[bug#53901] [PATCH] publish: Sign only normative narinfo fields.

[Christopher Baines]

Ludovic Courtès <ludo@gnu.org> writes:

> A consequence is that a mirror operator who’d like to, say,
> remove some of the compression methods cannot do that, unless they
> are in a position to resign narinfos.
>
> This patch fixes it by computing the signature over the normative
> fields only (plus the “Deriver” field, although it’s not strictly
> necessary).  The result looks like this:

...

> Notice that URL/Compression come after the signature.
>
> I added a test to ‘tests/substitute.scm’ to be entirely sure
> that (guix narinfo) handles these correctly.
>
> Thoughts?

This sounds good to me.

Going back to talk of enabling zstd substitutes on
bordeaux.guix.gnu.org, this approach will be really helpful, as it means
it's something the nar-herder can do, without needing the signing key.

Also, at some point, it would be good to move narinfo-string out to
(guix narinfo), which would allow for the build coordinator to use it,
rather than it's own implementation.

Thanks,

Chris

signature.asc
Description: PGP signature