From mboxrd@z Thu Jan  1 00:00:00 1970
From: Christopher Baines <mail@cbaines.net>
Subject: Re: Guix and remote trust
Date: Thu, 12 Dec 2019 16:55:41 +0000
Message-ID: <87h825wkj6.fsf@cbaines.net>
References: <87eex9r5ay.fsf@ambrevar.xyz>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:45261)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <mail@cbaines.net>) id 1ifRko-0006Gu-Eh
 for help-guix@gnu.org; Thu, 12 Dec 2019 11:55:55 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mail@cbaines.net>) id 1ifRkm-0003ew-1j
 for help-guix@gnu.org; Thu, 12 Dec 2019 11:55:53 -0500
Received: from mira.cbaines.net ([212.71.252.8]:44060)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mail@cbaines.net>) id 1ifRkj-0003Yj-Pd
 for help-guix@gnu.org; Thu, 12 Dec 2019 11:55:50 -0500
Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net
 [86.27.34.15])
 by mira.cbaines.net (Postfix) with ESMTPSA id D384A17875
 for <help-guix@gnu.org>; Thu, 12 Dec 2019 16:55:46 +0000 (GMT)
Received: from capella (localhost [127.0.0.1])
 by localhost (OpenSMTPD) with ESMTP id c2c38ee1
 for <help-guix@gnu.org>; Thu, 12 Dec 2019 16:55:46 +0000 (UTC)
In-reply-to: <87eex9r5ay.fsf@ambrevar.xyz>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: help-guix@gnu.org

--=-=-=
Content-Type: text/plain


Pierre Neidhardt <mail@ambrevar.xyz> writes:

> I am wondering whether Guix can still provide more guarantees than
> non-functional package managers / OS when running on a remote machine
> (controlled by an non-trusted third-party) with, say, SSH root access.
>
> For instance, can we somehow have the guarantee that the remote machine
> is the Guix we installed and hasn't been tampered with?
>
> I'm not sure whether I'm asking something trivial or not.  If the
> latter, I'd be happy to read more literature about it.
>
> What do you people know on the topic?

This sounds like guix gc --verify=contents. Debian has a similar feature
I think, with dpkg --verify.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl3ycQ1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XeLeg/9E8Lttg3iRWLP70RePv7yED5AgsMSLuX+WP18jQxdIvpZ10wQ42y9yMiK
YWF9Z3koNfpgqM6/pl23PUkMAEo8znN7QkvDXQom+m9mavcpbl57iRm+uO/O4VlC
TMkdufqQHhLw26nntIFqyszRXEYdHjsa+4HvgdseRA78z/Y3BI+dO+dAewGDmcMz
feU6QyZHrZF3GSd+H25eOzBms7kHMGEKsBXPSF8YBI9YYQPNLYmt25N0mLTyHiaZ
ivs9iYAaNj2xG2EGrzCYUp7VW2hPSsxjoUykoyF0fpun1f7eLtfQw6dStMEsayK5
y/xrQInwImEXXLpQN77A/7ms0aX49ouJg2SVqFIHuNZfe5WpzOfSupO5TGkQ+4Ug
eEiORW57RpUY5Rlo/+gNsG7xQeQf5L83VQHOInb0m3aRRvlSq9sYhAc+ZXCC83RL
SEziyKiLW/x4NEgA9ZrU/7Di3pTHksLT0rc9vRIalQKLLSqfI6F8GtZNTUtJzSNn
oavdTTyckFS4zwZH0uE7GBxmK01XHdydzlcwRkEOOaO0wn4uETk3s43/EltPYwFE
OdHheln03ceEIkrgcJBi1DGMcNxgiR33JsMG8mVr8mVWua8O9UFCabDlt+e7kwyt
/vJvoECq6vqyaaj+xHjTqfp2bGb7ZTVYM6FDlIKTybNVF4tk3PE=
=78qu
-----END PGP SIGNATURE-----
--=-=-=--