Add comments to archive keys and acls

OpenSubmitted by Hartmut Goebel.
Details
3 participants
  • Hartmut Goebel
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Severity
wishlist
H
H
Hartmut Goebel wrote on 2 Dec 2016 18:38
(address . bug-guix@gnu.org)
5841B184.4050802@crazy-compilers.com
Hi,
the keys for authenticating an archive currently do not hold anycomment. This makes it hard to track acls and remove certain keys ifrequired.
Please implement some way to add and change the comment on keys in/etc/guix/ and in /etc/guix/acl.
Proposed usage when generating the key: guix archive --generate-key=… --comment "store.example.com"
Proposed usage when importing the key and overwriting any existing comment
guix archive --authorize --comment "store.example.com"
For now, since we have no commands for key management, these would beenough IMO. Existing commenty an easily be changed in the file, so fornow we do not need a tool for this.
-- RegardsHartmut Goebel
| Hartmut Goebel | h.goebel@crazy-compilers.com || www.crazy-compilers.com | compilers which you thought are impossible |
L
L
Leo Famulari wrote on 2 Dec 2016 19:13
(name . Hartmut Goebel)(address . h.goebel@crazy-compilers.com)(address . 25094@debbugs.gnu.org)
20161202181351.GA30572@jasmine
On Fri, Dec 02, 2016 at 06:38:12PM +0100, Hartmut Goebel wrote:
Toggle quote (6 lines)> Hi,> > the keys for authenticating an archive currently do not hold any> comment. This makes it hard to track acls and remove certain keys if> required.
Indeed, this makes key management a little harder than it needs to be.
Toggle quote (14 lines)> Please implement some way to add and change the comment on keys in> /etc/guix/ and in /etc/guix/acl.> > Proposed usage when generating the key:> guix archive --generate-key=… --comment "store.example.com"> > Proposed usage when importing the key and overwriting any existing comment> > guix archive --authorize --comment "store.example.com"> > For now, since we have no commands for key management, these would be> enough IMO. Existing commenty an easily be changed in the file, so for> now we do not need a tool for this.
I think that the comment should either be signed somehow, or the fieldname should be "untrusted-comment".
OpenBSD's signify tool (which we have a port of in Guix) does this:
------$ cat foo.pubuntrusted comment: Leo's example public keyRWRrY3me0s1DYDBfpcUKZ+ul9m8FgdZfz5+cHjxBabEsvDrjL/ecTeUL------
Minisign, which is a 3rd party tool compatible with signify, also hastrusted comments:
https://github.com/jedisct1/minisign/blob/master/src/manpage.md#notes
L
L
Ludovic Courtès wrote on 4 Dec 2016 00:55
(name . Leo Famulari)(address . leo@famulari.name)
87inr08t4h.fsf@gnu.org
Leo Famulari <leo@famulari.name> skribis:
Toggle quote (9 lines)> On Fri, Dec 02, 2016 at 06:38:12PM +0100, Hartmut Goebel wrote:>> Hi,>> >> the keys for authenticating an archive currently do not hold any>> comment. This makes it hard to track acls and remove certain keys if>> required.>> Indeed, this makes key management a little harder than it needs to be.
Agreed. The crux of the problem is that libgcrypt’s canonical sexpparser does not recognize comments.http://people.csail.mit.edu/rivest/Sexp.txt does not specify comments,which may be the reason, but other implementations of canonical sexps(such as lsh and Nettle) do recognize them, so we should just getlibgcrypt to follow suit.
Toggle quote (17 lines)>> Please implement some way to add and change the comment on keys in>> /etc/guix/ and in /etc/guix/acl.>> >> Proposed usage when generating the key:>> guix archive --generate-key=… --comment "store.example.com">> >> Proposed usage when importing the key and overwriting any existing comment>> >> guix archive --authorize --comment "store.example.com">> >> For now, since we have no commands for key management, these would be>> enough IMO. Existing commenty an easily be changed in the file, so for>> now we do not need a tool for this.>> I think that the comment should either be signed somehow, or the field> name should be "untrusted-comment".
I think it’s no different than the optional comment in OpenSSH publickeys, and it should be clear that it’s free from and untrusted bydefinition (the sexp syntax at least makes it clear that it’s a comment,as opposed to the OpenSSH public key format).
Ludo’.
L
L
Ludovic Courtès wrote on 25 Jan 2017 18:52
control message for bug #25094
(address . control@debbugs.gnu.org)
87mvefvxh4.fsf@gnu.org
severity 25094 wishlist
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 25094@debbugs.gnu.org