[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Archive authentication & ‘guix challenge’
|
From: |
myglc2 |
|
Subject: |
Re: Archive authentication & ‘guix challenge’ |
|
Date: |
Fri, 10 Feb 2017 17:57:52 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
On 02/09/2017 at 17:36 Ludovic Courtès writes:
> Hi!
>
> myglc2 <address@hidden> skribis:
>
>> Hi Ludo, I have a couple questions. I autorized bayfront like so ...
>>
>> address@hidden ~/src$ cat bayfront.guixsd.org.pub
>> (public-key
>> (ecc
>> (curve Ed25519)
>> (q #8D156F295D24B0D9A86FA5741A840FF2D24F60F7B6C4134814AD55625971B394#)))
>>
>> address@hidden ~/src$ sudo guix archive --authorize < bayfront.guixsd.org.pub
>>
>> ... and I read this ...
>>
>> 3.7 Invoking ‘guix archive’
>> ===========================
>> [...]
>> The list of authorized keys is kept in the human-editable file
>> ‘/etc/guix/acl’. The file contains “advanced-format s-expressions”
>> (http://people.csail.mit.edu/rivest/Sexp.txt) and is structured as
>> an access-control list in the Simple Public-Key Infrastructure
>> (SPKI) (http://theworld.com/~cme/spki.txt).
>>
>> ... so I expected to find the bayfront key here ...
>
> [...]
>
>> ... but no. Where did it go?
>
> Could it be that the ‘guix archive’ you ran uses a configuration
> directory other than this one? What does:
>
> guile -c '(use-modules (guix config)) (pk %config-directory)'
>
> print?
Thanks Ludo ...
address@hidden ~/src/guix [env]$ guile -c '(use-modules (guix config)) (pk
%config-directory)'
;;; ("/etc/guix")
Running from git checkout ...
address@hidden ~/src/guix [env]$ git -C ~/.config/guix/latest log -n 1 --oneline
e1a65ae57 doc: Fix typos.
address@hidden ~/src/guix [env]$ stat ~/.config/guix/latest | grep File
File: '/home/g1/.config/guix/latest' -> '../../src/guix'
>> Also you recommended ...
>>
>>> guix challenge gdk-pixbuf \
>>> --substitute-urls="https://mirror.hydra.gnu.org
>>> https://bayfront.guixsd.org";
>>
>> ... which I tried _before_ I had authorized bayfront. I was surprised that it
>> worked before authorization. Should it?
>
> Yes. It is not actually importing the archives into your store, only
> looking at the content hashes that the servers advertise, so there is no
> risk here and no requirement to authenticate.
Oh DUH! Of course. Thanks! - George
- Archive authentication & ‘guix challenge’, Ludovic Courtès, 2017/02/09
- Re: Archive authentication & ‘guix challenge’,
myglc2 <=
- Re: Archive authentication & ‘guix challenge’, Ludovic Courtès, 2017/02/11
- Re: Archive authentication & ‘guix challenge’, myglc2, 2017/02/11
- Re: Archive authentication & ‘guix challenge’, Maxim Cournoyer, 2017/02/12
- Re: Archive authentication & ‘guix challenge’, Ludovic Courtès, 2017/02/13
- Re: Archive authentication & ‘guix challenge’, myglc2, 2017/02/13
- Re: Archive authentication & ‘guix challenge’, Ludovic Courtès, 2017/02/14
- Re: Archive authentication & ‘guix challenge’, myglc2, 2017/02/14
- Re: Archive authentication & ‘guix challenge’, Ludovic Courtès, 2017/02/14
- Re: Archive authentication & ‘guix challenge’, myglc2, 2017/02/14
- Re: Archive authentication & ‘guix challenge’, Maxim Cournoyer, 2017/02/14