[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22883: Authenticating a Git checkout
From: |
Ludovic Courtès |
Subject: |
bug#22883: Authenticating a Git checkout |
Date: |
Thu, 30 Apr 2020 17:32:19 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) |
Hi there!
Ludovic Courtès <address@hidden> skribis:
>> You mentioned that checking signatures on commits is also kinda slow
>> because it’s sequential and not cached. I don’t know what I really
>> want, but is there perhaps a way to aggregate signatures on past commits
>> so that the client’s work is reduced…?
>
> The caching implemented in 787766ed1e7f0806a98e696830542da528f957bb
> makes things acceptable: the first “make authenticate” run takes a bit
> more than two minutes to check all the commits starting from ‘v1.0.1’,
> but subsequent runs take a few seconds.
>
> I have plans to make things faster (independently of the cache) by doing
> OpenPGP signature verification entirely in Scheme instead of spawning
> ‘gpgv’ every time. Again, we’ll have to get a prototype before we can
> tell whether it actually is faster.
I’ve been able to resume work on that in the ‘wip-openpgp’ branch:
5a86b96f54 git-authenticate: Use (guix openpgp).
4e66563449 openpgp: Add 'string->openpgp-packet'.
dc0b5d5e01 openpgp: 'lookup-key-by-{id,fingerprint}' return the key first.
740d804621 openpgp: 'verify-openpgp-signature' looks up by fingerprint when
possible.
0157c5ef7f openpgp: Add 'lookup-key-by-fingerprint'.
31fc7cf080 openpgp: Store the issuer key id and fingerprint in
<openpgp-signature>.
c22bede3ce openpgp: Decode the issuer-fingerprint signature subpacket.
74d0d85e49 DRAFT Add (guix openpgp).
At this stage, ‘make authenticate’ uses the pure-Scheme implementation
(based on Göran Weinholt’s code, heavily modified). It can authenticate
14K+ commits in ~20s instead of 4m20s on my laptop, which is really nice.
Signature verification in (guix openpgp) does just that: signature
verification. It does not validate signature and key metadata, in
particular expiration date. I guess it should at least error out when a
signature creation time is newer than its key expiration time.
It should also reject SHA1 signatures, at least optionally (I haven’t
checked whether our Git history has any of these).
I would very much welcome feedback and advice from an OpenPGP-savvy
person (I’ve Cc’d one to maximize the chances of success :-)).
Next steps:
• Clean up the (guix openpgp) API a bit, for instance by using proper
SRFI-35 error conditions. Perhaps handle v5 packets too.
• Load the keyring from files in the repo, possibly in a dedicated
branch.
• Load the list of authorized keys from the parent of the commit being
authenticated.
• Generalize that to channels.
Ludo’.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#22883: Authenticating a Git checkout,
Ludovic Courtès <=