Re: Using G-Expressions for public keys (substitutes and possibly more)

Tue, 31 Mar 2026 03:55:19 -0700 

Hi Ian,

On 31/3/26 03:54, Ian Eure wrote:

Hi Hugo,


Horror!  You have spoiled me, with 'scheme everywhere'.
I work around this by defining these in the (atomized system archive- keys) module in my channel[1].  Then I can refer to the variables when I need to use them[2], and let the ugly code live in a module I don’t need to look at very often.
Thanks for sharing your channel; I'm moving everything to separate files too (hence this endeavour) and it is good to have some examples.
Like the "delete-duplicates" in your substitutes.scm, which I think might be necessary. 


I think it’d be very nice if the keys could be represented as Lisp objects.
It is almost possible, with just some small changes. E.g., taking your archive-keys.scm: 

```
(define-module (atomized system archive-keys)
  #:use-module (gcrypt pk-crypto)
  #:use-module (gnu)
  #:use-module (guix base16))

(define (substitute-key name sexp)
  (plain-file (string-append name ".pub")
              (canonical-sexp->string
               (sexp->canonical-sexp sexp))))

(define (b16->bv s)
  (base16-string->bytevector (string-downcase s)))

(define-public %nonguix
  (substitute-key
   "nonguix-archive-key"
   `(public-key
     (ecc
      (curve Ed25519)
(q ,(b16->bv "C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98")))))) 
```
Then the key is always a sexp, never a string, but it is not possible to just copy-paste it, you'd need to add the b16->bv call for the q-value manually. But I prefer that over having code in a string.
Now it doesn't fit in 80 characters anymore, even with that short of a procedure name. It would fit like this, which I think is allowed (doesn't fit in an email though): 

```
(define-public %nonguix
  (substitute-key
   "nonguix-archive-key.pub"
   `(public-key
     (ecc
      (q ,(b16->bv
"C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98")) 
      (curve Ed25519)))))
```
Or maybe use #vu8(193 253 83 229 212 206 151 25 51 236 80 201 243 7 174 33 113 162 211 181 44 128 70 66 167 163 95 132 243 164 234 152) directly. That's even more manual work though.
Now I wonder what gcrypt actually uses internally; it should be possible to use that directly, even though that would require even more conversion. 

I don't know yet what I prefer.



  -- Ian
[1]: https://codeberg.org/ieure/atomized-guix/src/branch/main/atomized/ system/archive-keys.scm [2]: https://codeberg.org/ieure/atomized-guix/src/ commit/9add63cec28117dd45499b4ee81277cc664a16ea/atomized/system/ profiles.scm#L123

Reply via email to