[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Guix and remote trust
From: |
zimoun |
Subject: |
Re: Guix and remote trust |
Date: |
Fri, 13 Dec 2019 12:05:58 +0100 |
Hi Pierre,
Sorry if I am dumb but I do not understand what is your use-case and
what you try to achieve.
I imagine... so maybe I am totally out of your scope.
Let consider Alice and Bob and 2 machines: aneto and balaitou.
Alice runs aneto, it is her local machine.
And she has an SSH access to balitou. And say this access is non-root,
only Bob has root access on balaitou.
Your question is: how can Alice be sure that she runs the same
binaries on aneto and balaitou? other said how can she detect baloitou
has been compromised?
Is it your use-case?
If yes, Alice can :
1. check the integrity on the balaitou machine by running "guix gc --verify"
2. publish the store of aneto with "guix publish"
3. challenge the store of balaitou against the store of aneto with
"guix challenge"
Does not fit your use-case?
Cheers,
simon