GNU bug report logs - #25094
Add comments to archive keys and acls

Previous Next

Package: guix;

Reported by: Hartmut Goebel <h.goebel <at> crazy-compilers.com>

Date: Fri, 2 Dec 2016 17:39:01 UTC

Severity: wishlist

To reply to this bug, email your comments to 25094 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#25094; Package guix. (Fri, 02 Dec 2016 17:39:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to Hartmut Goebel <h.goebel <at> crazy-compilers.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Fri, 02 Dec 2016 17:39:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Hartmut Goebel <h.goebel <at> crazy-compilers.com>
To: bug-guix <at> gnu.org
Subject: Add comments to archive keys and acls
Date: Fri, 2 Dec 2016 18:38:12 +0100

Hi,

the keys for authenticating an archive currently do not hold any
comment. This makes it hard to track acls and remove certain keys if
required.

Please implement some way to add and change the comment on keys in
/etc/guix/ and in /etc/guix/acl.

Proposed usage when generating the key:
  guix archive --generate-key=… --comment "store.example.com"

Proposed usage when importing the key and overwriting any existing comment

  guix archive --authorize --comment "store.example.com"

For now, since we have no commands for key management, these would be
enough IMO. Existing commenty an easily be changed in the file, so for
now we do not need a tool for this.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel <at> crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |
Information forwarded to bug-guix <at> gnu.org:
bug#25094; Package guix. (Fri, 02 Dec 2016 18:14:02 GMT) Full text and rfc822 format available.

Message #8 received at 25094 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Hartmut Goebel <h.goebel <at> crazy-compilers.com>
Cc: 25094 <at> debbugs.gnu.org
Subject: Re: bug#25094: Add comments to archive keys and acls
Date: Fri, 2 Dec 2016 13:13:51 -0500

On Fri, Dec 02, 2016 at 06:38:12PM +0100, Hartmut Goebel wrote:
> Hi,
> 
> the keys for authenticating an archive currently do not hold any
> comment. This makes it hard to track acls and remove certain keys if
> required.

Indeed, this makes key management a little harder than it needs to be.

> Please implement some way to add and change the comment on keys in
> /etc/guix/ and in /etc/guix/acl.
> 
> Proposed usage when generating the key:
>   guix archive --generate-key=… --comment "store.example.com"
> 
> Proposed usage when importing the key and overwriting any existing comment
> 
>   guix archive --authorize --comment "store.example.com"
> 
> For now, since we have no commands for key management, these would be
> enough IMO. Existing commenty an easily be changed in the file, so for
> now we do not need a tool for this.

I think that the comment should either be signed somehow, or the field
name should be "untrusted-comment".

OpenBSD's signify tool (which we have a port of in Guix) does this:

------
$ cat foo.pub
untrusted comment: Leo's example public key
RWRrY3me0s1DYDBfpcUKZ+ul9m8FgdZfz5+cHjxBabEsvDrjL/ecTeUL
------

Minisign, which is a 3rd party tool compatible with signify, also has
trusted comments:

https://github.com/jedisct1/minisign/blob/master/src/manpage.md#notes
Information forwarded to bug-guix <at> gnu.org:
bug#25094; Package guix. (Sat, 03 Dec 2016 23:57:01 GMT) Full text and rfc822 format available.

Message #11 received at 25094 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Leo Famulari <leo <at> famulari.name>
Cc: Hartmut Goebel <h.goebel <at> crazy-compilers.com>, 25094 <at> debbugs.gnu.org
Subject: Re: bug#25094: Add comments to archive keys and acls
Date: Sun, 04 Dec 2016 00:55:58 +0100

Leo Famulari <leo <at> famulari.name> skribis:

> On Fri, Dec 02, 2016 at 06:38:12PM +0100, Hartmut Goebel wrote:
>> Hi,
>> 
>> the keys for authenticating an archive currently do not hold any
>> comment. This makes it hard to track acls and remove certain keys if
>> required.
>
> Indeed, this makes key management a little harder than it needs to be.

Agreed.  The crux of the problem is that libgcrypt’s canonical sexp
parser does not recognize comments.
<http://people.csail.mit.edu/rivest/Sexp.txt> does not specify comments,
which may be the reason, but other implementations of canonical sexps
(such as lsh and Nettle) do recognize them, so we should just get
libgcrypt to follow suit.

>> Please implement some way to add and change the comment on keys in
>> /etc/guix/ and in /etc/guix/acl.
>> 
>> Proposed usage when generating the key:
>>   guix archive --generate-key=… --comment "store.example.com"
>> 
>> Proposed usage when importing the key and overwriting any existing comment
>> 
>>   guix archive --authorize --comment "store.example.com"
>> 
>> For now, since we have no commands for key management, these would be
>> enough IMO. Existing commenty an easily be changed in the file, so for
>> now we do not need a tool for this.
>
> I think that the comment should either be signed somehow, or the field
> name should be "untrusted-comment".

I think it’s no different than the optional comment in OpenSSH public
keys, and it should be clear that it’s free from and untrusted by
definition (the sexp syntax at least makes it clear that it’s a comment,
as opposed to the OpenSSH public key format).

Ludo’.
Severity set to 'wishlist' from 'normal' Request was from ludo <at> gnu.org (Ludovic Courtès) to control <at> debbugs.gnu.org. (Wed, 25 Jan 2017 17:53:02 GMT) Full text and rfc822 format available.
This bug report was last modified 8 years and 138 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.