Sorry, I’m failing to understand how the protocol works. Is the spec available somewhere?
Could you describe the entire process in a step-by-step way? What does happen when the client requests a substitute? You mentioned that the client attempts to fetch the corresponding .narinfo file. What does happen after that? Why does the client need to cache the answer? Does it check the cache first? ‘guix authenticate’ accepts a ‘hash-file’ argument. Does it come from the .narinfo file? If so, should ‘substitute-binary.scm’ check the signature against the NarHash field?
pgplIZN8bmQMu.pgp
Description: PGP signature