bug#53901: [PATCH] publish: Sign only normative narinfo fields.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#53901: [PATCH] publish: Sign only normative narinfo fields.

From:	Ludovic Courtès
Subject:	bug#53901: [PATCH] publish: Sign only normative narinfo fields.
Date:	Mon, 14 Feb 2022 11:29:26 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)

Hi,

Ludovic Courtès <ludo@gnu.org> skribis:

> This will allow mirror operators to alter the non-normative bits of a
> narinfo, such as nar URLs and compression methods, without requiring
> them to resign narinfos.
>
> * guix/scripts/publish.scm (narinfo-string): Remove
> URL/Compression/FileSize from BASE-INFO.  Move them after "Signature".
> * tests/publish.scm ("/*.narinfo")
> ("/*.narinfo with properly encoded '+' sign")
> ("/*.narinfo with lzip + gzip")
> ("with cache, lzip + gzip"): Adjust accordingly.
> * tests/substitute.scm ("query narinfo with signature over relevant subset"):
> New test.

Pushed as 6adce1538d2df6fa2d68abc13ae94e2fa826d124 with a slightly
different commit log.

After this change, there are still non-normative fields being signed:
“NarSize”, and “Deriver”:

--8<---------------cut here---------------start------------->8---
$ wget -qO - http://localhost:9999/8fpk2cja3f07xls48jfnpgrzrljpqivr.narinfo
StorePath: /gnu/store/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32
NarHash: sha256:0k0l1x5kxlsd83zg36z8kcwh3xpvfhkw8m1512vv9q2vi9c2lv2h
NarSize: 17180824
References: 094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib 
5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33 
8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32 
a38k2v29l6l0iz6pmlk4dmzwdbvl10lq-acl-2.3.1 
a7ggx0af69gv4k5mr1k617p4vy9kgx2v-libcap-2.62 
fwbiihd2sbhai63y1pvvdh0f2bakfzrf-gmp-6.2.1 
jkjs0inmzhj4vsvclbf08nmh0shm7lrf-attr-2.5.1
Deriver: y4qp5kiqg3xhgqyj67xav2ld81wpwsmw-coreutils-8.32.drv
Signature: 
1;ribbon;KHNpZ25hdHVyZSAKIChkYXRhIAogIChmbGFncyByZmM2OTc5KQogIChoYXNoIHNoYTI1NiAjOEM1OUFEMjYzNEY4MDU3REI0NTUzQkMxM0RFRUM0QkQ2NDYwRDMzMzFDOEJBN0Q5MTgwOEI4QjdDQUFGMEREMCMpCiAgKQogKHNpZy12YWwgCiAgKGVjZHNhIAogICAociAjMEYxQkZDQUM3QzcyNEZERjU4QTA1REU4NTU5NkIyRTYxOEE4OTQ4QkJCMUQ2NEUzMkM4QUE3OTlFNEU0NEIzMCMpCiAgIChzICMwMUREMkU1RTZDRkQwNURGNkI2OEM2OUEwMERBRjU2QUUwMkQ5RTRDQ0E1QjQ3RUJBNUY1MzNCMTBBMDNBMzdBIykKICAgKQogICkKIChwdWJsaWMta2V5IAogIChlY2MgCiAgIChjdXJ2ZSBFZDI1NTE5KQogICAocSAjNDYwQzg2OEJGQkM2REI2Q0JEMTdDRUZGMjE1MkFCRENDNjdFRDg5MTk1MzE2MURCN0ZBODkyQ0JBM0MxM0IwRiMpCiAgICkKICApCiApCg==
URL: nar/gzip/8fpk2cja3f07xls48jfnpgrzrljpqivr-coreutils-8.32
Compression: gzip
--8<---------------cut here---------------end--------------->8---

As suggested during the discussion with pukkamustard, we can consider
taking them out as well, though I figured we’d rather do it separately.

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#53901] [PATCH] publish: Sign only normative narinfo fields., Ludovic Courtès, 2022/02/09
- [bug#53901] [PATCH] publish: Sign only normative narinfo fields., Christopher Baines, 2022/02/09
  - [bug#53901] [PATCH] publish: Sign only normative narinfo fields., Ludovic Courtès, 2022/02/09
- [bug#53901] [PATCH] publish: Sign only normative narinfo fields., pukkamustard, 2022/02/10
  - [bug#53901] [PATCH] publish: Sign only normative narinfo fields., Ludovic Courtès, 2022/02/10
    - [bug#53901] [PATCH] publish: Sign only normative narinfo fields., pukkamustard, 2022/02/11
- bug#53901: [PATCH] publish: Sign only normative narinfo fields., Ludovic Courtès <=

Prev by Date: bug#53987: [PATCH] gnu: tiled: Update to 1.8.1.
Next by Date: bug#53607: [PATCH] git-authenticate: Test introductory commit signature verification.
Previous by thread: [bug#53901] [PATCH] publish: Sign only normative narinfo fields.
Next by thread: [bug#53902] [maintenance PATCH] talks: Add iPOP-UP 2021 seminar.
Index(es):
- Date
- Thread