[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22883: Trustable "guix pull"
From: |
Ludovic Courtès |
Subject: |
bug#22883: Trustable "guix pull" |
Date: |
Sun, 02 Sep 2018 22:07:30 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Vagrant Cascadian <address@hidden> skribis:
> On 2018-09-02, Ludovic Courtès wrote:
>> Vagrant Cascadian <address@hidden> skribis:
>>> I really don't like having a custom GNUPGHOME, but I didn't see any
>>> other obvious way to pass arguments to git to use a custom keyring. I
>>> populated this GNUPGHOME with keys from:
>>>
>>>
>>> https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=guix&download=1
>>>
>>> And then ran gpg --refresh-keys on it, as several keys were
>>> outdated/expired.
>>
>> ‘gpgv’, which is recommended for this use case, has a ‘--keyring’
>> argument. I suppose we could use that.
>
> I'm not sure how to get git to use gpgv instead of gpg, and extracting
> the information out of git and then implementing some external
> verification process, while possible, is likely error-prone.
Oh right, IIRC Git cannot use gpgv (this was probably discussed in this
issue, now that I think about it.)
Good thing is that using Guile-Git as in the toy example at
<https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#103>, we can use
gpgv.
> A feature request to git to allow passing gpg arguments or use gpgv
> would be the best way forward in the long-term.
That would work too.
Thanks,
Ludo’.