From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Gerwitz Subject: bug#22883: Trustable "guix pull" Date: Sat, 04 Jun 2016 21:43:29 -0400 Message-ID: <877fe4v29q.fsf@gnu.org> References: <87io14sqoa.fsf@dustycloud.org> <87fustj59o.fsf@wheatstone.g10code.de> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48317) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b9N7g-0001J0-Lp for bug-guix@gnu.org; Sat, 04 Jun 2016 21:45:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b9N7e-0001Si-EH for bug-guix@gnu.org; Sat, 04 Jun 2016 21:45:03 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:42450) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b9N7e-0001Se-BG for bug-guix@gnu.org; Sat, 04 Jun 2016 21:45:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87fustj59o.fsf@wheatstone.g10code.de> (Werner Koch's message of "Sat, 04 Jun 2016 18:19:31 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Werner Koch Cc: 22883@debbugs.gnu.org, Justus Winter , neal@walfield.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sat, Jun 04, 2016 at 18:19:31 +0200, Werner Koch wrote: > There are no issues with l10n because _all_ scripts SHOULD use gpg with > the options --status-fd and --with-colons. That output creates a well > defined API and we try very hard never to break it. > [...] > I have never looked into git to check whether git correctly calls gpg > to verify signatures. That should eventually be done. A quick glance (latest master, gpg-interface.c:208 verify_signed_buffer): It invokes `gpg --status-fd=3D1 --verify FILE -`, where FILE is a signature written to a temporary file for the sake of invoking GPG. It checks for a non-zero exit code and GOODSIG: ret |=3D !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG "); =2D-=20 Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer https://mikegerwitz.com FSF Member #5804 | GPG Key ID: 0x8EE30EAB --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXU4PCAAoJEPIruBWO4w6rvUkQAL+wAjJzmREj9S0QpxTXyuof X+gSnbbj4BMnpPwHEHZZWJDl0dFaGe2Pa6mhzFHvHi0I4NhN29IxyxyjwPyKnRpt Ou3Oy/CkVQDg4K0psiP3/80Ga89vydzilsa76ImuJVznd+NwzyaaUqL4rJs7ruPK xqIHzput0540HmgP8l6BUSE5eMjXAMzT3j0Rg4BVayuV1neP4U+jWfKw7AU7Tpz0 5o9+8ZzbWy6hjp4XhhK5q3q3oYN0/5wzJVpbTvfbMd3mqb28HE4w1Gx9B8/sCkr8 LoMdphhzbmAGIZCHp1L80HYeCpiXxFIG4xacOUGkTQBJaqmuWDYk8YEAWLNq8F5C BX2ziDaMQDkogp3eUk/Ttj18enmNjyPjU8QS9V8fA6NpYEDJOEvqLn7pYR0zTHXD GV9XNzB6qoBPVyZsFJ8jPlL0ABQpdPeNpujvHqZIBVbBxcvlsWRjnfCqaHNNU8GR ywWGRCTErHZhGv8f9v9Rp/++JcR69c33ugqoNQlhNBED9VbGuffwRtsQnNVDMI7p vrqJB9b4RNeMHD9YTNPUorCXOSfiqkrSWhczZOnpk1ZAAcmG+ct/d71CPMLwyscr BqOqVn/YqwCEgCQov2wgg3L3yVkxSF3JfpCehA+OvKylEUerpNFGPGxpTY2cCNlD 47dtn5nCiyvDTBs3d7uR =zLgc -----END PGP SIGNATURE----- --=-=-=--