Re: Secure GNU Guix offloading

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure GNU Guix offloading

From:	Ludovic Courtès
Subject:	Re: Secure GNU Guix offloading
Date:	Tue, 30 Mar 2021 10:26:44 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Hi!

Léo Le Bouter <lle-bout@zaclys.net> skribis:

> I don't want to give more access than what SSH non-root access would
> give, and I think it would be possible to do something helpful in GNU
> Guix offloading so it can work even without the offload machine
> trusting the client's store public signing key.

One possibility would be to give SSH access and nothing more.  That
would allow hackers to run:

  GUIX_DAEMON_SOCKET=ssh://leo.example.org guix build whatever

Users would still be able to retrieve build results from your machine
via ‘guix copy’ or an instance of ‘guix publish’ running on the machine.

HTH!

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Secure GNU Guix offloading, Léo Le Bouter, 2021/03/23
- Re: Secure GNU Guix offloading, Ludovic Courtès <=

Prev by Date: Re: Let's include powerpc64le-linux in the next release
Next by Date: Re: A proposal for better quality in maintenance of packages by reducing scope
Previous by thread: Secure GNU Guix offloading
Next by thread: A proposal for better quality in maintenance of packages by reducing scope
Index(es):
- Date
- Thread