GNU bug report logs -
#53901
[PATCH] publish: Sign only normative narinfo fields.
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Wed, 9 Feb 2022 17:53:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #14 received at 53901 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> This will allow mirror operators to alter the non-normative bits of a
> narinfo, such as nar URLs and compression methods, without requiring
> them to resign narinfos.
>
> [...]
>
> Thoughts?
Sounds good to me.
Maybe we can take the opportunity to do some cleanup?
For example: We could get rid of the narinfo-contents field as we only
sign the fixed normative fields (in a strict order). This would also
allow us to remove the verify-everything-above-signature logic.
I recently tripped over the narinfo verification logic
(https://issues.guix.gnu.org/52555#43) and think the changes you propose
plus the simplifications above should make this security-critical code a
bit easier to understand.
-pukkamustard
This bug report was last modified 3 years and 152 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.