guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Archive authentication & ‘guix challenge’


From: myglc2
Subject: Re: Archive authentication & ‘guix challenge’
Date: Fri, 10 Feb 2017 17:57:52 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

On 02/09/2017 at 17:36 Ludovic Courtès writes:

> Hi!
>
> myglc2 <address@hidden> skribis:
>
>> Hi Ludo, I have a couple questions. I autorized bayfront like so ...
>>
>> address@hidden ~/src$ cat bayfront.guixsd.org.pub
>>  (public-key 
>>   (ecc 
>>    (curve Ed25519)
>>    (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
>>
>> address@hidden ~/src$ sudo guix archive --authorize < bayfront.guixsd.org.pub
>>
>> ... and I read this ...
>>
>> 3.7 Invoking ‘guix archive’
>> ===========================
>> [...]
>>      The list of authorized keys is kept in the human-editable file
>>      ‘/etc/guix/acl’.  The file contains “advanced-format s-expressions”
>>      (http://people.csail.mit.edu/rivest/Sexp.txt) and is structured as
>>      an access-control list in the Simple Public-Key Infrastructure
>>      (SPKI) (http://theworld.com/~cme/spki.txt).
>>
>> ... so I expected to find the bayfront key here ...
>
> [...]
>
>> ... but no. Where did it go?
>
> Could it be that the ‘guix archive’ you ran uses a configuration
> directory other than this one?  What does:
>
>   guile -c '(use-modules (guix config)) (pk %config-directory)'
>
> print?

Thanks Ludo ...

address@hidden ~/src/guix [env]$ guile -c '(use-modules (guix config)) (pk 
%config-directory)'

;;; ("/etc/guix")

Running from git checkout ...

address@hidden ~/src/guix [env]$ git -C ~/.config/guix/latest log -n 1 --oneline
e1a65ae57 doc: Fix typos.

address@hidden ~/src/guix [env]$ stat ~/.config/guix/latest | grep File
  File: '/home/g1/.config/guix/latest' -> '../../src/guix'

>> Also you recommended ...
>>
>>>   guix challenge gdk-pixbuf \
>>>     --substitute-urls="https://mirror.hydra.gnu.org 
>>> https://bayfront.guixsd.org";
>>
>> ... which I tried _before_ I had authorized bayfront. I was surprised that it
>> worked before authorization. Should it?
>
> Yes.  It is not actually importing the archives into your store, only
> looking at the content hashes that the servers advertise, so there is no
> risk here and no requirement to authenticate.

Oh DUH! Of course. Thanks! - George



reply via email to

[Prev in Thread] Current Thread [Next in Thread]