l...@gnu.org (Ludovic Courtès) skribis:
> l...@gnu.org (Ludovic Courtès) skribis:
>
>> The good news is that, with a bit of work in (guix nar),
>> ‘substitute-binary’ will be able to use that mechanism too. So we can
>> change Hydra to always sign its archives (simple), and
>> ‘substitute-binary’
l...@gnu.org (Ludovic Courtès) skribis:
> The good news is that, with a bit of work in (guix nar),
> ‘substitute-binary’ will be able to use that mechanism too. So we can
> change Hydra to always sign its archives (simple), and
> ‘substitute-binary’ to always check signatures and check the signer
ni...@lysator.liu.se (Niels Möller) skribis:
> l...@gnu.org (Ludovic Courtès) writes:
>
>> Sure, but again, all we have is a small subset of SPKI, and no
>> delegations.
>
> I think spki gets really interesting once you have delegations. I intend
> to add that to lsh, for both user and host keys.
l...@gnu.org (Ludovic Courtès) writes:
> Sure, but again, all we have is a small subset of SPKI, and no
> delegations.
I think spki gets really interesting once you have delegations. I intend
to add that to lsh, for both user and host keys. But it's been some years
without any progress on that fr
l...@gnu.org (Ludovic Courtès) writes:
> We're using SPKI-style signatures and ACLs in Guix now, to determine
> whether to authorize the import of an archive of binaries (I say
> "SPKI-style" because we don't use your libspki, just libgcrypt and a
> bunch of higher-level sexps taken from the SPKI
Hi, Niels,
Thanks for the quick feedback!
ni...@lysator.liu.se (Niels Möller) skribis:
> l...@gnu.org (Ludovic Courtès) writes:
[...]
>> libspki/lsh supports password-protected keys, with a specific sexp
>> format, whereas libgcrypt doesn't.
>
> About this format, one known problem (if it is a
Howdy!
l...@gnu.org (Ludovic Courtès) skribis:
> The modus operandi is that administrators add a libgcrypt-generated key
> pair to /etc/guix/signing-key.{pub,sec} (typically an RSA key pair).
> Exported archives are automatically signed with the secret key, and
> imported archives must carry a va
l...@gnu.org (Ludovic Courtès) skribis:
> - a ‘guix archive’ command to easily import/export archives, and to
> generate a key pair;
Done in commit 760c60d; see the doc below.
Ludo’.
3.6 Invoking ‘guix archive’
===
The ‘guix archive’ command allows users to "expo
Andreas Enge skribis:
> On Fri, Dec 20, 2013 at 06:54:50PM +0100, Ludovic Courtès wrote:
>> Could you post $top_builddir/{pk-cryto,store}.log ?
[...]
> Test begin:
> test-name: "string->gcry-sexp->string"
> Test end:
> result-kind: fail
> actual-value: ("(foo bar)" "\"Àÿî\"" "(genkey \n (
On Fri, Dec 20, 2013 at 06:54:50PM +0100, Ludovic Courtès wrote:
> Could you post $top_builddir/{pk-cryto,store}.log ?
Here they are!
Andreas
Starting test pk-crypto
Group begin: pk-crypto
Test begin:
test-name: "string->gcry-sexp->string"
Test end:
result-kind: fail
actual-value: ("(
Andreas Enge skribis:
> FAIL: tests/pk-crypto
> =
> Starting test pk-crypto (Writing full log to "pk-crypto.log")
> FAIL string->gcry-sexp->string
> # of expected passes 6
> # of unexpected failures 1
>
> using an older libgcrypt 1.5.3 from Guix; is version 1.6 req
Hello!
The check of the crypto part fails with
FAIL: tests/pk-crypto
=
Starting test pk-crypto (Writing full log to "pk-crypto.log")
FAIL string->gcry-sexp->string
# of expected passes 6
# of unexpected failures 1
using an older libgcrypt 1.5.3 from Guix; is versi
Hi!
With commit 526382f, the daemon supports exporting signed “Nix archives”
of a set of store files, and importing signed archives (using public key
crypto.) This is useful, for instance, to transfer files from one
machine to another, as is the case in a typical Hydra build farm.
The daemon is
13 matches
Mail list logo
