From unknown Fri Jun 20 07:24:51 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#32674 <32674@debbugs.gnu.org> To: bug#32674 <32674@debbugs.gnu.org> Subject: Status: [PATCH 0/1] Use gpgv and keybox files for 'guix refresh' & co. Reply-To: bug#32674 <32674@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:24:51 +0000 retitle 32674 [PATCH 0/1] Use gpgv and keybox files for 'guix refresh' & co. reassign 32674 guix-patches submitter 32674 Ludovic Court=C3=A8s severity 32674 normal tag 32674 fixed patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 09 16:44:09 2018 Received: (at submit) by debbugs.gnu.org; 9 Sep 2018 20:44:09 +0000 Received: from localhost ([127.0.0.1]:51513 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fz6Yz-0004wB-FO for submit@debbugs.gnu.org; Sun, 09 Sep 2018 16:44:09 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58931) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fz6Yy-0004vx-3J for submit@debbugs.gnu.org; Sun, 09 Sep 2018 16:44:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fz6Yr-0007ST-6m for submit@debbugs.gnu.org; Sun, 09 Sep 2018 16:44:02 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:33291) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fz6Yo-0007Qb-B8 for submit@debbugs.gnu.org; Sun, 09 Sep 2018 16:44:00 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51659) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fz6Yn-0003VO-9S for guix-patches@gnu.org; Sun, 09 Sep 2018 16:43:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fz6Yj-0007NQ-Fy for guix-patches@gnu.org; Sun, 09 Sep 2018 16:43:55 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:49604) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fz6Yg-0007LD-6m; Sun, 09 Sep 2018 16:43:50 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=49872 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fz6Yf-0000eg-TN; Sun, 09 Sep 2018 16:43:50 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/1] Use gpgv and keybox files for 'guix refresh' & co. Date: Sun, 9 Sep 2018 22:43:35 +0200 Message-Id: <20180909204335.21400-1-ludo@gnu.org> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit Cc: Vagrant Cascadian , Mark H Weaver , =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Mike Gerwitz , Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hello Guix, (Cc’ing people with expertise and interest in this…) This patch changes (guix gnupg) so that it uses keyrings in the “keybox” file format to store and read upstream public keys (instead of using the user’s default keyring), and so that it uses ‘gpgv --keyring’ instead of ‘gpg --verify’. ‘gpgv’ is specifically designed for use cases like software signature verification against a keyring of “trusted keys” (it’s used by APT and Werner Koch recommends it¹.) A significant difference compared to ‘gpg --verify’ is that it doesn’t check whether keys are expired or revoked; all that matters is whether the signature is valid and whether the signing key is in the specified keyring. I think that’s what we want when checking the signature of a tarball or Git commit. This patch changes the behavior of ‘guix refresh -u’, which now uses, by default, the keyring at ~/.config/guix/upstream/trustedkeys.kbx. That means that if you already have upstream keys in your own keyring, you’ll probably want to export them to this keyring. Unfortunately the keybox format and tools are poorly documented, which is why I gave examples on how to do that in guix.texi. Feedback welcome! Thanks, Ludo’. ¹ https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#58 Ludovic Courtès (1): gnupg: Use 'gpgv' and keybox files; adjust 'guix refresh' accordingly. doc/guix.texi | 30 +++++++++++++++++++++ guix/gnupg.scm | 58 +++++++++++++++++++++++++++++----------- guix/scripts/refresh.scm | 13 +++++++-- 3 files changed, 83 insertions(+), 18 deletions(-) -- 2.18.0 From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 09 16:47:00 2018 Received: (at 32674) by debbugs.gnu.org; 9 Sep 2018 20:47:00 +0000 Received: from localhost ([127.0.0.1]:51518 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fz6bj-00050w-VB for submit@debbugs.gnu.org; Sun, 09 Sep 2018 16:47:00 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59616) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fz6bh-00050j-IJ for 32674@debbugs.gnu.org; Sun, 09 Sep 2018 16:46:58 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fz6ba-0001LC-Ph for 32674@debbugs.gnu.org; Sun, 09 Sep 2018 16:46:52 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:49641) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fz6bX-0001JD-Q3; Sun, 09 Sep 2018 16:46:47 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=49904 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fz6bX-0000vD-D8; Sun, 09 Sep 2018 16:46:47 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 32674@debbugs.gnu.org Subject: [PATCH 1/1] gnupg: Use 'gpgv' and keybox files; adjust 'guix refresh' accordingly. Date: Sun, 9 Sep 2018 22:46:41 +0200 Message-Id: <20180909204641.21510-1-ludo@gnu.org> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 32674 Cc: Vagrant Cascadian , Mark H Weaver , =?UTF-8?q?Ludovic=20Court=C3=A8s?= , Mike Gerwitz , Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) * guix/gnupg.scm (%gpgv-command, current-keyring): New variables (gnupg-verify): Add optional 'keyring' parameter. Use 'gpgv' instead of 'gpg' and pass it '--keyring'. (gnupg-receive-keys): Add optional 'keyring' parameter and honor it. (gnupg-verify*): Add #:keyring and honor it. * guix/scripts/refresh.scm (%options, show-help): Add '--keyring'. (guix-refresh): Parameterize CURRENT-KEYRING. * doc/guix.texi (Invoking guix refresh): Document '--keyring' and the keybox format. --- doc/guix.texi | 30 +++++++++++++++++++++ guix/gnupg.scm | 58 +++++++++++++++++++++++++++++----------- guix/scripts/refresh.scm | 13 +++++++-- 3 files changed, 83 insertions(+), 18 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 19a497c74..6eccf9e05 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -7268,6 +7268,36 @@ The following options can be used to customize GnuPG operation: Use @var{command} as the GnuPG 2.x command. @var{command} is searched for in @code{$PATH}. +@item --keyring=@var{file} +Use @var{file} as the keyring for upstream keys. @var{file} must be in the +@dfn{keybox format}. Keybox files usually have a name ending in @file{.kbx} +and the GNU@tie{}Privacy Guard (GPG) can manipulate these files +(@pxref{kbxutil, @command{kbxutil},, gnupg, Using the GNU Privacy Guard}, for +information on a tool to manipulate keybox files). + +When this option is omitted, @command{guix refresh} uses +@file{~/.config/guix/upstream/trustedkeys.kbx} as the keyring for upstream +signing keys. OpenPGP signatures are checked against keys from this keyring; +missing keys are downloaded to this keyring as well (see +@option{--key-download} below.) + +You can export keys from your default GPG keyring into a keybox file using +commands like this one: + +@example +gpg --export rms@@gnu.org | kbxutil --import-openpgp >> mykeyring.kbx +@end example + +Likewise, you can fetch keys to a specific keybox file like this: + +@example +gpg --no-default-keyring --keyring mykeyring.kbx \ + --recv-keys @value{OPENPGP-SIGNING-KEY-ID} +@end example + +@ref{GPG Configuration Options, @option{--keyring},, gnupg, Using the GNU +Privacy Guard}, for more information on GPG's @option{--keyring} option. + @item --key-download=@var{policy} Handle missing OpenPGP keys according to @var{policy}, which may be one of: diff --git a/guix/gnupg.scm b/guix/gnupg.scm index ac0ed5ab2..b30ce461b 100644 --- a/guix/gnupg.scm +++ b/guix/gnupg.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2010, 2011, 2013, 2014, 2016 Ludovic Courtès +;;; Copyright © 2010, 2011, 2013, 2014, 2016, 2018 Ludovic Courtès ;;; Copyright © 2013 Nikita Karetnikov ;;; ;;; This file is part of GNU Guix. @@ -24,9 +24,12 @@ #:use-module (ice-9 rdelim) #:use-module (ice-9 i18n) #:use-module (srfi srfi-1) - #:use-module (guix ui) + #:use-module (guix i18n) + #:use-module ((guix utils) #:select (config-directory)) + #:use-module ((guix build utils) #:select (mkdir-p)) #:export (%gpg-command %openpgp-key-server + current-keyring gnupg-verify gnupg-verify* gnupg-status-good-signature? @@ -42,13 +45,25 @@ ;; The GnuPG 2.x command-line program name. (make-parameter (or (getenv "GUIX_GPG_COMMAND") "gpg"))) +(define %gpgv-command + ;; The 'gpgv' program. + (make-parameter (or (getenv "GUIX_GPGV_COMMAND") "gpgv"))) + +(define current-keyring + ;; The default keyring of "trusted keys". + (make-parameter (string-append (config-directory #:ensure? #f) + "/gpg/trustedkeys.kbx"))) + (define %openpgp-key-server ;; The default key server. Note that keys.gnupg.net appears to be ;; unreliable. (make-parameter "pgp.mit.edu")) -(define (gnupg-verify sig file) - "Verify signature SIG for FILE. Return a status s-exp if GnuPG failed." +(define* (gnupg-verify sig file + #:optional (keyring (current-keyring))) + "Verify signature SIG for FILE against the keys in KEYRING. All the keys in +KEYRING as assumed to be \"trusted\", whether or not they expired or were +revoked. Return a status s-exp if GnuPG failed." (define (status-line->sexp line) ;; See file `doc/DETAILS' in GnuPG. @@ -117,8 +132,8 @@ (loop (read-line input) (cons (status-line->sexp line) result))))) - (let* ((pipe (open-pipe* OPEN_READ (%gpg-command) "--status-fd=1" - "--verify" sig file)) + (let* ((pipe (open-pipe* OPEN_READ (%gpgv-command) "--status-fd=1" + "--keyring" keyring sig file)) (status (parse-status pipe))) ;; Ignore PIPE's exit status since STATUS above should contain all the ;; info we need. @@ -145,12 +160,21 @@ missing key." (_ #f))) status)) -(define (gnupg-receive-keys key-id server) - (system* (%gpg-command) "--keyserver" server "--recv-keys" key-id)) +(define* (gnupg-receive-keys key-id server + #:optional (keyring (current-keyring))) + (unless (file-exists? keyring) + (mkdir-p (dirname keyring)) + (call-with-output-file keyring (const #t))) ;create an empty keybox + + (system* (%gpg-command) "--keyserver" server + "--no-default-keyring" "--keyring" keyring + "--recv-keys" key-id)) (define* (gnupg-verify* sig file - #:key (key-download 'interactive) - (server (%openpgp-key-server))) + #:key + (key-download 'interactive) + (server (%openpgp-key-server)) + (keyring (current-keyring))) "Like `gnupg-verify', but try downloading the public key if it's missing. Return #t if the signature was good, #f otherwise. KEY-DOWNLOAD specifies a download policy for missing OpenPGP keys; allowed values: 'always', 'never', @@ -161,15 +185,17 @@ and 'interactive' (default)." (define (download-and-try-again) ;; Download the missing key and try again. (begin - (gnupg-receive-keys missing server) - (gnupg-status-good-signature? (gnupg-verify sig file)))) + (gnupg-receive-keys missing server keyring) + (gnupg-status-good-signature? (gnupg-verify sig file + keyring)))) (define (receive?) (let ((answer - (begin (format #t (G_ "~a~a~%") - "Would you like to download this key " - "and add it to your keyring?") - (read-line)))) + (begin + (format #t (G_ "Would you like to add this key \ +to keyring '~a'?~%") + keyring) + (read-line)))) (string-match (locale-yes-regexp) answer))) (and missing diff --git a/guix/scripts/refresh.scm b/guix/scripts/refresh.scm index bcc23bd39..58fc64db1 100644 --- a/guix/scripts/refresh.scm +++ b/guix/scripts/refresh.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès +;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès ;;; Copyright © 2013 Nikita Karetnikov ;;; Copyright © 2014 Eric Bavier ;;; Copyright © 2015 Alex Kost @@ -89,6 +89,9 @@ (lambda (opt name arg result) (alist-cons 'list-dependent? #t result))) + (option '("keyring") #t #f + (lambda (opt name arg result) + (alist-cons 'keyring arg result))) (option '("key-server") #t #f (lambda (opt name arg result) (alist-cons 'key-server arg result))) @@ -138,6 +141,8 @@ specified with `--select'.\n")) -l, --list-dependent list top-level dependent packages that would need to be rebuilt as a result of upgrading PACKAGE...")) (newline) + (display (G_ " + --keyring=FILE use FILE as the keyring of upstream OpenPGP keys")) (display (G_ " --key-server=HOST use HOST as the OpenPGP key server")) (display (G_ " @@ -437,7 +442,11 @@ update would trigger a complete rebuild." (%openpgp-key-server))) (%gpg-command (or (assoc-ref opts 'gpg-command) - (%gpg-command)))) + (%gpg-command))) + (current-keyring + (or (assoc-ref opts 'keyring) + (string-append (config-directory) + "/upstream/trustedkeys.kbx")))) (for-each (cut update-package store <> updaters #:key-download key-download -- 2.18.0 From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 09 22:00:20 2018 Received: (at submit) by debbugs.gnu.org; 10 Sep 2018 02:00:20 +0000 Received: from localhost ([127.0.0.1]:51621 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fzBUy-0004HZ-KS for submit@debbugs.gnu.org; Sun, 09 Sep 2018 22:00:20 -0400 Received: from eggs.gnu.org ([208.118.235.92]:42602) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fzBUw-0004HI-Bu for submit@debbugs.gnu.org; Sun, 09 Sep 2018 22:00:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fzBUq-0002oZ-Ee for submit@debbugs.gnu.org; Sun, 09 Sep 2018 22:00:13 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:59346) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fzBUp-0002o9-IL for submit@debbugs.gnu.org; Sun, 09 Sep 2018 22:00:12 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:35346) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fzBUo-0001Or-Pm for guix-patches@gnu.org; Sun, 09 Sep 2018 22:00:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fzBUn-0002nY-Vl for guix-patches@gnu.org; Sun, 09 Sep 2018 22:00:10 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:55070) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fzBUS-0002fr-FN; Sun, 09 Sep 2018 21:59:48 -0400 Received: from localhost ([::1]:48144 helo=mikegerwitz-pc.gerwitz.local) by fencepost.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1fzBUR-00049C-6R; Sun, 09 Sep 2018 21:59:48 -0400 From: Mike Gerwitz To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [PATCH 0/1] Use gpgv and keybox files for 'guix refresh' & co. Date: Sun, 09 Sep 2018 21:55:33 -0400 Message-ID: <87ftyiru96.fsf@gnu.org> References: <20180909204335.21400-1-ludo@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) OpenPGP: id=22175B02E626BC98D7C0C2E5F22BB8158EE30EAB MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit Cc: Vagrant Cascadian , Mark H Weaver , guix-patches@gnu.org, Leo Famulari X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Sun, Sep 09, 2018 at 22:43:35 +0200, Ludovic Court=C3=A8s wrote: > A significant difference compared to =E2=80=98gpg --verify=E2=80=99 is th= at it doesn=E2=80=99t > check whether keys are expired or revoked; all that matters is whether > the signature is valid and whether the signing key is in the specified > keyring. I think that=E2=80=99s what we want when checking the signature= of a > tarball or Git commit. Agreed. Git's use of `gpg --verify' is particularly annoying for this. > Unfortunately the keybox format and tools are poorly documented, which > is why I gave examples on how to do that in guix.texi. Thank you! > Feedback welcome! LGTM. Thanks for CC'ing. =2D-=20 Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJblc8VAAoJEIyRe39dxRuitS8P/2N/QFGJnl7zeUx5uMRrFbRz 2YProY8RClp0zmqVpHbzPCuQ3rcW7lVeOgA9iV+DtVeOPxdm0ZGt94s/afanhKtJ O0Qok2syyCVz54bO8dkJk4HXdrI0h+a9o7vhtTIjETJUMwBf1O6qZhd3BgWVSxs/ ohvRRnWsiSddW9McDXf67wPopgx+/7pXNVEX9xuPoSXO5Jd9FcClR8ADkKLe9Y7T 0ZSfbVpUaLVXqFtn83XvOgoudqwPSjDQEurYFZgg6INLsKn/BKByFdO15KKL8IuJ te6Lz0ci4YVwzmmeFr4H/ZwWUMYMPrermxjP25XUicAImLGRECCbFd6ToA7Dj26K ksRrLpik9HzuACjdP279/5D3mS2Ps3ZmHDTnStxLhBCRVfwfqnT32EVms3gzTShv QjssgVnNwYdHd6GxnKoKx1bZpSR7ZvoeJih8r82i6cMQcAqPj+NM7GFFm+b80BF/ IOfcYup2g3HNR7pT6RC+brmG+sOCB4wyoeRLT/zA+kBQ/ODeePmBBqnu/CRij0jJ QYlu0Hvr+cK39YKvjmk6Bk8YDKy+POPQ1yYv5y7pO/DSZ5bbT/0ZaNR7r0rsrMhX ngQ+6Gkct/tVQSsH6sLNmruF80goLYHpVllOIwDpEgaZZWwVthJuyChMcuk8NLCN diA8djVEwaMC04EVxa9C =siNU -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Sep 13 12:29:12 2018 Received: (at 32674) by debbugs.gnu.org; 13 Sep 2018 16:29:12 +0000 Received: from localhost ([127.0.0.1]:39429 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0UUS-0001rg-Bl for submit@debbugs.gnu.org; Thu, 13 Sep 2018 12:29:12 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:41365) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g0UUP-0001rT-1T for 32674@debbugs.gnu.org; Thu, 13 Sep 2018 12:29:10 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 7C82521C8E; Thu, 13 Sep 2018 12:29:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Thu, 13 Sep 2018 12:29:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= mesmtp; bh=QdHMlBrmHx0U/yHVebFR2Qz7CKluQRYPOPt7w2CnCfQ=; b=xEIki kiJ3ql+ewr21A7tVfOky3GUsZBU3hydLaog+379AlOsICaSuPDGwUYrJoDlj38bp suQbhxyTz3HfMxt9KrDoXeddHT/SeynZDN9IbRsjXjefc4PKz9wnb61fmCJhFwH1 UojPChsJra3JVqMsb3k0D6UQN0HWFmT2dP1ckI= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm3; bh=QdHMlBrmHx0U/yHVebFR2Qz7CKluQ RYPOPt7w2CnCfQ=; b=DG3D0qE/h0w/GmA7Ck9nXfYE5lEnO2YMEYYwRRinsv5CF 1rQ8Grblj4t8VAwtChHF4+HcLZ7PduJK80R6ZG4n0dpDoe/i137beVTeLIRpwrk7 4Tom1DHqNwehLUbdvsddhkN6qSgYKiSfMJW2+DW3XDuCL50kZvdkiPPIfu/6NqlL 1rkaHLo8A35uxiE8CGcUu7TVmBHFZEAkqcDqflV1i6+GCdQqw/HreL8/5Y6VJnQH WD4VggbmUYiT/R3QmWmBbentYSJcnL+sFZeWiS1lAXcmYw6XSI6liG0SjHrmq5mo vZLmhRRQCFM/j4J18h5gvTb6OcIPdpNwh9xVsc4+g== X-ME-Proxy: X-ME-Sender: Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 211CB102D8; Thu, 13 Sep 2018 12:29:07 -0400 (EDT) Date: Thu, 13 Sep 2018 12:29:04 -0400 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: [PATCH 0/1] Use gpgv and keybox files for 'guix refresh' & co. Message-ID: <20180913162904.GA11458@jasmine.lan> References: <20180909204335.21400-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="8t9RHnE3ZwKMSgU+" Content-Disposition: inline In-Reply-To: <20180909204335.21400-1-ludo@gnu.org> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 32674 Cc: Vagrant Cascadian , Mark H Weaver , 32674@debbugs.gnu.org, Mike Gerwitz X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 09, 2018 at 10:43:35PM +0200, Ludovic Court=C3=A8s wrote: > Hello Guix, >=20 > (Cc=E2=80=99ing people with expertise and interest in this=E2=80=A6) >=20 > This patch changes (guix gnupg) so that it uses keyrings in the =E2=80=9C= keybox=E2=80=9D > file format to store and read upstream public keys (instead of using the > user=E2=80=99s default keyring), and so that it uses =E2=80=98gpgv --keyr= ing=E2=80=99 instead > of =E2=80=98gpg --verify=E2=80=99. >=20 > =E2=80=98gpgv=E2=80=99 is specifically designed for use cases like softwa= re signature > verification against a keyring of =E2=80=9Ctrusted keys=E2=80=9D (it=E2= =80=99s used by APT and > Werner Koch recommends it=C2=B9.) A significant difference compared to > =E2=80=98gpg --verify=E2=80=99 is that it doesn=E2=80=99t check whether k= eys are expired or > revoked; all that matters is whether the signature is valid and whether > the signing key is in the specified keyring. I think that=E2=80=99s what= we > want when checking the signature of a tarball or Git commit. Great, this is a big improvement. It would be awesome if we could get similar support in Git (or find another way to authenticate our code). > This patch changes the behavior of =E2=80=98guix refresh -u=E2=80=99, whi= ch now uses, > by default, the keyring at ~/.config/guix/upstream/trustedkeys.kbx. > That means that if you already have upstream keys in your own keyring, > you=E2=80=99ll probably want to export them to this keyring. >=20 > Unfortunately the keybox format and tools are poorly documented, which > is why I gave examples on how to do that in guix.texi. >=20 > Feedback welcome! LGTM! --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAluakE0ACgkQJkb6MLrK fwj18A//SgCDztHbbpSso09CG51/CJc9RPr6vMQT3h1jbeyWyHG39uRQRoVyKDN9 YiWvM1begFmG0MjKu/g+8SJQWNNrk+tvqfu9g8FkRjQJ2Yrq+7dTIu1MYfVYlGMy XQusLfXGWiTtbYeN8JhbMpp5ErIR8OtEEpm4pxF1b9spUXGfSxbHvz+o4z1NXeUK k2ucgDK8cRQd3rq2PswuJdONyB16oUF9XgYTnCmhg4m32Ngsw8XeYCK4Cb6VRg/0 UumtzUg70Wj43hvtCgUw0uCFpglVQ1jzo9s9XzN9QBour+kEHO7Exzpy51FctoGU VDcWmKk0Ep05f9wkTM1kcXCzxWRapPPs6bUY2gW+ZBb2fOWVdP1VRNExfXIWXUTS 3hilmw1mQIKpfiOPjChhOCEI5MYtU/xJNVAshVAvNc+09VDQOoTYJK3YSemCqy0k LqpAbHojF3nK8exDNT0zt9R/3I9lFSVPBgmrvY1heEpNrbJzUnAKNBqXLdBoqOPi aQpUYNnO1AsoKEpTUvSqA3m3y5KE35SKxtLi0JTq7hAg9QpceVTI6UtfvtA/UlS1 t3OLZmrZRAJ48FDrD6YfHWBesSmClNWFvYAd1PubsYvB1ILfZnP+cIXwhIaOmTiz gJ9W7gdAK3OrsigzLABcBcQyCnjU84QqhDpi4Zsk74XhQ8GsWIM= =4jVF -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+-- From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 16 17:02:14 2018 Received: (at 32674) by debbugs.gnu.org; 16 Sep 2018 21:02:14 +0000 Received: from localhost ([127.0.0.1]:42352 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1eBJ-00050H-Uo for submit@debbugs.gnu.org; Sun, 16 Sep 2018 17:02:14 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60263) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g1eBI-000503-2T for 32674@debbugs.gnu.org; Sun, 16 Sep 2018 17:02:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g1eBC-00007i-3j for 32674@debbugs.gnu.org; Sun, 16 Sep 2018 17:02:06 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34979) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g1eBB-00007V-Vm; Sun, 16 Sep 2018 17:02:06 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=42944 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1g1eBB-0004Ev-M0; Sun, 16 Sep 2018 17:02:05 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Leo Famulari Subject: Re: [bug#32674] [PATCH 0/1] Use gpgv and keybox files for 'guix refresh' & co. References: <20180909204335.21400-1-ludo@gnu.org> <20180913162904.GA11458@jasmine.lan> Date: Sun, 16 Sep 2018 23:02:04 +0200 In-Reply-To: <20180913162904.GA11458@jasmine.lan> (Leo Famulari's message of "Thu, 13 Sep 2018 12:29:04 -0400") Message-ID: <87y3c1dulv.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 32674 Cc: Vagrant Cascadian , Mark H Weaver , 32674@debbugs.gnu.org, Mike Gerwitz X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hello, Leo Famulari skribis: > On Sun, Sep 09, 2018 at 10:43:35PM +0200, Ludovic Court=C3=A8s wrote: >> Hello Guix, >>=20 >> (Cc=E2=80=99ing people with expertise and interest in this=E2=80=A6) >>=20 >> This patch changes (guix gnupg) so that it uses keyrings in the =E2=80= =9Ckeybox=E2=80=9D >> file format to store and read upstream public keys (instead of using the >> user=E2=80=99s default keyring), and so that it uses =E2=80=98gpgv --key= ring=E2=80=99 instead >> of =E2=80=98gpg --verify=E2=80=99. >>=20 >> =E2=80=98gpgv=E2=80=99 is specifically designed for use cases like softw= are signature >> verification against a keyring of =E2=80=9Ctrusted keys=E2=80=9D (it=E2= =80=99s used by APT and >> Werner Koch recommends it=C2=B9.) A significant difference compared to >> =E2=80=98gpg --verify=E2=80=99 is that it doesn=E2=80=99t check whether = keys are expired or >> revoked; all that matters is whether the signature is valid and whether >> the signing key is in the specified keyring. I think that=E2=80=99s wha= t we >> want when checking the signature of a tarball or Git commit. > > Great, this is a big improvement. It would be awesome if we could get > similar support in Git (or find another way to authenticate our code). Yes, that was partly the motivation for this change. Pushed as b9e1fddfd8c29b2fa6252ef52a75daa14aaabd3e. Thanks Mike & Leo for your feedback! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Mon Sep 17 17:07:43 2018 Received: (at control) by debbugs.gnu.org; 17 Sep 2018 21:07:43 +0000 Received: from localhost ([127.0.0.1]:43420 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g20kB-0001Yd-Cf for submit@debbugs.gnu.org; Mon, 17 Sep 2018 17:07:43 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44263) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1g20k9-0001YN-1i for control@debbugs.gnu.org; Mon, 17 Sep 2018 17:07:41 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1g20k3-0000rU-Ft for control@debbugs.gnu.org; Mon, 17 Sep 2018 17:07:35 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58109) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1g20k3-0000r9-CB for control@debbugs.gnu.org; Mon, 17 Sep 2018 17:07:35 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=35690 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1g20k3-00044s-2z for control@debbugs.gnu.org; Mon, 17 Sep 2018 17:07:35 -0400 Date: Mon, 17 Sep 2018 23:07:32 +0200 Message-Id: <87tvmn4yuj.fsf@gnu.org> To: control@debbugs.gnu.org From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: control message for bug #32674 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) tags 32674 fixed close 32674 From unknown Fri Jun 20 07:24:51 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 16 Oct 2018 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator