[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Signed archive export/import
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Signed archive export/import |
|
Date: |
Fri, 03 Jan 2014 23:15:40 +0100 |
|
User-agent: |
Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux) |
address@hidden (Ludovic Courtès) skribis:
> The good news is that, with a bit of work in (guix nar),
> ‘substitute-binary’ will be able to use that mechanism too. So we can
> change Hydra to always sign its archives (simple), and
> ‘substitute-binary’ to always check signatures and check the signer
> against the ACL. The users can choose whether or not to add
> hydra.gnu.org’s public key to their ACL.
It turns out that changing Hydra to always sign is not as simple as I
initially thought, because it doesn’t export archives via the
‘export-paths’ RPC (the one that knows how to sign them.)
So we’re back to discussing another approach with the (apparently
unmotivated) Hydra folks, probably adding a ‘Signature’ field to the
.narinfo files (see
<http://lists.gnu.org/archive/html/bug-guix/2013-05/msg00087.html> and
<http://lists.science.uu.nl/pipermail/nix-dev/2013-May/011203.html>.)
Anyone knowledgeable with Perl, Nix, and diplomacy is welcome here. :-)
We should also start thinking more about decentralized distribution.
Ludo’.
- Re: Signed archive export/import,
Ludovic Courtès <=