From: Nikita Karetnikov <nikita@karetnikov.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: bug-guix@gnu.org
Subject: Re: New “guix refresh” command
Date: Fri, 10 May 2013 04:29:25 +0400 [thread overview]
Message-ID: <87bo8jfziy.fsf@karetnikov.org> (raw)
In-Reply-To: 87d2t24ejj.fsf@gnu.org
[-- Attachment #1: Type: text/plain, Size: 2964 bytes --]
> Objects aren’t malicious. Perhaps you’re talking about situations where
> a mirror provides a tarball along with a valid signature, but said
> signature is made with a random key, and the tarball is actually not
> genuine, right?
Yep.
> Second, this is the same model as used by the OpenSSH client. When the
> client is first introduced to a host, it presents you its key
> fingerprint, you type ‘y’, and that key gets added to your known hosts
> file. From there on, person-in-the-middle attacks are trivially
> detected as a key mismatch.
AFAICT, 'guix refresh' doesn't allow to check fingerprints. If so, we
must change it.
Am I mistaken? I'm not sure because it fails on my machine:
# ./pre-inst-env guix refresh -u
[...]
In execlp of gpg2: No such file or directory
guix refresh: warning: signature verification failed for `guile-2.0.9.tar.gz'
guix refresh: warning: (could be because the public key is not in your keyring)
gnu/packages/guile.scm:48:12: guile: updating from version 1.8.8 to version 2.0.9...
Backtrace:
In ice-9/boot-9.scm:
157: 12 [catch #t #<catch-closure 954b170> ...]
In unknown file:
?: 11 [apply-smob/1 #<catch-closure 954b170>]
In ice-9/boot-9.scm:
63: 10 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
432: 9 [eval # #]
In ice-9/boot-9.scm:
2320: 8 [save-module-excursion #<procedure 93f9e80 at ice-9/boot-9.scm:3961:3 ()>]
3966: 7 [#<procedure 93f9e80 at ice-9/boot-9.scm:3961:3 ()>]
In unknown file:
?: 6 [load-compiled/vm "/root/.cache/guile/ccache/2.0-LE-4-2.0/home/guix-test2/scripts/guix.go"]
In guix/ui.scm:
417: 5 [guix-main "/home/guix-test2/scripts/guix" "refresh" "-u"]
In ice-9/boot-9.scm:
157: 4 [catch srfi-34 #<procedure 9858520 at guix/ui.scm:138:2 ()> ...]
In srfi/srfi-1.scm:
619: 3 [for-each #<procedure 98580e0 at guix/scripts/refresh.scm:151:22 (package)> ...]
In guix/scripts/refresh.scm:
167: 2 [#<procedure 98580e0 at guix/scripts/refresh.scm:151:22 (package)> #]
In ice-9/boot-9.scm:
788: 1 [call-with-input-file #f ...]
In unknown file:
?: 0 [open-file #f "r" #:encoding #f #:guess-encoding #f]
ERROR: In procedure open-file:
ERROR: Wrong type (expecting string): #f
> It’s exactly what I would do manually. What about you?
It depends. I usually use a similar page [1] to compare fingerprints
and also check via keys.gnupg.net. Sometimes I try to get more
information elsewhere. Again, the sad truth is that it's easier not to
sign an ingenuine tarball at all.
>> Is it possible to use three mirrors to check keys and tarballs?
> Check against what? What do you want to address?
Check them against each other. But it's not the case because 'guix
refresh' uses one server per package.
> I’ve made this suggestion to one of the FSF sysadmins, but it seems to
> need further discussion, and probably input from crypto-savvy people.
OK.
[1] http://gcc.gnu.org/mirrors.html
[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]
next prev parent reply other threads:[~2013-05-10 0:26 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-24 22:24 New “guix refresh” command Ludovic Courtès
2013-04-25 21:27 ` Ludovic Courtès
2013-04-26 16:16 ` Andreas Enge
2013-04-27 9:43 ` Ludovic Courtès
2013-04-27 10:11 ` Andreas Enge
2013-04-27 21:04 ` Ludovic Courtès
2013-04-27 21:14 ` Andreas Enge
2013-04-27 22:35 ` Ludovic Courtès
2013-04-29 21:27 ` Ludovic Courtès
2013-04-30 15:54 ` Andreas Enge
2013-05-07 19:03 ` Nikita Karetnikov
2013-05-07 22:21 ` Ludovic Courtès
2013-05-10 0:29 ` Nikita Karetnikov [this message]
2013-05-10 13:11 ` Ludovic Courtès
2013-05-10 22:54 ` Nikita Karetnikov
2013-05-11 10:10 ` Ludovic Courtès
2013-05-11 14:05 ` Nikita Karetnikov
2013-05-24 10:19 ` Nikita Karetnikov
2013-05-24 12:54 ` Ludovic Courtès
2013-05-30 0:46 ` Nikita Karetnikov
2013-06-01 15:55 ` Ludovic Courtès
2013-06-02 22:29 ` Ludovic Courtès
2013-06-07 5:26 ` [PATCH] guix refresh: Add '--key-download' Nikita Karetnikov
2013-06-07 16:19 ` Ludovic Courtès
2013-06-08 11:19 ` Nikita Karetnikov
2013-06-08 14:48 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bo8jfziy.fsf@karetnikov.org \
--to=nikita@karetnikov.org \
--cc=bug-guix@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.