q==
=7Lfq
-----END PGP SIGNATURE-----
--=-=-=--