[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signed archive export/import

From: Ludovic Courtès
Subject: Re: Signed archive export/import
Date: Fri, 03 Jan 2014 23:15:40 +0100
User-agent: Gnus/5.130007 (Ma Gnus v0.7) Emacs/24.3 (gnu/linux)

address@hidden (Ludovic Courtès) skribis:

> The good news is that, with a bit of work in (guix nar),
> ‘substitute-binary’ will be able to use that mechanism too.  So we can
> change Hydra to always sign its archives (simple), and
> ‘substitute-binary’ to always check signatures and check the signer
> against the ACL.  The users can choose whether or not to add
>’s public key to their ACL.

It turns out that changing Hydra to always sign is not as simple as I
initially thought, because it doesn’t export archives via the
‘export-paths’ RPC (the one that knows how to sign them.)

So we’re back to discussing another approach with the (apparently
unmotivated) Hydra folks, probably adding a ‘Signature’ field to the
.narinfo files (see
<> and

Anyone knowledgeable with Perl, Nix, and diplomacy is welcome here.  :-)

We should also start thinking more about decentralized distribution.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]