From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 02 16:07:39 2018 Received: (at 22883) by debbugs.gnu.org; 2 Sep 2018 20:07:39 +0000 Received: from localhost ([127.0.0.1]:43357 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fwYep-0007y3-0Q for submit@debbugs.gnu.org; Sun, 02 Sep 2018 16:07:39 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44332) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fwYen-0007xq-A7 for 22883@debbugs.gnu.org; Sun, 02 Sep 2018 16:07:37 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fwYeh-0006j4-Dn for 22883@debbugs.gnu.org; Sun, 02 Sep 2018 16:07:32 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:57197) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fwYeh-0006j0-A5; Sun, 02 Sep 2018 16:07:31 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=42378 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1fwYeh-0003wq-2i; Sun, 02 Sep 2018 16:07:31 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Vagrant Cascadian Subject: Re: bug#22883: Trustable "guix pull" References: <87io14sqoa.fsf@dustycloud.org> <87tvnemfjh.fsf@aikidev.net> <871sab7ull.fsf@gnu.org> <87zhwz6ct4.fsf@aikidev.net> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 16 Fructidor an 226 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 02 Sep 2018 22:07:30 +0200 In-Reply-To: <87zhwz6ct4.fsf@aikidev.net> (Vagrant Cascadian's message of "Sun, 02 Sep 2018 10:15:19 -0700") Message-ID: <877ek364u5.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 22883 Cc: 22883@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Vagrant Cascadian skribis: > On 2018-09-02, Ludovic Court=C3=A8s wrote: >> Vagrant Cascadian skribis: >>> I really don't like having a custom GNUPGHOME, but I didn't see any >>> other obvious way to pass arguments to git to use a custom keyring. I >>> populated this GNUPGHOME with keys from: >>> >>> https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=3Dguix&= download=3D1 >>> >>> And then ran gpg --refresh-keys on it, as several keys were >>> outdated/expired. >> >> =E2=80=98gpgv=E2=80=99, which is recommended for this use case, has a = =E2=80=98--keyring=E2=80=99 >> argument. I suppose we could use that. > > I'm not sure how to get git to use gpgv instead of gpg, and extracting > the information out of git and then implementing some external > verification process, while possible, is likely error-prone. Oh right, IIRC Git cannot use gpgv (this was probably discussed in this issue, now that I think about it.) Good thing is that using Guile-Git as in the toy example at , we can use gpgv. > A feature request to git to allow passing gpg arguments or use gpgv > would be the best way forward in the long-term. That would work too. Thanks, Ludo=E2=80=99.