GNU bug report logs - #25094
Add comments to archive keys and acls

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Severity: wishlist; Reported by: Hartmut Goebel <h.goebel@HIDDEN>; dated Fri, 2 Dec 2016 17:39:01 UTC; Maintainer for guix is bug-guix@HIDDEN.
Severity set to 'wishlist' from 'normal' Request was from ludo@HIDDEN (Ludovic Courtès) to control <at> debbugs.gnu.org. Full text available.

Message received at 25094 <at> debbugs.gnu.org:


Received: (at 25094) by debbugs.gnu.org; 3 Dec 2016 23:56:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Dec 03 18:56:11 2016
Received: from localhost ([127.0.0.1]:51714 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1cDKA6-0006jj-Uz
	for submit <at> debbugs.gnu.org; Sat, 03 Dec 2016 18:56:11 -0500
Received: from eggs.gnu.org ([208.118.235.92]:36622)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1cDKA5-0006jU-GC
 for 25094 <at> debbugs.gnu.org; Sat, 03 Dec 2016 18:56:09 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <ludo@HIDDEN>) id 1cDK9x-0005Y5-Ba
 for 25094 <at> debbugs.gnu.org; Sat, 03 Dec 2016 18:56:04 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_05,RP_MATCHES_RCVD
 autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51674)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@HIDDEN>)
 id 1cDK9x-0005Y1-83; Sat, 03 Dec 2016 18:56:01 -0500
Received: from reverse-83.fdn.fr ([80.67.176.83]:36034 helo=pluto)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1cDK9w-0008WO-ER; Sat, 03 Dec 2016 18:56:00 -0500
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Leo Famulari <leo@HIDDEN>
Subject: Re: bug#25094: Add comments to archive keys and acls
References: <5841B184.4050802@HIDDEN>
 <20161202181351.GA30572@jasmine>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 14 Frimaire an 225 de la =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-unknown-linux-gnu
Date: Sun, 04 Dec 2016 00:55:58 +0100
In-Reply-To: <20161202181351.GA30572@jasmine> (Leo Famulari's message of "Fri, 
 2 Dec 2016 13:13:51 -0500")
Message-ID: <87inr08t4h.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -7.9 (-------)
X-Debbugs-Envelope-To: 25094
Cc: Hartmut Goebel <h.goebel@HIDDEN>, 25094 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -7.9 (-------)

Leo Famulari <leo@HIDDEN> skribis:

> On Fri, Dec 02, 2016 at 06:38:12PM +0100, Hartmut Goebel wrote:
>> Hi,
>>=20
>> the keys for authenticating an archive currently do not hold any
>> comment. This makes it hard to track acls and remove certain keys if
>> required.
>
> Indeed, this makes key management a little harder than it needs to be.

Agreed.  The crux of the problem is that libgcrypt=E2=80=99s canonical sexp
parser does not recognize comments.
<http://people.csail.mit.edu/rivest/Sexp.txt> does not specify comments,
which may be the reason, but other implementations of canonical sexps
(such as lsh and Nettle) do recognize them, so we should just get
libgcrypt to follow suit.

>> Please implement some way to add and change the comment on keys in
>> /etc/guix/ and in /etc/guix/acl.
>>=20
>> Proposed usage when generating the key:
>>   guix archive --generate-key=3D=E2=80=A6 --comment "store.example.com"
>>=20
>> Proposed usage when importing the key and overwriting any existing comme=
nt
>>=20
>>   guix archive --authorize --comment "store.example.com"
>>=20
>> For now, since we have no commands for key management, these would be
>> enough IMO. Existing commenty an easily be changed in the file, so for
>> now we do not need a tool for this.
>
> I think that the comment should either be signed somehow, or the field
> name should be "untrusted-comment".

I think it=E2=80=99s no different than the optional comment in OpenSSH publ=
ic
keys, and it should be clear that it=E2=80=99s free from and untrusted by
definition (the sexp syntax at least makes it clear that it=E2=80=99s a com=
ment,
as opposed to the OpenSSH public key format).

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#25094; Package guix. Full text available.

Message received at 25094 <at> debbugs.gnu.org:


Received: (at 25094) by debbugs.gnu.org; 2 Dec 2016 18:13:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 02 13:13:57 2016
Received: from localhost ([127.0.0.1]:50597 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1cCsLN-0003nT-5O
	for submit <at> debbugs.gnu.org; Fri, 02 Dec 2016 13:13:57 -0500
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:38729)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@HIDDEN>) id 1cCsLK-0003nH-Ax
 for 25094 <at> debbugs.gnu.org; Fri, 02 Dec 2016 13:13:55 -0500
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id B7190206B8;
 Fri,  2 Dec 2016 13:13:53 -0500 (EST)
Received: from frontend2 ([10.202.2.161])
 by compute4.internal (MEProxy); Fri, 02 Dec 2016 13:13:53 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=famulari.name; h=
 cc:content-transfer-encoding:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=URRg0xMq7HHDEZ8
 +MVwIvHiuHsQ=; b=qe0K/A/pn+YK+XCfJW46Hu7kPFoS8UTy2c1k73Xw30NDrCC
 +E4mmsnyIinK7u5/DjYt1wP97KQA5ueDZUAjjmI0rpR/QdOCrDYuEyZUhF2hMFxU
 s85B0BLV/bQV8YsB3EsAaNo7xIgDs9EktgRoVPpdfO16+Zmkh5o9lLfTzY1Q=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=
 smtpout; bh=URRg0xMq7HHDEZ8+MVwIvHiuHsQ=; b=gqr02prSK2cIh63qSAn8
 750qYNx/YkrBNm58Qkcs/0XUdLn6/+St6QGqM+EA24OX9YiDClQi0se7i1oJWsda
 EGsB2O/5nqcw889AWu1m0cbTO7VVg2B5r6ahTcnQ58Yd/6d1BK4sOxEJuhsD/8a8
 3iW7GtDSx5mRtg9cAUFdpA4=
X-ME-Sender: <xms:4blBWBsZTfo1mzcPaue0R_xgzX9ZvgbV15Dr4bnSPaaUfvnLZVKnHg>
X-Sasl-enc: jyDzT1X7m9N6vRmLhkzUzm1dyrgSAyLlyX/BD5kh7sve 1480702433
Received: from localhost (c-73-188-17-148.hsd1.pa.comcast.net [73.188.17.148])
 by mail.messagingengine.com (Postfix) with ESMTPA id 6EAC8247ED;
 Fri,  2 Dec 2016 13:13:53 -0500 (EST)
Date: Fri, 2 Dec 2016 13:13:51 -0500
From: Leo Famulari <leo@HIDDEN>
To: Hartmut Goebel <h.goebel@HIDDEN>
Subject: Re: bug#25094: Add comments to archive keys and acls
Message-ID: <20161202181351.GA30572@jasmine>
References: <5841B184.4050802@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <5841B184.4050802@HIDDEN>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 25094
Cc: 25094 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

On Fri, Dec 02, 2016 at 06:38:12PM +0100, Hartmut Goebel wrote:
> Hi,
> 
> the keys for authenticating an archive currently do not hold any
> comment. This makes it hard to track acls and remove certain keys if
> required.

Indeed, this makes key management a little harder than it needs to be.

> Please implement some way to add and change the comment on keys in
> /etc/guix/ and in /etc/guix/acl.
> 
> Proposed usage when generating the key:
>   guix archive --generate-key=… --comment "store.example.com"
> 
> Proposed usage when importing the key and overwriting any existing comment
> 
>   guix archive --authorize --comment "store.example.com"
> 
> For now, since we have no commands for key management, these would be
> enough IMO. Existing commenty an easily be changed in the file, so for
> now we do not need a tool for this.

I think that the comment should either be signed somehow, or the field
name should be "untrusted-comment".

OpenBSD's signify tool (which we have a port of in Guix) does this:

------
$ cat foo.pub
untrusted comment: Leo's example public key
RWRrY3me0s1DYDBfpcUKZ+ul9m8FgdZfz5+cHjxBabEsvDrjL/ecTeUL
------

Minisign, which is a 3rd party tool compatible with signify, also has
trusted comments:

https://github.com/jedisct1/minisign/blob/master/src/manpage.md#notes




Information forwarded to bug-guix@HIDDEN:
bug#25094; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 2 Dec 2016 17:38:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Dec 02 12:38:28 2016
Received: from localhost ([127.0.0.1]:50582 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1cCrn1-0002u8-Vt
	for submit <at> debbugs.gnu.org; Fri, 02 Dec 2016 12:38:28 -0500
Received: from eggs.gnu.org ([208.118.235.92]:42018)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <h.goebel@HIDDEN>) id 1cCrn0-0002tr-RE
 for submit <at> debbugs.gnu.org; Fri, 02 Dec 2016 12:38:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <h.goebel@HIDDEN>) id 1cCrmu-0002T8-Kb
 for submit <at> debbugs.gnu.org; Fri, 02 Dec 2016 12:38:21 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05 autolearn=disabled
 version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:48316)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <h.goebel@HIDDEN>)
 id 1cCrmu-0002Sv-H6
 for submit <at> debbugs.gnu.org; Fri, 02 Dec 2016 12:38:20 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:32892)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <h.goebel@HIDDEN>) id 1cCrmt-0001Hv-5z
 for bug-guix@HIDDEN; Fri, 02 Dec 2016 12:38:20 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <h.goebel@HIDDEN>) id 1cCrmq-0002On-Ji
 for bug-guix@HIDDEN; Fri, 02 Dec 2016 12:38:19 -0500
Received: from mail-out.m-online.net ([212.18.0.9]:38660)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <h.goebel@HIDDEN>)
 id 1cCrmq-0002N7-DW
 for bug-guix@HIDDEN; Fri, 02 Dec 2016 12:38:16 -0500
Received: from frontend01.mail.m-online.net (unknown [192.168.8.182])
 by mail-out.m-online.net (Postfix) with ESMTP id 3tVhFf3jNbz3hjll
 for <bug-guix@HIDDEN>; Fri,  2 Dec 2016 18:38:14 +0100 (CET)
Received: from localhost (dynscan1.mnet-online.de [192.168.6.68])
 by mail.m-online.net (Postfix) with ESMTP id 3tVhFf2vx4zvmGM
 for <bug-guix@HIDDEN>; Fri,  2 Dec 2016 18:38:14 +0100 (CET)
X-Virus-Scanned: amavisd-new at mnet-online.de
Received: from mail.mnet-online.de ([192.168.8.182])
 by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavisd-new,
 port 10024) with ESMTP id BH5uXZfW1GCy for <bug-guix@HIDDEN>;
 Fri,  2 Dec 2016 18:38:13 +0100 (CET)
Received: from hermia.goebel-consult.de
 (ppp-188-174-150-110.dynamic.mnet-online.de [188.174.150.110])
 (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
 (No client certificate requested)
 by mail.mnet-online.de (Postfix) with ESMTPS
 for <bug-guix@HIDDEN>; Fri,  2 Dec 2016 18:38:13 +0100 (CET)
Received: from [192.168.110.2] (lenashee.goebel-consult.de [192.168.110.2])
 by hermia.goebel-consult.de (Postfix) with ESMTP id 1751D603DA
 for <bug-guix@HIDDEN>; Fri,  2 Dec 2016 18:38:13 +0100 (CET)
To: bug-guix@HIDDEN
From: Hartmut Goebel <h.goebel@HIDDEN>
Subject: Add comments to archive keys and acls
Organization: crazy-compilers.com
Message-ID: <5841B184.4050802@HIDDEN>
Date: Fri, 2 Dec 2016 18:38:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.3.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

Hi,

the keys for authenticating an archive currently do not hold any
comment. This makes it hard to track acls and remove certain keys if
required.

Please implement some way to add and change the comment on keys in
/etc/guix/ and in /etc/guix/acl.

Proposed usage when generating the key:
  guix archive --generate-key=… --comment "store.example.com"

Proposed usage when importing the key and overwriting any existing comment

  guix archive --authorize --comment "store.example.com"

For now, since we have no commands for key management, these would be
enough IMO. Existing commenty an easily be changed in the file, so for
now we do not need a tool for this.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@HIDDEN               |
| www.crazy-compilers.com | compilers which you thought are impossible |





Acknowledgement sent to Hartmut Goebel <h.goebel@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#25094; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Wed, 25 Jan 2017 18:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.