Hello, Sorry for the delay! Nikita Karetnikov skribis: > 1. Will hydra.gnu.org serve only signed .narinfo files? Hydra (the software) can do both, but hydra.gnu.org will sign everything. > 2. If not, how can one opt out of verifying while using ‘guix > substitute-binary’? Should we add an option to ‘guix package’ and > ‘guix build’? In general, I don’t think we’d want to opt out. Technically there’s also the problem that substitute-binary is spawned by the daemon, so we have no direct way to communicate with it. > 3. How does a user get Hydra’s public key? I imagine we could distribute it with Guix tarballs, in the repo, and perhaps also on ftp.gnu.org GPG-signed by myself (say). > 4. Will the entire cache be signed with a single key? (Mark, would you > like to add something?) (I think “cache” is ambiguous here.) All the archives served by Hydra will be signed. > 5. When do we want to verify the .narinfo file? Can it be done in > ‘read-narinfo’? I think so, yes, and raise an error if there’s a signature issue, as done in ‘restore-file-set’, in nar.scm. (IIRC what’s implemented in Hydra, only .narinfos are signed, and not the archives themselves, right?) > Similarly, should we sign and base64-encode in ‘write-narinfo’? Currently ‘write-narinfo’ is used only internally, when populating the local narinfo lookup cache. So there’s no need to sign things here (it will be useful when we have an HTTP server that can publish archives using the same protocol.) However, the local lookup cache should probably keep the signatures it got from hydra.gnu.org, unchanged. Thus, ‘write-narinfo’ should do the right thing to preserve the ‘Signature’ field. > 6. Where should ‘guix substitute-binary’ look for a keypair? It should use ‘authorized-key?’ from (guix pki), which in turn loads the ACL from $sysconfdir (info "(guix) Invoking guix archive"). > 7. How do we determine that a file is signed with a trusted key? What > if we don’t have the needed public key? Does it mean we miss the > right one, or is it a MITM attack? ‘authorized-key?’ will DTRT. :-) HTH! Ludo’.