GNU bug report logs -
#30143
UX: print warning if substitute server is not authorized
Previous Next
To reply to this bug, email your comments to 30143 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#30143; Package
guix.
(Wed, 17 Jan 2018 12:18:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ricardo Wurmus <ricardo.wurmus <at> mdc-berlin.de>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Wed, 17 Jan 2018 12:18:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Suppose I add example.com as a substitute server by passing
“--substitute-urls=https://example.com” to the daemon or the Guix
command line. I haven’t authorized the signing key, so Guix won’t
accept any of the substitutes from example.com.
Currently, Guix does not make it obvious to the user that a requested
substitute server is ignored because its key is not authorized. We
should print a clear warning in this case.
(guix scripts authenticate) already includes “validate-signature”, which
aborts with an error if the key is not authorized, but we don’t seem to
use it.
--
Ricardo
Information forwarded
to
bug-guix <at> gnu.org:
bug#30143; Package
guix.
(Mon, 22 Jan 2018 07:09:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 30143 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ricardo Wurmus <ricardo.wurmus <at> mdc-berlin.de> writes:
> Suppose I add example.com as a substitute server by passing
> “--substitute-urls=https://example.com” to the daemon or the Guix
> command line. I haven’t authorized the signing key, so Guix won’t
> accept any of the substitutes from example.com.
>
> Currently, Guix does not make it obvious to the user that a requested
> substitute server is ignored because its key is not authorized. We
> should print a clear warning in this case.
>
> (guix scripts authenticate) already includes “validate-signature”, which
> aborts with an error if the key is not authorized, but we don’t seem to
> use it.
What if example.com serves substitutes that are signed by another
server, such as hydra.gnu.org? No matter where a substitute comes from,
if it was signed with an authorized key and its signature checks out,
then it's OK to use, right?
--
Chris
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#30143; Package
guix.
(Tue, 23 Jan 2018 07:01:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 30143 <at> debbugs.gnu.org (full text, mbox):
Chris Marusich <cmmarusich <at> gmail.com> writes:
> Ricardo Wurmus <ricardo.wurmus <at> mdc-berlin.de> writes:
>
>> Suppose I add example.com as a substitute server by passing
>> “--substitute-urls=https://example.com” to the daemon or the Guix
>> command line. I haven’t authorized the signing key, so Guix won’t
>> accept any of the substitutes from example.com.
>>
>> Currently, Guix does not make it obvious to the user that a requested
>> substitute server is ignored because its key is not authorized. We
>> should print a clear warning in this case.
>>
>> (guix scripts authenticate) already includes “validate-signature”, which
>> aborts with an error if the key is not authorized, but we don’t seem to
>> use it.
>
> What if example.com serves substitutes that are signed by another
> server, such as hydra.gnu.org? No matter where a substitute comes from,
> if it was signed with an authorized key and its signature checks out,
> then it's OK to use, right?
Correct.
--
Ricardo
This bug report was last modified 7 years and 186 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.