From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 09 12:52:44 2022 Received: (at submit) by debbugs.gnu.org; 9 Feb 2022 17:52:44 +0000 Received: from localhost ([127.0.0.1]:52558 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHr92-0002lt-53 for submit@debbugs.gnu.org; Wed, 09 Feb 2022 12:52:44 -0500 Received: from lists.gnu.org ([209.51.188.17]:60226) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHr8z-0002lk-Pp for submit@debbugs.gnu.org; Wed, 09 Feb 2022 12:52:42 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50276) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nHr8y-0005zd-Jn for guix-patches@gnu.org; Wed, 09 Feb 2022 12:52:41 -0500 Received: from [2001:470:142:3::e] (port=34954 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nHr8x-0005DT-Rt; Wed, 09 Feb 2022 12:52:39 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=1CdmnTSPP2n0ZPgtc6XWW18BZ6hSiR1GDSzFSIjLDD0=; b=XlCNsnyQfGaKRu ibNG/3qR/luk1kdyQBPCZwawgqRJFKgl6lk+ZeKUi78HN3WdIKTYYg1RCFY9xcu2X0R89Y4nLHX83 NXSQwViF8I2olsuNY4vCNNfA+LOSpUrcXPo0/+BqjeIUh2YDNfHYMbEVs1js6zPscFTDtyoSvZ1Rp fA8POVPQ2Y9wIdyM279hBZNt2lUCRkuqSXhfQiV4eP7e+hMCgxw4ptT8IDPHdBbxjKC7ARL+My3iu JLUrSixYFjtt6G/6xvR3CNuvx+d62v2Jxfy9AkUOPPYQ0WLE93d4cmzZxWpyLtNvT++66u4VpRNkn emKJ5ubETIS6sxlM+PxQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:56738 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nHr8x-0007CJ-8i; Wed, 09 Feb 2022 12:52:39 -0500 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH] publish: Sign only normative narinfo fields. Date: Wed, 9 Feb 2022 18:52:24 +0100 Message-Id: <20220209175224.26851-1-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This will allow mirror operators to alter the non-normative bits of a narinfo, such as nar URLs and compression methods, without requiring them to resign narinfos. * guix/scripts/publish.scm (narinfo-string): Remove URL/Compression/FileSize from BASE-INFO. Move them after "Signature". * tests/publish.scm ("/*.narinfo") ("/*.narinfo with properly encoded '+' sign") ("/*.narinfo with lzip + gzip") ("with cache, lzip + gzip"): Adjust accordingly. * tests/substitute.scm ("query narinfo with signature over relevant subset"): New test. --- guix/scripts/publish.scm | 29 +++++++++++-------- tests/publish.scm | 61 ++++++++++++++++++++++++---------------- tests/substitute.scm | 25 +++++++++++++++- 3 files changed, 77 insertions(+), 38 deletions(-) Hello! As discussed on IRC and on guix-sysadmin, narinfos currently produced by ‘guix publish’ includes a signature that covers everything, including “non-normative” bits such as nar URLs, compression method, etc.: --8<---------------cut here---------------start------------->8--- $ wget -qO - https://ci.guix.gnu.org/8fpk2cja3f07xls48jfnpgrzrljpqivr.narinfo StorePath: /gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 URL: nar/gzip/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 Compression: gzip FileSize: 6337529 URL: nar/lzip/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 Compression: lzip FileSize: 2533971 URL: nar/zstd/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 Compression: zstd FileSize: 2767372 NarHash: sha256:0k0l1x5kxlsd83zg36z8kcwh3xpvfhkw8m1512vv9q2vi9c2lv2h NarSize: 17180824 References: 094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib 5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33 8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 a38k2v29l6l0iz6pmlk4dmzwdbvl10lq-acl-2.3.1 a7ggx0af69gv4k5mr1k617p4vy9kgx2v-libcap-2.62 fwbiihd2sbhai63y1pvvdh0f2bakfzrf-gmp-6.2.1 jkjs0inmzhj4vsvclbf08nmh0shm7lrf-attr-2.5.1 Deriver: y4qp5kiqg3xhgqyj67xav2ld81wpwsmw-coreutils-8.32.drv Signature: 1;berlin.guix.gnu.org;KHNpZ25hdHVyZSAKIChkYXRhIAogIChmbGFncyByZmM2OTc5KQogIChoYXNoIHNoYTI1NiAjODQyQjU4MTY5NTEwNkExNUQyRTBDRTgzRDA0MjUxRUMzMDgzMTVCRUIyODQzRkVENkM1RkY0N0I0RjBFRTE5NSMpCiAgKQogKHNpZy12YWwgCiAgKGVjZHNhIAogICAociAjMEE5QUQxNkJDQUExREQ1NkRGRUQ4QTUwQUZBODNFQzlEOUVBNDdFQUVBQUU2OTFBQzk3NDdDNkQ4MDcyOEY5RiMpCiAgIChzICMwM0ZGM0Y3NzJFQkU5OUY2M0YzNTEzMUFBQkY0MUVENzBBRjUwRDE4Mzc2RTM1QzUwN0NEQUQwQUE4NjRFQTk5IykKICAgKQogICkKIChwdWJsaWMta2V5IAogIChlY2MgCiAgIChjdXJ2ZSBFZDI1NTE5KQogICAocSAjOEQxNTZGMjk1RDI0QjBEOUE4NkZBNTc0MUE4NDBGRjJEMjRGNjBGN0I2QzQxMzQ4MTRBRDU1NjI1OTcxQjM5NCMpCiAgICkKICApCiApCg== --8<---------------cut here---------------end--------------->8--- A consequence is that a mirror operator who’d like to, say, remove some of the compression methods cannot do that, unless they are in a position to resign narinfos. This patch fixes it by computing the signature over the normative fields only (plus the “Deriver” field, although it’s not strictly necessary). The result looks like this: --8<---------------cut here---------------start------------->8--- $ wget -qO - http://localhost:9999/8fpk2cja3f07xls48jfnpgrzrljpqivr.narinfo StorePath: /gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 NarHash: sha256:0k0l1x5kxlsd83zg36z8kcwh3xpvfhkw8m1512vv9q2vi9c2lv2h NarSize: 17180824 References: 094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib 5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33 8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 a38k2v29l6l0iz6pmlk4dmzwdbvl10lq-acl-2.3.1 a7ggx0af69gv4k5mr1k617p4vy9kgx2v-libcap-2.62 fwbiihd2sbhai63y1pvvdh0f2bakfzrf-gmp-6.2.1 jkjs0inmzhj4vsvclbf08nmh0shm7lrf-attr-2.5.1 Deriver: y4qp5kiqg3xhgqyj67xav2ld81wpwsmw-coreutils-8.32.drv Signature: 1;ribbon;KHNpZ25hdHVyZSAKIChkYXRhIAogIChmbGFncyByZmM2OTc5KQogIChoYXNoIHNoYTI1NiAjOEM1OUFEMjYzNEY4MDU3REI0NTUzQkMxM0RFRUM0QkQ2NDYwRDMzMzFDOEJBN0Q5MTgwOEI4QjdDQUFGMEREMCMpCiAgKQogKHNpZy12YWwgCiAgKGVjZHNhIAogICAociAjMEYxQkZDQUM3QzcyNEZERjU4QTA1REU4NTU5NkIyRTYxOEE4OTQ4QkJCMUQ2NEUzMkM4QUE3OTlFNEU0NEIzMCMpCiAgIChzICMwMUREMkU1RTZDRkQwNURGNkI2OEM2OUEwMERBRjU2QUUwMkQ5RTRDQ0E1QjQ3RUJBNUY1MzNCMTBBMDNBMzdBIykKICAgKQogICkKIChwdWJsaWMta2V5IAogIChlY2MgCiAgIChjdXJ2ZSBFZDI1NTE5KQogICAocSAjNDYwQzg2OEJGQkM2REI2Q0JEMTdDRUZGMjE1MkFCRENDNjdFRDg5MTk1MzE2MURCN0ZBODkyQ0JBM0MxM0IwRiMpCiAgICkKICApCiApCg== URL: nar/gzip/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 Compression: gzip --8<---------------cut here---------------end--------------->8--- Notice that URL/Compression come after the signature. I added a test to ‘tests/substitute.scm’ to be entirely sure that (guix narinfo) handles these correctly. Thoughts? Thanks, Ludo’. diff --git a/guix/scripts/publish.scm b/guix/scripts/publish.scm index 6e2b4368da..870dfc11e9 100644 --- a/guix/scripts/publish.scm +++ b/guix/scripts/publish.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson ;;; Copyright © 2020 by Amar M. Singh -;;; Copyright © 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès +;;; Copyright © 2015-2022 Ludovic Courtès ;;; Copyright © 2020 Maxim Cournoyer ;;; Copyright © 2021 Simon Tournier ;;; Copyright © 2021 Mathieu Othacehe @@ -345,20 +345,10 @@ (define* (narinfo-string store store-path (base-info (format #f "\ StorePath: ~a -~{~a~}\ NarHash: sha256:~a NarSize: ~d References: ~a~%" store-path - (map (lambda (compression) - (let ((size (assoc-ref file-sizes - compression))) - (store-item->recutils store-path - #:file-size size - #:nar-path nar-path - #:compression - compression))) - compressions) hash size references)) ;; Do not render a "Deriver" line if we are rendering info for a ;; derivation. Also do not render a "System" line that would be @@ -369,7 +359,22 @@ (define* (narinfo-string store store-path base-info (basename deriver)))) (signature (base64-encode-string (canonical-sexp->string (signed-string info))))) - (format #f "~aSignature: 1;~a;~a~%" info (gethostname) signature))) + (format #f "~aSignature: 1;~a;~a~%~{~a~}" + info (gethostname) signature + + ;; Move information about the actual nars + ;; (URL/Compression/FileSize) *after* the normative part that is + ;; signed. That makes it possible to alter these bits of the + ;; narinfo without having to resign them. + (map (lambda (compression) + (let ((size (assoc-ref file-sizes + compression))) + (store-item->recutils store-path + #:file-size size + #:nar-path nar-path + #:compression + compression))) + compressions)))) (define* (not-found request #:key (phrase "Resource not found") diff --git a/tests/publish.scm b/tests/publish.scm index e3c27c5eea..47c5eabca0 100644 --- a/tests/publish.scm +++ b/tests/publish.scm @@ -142,15 +142,10 @@ (define %gzip-magic-bytes (unsigned-info (format #f "StorePath: ~a -URL: nar/~a -Compression: none -FileSize: ~a NarHash: sha256:~a NarSize: ~d References: ~a~%" %item - (basename %item) - (path-info-nar-size info) (bytevector->nix-base32-string (path-info-hash info)) (path-info-nar-size info) @@ -159,8 +154,13 @@ (define %gzip-magic-bytes (string->utf8 (canonical-sexp->string (signed-string unsigned-info)))))) - (format #f "~aSignature: 1;~a;~a~%" - unsigned-info (gethostname) signature)) + (format #f "~aSignature: 1;~a;~a +URL: nar/~a +Compression: none +FileSize: ~a\n" + unsigned-info (gethostname) signature + (basename %item) + (path-info-nar-size info))) (utf8->string (http-get-body (publish-uri @@ -173,15 +173,10 @@ (define %gzip-magic-bytes (unsigned-info (format #f "StorePath: ~a -URL: nar/~a -Compression: none -FileSize: ~a NarHash: sha256:~a NarSize: ~d References: ~%" item - (uri-encode (basename item)) - (path-info-nar-size info) (bytevector->nix-base32-string (path-info-hash info)) (path-info-nar-size info))) @@ -189,8 +184,13 @@ (define %gzip-magic-bytes (string->utf8 (canonical-sexp->string (signed-string unsigned-info)))))) - (format #f "~aSignature: 1;~a;~a~%" - unsigned-info (gethostname) signature)) + (format #f "~aSignature: 1;~a;~a +URL: nar/~a +Compression: none +FileSize: ~a~%" + unsigned-info (gethostname) signature + (uri-encode (basename item)) + (path-info-nar-size info))) (let ((item (add-text-to-store %store "fake-gtk+" "Congrats!"))) (utf8->string @@ -324,7 +324,12 @@ (define %gzip-magic-bytes (part (store-path-hash-part %item)) (url (string-append base part ".narinfo")) (body (http-get-port url))) - (list (take (recutils->alist body) 5) + (list (filter (match-lambda + (("StorePath" . _) #t) + (("URL" . _) #t) + (("Compression" . _) #t) + (_ #f)) + (recutils->alist body)) (response-code (http-get (string-append base "nar/gzip/" (basename %item)))) @@ -504,16 +509,22 @@ (define %gzip-magic-bytes (basename %item)))) (and (file-exists? (nar "gzip")) (file-exists? (nar "lzip")) - (equal? (take (pk 'narinfo/gzip+lzip narinfo) 7) - `(("StorePath" . ,%item) - ("URL" . ,(nar-url "gzip")) - ("Compression" . "gzip") - ("FileSize" . ,(number->string - (stat:size (stat (nar "gzip"))))) - ("URL" . ,(nar-url "lzip")) - ("Compression" . "lzip") - ("FileSize" . ,(number->string - (stat:size (stat (nar "lzip"))))))) + (match (pk 'narinfo/gzip+lzip narinfo) + ((("StorePath" . path) + _ ... + ("Signature" . _) + ("URL" . gzip-url) + ("Compression" . "gzip") + ("FileSize" . (= string->number gzip-size)) + ("URL" . lzip-url) + ("Compression" . "lzip") + ("FileSize" . (= string->number lzip-size))) + (and (string=? gzip-url (nar-url "gzip")) + (string=? lzip-url (nar-url "lzip")) + (= gzip-size + (stat:size (stat (nar "gzip")))) + (= lzip-size + (stat:size (stat (nar "lzip"))))))) (list (response-code (http-get (string-append base (nar-url "gzip")))) (response-code diff --git a/tests/substitute.scm b/tests/substitute.scm index 21b513e1d8..049e6ba762 100644 --- a/tests/substitute.scm +++ b/tests/substitute.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2014 Nikita Karetnikov -;;; Copyright © 2014, 2015, 2017, 2018, 2019, 2021 Ludovic Courtès +;;; Copyright © 2014-2015, 2017-2019, 2021-2022 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; @@ -268,6 +268,29 @@ (define-syntax-rule (with-narinfo* narinfo directory body ...) (lambda () (guix-substitute "--query"))))))))) +(test-equal "query narinfo with signature over relevant subset" + ;; The signature covers the StorePath/NarHash/References tuple, so it is + ;; valid; it does not cover non-normative fields, which is fine. + (string-append (%store-prefix) "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo") + + (let ((prefix (string-append "StorePath: " (%store-prefix) + "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo +NarHash: sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +References: bar baz\n"))) + (with-narinfo (string-append prefix + "Signature: " (signature-field prefix) " +URL: example.nar +Compression: none +NarSize: 42 +Deriver: " (%store-prefix) "/foo.drv") + (string-trim-both + (with-output-to-string + (lambda () + (with-input-from-string (string-append "have " (%store-prefix) + "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo") + (lambda () + (guix-substitute "--query"))))))))) + (test-equal "query narinfo signed with authorized key" (string-append (%store-prefix) "/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-foo") -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 09 13:33:36 2022 Received: (at 53901) by debbugs.gnu.org; 9 Feb 2022 18:33:36 +0000 Received: from localhost ([127.0.0.1]:52617 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHrmZ-0003ur-P3 for submit@debbugs.gnu.org; Wed, 09 Feb 2022 13:33:35 -0500 Received: from mira.cbaines.net ([212.71.252.8]:41272) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHrmW-0003ug-BV for 53901@debbugs.gnu.org; Wed, 09 Feb 2022 13:33:33 -0500 Received: from localhost (unknown [IPv6:2a02:8010:68c1:0:8ac0:b4c7:f5c8:7caa]) by mira.cbaines.net (Postfix) with ESMTPSA id 5E51B27BBE9; Wed, 9 Feb 2022 18:33:31 +0000 (GMT) Received: from capella (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 57dce6da; Wed, 9 Feb 2022 18:33:30 +0000 (UTC) References: <20220209175224.26851-1-ludo@gnu.org> User-agent: mu4e 1.6.10; emacs 27.2 From: Christopher Baines To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#53901] [PATCH] publish: Sign only normative narinfo fields. Date: Wed, 09 Feb 2022 18:29:10 +0000 In-reply-to: <20220209175224.26851-1-ludo@gnu.org> Message-ID: <87leyjevpk.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 53901 Cc: 53901@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: > A consequence is that a mirror operator who=E2=80=99d like to, say, > remove some of the compression methods cannot do that, unless they > are in a position to resign narinfos. > > This patch fixes it by computing the signature over the normative > fields only (plus the =E2=80=9CDeriver=E2=80=9D field, although it=E2=80= =99s not strictly > necessary). The result looks like this: ... > Notice that URL/Compression come after the signature. > > I added a test to =E2=80=98tests/substitute.scm=E2=80=99 to be entirely s= ure > that (guix narinfo) handles these correctly. > > Thoughts? This sounds good to me. Going back to talk of enabling zstd substitutes on bordeaux.guix.gnu.org, this approach will be really helpful, as it means it's something the nar-herder can do, without needing the signing key. Also, at some point, it would be good to move narinfo-string out to (guix narinfo), which would allow for the build coordinator to use it, rather than it's own implementation. Thanks, Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmIECPdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh aW5lcy5uZXQACgkQXiijOwuE9XfKBRAArkJsZv7aTEhIldKXMIE35huSmImC0ViN K/Gsm8+p4zu/slKfY7+jaEV1+u4480Db54B67qswnvdoT2QX92Y5WBmoGaVtYV6s MYdcjXZW9vXSGvzkyu+8BQFNs285jH7DZ4wqLger4u0gPj+OqqugokRn02ewZMYB /uzyW6nbdEHfp34ynGy8QuUaeaZJuwpAUDl6vZTwbvPHCQIrTY5OxrTOOpbUS9Fn LTXOpBimcVTmaMySr0kgOTZm0l2AqKSxi7+U7bUz2AOkfEsE4sJvk13RFJI8LE0Z KQvPusFED5CjzUGEi3RIcN7CHrWFlMPak4JicW+IBCbi1ErtDlGBcJa+/me2MNsW p2n66nIQ5TQtrh0+SI410SKS7Q7NkbvZGDcT8C8PB4jY44sc9Rm81ZMbsYepZF8c zF0KCYEp95Vq9pwRDi6ibA5h7YCm8oStupxiAqRdAuP62yVOjpgibiLAIiP+X4YG X4HvElY0ScWpEUQmeDboCGZi46vRU081OaEi2sjxRSDN1607ame305jLEKHwLkS0 MmzP3w2x+e7WUZvAMMLNWmtMpC4lr1ZHFSdXuvu0uIcY9Hw6Df7Ysz/QGgiHkCN3 +mg8BAw5/cq2YkMh2VN0lW54bvu+jrFglkHWzzoAuSP8AoGOR1/VTEH7UDskkY3f lySIcqMNN3g= =owb9 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 09 16:49:55 2022 Received: (at 53901) by debbugs.gnu.org; 9 Feb 2022 21:49:55 +0000 Received: from localhost ([127.0.0.1]:53003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHuqZ-0005tq-4n for submit@debbugs.gnu.org; Wed, 09 Feb 2022 16:49:55 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:35754) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nHuqX-0005td-2s for 53901@debbugs.gnu.org; Wed, 09 Feb 2022 16:49:54 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 69DB6B12; Wed, 9 Feb 2022 22:49:46 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vCOMOz4Tqr6a; Wed, 9 Feb 2022 22:49:45 +0100 (CET) Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 3B20A1EF; Wed, 9 Feb 2022 22:49:45 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Christopher Baines Subject: Re: bug#53901: [PATCH] publish: Sign only normative narinfo fields. References: <20220209175224.26851-1-ludo@gnu.org> <87leyjevpk.fsf@cbaines.net> Date: Wed, 09 Feb 2022 22:49:44 +0100 In-Reply-To: <87leyjevpk.fsf@cbaines.net> (Christopher Baines's message of "Wed, 09 Feb 2022 18:29:10 +0000") Message-ID: <87a6ez7ls7.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: 69DB6B12 X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 53901 Cc: 53901@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hi Chris, Christopher Baines skribis: > This sounds good to me. Coolio. > Going back to talk of enabling zstd substitutes on > bordeaux.guix.gnu.org, this approach will be really helpful, as it means > it's something the nar-herder can do, without needing the signing key. Yes, it=E2=80=99s much better this way. (And I think it=E2=80=99s importan= t to provide zstd substitutes for a good user experience.) > Also, at some point, it would be good to move narinfo-string out to > (guix narinfo), which would allow for the build coordinator to use it, > rather than it's own implementation. So if it uses its own implementation, it won=E2=80=99t benefit from this pa= tch right directly, right? Anyhow I agree, we should move =E2=80=98narinfo-string=E2=80=99 to (guix na= rinfo). I=E2=80=99ll take a look if you don=E2=80=99t beat me at it! :-) Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 10 04:18:54 2022 Received: (at 53901) by debbugs.gnu.org; 10 Feb 2022 09:18:54 +0000 Received: from localhost ([127.0.0.1]:53953 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nI5bK-000270-DO for submit@debbugs.gnu.org; Thu, 10 Feb 2022 04:18:54 -0500 Received: from mout02.posteo.de ([185.67.36.66]:54911) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nI5bI-00026f-TS for 53901@debbugs.gnu.org; Thu, 10 Feb 2022 04:18:53 -0500 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 884D4240112 for <53901@debbugs.gnu.org>; Thu, 10 Feb 2022 10:18:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1644484726; bh=gddaFrg5vE49mDb1bwui6rRFMZ4yhQ/6mj1LOeQDW3Q=; h=From:To:Cc:Subject:Date:From; b=eRPgJbLreTMPyjrPeMf+r1LLFsTv1ecn8kXaRw09/OLTwEhIR7zNohaRaibDJwLRP EK1KaI2sqY1pIDSrCI9W9/SV9PJ3kiQh+nFODyFSQ0WL6OQizaD3iKYElRvvY4HTe9 7lYHwcz/zYzdT2uPKbFWRbIFQwM9Xj5IhcVBeVBjn2nwB1Uho9LR+slE3OmEb+UpDT Kkry1cpnvkfAcjA8L0FYY1y18HUA3B3hwl3mK5OFrzL+1A1w5x+ftvC1sVYAfgv8zH swonA709qAEP8N+AeVGWCGXcvQe4CcYeDFlFdUYuH6QOXBX78N7w1kKmWostL5639W 0mbhGTrojzqrg== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4JvWQB3YBTz6tpx; Thu, 10 Feb 2022 10:18:42 +0100 (CET) References: <20220209175224.26851-1-ludo@gnu.org> From: pukkamustard To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#53901] [PATCH] publish: Sign only normative narinfo fields. Date: Thu, 10 Feb 2022 09:00:12 +0000 In-reply-to: <20220209175224.26851-1-ludo@gnu.org> Message-ID: <8635kr84ge.fsf@posteo.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53901 Cc: 53901@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: > This will allow mirror operators to alter the non-normative bits of a > narinfo, such as nar URLs and compression methods, without requiring > them to resign narinfos. > > [...] > > Thoughts? Sounds good to me. Maybe we can take the opportunity to do some cleanup? For example: We could get rid of the narinfo-contents field as we only sign the fixed normative fields (in a strict order). This would also allow us to remove the verify-everything-above-signature logic. I recently tripped over the narinfo verification logic (https://issues.guix.gnu.org/52555#43) and think the changes you propose plus the simplifications above should make this security-critical code a bit easier to understand. -pukkamustard From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 10 16:09:44 2022 Received: (at 53901) by debbugs.gnu.org; 10 Feb 2022 21:09:44 +0000 Received: from localhost ([127.0.0.1]:57335 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nIGhD-0003yk-OK for submit@debbugs.gnu.org; Thu, 10 Feb 2022 16:09:44 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:39574) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nIGhB-0003yT-Dl for 53901@debbugs.gnu.org; Thu, 10 Feb 2022 16:09:42 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 2A1B5AD3; Thu, 10 Feb 2022 22:09:35 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mkJ9ErtjBwGt; Thu, 10 Feb 2022 22:09:34 +0100 (CET) Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 47569171; Thu, 10 Feb 2022 22:09:34 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: pukkamustard Subject: Re: [bug#53901] [PATCH] publish: Sign only normative narinfo fields. References: <20220209175224.26851-1-ludo@gnu.org> <8635kr84ge.fsf@posteo.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 22 =?utf-8?Q?Pluvi=C3=B4se?= an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 10 Feb 2022 22:09:33 +0100 In-Reply-To: <8635kr84ge.fsf@posteo.net> (pukkamustard@posteo.net's message of "Thu, 10 Feb 2022 09:00:12 +0000") Message-ID: <87v8xm2zua.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: 2A1B5AD3 X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 53901 Cc: 53901@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hi, pukkamustard skribis: > Ludovic Court=C3=A8s writes: > >> This will allow mirror operators to alter the non-normative bits of a >> narinfo, such as nar URLs and compression methods, without requiring >> them to resign narinfos. >> >> [...] >> >> Thoughts? > > Sounds good to me. Thanks. > Maybe we can take the opportunity to do some cleanup? > > For example: We could get rid of the narinfo-contents field as we only > sign the fixed normative fields (in a strict order). This would also > allow us to remove the verify-everything-above-signature logic. At this point, the client (narinfo consumer) cannot assume that the server signs only the normative part, and only in a specific order; this would be a protocol change (in fact, with this patch, =E2=80=98guix publish= =E2=80=99 actually also signs the =E2=80=98Deriver=E2=80=99 field although that=E2=80= =99s not a normative field; maybe I should take =E2=80=98Deriver=E2=80=99 out.) So I=E2=80=99m afraid we cannot clean that up yet. > I recently tripped over the narinfo verification logic > (https://issues.guix.gnu.org/52555#43) and think the changes you propose > plus the simplifications above should make this security-critical code a > bit easier to understand. To be fair, the relevant bit is =E2=80=98narinfo-sha256=E2=80=99, which is = 18 lines. That said, in hindsight, you=E2=80=99re right: it would have been wiser to = (1) enforce a canonical representation of narinfos, and (2) require signatures on a specific and ordered set of normative fields. The problem is that all the narinfos out there fail #2 so we=E2=80=99ll necessarily have to wait before we can really get rid of the verify-everything-above-signature logic. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 11 05:35:12 2022 Received: (at 53901) by debbugs.gnu.org; 11 Feb 2022 10:35:12 +0000 Received: from localhost ([127.0.0.1]:58403 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nITGi-0004kI-8x for submit@debbugs.gnu.org; Fri, 11 Feb 2022 05:35:12 -0500 Received: from mout02.posteo.de ([185.67.36.66]:52215) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nITGg-0004jv-Tt for 53901@debbugs.gnu.org; Fri, 11 Feb 2022 05:35:11 -0500 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id B069C240105 for <53901@debbugs.gnu.org>; Fri, 11 Feb 2022 11:35:04 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1644575704; bh=o5shgwHVV8mSipvkALuvMzGXibf1B3IqYkx+s9MMxes=; h=From:To:Cc:Subject:Date:From; b=HxCvNtIjbH7MJ6U+rl4NWFRIQNouCeDRebyz7GRNdD6W9g18Kl0PmxtDY/xPcqBLo 13Pcg5cPuaqn1XSrEQUj/B1KVee+R/jLqBoLeE5kn0pSXArs130dwgS3guEE9QpOhc OUbIKlqrAFQyS5moIZZz64e3I34EJIZrxQToQcnDVyamM3mkWFwcflVXPC64sA5K6L nCi57pzpK3M4la0XcjOT5D3I0YwKNzDURSv7lzC16mFQHk6vrxbO7C9jQ2jm2bRO0u S4Yc/RvZkFsqvSih97sffa3GMfbFnuOIQYe2j+RCMkPk8SeIpMP4Dze9h9MwnsaS4K vCPskU+09gCMw== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4Jw93q0Fm3z6tmY; Fri, 11 Feb 2022 11:35:02 +0100 (CET) References: <20220209175224.26851-1-ludo@gnu.org> <8635kr84ge.fsf@posteo.net> <87v8xm2zua.fsf@gnu.org> From: pukkamustard To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#53901] [PATCH] publish: Sign only normative narinfo fields. Date: Fri, 11 Feb 2022 10:30:45 +0000 In-reply-to: <87v8xm2zua.fsf@gnu.org> Message-ID: <86o83dvgh6.fsf@posteo.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53901 Cc: 53901@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: > [...] >=20 > At this point, the client (narinfo consumer) cannot assume that the > server signs only the normative part, and only in a specific order; this > would be a protocol change (in fact, with this patch, =E2=80=98guix publi= sh=E2=80=99 > actually also signs the =E2=80=98Deriver=E2=80=99 field although that=E2= =80=99s not a normative > field; maybe I should take =E2=80=98Deriver=E2=80=99 out.) > > So I=E2=80=99m afraid we cannot clean that up yet. Ah, yes. I didn't think of the case where the server is older than the client. Thank you for your explanation! -pukkamustard From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 14 05:29:37 2022 Received: (at 53901-done) by debbugs.gnu.org; 14 Feb 2022 10:29:37 +0000 Received: from localhost ([127.0.0.1]:39909 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nJYbx-0001p0-5Z for submit@debbugs.gnu.org; Mon, 14 Feb 2022 05:29:37 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:34694) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nJYbu-0001oe-SK for 53901-done@debbugs.gnu.org; Mon, 14 Feb 2022 05:29:35 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 3C24BB12; Mon, 14 Feb 2022 11:29:28 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zpyPBYmaLwjo; Mon, 14 Feb 2022 11:29:27 +0100 (CET) Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 1046D1CA; Mon, 14 Feb 2022 11:29:26 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 53901-done@debbugs.gnu.org Subject: Re: bug#53901: [PATCH] publish: Sign only normative narinfo fields. References: <20220209175224.26851-1-ludo@gnu.org> Date: Mon, 14 Feb 2022 11:29:26 +0100 In-Reply-To: <20220209175224.26851-1-ludo@gnu.org> ("Ludovic =?utf-8?Q?Cou?= =?utf-8?Q?rt=C3=A8s=22's?= message of "Wed, 9 Feb 2022 18:52:24 +0100") Message-ID: <8735klzqpl.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: / Authentication-Results: hera.aquilenet.fr; none X-Rspamd-Server: hera X-Rspamd-Queue-Id: 3C24BB12 X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 53901-done Cc: pukkamustard , Christopher Baines X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hi, Ludovic Court=C3=A8s skribis: > This will allow mirror operators to alter the non-normative bits of a > narinfo, such as nar URLs and compression methods, without requiring > them to resign narinfos. > > * guix/scripts/publish.scm (narinfo-string): Remove > URL/Compression/FileSize from BASE-INFO. Move them after "Signature". > * tests/publish.scm ("/*.narinfo") > ("/*.narinfo with properly encoded '+' sign") > ("/*.narinfo with lzip + gzip") > ("with cache, lzip + gzip"): Adjust accordingly. > * tests/substitute.scm ("query narinfo with signature over relevant subse= t"): > New test. Pushed as 6adce1538d2df6fa2d68abc13ae94e2fa826d124 with a slightly different commit log. After this change, there are still non-normative fields being signed: =E2=80=9CNarSize=E2=80=9D, and =E2=80=9CDeriver=E2=80=9D: --8<---------------cut here---------------start------------->8--- $ wget -qO - http://localhost:9999/8fpk2cja3f07xls48jfnpgrzrljpqivr.narinfo StorePath: /gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 NarHash: sha256:0k0l1x5kxlsd83zg36z8kcwh3xpvfhkw8m1512vv9q2vi9c2lv2h NarSize: 17180824 References: 094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib 5h2w4qi9hk1qzzg= i1w83220ydslinr4s-glibc-2.33 8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.3= 2 a38k2v29l6l0iz6pmlk4dmzwdbvl10lq-acl-2.3.1 a7ggx0af69gv4k5mr1k617p4vy9kgx= 2v-libcap-2.62 fwbiihd2sbhai63y1pvvdh0f2bakfzrf-gmp-6.2.1 jkjs0inmzhj4vsvcl= bf08nmh0shm7lrf-attr-2.5.1 Deriver: y4qp5kiqg3xhgqyj67xav2ld81wpwsmw-coreutils-8.32.drv Signature: 1;ribbon;KHNpZ25hdHVyZSAKIChkYXRhIAogIChmbGFncyByZmM2OTc5KQogICh= oYXNoIHNoYTI1NiAjOEM1OUFEMjYzNEY4MDU3REI0NTUzQkMxM0RFRUM0QkQ2NDYwRDMzMzFDOE= JBN0Q5MTgwOEI4QjdDQUFGMEREMCMpCiAgKQogKHNpZy12YWwgCiAgKGVjZHNhIAogICAociAjM= EYxQkZDQUM3QzcyNEZERjU4QTA1REU4NTU5NkIyRTYxOEE4OTQ4QkJCMUQ2NEUzMkM4QUE3OTlF= NEU0NEIzMCMpCiAgIChzICMwMUREMkU1RTZDRkQwNURGNkI2OEM2OUEwMERBRjU2QUUwMkQ5RTR= DQ0E1QjQ3RUJBNUY1MzNCMTBBMDNBMzdBIykKICAgKQogICkKIChwdWJsaWMta2V5IAogIChlY2= MgCiAgIChjdXJ2ZSBFZDI1NTE5KQogICAocSAjNDYwQzg2OEJGQkM2REI2Q0JEMTdDRUZGMjE1M= kFCRENDNjdFRDg5MTk1MzE2MURCN0ZBODkyQ0JBM0MxM0IwRiMpCiAgICkKICApCiApCg=3D=3D URL: nar/gzip/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 Compression: gzip --8<---------------cut here---------------end--------------->8--- As suggested during the discussion with pukkamustard, we can consider taking them out as well, though I figured we=E2=80=99d rather do it separat= ely. Thanks, Ludo=E2=80=99. From unknown Fri Aug 15 17:19:46 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 14 Mar 2022 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator