GNU bug report logs - #36956
[PATCH] machine: Automatically authorize the coordinator's signing key.

Previous Next

Package: guix-patches;

Reported by: zerodaysfordays <at> sdf.lonestar.org (Jakob L. Kreuze)

Date: Wed, 7 Aug 2019 12:49:02 UTC

Severity: normal

Tags: patch

Done: Christopher Lemmer Webber <cwebber <at> dustycloud.org>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 36956 <at> debbugs.gnu.org (full text, mbox):

From: zerodaysfordays <at> sdf.lonestar.org (Jakob L. Kreuze)
To: Christopher Lemmer Webber <cwebber <at> dustycloud.org>,
 Ricardo Wurmus <rekado <at> elephly.net>
Cc: 36956 <at> debbugs.gnu.org
Subject: Re: [bug#36956] [PATCH] machine: Automatically authorize the
 coordinator's signing key.
Date: Wed, 07 Aug 2019 16:52:33 -0400

[Message part 1 (text/plain, inline)]
Hi Chris and Ricardo,

Christopher Lemmer Webber <cwebber <at> dustycloud.org> writes:

> This seems like a good usability improvement. For clarity, I assume
> that it's still configurable, however? Would be important if pushing
> builds to a different machine.

No, but you raise a good point :)  I'll update this patch to make it
configurable.

Ricardo Wurmus <rekado <at> elephly.net> writes:

> This will overwrite an existing acl file on the remote with a copy
> that differs only in the newly added key.
>
> Is there a chance for corruption, e.g. if acl->public-keys returns
> something unexpected?

I suppose it's possible. 'guix archive --authorize' doesn't seem to do
any specific handling for it, but it doesn't hurt to be paranoid -- we
"atomically" overwrite the GC root for the bootloader configuration, for
example, and we could do something similar here. I'll include it in the
updated patch.

Regards,
Jakob

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 6 years ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.