From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Signed archives
Date: Sun, 26 Jan 2014 20:36:14 +0100
Message-ID: <87ha8qo7rl.fsf@gnu.org>
References: <87txcqesqv.fsf@karetnikov.org> <87eh3ure1r.fsf@gnu.org>
	<87bnyyiv2u.fsf_-_@karetnikov.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51920)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1W7Va7-0007Tb-36
	for guix-devel@gnu.org; Sun, 26 Jan 2014 14:41:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1W7Va1-000587-QK
	for guix-devel@gnu.org; Sun, 26 Jan 2014 14:41:23 -0500
Received: from hera.aquilenet.fr ([141.255.128.1]:45384)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1W7Va1-00057k-CU
	for guix-devel@gnu.org; Sun, 26 Jan 2014 14:41:17 -0500
In-Reply-To: <87bnyyiv2u.fsf_-_@karetnikov.org> (Nikita Karetnikov's message
	of "Sun, 26 Jan 2014 20:09:13 +0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Nikita Karetnikov <nikita@karetnikov.org>
Cc: guix-devel@gnu.org

Nikita Karetnikov <nikita@karetnikov.org> skribis:

>>> Also, where can I find the corresponding NAR info file?  According to
>>> this commit [1], the signature should be there.
>
>> The .narinfo files are created on the fly.  When looking for a binary
>> for /nix/store/x4mnd9747fgwacjrvl1rynh59qlgz8gh-coreutils-8.21, the
>> substituter attempts to fetch:
>
>>   http://hydra.gnu.org/x4mnd9747fgwacjrvl1rynh59qlgz8gh.narinfo
>
>> It caches the answer (positive or negative) under
>> /nix/var/nix/substitute-binary/cache/x4mnd9747fgwacjrvl1rynh59qlgz8gh
>> (or similar.)
>
> Does Hydra create the .narinfo files?

Yes, as shown above.  :-)

(See NARInfo.pm in Hydra.)

> How can I create a signed .narinfo file locally (for testing
> purposes)?

You could copy one from /nix/var/nix/substitute-binary/cache or from a
URL like above.

To get the signature sexp, you can run =E2=80=98guix authenticate rsautl -s=
ign
...=E2=80=99 (see tests/guix-authenticate.sh for an example.)  Then you=E2=
=80=99ll have
to base64-encode it somehow.

HTH,
Ludo=E2=80=99.