Hi Ludo, Am Donnerstag, den 21.10.2021, 22:13 +0200 schrieb Ludovic Courtès: > Hi! > > Liliana Marie Prikler <liliana.prik...@gmail.com> skribis: > > > let's say I wanted to add my own substitute server to my > > config.scm. > > At the time of writing, I would have to add said server's public > > key to > > the authorized-keys of my guix-configuration like so: > > (cons* (local-file "my-key.pub") %default-authorized-guix-keys) > > or similarily with append. This local-file incantation is however > > pretty weak. It changes based on the current working directory and > > even if I were to use an absolute path, I'd have to copy both that > > file > > and the config.scm to a new machine were I to use the same > > configuration there as well. > > Note that you could use ‘plain-file’ instead of ‘local-file’ and > inline the key canonical sexp in there. Yes, but for that I'd have to either write a (multi-line) string directly, which visibly "breaks" indentation of the rest of the file, or somehow generate a string which adds at least one layer of indentation. The former is imo unacceptable, the latter merely inconvenient.
> > However, it turns out that the format for said key files is some > > actually pretty readable Lisp-esque stuff. For instance, an ECC > > key reads like > > (public-key (ecc (curve CURVE) (q #Q#))) > > with spaces omitted for simplicity. > > Were it not for the (q #Q#) bit, we could construct it using > > scheme-file. In fact, it is so simple that in my local config I > > now do exactly that. > > Yeah it’s frustrating that canonical sexps are almost, but not quite, > Scheme sexps. :-) > > (gcrypt pk-crypto) has a ‘canonical-sexp->sexp’ procedure: > > --8<---------------cut here---------------start------------->8--- > scheme@(guile-user)> ,use(gcrypt pk-crypto) > scheme@(guile-user)> ,use(rnrs io ports) > scheme@(guile-user)> (string->canonical-sexp > (call-with-input-file > "etc/substitutes/ci.guix.info.pub" > get-string-all)) > $18 = #<canonical-sexp 7fce7f4e8b40 | 15d96a0> > scheme@(guile-user)> ,pp (canonical-sexp->sexp $18) > $19 = (public-key > (ecc (curve Ed25519) > (q #vu8(141 21 111 41 93 36 176 217 168 111 165 116 26 132 15 > 242 210 79 96 247 182 196 19 72 20 173 85 98 89 113 179 148)))) > --8<---------------cut here---------------end--------------->8--- > > > (define-record-type* <ecc-key> ...) > > (define-gexp-compiler (ecc-key-compiler (ecc-key <ecc-key>) ...) > > ...) > > > > (ecc-key > > (name "my-key.pub") > > (curve 'Ed25519) > > (q "ABCDE...")) > > > > Could/should we support such formats out of the box? WDYT? > > With this approach, we’d end up mirroring all the canonical sexps > used by libgcrypt, which doesn’t sound great from a maintenance POV. Given that we can use canonical sexps, what about a single canonical- sexp compiler then? I'd have to think about this a bit more when I have the time to, but having a way of writing the canonical sexp "directly" would imo be advantageous. > Would providing an example in the doc that uses ‘canonical-sexp- > >sexp’ and its dual help? I'm not sure whether it'd be in the doc or as a cookbook entry, but providing an example would in my opinion definitely help. I'll take a closer look at guile-gcrypt later. Hopefully they have scheme-ified constructors for everything, which would make this quite simple. Thanks, Liliana
