[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Secure GNU Guix offloading

From: Ludovic Courtès
Subject: Re: Secure GNU Guix offloading
Date: Tue, 30 Mar 2021 10:26:44 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)


Léo Le Bouter <> skribis:

> I don't want to give more access than what SSH non-root access would
> give, and I think it would be possible to do something helpful in GNU
> Guix offloading so it can work even without the offload machine
> trusting the client's store public signing key.

One possibility would be to give SSH access and nothing more.  That
would allow hackers to run:

  GUIX_DAEMON_SOCKET=ssh:// guix build whatever

Users would still be able to retrieve build results from your machine
via ‘guix copy’ or an instance of ‘guix publish’ running on the machine.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]