[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Signed archive export/import
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Signed archive export/import |
|
Date: |
Fri, 10 Jan 2014 14:21:46 +0100 |
|
User-agent: |
Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux) |
address@hidden (Ludovic Courtès) skribis:
> address@hidden (Ludovic Courtès) skribis:
>
>> The good news is that, with a bit of work in (guix nar),
>> ‘substitute-binary’ will be able to use that mechanism too. So we can
>> change Hydra to always sign its archives (simple), and
>> ‘substitute-binary’ to always check signatures and check the signer
>> against the ACL. The users can choose whether or not to add
>> hydra.gnu.org’s public key to their ACL.
>
> It turns out that changing Hydra to always sign is not as simple as I
> initially thought, because it doesn’t export archives via the
> ‘export-paths’ RPC (the one that knows how to sign them.)
>
> So we’re back to discussing another approach with the (apparently
> unmotivated) Hydra folks, probably adding a ‘Signature’ field to the
> .narinfo files (see
> <http://lists.gnu.org/archive/html/bug-guix/2013-05/msg00087.html> and
> <http://lists.science.uu.nl/pipermail/nix-dev/2013-May/011203.html>.)
Good news: Eelco Dolstra (of Nix) implemented what he had in mind in
Hydra and Nix’s substituter (thanks!):
https://github.com/NixOS/nix/commit/0fdf4da0e979f992db75cc17376e455ddc5a96d8
https://github.com/NixOS/hydra/commit/a598fe7e817e116cdf4d3202458d138202e869f1
So what we need to do now is to adjust substitute-binary.scm to handle
these signatures, and to make sure Hydra can use ‘guix authenticate’
instead of ‘openssl’.
I’ll look into it when I’m done with offload support, but I’m happy to
discuss it further if someone else wants to give it a go!
Ludo’.