GNU bug report logs - #63972
specifying a substitute server without adding its PGP key silently ignores it

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Attila Lendvai <attila <at> lendvai.name>
Cc: 63972 <at> debbugs.gnu.org
Subject: bug#63972: specifying a substitute server without adding its PGP key silently ignores it
Date: Fri, 09 Jun 2023 16:20:00 +0200

Hi,

Attila Lendvai <attila <at> lendvai.name> skribis:

> i've installed a new guix, and at the first `guix system reconfigure` i specified a substitute server using --substitute-urls for That Other Channel. i had to do this, because the config.scm that contains the substitute specification is yet to be applied.
>
> it didn't work. it prints everything as usual, including the 100% message for that substitute server, but it starts to build packages locally for which substitutes are available. i haven't noticed any indication that there's a problem with any of the substitute servers.
>
> once i've downloaded the .pub and i finally did the right incantation (sudo guix archive --authorize < signing-key.pub), then it started to download the substitutes as i expected.
>
> i would much prefer a behavior where a "cryptyc" exception and backtrace is printed by a toplevel error handler. it has cost me about an hour of my life.

I agree we should print a message when stumbling upon unauthorized
substitutes (it’s not OpenPGP, BTW).

Note that it’s not completely trivial: you might download substitutes
not signed by one of the keys in the ACL if they happen to match
substitutes that *are* signed by one of the authorized keys.

Also, when discovery is enabled, it’s preferable to silently ignore
neighboring servers that the user did not explicitly specify via
‘--substitute-urls’.

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.