From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: bug#30143: UX: print warning if substitute server is not authorized Date: Sun, 21 Jan 2018 23:08:39 -0800 Message-ID: <87a7x6xte0.fsf@gmail.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:34740) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1edWE6-0002p7-Vv for bug-guix@gnu.org; Mon, 22 Jan 2018 02:09:07 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1edWE2-0000je-Ts for bug-guix@gnu.org; Mon, 22 Jan 2018 02:09:06 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:57994) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1edWE2-0000jA-Pi for bug-guix@gnu.org; Mon, 22 Jan 2018 02:09:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1edWE2-0008JH-El for bug-guix@gnu.org; Mon, 22 Jan 2018 02:09:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: (Ricardo Wurmus's message of "Wed, 17 Jan 2018 13:17:19 +0100") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ricardo Wurmus Cc: 30143@debbugs.gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ricardo Wurmus writes: > Suppose I add example.com as a substitute server by passing > =E2=80=9C--substitute-urls=3Dhttps://example.com=E2=80=9D to the daemon o= r the Guix > command line. I haven=E2=80=99t authorized the signing key, so Guix won= =E2=80=99t > accept any of the substitutes from example.com. > > Currently, Guix does not make it obvious to the user that a requested > substitute server is ignored because its key is not authorized. We > should print a clear warning in this case. > > (guix scripts authenticate) already includes =E2=80=9Cvalidate-signature= =E2=80=9D, which > aborts with an error if the key is not authorized, but we don=E2=80=99t s= eem to > use it. What if example.com serves substitutes that are signed by another server, such as hydra.gnu.org? No matter where a substitute comes from, if it was signed with an authorized key and its signature checks out, then it's OK to use, right? =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlpljfcACgkQ3UCaFdgi Rp36txAA2IV+AfvqRPXhFjA9bwlhUzk3ly9D/GE6OH5yddJUFcvnCbcgpgdEwYLk kEXRv8Q73JpK8qYG1mlzlgqV2JO7cznjERN4r86ApU2nCmIRdldXH3dPveW4k+Sj twHQ4D1+49JH06usnIGmjdmuVoRxwltkCO89l6W3NYlZHl6PUDdZMfKo1reVI9F4 zC+f5Jt0MqJDJirP2C+F3/p3oOew/u/NmmuEl0Ii4pKoEL2M8sNU+4FxJkKPEwvI C7a5bMaaPWJK2pbnBKZj/l49viRX6v7EyfxnB7fDQY4K7T0vwC/VS8MPa8gTZnir NcGJU4p+K5k6Zo2TQsQoIgIJ126ZODDTov8L/6auZoaNUGGT09kGYAIDMzrbkVQ3 vs3cSkvkYxDQYSEX79indELjH3eEbfo4CWIRpo9ppWfFa4OJi9HlL1S3L0iLdVpq 0v7a0gIaRuoL3aeInnMCsPLfCw7Ts4NlPX6atoKiwJEeLWI6Y1+9B5RhDa3nt3ZU ZHvMabv3ruJ2UeyACPYS6tsZQIAKuWCYgQzRXQ3RJqhdL1wdoenFqPrdf1YdfxB9 7b1UlIrfuExnZzYjuqipq5vAi9QjSJBghfcYIykZmTWaRyFAdPRVBTAYlzTCpzRb bgmwklMtuJRD7w7/79PTzuzGp1q+m6QmCllDHhEwwkfNGp+QgFI= =idpO -----END PGP SIGNATURE----- --=-=-=--